You may have heard about it recently, but the Indian Government wants WhatsApp to implement traceability into its services. What that means is that the Government is asking WhatsApp to add a method by which they can pinpoint the originator of a message i.e., the service can tell where the message came from.
Naturally, this goes against the end-to-end encryption stance that WhatsApp takes including pledging to never read or to store a message on their servers. This has caused a stalemate where WhatsApp so far has been able to resist the Indian Government’s insistence of traceability.
Okay but why is it so important for the Indian Government to fight for traceability?
As we discussed above, traceability is the ability for a service to pinpoint a source of origin for something uploaded over the internet. Taking WhatsApp into context, let us say you send a message to someone over chat. If the Government finds the message inappropriate or harmful to the country in any way, they can trace who sent that message with the help of communication service, in this case, WhatsApp.
Believe it or not, our mobile networks already have traceability built in and with a warrant, the police can request a copy of your call logs and your last known locations. In a way, traceability on WhatsApp makes sense, it makes the police’s job a lot easier in circumstances of a threat to national security, but the question is at what cost?
You must ask yourself whether it's okay to put your sense of privacy on the internet at risk for the trade off that it might really be useful in times of emergencies. It is a tough balancing act, but I do not see the scales weighing heavily in the Government’s side on this one. Inherent privacy issues aside, this also gives the Government officials a tool that they can abuse to silence criticism. I mean would you really speak out against someone when you know that they can track your exact location?
I am not saying that this is all bad, that sense of accountability for a message may help reduce WhatsApp spam that we all face daily but on the flip side you can also just block them and enjoy things the way that they are – end-to-end encrypted.
Alpha numeric hashes: The proposed middle ground
WhatsApp has insisted that it cannot provide traceability without breaking its marquee feature which is end-to-end encryption. What happens when you send a message on WhatsApp is that the message is securely encrypted, think of it as a lock on a door. No one else can open that lock except the sender and receiver of the message who are given keys to open them with. Since no one else has these keys, this is one of the safest ways to message someone privately.
This obviously can be a double-edged sword. Since no one can read these messages except the two people who are exchanging it, this can lead to potentially deadly threats to the security of the nation. However, it is also the most secure way to chat online, and that sense of privacy is nice to have.
So far WhatsApp has resisted the urge to give in and has insisted that giving the Government what it wants breaks their own privacy policies. One of the solutions that have been proposed in this stalemate is the use of alpha numeric hashes. In this context, these hashes will act as sort of an address that is stuck on a courier package.
These hashes will be encrypted along with the message and will act as a ‘tag’ that travels with it anywhere it goes. In case of an emergency, these hashes can then be used to trace the originators of the message. The Government also does not want WhatsApp to store messages or read them, it just requires them to store the hash.
Hashes are an output of mathematical algorithms that are fixed in their answer. For example: two plus two will always be four. Similarly, hashes are the fixed definite answers in the form of a fixed-length string. They are unique because they are the only solutions to a problem.
On their own, they cannot be used to store data or to reconstruct messages they were attached with. What they can do is determine whether a file is identical to another one or verify the date of receipt or send date. They can also be used to cross-check location data to pinpoint the origin of a message.
Since this theoretically does not invalidate WhatsApp’s end-to-end encryption stance and only requires the company to store the hashes, this seems like the best middle ground so far.
So far, WhatsApp hasn’t officially commented on what its stance is, and we can only assume that there are still talks going on between the Indian Government and the company.