Photo: iStock

No country can ignore that parts of the internet are going dark

Simon Singh in The Code Book: The Secret History of Codes and Code-Breaking writes, “If necessity is the mother of invention, then perhaps adversity is the mother of cryptanalysis.” The degree of digitization in our lives today is immense. While we applaud the easing of day-to-day tasks, the use of internet platforms also poses security challenges. This has led to a debate on the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021. One of its key aspects has been the government’s requirement of chat apps such as WhatsApp and Signal to be “the first maker” of trace information on request. Some activists called it “social media policing”, although the Center said tracing the origin of messages would be necessary if required by a court or designated competent authority under India’s Information Technology Act. At first glance, we may be concerned that this rule violates our privacy and violates our fundamental rights as users of these platforms, but there is another aspect.

Most online communication services are now either end-to-end encrypted or follow some level of encryption by default. These privacy measures renewed government fears that technology will thwart law enforcement’s access to vital data, a phenomenon that officials refer to as “going dark.”

The science of encrypting and decrypting information is called cryptography. The process uses a cryptographic algorithm known as a “cipher,” a mathematical function that works by using “keys” that encrypt a sender’s message and then use it to decrypt it on the receiver’s end. Data that can be clearly read is called “plain text” while data that needs to be processed for understanding is called “encrypted text”. The same type of plaintext encrypted using different keys will result in different ciphertexts. Therefore, the security of one’s encrypted data depends on the strength of the cryptographic algorithm.

Note that ‘numbers’ are very different from ‘codes’, even if they are used synonymously by laymen. The problem of ‘going dark’ can be attributed to the use of ‘ciphers’ for encryption. In the context of ‘codes’, a set of words can be transformed into another set of words. For example, ‘I love India’ could be the code for ‘I’m staying in Patna’; the receiver only needs a codebook to decode it as such. But in the case of numbers, individual letters can be changed to a different group of letters. ‘I love India’ can be made into ‘Bcxfg ogypt fbnnop’. To decipher this, one must know how each letter has been transformed. This presents a challenge for today’s enforcement agencies.

The chats we have with our friends have a unique security code that authenticates and ensures that our chats are encrypted end-to-end. The whole process of encryption and decryption of messages takes place on our devices. When we send a message, it is automatically secured by a cryptographic lock, the key of which is only on the recipient’s device. So without physical possession of either device, law enforcement officers can’t intercept the communication, whether it’s good-natured talk or a risk to public safety. The most popular chat platform WhatsApp has clearly stated that the encryption has “no off switch”. And there is evidence that the so-called darknet and end-to-end encrypted messages have been a haven for terrorists.

In today’s technology-driven era, encryption technologies are robust and are even used by governments to protect critical infrastructure and their classified communications. If private platforms that use encryption find a way to grant “backdoor access” to law enforcement or government officials, there’s a good chance it could be exploited by ill-motivated hackers. Therefore, as critics have argued, tracing messages would involve loosening or breaking the encryption.

The idea of ​​backdoor access was put forward by security analyst Geoffrey Corn, who pointed out that law enforcement officers don’t want access through an unsecured back door, but instead need the digital equivalent of a secure reinforced ‘front door’ with appropriate locks and bars.

It was also found that in order to target ads to its users, Google had the capacity to decrypt Gmail and G-chat communications, and Apple uses software that allows iCloud backups to be created in a way that they can be decoded.

So what might work are legal access solutions incorporated into the design and development of encryption mechanisms. This would be more secure than any attempt to exploit vulnerabilities after the fact. This calls for collaboration between the government and private platforms, which could increase overall security while reducing the risk of backdoor breaches by malicious parties.

Better encryption standards will no doubt complicate things further, which could force law enforcement officers to fight encryption with encryption. An important development in this area was Operation Trojan Shield, in which enforcement agencies from different countries developed and operated an encrypted device to track down drug smugglers, money launderers, illegal firearms dealers, etc.

Therefore, the way forward may not lie in choosing between which is more important, privacy or public safety, but rather in regulations that subtly balance the two. Technology can be an ally. Building a secure ‘front door’ should be our goal. It can help resolve cases or disrupt criminal activity.

The ‘going dark’ problem should not be ignored. In addition to protecting the privacy of their people, countries must also enable competent authorities to protect citizens from threats from potential lawbreakers.

Nikhil Naren is a Chevening scientist who holds an LL.M. from Queen Mary, University of London

Subscribe to Mint Newsletters

Please enter a valid email address

Thank you for subscribing to our newsletter.

Leave a Comment

Your email address will not be published.