The Ministry And The Trace: Subverting End-To-End Encryption
A legal and technical analysis of the 'traceability' rule and its impact on messaging privacy.
The paper was published in the NUJS Law Review Volume 14 Issue 2 (2021).
Abstract
End-to-end encrypted messaging allows individuals to hold confidential conversations free from the interference of states and private corporations. To aid surveillance and prosecution of crimes, the Indian Government has mandated online messaging providers to enable identification of originators of messages that traverse their platforms. This paper establishes how the different ways in which this ‘traceability’ mandate can be implemented (dropping end-to-end encryption, hashing messages, and attaching originator information to messages) come with serious costs to usability, security and privacy. Through a legal and constitutional analysis, we contend that traceability exceeds the scope of delegated legislation under the Information Technology Act, and is at odds with the fundamental right to privacy.
Click here to read the full paper.