India's demand to identify people on chat apps will 'break end-to-end encryption', say digital rights warriors

India's demand to identify people on chat apps will 'break end-to-end encryption', say digital rights warriors

After a three-year review process, India has announced strict regulations for instant chat services, social network operators, and video-streaming companies.


Titled "Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021," the red-tape [PDF] creates four big obligations for antisocial media outfits.

One requires messaging services to “enable identification of the first originator of the information” to allow “prevention, detection, investigation, prosecution or punishment of an offence related to sovereignty and integrity of India, the security of the State, friendly relations with foreign States, or public order.” Meanwhile, those who send or share messages involving sexual violence or child sexual abuse can be identified for the authorities, too.


India’s Internet Freedom Foundation has slammed this traceability requirement, claiming it will be impossible to implement strong end-to-end encryption as a result, and thus could harm privacy. No technical details were given though the thinking appears to be that, as per the rules, the encryption would need to be broken to determine the identity of a message's creator.

The foundation said the requirement “would be a tremendous expansion in the power of the government over ordinary citizens eerily reminiscent of China’s blocking and breaking of user encryption to surveil its citizens.”


The code also requires social media companies appoint a chief compliance officer, a “nodal contact person,” and a “resident grievance officer” to liaise with local authorities and handle citizen complaints. Those officers also get the job of taking down any risqué images within 24 hours, and deleting content as ordered by the government or courts no more than 36 hours after receiving a takedown noti ..