This brief addresses the growing concern of cybercrimes facilitated by end-to-end encryption (E2EE) technology, such as the spread of fake news, child sexual abuse material, and online drug trade. It explores two proposed methods in India to identify wrongdoers using E2EE platforms.
First, it explains the functioning of E2EE technology. Then, it delves into the proposal by Professor V Kamakoti submitted to the Madras High Court, which aims to trace bad actors on E2EE platforms. The brief highlights the challenges associated with Professor Kamakoti’s proposal, including concerns about privacy, deniability, feasibility, and false implications.
Next, it evaluates the more recent ‘originator traceability’ proposal outlined in the IT Rules 2021, examining its feasibility and potential issues such as privacy concerns, mass surveillance, global implications, and false accusations.
Ultimately, the document concludes that neither proposal can be effectively deployed and suggests privacy-respecting alternatives. It recommends the enactment of a surveillance law that defines procedures for seamless data sharing between platforms and law enforcement, the development of metadata analysis capabilities for law enforcement agencies, and advises against enforcing originator traceability.
