With the increase in the perpetration of cybercrimes like fake news proliferation, child sexual abuse material, and online drug trade, behind the veneer of encryption-enabled anonymity, the demand to find those using encrypted services for nefarious purposes has also risen. This technical brief aims to explain the core features of end-to-end encryption (E2EE) technology and then assesses the feasibility to deploy two methods proposed in India to catch bad actors using E2EE platforms.
Firstly, the brief initiates with an explanation of how E2EE functions.
Secondly, after a discussion on the core features of E2EE technology, the brief explains the proposal submitted by Professor V Kamakoti before the Madras High Court to trace bad actors on E2EE platforms. It also identifies the key challenges associated with the proposals of Professor V Kamakoti, including privacy, deniability, feasibility, and false implications.
Thirdly, the working of the more recent ‘originator traceability’ proposal envisaged in the IT Rules 2021 is analysed. It also identifies the key challenges associated with the originator traceability proposal including privacy, feasibility, mass surveillance, global repercussions, and false implications.
Fourthly, it concludes that neither of the proposals can be deployed and identifies privacy respecting alternatives. Lastly, it recommends legislating a surveillance law with procedures for seamless sharing of data between platform and the law enforcement, building metadata analysis capabilities of law enforcement agencies, and not enforcing originator traceability.
The key recommendations of the brief are:
1. Do not enforce traceability.
2. Legislate a surveillance law with procedures for seamless sharing of data between platform and the law enforcement.
3. Capacity building of law enforcement agencies to enhance their meta data analysis capabilities.
About the technical brief: This technical brief is prepared basis the workshop ‘Decrypting Encryption’ hosted by The Dialogue on 16th December 2021, with the objective of analysing the technical and policy aspects of encryption technology. The workshop was led by Dr. Sandeep Shukla, Professor, Computer Science and Engineering, IIT- Kanpur and Mr. Anand Venkatanarayanan, Strategic Advisor, DeepStrat. The technical brief has been edited by Mr. Pranav Bhaskar Tiwari, Programme Manager, The Dialogue.
Read the full report here.
(This was first published in Indian Journal of Law and Technology.)