WhatsApp in India
Meta has threatened to pull WhatsApp out of India if the courts try to force it to break its end-to-end encryption.
Comments
Winter • April 30, 2024 8:14 AM
@numberri
Smart criminals will just move to other services, and unaware citizens will have their privacy breached.
Maybe that is because the current Indian government is going after unaware citizens and not after smart criminals. In other words, this is also self protection.
Vivek • April 30, 2024 8:20 AM
Why do white people get so worried when software made by white people have to follow the rules in non-white countries?
Is there any chance that WhatsApp/Meta would threaten to take their toys and go home if the US government makes an equivalent demand?
Most people on this page know in their hearts that the US government has already done so and Meta has complied with their tails between their legs.
Winter • April 30, 2024 8:43 AM
@Vivek
Why do white people get so worried when software made by white people have to follow the rules in non-white countries?
First, human rights are for everyone and India has ratified the universal declaration of Human Rights. Article 12 of the UDHR states:
No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.
Hence, the Indian state has signed a declaration to protect the privacy of its citizens and their communications.
Second, the current administration of India has shown to be willing to trample on the Human rights and the rule of law to stay in power and drive out all non-Hindu’s. Which gives us very good grounds to believe that they will maximally abuse any access to WhatsApp messages.
Third, we all protest too when Western countries try to break E2E encryption.
A question. Why do you oppose the privacy of Indian people?
Clive Robinson • April 30, 2024 10:05 AM
@ ALL,
The practical solutions to the “End To End Encryption”(E2EE) have been known for a very long time. Claude Shannon gave if a fundamental mathematical proof back getting on for a century ago in the early 1940’s if not earlier.
But we need to remember E2EE is just a tiny part of the privacy problem.
To understand why you have to understand the fundamental problem of privacy is that if you want it you have to “pay in some way” by thought and effort, which most are unwilling to do.
Thus those that do become a very clear visible signal well above the well trimmed grass unless they go to considerably extra effort. So the price of privacy rises yet further. The same goes for other issues to do with the ends of the communications channel which gives rise to “traffic analysis” and other higher level attacks against privacy and the attendant costs of keeping it[1].
Now consider who this cost rise benefits and who it harms… Worse how it’s enabled both technologically and sociologically.
All for the sake of apparant convenience… Thus an “easy life” has become in effect an “Orwellian life”.
As for,
“Smart criminals will just move to other services”
Will they?
I actually doubt it, and history in recent times shows the opposite as far as,
“The convenience of electronic communications”
The technology makes the cost of mass surveillance ever cheaper for those that profit by it. And society insists that you must be part of the mass surveilled at your own expense or be an outcast.
The thing is that few even who read this blog, realise that we are,
“Sleep walking into a trap of our own making.”
Like lambs to the slaughter…
Thus the question is what are “we” –the harmed– going to do against those harming us?
[1] I’ve mentioned many times over the years what you need to consider as part of a workable privacy strategy. It’s not just a lot of hard work, it’s also very fragile, and unlike many years ago nothing on “approved channels” is ephemeral any more. This “record it all” policy I’ve likened to those who surveil attempting to build a “Time Machine” so that they can take information and methods from now and apply it to what happened in the long past to punish those that have become inconvenient tomorrow.
One Random Geek • April 30, 2024 11:57 AM
It is not just in India, there are many governments who would like to have access to encrypted content. Here are a few articles which shed more light on this subject:
Australia’s spies and cops want ‘accountable encryption’ – aka access to backdoors:
ht ps://www.theregister.com/2024/04/25/asio_afp_accountable_encryption/
The U.K. Government Is Very Close To Eroding Encryption Worldwide:
ht ps://www.eff.org/deeplinks/2023/07/uk-government-very-close-eroding-encryption-worldwide
Human rights and encryption:
ht ps://en.wikipedia.org/wiki/Human_rights_and_encryption
underdog • April 30, 2024 12:47 PM
Just a side note that the Declaration of Human Rights does not imply any legal obligations on countries which have adopted/recognized it.
Bob • April 30, 2024 12:57 PM
@Vivek
It’s about oppressive regimes undermining the safety and security of the population. While I understand appealing to racism makes for a convenient distraction, it is actually nothing more than distraction in this case.
Soak your head, and take your bad-faith gaslighting with you.
iAPX • April 30, 2024 1:06 PM
@underdog, @Winter, All
No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. …
There’s nothing arbitrary if everyone and anyone is surveilled, the new normal.
… Everyone has the right to the protection of the law against such interference or attacks.
As long as the law state that everyone is surveilled, Human Rights are respected, and that’s the new normal in many countries.
Bob • April 30, 2024 1:25 PM
@iAPX
There’s nothing arbitrary if everyone and anyone is surveilled
Utter nonsense. The arbitrariness of a given decision is not dependent on the scope of impact.
Bob • April 30, 2024 1:30 PM
I also want to make the point that the apologists here know their arguments are bad. They are not engaging in good faith. Hypocrisy and gaslighting are the official pastimes of authoritarians.
lurker • April 30, 2024 2:09 PM
“Meta is committed to end-to-end encryption as an enabler of human rights”
I’m struggling to marry this statement to Meta’s past behaviour towards the privacy of its users …
Winter • April 30, 2024 2:30 PM
@iAPX
There’s nothing arbitrary if everyone and anyone is surveilled
There is according to the legal definition of arbitrary:
‘https://legal-dictionary.thefreedictionary.com/arbitrary
Arbitrary
Irrational; capricious.
The term arbitrary describes a course of action or a decision that is not based on reason or judgment but on personal will or discretion without regard to rules or standards.
An arbitrary decision is one made without regard for the facts and circumstances presented, and it connotes a disregard of the evidence.
A decision for blanket surveillance ticks all the boxes. It is is based on
- personal will
- without regard to rules or standards
- without regard for the facts and circumstances
- connotes a disregard of the evidence
Clive Robinson • April 30, 2024 3:04 PM
@ Bob, iAPX, Winter, ALL,
Re : The meaning of arbitrary is it’s self arbitrary.
“The arbitrariness of a given decision is not dependent on the scope of impact.”
Arbitrary is one of those words that is best avoided.
Because it can be used to opposite effect depending on your view point as an observer to any given event. To see why look at a common definition,
“The word arbitrary refers to something that is based on random choice or personal whim, rather than any reason or system.”
Do you see the problem?
“What if my given ‘reason or system’ is selected to meet a ‘personal whim’ or ‘random choice’ to meet a quota etc?”
So something that is apparently uniform in application to whom it is applied to, appears at one level not to be arbitrary.
However viewed at another level it is very arbitrary if not capricious.
You get this all the time with legislation designed to give advantage to one group of people whilst argued publicly that it applies to all.
It kind of has the same failure that the alleged “forensic science” has. That is you argue back from effect to cause whilst trying to appear you are arguing from cause to effect.
It goes horribly wrong –or right– when more than one cause can give an effect.
John White • April 30, 2024 4:33 PM
Vivek: Shouldn’t Modi consider focus on building toilets rather than oppressing farmers and Muslims?
Anonymous • April 30, 2024 4:35 PM
@One Random Geek: Yes- this is a common focus of what Mr. President Trump called ‘s**thole countries’ like India, Australia, the UK, the US.
Bob • April 30, 2024 4:40 PM
@Clive
“Arbitrary” is what professional types say instead of “bullshit.”
Bob • April 30, 2024 4:44 PM
@Clive
The meanings of all words are “arbitrary” depending on your definition of various words in this sentence. I’m not going to learn Lojban, and I’m not going to debate what the meaning of “is” is.
Julia Clement • April 30, 2024 7:46 PM
Closed source solutions are vulnerable to underhand tricks (e.g. weakening the key selection algorithm as was done to DES exported from the USA in the 20th Century) which would be near impossible for end users to detect. Putting my tin foil hat on, it could be that India, Britain, etc are just wanting access to the same backdoors as the US government has already forced on Meta / etc.
I’ve never been able to understand why GNU’s Jami hasn’t been more widely employed as provider of end-to-end encrypted conversations. Its open source nature could allow bad actors and other users to validate that it truly has strong encryption.
lurker • April 30, 2024 9:21 PM
@Julia Clement
Jami has the same popularity as PGP for the same reason: there’s no one-click instant gratification. WhatsApp has that simplicity, but then you’re suckered by The Man.
ResearcherZero • May 1, 2024 12:22 AM
A significant reason why police decide a report is baseless is because they fail to follow up or properly investigate the matter. They make a decision that such a report is baseless without any adequate evidence to base their decision upon. Simply their opinion.
If police mistakenly let an offender go, resulting in further harm, they often drop further cases that are reported – which identify that very same offender committing similar crimes.
Cases are also dropped if considered very serious, yet sensitive matters that may have wider ramifications. Abandoning such cases leads to further violence and wider social harm.
Police will drop these cases if they feel there is not enough community support or public awareness. Again, proceeding is strongly informed by their own opinion and willingness.
ResearcherZero • May 1, 2024 12:38 AM
Victims die or are further harmed simply because they are refused assistance from police.
This has continued for decades even when the police and prosecutors have enough evidence.
Rather than worry about encryption — instead clear the backlog of outstanding cases that already have more than ample evidence to bring about a resolution for victims and families!
Winter • May 1, 2024 2:02 AM
@Clive
Re : The meaning of arbitrary is it’s self arbitrary.
The Universal Declaration of Human Rights is a legal text, so you should use the legal definition of the word.
Legal types have gone to great lengths to make sure that there is little to no arbitrariness in the use of words and definitions in their texts.
lastoftheV8s • May 1, 2024 5:45 AM
@Vivek You write:……..Why do white people get so worried when software made by white people have to follow the rules in non-white countries?
Im flagging youre comment to bruce as “deliberately trolling” and quite frankly is not helping or bringing anything to this discussion.
lurker • May 1, 2024 2:33 PM
@lastoftheV8s, @Bob
The valid question from @Vivek on the cultural and legal compatibility of software and its use in international trade, seems unfortunately to have been couched in terma that has touched some sensitivity. @Winter gave a calm response to the human rights aspect.
lurker • May 1, 2024 7:03 PM
@echo
Software vendors (mostly US, but including a few notable others) seem to believe they have a global hegemony. But so long as the nation state continues to exist they will have to yield to the laws and mores of the places they do business. Defining the place where business is done on the internet is left as an exercise for the gentle reader.
Subscribe to comments on this entry
Leave a comment
Sidebar photo of Bruce Schneier by Joe MacInnis.
numberri • April 30, 2024 7:42 AM
I know another case earlier this year is when India threatened to ban Proton Mail in India due to it using end-to-end encryption. (link) Regardless, it’s disappointing to see this. Smart criminals will just move to other services, and unaware citizens will have their privacy breached.