This technical brief is prepared basis the workshop ‘Decrypting Encryption’ hosted by The Dialogue on 16th December 2021, with the objective of analysing the technical and policy aspects of encryption technology. The workshop was led by Dr. Sandeep Shukla, Professor, Computer Science and Engineering, IIT- Kanpur and Mr. Anand Venkatnarayanan, Strategic Advisor, DeepStrat. The technical brief has been edited by Mr. Pranav Bhaskar Tiwari, Programme Manager, The Dialogue.
With the increase in the perpetration of cybercrimes like fake news proliferation, child sexual abuse material, and online drug trade, behind the veneer of encryption-enabled anonymity, the demand to find those using encrypted services for nefarious purposes has also risen. This technical brief aims to explain the core features of end-to-end encryption (E2EE) technology and then assesses the feasibility to deploy two methods proposed in India to catch bad actors using E2EE platforms.
Firstly, the brief initiates with an explanation of how E2EE functions. Secondly, after a discussion on the core features of E2EE technology, the brief explains the proposal submitted by Professor V Kamakoti before the Madras High Court to trace bad actors on E2EE platforms. It also identifies the key challenges associated with the proposals of Professor V Kamakoti, including privacy, deniability, feasibility, and false implications. Thirdly, the working of the more recent ‘originator traceability’ proposal envisaged in the IT Rules 2021 is analysed. It also identifies the key challenges associated with the originator traceability proposal including privacy, feasibility, mass surveillance, global repercussions, and false implications. Fourthly, it concludes that neither of the proposals can be deployed and identifies privacy respecting alternatives. Lastly, it recommends legislating a surveillance law with procedures for seamless sharing of data between platform and the law enforcement, building meta data analysis capabilities of law enforcement agencies, and not enforcing originator traceability.
I. How End-to-End Encryption Works
End-to-end encryption (E2EE) is one the most popular approaches to protect users’ digital communications. It prevents service providers as well as third parties from accessing and reading message content. In recent years we have seen a range of communication platforms move towards this technology, with the promise of increased user privacy.
1. Functional Aspects
E2EE, as the name suggests, focuses on encryption at endpoints of communication. Instead of a message being transported to a server and then being encrypted, E2EE encrypts the message within the sender’s device, converting plain text into cipher text. Only users who possess a decryption key can decipher, or decrypt, the message into plaintext.
E2EE, as seen on communication platforms, predominantly makes use of both, asymmetric key cryptography, where different keys (a public key, and a private key) are used to encrypt and decrypt messages, and symmetric key cryptography, which makes use of the same key. In the former, each message sent generates a pair of keys (a public key and a private key), which in tandem with the application, takes care of encryption and decryption within the communicating device itself. With its two keys, this mode keeps intermediaries from accessing the key and decrypting the message. In symmetric key cryptography, the same key is used to encrypt and decrypt contents. However, in this scenario, the key itself must be transported securely and may be vulnerable to interception. The Signal protocol used by Signal Foundation and WhatsApp is much more advanced, uses a combination of symmetric and asymmetric key cryptography, and the double ratchet mechanism, which continuously discards encryption keys after a set period.
2. Core Features
Having briefly explored the working of an E2EE enabled communication, it is necessary to explore the factors due to which it has currently become the gold standard for privacy.
Dynamic Keys: The constant creation and discarding of keys, makes sure that communication remains private in every session. It also ensures that if a key is compromised, it does not impact past or future communication which is governed by a separate key.
Integrity: Messages cannot be modified in transit.
Confidentiality: Only the sender and recipient are fully aware of the contents of the message.
Cryptographic Deniability: In communications, offline deniability refers to the ability to “a-posteriori deny having participated in a particular communication session.” In the context of E2EE, as the key is known to only the sender and the recipient, a third-party entity can never fully point out which one of the two had sent it. Moreover, in the Signal protocol used by Signal Foundation and WhatsApp, the one-time dynamic keys are unsigned. Therefore, anyone can easily forge an entire conversation that never really occurred. Accordingly, it is cryptographically impossible to attribute who sent a message to whom.
II. Analysing Professor Kamakoti’s Proposals
In 2019, a Public Interest Litigation was filed before the Madras High Court that sought the linking of social media accounts with government authorised identity proofs. The court rejected this possibility on account of its inconsistency with the earlier rulings of the Apex court. However, during the course of the discussion, the State of Tamil Nadu contended the need for ‘identifying’ the problem makers on encrypted platforms which led to the court seeking expert inputs on the technological feasibility of introducing traceability on encrypted platforms like WhatsApp. In response, Professor V. Kamakoti submitted two proposals.
1. Professor Kamakoti’s Proposals
The First Proposal: This proposal stipulates that WhatsApp may embed sender information in an open format, where originator information is an innate part of each encrypted message. This would mean that each recipient of a WhatsApp message or forward would get to know the identity of the person who originally sent the message. As part of this proposal, the encryption of originator information happens on the sender’s device, and the corresponding decryption happens at the receiver’s device.
The Second Proposal: This proposal stipulates that WhatsApp may encrypt the sender information, where the originator information continues to travel with each message, but the recipient is not able to view it. However, this encrypted information could be revealed by WhatsApp, whenever demanded per the procedure established by law. As part of this proposal, each such encryption involves asymmetric cryptography. The originator information is encrypted using a public key, while the corresponding private key for decrypting the information is escrowed by WhatsApp.
2. Challenges associated with Professor Kamakoti’s Proposals
While Professor Kamakoti’s proposals seek to address a growing conflict between privacy and security, there are several challenges associated with them, having serious repercussions. The proposals are also inconsistent with the technological reality of E2EE, apart from concerns of privacy, deniability, feasibility, and false implications. A concise exploration of these challenges now follows.
i. Erodes user privacy
The incorporation of any kind of digital signatures on messages related to sender/originator information would defeat the privacy guarantee currently offered by E2EE enabled communication platforms. The idea of E2EE is based on the premise that only the sender and the recipient are fully aware of the authenticity of messages, and the platforms have zero access to message contents. However, once the originator information includes decryptable information (either with platforms or recipients), it creates a considerable risk of exposure. Such an incremental change risks the privacy of all users on the platform. Another privacy concern arises from forwarding unencrypted originator details on forwards, exposing unsuspecting senders to a lot more recipients.
All Indian users are entitled to the reasonable expectation of informational privacy. Even those sending a message to a single user without the intention of making the message viral would bear the risk of their name being associated with the message at the will of the receiver. Under the proposed system, to catch a very small percentage of potential law breakers, the privacy of all is trampled upon. This could also have a chilling effect on the free speech of journalists and dissenters.
ii. Overlooks technological design of E2EE
The previous section explained how one of the advantages of modern E2EE was the dynamic interplay of symmetric, and public key cryptography, alongside constant creation and discarding of keys. However, Professor Kamakoti’s proposals rely heavily on the assumption that platforms use only public key cryptography, which is not the case for platforms using the Signal Protocol.
Cryptographic deniability allows the sender and the receiver to enjoy deniability from having participated in a communication session. But the above proposals, by way of including originator information in messages, weaken this privilege. Thus, while the contents of the message may be private, the possibility of exposure and implication stays. Similarly, the Telecom Regulatory Authority of India in its recommendations to the Department of Telecommunications notes that the security architecture of E2EE platforms should not be tinkered with, as it may render the entire user base susceptible to vulnerabilities.