When interacting in the digital realm, encryption technology is the first and only line of defense for netizens. Most of us do not have access to virtual private networks or any other tools to conduct transactions securely. We have been relying on the system. This is why cryptographers have come up with a solution where we have to rely only on mathematics, which by its very nature is verifiable. Today, end-to-end encryption is baked at the core of the respected messaging platform. signal protocol Used by the Signal Foundation and WhatsApp to encrypt our messages, it is publicly available on GitHub for experts to verify. This enables the platform to become a dumb conduit that only facilitates transactions but cannot read it. This ensures that we can share personal information securely with our families, doctors, lawyers and business partners, without the fear of being spied on by a bad actor. Due to the COVID-19 pandemic where the world is forced to switch online for basic things like education, children too can communicate securely by relying on these end-to-end encrypted platforms.
Dealing with CSAM by Risking User Security
Where ordinary citizens can rely on end-to-end encryption for secure communications, bad actors use encryption-enabled anonymity to hatch criminal conspiracy theories. The increase in adoption of digital technologies has led to a simultaneous increase in online crimes. With one-third of Internet users being children, the increase in the prevalence of child sexual abuse material (CSAM) is alarming. Driven to tackle CSAM on encrypted messaging platforms Many States of America Encryption-hostile laws are urged. In that vein, the Government of India legislated IT Rules 2021 Which mandates platforms to trace originators of illegal messages. Storing a fingerprint of all messages sent by Indian users undermines the data minimization principle enshrined in India’s proposed data protection framework and mandate in the Puttaswamy judgment that grants everyone a fundamental right to privacy. If this database is compromised, it will not only affect the security of the users but also the national security of the state. experts And international organization has explained why such measures would only create new problems rather than solve existing ones. The more worrying thing is that Knowledgeable criminals will simply shift to another unregulated encrypted platform Or build your own platform as the protocol for developing an encrypted platform is publicly available on GitHub. So everyone’s safety would be put at risk only to catch a low hanging fruit.
An alternative way to deal with CSAM
Weak encryption isn’t the only way to catch criminals on an encrypted platform. While encrypted messaging platforms cannot read the content of the communication, They have access to ‘meta data’ About the communication such as the size of the communication, time-stamp, frequency of communication and other details such as the status, registration details and profile picture of the users which they securely store. This data can be used to help police track down CSAM sharers. Using meta data is quite useful but its use should be guided by the data minimization principle outlined in the Puttaswamy decision, otherwise it would violate the fundamental right to privacy of the users. Accordingly, it is important to build the meta data analysis capabilities of law enforcement agencies so that they can do more with less rather than breaking encryption and opening Pandora’s Box.
It will be equally important for platforms to take the lead in addressing this challenge with forward-looking and innovative measures. These include training law enforcement agencies to enhance their meta data analysis capabilities, using leading-edge technology such as PhotoDNA to track CSAMs on any unencrypted surfaces such as profile photos, and in-app features such as in-app features to report CSAMs. Including offering relevant updates. We must not forget that if encryption is weakened then knowledgeable criminals will shift to another unregulated encrypted platform, which will also not share meta data with the police, making us more vulnerable than before.
Need for evidence based policy making
According to SIRIUS EU Digital Evidence Status Report (2021), 208 EU law enforcement officials were asked to provide information on the most important types of data their department required during the investigation; Only 20% of those surveyed selected access to chat’s content data among their top three priorities. Metadata like name, IP address, billing details, etc. were found to be sufficient in most of the cases. This raises the question whether it is worth risking the security of all citizens to weaken encryption and catch some criminals, when the evidence suggests something else? The obvious way forward is to establish a streamlined process for law enforcement agencies to have faster access to digital evidence. Especially in cases where data is requested from companies headquartered outside India. It calls for the negotiation of an accelerated Mutual Legal Assistance Treaty (MLAT) process. In addition, there is a need to set progressive standards at the international level to ensure timely response from foreign agencies in cases of evidence sharing and seamless transfer between countries.
To Revelation Under the RTI Act, only 31 FIRs were registered against 15,000 complaints filed on the Government of India website to report CSAM. We need evidence-based research to better understand where the problem lies. In the United States, the government made laws Invest in the Child Protection Act Which creates a mandatory $5 billion funding, adds 100 new FBI agents and 65 positions at the National Center for Missing and Exploited Children (NCMEC) to respond to online sexual abuse. It will be important for India to enhance the capabilities of the criminal justice system with better training and funding. Equally important will be the enforcement of a strong data protection law to protect the privacy of children on digital platforms. A forward-looking data protection framework with an independent data protection authority will be critical in meeting the adequacy standards envisaged under the US CLOUD Act and the EU GDPR that will enable quick response to cross-border data sharing requests.
This is a participatory post.
read all breaking news, today’s fresh news And coronavirus news Here.
,