As society converges in the digital space, it is important to ensure the safety, security and privacy of users on the Internet. When communicating on digital platforms, end-to-end encryption technology ensures that our conversations cannot be viewed by unwanted third parties. This means that no government, hacker or even platform can access our chats on platforms like Signal or WhatsApp.
We can think of encryption technology like a letter written in a language that can only be seen by the sender and the intended receiver. Even the postman carrying it (here a platform like Signal) cannot read the contents of the letter. It is important to note that, like any dual-use technology encryption, can be misused by bad actors for nefarious purposes such as the dissemination of child sexual abuse material, the promotion of fake news, among other social evils. Given these challenges, the state has a legitimate purpose in catching criminals hiding behind a veneer of encryption-enabled anonymity.
For this, governments around the world have come up with many technical recommendations such as back door, key escrow, client-side scanning, and recently traceability Mandate where the platform will be expected to fingerprint a copy of every message sent on their platform. Institutions And experts All of these solutions around the world highlight the challenges that will make the entire citizenry vulnerable to cyber attacks.
Experts are of the view that more privacy-respecting solutions exist that should be operationalized with the help of collaboration among key stakeholders. If we understand encrypted messages as letters are written in a language understandable only by the sender and receiver then the postman (messaging app) cannot read the content of the messages. But Postman can still read the address of the sender and receiver, the time it was sent and received, and its weight (file size). All these are called meta-data.
Platforms may collect this meta data for each message sent and given that it is not the content of the letter, the privacy of the users is protected. But if the user is committing any criminal activity the postman can hand over the meta data to the police on production of a legal warrant. These may also include the user’s profile picture, status and registration details.
It is an effective way to catch criminals as stated europol In its report which says that access to the contents of the letter is not the main challenge, it is the tedious MLAT process for accessing metadata from tech companies, which needs to be streamlined for a stable process. The report further recommended that to ensure a smooth response to legal aid requests made by law enforcement agencies, there should be dedicated specific points of contact (SPOCs), i.e. representative of the forum, with a clear SOP to ensure a smooth response.
When asking the Platform to assist law enforcement agencies with metadata, we should take note that we do not ask the Platform to collect too much data in violation of the Principles of Data Reduction, thereby infringing on user privacy it happens. The Personal Data Protection Bill, 2019 provides that a data fiduciary should collect only such data as is necessary to ensure security and fulfillment of the services provided by them. Any proposal to fingerprint each message and store a copy of it violates this principle and leaves users vulnerable. If fingerprints of all these messages exchanged between Indians are stored on a postbox (platform), what a criminal can do with them after gaining access illegally is one’s nightmare.
This begs the question, do we even need to fingerprint the messages? The ingenuity of law enforcement can actually solve a lot of crimes and the tools law enforcement has today actually make monitoring a suspect a lot easier. Recently, the FBI in partnership with other countries put together a compromised end-to-end encrypted messaging platform called An0m in the black market and used it to arrest over 800 criminals.
We have former NSA General Counsel Stewart Baker who explained that “Metadata tells you absolutely everything about someone’s life. If you have enough metadata, you really don’t need the content.” We really need to appreciate the technology and then use traditional surveillance maneuvers to nab the knowledgeable criminals and not undermine the technology which is vital to ensure the privacy, security and security of the entire country.
This article is created by Studio18 team on behalf of The Dialogue.
read all Breaking News, breaking news And coronavirus news Here
.