Here, ThePrint explains what is ‘end-to-end encryption’, why the government and WhatsApp are not on the same page and how other countries have dealt with the issue.
Also Read: Amended IT rules ‘won’t muzzle political views’: HC ruling on fact check unit relies on Centre’s stance
What is end-to-end encryption?
WhatsApp introduced default end-to-end encryption for all messages exchanged and calls made through the platform in 2016. This form of encryption was devised to ensure that only the sender and receiver of the message would be privy to its contents.
Though other platforms such as Signal, iMessage and Telegram also offer this feature, WhatsApp remains the most widely used instant messaging platform in India, with an estimated 400 million users.
Encryption is a process wherein messages, once sent by the sender, are converted into secret and complex codes, rendering them unreadable by anyone else. These encrypted messages are decoded and rendered readable only once they reach the recipient.
“The importance of end-to-end encryption in digital communication cannot be overstated,” Kazim Rizvi, founding director at tech research and policy think tank The Dialogue, told ThePrint. He added, “As a pillar of privacy, it shields users from unauthorised surveillance and data breaches, making it a critical feature for apps like WhatsApp and Signal”.
Rizvi highlighted that WhatsApp’s “stern” stance of threatening to exit markets that mandate weaker encryption highlights the global tension between privacy rights and law enforcement needs.
Can Whatsapp read your messages?
At the time of launch of end-to-end encryption, the founders of WhatsApp had made it clear that only the sender and receiver could read the messages. That is, not even WhatsApp itself could read them. “The idea is simple: when you send a message, the only person who can read it is the person or group chat that you send that message to,” WhatsApp founders Jan Koum and Brian Acton had said while announcing the feature.
“No one can see inside that message. Not cybercriminals. Not hackers. Not oppressive regimes. Not even us. End-to-end encryption helps make communication via WhatsApp private – sort of like a face-to-face conversation,” they added.
The company elaborated on this in an FAQ document it released on the feature stating: “This is because with end-to-end encryption, your messages are secured with a lock, and only the recipient and you have the special key needed to unlock and read them. All of this happens automatically: no need to turn on any special settings to secure your messages.”
WhatsApp added that it does not have the ability to see the content of messages or listen to calls that are end-to-end encrypted. This, it explained, is because encryption and decryption of messages sent and received on WhatsApp occurs entirely on the user’s device.
“Before a message ever leaves your device, it’s secured with a cryptographic lock, and only the recipient has the keys. In addition, the keys change with every single message that’s sent,” it explained.
What is govt’s stance on the issue?
In 2021, WhatsApp moved the Delhi High Court against the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, that require instant messaging platforms with more than 50 lakh registered users in India, to help identify the ‘originator’ of messages. The petition challenged the constitutional validity of the rules, which came into force on 26 May that year.
A spokesperson for WhatsApp had then said that “requiring messaging apps to ‘trace’ chats is the equivalent of asking us to keep a fingerprint of every single message sent on WhatsApp, which would break end-to-end encryption and fundamentally undermines people’s right to privacy”.
While the government maintains that adherence to the IT rules will enable it to trace the origin of fake messages, WhatsApp has refused to give in saying the move will undermine the privacy of users of the platform.
Given WhatsApp’s public stand on the issue, a lot of focus is on the tussle between WhatsApp and the government over the IT rules, while it is not clear whether other service providers are in compliance with the rules or not.
Why is end-to-end encryption important?
Even at the time of introducing end-to-end encryption, WhatsApp’s founders had stated that encryption is one of the most important tools governments, companies, and individuals have to promote safety and security in the new digital age.
“Recently there has been a lot of discussion about encrypted services and the work of law enforcement. While we recognize the important work of law enforcement in keeping people safe, efforts to weaken encryption risk exposing people’s information to abuse from cybercriminals, hackers, and rogue states,” they had said.
Experts on internet law said weakening end-to-end encryption raises the risk of violations of human rights and may even enable the creation of a surveillance state.
“Weakening of end-to-end encryption in this information age means denial of the human right to privacy and death of private thought,” Mishi Choudhary, founder at Software Freedom Law Centre, said. “It will lead to general and discriminate surveillance of all users. Any ideas to weaken encryption must be resisted strongly,” she added.
Choudhary also said that WhatsApp was “correct” to say it would leave a market that did not respect its users. “Encryption is our only defence against abuses of information technologies, such as hacking, identity and personal data theft, fraud and the improper disclosure of confidential information,” she added.
Highlighting the importance of end-to-end encryption, Rizvi said that it ensures the confidentiality and security of personal and commercial communications, which is pivotal in today’s digital age.
“It is technically not possible to implement traceability without breaking end-to-end encryption, which would consequently compromise the security and privacy of users. It would also force criminals to create their own encrypted platforms, making it harder for law enforcement to get a hold of criminals on traditional encrypted platforms with the help of metadata,” he said.
Rizvi added that The Dialogue examined encryption from multiple aspects, and found that breaking encryption is not necessary to meet legitimate state interests, such as national security. “Alternative methods to tackle digital crimes do exist,” he explained.
“Instead of weakening encryption, law enforcement can utilise metadata — such as timestamp, IP address, patterns of how status is changed, registration data, which does not compromise content privacy.”
This approach, he said, aligns with principles like data minimisation endorsed by significant judicial precedents such as the Puttaswamy judgement in India.
How other countries deal with the issue?
This struggle between law enforcement agencies and tech giants over privacy of personal data of users is an ongoing discussion. Governments and agencies across the world are looking at enforcing rules for technology companies to enable access to users’ data, which may undermine the security of their devices or platforms.
“In the United States and the European Union, there is growing scrutiny over encryption, driven by the need to combat serious crimes such as the spread of child sexual abuse material (CSAM),” Rizvi said. “However, these regions have also shown a robust commitment to preserving individual privacy and security online,” he added.
The US, for example, has not enforced laws that require backdoors to be created into encrypted services, understanding that such measures could compromise the security of all users, he said.
Similarly, EU regulations, guided by robust data protection laws like the General Data Protection Regulation, uphold the sanctity of encryption while balancing it with law enforcement requirements.
Last year, in response to a legislation the UK government was working on, which may have compelled technology companies to break end-to-end encryption on private messaging services, representatives of leading instant messaging platforms, including Signal, Viber and WhatsApp wrote an open letter voicing their grievances.
“We don’t think any company, government or person should have the power to read your personal messages and we’ll continue to defend encryption technology,” the companies wrote in their letter.
They added, “We’re proud to stand with other technology companies in our industry pushing back against the misguided parts of this law that would make people in the UK and around the world less safe.”
The letter also said that, around the world, businesses, individuals and governments face persistent threats from online fraud, scams and data theft — “Malicious actors and hostile states routinely challenge the security of our critical infrastructure.”
Adding, “End-to-end encryption is one of the strongest possible defences against these threats, and as vital institutions become ever more dependent on internet technologies to conduct core operations, the stakes have never been higher.”
(Edited by Amrtansh Arora)
Also Read: WhatsApp should disclose origin of viral forwards. But don’t share it just with govt