On October 11, 2020 India became a signatory to the “International statement: End-to-end encryption and public safety”. Interalia the statement calls on technology companies to weaken end to end encrypted secure messaging by invoking concerns about public safety by stating, “enable law enforcement access to content in a readable and usable format”.
India is one of the 7 known signatory countries. This is a concerning development because the use of encryption has again come under political attack by parts of the security ecosystem. In fact, failure to encourage and expand the usage of encryption technologies puts individual users at risk. Here millions of Indians who today conduct their lives through digital tools are also entry point vulnerabilities unless their devices are secured through encryption. It is our belief that strong encryption is necessary to protect the privacy and security of individuals, businesses and government actors who use the internet, and this is especially true for groups which lack social power such as women and other marginalised communities. Any weakening of encryption standards would leave us all vulnerable to misuse of our personal data and communications by bad actors including malicious hackers, organised criminals, terrorist groups and hostile nation states.
Concerned by this development after it was brought to our notice by an IFF Forum Member, we filed Right to Information requests with the Ministries of Home Affairs, External Affairs and Electronics & IT asking them about India’s involvement in the Statement.
In a reply dated November 13, 2020, the Central Public Information Officer & Legal Officer of the Ministry of External Affairs’ Legal & Treaties Division, Mr. Sudheer K.J., has stated that,
“... we could neither trace any records under the jurisdiction of this CPIO nor could identify any other public authority which may possess related information pertaining to the subject matter of the query...”.
This response as well as a failure to identify other relevant public authorities to transfer the application to is indicative of either one of two situations. First, information under the RTI act is being withheld with respect to a matter that squarely falls within the ambit of public interest. Or, second, there is an absence of a proper coordination or consultation with the principal ministerial office, i.e. the Ministry of External Affairs as to an international statement. Either inference is troubling since the statement undermines the fundamental right to informational privacy that is preserved through end-to-end encryption.
In the first situation, we urge for immediate disclosure and in the second urge for greater coordination between the ministerial offices within the Union Government to examine the reasons and state them publicly on what prompted it’s assent to this international statement. Here, it should be noted that that in the unlikely outcome that assent to this statement was not on the basis of proper consultation within government offices, an urgent review must be conducted and a rights based assessment may be adopted after obtaining a legal opinion on the consistency of this international statement with the constitutional articulation of the fundamental right to privacy.
- “International statement: End-to-end encryption and public safety” dated October 11, 2020 (link)
- IFF Forum Member post “Yet another call for E2E backdoors" dated October 11, 2020 (link)
- Right to Information requests filed with MEA, MHA and MeitY dated October 13, 2020 (link)
- Reply received from MEA dated November 13, 2020 (link)