A fine balance between privacy and national security can be achieved technically, says Prof Veezhinathan Kamakoti of the Department of Computer Science and Engineering, IIT Madras, and a member of the government of India’s National Security Advisory Board. Kamakoti assisted the Madras High Court two years ago, as an amicus curiae, in a case Antony Clement Rubin case, relating to WhatsApp message tracing. (Rubin, an animal activist, complained to the court after he received threatening messages on WhatsApp over his protest against jallikattu, a bull-taming game, popular in Tamil Nadu.)
Talking to Business Line today, Kamakoti recalled his suggestion to the court and said it was “the best balance between anonymity and national security.”
The suggestion is basically that each time a message is forwarded, an encrypted identity (encrypted originator information, or EOI) of the originator travels with it. The recipient of the message still does not know who the originator is. Anybody who is aggrieved at a message sends the message to WhatsApp—the EOI goes along with it.
WhatsApp receives the message along with the EOI. Since it has the ‘private key’, it can easily find out from which number the message originated. Since WhatsApp collects all device-specific details, including location, when a person installs it, it will know the identity of the originator, once it knows the mobile number.
Note here that WhatsApp will know anything about the originator only when someone shares the EOI with it, not until then.
Now, WhatsApp may decide to reveal the identity to a law enforcement agency, or it may not. If it doesn’t mind revealing the identity, the matter ends there. If it does not want to, there, a judicial process, such as arbitration, may start at that point.
Kamakoti stresses that the government’s regulations are not to gain access to the contents of any message in the platform, but only to enable the government to know who sent it first, after it is reported on by an aggrieved party. Nor would the government or anyone know the path the message travelled, so it is not ‘tracing’, but only jumping straight to the originator.
Kamakoti’s suggestion finds a way of getting around the point, raised by Facebook’s advocate, Mukul Rohatgi, that WhatsApp could not decrypt private messages shared on its platform because the key required to decrypt the message was only available with the user and not WhatsApp.