Image source - https://bit.ly/3kbZfDi

This article is written by Rishabh Shukla, pursuing B.A.LL.B (Hons) from the Maharaja Sayajirao University of Baroda, Faculty of Law. This is an exhaustive article which deals with all aspects of encryption, its increasing impact on government, individuals, laws, and accessibility of encrypted communications by legislative authorities.

Introduction

The term privacy refers to one of those aspects of life that concerns everyone. Every person on this planet has their level of privacy which they wish to secure from others, even when it comes to basic aspects like communication. That is why these days, people are rapidly heading towards applications that provide a safe and secure flow of their data and communication. To quote examples, applications like WhatsApp and Facebook provide this service through a term known as ‘encryption’. However, it is pertinent to note that applications like these prove to be a pain for the government in many instances. Encryption is a crucial concept when it comes to protecting the private information and data of individuals. Also, the right to privacy is one of the Fundamental Rights as declared by the Hon’ble Supreme Court of India, under Article 21 of the Constitution.

However, one must not forget that every coin has two sides, and therefore one must not study the concept of encryption only from one side. Along with the positive effects that it holds, encryption also invites negative effects. Because of the high-level security of encryption, end-to-end encryption gives easy access to the commission of crimes and to get away with the same easily, since no one can trace the origin of the information or the user engaged in such activities. Even the companies themselves, who are providing such high-level services fail, resulting in the government facing obstruction in tracking down the origin of the culprit and maintaining law and order. This speaks regarding needs and laws that are specifically concerned with the term encryption, meaning, level of security, the flow of personal information, the encryption provided by foreign and domestic companies. This article deals in every detail with all the aspects of encryption, its increasing impact on government, individuals and laws. In addition, it attempts to answer the question as to what extent can the government access encryption communication.

Download Now

Technological influence on the relationship between the government and the citizens 

Today, the concept of E-government (electronic-government) defines the new form of relationship that exists between governments and their citizens. This relationship is incorporated with the execution, development and application of computer instrumentation such as information and communication technologies.

This new way of functioning of the government believes that change is deeper. It goes beyond the technological aspect and focuses on changes that are specific to the public and the government itself. A set up of association and administration of public undertakings, presenting positive transformational processes in their administration and the institutional structure itself, increasing public value to the services provided and the procedures mandates, through the introduction and continuous appropriation of information and communication technologies as a facilitator of these transformations.

This technological reform results in improving the efficiency of the administration and government and thus, introducing it closer and in an easier way to citizens. Public administration is facing challenges to have an efficient and authentic administration, since various activities, including information, can be accessed sitting comfortably on a couch, anytime, anywhere. Additionally, it also results in the reduction of access costs, resources, and time, and eliminates every geographical barrier that may exist.

To wrap it up, the following are the advantages of the implementation of e-Governance:

  • Improved services to the citizens
  • Effective and efficient control over the organization and management
  • Efficiency in the distribution of resources
  • Increasing autonomy, through the extension of self-service
  • Reduction in time and costs of management
  • Elimination of existent geographical barriers

That is the reason why Information and Communication Technologies (ICT) could be a possible solution for increasing the efficiency of the public sector and crucially promoting democratic values, equality, equity, and citizen participation.

The intervention of the concept of the right to privacy 

The validity or invalidity of restrictions on the practice of encryption and cryptography remains mere speculation, in the cases of any issue that is affecting constitutional rights. While it is true that the right to privacy is recognized as an inherent right under the right to life with dignity given in Article 21 and the right to freedom of speech and expression, given in Article 19 of the Constitution, nonetheless, must be stood as a hindrance in restraining such activities that might otherwise be deleterious to national security and interests. Both of these rights contain certain express conditions, as to when they may be deprived.

The protection of privacy acquires greater intricacy within the e-government, because of the fact that it creates a high impact on legal aspects of State security and public affairs. In addition, it is strongly linked to the privacy rights of the citizens. 

In many instances, the legal framework may result in adding difficulties to larger-scale or automation projects. These existing gaps can even result in a contradiction of equal premises. The incorporation of technology into public processes might end up resulting in violation of the privacy of citizens – from capturing their personal data to dissemination, allowed or not, of theirs.

This is the reason why public agencies must indulge in building new processes in order to guarantee the safeguarding of all the information that they collect on the citizens and companies, ensuring the implementation of the relevant security measures and steps, to control access to the information.

To sum up, the implementation of the e-government may result in social improvement, as long as these organizations take into account their planning and consider the risks that are involved. In addition, the government must work on two lines: to ensure all citizens access to technological channels and to make them learn to safely use these new tools.

When it comes to the concept of the Indian Constitution and privacy, the last few decades have seen tremendous growth in the belief that the Indian Constitution contains rights in addition to those that are expressly mentioned in its content. These rights can also be termed unenumerated rights. A simple rationale that is behind this formulation is that enumerated rights would be completely meaningless without providing for certain other additional rights by implication.

Whereas, when it comes to privacy as it is defined in the Indian Information Technology Act, 2000, during the time of legislating on cyber laws, the Parliament of India seemed to have neglected at a large level, the issue of privacy of personally identifiable information or personal secured information. Apparently, there is only a single provision that deals with the same, that is, of Section 72 the Act, which establishes an Information Technology Offence for “Breach of Confidentiality and Privacy”.

Government access to encryption – a threat

With India poised to unveil the new rules that clearly are threatening encrypted communications in and around the world at large, it is safe to state that the fight of encryption is now fully underway.

It must be noted that as per the privacy policies of the applications including WhatsApp and Facebook, the messages that are end-to-end encrypted can only be read by the sender and the recipient of such messages. The encrypted platforms themselves cannot have the access to read these messages, because they don’t have a key to the same. These policies have led to periodic attempts by the administration and legislative authorities to force these platforms to create so-called “backdoors” that would allow them to easily have access to the contents of these messages. Although platforms have resisted the same, and the issue has generally been in a deadlock.

In India, things are moving at a rapid pace to make the concept of end-to-end encryption illegal. India has sought to exert a significant amount of control over the internet in the wake of lynchings that were committed after false rumours spread on WhatsApp. The Indian government has often opted for extremely harsh ways in order to regulate the web – including shutting down internet access at least 95 times last year, and also not to forget, an indefinite shutdown in Kashmir, an act that an honourable judge termed as an “abuse of power” earlier this year.

The set of rules that were proposed over a year ago, would result in forcing these tech platforms to cooperate continuously with requests by the government, without requiring so much as a warrant or court order. Among these requirements is one, that any post can be “traceable” to its origin. In what is believed to be a world-first, the rules would require tech companies to do the investigating and to deploy their sophisticated tools in order to track the spread of a post on their server to its point of origin, and then turn such information received over to law enforcement.

This approach is apparently quite different from the current approach, wherein the Legislative Authorities identify a suspect and then ask these platforms to supply information about them. Now, the companies involved in technological stuff could essentially be required to serve as subordinates of the state, conducting investigations on behalf of law enforcement, without so much as a court order.

Advantages of encryption 

Encryption has various advantages, they are listed as follows:

  1. It can protect information that is stored in any device from unauthorized access, including people who might otherwise have access to one’s devices.
  2. It can help protect information while it is in transit from one device to another.
  3. Encryption can help in deterring and detecting accidental or intentional alteration in data.

Limitations of encryption 

Along with its advantages, encryption has various advantages as well, including:

  1. It is not capable of preventing or safeguarding an attacker from deleting the data together.
  2. A cyber hacker or persons involved in malpractices of information technology can compromise the encryption programme itself. Such an attacker might modify the programme to use a key different from one that is provided or might record all of the encryption keys in a special file for retrieving it later.

Comparative analysis

The dual-use cyber-tech of India is apparently not at par with its western competitors. In addition to this, it is a well-known fact that India is also not a part of cooperative espionage networks like the Five Eyes. In this backdrop, sophisticated encryption is the only viable way to keep data secure both within domestic borders and without.

More and more countries nowadays are choosing to reflexively regulate their encryption. It is therefore crucial for India to take a considered approach. Several international trends have shown that countries that have influential governments and opaque intelligence services are not in the favour of end-to-end encryption. These include countries like Russia, Pakistan, Kazakhstan, Colombia and China. There are two major reasons why India should not follow their lead in setting down its standards on encryption that are more restrictive than market standards. The first one being, an Indian internet user is heavily reliant on the services of companies that are based abroad unlike, say, a Chinese citizen. If India imposes data disclosure mandates that are not compatible with their domestic standards, then there are chances that these requests will fail (as they do under a Mutual Legal Assistance Treaty). Given the fact that the United States and Germany are the clear market leaders in the number of encryption products, Indian policymakers must keenly watch the approach that these governments take towards encrypted platforms.

In India, encryption is mainly controlled by the Information and Technology Act, 2000. In the year 2008, an amendment was made in the IT Act which added Section 84A, a provision that gives enormous power to the government to prescribe modes and methods for encryption. But sadly, no progress has been made by the government so far after that. In India, no law is solely dedicated to encryption.

Conclusion

To sum up, I would like to conclude that encryption is something that is used by many applications and service providers in order to protect the data and information of their users. It is a process through which messages sent by one party gets converted into undecipherable random text which can be made decipherable by encryption key only when it is received by the receiver on the other end. Today, encryption is used by various internet providers, including Facebook, WhatsApp, Service providers, and even some private companies. The growing upgrade in technology along with the growing reliance on online applications speaks volumes for the urgent need to make encryption laws for various reasons, one of which is national security. There have been many instances wherein a crime was initiated or planned or agitated through such online applications, but end-to-end encryption present in such applications made it difficult for the government to locate the whole racket of culprits or the original sender. An example of the same is the famous Blackberry case wherein, it was found that the members of terror attacks in Mumbai communicated the whole plan through their blackberry devices. 

With a plurality of various actors and interests that are involved, encryption can perhaps be referred to as one of the most complex issues of the decade. It includes the implication of rights, commerce, law enforcement and intelligence. The Draft Policy of India fails to truly address the multifarious issues at play, it only addresses law enforcement concerns. Privacy activists and the ICT industry have long favoured stronger encryption standards. However, one major stakeholder that has not yet weighed in on the debate is the intelligence community. Like law enforcement agencies, espionage organisations also prefer to go for easy access to information. However, unlike law enforcement agencies, intelligence organisations are mandated with maintaining ‘information assurance.’ This involves protecting domestic data from being intercepted and exploited by foreign intelligence agencies and non-state actors. 

References


LawSikho has created a telegram group for exchanging legal knowledge, referrals, and various opportunities. You can click on this link and join:

https://t.me/joinchat/J_0YrBa4IBSHdpuTfQO_sA

Follow us on Instagram and subscribe to our YouTube channel for more amazing legal content.

LEAVE A REPLY

Please enter your comment!
Please enter your name here