WhatsApp can trace the origin of messages on its encrypted platform by embedding the first sender’s information alongside content, according to a report submitted to the Madras High Court.
On July 31, V Kamakoti a professor at the Indian Institute of Technology Madras, proposed two options that could be adopted by the US platform. In the first, it could embed information in an open and visible format; in the second, this would be encrypted, said the report.
“We provide two suggestions . However, WhatsApp Inc may have other methods for extracting original information,” wrote Kamakoti, who is a member of the National Security Advisory Board in the Prime Minister’s Office.
On July 24, the high court had directed Kamakoti to submit his ideas on technical possibilities of tracing origin of WhatsApp messages. ET has reviewed a copy of the submitted report.
In the first option suggested by the IIT-Madras professor, originator information is included along with each encrypted message. This means each recipient of a WhatsApp message or forward will get to know the identity of the person who originally sent the message.
However, in the second option while the originator information continues to travel with each message, the recipient is not able to view it, as the information remains encrypted. But, it can be revealed to law enforcement by WhatsApp, when and if demanded.
Kamakoti also clarified that if a message is modified in any way – be it through copy and paste, addition of text to media like images, audio or video by any user, then that user becomes the originator.
WhatsApp, which is under pressure from the Centre to allow traceability of content on its platform, said it had nothing new to add in reply to ET queries on the development. Last month, Will Cathcart, global head of WhatsApp, on his visit to India, reiterated the company’s support for encryption and how important it is for the product.
Messages sent to Kamakoti did not elicit a response.
The submission by Kamakoti is part of the ongoing hearing on two writ petitions filed in July 2018. While the original petitions sought interlinking of the Aadhaar database with social media profiles for authentication of identity, the division bench of the court, expanded the scope of the petitions to include issues including curbing cybercrime and intermediary liability within the ambit of the legal proceedings.
WhatsApp, Facebook, Google, Twitter, the central and Tamil Nadu governments are all parties to the case. Last month, the court allowed digital rights organisation, Internet Freedom Foundation, to act as an intervener in the case. The next hearing in the case is scheduled for August 21-22.
Legal experts feel that the case is not so much about the technical feasibility of any solution as it is about user privacy. “Many such technical solutions can be made. It’s about the actual impact on the underlying user rights, their privacy and free expression,” said a technology lawyer who did not want to be named.
In his submission, Kamakoti pointed out that WhatsApp has access to user details through the information it collects when the app is downloaded on a smartphone. This includes details on the hardware model, operating system, browser information, IP address, mobile network and phone number of the person.