Skip to main content

WhatsApp is illegal, will soon banned in India : Government


WhatsApp could have accidentally entered into troubled waters here in India by enabling its end-to-end encryption for all. The new security feature by WhatsApp is not what is required by the Indian telecom rules and WhatsApp could face a ban, if the rules are not adhered to. But not yet.

In India, companies need to follow the country’s rules and adhere to specific types of encryption, which WhatsApp does not currently use. WhatsApp’s end-to-end encryption on its chat service means that WhatsApp or anyone else won’t be able to crack open its contents.  Only the sender and the recipient are able to read the encrypted data. WhatsApp uses a 256-bit key for encryption of all chat messages, which is only known to the sender and the recipient.

Why is it not possible for WhatsApp to help decrypt users’ messages? "No one can see inside that message. Not cybercriminals. Not hackers. Not oppressive regimes. Not even us," WhatsApp founders Jan Koum and Brian Acton wrote on their blog.
However, as for the Indian rules, online services are only permitted to use up to 40-bit encryption. If they need to use higher encryption standards, they need to seek permission from the government, and the way WhatsApp is setup, it seems a bit too difficult to obtain the same. In order to get the required permissions and green flags from the Indian Government, WhatsApp needs to submit the keys, which sadly, they too actually don’t have.

Hence, indirectly, all those who are currently using the updated WhatsApp app in India are actually using it illegally, says the report.
However, according to the Indian encryption rules, OTT services, such as WhatsApp, do not require encryption standards like telecom operators do. Telecom service providers and internet service providers in India require a license from the DoT to provide encrypted services in India. These include internet telephony and chat services and a usage of up to 40-bit encryptions, only after depositing the decryption keys to the Telecom Authority. Since WhatsApp, Skype, Viber and such services are (over-The-Top) OTT-based and not telecom operations, they are not yet regulated in the country as they do not come under the encryption requirement laws.

The TRAI had released an OTT consultation paper back in 2015, but are yet to issue any such regulations in the matter. In the absence of such regulations, OTT services with such encryptions are presently free to operate legally in the country. However, things could change, citing lack of decryption keys and possibility of illegal activity with terrorist groups and alike on such OTT services.

In other countries, such as France, Skype was made to register with a telecom service provider in order to operate with the encryption standards it holds in place. Similarly, many other countries, including China, Germany and a few others, have also put regulatory systems in place. OTT services are well regulated in countries overseas.
Firstpost mentions Asheeta Regidi, an Indian cyber law specialist, stating, ‘WhatsApp, being an intermediary, is expected to comply with directions to intercept, monitor and decrypt information issued under Section 69 of the Information Technology Act, 2000. Complying with such a direction will now be impossible for WhatsApp in view of its end-to-end encryption. Even before the introduction of this, since WhatsApp is not a company based in India, it may have been able to refuse to comply with such directions. In fact, compliance by such companies in regard to data requests from the Indian government has been reported to be very low.’

The further reported that countries like India are currently looking to pass new policies on the new encryption standards. But it is presently unclear whether these new policies will bring new requirements on WhatsApp.

The big question now is that, will India allow WhatsApp to continue in India or will it enforce a new OTT regulation which will put encrypted services like WhatsApp, Skype, Viber and others into the grey zone?
courtesy : Deccanchronicle

Comments


  1. hank you for all your efforts and I know that they will be payed!
    What kind of photo sharing on WhatsApp is illegal in India?What is illegal or what should someone definitely not do with mobile advertising in their apps?It will be any effect of cyber security?may be its can be the great resource : (www.infosecaddicts.com)

    ReplyDelete

Post a Comment

Popular posts from this blog

Here Are 7 Brilliant Cheat Sheets For Linux/Unix

There's nothing better than a cheatsheet when you are stuck and need a reference. So here bringing to you 7 brilliant free cheat sheets.  1. Unix Tool Box : An incredibly exhaustive reference for all things Linux. This document is a collection of Unix/Linux/BSD commands and tasks which are useful for IT work or for advanced users. 2. One page Linux Manual : Great one page reference to the most popular Linux commands, it is a summary of useful Linux commands. 3. Linux Reference Card : One great reference published by FOSSwire. 4. Linux Command Line Cheat Sheet : This is an interestingly sorted and helpful cheat sheet by cheatography. 5. Linux Command Line Tips : This is a linux command line reference for common operations. Cleanly sorted and well described. 6. Treebeard’s Unix Cheat Sheet : A great reference that shows command comparisons with that of DOS. So if you are someone who was a DOS user and has switched to Linux, this is the best one too have! 7. Linux Shor

Extracting Administrator Passwords Using LCP

Extracting Administrator Passwords Using LCP Link Control Protocol (LCP) is part of the Point-to-Point (PPP) protocol In PPP communications, both the sending and receiving devices send out LCP packets to determine specific information required for data transmission. ■ Use an LCP tool ■ Crack administrator passwords Tools Needed ■ A computer running Windows Server 2012 ■ A web browser with an Internet connection ■ Administrative privileges to run tools                ■ You can also download the latest version of LCP from the link         http: / www.lcpsoft.com/engl1sh/1ndex.htm ■ If you decide to download the latest version, then screenshots shown     might differ ■ Follow the wizard driven installation instructions ■ Run this tool in Windows Server 2012 ■ Administrative privileges to run tools ■ TCP/IP settings correctly configured and an accessible DNS server Overview of LCP LCP program mainly audits user account passwords and

Ten Important Rules Of Ethical Hacking

The world of ethical hacking too is bound by a set of rules and principles, here are 10 crucial ones!   Time and again we have been bringing you valuable resources on ethical hacking since we know and understand the nature of things as far as security goes. Ethical hacking is picking up steam each day with more and more organisations spending heftily to maintain the sanctity of their systems and data. As such, ethical hacking is a glorious career option in the current scheme of things. 1.Set your goals straight To begin with, an ethical hacker must start thinking like the intruder. He must be able to identify the loopholes on the target access points or networks that are prone to attack, he must be aware of the repercussions of these loopholes and how the intruder can use it against the same. An ethical hacker then has to find out if anyone at the target notice the intruder's attempts to carry out his/her acts. Finding out and eliminating unauthorised wireless access point