India first democracy to ban encrypted messaging apps on a massive scale.

[Supt]

Only days before Press Freedom Day, India banned apps for secure communication because of "terrorists" use.​

India first democracy to ban encrypted messaging apps on massive scale. | Tuta

Only days before Press Freedom Day, India banned apps for secure communication because of "terrorists" use.

tutanota.com

 

[Shadowfell]

Indian government's attitude toward an Individual's privacy is the reflection of how the Indian society as a whole has no regard when it comes to invading an Individual's private space. From authoritative parents barging into their child's room unannounced to nosy neighbors or egoistic uncles anywhere in public, don't leave any chance to invade one's private space. It is just a sad state of affairs in general in our country when it comes to issues of privacy in general. Not much can be done unless more awareness is spread in the general populace regarding the downfalls concerning state supervision of each citizen's online footprint. The pretext used by the government that none of its citizens shall have any privacy because a minute percentage of the population uses the privacy features for nefarious purposes is not very convincing either.

 

[princeoo7]

Only days before Press Freedom Day, India banned apps for secure communication because of "terrorists" use.​

India first democracy to ban encrypted messaging apps on massive scale. | Tuta

Only days before Press Freedom Day, India banned apps for secure communication because of "terrorists" use.

tutanota.com

idiocy at its large

 

[kalph09]

This is not new. Many years ago...

Indian government threatening BlackBerry ban again

India may yet ban BlackBerry services after maker Research In Motion (RIM) said it was technically impossible to give government access to corporate e-mails.

www.infosecurity-magazine.com

 

[BullettuPaandi]

I think the title is misleading. From what I understand, certain apps that make search & seizure process complicated or even not possible are banned; not all encrypted messaging apps. I mean, WhatsApp is end-to-end encrypted; can't possibly imagine WhatsApp being banned in India.

Should search & seizure be as accessible to the government is a different question on it's own. But the point is, this ship has sailed long ago and most certainly has nothing to do with Press Freedom.

 

[gourav]

can't possibly imagine WhatsApp being banned in India.

IT cell people will go out of job

 

[SirVer]

I think the title is misleading. From what I understand, certain apps that make search & seizure process complicated or even not possible are banned; not all encrypted messaging apps. I mean, WhatsApp is end-to-end encrypted; can't possibly imagine WhatsApp being banned in India.

Should search & seizure be as accessible to the government is a different question on it's own. But the point is, this ship has sailed long ago and most certainly has nothing to do with Press Freedom.

The article says that at least one app (in this case Element) does have representatives and have in fact responded to communications from the Indian government in the past; if true, it would indicate that the stated reasoning may be a cover.

 

[BullettuPaandi]

The article says that at least one app (in this case Element) does have representatives and have in fact responded to communications from the Indian government in the past; if true, it would indicate that the stated reasoning may be a cover.

But, they didn't get into whether the response was complying with or refusing to a warrant. If they were complying, it actually gets funny - Imagine privacy being your app's USP & going to court against the government and say "But we gave it to you when you asked real nice!". Besides, there's no incentive for our government to ban a complying app.

So, I think they most likely refused, which is enough grounds for a ban.

 

[SirVer]

But, they didn't get into whether the response was complying with or refusing to a warrant. If they were complying, it actually gets funny - Imagine privacy being your app's USP & going to court against the government and say "But we gave it to you when you asked real nice!". Besides, there's no incentive for our government to ban a complying app.

So, I think they most likely refused, which is enough grounds for a ban.

But that wouldn't be the stated reason - the reason given was a lack of representation, not a lack of compliance. And if the lack of compliance is what caused the ban, then none of the other encrypted messaging apps are safe either, since being able to comply with data requests is antithetical to their intended purpose.

 

[Emperor]

IT cell people will go out of job

every party have IT Cell now days

 

[Mr.J]

The article says that at least one app (in this case Element) does have representatives and have in fact responded to communications from the Indian government in the past; if true, it would indicate that the stated reasoning may be a cover.

 

[BullettuPaandi]

But that wouldn't be the stated reason - the reason given was a lack of representation, not a lack of compliance

I don't think the GO even has to be so specific about it - Just some words around 'Sovereignty' & 'Integrity' is the usual. But if you're talking about stated reason from any official to media, this

The reason the officials give for justifying the ban is that these apps would not have "any representatives in India and cannot be contacted for seeking information as mandated by the Indian laws".

is what's there in the article and sounds like it covers both.

none of the other encrypted messaging apps are safe either

Safe from what exactly? :
- From a cyber-criminal? - safe enough;
- From a warrant? - Government says it shouldn't be. I'm personally fine by this if the warrant is obtained on reasonable grounds. Currently, it is all situational and depends on the judgement of the person who grants it. So, it could be open season for politicians to make/avoid power moves. This, I think, is the issue we are stuck with - what merits a warrant & what doesn't is not well regulated. Whereas, 'should data be immune to warrants' is an issue we practically can't afford to have.

being able to comply with data requests is antithetical to their intended purpose.

In a perfect world, yes. But it is mandated by our law.

 

[SirVer]

- From a warrant? - Government says it shouldn't be. I'm personally fine by this if the warrant is obtained on reasonable grounds. Currently, it is all situational and depends on the judgement of the person who grants it. So, it could be open season for politicians to make/avoid power moves. This, I think, is the issue we are stuck with - what merits a warrant & what doesn't is not well regulated. Whereas, 'should data be immune to warrants' is an issue we practically can't afford to have.

It doesn't matter if there's a warrant or not, because a warrant doesn't influence what is mathematically possible. The entire reason these apps are used is that no third party, not even the company themselves, are able to access that data, so there is no physical way they can comply with such requests. The only way for them to do so is to include backdoors which compromise the security and privacy of the service for everyone - are you saying that that's what should be done?

 

[BullettuPaandi]

because a warrant doesn't influence what is mathematically possible

I don't understand what you mean by this.

The entire reason these apps are used is that no third party, not even the company themselves, are able to access that data, so there is no physical way they can comply with such requests. The only way for them to do so is to include backdoors which compromise the security and privacy of the service for everyone

Any service that handles data is legally required to be able to gather them, when a state or central agency asks for it. The 'backdoors' don't necessarily compromise privacy or security by design. It is up to us whether or not to trust a service provider who's, again, legally required to be able to.

are you saying that that's what should be done?

I'm saying,

Should search & seizure be as accessible to the government is a different question on it's own. But the point is, this ship has sailed long ago

this is how it has always been, increasingly so with every national security issue.

Few contexts I think could be of help - Smarter Every Day's video regarding privacy. Vertiasium's video on a random case.

Only days before Press Freedom Day, India banned apps for secure communication because of "terrorists" use.​

India first democracy to ban encrypted messaging apps on massive scale. | Tuta

Only days before Press Freedom Day, India banned apps for secure communication because of "terrorists" use.

tutanota.com

In short words, this article is beating a dead, non-existent horse.

 

[SirVer]

I don't understand what you mean by this.

I'm talking about encrypted messaging. Take Signal, for example: it has end-to-end encryption, which means that the company and developers don't have access to the plaintext of the messages you send. This means that they are physically incapable of sharing that plaintext with governments.

Any service that handles data is legally required to be able to gather them, when a state or central agency asks for it.

Depends on what you mean by "data". If you mean the ciphertext, then sure, they can provide that to the government, but neither they nor the government will be able to do anything with it, unless they're aware of a viable attack vector for whichever encryption algorithm they use. If you mean the plaintext, then the only way they can comply is with backdoors, which should not be acceptable.

The 'backdoors' don't necessarily compromise privacy or security by design.

That is exactly what they do, by definition. The EFF - among other other NGOs and technical publications - have many articles explaining why; here's one of them for reference. You can argue that this compromise is worth it - and I would strongly disagree - but the fact that it would weaken security is inarguable.

this is how it has always been, increasingly so with every national security issue.

I don't believe that "we're so far down the slippery slope that it's not worth trying to slow down" is a productive mentality.

Few contexts I think could be of help - Smarter Every Day's video regarding privacy. Vertiasium's video on a random case.

Isn't that first video an argument against compromising E2E encryption?

I must admit that I'm confused by what your position is here, so if I've misunderstood or misrepresented what you're saying, I apologize and seek clarification.

 

[Supt]

I don't understand what you mean by this.

Signal got subpoenaed by California.
This was their response:

Grand jury subpoena for Signal user data, Central District of California (again!)

Signal still knows nothing about you, but inexplicably the government continues to ask.

signal.org

 

[ibose]

https://cybernews.com/news/signal-to-leave-uk/

 

[cellar_door]

I am sure the BJP unpaid labor dude will be here shortly to tell us how this is a good thing.

 

[BullettuPaandi]

I'm talking about encrypted messaging. Take Signal, for example: it has end-to-end encryption, which means that the company and developers don't have access to the plaintext of the messages you send. This means that they are physically incapable of sharing that plaintext with governments.

Depends on what you mean by "data". If you mean the ciphertext, then sure, they can provide that to the government, but neither they nor the government will be able to do anything with it, unless they're aware of a viable attack vector for whichever encryption algorithm they use. If you mean the plaintext, then the only way they can comply is with backdoors, which should not be acceptable.

That is exactly what they do, by definition. The EFF - among other other NGOs and technical publications - have many articles explaining why; here's one of them for reference. You can argue that this compromise is worth it - and I would strongly disagree - but the fact that it would weaken security is inarguable.

I don't believe that "we're so far down the slippery slope that it's not worth trying to slow down" is a productive mentality.

Isn't that first video an argument against compromising E2E encryption?

I must admit that I'm confused by what your position is here, so if I've misunderstood or misrepresented what you're saying, I apologize and seek clarification.

Signal stores encrypted messages temporarily only when the recipient is offline; Besides this edge case, messages are stored locally.

I think you were thinking only about text messages. I used the word data to collectively refer to whatever any service is holding. In your specific example where a message is E2EE what you're saying is true, for the encrypted message. I meant to include meta-data and other arbitrary data that the service could collect as well. For instance, WhatsApp & user location. This is straight from their privacy policy-

Location Information. We collect and use precise location information from your device with your permission when you choose to use location-related features, like when you decide to share your location with your contacts or view locations nearby or locations others have shared with you. There are certain settings relating to location-related information which you can find in your device settings or the in-app settings, such as location sharing. Even if you do not use our location-related features, we use IP addresses and other information like phone number area codes to estimate your general location (e.g., city and country). We also use your location information for diagnostics and troubleshooting purposes.

And so is this,

We access, preserve, and share your information described in the "Information We Collect" section of this Privacy Policy above if we have a good-faith belief that it is necessary to: (a) respond pursuant to applicable law or regulations, legal process, or government requests; (b) enforce our Terms and any other applicable terms and policies, including for investigations of potential violations; (c) detect, investigate, prevent, or address fraud and other illegal activity or security, and technical issues; or (d) protect the rights, property, and safety of our users, WhatsApp, the other Meta Companies, or others, including to prevent death or imminent bodily harm.

I'm sure every service makes a note of this legal obligation in their terms. And I thought this is what you meant by 'backdoor', my bad.

"we're so far down the slippery slope that it's not worth trying to slow down"

That is not what I mean.

are you saying that that's what should be done?

It sounded like you were talking about the future, so I basically restated this

this ship has sailed long ago

to add to how misleading the title is.

Isn't that first video an argument against compromising E2E encryption?

Yes.

I must admit that I'm confused by what your position is here, so if I've misunderstood or misrepresented what you're saying, I apologize and seek clarification.

I'm not here to oversimplify this into a left-right/good-bad political discussion. All I'm saying is, the current state of this is reasonable; only issue I have is this,

what merits a warrant & what doesn't is not well regulated

You seem to think that we're in the middle of a slippery slope; I think it is a reasonable adaptation that has questionable practice, which again just to stay with my point, that happened decades ago.
Expecting absolute privacy and/or proper regulation for warrants are both highly impractical & unlikely. So, I'm sure neither of us have a 'productive mentality' xD

 

[JMP]

Was Signal a part of this ban?