The Indian government’s recent faceoff with WhatsApp could mean a compromise one the latter’s end-to-end encryption. Do we really understand what end-to-end encryption is? Let’s decode this concept
Encryption is a way of scrambling data so that only authorised parties can understand the information that is being shared. In encryption, human-readable plain text is converted into incomprehensible text, also called cipher text. Encryption requires the use of a cryptographic key, a set of mathematical values that both the sender and the recipient of an encrypted message agree on. To decrypt this data, the sender and the receiver of the message have a key. Only this key can be used to decrypt the data.
That ensures the data remains secure. But encryption is of two types. Symmetric and asymmetric. This could pose some problems, as it could involve the sender transferring the key to the recipient and potentially exposing the key to nefarious actors. To counter this threat, we have end-to-end (E2E) or asymmetric encryption. What this means is that on WhatsApp, only the sender and the receiver can read their chat exchange. Not even WhatsApp can check the messages being exchanged between the two parties. It is this security feature that WhatsApp fears India’s new IT Rules may potentially undermine. WhatsApp says if it is required to identify the first originator of any piece of information, that would require it to store a digital signature for every message that is passed through its servers.