Categories
Encryption Strengthening the Internet

Strong Encryption Is Central to Good Security – India’s Proposed Intermediary Rules Puts It at Risk

Security and encryption experts from around the world are calling on the Indian Ministry of Electronics and Information Technology (MeiTy) to reconsider proposed amendments to intermediary liability rules that could weaken security and limit the use of strong encryption on the Internet. Coordinated by the Internet Society, nearly thirty computer security and cryptography experts from around the world signed “Open Letter: Concerns with Amendments to India’s Information Technology (Intermediaries Guidelines) Rules under the Information Technology Act.”

MeiTy is revising proposed amendments to the Information Technology (Intermediaries Guidelines) Rules. The proposed amendments would require intermediaries, like content platforms, Internet service providers, cybercafés, and others, to abide by strict, onerous requirements in order to not be held liable for the content sent or posted by their users. Freedom from intermediary liability is an important aspect of communications over the Internet. Without it, people cannot build and maintain platforms and services that have the ability to easily handle to billions of people.

The letter highlights concerns with these new rules, specifically requirements that intermediaries monitor and filter their users’ content. As these security experts state, “by tying intermediaries’ protection from liability to their ability to monitor communications being sent across their platforms or systems, the amendments would limit the use of end-to-end encryption and encourage others to weaken existing security measures.”

End-to-end encryption is one of the strongest tools for digital security online. With end-to-end encryption, only the sender and intended recipients have access to unencrypted content, providing trustworthy confidentiality and integrity to their communications. As the threats to computerized and networked technologies increase, confidentiality and integrity is critical. Since no third party, including the platform provider, has access to user content in an end-to-end encrypted system, content monitoring or filtering is impossible. As the letter notes, “There is no way to create ‘exceptional access’ for some without weakening the security of the system for all.”

Whether intended to filter online misinformation or to provide access for law enforcement purposes, laws or policies like those being proposed in India would make the Internet less safe, unintentionally allowing access to online communications to malicious hackers and criminals.

It is imperative that digital security not be undermined for hundreds of millions of people in an effort to force blanket data retention and network observability. Digital security is the foundation of our connected economies and societies. It is up to governments to make the right decision and support strong digital security, and it is up to all of us to hold them to account.


Image: Guna city, India. © Atul Loke/Panos for Internet Society