WhatsApp encrypts its messaging using a 256-bit key. However, according to a 2007 rule issued by India’s Department of Telecommunications, private companies cannot use encryption higher than 40-bits without permission from the Indian government.
“No one can see inside that message. Not cybercriminals. Not hackers. Not oppressive regimes. Not even us. End-to-end encryption helps make communication via WhatsApp private – sort of like a face-to-face conversation,” WhatsApp founders Brian Acton and Jan Koum said in their announcement.
This permission is given only if the party in question submits the decryption keys to the government. WhatsApp says it doesn’t have the capability because the encryption has been implemented without WhatsApp possessing these keys and even it can’t check what users are communicating over its platform.
WhatsApp counts India as one of its largest markets with over 100 million monthly active users or nearly 10 percent of its global user base. It is also the most popular instant messaging app in India, with 51% of Internet users in the country using the app every day.
However, its encryption can run into trouble with India’s investigative and law enforcement agencies tracking terrorists.
The Indian government has not made a comment on the announcement yet, but it can pursue the matter if it wishes to. In the past, several technology companies, most famously BlackBerry, have run into trouble with the Indian government over the security threat posed by encrypting.
In 2010, the government had threatened to ban BlackBerry over accessing its encrypted messenger and email service. It asked the smartphone maker to establish local data servers to reduce security issues, forcing the Canadian company to set them up in Mumbai in 2012.
There are numerous other instances of the Indian government restricting the use of certain digital platforms for their perceived security risks. In 2015, government officials were banned from using private emails such as Gmail and Yahoo for official correspondence. In 2014, the Indian Air Force also asked its staff to stop using Chinese smartphones, which it said were used for spying.
However, WhatsApp could use a loophole, which specifies that the rule only applies to Internet service providers. India is still in the process of drafting a national encryption policy, but has been criticised for breaching privacy.