Recent moves by governments around the world to limit the deployment of end-to-end or e2e encryption have been primarily motivated by three key, high-level factors – improving the ability for law enforcement to carry out investigations, handling particularly egregious content like Child Sexual Abuse Material, and the potential for mis/disinformation to spread without sufficient checks and balances. While a fair bit has been written on the first two factors, the mis/disinformation on e2e platforms like WhatsApp has received relatively lesser attention. India’s own traceability proposals – which are now law – were primarily motivated by a desire to hold the originators of such mis/disinformation accountable for their actions and have led to significant push back from industry and civil society, with legal challenges pending in multiple courts across the country.
We propose an alternative framing to the problem where the spread of mis/disinformation via such platforms is not a consequence of their deployment of e2e encryption, which in fact adds crucial elements of privacy and security for hundreds of millions of Indian users. On the contrary, these e2e platforms may be vulnerable to mis/disinformation owing to ineffective redressal mechanisms, unresponsive product design and gaps in digital literacy. The goal of this reframing is to showcase that rather than an ultimatum of enabling or disabling end-to-end encryption, more holistic solutions lie in collaboration between government and industry to keep the benefits of encryption while improving the context in which it is deployed to users.
Also read: A phone from makers of Pegasus spyware & other ways to protect your phone from hacking
Allow users to report texts easily
Even when users regularly receive messages that are clearly spam or mis/disinformation from content farms, it is often quite difficult for them to report messages and users to the e2e platform for action (including account suspension). This is despite many such messages containing content that violate the platform’s own conditions of service and/or legal provisions. Enabling users to report messages/users as easily as they can forward or delete them seems to be a low-hanging fruit that will allow for better accountability and user experiences while deterring malicious actors.
To ensure complete transparency, similar to online backup features in some services, when the user does report such a message, the app should explicitly state that doing so will mean the message will no longer be encrypted for the platform providers because it will (along with associated metadata) be shared with the platform for reporting and action, including possible sharing with law enforcement agencies. This will help ensure that users are aware of the consequences of such reporting while also providing platforms with more information voluntarily to incorporate as a part of their trust and safety efforts.
Responsive product design without breaking encryption
Despite many of the clearly recognised concerns with viral or illegal content on e2e messaging services, especially in emerging economies, service providers have often been slow in reforming their products to empower users with tools to combat real world harms that arise from misinformation while protecting e2e encryption. For example, while provided by some players in the industry, many services are yet to make it easier for users to be able to identify suspicious links and frequently forwarded messages in a user-friendly manner within their applications. As some instances in recent years have demonstrated, it is possible to do so without breaking e2e encryption or degrading its privacy protecting properties.
Another feature that services could consider making more widely available is empowering users to conveniently search the internet or fact-checking websites within the app. Allowing for the content of such forwards or viral content to be verified for their authenticity, when the user chooses to do so, would allow them to be warned of possible harm that may occur and make an informed choice before acting upon or sharing such messages.
Also read: ‘Tech difficulties can’t be an excuse to refuse compliance’: Modi govt defends IT rules in HC
Digital literacy is a shared responsibility
The spread (often inadvertent) of mis/disinformation on e2e platforms is fundamentally a problem of digital literacy and insufficient general awareness on how to verify news before forwarding it or sharing it widely on groups. The diverse stakeholders that make up the ecosystem, such as platforms, governments and media organisations, have a shared responsibility to improve the status quo in India on this front. It is equally vital that e2e services provide users with sufficient resources on the tools and skills needed to verify the messages they receive on their platforms. This could take the form of publicly available resources on websites, media awareness campaigns and when justified in special use cases (such as elections), proactive messaging both within and outside the confines of their platforms.
The various measures proposed above demonstrate that the false binary between encryption and public safety is often grossly exaggerated. Taking a more holistic approach to solving the underlying causes of societal harms or building products that empower users to do something about the harm when it does occur are both approaches that can tangibly move the needle on the issue. Most importantly, they can do so while protecting the clear benefits of privacy, security and freedom of expression that encryption provides to billions of users around the world. It is up to platforms and governments alike to recognise this and work constructively towards such solutions.
This article is part of a series examining the relationship between the global and the local, in partnership with Carnegie India, leading up to its Global Technology Summit 2021 (14th-16th December 2021). Click here to register.
Udbhav Tiwari is a nonresident scholar at Carnegie India. Views expressed are personal.