That article doesn't confirm an Indian government WhatsApp backdoor?
> Due to WhatsApp’s end-to-end encryption, messages sent between two users are only readable by them; even the service provider cannot decrypt the contents of the messages. This prevents any third party, including service providers (WhatsApp, Telegram), from accessing the messages
> no verified evidence to suggest that the government is directly accessing private WhatsApp chats
> WhatsApp itself does not store message content, and it explicitly states that it cannot and does not produce the contents of user messages in response to any government request
Reading between the lines, it sounds like they're getting encrypted chat content directly from the phones (and also metadata from providers).
I can't comment on what they're doing or not doing. But if they're getting chat content directly from the phones, say for example by having arranged with the app to cooperate with that exfiltration, then that is, by definition, a back door.
You must admit the way GP framed it strongly implies Meta gave the Indian government carte blanche access to intercept decrypted messages. That is a massive, order-of-magnitude different story than the Indian Gov't hacking phones (installing spyware, etc.) to exfiltrate messages decrypted on device. They are very different stories with very different implications.
>But if they're getting chat content directly from the phones, say for example by having arranged with the app to cooperate with that exfiltration, then that is, by definition, a back door.
Keyword being "if". There's no indication such backdoors exist, as opposed to something like malware being placed, or the phone being physically being tampered with.
A backdoor would be a feature of the service (be it on server or clientside) that'd explicitly allow for data exfiltration. The service provider complying with metadata requests and having vulnerabilities in their software are not backdoors, unless you can demonstrate that the metadata are oversharing info, or that the vulnerabilities are intentional.
I mean, right above the stuff you quoted, there is mention that govt. does now have the provision to access under exceptional circumstances:
> However, as Ashish Mishra, Partner-Cyber Security, NangiaNXT notes, “As of now, the government has the provision to access the encrypted messages under certain exceptions such as legal request, court matters, surveillance, and criminal investigations. The DPDP (Digital Personal Data Protection) Act, along with the Telegraph Act and IT Act, gives the government power to request such data from service providers.”
Given the general attitude towards digital privacy from the govt, I think it’s safe to assume they do have means to request.
It's unclear whether the government actually have the ability to read/intercept e2e messages, or merely declared they have the right to. That's an important distinction, because the government can declare it has the right to access such messages, without the service providers (ie. whatsapp) being able to follow through with it. We've seen something similar in uk, where a bill passed a few years ago gave the government the right to access encrypted data, and forced tech companies to provide access, but Apple didn't actually implement a backdoor. They instead decided to (very loudly) disable encryption entirely for the uk market.
The problem here is the govt/courts here downplay/ignore even the most straightforward RTI public (Right to Info) requests on many of these matters, the pegasus one still ongoing in courts even after all this time. Meta (FB’s) track record on these situations is spotty at best. WhatsApp is pretty much central to everything happening in India, whether for chatting with close ones, running businesses or amplifying political propaganda. IDK what WhatsApp looks like outside India but every govt. org, political party have verified accounts and directly message folks like me using the Biz APIs even though I’ve NEVER given them consent to do so before and AFAIK, there’s ZERO controls from user’s end to stop these.
I’d also have given WhatsApp a fair pass but Meta/Zuck has never shown any concrete proof that they stand by their users and not the ruling govt’s desires.
That along with all these events, quotes from ministry should suffice to have a reasonable assumption to not put trust on these platforms for private messages.
> Due to WhatsApp’s end-to-end encryption, messages sent between two users are only readable by them; even the service provider cannot decrypt the contents of the messages. This prevents any third party, including service providers (WhatsApp, Telegram), from accessing the messages
> no verified evidence to suggest that the government is directly accessing private WhatsApp chats
> WhatsApp itself does not store message content, and it explicitly states that it cannot and does not produce the contents of user messages in response to any government request
Reading between the lines, it sounds like they're getting encrypted chat content directly from the phones (and also metadata from providers).