Open in app

Sign in

Write

Sign in

Traceability Trading Off Encryption — What Matters More To WhatsApp

Shilpa Singh
6 min readMay 27, 2021

Privacy is security yet personal. Yet Security is not just personal.

Sourced from Pexels.com by PhotoMix Company

It does not feel great to read a headline which says — WhatsApp sues India for Privacy. Yes, it does not and not just for the reason I am an Indian but more as it comes from WhatsApp and over the much spoken privacy terms of WhatsApp recently. The entire globe has been criticizing WhatsApp for hindering the privacy & doubting some sharing between Facebook & WhatsApp applications which in turn has resulted into hesitation among many to accept the updated privacy terms by WhatsApp. In fact there has been an increased adoption of other social interaction platforms like Telegram & Signal in place of WhatsApp.

So, when I read these headlines yesterday it made me dig into the matter and understand how much reality does the click bait headlines holds. And certainly, I discovered that there is slight oversight of understanding what we are carrying and discussing over internet mediums.

WhatsApp has sought court to declare that one of the new IT rules is a violation of privacy rights in India’s constitution since it requires social media companies to identify the “first originator of information” ( News Source — Reuters)

Here is a brief exploration on this subject and my viewpoints. Of course, we get to wait & watch how these proceeds but what’s wrong in penning down the thoughts while we see through this journey of self-conflicting situation of common objective.

What Is Encryption & Why

It is the most fundamental and foundational method of security the digital data communications over network — Intranet ( Within a restricted administrative network ), Internets ( The connections between different networks ) or INTERNET ( The World Wide Web ). It includes both wired & wireless communications. It meets of one three pillars on which security stands on digital network — CONDIFENTIALITY.

It is the process which makes the transmission of data over internet SECRETIVE. The plaintext or clear text information is encoded and converted into ciphertext. This is an algorithmic process done with the help of keys — Symmetric & Public Key. More on encryption.

Why — Since the data might contain information like password, personal financial details and so on which can be intercepted if cleartext and hence it is encrypted for maintaining the privacy of the data. The keys ensures that only the recipient reads the decrypted data. This in short also is end to end encryption. No one else but only sender & recipient sees the data.

ENCRYPTION MEETS CONDIFENDIALITY TO HONOR THE PRIVACY

What Is Traceability & Why

In the event of occurrence of undesirable cyber incident — be it a theft of identity, data, money or cyber crime itself, one of the most critical factors for the containment & justice is TIME. It is quite logical that more we delay, more we go far from the logical conclusion to the offense. Hence, traceability crucial & there are several downsides of delay much beyond the delay -

  • Loss of Evidence due to delay
  • The impact analysis of the compromise gets delayed.
  • The containment gets delayed as the scope of impact is not yet determined.
  • Many associated elements can be traced off & perhaps might never be found.
  • Much like real world crime, delay in tracing the origin of the crime is directly proportional to the damage of the crime.

But what exactly traceability means in digital world. It is an ability to trace the key digital attributes of the origin to be able to reach the offender/suspect with confidence. It can be –

  • Username
  • Originating IP Address
  • The MAC Address of the device in use
  • Unique Device ID mapped with user.
  • Protocol Port number of the application used during suspected offense.

There can be more specific details around the device involved in the cyber offense which can be used for tracing while these remains some basic attributes to pinpoint the start of investigation itself.

Let us explore why we need these processes in place for digital communications and what is becoming the conflict between the two.

The Trade-off war — Are they really Contradicting

Privacy is becoming a burning concern in this digitally growing era –

  • The pace of which is exponential.
  • The variations and the volume of innovation is beyond one’s tracking.
  • The scope of digital footprint is near to unlimited.

But at the end each of this digital footprint is by a human mind and a heart driven by emotions. Privacy is much associated with the psychology of the human existence. It is an unease to be “not private” knowingly. Most of the privacy in current times is being hampered unknowingly.

But there is a catch here –

PRIVACY IS FUNCTION OF SECURITY. PRIVACY IS PRESERVATION.

We maintain our privacy mostly for the sake of our safety. We do not share our details in the fear of being compromised. We fear to expose ourselves as we do not trust everyone enough to let our vulnerabilities be exploited. So do we have encryption in place for almost the same reason.

CIPHER IS TO CLOSE EXPOSURE. IF NO ONE CAN SEE, NO ONE CAN COMPROMISE.

The trade-off is tough to solve as one side speaks about — Personal security and the other is debating for — National or authoritative governance for law & order. There is a predominant overlap of objectives itself and hence contradiction is not that real.

“WAR IS TOUGH AS THEY ARE NOT AGAINST EACH OTHER BUT A COMMON THIRD ENEMY”

Sourced from Pexels.com

Is claim by WhatsApp over violation valid?

There are several ways traceability can be achieved. There are certain factors important to be understood before understanding if it really violates privacy are as below –

  • Under what conditions, the traceability is being requested?
  • The concern is in arriving the origin and not the source. If the source is disclosed during investigation, how only origin becomes a concern of privacy?
  • More ethical questions to WhatsApp -
  • Who would be the authorized bodies to be able to request traceability? Are they the same people WhatsApp shares all the details of the communication during investigations?
  • What is WhatsApp’s approach to meet cybercrimes held on their platform?
  • Who is accountable for a platform which can become a proliferating ground for crimes and platform remaining incapable to containing or concluding the offense?

Perhaps it is current technical limitation to preserve originating identifiable attributes than a matter of privacy specially in case of multiple forwards. Perhaps not but such details from WhatsApp would assist in understanding the current challenge to meet security.

I would ask WhatsApp — What would you choose, SECURITY OR PRIVACY?

What can be Future Ahead?

Here is how I dare to see some solutions for this situation. Although it might sound easy to say but on a high level after some hours of deep introspecting on this self contradicting situation in last 24 hours, this is what strikes my mind.

LONG-TERM SOLUTION

  • Internet Governing Bodies to Come Up with a Way to Preserve Key Attributes in Easily extractable forms without impacting how the complete data is stored or transmitted.
  • The traceable meta data can be detached with the remaining part of the data exchanged & transmitted. Both to be encrypted differently with stronger encryption on the message and lesser encryption on the identifiable attributes.

Short Term –

  • Nation imposing the regulations must have well defined scope for traceability scenarios such as in which situations one is eligible to conduct traceability.
  • It is also crucial to scope limit who can conduct traceability.
  • Traceability outside the scope of scenarios or outside the scope of authority in itself can be an offense.
  • Authorized legal bodies must be enlisted for these scenarios.
  • There should be awareness given to all cyber users if they are using a service or product or application which is traceability enabled.
  • Much like privacy acceptance policy, we must have a tracking acceptance policy for legal purposes.

IN SHORT IT IS THE TIME WE INNOVATE THE WAY WE ENCRYPT SO THAT EVEN IF “WHO” IS KNOWN, “WHAT” IS STILL PRESERVED.

This is a pure outcome of my brainstorming with myself and I would continue to research and explore more on this area. Thanks for reading if you could come this far 😊 and feel free to reach out for any interesting views on the topic.

Cybersecurity
Encryption
Privacy
Security
Cybercrime

--

--

Shilpa Singh

Written by Shilpa Singh

56 Followers

Cyber Security Expert, Hands On Product Manager, Team Leader, Mentor & Trainer, Content Creator. Blogger & Writer By Interest. Learner & Explorer By Passion.

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams