WhatsApp’s decision to encrypt all chats and calls for its one billion users across the world by default earlier this week, may have made the popular messaging app illegal in India.
WhatsApp encrypts its messaging using a 256-bit key. However, according to a 2007 rule issued by India’s Department of Telecommunications, private companies cannot use encryption higher than 40-bits without permission from the Indian government.
“No one can see inside that message. Not cybercriminals. Not hackers. Not oppressive regimes. Not even us. End-to-end encryption helps make communication via WhatsApp private – sort of like a face-to-face conversation,” WhatsApp founders Brian Acton and Jan Koum said in their announcement.
This permission is given only if the party in question submits the decryption keys to the government. WhatsApp says it doesn’t have the capability because the encryption has been implemented without WhatsApp possessing these keys and even it can’t check what users are communicating over its platform.
WhatsApp counts India as one of its largest markets with over 100 million monthly active users or nearly 10 percent of its global user base. It is also the most popular instant messaging app in India, with 51% of Internet users in the country using the app every day.
The Indian government has not made a comment on the announcement yet, but it can pursue the matter if it wishes to. In the past, several technology companies, most famously BlackBerry, have run into trouble with the Indian government over the security threat posed by encrypting.
However, WhatsApp could use a loophole, which specifies that the rule only applies to Internet service providers. India is still in the process of drafting a national encryption policy, but has been criticised for breaching privacy.