Encryption digest (April 2021)

6 May 2021

This extract is taken from the April 2021 issue of The digest, GPD’s newsletter. Sign up here.


Intermediaries face pressure over encryption in India, the UK and Mauritius

Over the last few months, India’s controversial new Intermediary Guidelines have faced increasing challenge from a range of sources.

Back in February, GPD, among many others, raised concerns about the potential human rights risks posed by the (then leaked) Guidelines—which require intermediaries to have access to all traffic on their platforms, including encrypted communications. Since then, three court cases have been brought against the Guidelines: two at the Kerala High Court (including one led by Global Encryption Coalition member SFLC.in), and another in Delhi.

In likely response to the controversy, the Ministry of Electronics and IT (MEITY)—who made the Guidelines, and is now developing Standard Operating Procedures to implement them—indicated that it is open to receiving questions from civil society. In April, they opened a consultation (with a notably short timeframe) to which civil society groups, including MediaNama, submitted questions—aiming to gather specific and concrete responses on the government regarding the impact of the rules on encryption. It’s not clear yet when MEITY will respond, or how much they will be willing to say.

India’s government isn’t alone in seeking restrictions on encryption. This month, the Mauritian government opened a consultation around new government proposals to regulate social media companies’ deployment of encryption, which may impose the same traceability requirements we’re seeing in India.

And in the UK, the long-awaited Online Harms Bill—likely coming in June—is also expected to carry damaging ramifications for intermediaries deploying end-to-end encryption. In a recent speech at the annual conference of The National Society for the Prevention of Cruelty to Children (NSPCC), Home Secretary Priti Patel described Facebook’s plans to roll out end-to-end encryption on its Messenger platform as “unacceptable”. The NSPCC itself has previously described private messaging as “the frontline of child sexual abuse online”. As Open Rights Group noted in its response to the conference: “Calls to remove end-to-end encryption, as a means to protect children, disrespect children’s right to privacy as much as that of adults.”

Other news

  • Encryption needs to be defended at the regional level, too. This month, we signed onto a joint statement on the EU’s proposed measures to fight child sexual abuse online, alongside almost 30 fellow members of the Global Encryption Coalition (GEC).