WhatsApp Help Center – What is traceability and why does WhatsApp oppose it?
How does “traceability” break end-to-end encryption?
WhatsApp deployed end-to-end encoding throughout our app in 2016, so that calls, messages, photos, videos, and voice notes to friends and class are entirely shared with the mean recipient and no one else ( not even us ). “ Traceability ” is intended to do the face-to-face by requiring private message services like WhatsApp to keep lead of who-said-what and who-shared-what for billions of messages sent every day. Traceability requires messaging services to store information that can be used to ascertain the content of people ’ south messages, thereby breaking the very guarantees that throughout encoding provides. In order to trace even one message, services would have to trace every message.
That ’ randomness because there is no way to predict which message a government would want to investigate in the future. In doing sol, a government that chooses to mandate traceability is effectively mandating a new class of mass surveillance. To comply, messaging services would have to keep giant databases of every message you send, or add a permanent identity cast — like a fingerprint — to private messages with friends, family, colleagues, doctors, and businesses. Companies would be collecting more data about their users at a fourth dimension when people want companies to have less information about them. 
How does traceability violate human rights?
Traceability forces secret companies to turn over the names of people who shared something even if they did not create it, shared it out of concern, or sent it to check its accuracy. Through such an set about, innocent people could get caught up in investigations, or even go to jail, for sharing contentedness that former becomes debatable in the eyes of a government, even if they did not mean any harm by sharing it in the first place. The threat that anything person writes can be traced back to them takes away people ’ second privacy and would have a chilling consequence on what people say even in individual settings, violating universally recognized principles of free expression and homo rights.
Read more: Dual_EC_DRBG – Wikipedia
Would traceability work?
No. decipher messages would be ineffective and highly susceptible to abuse. If you merely downloaded an image and shared it, took a screenshot and begrudge it, or sent an article on WhatsApp that person emailed you, you would be determined to be the originator of that contented. At another point, person might copy and paste the same patch of contentedness and send it along to others in an entirely different circumstance. Think of this like a tree with many branches — looking at precisely one arm doesn ’ metric ton distinguish you how many early branches there. 
furthermore, traceability inverts the way law enforcement typically investigates crimes. In a typical law enforcement request, a politics requests technology companies provide account information about a sleep together individual ’ s account. With traceability, a government would provide a technology ship’s company a firearm of contented and ask who sent it first gear .
Can WhatsApp work with law enforcement without traceability?
WhatsApp respects the significant work law enforcement does to keep people safe. Our dedicate team reviews and responds to valid law enforcement requests. We respond to valid requests by providing the limited categories of information available to us, coherent with applicable law and policy. We besides have a team devoted to assisting jurisprudence enforcement 24/7 with emergencies involving at hand damage or risk of death or serious physical injury. We systematically receive feedback from jurisprudence enforcement that our responses to requests help solve crimes and bring people to department of justice. It ’ second besides significant to understand that depending upon the nature of their investigations, law enforcement officials have multiple fact-finding tools, and may obtain information from many sources, including unlike companies, other governments, or from users ’ devices. More information about how we work with law enforcement can be found here .
What experts are saying about traceability:
- Mozilla: “The open internet is fundamentally based on the principles of interoperability and common standards, which may begin to fragment under these rules. Some provisions, such as those enabling traceability of encrypted content and automated filtering, are fundamentally incompatible with end-to-end encryption and will weaken protections that millions of users have come to rely on in their daily lives.”
- Access Now: “The mandates in the new [Indian IT] rules would result in encouraging internet platforms to over-censor content, require dangerous unproven AI-based content regulation tools, retain vast amounts of user data for handing over to the government, and undermine end-to-end encryption crucial for cybersecurity and individual privacy.”
- Internet Society: “The Internet Society reiterates its concern, shared by cybersecurity experts, that in order to comply with these traceability requirements, platforms may be forced to undermine end-to-end encryption.”
- International coalition of civil society organizations and security researchers: “Undermining security features in order to ensure traceability would affect all users of that platform, not just those that are the subjects of the information request. Protections for privacy, data security, and free expression that are derived from the availability of strong encryption would be weakened or eliminated through the use of this amendment.”
- Center for Democracy and Technology: “The guidelines would require WhatsApp to archive what each user shares, robbing them of the absolute privacy provided by end-to-end encryption, one of the app’s longtime user benefits. One large country, by adopting and enforcing these rules, could make it so that large messaging platforms either pull out or don’t offer encrypted services all over the world.”
- Stanford Internet Observatory: “Confidentiality and integrity are core underpinnings of data security. Not even the provider of an end-to-end encrypted service can decrypt encrypted information. That’s why end-to-end encryption is incompatible with tracing and filtering content…When intermediaries employ end-to-end encryption, that means stronger security for communities, businesses, government, the military, institutions, and individuals—all of which adds up to the security of the nation. But the new traceability and filtering requirements may put an end to end-to-end encryption in India. The revised intermediary rules put the whole country’s security at risk.”
- Electronic Frontier Foundation: “Ultimately, any implementation [of traceability] will break users’ expectations of privacy and security, and would be hard to implement to match current security and privacy standards. Such changes move companies away from privacy-focused engineering and data minimization principles that should characterize secure private messaging apps.”
- Internet Freedom Foundation: “The government will break any type of end-to-end encryption to gain knowledge of who sent what message and also get to know its contents. Also, this specific requirement will break existing protocols for the deployment of end-to-end encryption that has been built through rigorous cybersecurity testing over the years!”