WhatsApp and Facebook are challenging India’s amended IT Rules, claiming they infringe on privacy rights and are unconstitutional. At a Delhi High Court hearing, WhatsApp argued that being forced to decrypt messages could shut down their service. A key issue is Rule 4(2), which mandates social media companies to trace the original source of messages under certain conditions. WhatsApp contends this would require them to store messages for years, a demand not made in any other country, including Brazil.
The Indian government argues that these companies, which profit from user data, don’t have a basis to claim they protect user privacy. The government insists these rules are vital for law enforcement to track false messages and uphold public order. The Ministry of Electronics and Information Technology supports the rules, stating they meet global standards and ensure accountability of digital platforms, keeping the internet secure and respecting citizen rights. The case has been adjourned to August 14 for further consideration.
Why does it matter?
Since adopting end-to-end encryption in 2016, WhatsApp has prioritised privacy and security. In India, where it is the leading messaging app with over 900 million users, it has become a key tool for government communications. Over the years, WhatsApp has expanded its reach to include various government bodies that use it to disseminate vital information. With such a vast user base and an important role in public communication, the outcome of this situation could have dramatic consequences for India’s informational ecosystem.
Japanese ICT company Fujitsu announced that it had conducted successful trials to evaluate the widely-used RSA encryption for possible vulnerability to code-cracking by quantum computers. Fujitsu conducted the trials in January 2023 using its 39 qubit quantum simulator to assess how difficult it would be for quantum computers to crack existing RSA cryptography. Fujitsu researchers discovered that a fault-tolerant quantum computer with a scale of approximately 10,000 qubits and 2.23 trillion quantum gates would be required to crack RSA, which is much higher than current quantum computing capacities.
A new IBM report titled Security in the quantum computing erahighlights that quantum computing has the potential to affect encryption. Currently used data encryption mechanisms such as public-key cryptography (PKC) can become vulnerable: using quantum computing protocols, bad actors can easily decrypt data. The report suggests the need to plan for quantum-safe cryptography and crypto-agility.
Meanwhile, Chinese scientists have claimed they are capable of breaking encryption by using ‘a universal quantum algorithm for integer factorization that requires only sublinear quantum resources’. They argue that their method would break the RSA-2048 scheme – a public key cryptosystem used widely by governments, tech companies, the defence sector, and app developers for data security – with the use of a 372-qubit quantum computer. However, several encryption experts are sceptical about this claim.
The Defense Advanced Research Projects Agency (DARPA) announced a multimillion-dollar contract with Duality Technologies, a firm specialising in homomorphic encryption designed to withstand quantum computing attacks. It does so through higher dimensions of security and more complex encryption keys compared to classical measures. In addition to being post-quantum, homomorphic encryption can be used to protect data when in use. This is critical because oftentimes, encryption is deployed to protect the material from a storage site to a user while in transit. By serving as an end-to-end encryption style, sensitive information is less vulnerable to attack.
US President Joe Biden has signed the Quantum Computing Cybersecurity Preparedness Act into law. The law is designed to secure federal government systems and data against the threat of quantum-enabled data breaches. It sets out a number of obligations for federal agencies to prepare their migration to quantum-secure cryptography.
Apple announced that it would fully encrypt backups of photos, chat histories, and most other sensitive user data in its cloud storage system worldwide. The US Federal Bureau of Investigations (FBI) responded with concerns over end-to-end encryption hindering their investigative capabilities, requesting ‘lawful access by design’ in the age of ‘security by design’.
Apple also stated that it would make iPhones compatible with physical security keys connected to the phone, allowing consumers to require them for access to their accounts from new devices. This is envisaged to be rolled out worldwide next year.
In an interview for TIME magazine, Signal’s President Meredith Whittaker confirmed that the communication app is preparing for post-quantum cryptography. The company is investing in research to update the Signal protocol for quantum safe cryptography. The ambition is to roll out the protocol before it becomes necessary, but it still will take some time to be finalised.
The German Fraunhofer Institute, the German Federal Printing Bureau, and Infineon Technologies AG have presented the first demonstrator for an electronic passport that meets the security requirements of the quantum computing era.
The technology is based on a solution for contactless data transfer between the electronic passport and the border checkpoint terminal. The solution is based on a quantum computer-resistant version of the Extended Access Control (EAC) protocol and also secures biometric data during authentication.
The system was created under the joint research project ‘PoQuID’, funded by the German Federal Ministry for Economic Affairs and Climate Action (BMWK).
This report published by the European Union Agency for Cybersecurity (ENISA) discusses quantum-resistant cryptographic algorithms and proposes to design new cryptographic protocols as well as to integrate post-quantum systems into current protocols.
