'Fingerprint techniques to locate originator of message not absolute, vulnerable to impersonation'

indianexpress.com
3 min read
fairly difficult
While WhatsApp and Signal do not keep a log of who users are messaging, the argument is also made for a digital signature or a unique hash ID to be added to each message. But this might not be a fool-proof method, argue experts.
Information Technology Rules 2021 notified this February this year invoke a number of new guidelines for social media intermediaries. But one controversial aspect is that these new rules could require social media intermediaries, especially messaging apps such as WhatsApp, to locate the originator of the message if required by the authorities.

Civil society and internet experts have said this could negatively impact end-to-end encryption on messaging apps such as WhatsApp, Signal and others, which deploy such technology. While WhatsApp and Signal do not keep a log of who users are messaging, the argument is also made for a digital signature or a unique hash ID to be added to each message.

But is this digital fingerprinting a reliable technique when it comes to locating an originator of a message? We spoke to Rajnesh Singh – Regional Vice President Asia-Pacific at the Internet Society and here's what he had to say. Here are the edited responses from an email interaction.

What are the challenges with fingerprinting messages? Can it negatively impact end-to- end encryption or can it be preserved?

Fingerprinting techniques like digital signatures are not absolute and vulnerable to impersonation. There's a risk that innocent users may be implicated in illegal conduct by cyber criminals that impersonate the sender. An attacker who accesses a company's digital signature system can potentially see when a particular user is sending a message – by receiving and…
Shruti Dhapola
Read full article