[Software] Intermediary Liability and Why Free Speech in Software Matters

[#Drennn.]

There is an emerging consensus that the new Intermediary Guidelines and Digital Media Ethics Code rules are against the idea of free speech. Even the normally reticent Editors Guild has issued a statement, airing its concerns about how these new rules will undermine media freedom in the country. Equally important though is how the IL guidelines follow a 50 year trend of nation states trying to limit access to cryptography and encryption technology for the general public. The United States tried to limit access to cryptography in the late 90s when the cypherpunks stopped this attempt by fighting for free speech in software. When restrictions were put to not allow cryptographic code to be exported abroad, the cypherpunks printed code on t-shirts to bypass and export crypto to the rest of the world. The end-to-end encryption protocol that we depend on today is an outcome of a 50 year resistance movement, started by the cypherpunks, to protect the sanctity of whispers from prying ears. One way to think about the Narendra Modi government’s  IL guidelines is that it is trying to ban whispers completely in the realm of conversations by effectively logging every whisper forever in the form of a permanent record. The issue hence is not just about free speech in the media, but also about free speech in software. At a fundamental level, there is no difference between writing ‘code’ and publishing it and writing opinions and publishing books. The new intermediary guidelines mandating traceability should be seen as an attempt to dictate how messaging apps use cryptography. It is a form of free speech restriction applicable on a technical domain.

There is an emerging consensus that the new Intermediary Guidelines and Digital Media Ethics Code rules are against the idea of free speech. Even the normally reticent Editors Guild has issued a statement, airing its concerns about how these new rules will undermine media freedom in the country. Equally important though is how the IL guidelines follow a 50 year trend of nation states trying to limit access to cryptography and encryption technology for the general public. The United States tried to limit access to cryptography in the late 90s when the cypherpunks stopped this attempt by fighting for free speech in software. When restrictions were put to not allow cryptographic code to be exported abroad, the cypherpunks printed code on t-shirts to bypass and export crypto to the rest of the world. The end-to-end encryption protocol that we depend on today is an outcome of a 50 year resistance movement, started by the cypherpunks, to protect the sanctity of whispers from prying ears. One way to think about the Narendra Modi government’s  IL guidelines is that it is trying to ban whispers completely in the realm of conversations by effectively logging every whisper forever in the form of a permanent record. The issue hence is not just about free speech in the media, but also about free speech in software. At a fundamental level, there is no difference between writing ‘code’ and publishing it and writing opinions and publishing books. The new intermediary guidelines mandating traceability should be seen as an attempt to dictate how messaging apps use cryptography. It is a form of free speech restriction applicable on a technical domain.

Forward secrecy is quite useful against nation state adversaries like China, who can intercept all your messages by breaking into the telecom infrastructure and can afford to store them for a very long time till it can crack the encryption keys or obtain it forcefully from your phone, by use of physical force. Weakening encryption affects everyone and especially when your adversaries have more advanced cyber operations.

Forward secrecy becomes more achievable, when past messages are automatically deleted after some time, so that no one can access them even when your phone is lost or forcefully taken. Disappearing messages hence have become a standard feature in both the Signal messenger and in WhatsApp, just like how secrets whispered in another person’s ear, die out in the wind. This applies even when you send messages in a group, and message copies are deleted from every other device, thus enhancing your privacy and also allow you to speak your mind freely without any inhibitions and within a group of your own choosing. Unlike Twitter and Facebook, which create a public sphere for sharing viewpoints and for influencing  people, messaging platforms are primarily used by individuals and groups for personal communication. It is a given that some of these groups and conversations will be criminal in nature and this segment of users would be no different than a set of like-minded people who would talk about crime after congregating inside a closed room. Law enforcement handled such activities by either infiltrating such groups or by accumulating evidence and prosecuting them for crimes committed, but did not demand all property owners of closed rooms to record everything told within its confines, so that they can identify the speaker of every word. By ordering the messaging applications to change their encryption methodology to find the first originator of a particular message, the government is forcing them to store hash values of every message and its user. This hashing of every message would effectively mean seeing the content of the messages once requested by law enforcement For end-to-end encryption to provide privacy by default, platforms are required to store as minimal data as possible. Signal does not store any metadata about users, except their data of joining and last date of accessing the platform and encrypts everything else, which only users can decrypt. WhatsApp however stores metadata, which it hands over to law enforcement when demanded, along with IP addresses and other device identifiers. How useful can this metadata be for law enforcement?  Well, it was enough to help prosecute an ISIS recruiter in the US. Also read: What Regulatory Changes Are on the Anvil for Social Media Platforms, Digital Media? The specific feature that converts whispers uttered in a closed room into a broadcasting mechanism that can fuel a misinformation and fake news binge – which is what the government should really be worried about – is the ‘forward message’ functionality. In the past, WhatsApp has tried to add friction to this, by specifically slowing the spread of messages through the introduction of forwarding limits, while still not going the full hog by allowing people to choose whether a message should be private within the group by default. It did so because there exist many unauthorised spinoffs of its client app, that simply use copy-paste of the message text and deploy the download-store-post sequence that work around these limits.