A class action lawsuit in the US alleges WhatsApp and Meta can access user messages despite claims of end-to-end encryption.
The lawsuit includes plaintiffs globally, including one from India, representing WhatsApp users from April 2016 onwards (excluding US, Canada, and Europe).
The suit claims Meta uses a "kleptographic backdoor" to bypass encryption, citing past privacy breaches like the Cambridge Analytica scandal.
WhatsApp head Will Cathcart denies the allegations, stating encryption keys are stored on users' phones and inaccessible to WhatsApp.
Detailed Insights:
The lawsuit contrasts with WhatsApp's legal challenge in the Delhi High Court against India's 2021 IT Rules, which require identifying the "first originator" of information.
WhatsApp argues that complying with the IT Rules would force it to break end-to-end encryption, but the US lawsuit alleges this encryption is already compromised.
If the US allegations are proven true, it would weaken WhatsApp's defense in the Delhi HC and could lead to penalties under India's Digital Personal Data Protection Act, 2023.
WhatsApp had cited the Supreme Court's Puttaswamy judgment in its Delhi HC petition, which recognizes privacy as a fundamental right, arguing that tracing message originators would violate this right.
Key Concepts Involved:
End-to-end encryption: A method of securing communication where messages are scrambled on the sender's device and only decrypted on the recipient's device.
Kleptographic backdoor: A secret method to bypass encryption, allegedly used by Meta to access private messages.
Digital Personal Data Protection Act, 2023: Indian law governing the processing of personal data, with provisions for penalties for unauthorized data processing.