[liberationtech] on end-to-end encryption(over the case of WhatsApp facing legal battle in India)

[Isaac M]

E2EE is almost a norm already around the "free world", except it's not. Now
WhatsApp faces the legal battle in India over end-to-end encryption,
defying the IT Rules/2021 that demand traceability of messages. Similarly,
the bill in the US extends FISA's warrantless surveillance for two more
years amid heated debates over privacy rights and national security.

The paradox is, do big techs really care about users' privacy? No, they
only care about consumers. But if we don't side with them in this case,
users will leave them(including tens of millions Whatsapp users from highly
censored countries like China, North Korea and Iran, etc.
<https://here.news/story/58001e6b?ver=0.05>). It's not the scenario we want
to see as well, regardless if they are big techs or not. The aggression of
the government will eventually touch the interest of civil technologies(the
underlying PKI so to speak).

Ironically, Communist China sympathizers who love to chant how innovative
WeChat are, given the app never has a day of E2EE, are laughing at the US
and India now. whataboutism is not intended.

https://here.news/story/48fd69b2?ver=0.06
WhatsApp's Standoff with Indian Government over End-to-End Encryption2024-04-30
10:33:21.524000
1  The Economic Times
<https://m.economictimes.com/tech/technology/ettech-explainer-whatsapps-standoff-with-centre-over-end-to-end-encryption/articleshow/109724865.cms>
2  Mirage News
<https://www.miragenews.com/is-ai-enhanced-cloud-based-personal-health-1221467/>
3  The Mandarin
<https://www.themandarin.com.au/243728-department-of-health-spruiks-data-sharing-and-interoperability/>
4 guernseypress.com
<https://guernseypress.com/news/2024/03/28/digital-health-records-system-set-to-arrive-within-budget/>
5  investorsinhealthcare.com
<https://www.investorsinhealthcare.com/articles/category/legal/patient-passports-and-data-privacy-a-legal-perspective-on-landmark-election-pledge-for-digital-healthcare-from-browne-jacobson/>
6  Mirage News
<https://www.miragenews.com/fears-rise-as-new-laws-threaten-nhss-whatsapp-1157285/>

WhatsApp is facing a standoff with the Indian government over end-to-end
encryption. The government has implemented the Information Technology (IT)
Rules, 2021, which require traceability of messages to identify the 'first
originator'. WhatsApp has argued that breaking encryption would violate
users' right to privacy and has stated that it would have to cease
operations in India if forced to comply with the rules. The company is
seeking judicial intervention to challenge the rules as unconstitutional.
The government, on the other hand, contends that WhatsApp cannot claim to
protect privacy while not complying with the rules, as it could impede law
enforcement agencies' ability to track fake messages 1.

This standoff has raised concerns about the security of patient data in the
healthcare sector. WhatsApp is one of the most popular messaging apps used
by the NHS in the UK. However, new laws in the UK, such as the Online
Safety Act and an amendment to the Investigatory Powers Act, could lead to
government surveillance of all encrypted messaging, including WhatsApp. If
WhatsApp is restricted or forced to withdraw its services from the UK,
there are concerns about the impact on healthcare communication among
workers and patient care. Some experts suggest that an end-to-end encrypted
NHS-approved app linked to NHS mail could have avoided this problem. Major
tech companies, including Meta (owner of WhatsApp and Facebook), Apple, and
Signal, have warned that these requirements may lead them to withdraw their
services from the UK 6.

In addition to the concerns over WhatsApp's encryption, the Labour Party in
the UK has pledged to introduce 'patient passports' if they win the next
election. The proposal aims to consolidate patients' medical records into a
single digital repository, accessible to both the individual patient and
medical professionals involved in their treatment. This initiative
addresses the issue of interoperability and is likely to receive public
support. Countries like Australia have already implemented similar systems,
such as the My Health Record platform, which provides patients with a
comprehensive health record accessible digitally. Privacy and data
protection are crucial considerations for the success of a patient passport
system. Establishing a culture of compliance and ensuring public trust are
essential. Efforts should be made to include patients who may face barriers
to accessing patient passports, such as language barriers or digital
literacy issues. Maintaining an equitable healthcare landscape is vital.
The use of data held by the NHS for research purposes should be
transparent, and individuals should have the right to opt out. Security is
a significant challenge for a data-rich system like patient passports, and
contingency plans must be established to ensure healthcare continuity in
case of system failure. Despite the challenges, patient passports offer
opportunities for driving efficiencies and improving health outcomes 5.

Meanwhile, in Guernsey, a new digital system for patients' health records
is expected to cost nearly £3m less than the maximum budget approved by the
States four years ago. The cost of creating a single electronic record for
each patient was initially estimated at £15-20m. The programme, which has
incurred expenditure of £5.1m to date, is on track to be delivered within
the agreed cost envelope of £17.3m. The electronic patient record programme
was originally aiming for a March 2024 launch, but the timeline was updated
to the fourth quarter of 2024. The new system will be provided by IMS
Maxims and the Access Group, with training starting in August and operation
commencing in October 4.

The Department of Health and Aged Care in Australia is in the process of
digitizing its operations. The department has implemented a universal
digital health record called MyHealth Record, which aims to provide
healthcare providers with a single authoritative source of patient
information. Approximately 90% of the Australian population has enrolled in
the system, despite concerns about cybersecurity. The digitization process,
which began in 2021, is expected to continue until at least 2025. The
department is exploring the use of personal sensors and wearable health
devices, such as remote fetal monitors, to enhance patient care.
Interoperability and the potential for artificial intelligence and emerging
technologies in the healthcare sector are also being considered 3.

In a global context, a recent study conducted at the Karolinska University
Library examined the technical and security conditions for a cloud-based,
blockchain-protected, encrypted, patient co-owned personal health record
(PHR) platform. The study found a lack of prior publication on patient
co-ownership of health data or PHRs, and an absence of a global standard in
this area. The study emphasized the importance of patient co-ownership of
health data and suggested that it could represent a new human rights
entity. The study also highlighted the potential of a globally distributed,
homomorphically encrypted, and blockchain-protected PHR where patients are
co-owners. The study is part of a series of articles on the topic, which
includes a global survey, a review of ethics and regulations, a Delphi
Summit, and a technical GPOC Sandbox. The study was conducted by Dr. Niklas
Lidströmer at the Karolinska Institutet 2.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ghserv.net/pipermail/lt/attachments/20240501/c33ecfe2/attachment.htm>