A few hours earlier, WhatsApp presented text encryption feature within the app. This feature would allow by default, the whole chat/conversations to be encrypted, provided the latest update is downloaded . However, if Indian IT Laws are anything to go by, 256 encryption feature makes WhatsApp illegal in India. The reason? Well, the encryption technicalities are “unrecognized” by Indian Law, Yet.
Although, given the wide spread utilization WhatsApp has, the government may not go after it, but in theory it can very well declare the chat app illegal. None of the Indian IT-related regulations permit 256-bit encryption in private services. Although, none of them also specifically outlaw it. But there are some guidelines issued by Department of Telecommunications, which the government can use to term WhatsApp illegal.
According to rules issued by DoT in 2007, License Agreement for Provision of Internet Service (including Internet Telephony) mandates that private parties in India cannot use encryption that is higher than 40-bits without explicit permission from the government.
Also, the permission is granted only if the entity that intends to use encryption submits decryption keys to the government, which in the case of WhatsApp is going to be impossible because it has implemented the encryption in a way where even WhatsApp is excluded from owning the keys.
Now, the interesting bit here is that WhatsApp is not an ISP and neither it needs any DoT licence to offer its services in India. So it is not clear if the encryption rules formulated by DoT apply on it or not. Although, due to the lack of clarity in this matter, if the government wants, it can clearly chase WhatsApp out of the country with its 40-bit stick.
India is, however, in the process of formulating some sort of coherent encryption policy. Last year, the government floated a draft proposal for the use of encryption in India. However the draft was unacceptable in its structural phase, and had to be pulled back. One of the suggestions in the draft was that people using encrypted services will be asked to keep the decrypted data for at least 90 days. If such ideology again arises, it will definitely make the WhatsApp illegal, especially after its decision to turn on strong encryption by default for all users across the world.