---
layout: default
title: "Daunting Task Ahead for Investigative Agencies with WhatsApp's End-to-End Encryption"
description: "An Economic Times report examining the implications of WhatsApp's rollout of end-to-end encryption for over 1 billion users on law enforcement capabilities in India, featuring expert commentary from Sunil Abraham on metadata's investigative value, Prasanth Sugathan on privacy safeguards, and Arun Mohan Sukumar on data protection policy imperatives."
categories: [Media mentions]
date: 2016-04-08
source: "The Economic Times"
authors: ["Neha Alawadhi"]
permalink: /media/daunting-task-ahead-for-investigative-agencies-with-whatsapps-end-to-end-encryption/
created: 2025-12-15
---

**Daunting Task Ahead for Investigative Agencies with WhatsApp's End-to-End Encryption** is a report published in *The Economic Times* on 8 April 2016, written by Neha Alawadhi. The article analyses WhatsApp's implementation of end-to-end encryption for its over 1 billion users and the resulting challenges for Indian law enforcement and intelligence agencies, featuring commentary from Sunil Abraham on investigative workarounds through metadata and device compromise, Prasanth Sugathan on the absence of privacy safeguards, and Arun Mohan Sukumar on data protection policy gaps.

## Contents

1. [Article Details](#article-details)  
2. [Full Text](#full-text)  
3. [Context and Background](#context-and-background)  
4. [External Link](#external-link)

## Article Details

<dl class="media-details">
  <dt>📰 Published in:</dt>
  <dd><em>The Economic Times</em></dd>

  <dt>✍️ Author:</dt>
  <dd>Neha Alawadhi</dd>

  <dt>📅 Date:</dt>
  <dd>8 April 2016</dd>

  <dt>📄 Type:</dt>
  <dd>Report</dd>

  <dt>📰 Newspaper Link:</dt>
  <dd>
    <a class="btn" href="https://economictimes.indiatimes.com/tech/internet/daunting-task-ahead-for-investigative-agencies-with-whatsapps-end-to-end-encryption/articleshow/51735387.cms">Read Online</a>
  </dd>
</dl>

## Full Text

<div class="highlighted-text" id="fulltext">

<p><strong>Synopsis</strong><br>
A service that is encrypted end-to-end cannot be monitored or intercepted. No one, except the people or groups communicating with each other, can access the data.</p>

<p>NEW DELHI: Messaging service WhatsApp's decision to roll out end-to-end encryption for over 1 billion subscribers has been hailed as a positive step by users across the world, although things are set to get tougher for law enforcement and investigative agencies in India seeking to track terrorists.</p>

<p>"It was anyway difficult to get any kind of data from WhatsApp and now it is going to be even more difficult," said a person familiar with the working of these agencies who did not wish to be identified.</p>

<p>Encryption scrambles data such as text messages, photos and documents and makes them unintelligible for unintended recipients. A service that is encrypted end-to-end cannot be monitored or intercepted. No one, except the people or group communicating with each other, can access the data. If telecom companies, Internet providers or even companies that run messaging services try to intercept the message, all they would get is garbled data.</p>

<p>While chats will not be accessible, associated information known as metadata will be available, such as when the conversations took place, the identities of senders and recipients, their locations, mobile numbers, profile photos and address books, which may be useful for security agencies.</p>

<p>"Definitely for law enforcement it means a big headache, but the metadata is there and with metadata, if you have a couple of other bits of information, you can piece it together," said Sunil Abraham, executive director at Bengaluru-based research organisation Centre for Internet and Society. "Agencies can get the metadata, but they won't get the payload unless they're able to compromise the device. And that intelligence agencies like NSA (National Security Agency of the US) have been able to do in the past."</p>

<p>While encryption offers privacy and security to users, it is the bane of law enforcement agencies globally, as exemplified most recently and notably by the Apple-FBI dispute in the US. The Federal Bureau of Investigation (FBI) asked Apple to weaken its encryption to access a dead terrorist's iPhone data and after the company refused, hacked into the device with help from a third party.</p>

<p>In India, it is difficult to bring US-based companies to the negotiating table. "We have had minimum cooperation from WhatsApp. All the data is controlled in the US and they rarely hand over the data that we request. We don't ask them for content. We only ask for metadata," said another person familiar with the process who declined to be identified.</p>

<p>While the Indian IT Act gives wide-ranging powers to the government to ask for access to encrypted information, very few requests for information take the legal route. One reason is the long time that it takes to process such requests – on average, over three years – and the other, especially in the case of WhatsApp, is little or no cooperation, according to government officials.</p>

<p>WhatsApp, based in Mountain View, California, did not respond to an email request for comment. The messaging company was acquired by Facebook in 2014.</p>

<p>How security and investigative agencies in India use the data they access is also a grey area. "We do not have a privacy legislation here which will take care of the concerns that people have with respect to use of data. If the government needs to have access to communications, they also need to ensure there are adequate safeguards in place," said Prasanth Sugathan, counsel at Software Freedom Law Centre.</p>

<p>"In practice, end-to-end encryption will bring the end user and the device into focus, rather than WhatsApp or any particular messaging service. This should be a trigger for greater clarity on India's data protection policy," said Arun Mohan Sukumar, who heads the cyber security and internet governance initiative at think tank Observer Research Foundation.</p>

<p>In India, requests for information from companies such as WhatsApp and Google are handled by the Ministry of Home Affairs or the Indian Computer Emergency Response Team. Emails to both were unanswered at the time of going to print.</p>

<p>The Indian government was involved in a long-standing dispute with BlackBerry over access to encrypted data on its messenger and corporate email service. BlackBerry set up servers in Mumbai to comply with local regulations, but said it could not access encrypted data on its enterprise servers.</p>

</div>

<button class="copy-btn-full" data-copytarget="#fulltext">Copy Full Text</button>

{% include back-to-top.html %}

## Context and Background

This 2016 report documented Indian law enforcement's anxieties over WhatsApp's deployment of default end-to-end encryption, which rendered message content unreadable to intermediaries and government agencies alike. The timing was significant: WhatsApp's encryption rollout coincided with heightened global debates following the San Bernardino iPhone case, where the FBI unsuccessfully sought to compel Apple to create backdoor access. Indian security officials' concerns reflected broader tensions between privacy protections and surveillance capabilities that jurisdictions worldwide were navigating.

Sunil Abraham's distinction between message content ("payload") and metadata proved analytically important. Whilst encryption blocked access to communications substance, metadata—timestamps, participant identities, location data, contact lists—remained potentially accessible and could enable pattern-of-life analysis, network mapping, and circumstantial reconstruction of activities. His reference to NSA device compromise capabilities highlighted that sophisticated state actors increasingly targeted endpoints (physical devices) rather than encrypted transmission channels, shifting the locus of vulnerability from network infrastructure to individual smartphones.

The article's documentation of minimal WhatsApp cooperation with Indian authorities and three-year average processing times for legal requests exposed practical enforcement gaps. The IT Act's theoretical powers to demand decryption keys meant little when facing US-based companies subject to different legal regimes and unwilling to maintain decryption capabilities. This jurisdictional asymmetry—Indian agencies lacking effective coercive mechanisms over foreign technology firms—persisted as a recurring theme in subsequent policy debates around data localisation and intermediary liability.

Prasanth Sugathan's observation that India lacked privacy legislation regulating government data use highlighted a fundamental imbalance: whilst authorities demanded exceptional access to communications, no statutory framework constrained how agencies handled, retained, or shared intercepted information. This absence of procedural safeguards meant debates over encryption access occurred without clarity on oversight mechanisms, judicial review standards, or remedies for improper surveillance. Arun Mohan Sukumar's call for data protection policy clarity acknowledged that encryption's spread necessitated clearer frameworks distinguishing legitimate security needs from overreach.

The article's reference to India's protracted BlackBerry dispute contextualised WhatsApp tensions within longer-running conflicts over encrypted enterprise communications. BlackBerry's 2010s negotiations with Indian authorities, which resulted in Mumbai server deployment but continued disputes over enterprise email access, demonstrated encryption debates' recursive nature. Each technological advance—from proprietary messaging to mainstream consumer encryption—triggered renewed regulatory demands that companies resist, claiming architectural inability to comply.

## External Link

- <a href="https://economictimes.indiatimes.com/tech/internet/daunting-task-ahead-for-investigative-agencies-with-whatsapps-end-to-end-encryption/articleshow/51735387.cms">Read on The Economic Times</a>

<style>
.media-details {
  background: #f9fbfe;
  border: 1px solid #d8e2f0;
  border-radius: 10px;
  padding: 1.2rem 1.4rem;
  max-width: 700px;
  margin: 1.2rem auto;
  font-size: 0.96rem;
  line-height: 1.5;
  color: #333;
  box-shadow: 0 2px 4px rgba(0,0,0,0.04);
}
.media-details dt { font-weight: 600; color: #1b2a49; margin-top: 0.7rem; }
.media-details dd { margin: 0 0 0.3rem 0.3rem; color: #555; }
.highlighted-text {
  background-color: #fffbea;
  border-left: 4px solid #f2ce61;
  padding: 1rem 1.2rem;
  border-radius: 8px;
  line-height: 1.65;
  color: #333;
  margin-bottom: 0.8rem;
}
.highlighted-text p { margin-bottom: 1rem; }
.copy-btn-full {
  display: inline-block;
  background: #f1f1f1;
  border: 1px solid #ccc;
  font-size: 0.85rem;
  padding: 0.4rem 0.8rem;
  border-radius: 6px;
  cursor: pointer;
  transition: background 0.2s ease;
  margin-bottom: 1.5rem;
}
.copy-btn-full:hover { background: #e5e5e5; }
.copy-btn-full:focus { outline: 3px solid #ffbf47; outline-offset: 2px; }
</style>

<script>
document.addEventListener('DOMContentLoaded', () => {
  document.querySelectorAll('.copy-btn-full').forEach(btn => {
    btn.addEventListener('click', async () => {
      const target = document.querySelector(btn.getAttribute('data-copytarget'));
      if (!target) return;
      try {
        await navigator.clipboard.writeText(target.innerText.trim());
        const original = btn.textContent;
        btn.textContent = 'Copied!';
        setTimeout(() => (btn.textContent = original), 1500);
      } catch (e) {
        btn.textContent = 'Copy failed';
        setTimeout(() => (btn.textContent = 'Copy Full Text'), 1500);
      }
    });
    btn.addEventListener('keydown', (ev) => {
      if (ev.key === 'Enter' || ev.key === ' ') {
        ev.preventDefault();
        btn.click();
      }
    });
  });
});
</script>