“If the police know who I am, they will come down on me,” the 21-year-old commerce student said, “just like they did with my friends.”

In August, his close friend was summoned and questioned by the police for his posts on the popular microblogging site, Twitter, that were deemed as anti-national. The Jammu and Kashmir Police’s cyber cell had clamped down on Kashmiri Twitter users, muting the “resistance and anti-Indian” tweets, almost overnight.

Following the clampdown, many Kashmiris have either deactivated or restricted their Twitter accounts to a limited following. Many of these accounts — that the 21-year-old  had also been in touch with — have since migrated to Telegram “to talk freely”, he said.

It was the first time that this 21-year-old felt the need to take his views underground, an immediate fallout of the crackdown, due to the perceived surveillance from and fear of reprimand by the authorities. Though there is no conclusive data that points to a broader trend in the shift to encrypted chat applications, which have been in use since long, the circumstance suggests an eerie silence having taken over Kashmiris on Twitter.

“They didn’t harm me physically, I was psychologically caged,” the 21-year-old said of the arrests of Twitter users known to him. “See, we have arrested these people and now if you write something against the government, you are next.”

A quiet migration

In the post-August 2019 repression in Kashmir, social media, especially Twitter, had become the last avenue for Kashmiris to protest the Indian government’s regressive policies, including but not limited to the unilateral abrogation of J-K’s semi-autonomy.

However, the crackdown on social media using brute force has further choked the little breathing space that young Kashmiris had. The police, on its part, had claimed that it had received complaints that some Twitter users were threatened and blackmailed by “anonymous users” and that the police were identifying these users only. 

However, two Twitter users from Srinagar, who were summoned by the police, told The Kashmir Walla that they were quizzed about their “political ideology, militancy-affiliations, and why did they tweet against the government and police?”

One of these users, whose identity is being withheld, was the 21-year-old’s close friend. He claimed that he was “badly beaten up, mentally harassed” and in one instance, asked to “imitate a hen” — a form of punishment by humiliation by making the person squat and hold their ears seeking an apology — by the police. 

For the Kashmiri Twitterati, encrypted chat applications add an extra layer of security. But the paranoia that the government is reading their texts is permanent. “Before typing any text, I always think that they would be reading this,” said the 21-year-old. “Sensitive conversations like [about] encounters and our political ideas are now done on encrypted chats,” he added. 

“I don’t feel totally safe but feel better and secure than I did on Twitter, Instagram, and WhatsApp.”

And due to feared surveillance in the larger context — of tech-giants selling the consumers’ data — Aqib Mir, 24, a resident of the capital city of Srinagar, said that “for sensitive things” he uses codewords with friends even over encrypted chats. “We have come up with something as an alternative to words to talk privately so that nobody else knows,” said Mr. Mir. “No one wants to get into trouble.”

Existential threat to democracy?

By November 2019, the administration in J-K had only resumed fixed-line internet services after subscribers signed a legal bond to give up their privacy to the government agencies–subscribers signed bonds granting full access to data by the government and also barred the upload/download of any “encrypted file”.

The following year, mobile-internet was resumed, albeit restricted to slow internet speed, with the entire spectrum of the internet, including social media, blacklisted initially and the use of VPNs made a punishable crime.

A simultaneous crackdown on the press in Kashmir has also pushed many journalists to restrict their public interactions, taking to encrypted chats to discuss issues privately. “I believe in a conflict zone like Kashmir where surveillance is a reality, using encrypted chat services is a safer option to protect one’s right to privacy,” a journalist in Srinagar said, requesting anonymity. “Everyone has the fundamental right to privacy and no entity, state or non-state actor can violate it.”

But how safe are our chats? 

The world is increasingly resembling a panopticon. Governments across the world monitor its citizens’ online activity and track their movements, but so do the corporates that mine and sell user data. 

WhatsApp is, perhaps, the single most widely used chat application that claims to be end-to-end encrypted; however, it is believed to be only as safe as the admission of issues by Mr. Zuckerbeg, who owns the application through Facebook. 

Whilst Telegram is still not considered as reliable since conversations on the application aren’t end-to-end encrypted by default–the user has to select the Secret Chat feature to ensure privacy, Signal has been tried and tested. 

In 2016, the chat application withstood a subpoena request for its data in the United States of America: the only information it could provide was the date the accounts in question were created and when they had last used the application. Signal told the US government that it does not store messages or contacts on its servers, so it cannot be forced to give copies of that information. 

Signal has also been recommended by Edward Snowden — who was instrumental in taking the lid off the US’s massive surveillance project — and other privacy advocates. 

Still, the major threat to users’ privacy in end-to-end encryption remains if a third-party gets physical access to the user’s gadgets. To make your data more secure, Mr. Suggal advised to make sure sensitive information and important data are encrypted not only on chat applications but on smartphone and storage devices too.

However, how far are these safety measures effective in the real world are a different matter. As encryption technology has advanced, those wishing to pry have also innovated spying software that bypass the need to break encryption codes by compromising the target’s phones itself.

An example was the targeting of Indian journalists and human rights activists using Israeli spyware, Pegasus. WhatsApp, which has nearly 400 million users in India as of October 2019, publicly acknowledged 1,400 targets were spied upon by unnamed entities, believed to be the Indian government.

Talking to The Kashmir Walla, Pavan Duggal, Chairman of International Commission on Cyber Security Law, and a cyber law expert, said that the legal proposition in India is very grey. “The Government of India has so far not come up with a specific policy to deal with the encryption,” he said. 

So how does India deal with encryption, legally? Mr. Duggal, who is also an advocate in the Supreme Court with specialisation in cyber-law, said: “The powers of confiscation have been given to law enforcement agencies under section 76 of Information Technology Act 2000. You don’t have a right in that case, per se. But if the information is encrypted, the appropriate agency of the government has been given power under the act to ask you to decrypt the encrypted information; if you do not decrypt the said information that will tantamount to an offense under the Act.” 

However, there are rules to that as well. “The agency needs to give you specific written directions, it has to give a reason why it is giving you direction to decrypt any information,” he said. “There are only certain specific grounds where these directions can be written, these are in the interest of integrity and sovereignty of India; public order; preventing the incitement of any cognizable offence.” 

“The law does not give a presumption that encryption is used for criminal activity,” he added. And in the public domain, there is no information available on successful prosecution for using encryption because the law doesn’t criminalize encryption, said Mr. Duggal.

“If you are careful and diligent about your data,” he said, “that helps you to be more secure from unauthorised surveillance from state and non-state actors.” 

Whilst on the ground, the 21-year-old commerce student said, “when the police ask for your password, you [have to] give it. Kashmiris have no rights at that time”.

“It is… it is a hopeless situation,” he said.

The cover story originally appeared in our 21-28 September 2020 print edition.