GeneralWhy the draft encryption policy was withdrawn by Indian govt

Why the draft encryption policy was withdrawn by Indian govt

The Indian government has withdrawn its draconian draft national encryption policy which could have put just about anyone in jail simply for using everyday services like WhatsApp, Viber or Google Chat. According to the controversial policy, everyone must store plain text versions of all such encrypted data on their device for 3 whole months, or 90 days.

Since popular messenger services come with encryption, citizens as well as government officials would be required to keep text versions of their online conversations on their phones, tablets or computers, for up to 90 days. During said period, security agencies under the government would be entitled to the information, if and when requested, according to the laws governing the country.

Man Working On Computer

In case anyone using an encryption service failed to submit their correspondence stored in plain text, they could face imprisonment. Secondly, the draft policy demands that businesses providing encryption applications need to register or enter into an agreement with the Indian government. This would bring a troublesomely high number of international and national companies under its purview.

According to the draft encryption policy, the government would also have the power to recommend the algorithms and key sizes for encryption. Even SSL/TLS encryption products used in net banking solutions and payment gateways recognized by the RBI fall under the guidelines. Amusingly enough, all of the suggestions are meant to improve the safety of individuals or business organizations.

Also see: Indian govt plays with free speech online, leads in Facebook content restriction requests

Storing plain text versions of encrypted content will do anything but enhance the security of people or companies. Whoever drew up the draft national encryption policy seems to have missed out this big detail. Telecom minister R S Prasad has asked DeitY (Department of Electronics and Information Technology) to rewrite it before putting it up for scrutiny and feedback by the public, says PTI.

The draft encryption policy was supposed to be filed under section 84 A of the Information Technology Act, 2000 through an amendment in 2008. Under sub-section 84 C, anyone who violates the Act can face a term in jail. If you think democratic governments wouldn’t have the power to pass such harsh laws, you probably don’t know that deleting your internet browser history is technically illegal in the US.

Related Articles

Latest Posts