What is the national encryption policy?
- As stated in the proposed draft, the policy demands all the citizens to store plain-texts of encrypted information for 90 days from the date of implemention.
- In order to meet the demands of law and concerned department, users should be able to produce the plain-text whenever required.
- The responsibility of regulating algorithms and key sizes for encryption will rest with Indian government only.
Encryption: meaning and history
Encryption refers to modification of the electronic data into a form that can be read by the person who knows translation of codes. Julius Caeser used this technique to shuffle letters, during the Roman Empire.
Need for encryption
- As the policy states, it aims at providing the privacy of information to the citizens and the protection of business related data.
- Another reason behind this policy is to establish coherence, credibility and stability among various information networks and systems.
- However, the fact that few other parts of the policy contradict its sole primary purpose, can't be overlooked.
Government to soon regulate encryption standards
22 Sep 2015
- Soon after the National Encryption Policy is put into effect, removing whatsapp and google hangout messages will be counted as illegitimate.
- The online businesses will be asked to keep the confidential information of users, like passwords by saving as plain text.
- The policy has been framed by a body working under the Department of Electronics and Information Technology (DeitY).
Encryption policy: A cause of concern
- The range of services Indian citizens can access gets narrow as they can only use those services, whose vendors have registered in India.
- Deleting messages from applications like Whatsapp becomes illegal.
- Storage of all the data is practically not as easy as ABC.
- One of the major reasons for resentment of this scheme is that it violates the privacy of netizens.
Scheme for execution of policy
- Soon, the formation of an administrative group to monitor the implementation of the policy, will be seen.
- The agency will specialize in agreement of the service providers and the government to ensure proper registration as well as evaluation of the encrypted products.
- The policy instructs that export of encrypted products would be carried only after the approval of the designated group.
Legal dimension in information technology
- Indian law system readily allows such measures to be implemented.
- Information technology act has been formulated, that paves way for establishment of such policies. For encryption, sec 84A and for decryption, sec 69 have been added.
- Moreover statements listed in IT act don't restrict themselves to this zone of coding or decoding only. They meticulously define specialised technical-terms like hashing algorithms, digital signatures etc.
Draft open to suggestions
- The draft of the policy has been published on the internet in order to seek suggestions and viewpoints of individuals.
- The email id email@example.com is open to receive comments and suggestions by netizens till October 16.
- Pranesh Prakash calls the scheme as a "bad idea conceived by people who do not understand encryption."
- Raman Singh, the policy director, Access says this policy corrodes security.
Encryption controversy: Social media and whatsapp exempted
22 Sep 2015
- As the draft of the proposed encryption policy was made public, there was a huge outrage among the netizens.
- The government has immediately clarified that whatsapp and other social media sites, banking services and e-commerce platforms will be exempted.
- These businesses are however expected to store all communication in encrypted and plain-text form; they are expected to share the security-key with government when asked.
India's draft encryption policy: WhatsApp and iMessage may not feel the same if it passes through! Tech2 Mobile
Draft National Encryption Policy put up online for public comment, experts worried - The Times of India