Encryption controversy: Social media and whatsapp exempted
As the draft of the proposed encryption policy was made public, there was a huge outrage among the netizens. The government has immediately clarified that whatsapp and other social media sites, banking services and e-commerce platforms will be exempted. These businesses are however expected to store all communication in encrypted and plain-text form; they are expected to share the security-key with government when asked.
What is the national encryption policy?
As stated in the proposed draft, the policy demands all the citizens to store plain-texts of encrypted information for 90 days from the date of implemention. In order to meet the demands of law and concerned department, users should be able to produce the plain-text whenever required. The responsibility of regulating algorithms and key sizes for encryption will rest with Indian government only.
Encryption: meaning and history
Encryption refers to modification of the electronic data into a form that can be read by the person who knows translation of codes. Julius Caeser used this technique to shuffle letters, during the Roman Empire.
Need for encryption
As the policy states, it aims at providing the privacy of information to the citizens and the protection of business related data. Another reason behind this policy is to establish coherence, credibility and stability among various information networks and systems. However, the fact that few other parts of the policy contradict its sole primary purpose, can't be overlooked.
Government to soon regulate encryption standards
Soon after the National Encryption Policy is put into effect, removing whatsapp and google hangout messages will be counted as illegitimate. The online businesses will be asked to keep the confidential information of users, like passwords by saving as plain text. The policy has been framed by a body working under the Department of Electronics and Information Technology (DeitY).
Encryption policy: A cause of concern
The range of services Indian citizens can access gets narrow as they can only use those services, whose vendors have registered in India. Deleting messages from applications like Whatsapp becomes illegal. Storage of all the data is practically not as easy as ABC. One of the major reasons for resentment of this scheme is that it violates the privacy of netizens.
Scheme for execution of policy
Soon, the formation of an administrative group to monitor the implementation of the policy, will be seen. The agency will specialize in agreement of the service providers and the government to ensure proper registration as well as evaluation of the encrypted products. The policy instructs that export of encrypted products would be carried only after the approval of the designated group.
Legal dimension in information technology
Indian law system readily allows such measures to be implemented. Information technology act has been formulated, that paves way for establishment of such policies. For encryption, sec 84A and for decryption, sec 69 have been added. Moreover statements listed in IT act don't restrict themselves to this zone of coding or decoding only. They meticulously define specialised technical-terms like hashing algorithms, digital signatures etc.
Draft open to suggestions
The draft of the policy has been published on the internet in order to seek suggestions and viewpoints of individuals. The email id email@example.com is open to receive comments and suggestions by netizens till October 16. Pranesh Prakash calls the scheme as a "bad idea conceived by people who do not understand encryption." Raman Singh, the policy director, Access says this policy corrodes security.