News

The policy that critics describe as "draconian" seeks to encourage use of encryption or conversion of electronic data into another form, and intends to put regulations in place for the purpose.

As it appears from the policy proposals, the government  will have access to all encrypted information, including personal emails, messages or even data stored on a private business server. 

 

 The Draft National Encryption Policy wants users to store all encrypted or scrambled text communication for at least 90 days and make it available to security agencies, if required, in text form. It also wants everyone to hand over their encryption keys to the government.

The language of the proposal thrown open to the public for feedback alarmed  experts.

Buckling under public pressure the Department of Electronics & Information Technology (DeitY) has  issued an addenum to the original draft clarifying that "mass use encryption products, which are currently being used in Web applications, social media sites, and social media applications such as Whatsapp, Facebook, Twitter," will be exempted, along with "SSL/TLS encryption products being used in Internet - banking and payment gateways as directed by the Reserve Bank of India."

The draft from a department of the IT Ministry also states that service providers  located within and outside India, using encryption technology for providing any type of services in India must enter into an agreement with the Government for providing such services in India.

This means thousands of companies around the world providing such services will be required to enter into an agreement with the Indian government, something that experts think is unrealistic.

The policy also requires businesses and users to store communication in both unencrypted and encrypted forms. This defeats the very purpose of encryption.