News Karnataka
Thursday, March 28 2024
Cricket
India

WhatsApp controversy: Draft for national encryption policy withdrawn

Photo Credit :

New Delhi: The Indian government has withdrawn a draft encryption policy after public uproar over the proposed measures. IT Minister Ravi Shankar Prasad said the proposals were released to the public without his knowledge.

He said that any new rules will not impact individual users, and the government is committed to protecting and promoting the freedom of social media. He added that the draft was poorly worded, and is being reworked.

The new law would have forced Indians to store plain-text versions of their encrypted data for 90 days and make it available to security agencies.

The draft policy sparked outrage on social media, as most messaging services use some form of encryption.
The encryption policy was proposed to enhance information security in India.

On Monday night the government exempted social media applications from the draft policy after social media outrage.
The “draft encryption policy is not the final view of the government. It will be redrawn to specify who it will apply to,” Mr Prasad told reporters on Tuesday.

He said the purpose of the policy was “not related to social media messaging platforms used by the common man.”
The draft said Indians have until 16 October to weigh in on the proposed measures, and the government had said that the final policy would only be drafted after all feedback is taken into account.

Plain text files like a Word document or email are not encrypted and can be read by anyone.

Earlier Report: Govt exempts WhatsApp from purview of encryption policy

Shortly after a controversy erupted over government’s proposal to investigate on every message that an individual will send via WhatsApp, SMS, or Google Hangouts, the Department of Electronics and Information Technology clarified in a draft that social media websites and applications will be exempted from the purview of the Encryption Policy.

According to the draft posted by Deity, there are certain categories of encryption products that will be exempted from the purview of the draft national encryption policy.  

Earlier Report: Deleting WhatsApp messages may become illegal in India

Every message that you send–be it through WhatsApp, SMS, Email or any such service–must be mandatorily stored in plain text format for 90 days and made available on demand to security agencies under a draft New Encryption Policy that has triggered privacy concerns.

Legal action that could also include imprisonment has been proposed in the draft policy unveiled by the government for failure to store and produce on demand the encrypted messages sent from any mobile device or computer. The policy also wants everyone to hand over their encryption keys to the Government.

The draft proposes that users of encrypted messaging service on demand should reproduce same text, transacted during a communication, in plain format before law enforcement agencies and failing which the government can take legal action as per the laws of the country.

The proposed policy, issued by the Department of Electronics and Information Technology, would apply to everyone including government departments, academic institutions, citizens and for all kind of communications — be it official or personal.

Generally, all the modern messaging services like WhatsApp, Viber, Line, Google Chat, Yahoo messenger etc, come with high level of encryption and many a time security agencies find it hard to intercept these messages.

“All information shall be stored by the concerned B/C entity for 90 days from the date of transaction and made available to Law Enforcement Agencies as and when demanded in line with the provisions of the laws of the country,” the draft said.

The draft has defined ‘B category’ as all statutory organizations, executive bodies, business and commercial establishments, including all Public Sector Undertakings, Academic institutions.

The ‘C category’ as per the draft are all citizens including personnel of government and business performing non-official or personal functions.

In case of the user having communicated with foreigner or entity abroad then the primary responsibility of providing readable plain text along with the corresponding encrypted information would be that of the user in the country.

Besides this, all service providers located within and outside India that use encryption technology for providing any type of services in India must register themselves with the government, as per the draft.

The draft proposes to introduce the New Encryption Policy under section 84 A of Information Technology Act 2000. This section was introduced through amendment in 2008.

The sub-section 84 C that was also introduced through the amendment has provision of imprisonment for violation of the act.

“Encryption products may be exported but with prior intimation to the designated agency of Government of India. Users in India are allowed to use only the products registered in India. Government reserves the right to take appropriate action as per Law of the country for any violation of this Policy,” the draft said.

The last date for public to comment on the draft is October 16, 2015. “Having a draft on issue is a welcome step. It looks at everything with prism of law enforcemnnt. It will create a license raj. There is very much concern around privacy of citizen. The policy wants messages to be given on  demand. If my private information is sought by government, it should be done through courts,”  Arun Sukumar,Head, Cyber Initiative, said.

Sukumuar said the government is following old mindset in trying to regulate new technology.

Medianama Founder and volunteer for ‘Save The Internet’ forum, Nikhil Pahwa said that the problem is that the government can hold users liable for not keeping copies of their data in a ‘plain text’ format, when 99.99 per cent of users in the country don’t know the meaning of plain text.

“There is also a possibility that the ‘plain text’ data can be manipulated by hackers, or by a government official with encryption keys who can manipulate stored data. How will an individual be protected against such attacks? An individual’s right to privacy is a fundamental right under Article 21,” Pahwa said.

The vision of the policy is to “enable information security environment and secure transactions in Cyber Space for individuals, businesses, government, including nationally critical information systems and networks,” the draft said.

Internet Service Provider Association Of India (ISPAI) President Rajesh Chharia said putting responsibility on customers is not acceptable.

“While we welcome 256 bit encryption which we have been demanding from very long time, government needs to consider secrecy of business as well. National security is paramount but government should think that a terrorist is never going to share encryption code of his tool. Government needs to develop capability to handle such issues,” Chharia said. 

 

Share this:
MANY DROPS MAKE AN OCEAN
Support NewsKarnataka's quality independent journalism with a small contribution.

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

To get the latest news on WhatsApp