Public outrage forces government to withdraw the controversial Draft National Encryption Policy: Sources
Public outrage forces government to withdraw the controversial Draft National Encryption Policy: Sources
The proposed encryption policy that was seen as draconian in nature was met with widespread protests from Indian Internet users and experts.

The controversial Draft National Encryption Policy proposed by the government has been withdrawn, say sources. The proposed policy that was seen as draconian in nature was met with widespread protests from Indian Internet users and experts. A new draft of the policy will be issued soon after considering all aspects to secure the internet consumers.

The policy says it aimed to encourage use of encryption and intends to put regulations in place for the purpose. However, a reading of some of its provisions reveals a different face.

According to the original version of the draft policy, users of services that use encryption to secure communication, such as WhatsApp and other instant messaging services, could have been required to store all their communication for as long as 90 days and make them available to law enforcement agencies when legally asked to.

Buckling under public pressure the Department of Electronics & Information Technology (DeitY) took a U-turn and issued an addenum to the original draft clarifying that "mass use encryption products, which are currently being used in Web applications, social media sites, and social media applications such as Whatsapp, Facebook, Twitter," will be exempted, along with "SSL/TLS encryption products being used in Internet - banking and payment gateways as directed by the Reserve Bank of India."

The draft policy says that that service providers using encryption technology or those providing such services in India "must enter into an agreement with the government for providing such services in India." A large number of communication and other services use some form of encryption. This means thousands of companies around the world providing such services will be required to enter into an agreement with the Indian government, something that experts think is unrealistic.

The policy also requires businesses and users to store communication in both unencrypted and encrypted forms. This defeats the very purpose of encryption.

According to the draft policy, the government will also prescribe the algorithms and key sizes for encryption. The government's choices of encryption technology has also invited criticism.

Given the large number of flaws in the proposed policy coupled with the widespread backlash, the government is already rethinking the policy and it is expected to be withdrawn soon.

What's your reaction?

Comments

https://tupko.com/assets/images/user-avatar-s.jpg

0 comment

Write the first comment for this!