Short Bytes: The government of India doesn’t understand the concept of online privacy and the importance of encryption. A new government body of “experts” has proposed a new Encryption Policy ruling out the need of online encryption.
The Department of Electronic and Information Technology (Deity) has made a body of “experts” that has proposed a new Draft Encryption Policy that rules out the need of online encryption.
This so-called expert panel has proposed that a company, or a user, will have to store the plain text of the corresponding encrypted information for future 90 days. This makes your data unencrypted and vulnerable for good 90 days.
The policy states:
“….user shall reproduce the same Plain text and encrypted text pairs using the software/hardware used to produce the encrypted text from the given plain text. All information shall be stored by the concerned B/C (business/citizen) entity for 90 days from the date of transaction and made available to Law Enforcement Agencies as and when demanded in line with the provisions of the laws of the country.”
This new encryption policy defeats the fundamental principle and the need of encryption. According to this, you are required to store your encrypted data, information, passwords etc. for the next 90 days.
Most of you don’t even know which parts of your online activity is encrypted, leave aside the act of saving and storing it. Another big-fat misguided statement in the policy is:
“…encryption algorithms and key sizes will be prescribed by the Government.”
With this, the government wants the thousands of services to follow the norms and encryption technologies prescribed by the government and risk the security of the user data.
This also means you may need to keep a copy of all the chats done using encrypted messaging service such as Google Hangouts, WhatsApp, or Apple’s iMessage, for 90 days. This could happen if the proposed National Encryption Policy is implemented without any change.
The government of India is already facing flak over its buggy net neutrality policies, and it has once again made a fool of itself with is new national encryption policy – that rejects the need of encryption.
You can read/download the complete policy draft here and send your recommendations to [email protected] by Oct. 16.
Share your views regarding the India’s new encryption policy in the comments below.