Share

National Encryption Policy Draft Upsets Netizens [Because It’s Stupid]

India’s proposed encryption policy has come under heavy fire with internet experts and online activists alleging that it provides blanket backdoors to law enforcement agencies to access user data, which could be abused by hackers and spies. Now, this draft is applicable to all citizens including “you”, and also personnel of government and businesses engaging in non-official or personal functions.

Advertisement

You can access the full text of the Draft National Encryption Policy on the DeitY website. Also, the government wants your comments on the policy so do share your Mann Ki Baat with the Big Brother. The policy aims to “enable (an) information security environment and secure transactions in cyberspace for individuals, businesses and government including nationally critical information systems and networks”. “On demand, the user shall reproduce the same Plain text and encrypted text pairs using the software / hardware used to produce the encrypted text from the given plain text”, reads the draft. This is a potential source of confusion since most users don’t even know when they are using encrypted forms of communication. “Such plain text information shall be stored by the user/organisation/agency for 90 days from the date of transaction and made available to Law Enforcement Agencies as and when demanded in line with the provisions of the laws of the country”, it adds.

The government has drafted a new encryption policy through which it will have access to all encrypted information including a citizen’s personal email, messages or data stored in a private business server, reports The Indian Express. This means that the government will determine the encryption standards for all and entities like Google and WhatsApp will have to follow the encryption standards prescribed by the Indian government.

The worst part is that the draft policy, which seems to have been prepared by highly qualified experts, opens the Indian government to ridicule because it shows that our so called “experts” don’t understand technology. Government will designate an appropriate agency for entering into such an agreement with the Service provider located within and outside India.

For instance, companies like Apple Inc. or Microsoft Corp. use encryption technologies at various levels of their operating systems; e-commerce services like Flipkart, Amazon and Snapdeal; web browsers like Mozilla Firefox and Google Chrome and mail services like Gmail, Yahoo and Rediff may be required to register with the government.

The preamble of the draft says “the cryptographic policy for domestic use supports the broad use of cryptography” in ways that facilitate privacy and worldwide economic competitiveness.

The draft coverage has been launched underneath Section eighty four A of the Information Technology Act (2000). “Does the federal government have the capability to enter into these many agreements?” asks Prakash. Once it is implemented by the government or businesses, it will automatically start impacting citizens. Another way the policy itself could be benefited is by having a standalone privacy law that provide the safeguards that protects user rights downstream, instead of defining them from one application to another.

Advertisement

Now, we aren’t saying the entire policy is unsafe to our privacy.

Draft National Encryption Policy put up online for public remark, experts worried