Hours after reports that deleting WhatsApp and Google Hangouts messages could soon become illegal, the government has done a u-turn. It has issued a clarification saying that a new draft encryption policy will not apply to social media. The clarification from the government comes after public outrage.
In its latest addendum, the government has said that apart from social networking, internet banking and e-commerce are also exempt from the policy.
The original draft of the policy said that users of services that use encryption to secure communication, such as WhatsApp and other instant messaging services, could be required to store all their communication for as long as 90 days and make them available to law enforcement agencies when legally asked to.
The draft policy further said that that service providers using encryption technology or those providing such services in India "must enter into an agreement with the government for providing such services in India."
A large number of communication and other services use some form of encryption. This means thousands of companies around the world providing such services will be required to enter into an agreement with the Indian government, something that experts think is unrealistic.
The policy also requires businesses and users to store communication in both unencrypted and encrypted forms. This defeats the very purpose of encryption.
According to the draft policy, the government will also prescribe the algorithms and key sizes for encryption. The government's choices of encryption technology has also invited criticism.
DeitY, had last week, posted the Draft National Encryption Policy on its website inviting comments from the public. The purpose of the policy is to frame rules under Section 84A of the Information Technology Act, 2000, regarding use of encryption methods. Comments on the Draft National Encryption Policy have to be sent in by October 16, 2015.
The draft New Encryption Policy had triggered privacy concerns. Legal action that could also include imprisonment had been proposed in the draft policy unveiled by the government for failure to store and produce on demand the encrypted messages sent from any mobile device or computer. The policy also wanted everyone to hand over their encryption keys to the Government.
The draft proposes that users of encrypted messaging service on demand should reproduce same text, transacted during a communication, in plain format before law enforcement agencies and failing which the government can take legal action as per the laws of the country.
The proposed policy, issued by the Department of Electronics and Information Technology, would apply to everyone including government departments, academic institutions, citizens and for all kind of communications -- be it official or personal.
Generally, all the modern messaging services like WhatsApp, Viber, Line, Google Chat, Yahoo messenger etc, come with high level of encryption and many a time security agencies find it hard to intercept these messages.
"All information shall be stored by the concerned B/C entity for 90 days from the date of transaction and made available to Law Enforcement Agencies as and when demanded in line with the provisions of the laws of the country," the draft said.
The draft defined 'B category' as all statutory organizations, executive bodies, business and commercial establishments, including all Public Sector Undertakings, Academic institutions. The 'C category' as per the draft are all citizens including personnel of government and business performing non-official or personal functions.
In case of the user having communicated with foreigner or entity abroad then the primary responsibility of providing readable plain text along with the corresponding encrypted information would be that of the user in the country. Besides this, all service providers located within and outside India that use encryption technology for providing any type of services in India must register themselves with the government, as per the draft.
The last date for public to comment on the draft is October 16, 2015.
Comments
0 comment