+ Post a Comment HERE!   + Ask a Question / Post a Topic
Results 1 to 3 of 3

National Encryption Policy Draft of India inviting suggestions - are you serious ?


  1. #1
    Ricky is offline eTI Silver

    National Encryption Policy Draft of India inviting suggestions - are you serious ?

    Friends and fellow members,
    This is discussion and news about the National Encryption Policy Draft. The union government has put up a draft National Encryption Policy document online seeking to prescribe the methods of encryption of data and communications used by the government, businesses, and even citizens. The document has been formulated by an "expert group" set up under the Department of Electronics and Information Technology (DeitY) which comes under the union ministry of communications and information technology.

    As per news published in leading news papers, the draft policy has been introduced under Section 84 A of the Information Technology Act (2000). Once finalized, rules for encryption of electronic information and communication will be introduced under the policy. The draft document is open to public comment until October 16.

    Now if you are concerned what exactly is the purpose of this POLICY , it says, the policy's mission is to "provide confidentiality of information in cyber space for individuals, protection of sensitive or proprietary information for individuals & businesses, ensuring continuing reliability and integrity of nationally critical information systems and networks."

    So, far looks promising but if you read it right, it speaks otherwise, to explain, as per this draft, citizens may use encryption technology for storage and communication. However, encryption algorithms and key sizes will be prescribed by the government through Notification from time to time. This means that the government will determine the encryption standards for all and entities like Google and WhatsApp will have to follow the encryption standards prescribed by the Indian government.

    And what is interesting that this may imply that you'll have to store your WhatsApp , FB messengers , Gplus messages for 90 days or face action in case asked to reproduce. Its because almost all messaging services uses encryption and as per this draft you are required to retain copy of data in plain text upto 90 days. This further implies that e-commerce websites will have to keep a plain-text copy of user details leaving their information vulnerable to hackers.

    To explain further:
    "All citizens including personnel of Government / Business (G/B) performing non-official / personal functions, are required to store the plaintexts of the corresponding encrypted information for 90 days from the date of transaction and provide the verifiable Plain Text to Law and Enforcement Agencies as and when required as per the provision of the laws of the country."

    More interesting is that the government expects all citizens to be aware of encrypted communication and the way to store messages in plain text securely. A large number of users may in fact not even know that WhatsApp and iMessage use encryption.

    The policy also mentions that Service Providers located within and outside India, using encryption technology for providing any type of services in India must enter into an agreement with the government for providing such services in India. .. Now what this means, Govt. is going to have agreement with thousands of firms worldwide as almost all sincere website, products and services uses encryption. And moreover, this will make negative impact on Indian IT scene as there will unwanted interference of bureaucracy and thus corruption.

    All vendors of encryption products shall register their products with the designated agency of the government. While seeking registration, the vendors shall submit working copies of the encryption software / hardware to the Government along with professional quality documentation, test suites and execution platform environments. The vendors shall work with the designated Government Agencies in security evaluation of their encryption products," the draft adds.

    However, mass use products like SSL/TLS that are used for financial transactions are exempted from registration. Users in India are allowed to use only the products registered in India though. So using a service not registered with the government will be illegal. "Government reserves the right to take appropriate action as per Law of the country for any violation of this Policy," the draft categorically states.

    This doesn't make sense at all, what kind of policy it is, I wonder who are those experts drafted this policy ? Or it is intentionally made this way to become NSA of India ? I don't see how these policy are practical , moreover if they are implemented the way Govt. suggested in draft, will it not be an abuse of democracy ?

    Apparently all citizens can send their comments on the draft policy to [email protected] by October 16 and give suggestions.
    Last edited by Ricky; 09-21-2015 at 07:35 PM.

  2. #2
    Ricky is offline eTI Silver
    In simplified words, this draft means that.. Govt. Agency wants..

    1. They want every citizen to be aware of encryption system and expect everyone tech savvy enough to understand it too.
    2. They want everyone including business, citizens to have copy of all their encrypted communication in plain text format for atleast 90 days and should present if asked by law, if you can't, face legal action.
    3. They want all worldwide app / web provider using encryption to register with Govt. of India (there are millions of websites using encryption and being accessed in India).. else all will illegal.
    4. They want to have plain text version of all information, it may implies that all ecommerce and other institution also store un-encrypted version of user data so that in case of hack.. hacker gets to know everything without trouble .. ? .. Your password will be stored in plain text too.. ..

    In short, they don't want to hide anything from Govt.. technically making encryption useless.. since you can't really use it for your privacy. I hope Govt. deploys more think tank to draft a practical yet effective draft.

  3. #3
    Aarish Rizvi's Avatar
    Aarish Rizvi
    Aarish Rizvi is offline eTI Bronze
    I hope they have some better explanation for the policy draft. Or it is just to make bureaucrats happy by showing that we have drafted policy.

+ Post a Comment HERE!

Similar Topics and Discussions

  1. Car suggestions for good Luxury family car with automatic transmission in India
    By sudeshmenon in forum Indian Cars and other light four wheelers forums
  2. Suggestions for LML scooters in India
    By lokaranjan in forum India Bike & scooters Market Forums.
  3. RTI News-Govt is not ready to employ harsh policy reforms - India Today
    By RTI-Activist in forum RTI India News & Articles Dicussion
  4. Inviting ideas for corporate gifting
    By Hemal in forum Miscellaneous Sensible Discussion
  5. 3G and WiMAX policy for India to be finalized soon | Says A. Raja
    By Khabri in forum Indian Telecom News Discussion

Tags for this Thread

Have Question? Ask now free!