India withdraws controversial encryption policy

22 Sep 2015 | Author: | No comments yet »

Draft Encryption Policy: Top 5 points on how WhatsApp, Facebook, Twitter would have been hit.

The government beat a hasty retreat a day after Internet users in India learned the Draft Encryption Policy was recommending keeping tabs on their activities, which caused a huge outcry.

The purpose of the policy is to encourage use of encryption technologies and products among governmental agencies, businesses and citizens for more secure communications and financial transactions in the cyber space.The government of India has given exemption to social media apps like Whatsapp from a proposed new law that would ask all Indian citizens to store a plain-text version of any encrypted data for 90 days and make it available to security agencies. However, after government’s retreat, social media websites, ‘web applications, social media sites, and social media applications such as Whatsapp, Facebook, Twitter etc’ stand exempted. The technology industry in India is understandably shocked, because this could make it far easier for hackers to find and read private information – defeating the point of encrypting it in the first place. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption key generated by an algorithm, which it turn generates a ciphertext that can only be read if decrypted.

Draft Encryption Policy: Since every messaging service and email, including WhatsApp and Gmail, use some form of encryption, this draft would cover almost all instant messages and emails. 3. In addition, the law states that any overseas companies using encryption must submit their full crypto software, along with testing suites and supporting documentation, for scrutiny by the Indian government. In principle, it is possible to decrypt the message without possessing the key, but for a well-designed encryption scheme, large computational resources and skill are required. Not only will this law provide a backdoor to law enforcement agencies to access user data, which could be abused by hackers, but it is also going to make foreign technology companies very wary of doing business in the subcontinent.

For instance, when a WhatsApp message is sent, it’s automatically encrypted or turned into scrambled text, which is then unscrambled for the recipient. The Premable to the draft policy states that encryption technology was traditionally deployed most widely to protect the confidentiality of military and diplomatic communication. However, the revolution in Internet technology, proliferation of online apps for communication and subsequent increase in their usage, expanded the scope of encryption to e-commerce and e-governance civilian applications. This further led to the need to protect privacy and increase the security of the Internet and associated information systems and develop policies that favour the spread of encryption worldwide. Another term that stirred a controversy is that in case of communication with any foreign entity, the primary responsibility of providing readable plaintext along with the corresponding encrypted information shall rest on the business or citizen located in India.

Additionally, service providers located within and outside India, using encryption technology for providing any type of services in India, must enter into an agreement with the government. No wonder then that the new draft policy was seen as totalitarian in nature, as it seemed to view every individual in the country as a potential criminal.

Here you can write a commentary on the recording "India withdraws controversial encryption policy".

* Required fields
All the reviews are moderated.
Our partners
Follow us
Contact us
Our contacts

ICQ: 423360519

About this site