National Encryption Policy Draft Upsets Netizens [Because It's Stupid]
The draft of the latest #-Link-Snipped-# (PDF), released by the DEITY aka Department of Electronics and Information Technology has upset the Indian netizens. The policy affects everyone - the government personnels and the common citizens who use the Internet for communication and you simply cannot choose to ignore it. The policy states that every message that you send; be it through WhatsApp, SMS, Email, Skype, Viber or any such service must be stored in plain text format for a period of 90 days. Failing to do so may attract legal action.
The policy also states that if the law enforcement agency demands access to the message, the user should be able to provide the message in plain text format. The onus of maintaining the plain text version for 90 days lies with the user. As absurd as it sounds, the experts at the DEITY believe that this is the best way to create a secure environment for transactions in the cyber space.
You might be aware that almost all of the popular messaging services use advanced encryption technologies to transfer the messages from the client devices to the servers and then to the recipient. The service providers will now have to agree to deploying the encryption mechanisms decided by the Government. That means, popular messaging services like WhatsApp, Facebook Messenger or Skype and others will have to sign the agreement with Government to continue their services in India.
The bigger part of the problem is that the policy holds the end user responsible for storing the messages for a period of 90 days. If you delete an SMS that you sent 10 days ago; and the law enforcement agency asks for all the messages you sent in the recent past; you should be able to produce it. If you can't, you will face legal action.
The policy also proposes that the businesses will have to keep plain text copies of the communication they do internally and externally with their clients. The same applies to various government bodies and executives.
While the intention of the policy makers seems to be ensuring easy access to all the data they want; they seem to have forgotten that the policy itself could prove to be more dangerous. The policy does not take into consideration the situation where the hackers directly access the information stored in plain text. If the messages are stored in encrypted form, then they can't be read without first decrypting them.
If the policy gets implemented, you can simply forgot deleting whatsapp messages, emails that you sent or received in the last 90 days.
Do share your views on the policy with us.
The policy also states that if the law enforcement agency demands access to the message, the user should be able to provide the message in plain text format. The onus of maintaining the plain text version for 90 days lies with the user. As absurd as it sounds, the experts at the DEITY believe that this is the best way to create a secure environment for transactions in the cyber space.
You might be aware that almost all of the popular messaging services use advanced encryption technologies to transfer the messages from the client devices to the servers and then to the recipient. The service providers will now have to agree to deploying the encryption mechanisms decided by the Government. That means, popular messaging services like WhatsApp, Facebook Messenger or Skype and others will have to sign the agreement with Government to continue their services in India.
The bigger part of the problem is that the policy holds the end user responsible for storing the messages for a period of 90 days. If you delete an SMS that you sent 10 days ago; and the law enforcement agency asks for all the messages you sent in the recent past; you should be able to produce it. If you can't, you will face legal action.
The policy also proposes that the businesses will have to keep plain text copies of the communication they do internally and externally with their clients. The same applies to various government bodies and executives.
While the intention of the policy makers seems to be ensuring easy access to all the data they want; they seem to have forgotten that the policy itself could prove to be more dangerous. The policy does not take into consideration the situation where the hackers directly access the information stored in plain text. If the messages are stored in encrypted form, then they can't be read without first decrypting them.
If the policy gets implemented, you can simply forgot deleting whatsapp messages, emails that you sent or received in the last 90 days.
Do share your views on the policy with us.
Replies
-
showstealeras absurd as it gets !! heights -
Aashish JoshiThis is very sad. Instead of focusing on "upgrading" our laws to get them in sync with the times we seem to be going back to the middle ages!
-
Aashish JoshiThe draft says that feedback from public is invited at #-Link-Snipped-#
Please make sure you send your honest feedback. -
Kaustubh KatdareWell, I think the better approach, if the Government really thinks that having access to the chats is crucial to the security, would be to ask WhatsApp to store messages for 90 days. Of course, whatsapp may not find it a suitable business model; because they don't store messages per se.
But of course, none of the approach ensure user's privacy. I'm wondering if user privacy and government security are to disjoint sets? -
Kaustubh KatdareUpdate: DEITY has updated the encryption policy to clarify that the apps like WhatsApp, Facebook and Twitter will be excluded. These are the products of mass communication and hence they won't be covered by this policy.
The policy also excludes SSL/TLS encryption products used by Internet Banking and majority of payment gateway systems. Also the SSL/TLS encryption products that are used by the eCommerce portals and password based transactions will not be covered in the policy.
I'm wondering, if these are excluded, the the whole purpose of putting the policy in place gets defied. Looks like something's really wrong! -
Kaustubh KatdareUpdate: This policy has been withdrawn after online protests by all the netizens.
-
Abhishek RawalSince when TLS/SSL has been categorized as "Product" ? I wonder why DeiTY named protocols as 'product' in their draft.
Can somebody explain ? #-Link-Snipped-# ? -
durga ch#-Link-Snipped-#- i suppose products here refers to apps which use/need secure protocols like TLS/SSL
-
Kaustubh KatdareIt's the 'language' they use. Have you seen the way lawyers write agreements? Even the NASA ISS docking module would look tad easier.
You are reading an archived discussion.
Related Posts
Hello people
I'm Umang Madia First Year Mechanical Engineering student at DJ Sanghvi college of engineering Mumbai, Maharashtra. I have a keen interest and passion for automobiles. I am thinking...
UMI has claimed that they are going to launch the world's cheapest smartphone possessing a fingerprint scanner. For the uninitiated, UMI is a China based smartphone making company, which is...
What package should an engineer have to be considered a middle class man or a bit up in this section. I know, not just the package matters, the overall savings...
Micromax and Snapdeal have partnered to introduce the new budget-smartphone called Canvas Spark 2. Micromax is promoting it as 'India ka 3G phone' as it is priced at a very...
Just in time for the festive season that's just a month away, Intex has unveiled its all new 43-inch LED TV called 'Intex LED-4300' at a price of Rs. 32000....