National Encryption Policy Draft Upsets Netizens [Because It's Stupid]
The draft of the latest #-Link-Snipped-# (PDF), released by the DEITY aka Department of Electronics and Information Technology has upset the Indian netizens. The policy affects everyone - the government personnels and the common citizens who use the Internet for communication and you simply cannot choose to ignore it. The policy states that every message that you send; be it through WhatsApp, SMS, Email, Skype, Viber or any such service must be stored in plain text format for a period of 90 days. Failing to do so may attract legal action.
The policy also states that if the law enforcement agency demands access to the message, the user should be able to provide the message in plain text format. The onus of maintaining the plain text version for 90 days lies with the user. As absurd as it sounds, the experts at the DEITY believe that this is the best way to create a secure environment for transactions in the cyber space.
You might be aware that almost all of the popular messaging services use advanced encryption technologies to transfer the messages from the client devices to the servers and then to the recipient. The service providers will now have to agree to deploying the encryption mechanisms decided by the Government. That means, popular messaging services like WhatsApp, Facebook Messenger or Skype and others will have to sign the agreement with Government to continue their services in India.
The bigger part of the problem is that the policy holds the end user responsible for storing the messages for a period of 90 days. If you delete an SMS that you sent 10 days ago; and the law enforcement agency asks for all the messages you sent in the recent past; you should be able to produce it. If you can't, you will face legal action.
The policy also proposes that the businesses will have to keep plain text copies of the communication they do internally and externally with their clients. The same applies to various government bodies and executives.
While the intention of the policy makers seems to be ensuring easy access to all the data they want; they seem to have forgotten that the policy itself could prove to be more dangerous. The policy does not take into consideration the situation where the hackers directly access the information stored in plain text. If the messages are stored in encrypted form, then they can't be read without first decrypting them.
If the policy gets implemented, you can simply forgot deleting whatsapp messages, emails that you sent or received in the last 90 days.
Do share your views on the policy with us.
The policy also states that if the law enforcement agency demands access to the message, the user should be able to provide the message in plain text format. The onus of maintaining the plain text version for 90 days lies with the user. As absurd as it sounds, the experts at the DEITY believe that this is the best way to create a secure environment for transactions in the cyber space.
You might be aware that almost all of the popular messaging services use advanced encryption technologies to transfer the messages from the client devices to the servers and then to the recipient. The service providers will now have to agree to deploying the encryption mechanisms decided by the Government. That means, popular messaging services like WhatsApp, Facebook Messenger or Skype and others will have to sign the agreement with Government to continue their services in India.
The bigger part of the problem is that the policy holds the end user responsible for storing the messages for a period of 90 days. If you delete an SMS that you sent 10 days ago; and the law enforcement agency asks for all the messages you sent in the recent past; you should be able to produce it. If you can't, you will face legal action.
The policy also proposes that the businesses will have to keep plain text copies of the communication they do internally and externally with their clients. The same applies to various government bodies and executives.
While the intention of the policy makers seems to be ensuring easy access to all the data they want; they seem to have forgotten that the policy itself could prove to be more dangerous. The policy does not take into consideration the situation where the hackers directly access the information stored in plain text. If the messages are stored in encrypted form, then they can't be read without first decrypting them.
If the policy gets implemented, you can simply forgot deleting whatsapp messages, emails that you sent or received in the last 90 days.
Do share your views on the policy with us.
0
