Updated
Sep 22 (PTI): Following a public uproar over threat to privacy, the government today withdrew the draft encryption policy which made it mandatory for storage of all messages, including social media, for 90 days.
"I personally feel that some of the expression used in the draft are giving rise to uncalled-for misgivings. Therefore, I have written to DeitY to withdraw that draft, rework it properly and thereafter put in the public domain," Telecom Minister Ravi Shankar Prasad told reporters here.
Generally, all modern messaging services like WhatsApp, Viber, Line, Google Chat, Yahoo Messenger and the like come with a high level of encryption and many a time, security agencies find it hard to intercept these messages.
"Yesterday, it was brought to our notice that draft has been put in the public domain seeking comments. I wish to make it very clear that it is just a draft and not the view of the government. I have noted concerns expressed... by the public," Prasad said.
As per the original draft, the new encryption policy proposes that every message a user sends -- be it through WhatsApp, SMS, e-mail or any such service -- must be mandatorily stored in plain text format for 90 days and made available on demand to security agencies.
Prasad said the government under the leadership of Prime Minister Narendra Modi has promoted social media activism.
"The right of articulation and freedom, we fully respect but at the same time, we need to acknowledge that cyber space transaction is rising enormously for individuals, businesses, the government and companies," Prasad said.
The draft proposed legal action that could entail imprisonment for failure to store and produce on demand the encrypted message sent from any mobile device or computer.
The draft, issued by the Department of Electronics and Information Technology, was applicable on everyone, including government departments, academic institutions, citizens and for all kinds of communications -- be it official or personal.
Besides, all service providers located within and outside India that use encryption technology must register themselves with the government, as per the draft.
Prasad, however, maintained that there's need for an encryption policy which would apply to those who are involved in encrypting a messaging product "for a variety of reasons".
The policy was proposed under section 84 A of the Information Technology Act, 2000 through an amendment in 2008.
The sub-section 84 C, which was also introduced at around the same time, carries provisions of imprisonment for any violation of the Act.
Earlier Update:
Government exempts social media apps from encryption policy
New Delhi, Sep 22 (Agencies): Hours after a controversy erupted over government's proposal to access all encrypted information, including personal emails and messages, the Department of Electronics and Information Technology clarified that social media sites and social media applications such as Facebook and WhatsApp would be exempted from the purview of the Encryption Policy.
e-banking and other password protected e-commerce businesses would also be kept out of the ambit of the Encryption Policy, it said.
The original draft of the policy said that the government will have access to all encrypted information, including personal emails, messages or even data stored on a private business server.
It also said users of services that use encryption to secure communication could be required to store all messages, including WhatsApp and Facebook messages and emails, for 90 days and hand it over to the government when asked.
The draft policy, however, states that the objective is to “use of encryption for ensuring the security/ confidentiality of data and to protect privacy in information and communication infrastructure without unduly affecting public safety and national security”.
The clarification from the government comes after public outrage. The last date for public to comment on the draft is October 16, 2015.
Earlier:
Deleting WhatsApp messages may become illegal in India
Sep 21 (PTI): Every message that you send - be it through WhatsApp, SMS, Email or any such service - must be mandatorily stored in plain text format for 90 days and made available on demand to security agencies under a draft New Encryption Policy that has triggered privacy concerns.
Legal action that could also include imprisonment has been proposed in the draft policy unveiled by the government for failure to store and produce on demand the encrypted messages sent from any mobile device or computer. The policy also wants everyone to hand over their encryption keys to the Government.
The draft proposes that users of encrypted messaging service on demand should reproduce same text, transacted during a communication, in plain format before law enforcement agencies and failing which the government can take legal action as per the laws of the country.
The proposed policy, issued by the Department of Electronics and Information Technology, would apply to everyone including government departments, academic institutions, citizens and for all kind of communications - be it official or personal.
Generally, all the modern messaging services like WhatsApp, Viber, Line, Google Chat, Yahoo messenger etc, come with high level of encryption and many a time security agencies find it hard to intercept these messages.
“All information shall be stored by the concerned B/C entity for 90 days from the date of transaction and made available to Law Enforcement Agencies as and when demanded in line with the provisions of the laws of the country,” the draft said.
The draft has defined ‘B category’ as all statutory organizations, executive bodies, business and commercial establishments, including all Public Sector Undertakings, Academic institutions.
The ‘C category’ as per the draft are all citizens including personnel of government and business performing non-official or personal functions.
“The common man is not likely to be impacted by this (proposal),” an IT Ministry spokesperson said.
In case of the user having communicated with foreigner or entity abroad then the primary responsibility of providing readable plain text along with the corresponding encrypted information would be that of the user in the country.
Besides this, all service providers located within and outside India that use encryption technology for providing any type of services in India must register themselves with the government, as per the draft.
The draft proposes to introduce the New Encryption Policy under section 84 A of Information Technology Act 2000. This section was introduced through amendment in 2008.
The sub-section 84 C that was also introduced through the amendment has provision of imprisonment for violation of the act.
“Encryption products may be exported but with prior intimation to the designated agency of Government of India.
Users in India are allowed to use only the products registered in India. Government reserves the right to take appropriate action as per Law of the country for any violation of this Policy,” the draft said.
The last date for public to comment on the draft is October 16, 2015.
“Having a draft on issue is a welcome step. It looks at everything with prism of law enforcement. It will create a license raj. There is very much concern around privacy of citizen. The policy wants messages to be given on demand. If my private information is sought by government, it should be done through courts,” Arun Sukumar,Head, Cyber Initiative, said.
Read the complete draft here