2 years ago on
New Delhi: Shortly after a debate emitted over government’s proposal to explore each message send by an individual by WhatsApp, SMS, or Google Hangouts, the Department of Electronics and Information Technology cleared up in a draft that online networking sites and applications will be exempted from the Encryption’s domain Policy.
The draft posted by Deity indicates that there are classifications of encryption products that will be excused from the draft’s domain national encryption policy.
Encryption products, which are as of now being utilized in web applications, social media sites, and social media applications such as WhatsApp, Facebook, and Twitter etc are excluded from the purview of the draft National Encryption Policy, confirmed a proposed addendum to the policy posted on the department’s website.
Encryption items utilized as a part of Internet banking and payment gateways, and for e-commerce and password-based transactions will be exempted as well.
Earlier Deity had proposed that all the messages which are sent through encrypted messaging services like WhatsApp (Android version supports encryption), Google Hangouts or Apple’s iMessage, must be stored safe for 90 days. Privacy concerns triggered heated debate.
The draft of New Encryption Policy proposes that upon demand users of encrypted messaging service must reproduce same text, transacted during a communication before law enforcement agencies. It should be in a plain format. Failing to do so may result in imprisonment of the user as per the provisions.
The proposed policy of the Department of Electronics and Information Technology will be made applicable for everyone including government departments, academic institutions, normal citizens and for all kind of communications.
All the modern messaging services like WhatsApp, Viber, Line, Google Chat, yahoo messenger etc, has high level of encryption and many times security offices think that it is difficult to catch these messages.
“All information shall be stored by the concerned B/C entity for 90 days from the date of transaction and made available to Law Enforcement Agencies as and when demanded in line with the provisions of the laws of the country,” the draft said.
The ‘B category’ in the draft is defined as all statutory organizations, executive bodies, business and commercial establishments, including all Public Sector Undertakings, Academic institutions.
The draft has defined ‘C category’ as all citizens including personnel of government and business performing non-official or personal functions.
The user should provide the readable plain text along with the corresponding encrypted information if they communicate with foreigner or entity abroad.
As per the draft, all service providers located inside or outside India which uses encryption technology for providing any type of services in India should register themselves with the government.
Recommended Read: Facebook to Finally Introduce “Dislike” Button
The New Encryption Policy is introduced under section 84 A of Information Technology Act 2000, as proposed by the draft. Through amendment in 2008, this section was introduced. Sub-section 84 C introduced through the amendment has provision of imprisonment for violation of the act.
“Encryption products may be exported but with prior intimation to the designated agency of Government of India. Users in India are allowed to use only the products registered in India. Government, reserves the right to take appropriate action as per Law of the country for any violation of this Policy,” the draft said.
October 16, 2015 is the last date for public to comment on the draft.
“Having a draft on issue is a welcome step. It looks at everything with prism of law enforcement. It will create a license raj. There is very much concern around privacy of citizen. The policy wants messages to be given on demand. If my private information is sought by government, it should be done through courts,” Arun Sukumar,Head Cyber Initiative, said.