Yesterday Government of India, more precisely the Department of Electronics and Information Technology (DeitY) proposed a draft of a policy, National Encryption Policy which stated that we, the citizen of India may need to keep a copy of all messages sent through encrypted messaging services such as WhatsApp (Android version supports encryption), Google Hangouts or Apple’s iMessage, Facebook, Twitter and other social media applications for 90 days.
Also, online businesses would need to keep their sensitive information including passwords in plain text for the same period of time. The draft issued by Department of Electronics and Information Technology also proposes that users of encrypted messaging service on demand should reproduce same text, transacted during a communication, in the plain format before law enforcement agencies and failing to do so may lead to imprisonment of the user as per the provisions. The proposed National Encryption Policy would apply to everyone including government departments, academic institutions, citizens and for all kind of communications — be it official or personal.
This proposal erupts a huge controversy all over the country as there is a chance to expose the confidential information to potential hacking attacks. Also, this is a big slap in the face of democracy as no democratic country has the right to monitor the conversations of their citizen in the name of “privacy concerns.”
Amidst the nationwide public outcry and immense pressure, today DeitY clarified in a draft that social media websites and applications would be exempted from the purview of the encryption policy.
According to the draft posted by DeitY today, on their website, there are certain categories of encryption products that will be exempted from the purview of the draft national encryption policy. The mass-use encryption products, which are currently being used social media sites, web applications and social media applications such as Facebook, WhatsApp, Twitter, etc are being excluded from the purview of the draft of National Encryption Policy, said a proposed addendum to the policy posted on the department’s website.
DeitY also mentioned on their website that encryption products used in Internet banking and payment gateways, and those used for e-commerce and password-based transactions would also be exempted from the purview. This is the exact statement given by DeitY on their website
