National Encryption Policy draft, everyone is under strict surveillance

Pierluigi Paganini September 23, 2015

The Indian Government plans to release the new National Encryption Policy, a law that seems to be one of the big threat to the Internet freedom.

A new problem is worrying the Indian friends, the Government plans to release a new policy, National Encryption Policy’ that seems to presage disappointments for users.

Among ugly and questionable issues of the policy,  there is the will to criminalize cancellation of WhatsApp Messages or Emails received or sent before 90 days, and the punishment might be the imprisonment

The Indian colleagues at THEHACKERNEWS explain that with the aim to ‘provide confidentiality of information’ and ensure ‘protection of sensitive or proprietary information,’ the draft policy, proposed by a so-called ‘expert panel’ from the Department of Electronics and Information Technology (DeitY), requires:

  • Access to your Private Data – The government need to have access to all user’s encrypted information including personal emails, text and voice messages, and data stored in a private business server.
  • Not to Delete any WhatsApp Messages or Emails for 90 Days – The Policy will force Internet users to save all encrypted communication data in plaintext for at least 90 days. WhatsApp conversation and emails are in the target of the Government.
  • Share your Encryption Keys with Government – the National Encryption Policy force Indian Internet Users to share their encryption keys with the Government and Security Agencies.
  • Foreign Services Providers need to Comply with Indian Government – Foreign companies need to provide access to data belonging to Indian users.

National Encryption Policy India

The Minister of Communications and Information Ravi Shankar Prasad tried to explain that the draft law that aim to regulate cryptography would be rewritten.

“Some of the expressions used in the draft are giving rise to uncalled-for misgivings,” said Prasad. “I have noted some of the concerns.”

It is a clear reference to the request of storing encrypted messages and data in a plaintext form readable by the Government for a period of 90 days.You have to consider that in India, more than 80% of netizens use web services provided by foreign companies, including WhatsApp, Facebook, Gmail, Skype, Telegram and many others.

This means that the National Encryption Policy will require those foreign companies who offer services in India to give the government access to the user data.

Encryption algorithms and key sizes will be prescribed by the Government,” states the Policy.

Everyone can express its opinion about the National Encryption Policy by sending comments to [email protected] by October 16, 2015.

Let’s wait for the final release of the National Encryption Policy.

Pierluigi Paganini

(Security Affairs – National Encryption Policy, India)



you might also like

leave a comment