NEW DELHI: Following protests by votaries of a free social media, the government today withdrew a draft of an encryption policy, thus exempting mass use encryption products, which are currently being used in web applications, social media sites, and social media applications such as Whatsapp, Facebook, Twitter, etc
In a statement, the Department of Electronics and Information Technology said that it had “noted public sentiments viz-a-viz this draft. It is clarified that the above mentioned draft is not the final view of the Government on the matter.”
The draft had been prepared by a High-level Committee as part of an attempt to ensure secure transactions in Cyber Space for individuals, businesses and Government and prepare a National Encryption Policy.
The statement said the Department had also taken note of the ambiguity in some portions of the draft that may have led to misgivings. “Hence, the draft has been withdrawn and will be put up for consultation after appropriate revision.”
The removal of the draft also amounts to exemptions to SSL/TLS (Secure Sockets Layer/ Transport Layer Security) encryption products being used in Internet-banking and payment gateways as directed by the Reserve Bank of India and SSL/TLS encryption products being used for e-commerce and password-based transactions.
Communications and IT Minister Ravi Shankar Prasad told newspersons that the draft was not the final view of the government. “The policy will consider the views of the public,” he said.
Under the draft, which has now been withdrawn, every message that is sent through e-mail, Whatsapp or SMS was required to be stored in plain text format for 90 days from the date of transaction and made available to the law enforcement agencies on demand.
The draft was to help introduce a New Encryption Policy under Section 84A of the Information Technology Act, 2000, and had called for public comments by 16 October.
The stated mission of the policy is to provide confidentiality of information in cyber space for individuals, protect sensitive or proprietary information, ensure reliability and integrity of nationally-critical information systems and networks.
“Users or organisations within B2B group may use encryption for storage and communication. Encryption algorithms and key sizes shall be prescribed by the government through notifications from time to time… On demand, the user shall be able to reproduce the same plain text and encrypted text pairs using the software or hardware used to produce the encrypted text from the given plain text,” the draft said.
