After huge public outrage over the government's draft encryption policy that proposed saving of all digital communications for a period of 90 days, the IT department has issued an >addendum exempting social media applications such as WhatsApp, Twitter.
As reported by The Hindu , the IT ministry sources had confirmed that the policy initiative will not impact the common man.
The proposed addendum to the draft encryption policy clarifies that ‘encryption products’ that have been exempted from the policy include "The mass use encryption products, which are currently being used in web applications, social media sites, and social media applications such as Whatsapp, Facebook,Twitter etc."
Further, all SSL/TLS encryption products being used in Internet-banking and payment gateways as directed by the Reserve Bank of India And those being used for e-commerce and password- based transactions, are also exempted.
Proposed Addendum to the Draft Encryption Policy >pic.twitter.com/qjAxuKPX0E
— DeitY (@GoI_DeitY) >September 22, 2015‘More clarity needed’
However, experts feel more clarity is required on the draft policy.
The government had kicked off a controversy by proposing that every citizen should keep a copy of all their communications in the cyber space, including emails and chats, for a period of 90 days and be able to make it available to security agencies when demanded, under the Draft National Encryption Policy.
According to the proposed policy, citizens as well as business may use encryption technology for storage of data and communication. However, all citizens “are required to store the plaintexts of the corresponding encrypted information for 90 days” and provide verifiable plain text to law enforcement agencies as and when required.
The government has invited public feedback and comments on these guidelines till October 16. The draft was formed by an ‘expert group’ set up by the Department of Electronics and Information Technology.
Cyberlaw expert Pawan Duggal had said the policy is not only draconian, but also misplaced. “Almost everyone using the Internet will find themselves in violation of these rules. This policy is detached from the ground realities… they do not take into consideration the mobile revolution in the country,” he said.
Most experts were of opinion that this policy in the current form cannot work simply because end consumers do not have any idea what encryption is and in most cases the encryption of data is done by applications. Users can not decrypt that, application providers could.
“The first question to ask is this really feasible, particularly for the end consumers. Would they even know what is encryption… are they savvy enough to understand this policy. Secondly, keeping a copy of the data will require huge storage and that will come at a cost,” Shree Parthasarthy, Senior Director at Deloitte India had told The Hindu .
