After Outrage over draft National Encryption Policy, Govt. clarifies that Social Media sites are exempted from its purview [Read the Policy]

The Central Government appointed “expert group”  has published draft of National Encryption Policy and has invited public to comment on it.  Many cyber law experts view this draft as a draconian measure which could violate privacy of the citizens. After the outrage in Social media, which apprehended that the Social media users will have to store the messages for 90 days, as mandated by the policy, the Government has also issued an addendum which said “The mass use encryption products, which are currently being used in web applications, social media sites, and social media applications such as Whatsapp,Facebook,Twitter etc.” are exempted from the purview of this policy.

The draft categorizes the users into three groups as follows

• G Govt. – All Central and State Government Departments (including sensitive departments / agencies while performing non-strategic and non-operational role).
• B All statutory organizations, executive bodies, business and commercial establishments, including all Public Sector Undertakings, Academic institutions.
• C All citizens (including personnel of Government / Business (G/B) performing nonofficial / personal functions)

The provisions which raised eyebrows are the following

• All information shall be stored by the concerned B / C entity for 90 days from the date of transaction and made available to Law Enforcement Agencies as and when demanded in line with the provisions of the laws of the country.
• Service Providers located within and outside India, using Encryption technology for providing any type of services in India must enter into an agreement with the Government for providing such services in India.
• All citizens (C), including personnel of Government / Business (G/B) performing non-official / personal functions, are required to store the plaintexts of the corresponding encrypted information for 90 days from the date of transaction and provide the verifiable Plain Text to Law and Enforcement Agencies as and when required as per the provision of the laws of the country.

Though the vision statement reads that the policy is “To enable information security environment and secure transactions in Cyber Space for individuals, businesses, Government including nationally critical information systems and networks.”, cyber experts warn that it will be misused.

Cyberlaw expert Pawan Duggal speaking to The Indian Express,  said “Almost everyone using the Internet will find themselves in violation of these rules. It is hence detached from the ground realities. This policy has been drafted for the PC era and does not take into consideration the mobile revolution in the country”

[embed]https://twitter.com/pranesh_prakash/status/646164649436549120[/embed]

According to medianama, “This approach is totalitarian in nature, and seems to hold every individual in the country as a potential criminal”

According to DNA article “It’s like leaving the door of your house open to the government, giving them a detailed tour around your rooms and cupboards, then handing them a copy of the keys on the way out.”

Public can send their  comments and suggestion  by 16/10/2015 to Shri A. S. A. Krishnan, Scientist ‘G’, Department of Electronics and Information Technology, Electronics Niketan, 6, CGO Complex, Lodhi Road, New Delhi: 110003, Email: akrishnan@deity.gov.in.

Read the full text of the Policy and Clarification here.