•  •  Dark Mode

Your Interests & Preferences

I am a...

law firm lawyer
in-house company lawyer
litigation lawyer
law student
aspiring student
other

Website Look & Feel

 •  •  Dark Mode
Blog Layout

Save preferences

#Deity spares Whatsapp, releases Draft National Encryption Policy heavily compromising cyber security

Almost all non-official, personal electronic communication in India will be ripped of its privacy under the Draft National Encryption Policy proposed yesterday by the Department of Electronics and Information Technology (Deity), which seeks to make the information available for legal investigation.

Both government officials as well as private citizens will have to store “plaintexts of the corresponding encrypted information for 90 days from the date of transaction” and will have to make these plaintexts available to law and enforcement agencies, when asked by the agencies, for investigation, according to the policy, reported Medianama.

However, in an addendum to the policy, Deity has today exempted web applications, social media sites such as Facebook, Twitter and others, social media applications such as Whatsapp and others, internet banking and payment gateways and e-commerce and password based transactions, from the policy.

Deity has, however, qualified the exemption with the phrase “[encryption products] currently being used”. Medianama has pointed out that this vague qualification makes it unclear, what is “currently” and whether a new service that uses a different kind of encryption to protect its users still be covered.

It is also not clear whether the policy includes operating systems that encrypt hard disks for security, and Twitter was abuzz with at least 20 obvious cyber security related loopholes pointed out in the policy for which Deity has invited public comment.

No comments yet: share your views