The Government recently released a draft of National Encryption Policy which has got a lot of coverage in the press over the last few days. Very few people actually agree with the purpose of this policy since it threatens to leave hordes of personal user data vulnerable to spying by hackers and other malicious parties. Amidst all the hue and cry, there are some people who are still unclear about what this policy actually signifies, so in this post we will attempt to clarify the meaning of this policy.
What is the DeitY policy all about?
Released by the Department of Electronics and Information Technology (DeitY), this policy regards the use of encryption for the data stored by various web services. As per the policy:
All citizens (C), including personnel of Government / Business (G/B) performing non-official / personal functions, are required to store the plaintexts of the corresponding encrypted information for 90 days from the date of transaction and provide the verifiable Plain Text to Law and Enforcement Agencies as and when required as per the provision of the laws of the country.
The policy also states that only the Government of India shall define the algorithms and key sizes for encryption in India. You can view the full original copy of this policy here.
What does this policy mean exactly?
In effect, what this means is that everyone who communicates online needs to store the plaintext version of encrypted communications for a period of 90 days. This policy is applicable to individuals and businesses equally.
What has been the reaction to this policy online?
Understandably, the reaction to the release of this policy has not been positive. Firstly, the general consensus is that the terms of the policy are vague and confusing. It is still not entirely clear who the policy applies to and what apps/services come under its purview.
Secondly, this also means that businesses and services that store user information and messages in an encrypted format will have to mandatorily store the data in plain text for 90 days. This leaves the communication open to hacks and attacks for this time period and completely kills the purpose of encryption in the first place.
Lastly, many feel that this policy runs AGAINST the very idea behind encryption, of data and devices. It specifies that the Government will effectively decide which encryption algorithms can be used, what keys are used to secure data, and what key lengths should go with them. A simple way to understand this policy is that users would be expected to store their communications, WhatsApp chats for instance, for 90 days in case a law enforcement agency wishes to view them. In effect, deleting your WhatsApp chats could become an illegal offence.
Can users send in their comments to DeitY?
Moreover, user comments are also invited so that people can share their opinions on the same. The last date for sending these comments is 16th October. These comments need to be sent to email@example.com.
UPDATE – The following categories of encryption products are being exempted from the purview of this national encryption policy, as per the latest addendum:
UPDATE AS ON 23 SEPTEMBER – The Government has withdrawn this policy due to the uproar and backlash that it has received in the media and over social channels. It remains to be seen what their next step is with regards to the national encryption policy.
We would like to know what our users think about this draft policy. Share your comments with us below and stay tuned for more information on this topic.
Stupid move by the government. Even if they want to store “Data” they should instruct the companies that provide these app services etc. Why should an individual bother about “not deleting” data for a period of 90 days.
it may be right for the our country
what is govt. trying to prove? Are they indirectly stealing privacy and for what reason? Are they gonna store all crores of GB’s data in their memory bank and keep them safe for starting 90 days? Under which section of indian law is it constituted?
It is infringement on personal privacy. It is not right. What if the chat message and pictures are so much on Whatsapp and social media site that it slows the phone or system forcing one to delete in order to increase the memory space & cannot delete where it has to be stored for 90 days. Sometimes one wants to delete stupid and obscene videos and pixs sent from friends etc.
It is a stupid move our govt.for this action our privacy is lost or published.if govt want a strict action so pls ban all social sites and apps like whatsapp facebook viber etc.
Lol…As per this policy it seems our Democracy is at stake…Slowly we are moving towards Dictatorship..
I’m not agree with this policy
IF I AM PURE, WHY SHOULD I FEAR? ABOUT STEALING AND OTHER THINGS. EVEN THOU CHAT MASSAGES GET STOLES WHY SHOULD I BOTHER IF I HAD NOT DONE ANYTHING WRONG. BUT IT WILL CONTROL CRIME. YOUNG GENERATION USING WHATSAPP NOT TO EXCHANGE IMPORTANT THING. BUT ABOUT SEX INFORMATION AND OTHER THINGS. WE ARE LOSING OUR YOUNG GENERATION DAY BY DAY. TO SOME EXTENT IT WILL CONTROL RAPES AND OTHER THINGS. HENCE, I AGREED.
The target of this policy should be anti-Democracy actors like Terrorists & not the common citizen of this country. We may need to delete some non-useful content from smartphones for saving memory space & enhancing speed. It is welcome that DeitY is asking for common peoples views on this policy; but those should be considered in letter & spirit.
If there is no space in the device and there are a lot of messages then where should they be stored. Its a major problem. ……………
This government is basically scornful of any idea of people’s fundamental rights and freedoms. They will hesitate to intrude in our bedrooms one day.
Shame with the proposed law.
I appreciate the effort of Quick Heal to post blogs on everyday topics.
I am using Quick Heal Total Security 16.00 on win 8.1. Recently, my firefox home page has changed to “https://search.protectedio.com” and even changing the home page in options does not help. I did a full system scan but still the problem persists. Sir, please look into the matter.
Please refer to this post on instructions on how to reset your Mozilla Firefox browser – https://blogs.quickheal.com/reset-browser-chrome-firefox-internet-explorer/. If this also does not work then please contact our technical support team for assistance by visiting this link – https://bit.ly/Askus.
This is the worst thing Government could do after meat and porn ban. Are they trying to steal our privacy and our personal data? Not able to understand what Government wants. Feeling so irritated.
In this country nothing is possible for indian central or state government other than corruption at every stage but they never agree for same. For same only evryone is trying to preferably be a government servant. I hv already mailed my genuine request to entire governmental body stop this first. Secondly every rule or law helps a government servant to earn through bribe. Note that our rules or laws are not meant for discipline.
I can only say that the government and their staff of our nation, always in motion, when and wherever there is a corruption
note(currency) ka gulam sahab ko salam aur duty ko ram ram.
What the government is trying to do by this? Certainly National Security cant be helped by this movement. Storing whatsapp data is not a feasible option. The amount of space it would occupy, hardly any space would be left for important stuffs that needs to be stored. Govt is now trying to become hypocrites.
As per latest news update govt withdrawn the same
This proposal to store the data/msg/images on social sites like whatsup, facebook etc is not a good one. Though the notification has been withdrawn immediately, the time is not far away for the Govt to itroduce the scheme again like beef ban in Maharashtra, media blackout, banning of pron sites to name a few. If things go that way, we will be heading to dictatorship instead of democracy.
I am also a whatsApp user since a year. I would really appreciate the steps taken by the Government to combat the crimes happening in cyperspace espcially via WhatsApp which has became a part and parcel of everyone’s life who is with Android and other smart phones.
Many a times I also felt that the facility of WhatsApp could be useful many ways for a good cause but the formation of groups on religious base and counter comments on other religions is piling up. I also personally opine that these may create a havoc in peoples minds with different faiths, costs and creeds eventually spoils nations integrity.
The policy formulation and released by the Department of Electronics and Information Technology (DeitY), this policy regards the use of encryption for the data stored by various web services.
My comment is why Deity is unable to track the chats of an individual or businesses with service provider that is WhatsApp because the phones cannot withstand the memory of 90 days chats, which accumulate become burden to the individual or phone.
It is also suggested that the incubation time can be either curtailed or the chat track could be sought from the service provider. Also the Government must move smoothly with their citizens not like the dictatorship. As someone said the Govt. must stop snatching the common man’s rights of freedom, speech and expression and not through making the stringent rules in return to earn from common man through bribe. This is assured where again the corruption will catapult to higher levels.
Government wants to read our personal chat …what they want to prove…??? Im not agree with this policy…