India Steps Back On Controversial Encryption Policy

Following strong public outcry, India has changed tack on its encryption policy that would have forced Internet users to keep encrypted data, read Gmail and WhatsApp, for 90 days.

India Steps Back On Controversial Encryption Policy

An effort to improve cybersecurity

Following public outcry to a draconian policy that would have forced Indians to keep all encrypted data on mobile devices for at least 90 days, the government has backtracked on this clause in the National Encryption Policy. The policy draft which was put together by the Department of Electronics and Information Technology will likely go through additional changes before it is potentially voted into law as its open to public debate until October 16, 2015.

“All information shall be stored by the concerned [organisations/citizens] entity for 90 days from the date of transaction and made available to Law Enforcement Agencies as and when demanded in line with the provisions of the laws of the country,” the draft read.

This would have meant that Gmail users as well as users of other email providers that encrypt data would not have been able to delete THEIR emails or messages sent by Viber, WhatsApp and others.

Today, it was announced that an amendment had been added to exclude “mass encryption products” like Gmail and the aforementioned messaging applications.

Further controversy

In addition to keeping users from deleting their encrypted messages, the original draft called on companies that offer encryption to their customers to share specific information with the government.

“All vendors of encryption products shall register their products with the designated agency of the Government,” it read. “While seeking registration, the vendors shall submit working copies of the encryption software / hardware to the Government along with 4 professional quality documentation, test suites and execution platform environments.”

While this wasn’t amended today, there remains nearly a month for this to potentially be modified.

Twitter and Facebook encryption also affected

Messages between users on both Twitter and Facebook would also have come under the provision that would have forbade deletion. This is somewhat ironic as India’s Prime Minister Narendra Modi has been a prominent user of both. To add additional irony, the Prime Minister is heading to Silicon Valley this week to solicit investment in India and will even be taking part in a townhall meeting with Facebook co-founder Mark Zuckerberg.