Swiftly responding to an online backlash over a proposed law, called the National Encryption Policy, the government has now freed several popular communication apps from scrutiny. Though still hazy, it does appear that users of Whatsapp and Facebook can continue to hit the 'Delete' button on messages. Like they've always done.
The government's IT ministry had stoked a storm by mulling a law that--almost impossibly--encumbers every citizen to be accountable for all encrypted information that passes through their email, apps, websites and business servers.
Thus companies, especially those who host mail services, have to keep passwords to your email and similar services in a plain text form that can be easily accessed by law-enforcement agencies.
In a terse three-paragraph clarification, the Department of Electronics and Information Technology has said that some of the "encryption products" were "exempt." These include:
1. The mass use encryption products, which are currently being used in web
applications, social media sites, and social media applications such as
2. SSL/TLS encryption products being used in Internet-banking and payment
gateways as directed by the Reserve Bank of India
3. SSL/TLS encryption products being used for e-commerce and password
While this covers the vast majority of internet transactions that India's 300-million strong netizenry engage in, it would still force businesses and enterprise applications to conform to prescribed encryption methods and is still silent on whether this can make online communication vulnerable to malicious cyber attacks.
To be sure, the policy is still a draft and open to public comments until October 16th.
On Monday, a variety of observers say that the current version of the draft policy paradoxically reduces the security and, makes more vulnerable, data bouncing off servers. Also, the demands the proposed law makes on storage capacity will also be enormous, say other experts, so as to make the practical implementation of the law almost next to impossible. However it isn't clear to what extent non-expert users of messaging apps and email will be inconvenienced--or even hounded--by law-enforcement officers, merely in the light of the proposed law.
This isn't the first time that the government has sought more control over keys that govern access to electronic communication. In 2010 the country had threatened to impose a ban on Blackberry devices, saying its secret services needed to be able to access suspects' messages and have the keys to decrypt them in order to prevent terrorist attacks.
The government's change of gear, come perhaps on the furore earlier over the net neutrality-issue earlier this year.
According to The Indian Express, Airtel proposed a zero rating plan where app developers paid to make data consumption free for users. But a public backlash saw apps like Flipkart which were part of the Zero rating scheme as well as Facebook’s Internet.org, the so-called free gateway to the Internet, pulling out.
The Department of Telecommunications’ net neutrality report released in July said “the core principles of Net Neutrality must be adhered to” and that user rights on the Internet need to be protected. The government has so far received over 60,000 responses on the policy framework.