DRAFT ENCRYPTION POLICY
New Delhi, Sept 22: Following a public outcry, the government on Tuesday withdrew altogether the draft encryption policy that sought to control secured online communication, including through mass-use social media and web applications such as WhatsApp and Twitter.
Earlier in the day, the government had exempted social media sites and apps users, as also net banking and password-based e-commerce, from saving data for 90 days from the date of transaction.
“There was concern about the draft in certain sections. When I went through the draft policy, I found that there were two-three words which were giving rise to unnecessary misgivings,” said Communications and IT Minister Ravi Shankar Prasad.
“Hence I have directed the department to withdraw the draft policy, review it and then make it clear that on whom it is applicable and on whom it is not,” he said.
“I want to make one thing clear, the people who use the social media - they will be out of the ambit of encryption. It concerns those who encrypt their messages,” he added.
Earlier in the day, in a clarification to what it called as Draft tiol Encryption Policy, the Department of Electronics and Information Technology said the following categories of encryption products were being exempted from its purview:
* The mass use encryption products, which are currently being used in web applications, social media sites, and social media applications such as WhatsApp, FaceBook, Twitter, etc.
* SSL/TLS (Secure Sockets Layer/ Transport Layer Security) encryption products being used in Internet-banking and payment gateways as directed by the Reserve Bank of India (RBI).
* SSL/TLS encryption products being used for e-commerce and password-based transactions.
“I want to make it very clear this draft policy is not the fil view of the government. Our government is in favour of freedom of social media. But it is also a truth that cyber commerce, cyber dialogue and administrative work through cyber space has increased in the country,” Prasad said.
“In countries across the world, it has been felt that there should be an encryption policy. Hence an expert committee deliberated that there should be an encryption policy in India,” he added.
Earlier, the draft policy required every message that is sent, through e-mail, WhatsApp or SMS to be stored in plain text format for 90 days from the date of transaction and made available to the law enforcement agencies on demand.
The draft proposed to introduce a New Encryption Policy under Section 84A of the Information Technology Act, 2000, and called for public comments by Oct 16.
The stated mission of the policy is to provide confidentiality of information in cyber space for individuals, protect sensitive or proprietary information, ensure reliability and integrity of tiolly-critical information systems and networks.
“On demand, the user shall be able to reproduce the same plain text and encrypted text pairs using the software or hardware used to produce the encrypted text from the given plain text,” the earlier draft said.
However, the provision in the draft policy making it mandatory to save all messages for up to 90 days and be able to produce them if asked by authorities — was greeted with a storm of protests from users who objected to any stringent State controls on the use of email, social media accounts and apps. Social media users termed the draft “draconian” and “delusiol”.
After announcing the government’s climbdown over the issue, Prasad said that the draft policy will be further reviewed before it is again presented to the public for their suggestions. The draft policy had been posted online last week to seek suggestions from the public. (IANS & Agencies)