India’s New National Encryption Policy Underway
Less than a year ago, the Indian government had bought in the National Encryption Policy’s first draft and had to face the backlash due to disagreements with the public. However, being more cautious in their approach, the government has begun reworking the new draft of the National Encryption policy, and has been consulting multiple industry bodies like Cellular Operators Association of India (COAI), Association of Unified Telecom Service Providers of India (AUSPI), Internet Service Providers Association of India (ISPAI) to ensure it is more robust and secure.
The Ministry of Electronics and IT has given the associations and bodies to send in their responses by August 1, and have also mentioned, that they would be invited for more detailed discussions during the meeting of an expert committee. However, some of the industry bodies like the COAI and the AUSPI, have asked the ministry to come up with a special discussion paper on the issue.
“We have written to them asking for more information on the proposed framework. Banks have a different encryption standard, Telecom Department has a different encryption standard. We need a consistent government approach on encryption.” Rajesh Chharia, the President of the ISPAI, felt that the new policy should be in accordance to the ever changing world of technology. He said, “As per the proposed policy framework, the capability to encrypt and decrypt data should be within government. We will seek more time for giving our suggestions. The policy framework should be made after comprehensive discussions with all stakeholders,” said Rajan S Mathews, Director-General of COAI.
The National Encryption Policy document was first introduced in September 2015 which proposed that all messages exchanged in the country, be it on WhatsApp, SMS, or chat, be available to the government security agencies in plain text format for up to 90 days. It also had a framework for legal penalties. However, the public criticism over breach in Right to Privacy forced the government to withdraw and work on redrafting the policy.
In February this year, Telecom Minister Ravi Shankar Prasad had said, “There is no intention by the government to implement an encryption policy breaching right to privacy of public,” when he was probed on the government’s stand, on the issue of misuse of private data. He had also mentioned that the government recognized encryption as a legitimate method of securing data and transactions, as provided for in the Information Technology Act 2000.