Menu
Indian draft rules on encryption could compromise privacy, security

Indian draft rules on encryption could compromise privacy, security

The government's focus is on ensuring access to information by law enforcement agencies

India's government is trying to ensure that its law enforcement agencies have easy access to encrypted information, but it could be compromising security and privacy in the process.

A draft policy on encryption issued by the Indian government aims to keep a check on the use of the technology by specifying the algorithms and the length of the encryption keys used by different categories of people.

Consumers will also be required to store the plain texts of encrypted information for 90 days from the date of a transaction and provide the text to agencies when required under the laws of the country.

Indian businesses, and the customers they correspond with, will also be responsible for providing readable plain text along with the related encrypted information when communicating with a foreign entity.

The policy will not, however, be applicable to designated sensitive departments and agencies of the government, though it is applicable to other government departments.

The government has invited comments from the public on the policy by Oct. 16.

Although the new policy could expose user data to hackers as plain text, the government document sets as its mission to "provide confidentiality of information in cyber space for individuals, protection of sensitive or proprietary information for individuals & businesses, ensuring continuing reliability and integrity of nationally critical information systems and networks."

It is surprising that even as there is so much concern about hacking and the loss of privacy, the government wants users to store data as plain text, said Akash Mahajan, a security consultant in Bangalore. Once the plain text is with the government, there is no way to verify it with the original digital data as the practices of law enforcement in safeguarding the integrity of data are not laid out very clearly, he added.

The country's Information Technology Act provides for rules to be framed that prescribe the mode of encryption. Under the proposed rules, service providers will also have to arrive at agreements with the Indian government to provide their services, which from the general tenor of the document suggests that they will have to be willing to provide plain text information to the government when required under the law.

Consumers, businesses and non-strategic government users of these services will also be responsible for providing plain text information when required.

Internet companies, including Google and Microsoft, did not immediately comment on the proposal.

The use of encryption in information technology and communications services has been a sore point for law enforcement agencies that want easier access to information, including through back-door access. In opposition are tech companies like Apple and Google and civil rights groups, which back stronger encryption and the privacy of data and communications.

U.S. Federal Bureau of Investigation Director James Comey called in July for a “robust debate” on encryption of communications, saying that the technology could prevent him from doing his job to keep people safe. “There is simply no doubt that bad people can communicate with impunity in a world of universal strong encryption,” Comey wrote in an op-ed in the Lawfare blog.

The move by India could break the trust that exists between people and online businesses and between Indian companies and their foreign partners, Mahajan said.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Featured

Slideshows

Meet the leading female front runners of the Kiwi channel

Meet the leading female front runners of the Kiwi channel

Reseller News honoured the leading female front runners of the New Zealand channel at the 2018 Women in ICT Awards (WIICTA) in Auckland. The awards honoured standout individuals across seven categories, spanning Entrepreneur; Innovation; Rising Star; Shining Star; Community; Technical and Achievement.

Meet the leading female front runners of the Kiwi channel
Meet the leading customer-centric Microsoft channel partners

Meet the leading customer-centric Microsoft channel partners

Microsoft honoured leading partners across the channel following a year of customer innovation and market growth in New Zealand. The 2018 Microsoft Partner Awards recognised excellence within the context of the end-user, spanning a host of emerging and established providers.

Meet the leading customer-centric Microsoft channel partners
Reseller News launches new-look Awards at 2018 Judges’ Lunch

Reseller News launches new-look Awards at 2018 Judges’ Lunch

Introducing the Reseller News Innovation Awards, launched to the channel at the 2018 Judges’ Lunch in Auckland. With more than 70 judges now part of the voting panel, the new-look awards will reflect the changing dynamics of the channel, recognising excellence across customer value and innovation - spanning start-ups, partners, distributors and vendors.

Reseller News launches new-look Awards at 2018 Judges’ Lunch
Show Comments