The government Tuesday withdrew a contentious draft encryption policy and said it would place it in public domain again after reworking some of the “expressions” that had given rise to “misgivings”.
Telecom Minister Ravi Shankar Prasad told reporters that the draft National Encryption Policy, released Monday evening, was not the final view of the government and was placed in public domain just to seek comments and suggestions from people.
“I wish to make it very clear that it is just a draft and not the view of the government. But I have noted some of the concerns expressed by certain enlightened segments of the public. I have personally seen that some of the expressions used in the draft are giving rise to uncalled for misgivings. Therefore, I have written to DeITY to withdraw that draft, rework it properly and thereafter, put in public domain for their comments,” Prasad said at a press conference.
- Guidelines for chief information security officers
- Ravi Shankar Prasad, IT officials brainstorm over commercial misuse of data
- Aadhaar to be address, age proof for driving licence: Govt
- Cryptic policy
- Government Withdraws Draft National Encryption Policy
- Draft National Encryption Policy withdrawn: Narendra Modi government’s flip flop style
The provisions of the draft policy, put up on the website of the Department of Electronics and Information Technology (DeITY) Monday, would have given the government access to all encrypted information stored on computer servers in India, including personal emails, messages or even data. The policy also wanted users to store all encrypted communication for at least 90 days and make it available to security agencies, if required, in text form.
Prasad stressed that users would not come under the ambit of the encryption policy which the government is in the process of framing.
“I wish to make it very clear that there are two issues. One, (is) the creation of encryption. Many companies send their messages in encrypted form. Other is (related to) those who are consumers of applications like WhatsApp, social media and other platforms available in the cyber domain. The purport of this encryption policy relates only, and only, to those who encrypt. This has to be made very clear. As far as the ordinary consumers of applications are concerned, they do not fall in this domain.
Because (for) those who encrypt, for a variety of reasons, there has to be a policy regulating the manner of their encryption,” Prasad said.
The minister said his government fully supported freedom on social media and has, in fact, even promoted social media activism. But the regulation of encryption technologies was the need of the hour, he added.
“Some sort of encryption policy is being followed all over the world, particularly in free democratic societies. The cyber space interaction, commercial, official and private, is on the rise. Many of these come in an encrypted form. Obviously, the concerns of security are certainly there. We in India were lacking in having any sound policy on encryption. A proper expert committee sat. And they recommended, within the ambit of the Information Technology Act, that we need to have a proper encryption policy,” he said.
“But when I noted the concerns of the public and some expressions that were avoidable, I thought it was better to rework it, and give a clear roadmap to (state) which category of services, creators (of encryption) it applies (to) and for which (categories) it doesn’t apply,” Prasad said.