Buy 2-year plan with SD20 code

Journalism of Courage

No WhatsApp in national encryption policy draft, but still it is a tough one to digest

The draft National Encryption Policy was almost a what-were-you-thinking moment for most Internet users who struggled to comprehend what these rules meant for them and their virtual lives.

WhatsApp, national encryption policy, encryption policy, encryption draft, draft encryption, whatsapp encryption, encryption whatsapp, India news

The addendum to the draft National Encryption Policy might have come late at night, but it did finally allay some of the fears that had gripped Indian internet users after the recommendations of the expert group were made public on Monday.

It was almost a what-were-you-thinking moment for most Internet users who struggled to comprehend what these rules meant for them and their virtual lives. The one thing that bugged them was the fact that they would need to keep a 90-day record of all their encrypted communications, which would mean almost all OTT platforms including WhatsApp — just guess what that would mean given that most of us are on scores of groups and chats on this one platform alone. Also, none of the mobile messaging platforms lend themselves to this kind of an usage, some delete records as soon as it has been read. Thankfully, the addendum has exempted WhatsApp and other social media platforms from the policy’s ambit. But you will still need to keep records of emails — and submit them to security agencies if required — as all of these are encrypted.

WATCH VIDEO: Draft Encryption Policy Gives Govt The Key To WhatApp, Mail

The problem here, as cyberlaw expert Pawan Duggal points out, is that whoever drafted the policy was not looking at the ground realities, especially the proliferation of mobile phones which use mass encryption technologies. Also, most of our mobile phone users have no idea what encryption is or that they are also using it in some way or the other.

Subscriber Only Stories

While general users might be heaving a sigh of relief, there is a fear that the policy will usher in a new registration raj now that all encryption technologies that can be used in India will need to be certified and listed by the agencies concerned. To expect a company based outside India’s jurisdiction to comply to this is the height of optimism, especially when the encryption technology is their USP. A lot of encryption companies might just give the Indian market a miss, while a lot of Indian companies might just give encryption a miss altogether. If this policy was supposed to promote encryption as a technology in India, it defeats that purpose at the very outset.

By clarifying that “mass use encryption products” used in web applications and social media platforms as well as Internet-banking and e-commerce gateways, the government might have steered clear of the public outrage that we saw over the net neutrality debate. But the fact remains that the policy is still ambiguous and gives too much room for misuse and manipulation, while discouraging the use of encryption to secure business and individual privacy.

First published on: 22-09-2015 at 09:40 IST
  • 0
Next Story

Annie Potts to do cameo in ‘Ghostbusters’

  • Beyond the News Whatsapp
Next Story
Express PremiumHow Microsoft's AI chat-powered Bing could change the way world searches for information