Almost every day or every second day, When I come across various announcements in Newspaper, TV News Channels, and Press releases that...
...Indian Government and related Policy-making organizations are going to set up their so-called "CyberSecurity Task Forces" or drafted a "National Cyber Security Policies," with an aim to boost cyber security in India…
The first thing that comes to my mind is:
Why Doesn't my Government Understand How Encryption and Online Cyber Security Works?
Yes, My Government really have no idea, How Encryption relates to users' Privacy. And… Narendra Modi's Government has done it again!
With the release of the draft National Encryption Policy, the government wants access to all your messages whether sent over online email services like Gmail or messaging services like WhatsApp, Viber, or Messenger.
The National Encryption Policy (before addendum) required:
- Access to your Private Data
- To store your digital messages or Emails for 90 Days in Plaintext
- Share your Encryption Keys with Government
- Foreign Services Providers to Comply with Indian Government
Yes, besides Indian Service Providers, the draft policy forces Service Providers outside of India to sign an agreement under which the Indian government will prescribe the Encryption algorithms and key sizes.
So, DeitY expects thousands of Foreign Service Providers that encrypt its users' data to put the government backdoors into their secure software — similar to what the NSA did for spying on US citizens.
DeitY believes that this would enhance cyber security in India. Oh! Really? Looks like the experts have got it all wrong.
Policy Triggered National Outrage (Addend Policy)
However, after massive public outcry, the government has withdrawn the draft proposal and issued an addendum to the National Encryption Policy which says:
- You will need to keep records of emails from Gmail and other email services, and have to submit them to Security agencies if required.
- All Service Providers located within and outside India using Encryption technology for offering any services in India will need to register their services with the Government.
- The Mass Use Encryption products, such as social media websites (Twitter and Facebook) and social media applications (WhatsApp, Viber, and Line), would not be regulated by the new National Encryption Policy.
- SSL/TLS encryption products being used by Banking, e-commerce websites and Payment gateways will also be exempted.
The proposed National Encryption Policy would apply to everyone including government departments, academic institutions as well as citizens, and for all kind of communications…
...suggesting legal action that also includes Imprisonment, if violated.
Earlier and even the latest version of the 'National Encryption Policy' has raised several privacy concerns.
It seems like the Indian government has once again proven itself to be zero in knowledge about the issues related to Privacy and Online Security.
At The Hacker News, our agenda is to educate the world for Cyber Security. However, in the country from…
…where The Hacker News operates, where our own government is releasing such policies in the name of cybersecurity, we feel like a Failure, for which We Really Apologize!
Any updates on the topic will be added to the article to keep you informed.