After a massive public outcry, the Government on Tuesday withdrew the controversial Draft National Encryption Policy that sought to make it mandatory for everyone to store all messages, including those of WhatsApp, for 90 days. Telecom & IT Minister Ravi Shankar Prasad said a revised policy will be placed in the public domain again after reworking some of the “expressions” that gave rise to “misgivings”.
“I wish to make it very clear that it is just a draft and not the view of the Government. But I have noted some of the concerns expressed by certain enlightened segments of the public. I have personally seen that some of the expressions used in the draft are giving rise to uncalled-for misgivings,” he said.
Prasad stressed that common users would not come within the ambit of the new proposed encryption policy. The new draft to be issued will clarify this, he said.
“Therefore, I have written to Department of Electronics and Information Technology to withdraw that draft, rework it properly and thereafter, put in the public domain for comments,” he added.
The controversial draft encryption policy released on Monday evening by the department wanted businesses, telcos and Internet companies to store all encrypted data for 90 days in plain text which should be presented before law enforcement agencies whenever asked. Failing to do so could invite legal action as per the law.
Following uproar that the policy was intrusive and violative of privacy, the Government through a new “addendum” on Tuesday morning clarified that social media sites, including WhatsApp, Facebook and Twitter, payment gateways, e-commerce and password-based transactions are exempt from the policy.
Hours later, the Government decided to altogether withdraw the Draft National Encryption Policy.
At a Press conference to brief the media about the Cabinet decisions, Prasad said the draft encryption policy is not the final view of the Government and was placed in the public domain just to seek comments and suggestions from people.
Prasad said the Government under the leadership of Prime Minister Narendra Modi has promoted social media activism. “The right of articulation and freedom, we fully respect, but at the same time, we need to acknowledge that cyber space transaction is rising enormously for individuals, businesses, the Government and companies,” he said.
The Minister, however, maintained that there is a need for an encryption policy which would apply to those who are involved in encrypting a messaging product “for a variety of reasons”.
“I wish to make it very clear that there are two issues: one, creation of encryption, many companies send messages in an encrypted form; other is those who are consumers of applications like WhatsApp, social media and other platforms available in the cyber domain.
“The purpose of this encryption policy relates only and only to those who encrypt. This has to be made very clear. As far as ordinary consumers of applications are concerned, they do not fall in this domain. Because (for) those who encrypt, for a variety of reasons, there has to be a policy regulating the manner of their encryption,” he said.
Prasad said while the Government supports freedom on social media, “some sort of encryption policy is being followed all over the world, particularly in free democratic societies”. Stating that there are obvious concerns of security, he said, “We in India are lacking any sound policy on encryption. A proper expert committee recommended, within the ambit of the Information Technology Act, that we need to have a proper encryption policy.”
The controversial draft policy that was put up on the website of the department on Monday meant that the Government could access all encrypted information stored on computer servers in India, including personal e-mails, messages or even data. The draft policy wanted users to store all encrypted communication for at least 90 days and make them available to security agencies, if required, in text form.
The move was criticised on the Internet, with many expressing fears that law enforcement agencies with easy access to encrypted information could easily compromise security and privacy.
