After Section 66A and net neutrality, the communications and IT ministry has stirred up another controversy. On September 19, the ministry’s department of electronics and IT (DietY) posted a draft of the national encryption policy which required mobile phone and social media users to maintain records of all messages for 90 days and submit them to law enforcement agencies when required. If the government had its way, this could have resulted in a blatant violation of users’ privacy. The the draft was withdrawn soon.

Irked social media users minced no words in criticising the government. In a failed attempt to quell public anger, DeitY posted a clarification, which exempted social media, internet banking and e-commerce from the purview of the policy. The addendum didn’t exempt email, however!

Getting in the damage control mode, communications and IT minister Ravi Shankar Prasad held a press conference on September 22 to announce that the government would withdraw the existing draft, rework and formulate a new draft. “I personally feel that some of the expressions used in the draft are giving rise to uncalled-for misgivings. Therefore, I have written to DeitY to withdraw that draft, rework it properly and thereafter put in the public domain,” said Prasad.

“Yesterday, it was brought to our notice that draft has been put in the public domain seeking comments. I wish to make it very clear that it is just a draft and not the view of the government. I have noted concerns expressed… by the public,” he added.

The vision of the policy, the draft says, is “to enable information security environment and secure transactions in cyber space for individuals, businesses, government”. The draft policy, prepared by an ‘expert group’ appointed by DeitY, was derived from the Information Technology Act, 2000 which provides for prescribing modes or methods for encryption (Section 84A) and for decryption (Section 69).

Cyber law expert Pavan Duggal termed the draft as a misguided adventure. He said that Section 84A was added after the 2008 amendment in the IT Act. Section 84A reads: “For secure use of the electronic medium and for promotion of e-governance and e-commerce, the central government may prescribe the mode or methods for encryption.” The draft, however, is tangentially on a different plane, Duggal said.
Ideally, he said, the encryption policy should be aligned with the cyber security strategy and policy of the country. The larger picture, Duggal said, of strengthening cyber security, is completely missing, even as there is an increase in incidents of snooping by the neighbouring countries.

The government’s aim was to control the level of encryption in the country. However, it deviated and went in a wrong direction, he said. Rather than asking service providers to maintain records, it put the onus on users, Duggal said.

The draft also required service providers using encryption to enter an agreement with the government, though experts are divided on this issue. According to the draft, “Service providers located within and outside India, using encryption technology for providing any type of services in India, must enter into an agreement with the government for providing such services in India. [The] government will designate an appropriate agency for entering into such an agreement with the service provider located within and outside India.”

Duggal said that it is the government’s assumption that the companies are queuing up to get registered. He said that while these companies should comply by laws of the land, the government shouldn’t expect them to leave their encryption levels and follow government’s. If companies find norms annoying they will give India a miss, said Duggal.

Meanwhile, the opposition parties slammed the government for the draft policy. The Aam Aadmi Party held a press conference, criticising the NDA government. “This draconian encryption policy violates article 21 of our constitution and presupposes 125 crore Indians as criminals,” party spokesperson Raghav Chadha said. “#EncryptionPolicy will create control on Mass Communication applications. Creating an indirect control over private communication of citizens,” a tweet from the party said.

Tarun Gogoi, Assam CM, in a message on Twitter, said, “There can't be a more evident example of the centre's attempt to control citizens' freedom. #WhatsApp #EncryptionPolicy”.