[bestbits] Update: Indian Encryption Policy

Mishi Choudhary mishi at softwarefreedom.org
Tue Sep 22 11:03:21 EDT 2015


Post a public outcry, DEITY has withdrawn this policy.

On 09/21/2015 03:46 PM, Raman Jit Singh Chima wrote:
> Happy to add a few brief notes on the background to this if it is helpful:
> 
> 
>    - The Indian Govt has had encryption policy discussions ongoing for
>    about a decade. Pre-existing telecom sector regulation placed a limit of 40
>    bits on the encryption that could be deployed by ISPs or telcos on their
>    networks, though that arguably applied only to them directly and was
>    unclear as to how it affected third parties
>    - A provision in the Information Technology Act (Section 69) allowed the
>    Union Government to issue orders forcing decryption of data in addition to
>    allowing for interception requests. When the Information Technology Act was
>    amended in 2008, another provision was added (Section 84A) which allowed
>    the Union Government to specify "modes or methods for encryption" by
>    executive rule-making. The text of the provision said that this was
>    supposed to be for "secure use of the electronic medium and for promotion
>    of e-governance and e-commerce". The internal political context for this
>    included strong political pressure from law enforcement and the security
>    establishment, who raised concerns about not being able to intercept
>    encrypted communications
>    - No rules for the above provision was publicly brought up from 2008
>    until now, though there have been regular internal discussions - mostly
>    with industry and intergovernmental consultation
> 
> 
> Additionally - perhaps in response to the initial negative reaction in the
> press - the Indian Dept. of Electronics and IT released an addendum document
> <http://deity.gov.in/sites/upload_files/dit/files/Addendum%20-%20NEP-1_0.pdf>
> today. It essentially appears to be trying to suggest that the draft rules
> could exempt "mass use encryption products" along with SSL/TLS products
> used for Internet banking (though only those specified by the Reserve Bank
> of India) or for e-Commerce passwords.
> 
> Sincerely,
> Raman.
> 
> On 22 September 2015 at 01:12, Mishi Choudhary <mishi at softwarefreedom.org>
> wrote:
> 
>> Hi Carol,
>>
>> Thanks for highlighting this. Its a  draft National Encryption Policy
>> and public comments are invited by October 16, 2015. Comments are to be
>> emailed to Mr A,S.A. Krishnan,  akrishnan at deity.gov.in
>>
>> The key highlights of the policy are :
>>
>>
>> 1. A stipulation that businesses and citizens are to maintain plain text
>> (unencrypted) copies of encrypted content for a period of 90 days, to be
>> made available to Law Enforcement Agencies (LEAs) when so directed under
>> law.
>>
>> 2. Vendors of encryption products are required to register their
>> products with the Government as a pre-condition to conducting business
>> in India. They are also expected to re-register their products with
>> every update. This requirement is not limited to vendors of dedicated
>> encryption products, and seemingly includes even products that use
>> encryption in the course of providing a larger service such as messaging
>> or e-commerce. (Service  Providers located  within  and
>> outside  India, using  Encryption  technology  for providing any type of
>>  services in India must enter  into an agreement with the Government
>> for providing such  services in India).
>>
>> 3. Encryption   algorithms   and key   sizes shall be prescribed
>> by   the Government through Notifications from time to time.
>>
>>
>> On 09/21/2015 03:33 PM, Carolina Rossini wrote:
>>> Hi folks, I feel this could be a good topic for a coalition response
>> through the BB platform. Can the folks for India give some context to the
>> folks in this list? Let us know if such an action would be helpful.
>>>
>>> Carol
>>>
>>> Sent from my iPhone
>>>
>>>> On Sep 21, 2015, at 2:24 PM, Mishi Choudhary <mishi at softwarefreedom.org>
>> wrote:
>>>>
>>>> Worrisome development from India through this encryption policy
>>>>
>>>>
>>>>
>> http://deity.gov.in/sites/upload_files/dit/files/draft%20Encryption%20Policyv1.pdf
>>>>
>>>> --
>>>> Warm Regards
>>>> Mishi Choudhary, Esq.
>>>> Legal Director
>>>> Software Freedom Law Center
>>>> 1995 Broadway Floor 17
>>>> New York, NY-10023
>>>> (tel) 212-461-1912
>>>> (fax) 212-580-0898
>>>> www.softwarefreedom.org
>>>>
>>>>
>>>> Executive Director
>>>> SFLC.IN
>>>> K-9, Second Floor
>>>> Jangpura Extn.
>>>> New Delhi-110014
>>>> (tel) +91-11-43587126
>>>> (fax) +91-11-24323530
>>>> www.sflc.in
>>>>
>>>> ____________________________________________________________
>>>> You received this message as a subscriber on the list:
>>>>     bestbits at lists.bestbits.net.
>>>> To unsubscribe or change your settings, visit:
>>>>     http://lists.bestbits.net/wws/info/bestbits
>>>>
>>>>
>>>> ____________________________________________________________
>>>> You received this message as a subscriber on the list:
>>>>      bestbits at lists.bestbits.net.
>>>> To unsubscribe or change your settings, visit:
>>>>      http://lists.bestbits.net/wws/info/bestbits
>>
>> --
>> Warm Regards
>> Mishi Choudhary, Esq.
>> Legal Director
>> Software Freedom Law Center
>> 1995 Broadway Floor 17
>> New York, NY-10023
>> (tel) 212-461-1912
>> (fax) 212-580-0898
>> www.softwarefreedom.org
>>
>>
>> Executive Director
>> SFLC.IN
>> K-9, Second Floor
>> Jangpura Extn.
>> New Delhi-110014
>> (tel) +91-11-43587126
>> (fax) +91-11-24323530
>> www.sflc.in
>>
>>
>> ____________________________________________________________
>> You received this message as a subscriber on the list:
>>      bestbits at lists.bestbits.net.
>> To unsubscribe or change your settings, visit:
>>      http://lists.bestbits.net/wws/info/bestbits
>>
> 
> 
> 

-- 
Warm Regards
Mishi Choudhary, Esq.
Legal Director
Software Freedom Law Center
1995 Broadway Floor 17
New York, NY-10023
(tel) 212-461-1912
(fax) 212-580-0898
www.softwarefreedom.org


Executive Director
SFLC.IN
K-9, Second Floor
Jangpura Extn.
New Delhi-110014
(tel) +91-11-43587126
(fax) +91-11-24323530
www.sflc.in



More information about the Bestbits mailing list