[bestbits] Update: Indian Encryption Policy
shahzad ahmad
shahzad at bytesforall.pk
Tue Sep 22 11:06:54 EDT 2015
Beautiful news Mishi!
Excellent development. This news must be publicised as far and wide
possible so if there are other authorities thinking on the same lines
should refrain from it.
Best wishes
Shahzad
On 22 Sep 2015 20:03, "Mishi Choudhary" <mishi at softwarefreedom.org> wrote:
> Post a public outcry, DEITY has withdrawn this policy.
>
> On 09/21/2015 03:46 PM, Raman Jit Singh Chima wrote:
> > Happy to add a few brief notes on the background to this if it is
> helpful:
> >
> >
> > - The Indian Govt has had encryption policy discussions ongoing for
> > about a decade. Pre-existing telecom sector regulation placed a limit
> of 40
> > bits on the encryption that could be deployed by ISPs or telcos on
> their
> > networks, though that arguably applied only to them directly and was
> > unclear as to how it affected third parties
> > - A provision in the Information Technology Act (Section 69) allowed
> the
> > Union Government to issue orders forcing decryption of data in
> addition to
> > allowing for interception requests. When the Information Technology
> Act was
> > amended in 2008, another provision was added (Section 84A) which
> allowed
> > the Union Government to specify "modes or methods for encryption" by
> > executive rule-making. The text of the provision said that this was
> > supposed to be for "secure use of the electronic medium and for
> promotion
> > of e-governance and e-commerce". The internal political context for
> this
> > included strong political pressure from law enforcement and the
> security
> > establishment, who raised concerns about not being able to intercept
> > encrypted communications
> > - No rules for the above provision was publicly brought up from 2008
> > until now, though there have been regular internal discussions -
> mostly
> > with industry and intergovernmental consultation
> >
> >
> > Additionally - perhaps in response to the initial negative reaction in
> the
> > press - the Indian Dept. of Electronics and IT released an addendum
> document
> > <
> http://deity.gov.in/sites/upload_files/dit/files/Addendum%20-%20NEP-1_0.pdf
> >
> > today. It essentially appears to be trying to suggest that the draft
> rules
> > could exempt "mass use encryption products" along with SSL/TLS products
> > used for Internet banking (though only those specified by the Reserve
> Bank
> > of India) or for e-Commerce passwords.
> >
> > Sincerely,
> > Raman.
> >
> > On 22 September 2015 at 01:12, Mishi Choudhary <
> mishi at softwarefreedom.org>
> > wrote:
> >
> >> Hi Carol,
> >>
> >> Thanks for highlighting this. Its a draft National Encryption Policy
> >> and public comments are invited by October 16, 2015. Comments are to be
> >> emailed to Mr A,S.A. Krishnan, akrishnan at deity.gov.in
> >>
> >> The key highlights of the policy are :
> >>
> >>
> >> 1. A stipulation that businesses and citizens are to maintain plain text
> >> (unencrypted) copies of encrypted content for a period of 90 days, to be
> >> made available to Law Enforcement Agencies (LEAs) when so directed under
> >> law.
> >>
> >> 2. Vendors of encryption products are required to register their
> >> products with the Government as a pre-condition to conducting business
> >> in India. They are also expected to re-register their products with
> >> every update. This requirement is not limited to vendors of dedicated
> >> encryption products, and seemingly includes even products that use
> >> encryption in the course of providing a larger service such as messaging
> >> or e-commerce. (Service Providers located within and
> >> outside India, using Encryption technology for providing any type of
> >> services in India must enter into an agreement with the Government
> >> for providing such services in India).
> >>
> >> 3. Encryption algorithms and key sizes shall be prescribed
> >> by the Government through Notifications from time to time.
> >>
> >>
> >> On 09/21/2015 03:33 PM, Carolina Rossini wrote:
> >>> Hi folks, I feel this could be a good topic for a coalition response
> >> through the BB platform. Can the folks for India give some context to
> the
> >> folks in this list? Let us know if such an action would be helpful.
> >>>
> >>> Carol
> >>>
> >>> Sent from my iPhone
> >>>
> >>>> On Sep 21, 2015, at 2:24 PM, Mishi Choudhary <
> mishi at softwarefreedom.org>
> >> wrote:
> >>>>
> >>>> Worrisome development from India through this encryption policy
> >>>>
> >>>>
> >>>>
> >>
> http://deity.gov.in/sites/upload_files/dit/files/draft%20Encryption%20Policyv1.pdf
> >>>>
> >>>> --
> >>>> Warm Regards
> >>>> Mishi Choudhary, Esq.
> >>>> Legal Director
> >>>> Software Freedom Law Center
> >>>> 1995 Broadway Floor 17
> >>>> New York, NY-10023
> >>>> (tel) 212-461-1912
> >>>> (fax) 212-580-0898
> >>>> www.softwarefreedom.org
> >>>>
> >>>>
> >>>> Executive Director
> >>>> SFLC.IN
> >>>> K-9, Second Floor
> >>>> Jangpura Extn.
> >>>> New Delhi-110014
> >>>> (tel) +91-11-43587126
> >>>> (fax) +91-11-24323530
> >>>> www.sflc.in
> >>>>
> >>>> ____________________________________________________________
> >>>> You received this message as a subscriber on the list:
> >>>> bestbits at lists.bestbits.net.
> >>>> To unsubscribe or change your settings, visit:
> >>>> http://lists.bestbits.net/wws/info/bestbits
> >>>>
> >>>>
> >>>> ____________________________________________________________
> >>>> You received this message as a subscriber on the list:
> >>>> bestbits at lists.bestbits.net.
> >>>> To unsubscribe or change your settings, visit:
> >>>> http://lists.bestbits.net/wws/info/bestbits
> >>
> >> --
> >> Warm Regards
> >> Mishi Choudhary, Esq.
> >> Legal Director
> >> Software Freedom Law Center
> >> 1995 Broadway Floor 17
> >> New York, NY-10023
> >> (tel) 212-461-1912
> >> (fax) 212-580-0898
> >> www.softwarefreedom.org
> >>
> >>
> >> Executive Director
> >> SFLC.IN
> >> K-9, Second Floor
> >> Jangpura Extn.
> >> New Delhi-110014
> >> (tel) +91-11-43587126
> >> (fax) +91-11-24323530
> >> www.sflc.in
> >>
> >>
> >> ____________________________________________________________
> >> You received this message as a subscriber on the list:
> >> bestbits at lists.bestbits.net.
> >> To unsubscribe or change your settings, visit:
> >> http://lists.bestbits.net/wws/info/bestbits
> >>
> >
> >
> >
>
> --
> Warm Regards
> Mishi Choudhary, Esq.
> Legal Director
> Software Freedom Law Center
> 1995 Broadway Floor 17
> New York, NY-10023
> (tel) 212-461-1912
> (fax) 212-580-0898
> www.softwarefreedom.org
>
>
> Executive Director
> SFLC.IN
> K-9, Second Floor
> Jangpura Extn.
> New Delhi-110014
> (tel) +91-11-43587126
> (fax) +91-11-24323530
> www.sflc.in
>
>
> ____________________________________________________________
> You received this message as a subscriber on the list:
> bestbits at lists.bestbits.net.
> To unsubscribe or change your settings, visit:
> http://lists.bestbits.net/wws/info/bestbits
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.igcaucus.org/pipermail/bestbits/attachments/20150922/1883e693/attachment.htm>
More information about the Bestbits
mailing list