[bestbits] Update: Indian Encryption Policy

Kevin Bankston bankston at opentechinstitute.org
Tue Sep 22 11:07:39 EDT 2015 

Is there a story or other link confirming that so we can tweet about our community winning a quick victory? Didn't even need to write comments!

Sent via mobile

__________________________________
Kevin S. Bankston
Director, Open Technology Institute
Co-Director, Cybersecurity Initiative
New America
1899 L Street NW, Suite 400
Washington, DC 20036
bankston at opentechinstitute.org
Phone: 202-596-3415
Fax: 202-986-3696
@kevinbankston

> On Sep 22, 2015, at 11:03 AM, Mishi Choudhary <mishi at softwarefreedom.org> wrote:
> 
> Post a public outcry, DEITY has withdrawn this policy.
> 
>> On 09/21/2015 03:46 PM, Raman Jit Singh Chima wrote:
>> Happy to add a few brief notes on the background to this if it is helpful:
>> 
>> 
>>   - The Indian Govt has had encryption policy discussions ongoing for
>>   about a decade. Pre-existing telecom sector regulation placed a limit of 40
>>   bits on the encryption that could be deployed by ISPs or telcos on their
>>   networks, though that arguably applied only to them directly and was
>>   unclear as to how it affected third parties
>>   - A provision in the Information Technology Act (Section 69) allowed the
>>   Union Government to issue orders forcing decryption of data in addition to
>>   allowing for interception requests. When the Information Technology Act was
>>   amended in 2008, another provision was added (Section 84A) which allowed
>>   the Union Government to specify "modes or methods for encryption" by
>>   executive rule-making. The text of the provision said that this was
>>   supposed to be for "secure use of the electronic medium and for promotion
>>   of e-governance and e-commerce". The internal political context for this
>>   included strong political pressure from law enforcement and the security
>>   establishment, who raised concerns about not being able to intercept
>>   encrypted communications
>>   - No rules for the above provision was publicly brought up from 2008
>>   until now, though there have been regular internal discussions - mostly
>>   with industry and intergovernmental consultation
>> 
>> 
>> Additionally - perhaps in response to the initial negative reaction in the
>> press - the Indian Dept. of Electronics and IT released an addendum document
>> <http://deity.gov.in/sites/upload_files/dit/files/Addendum%20-%20NEP-1_0.pdf>
>> today. It essentially appears to be trying to suggest that the draft rules
>> could exempt "mass use encryption products" along with SSL/TLS products
>> used for Internet banking (though only those specified by the Reserve Bank
>> of India) or for e-Commerce passwords.
>> 
>> Sincerely,
>> Raman.
>> 
>> On 22 September 2015 at 01:12, Mishi Choudhary <mishi at softwarefreedom.org>
>> wrote:
>> 
>>> Hi Carol,
>>> 
>>> Thanks for highlighting this. Its a  draft National Encryption Policy
>>> and public comments are invited by October 16, 2015. Comments are to be
>>> emailed to Mr A,S.A. Krishnan,  akrishnan at deity.gov.in
>>> 
>>> The key highlights of the policy are :
>>> 
>>> 
>>> 1. A stipulation that businesses and citizens are to maintain plain text
>>> (unencrypted) copies of encrypted content for a period of 90 days, to be
>>> made available to Law Enforcement Agencies (LEAs) when so directed under
>>> law.
>>> 
>>> 2. Vendors of encryption products are required to register their
>>> products with the Government as a pre-condition to conducting business
>>> in India. They are also expected to re-register their products with
>>> every update. This requirement is not limited to vendors of dedicated
>>> encryption products, and seemingly includes even products that use
>>> encryption in the course of providing a larger service such as messaging
>>> or e-commerce. (Service  Providers located  within  and
>>> outside  India, using  Encryption  technology  for providing any type of
>>> services in India must enter  into an agreement with the Government
>>> for providing such  services in India).
>>> 
>>> 3. Encryption   algorithms   and key   sizes shall be prescribed
>>> by   the Government through Notifications from time to time.
>>> 
>>> 
>>>> On 09/21/2015 03:33 PM, Carolina Rossini wrote:
>>>> Hi folks, I feel this could be a good topic for a coalition response
>>> through the BB platform. Can the folks for India give some context to the
>>> folks in this list? Let us know if such an action would be helpful.
>>>> 
>>>> Carol
>>>> 
>>>> Sent from my iPhone
>>>> 
>>>>> On Sep 21, 2015, at 2:24 PM, Mishi Choudhary <mishi at softwarefreedom.org>
>>> wrote:
>>>>> 
>>>>> Worrisome development from India through this encryption policy
>>> http://deity.gov.in/sites/upload_files/dit/files/draft%20Encryption%20Policyv1.pdf
>>>>> 
>>>>> --
>>>>> Warm Regards
>>>>> Mishi Choudhary, Esq.
>>>>> Legal Director
>>>>> Software Freedom Law Center
>>>>> 1995 Broadway Floor 17
>>>>> New York, NY-10023
>>>>> (tel) 212-461-1912
>>>>> (fax) 212-580-0898
>>>>> www.softwarefreedom.org
>>>>> 
>>>>> 
>>>>> Executive Director
>>>>> SFLC.IN
>>>>> K-9, Second Floor
>>>>> Jangpura Extn.
>>>>> New Delhi-110014
>>>>> (tel) +91-11-43587126
>>>>> (fax) +91-11-24323530
>>>>> www.sflc.in
>>>>> 
>>>>> ____________________________________________________________
>>>>> You received this message as a subscriber on the list:
>>>>>    bestbits at lists.bestbits.net.
>>>>> To unsubscribe or change your settings, visit:
>>>>>    http://lists.bestbits.net/wws/info/bestbits
>>>>> 
>>>>> 
>>>>> ____________________________________________________________
>>>>> You received this message as a subscriber on the list:
>>>>>     bestbits at lists.bestbits.net.
>>>>> To unsubscribe or change your settings, visit:
>>>>>     http://lists.bestbits.net/wws/info/bestbits
>>> 
>>> --
>>> Warm Regards
>>> Mishi Choudhary, Esq.
>>> Legal Director
>>> Software Freedom Law Center
>>> 1995 Broadway Floor 17
>>> New York, NY-10023
>>> (tel) 212-461-1912
>>> (fax) 212-580-0898
>>> www.softwarefreedom.org
>>> 
>>> 
>>> Executive Director
>>> SFLC.IN
>>> K-9, Second Floor
>>> Jangpura Extn.
>>> New Delhi-110014
>>> (tel) +91-11-43587126
>>> (fax) +91-11-24323530
>>> www.sflc.in
>>> 
>>> 
>>> ____________________________________________________________
>>> You received this message as a subscriber on the list:
>>>     bestbits at lists.bestbits.net.
>>> To unsubscribe or change your settings, visit:
>>>     http://lists.bestbits.net/wws/info/bestbits
> 
> -- 
> Warm Regards
> Mishi Choudhary, Esq.
> Legal Director
> Software Freedom Law Center
> 1995 Broadway Floor 17
> New York, NY-10023
> (tel) 212-461-1912
> (fax) 212-580-0898
> www.softwarefreedom.org
> 
> 
> Executive Director
> SFLC.IN
> K-9, Second Floor
> Jangpura Extn.
> New Delhi-110014
> (tel) +91-11-43587126
> (fax) +91-11-24323530
> www.sflc.in
> 
> ____________________________________________________________
> You received this message as a subscriber on the list:
>     bestbits at lists.bestbits.net.
> To unsubscribe or change your settings, visit:
>     http://lists.bestbits.net/wws/info/bestbits
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.igcaucus.org/pipermail/bestbits/attachments/20150922/f9bb85b7/attachment.htm>

More information about the Bestbits mailing list