[bestbits] Update: Indian Encryption Policy

Kevin Bankston bankston at opentechinstitute.org
Tue Sep 22 11:09:53 EDT 2015 

Found this report via a different list:

http://m.timesofindia.com/tech/tech-news/Government-withdraws-draft-of-encryption-policy/articleshow/49057232.cms

Sent via mobile

__________________________________
Kevin S. Bankston
Director, Open Technology Institute
Co-Director, Cybersecurity Initiative
New America
1899 L Street NW, Suite 400
Washington, DC 20036
bankston at opentechinstitute.org
Phone: 202-596-3415
Fax: 202-986-3696
@kevinbankston

> On Sep 22, 2015, at 11:07 AM, Kevin Bankston <bankston at opentechinstitute.org> wrote:
> 
> Is there a story or other link confirming that so we can tweet about our community winning a quick victory? Didn't even need to write comments!
> 
> Sent via mobile
> 
> __________________________________
> Kevin S. Bankston
> Director, Open Technology Institute
> Co-Director, Cybersecurity Initiative
> New America
> 1899 L Street NW, Suite 400
> Washington, DC 20036
> bankston at opentechinstitute.org
> Phone: 202-596-3415
> Fax: 202-986-3696
> @kevinbankston
> 
>> On Sep 22, 2015, at 11:03 AM, Mishi Choudhary <mishi at softwarefreedom.org> wrote:
>> 
>> Post a public outcry, DEITY has withdrawn this policy.
>> 
>>> On 09/21/2015 03:46 PM, Raman Jit Singh Chima wrote:
>>> Happy to add a few brief notes on the background to this if it is helpful:
>>> 
>>> 
>>>   - The Indian Govt has had encryption policy discussions ongoing for
>>>   about a decade. Pre-existing telecom sector regulation placed a limit of 40
>>>   bits on the encryption that could be deployed by ISPs or telcos on their
>>>   networks, though that arguably applied only to them directly and was
>>>   unclear as to how it affected third parties
>>>   - A provision in the Information Technology Act (Section 69) allowed the
>>>   Union Government to issue orders forcing decryption of data in addition to
>>>   allowing for interception requests. When the Information Technology Act was
>>>   amended in 2008, another provision was added (Section 84A) which allowed
>>>   the Union Government to specify "modes or methods for encryption" by
>>>   executive rule-making. The text of the provision said that this was
>>>   supposed to be for "secure use of the electronic medium and for promotion
>>>   of e-governance and e-commerce". The internal political context for this
>>>   included strong political pressure from law enforcement and the security
>>>   establishment, who raised concerns about not being able to intercept
>>>   encrypted communications
>>>   - No rules for the above provision was publicly brought up from 2008
>>>   until now, though there have been regular internal discussions - mostly
>>>   with industry and intergovernmental consultation
>>> 
>>> 
>>> Additionally - perhaps in response to the initial negative reaction in the
>>> press - the Indian Dept. of Electronics and IT released an addendum document
>>> <http://deity.gov.in/sites/upload_files/dit/files/Addendum%20-%20NEP-1_0.pdf>
>>> today. It essentially appears to be trying to suggest that the draft rules
>>> could exempt "mass use encryption products" along with SSL/TLS products
>>> used for Internet banking (though only those specified by the Reserve Bank
>>> of India) or for e-Commerce passwords.
>>> 
>>> Sincerely,
>>> Raman.
>>> 
>>> On 22 September 2015 at 01:12, Mishi Choudhary <mishi at softwarefreedom.org>
>>> wrote:
>>> 
>>>> Hi Carol,
>>>> 
>>>> Thanks for highlighting this. Its a  draft National Encryption Policy
>>>> and public comments are invited by October 16, 2015. Comments are to be
>>>> emailed to Mr A,S.A. Krishnan,  akrishnan at deity.gov.in
>>>> 
>>>> The key highlights of the policy are :
>>>> 
>>>> 
>>>> 1. A stipulation that businesses and citizens are to maintain plain text
>>>> (unencrypted) copies of encrypted content for a period of 90 days, to be
>>>> made available to Law Enforcement Agencies (LEAs) when so directed under
>>>> law.
>>>> 
>>>> 2. Vendors of encryption products are required to register their
>>>> products with the Government as a pre-condition to conducting business
>>>> in India. They are also expected to re-register their products with
>>>> every update. This requirement is not limited to vendors of dedicated
>>>> encryption products, and seemingly includes even products that use
>>>> encryption in the course of providing a larger service such as messaging
>>>> or e-commerce. (Service  Providers located  within  and
>>>> outside  India, using  Encryption  technology  for providing any type of
>>>> services in India must enter  into an agreement with the Government
>>>> for providing such  services in India).
>>>> 
>>>> 3. Encryption   algorithms   and key   sizes shall be prescribed
>>>> by   the Government through Notifications from time to time.
>>>> 
>>>> 
>>>>> On 09/21/2015 03:33 PM, Carolina Rossini wrote:
>>>>> Hi folks, I feel this could be a good topic for a coalition response
>>>> through the BB platform. Can the folks for India give some context to the
>>>> folks in this list? Let us know if such an action would be helpful.
>>>>> 
>>>>> Carol
>>>>> 
>>>>> Sent from my iPhone
>>>>> 
>>>>>> On Sep 21, 2015, at 2:24 PM, Mishi Choudhary <mishi at softwarefreedom.org>
>>>> wrote:
>>>>>> 
>>>>>> Worrisome development from India through this encryption policy
>>>> http://deity.gov.in/sites/upload_files/dit/files/draft%20Encryption%20Policyv1.pdf
>>>>>> 
>>>>>> --
>>>>>> Warm Regards
>>>>>> Mishi Choudhary, Esq.
>>>>>> Legal Director
>>>>>> Software Freedom Law Center
>>>>>> 1995 Broadway Floor 17
>>>>>> New York, NY-10023
>>>>>> (tel) 212-461-1912
>>>>>> (fax) 212-580-0898
>>>>>> www.softwarefreedom.org
>>>>>> 
>>>>>> 
>>>>>> Executive Director
>>>>>> SFLC.IN
>>>>>> K-9, Second Floor
>>>>>> Jangpura Extn.
>>>>>> New Delhi-110014
>>>>>> (tel) +91-11-43587126
>>>>>> (fax) +91-11-24323530
>>>>>> www.sflc.in
>>>>>> 
>>>>>> ____________________________________________________________
>>>>>> You received this message as a subscriber on the list:
>>>>>>    bestbits at lists.bestbits.net.
>>>>>> To unsubscribe or change your settings, visit:
>>>>>>    http://lists.bestbits.net/wws/info/bestbits
>>>>>> 
>>>>>> 
>>>>>> ____________________________________________________________
>>>>>> You received this message as a subscriber on the list:
>>>>>>     bestbits at lists.bestbits.net.
>>>>>> To unsubscribe or change your settings, visit:
>>>>>>     http://lists.bestbits.net/wws/info/bestbits
>>>> 
>>>> --
>>>> Warm Regards
>>>> Mishi Choudhary, Esq.
>>>> Legal Director
>>>> Software Freedom Law Center
>>>> 1995 Broadway Floor 17
>>>> New York, NY-10023
>>>> (tel) 212-461-1912
>>>> (fax) 212-580-0898
>>>> www.softwarefreedom.org
>>>> 
>>>> 
>>>> Executive Director
>>>> SFLC.IN
>>>> K-9, Second Floor
>>>> Jangpura Extn.
>>>> New Delhi-110014
>>>> (tel) +91-11-43587126
>>>> (fax) +91-11-24323530
>>>> www.sflc.in
>>>> 
>>>> 
>>>> ____________________________________________________________
>>>> You received this message as a subscriber on the list:
>>>>     bestbits at lists.bestbits.net.
>>>> To unsubscribe or change your settings, visit:
>>>>     http://lists.bestbits.net/wws/info/bestbits
>> 
>> -- 
>> Warm Regards
>> Mishi Choudhary, Esq.
>> Legal Director
>> Software Freedom Law Center
>> 1995 Broadway Floor 17
>> New York, NY-10023
>> (tel) 212-461-1912
>> (fax) 212-580-0898
>> www.softwarefreedom.org
>> 
>> 
>> Executive Director
>> SFLC.IN
>> K-9, Second Floor
>> Jangpura Extn.
>> New Delhi-110014
>> (tel) +91-11-43587126
>> (fax) +91-11-24323530
>> www.sflc.in
>> 
>> ____________________________________________________________
>> You received this message as a subscriber on the list:
>>     bestbits at lists.bestbits.net.
>> To unsubscribe or change your settings, visit:
>>     http://lists.bestbits.net/wws/info/bestbits
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.igcaucus.org/pipermail/bestbits/attachments/20150922/ceba0084/attachment.htm>

More information about the Bestbits mailing list