[bestbits] Update: Indian Encryption Policy

Deirdre Williams williams.deirdre at gmail.com
Tue Sep 22 11:10:18 EDT 2015


Try http://www.bbc.com/news/world-asia-india-34322118

On 22 September 2015 at 11:07, Kevin Bankston <
bankston at opentechinstitute.org> wrote:

> Is there a story or other link confirming that so we can tweet about our
> community winning a quick victory? Didn't even need to write comments!
>
> Sent via mobile
>
> __________________________________
> Kevin S. Bankston
> Director, Open Technology Institute
> Co-Director, Cybersecurity Initiative
> New America
> 1899 L Street NW, Suite 400
> Washington, DC 20036
> bankston at opentechinstitute.org
> Phone: 202-596-3415
> Fax: 202-986-3696
> @kevinbankston
>
> On Sep 22, 2015, at 11:03 AM, Mishi Choudhary <mishi at softwarefreedom.org>
> wrote:
>
> Post a public outcry, DEITY has withdrawn this policy.
>
> On 09/21/2015 03:46 PM, Raman Jit Singh Chima wrote:
>
> Happy to add a few brief notes on the background to this if it is helpful:
>
>
>
>   - The Indian Govt has had encryption policy discussions ongoing for
>
>   about a decade. Pre-existing telecom sector regulation placed a limit of
> 40
>
>   bits on the encryption that could be deployed by ISPs or telcos on their
>
>   networks, though that arguably applied only to them directly and was
>
>   unclear as to how it affected third parties
>
>   - A provision in the Information Technology Act (Section 69) allowed the
>
>   Union Government to issue orders forcing decryption of data in addition
> to
>
>   allowing for interception requests. When the Information Technology Act
> was
>
>   amended in 2008, another provision was added (Section 84A) which allowed
>
>   the Union Government to specify "modes or methods for encryption" by
>
>   executive rule-making. The text of the provision said that this was
>
>   supposed to be for "secure use of the electronic medium and for promotion
>
>   of e-governance and e-commerce". The internal political context for this
>
>   included strong political pressure from law enforcement and the security
>
>   establishment, who raised concerns about not being able to intercept
>
>   encrypted communications
>
>   - No rules for the above provision was publicly brought up from 2008
>
>   until now, though there have been regular internal discussions - mostly
>
>   with industry and intergovernmental consultation
>
>
>
> Additionally - perhaps in response to the initial negative reaction in the
>
> press - the Indian Dept. of Electronics and IT released an addendum
> document
>
> <
> http://deity.gov.in/sites/upload_files/dit/files/Addendum%20-%20NEP-1_0.pdf
> >
>
> today. It essentially appears to be trying to suggest that the draft rules
>
> could exempt "mass use encryption products" along with SSL/TLS products
>
> used for Internet banking (though only those specified by the Reserve Bank
>
> of India) or for e-Commerce passwords.
>
>
> Sincerely,
>
> Raman.
>
>
> On 22 September 2015 at 01:12, Mishi Choudhary <mishi at softwarefreedom.org>
>
> wrote:
>
>
> Hi Carol,
>
>
> Thanks for highlighting this. Its a  draft National Encryption Policy
>
> and public comments are invited by October 16, 2015. Comments are to be
>
> emailed to Mr A,S.A. Krishnan,  akrishnan at deity.gov.in
>
>
> The key highlights of the policy are :
>
>
>
> 1. A stipulation that businesses and citizens are to maintain plain text
>
> (unencrypted) copies of encrypted content for a period of 90 days, to be
>
> made available to Law Enforcement Agencies (LEAs) when so directed under
>
> law.
>
>
> 2. Vendors of encryption products are required to register their
>
> products with the Government as a pre-condition to conducting business
>
> in India. They are also expected to re-register their products with
>
> every update. This requirement is not limited to vendors of dedicated
>
> encryption products, and seemingly includes even products that use
>
> encryption in the course of providing a larger service such as messaging
>
> or e-commerce. (Service  Providers located  within  and
>
> outside  India, using  Encryption  technology  for providing any type of
>
> services in India must enter  into an agreement with the Government
>
> for providing such  services in India).
>
>
> 3. Encryption   algorithms   and key   sizes shall be prescribed
>
> by   the Government through Notifications from time to time.
>
>
>
> On 09/21/2015 03:33 PM, Carolina Rossini wrote:
>
> Hi folks, I feel this could be a good topic for a coalition response
>
> through the BB platform. Can the folks for India give some context to the
>
> folks in this list? Let us know if such an action would be helpful.
>
>
> Carol
>
>
> Sent from my iPhone
>
>
> On Sep 21, 2015, at 2:24 PM, Mishi Choudhary <mishi at softwarefreedom.org>
>
> wrote:
>
>
> Worrisome development from India through this encryption policy
>
>
>
>
>
> http://deity.gov.in/sites/upload_files/dit/files/draft%20Encryption%20Policyv1.pdf
>
>
> --
>
> Warm Regards
>
> Mishi Choudhary, Esq.
>
> Legal Director
>
> Software Freedom Law Center
>
> 1995 Broadway Floor 17
>
> New York, NY-10023
>
> (tel) 212-461-1912
>
> (fax) 212-580-0898
>
> www.softwarefreedom.org
>
>
>
> Executive Director
>
> SFLC.IN
>
> K-9, Second Floor
>
> Jangpura Extn.
>
> New Delhi-110014
>
> (tel) +91-11-43587126
>
> (fax) +91-11-24323530
>
> www.sflc.in
>
>
> ____________________________________________________________
>
> You received this message as a subscriber on the list:
>
>    bestbits at lists.bestbits.net.
>
> To unsubscribe or change your settings, visit:
>
>    http://lists.bestbits.net/wws/info/bestbits
>
>
>
> ____________________________________________________________
>
> You received this message as a subscriber on the list:
>
>     bestbits at lists.bestbits.net.
>
> To unsubscribe or change your settings, visit:
>
>     http://lists.bestbits.net/wws/info/bestbits
>
>
> --
>
> Warm Regards
>
> Mishi Choudhary, Esq.
>
> Legal Director
>
> Software Freedom Law Center
>
> 1995 Broadway Floor 17
>
> New York, NY-10023
>
> (tel) 212-461-1912
>
> (fax) 212-580-0898
>
> www.softwarefreedom.org
>
>
>
> Executive Director
>
> SFLC.IN
>
> K-9, Second Floor
>
> Jangpura Extn.
>
> New Delhi-110014
>
> (tel) +91-11-43587126
>
> (fax) +91-11-24323530
>
> www.sflc.in
>
>
>
> ____________________________________________________________
>
> You received this message as a subscriber on the list:
>
>     bestbits at lists.bestbits.net.
>
> To unsubscribe or change your settings, visit:
>
>     http://lists.bestbits.net/wws/info/bestbits
>
>
>
>
>
>
> --
> Warm Regards
> Mishi Choudhary, Esq.
> Legal Director
> Software Freedom Law Center
> 1995 Broadway Floor 17
> New York, NY-10023
> (tel) 212-461-1912
> (fax) 212-580-0898
> www.softwarefreedom.org
>
>
> Executive Director
> SFLC.IN
> K-9, Second Floor
> Jangpura Extn.
> New Delhi-110014
> (tel) +91-11-43587126
> (fax) +91-11-24323530
> www.sflc.in
>
> ____________________________________________________________
> You received this message as a subscriber on the list:
>     bestbits at lists.bestbits.net.
> To unsubscribe or change your settings, visit:
>     http://lists.bestbits.net/wws/info/bestbits
>
>
> ____________________________________________________________
> You received this message as a subscriber on the list:
>      bestbits at lists.bestbits.net.
> To unsubscribe or change your settings, visit:
>      http://lists.bestbits.net/wws/info/bestbits
>



-- 
“The fundamental cure for poverty is not money but knowledge" Sir William
Arthur Lewis, Nobel Prize Economics, 1979
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.igcaucus.org/pipermail/bestbits/attachments/20150922/b3bff155/attachment.htm>


More information about the Bestbits mailing list