[bestbits] Update: Indian Encryption Policy

Raman Jit Singh Chima raman at accessnow.org
Tue Sep 22 11:19:28 EDT 2015


Those links are confirmed, and the Minister did a formal statement at a
press conference on this that the news wires have used for their stories.

http://indianexpress.com/article/india/india-others/government-withdraws-draft-national-encryption-policy-after-furore/

Do keep in mind though that they plan to try and bring this back - the
Minister said they would redraft and then bring it back for public comment.
We should celebrate this, but then pivot to focus on why undermining
encryption should never be a policy step and what different governments
across the world need to focus on - including India itself.

Raman.

On 22 September 2015 at 20:40, Deirdre Williams <williams.deirdre at gmail.com>
wrote:

> Try http://www.bbc.com/news/world-asia-india-34322118
>
> On 22 September 2015 at 11:07, Kevin Bankston <
> bankston at opentechinstitute.org> wrote:
>
>> Is there a story or other link confirming that so we can tweet about our
>> community winning a quick victory? Didn't even need to write comments!
>>
>> Sent via mobile
>>
>> __________________________________
>> Kevin S. Bankston
>> Director, Open Technology Institute
>> Co-Director, Cybersecurity Initiative
>> New America
>> 1899 L Street NW, Suite 400
>> Washington, DC 20036
>> bankston at opentechinstitute.org
>> Phone: 202-596-3415
>> Fax: 202-986-3696
>> @kevinbankston
>>
>> On Sep 22, 2015, at 11:03 AM, Mishi Choudhary <mishi at softwarefreedom.org>
>> wrote:
>>
>> Post a public outcry, DEITY has withdrawn this policy.
>>
>> On 09/21/2015 03:46 PM, Raman Jit Singh Chima wrote:
>>
>> Happy to add a few brief notes on the background to this if it is helpful:
>>
>>
>>
>>   - The Indian Govt has had encryption policy discussions ongoing for
>>
>>   about a decade. Pre-existing telecom sector regulation placed a limit
>> of 40
>>
>>   bits on the encryption that could be deployed by ISPs or telcos on their
>>
>>   networks, though that arguably applied only to them directly and was
>>
>>   unclear as to how it affected third parties
>>
>>   - A provision in the Information Technology Act (Section 69) allowed the
>>
>>   Union Government to issue orders forcing decryption of data in addition
>> to
>>
>>   allowing for interception requests. When the Information Technology Act
>> was
>>
>>   amended in 2008, another provision was added (Section 84A) which allowed
>>
>>   the Union Government to specify "modes or methods for encryption" by
>>
>>   executive rule-making. The text of the provision said that this was
>>
>>   supposed to be for "secure use of the electronic medium and for
>> promotion
>>
>>   of e-governance and e-commerce". The internal political context for this
>>
>>   included strong political pressure from law enforcement and the security
>>
>>   establishment, who raised concerns about not being able to intercept
>>
>>   encrypted communications
>>
>>   - No rules for the above provision was publicly brought up from 2008
>>
>>   until now, though there have been regular internal discussions - mostly
>>
>>   with industry and intergovernmental consultation
>>
>>
>>
>> Additionally - perhaps in response to the initial negative reaction in the
>>
>> press - the Indian Dept. of Electronics and IT released an addendum
>> document
>>
>> <
>> http://deity.gov.in/sites/upload_files/dit/files/Addendum%20-%20NEP-1_0.pdf
>> >
>>
>> today. It essentially appears to be trying to suggest that the draft rules
>>
>> could exempt "mass use encryption products" along with SSL/TLS products
>>
>> used for Internet banking (though only those specified by the Reserve Bank
>>
>> of India) or for e-Commerce passwords.
>>
>>
>> Sincerely,
>>
>> Raman.
>>
>>
>> On 22 September 2015 at 01:12, Mishi Choudhary <mishi at softwarefreedom.org
>> >
>>
>> wrote:
>>
>>
>> Hi Carol,
>>
>>
>> Thanks for highlighting this. Its a  draft National Encryption Policy
>>
>> and public comments are invited by October 16, 2015. Comments are to be
>>
>> emailed to Mr A,S.A. Krishnan,  akrishnan at deity.gov.in
>>
>>
>> The key highlights of the policy are :
>>
>>
>>
>> 1. A stipulation that businesses and citizens are to maintain plain text
>>
>> (unencrypted) copies of encrypted content for a period of 90 days, to be
>>
>> made available to Law Enforcement Agencies (LEAs) when so directed under
>>
>> law.
>>
>>
>> 2. Vendors of encryption products are required to register their
>>
>> products with the Government as a pre-condition to conducting business
>>
>> in India. They are also expected to re-register their products with
>>
>> every update. This requirement is not limited to vendors of dedicated
>>
>> encryption products, and seemingly includes even products that use
>>
>> encryption in the course of providing a larger service such as messaging
>>
>> or e-commerce. (Service  Providers located  within  and
>>
>> outside  India, using  Encryption  technology  for providing any type of
>>
>> services in India must enter  into an agreement with the Government
>>
>> for providing such  services in India).
>>
>>
>> 3. Encryption   algorithms   and key   sizes shall be prescribed
>>
>> by   the Government through Notifications from time to time.
>>
>>
>>
>> On 09/21/2015 03:33 PM, Carolina Rossini wrote:
>>
>> Hi folks, I feel this could be a good topic for a coalition response
>>
>> through the BB platform. Can the folks for India give some context to the
>>
>> folks in this list? Let us know if such an action would be helpful.
>>
>>
>> Carol
>>
>>
>> Sent from my iPhone
>>
>>
>> On Sep 21, 2015, at 2:24 PM, Mishi Choudhary <mishi at softwarefreedom.org>
>>
>> wrote:
>>
>>
>> Worrisome development from India through this encryption policy
>>
>>
>>
>>
>>
>> http://deity.gov.in/sites/upload_files/dit/files/draft%20Encryption%20Policyv1.pdf
>>
>>
>> --
>>
>> Warm Regards
>>
>> Mishi Choudhary, Esq.
>>
>> Legal Director
>>
>> Software Freedom Law Center
>>
>> 1995 Broadway Floor 17
>>
>> New York, NY-10023
>>
>> (tel) 212-461-1912
>>
>> (fax) 212-580-0898
>>
>> www.softwarefreedom.org
>>
>>
>>
>> Executive Director
>>
>> SFLC.IN
>>
>> K-9, Second Floor
>>
>> Jangpura Extn.
>>
>> New Delhi-110014
>>
>> (tel) +91-11-43587126
>>
>> (fax) +91-11-24323530
>>
>> www.sflc.in
>>
>>
>> ____________________________________________________________
>>
>> You received this message as a subscriber on the list:
>>
>>    bestbits at lists.bestbits.net.
>>
>> To unsubscribe or change your settings, visit:
>>
>>    http://lists.bestbits.net/wws/info/bestbits
>>
>>
>>
>> ____________________________________________________________
>>
>> You received this message as a subscriber on the list:
>>
>>     bestbits at lists.bestbits.net.
>>
>> To unsubscribe or change your settings, visit:
>>
>>     http://lists.bestbits.net/wws/info/bestbits
>>
>>
>> --
>>
>> Warm Regards
>>
>> Mishi Choudhary, Esq.
>>
>> Legal Director
>>
>> Software Freedom Law Center
>>
>> 1995 Broadway Floor 17
>>
>> New York, NY-10023
>>
>> (tel) 212-461-1912
>>
>> (fax) 212-580-0898
>>
>> www.softwarefreedom.org
>>
>>
>>
>> Executive Director
>>
>> SFLC.IN
>>
>> K-9, Second Floor
>>
>> Jangpura Extn.
>>
>> New Delhi-110014
>>
>> (tel) +91-11-43587126
>>
>> (fax) +91-11-24323530
>>
>> www.sflc.in
>>
>>
>>
>> ____________________________________________________________
>>
>> You received this message as a subscriber on the list:
>>
>>     bestbits at lists.bestbits.net.
>>
>> To unsubscribe or change your settings, visit:
>>
>>     http://lists.bestbits.net/wws/info/bestbits
>>
>>
>>
>>
>>
>>
>> --
>> Warm Regards
>> Mishi Choudhary, Esq.
>> Legal Director
>> Software Freedom Law Center
>> 1995 Broadway Floor 17
>> New York, NY-10023
>> (tel) 212-461-1912
>> (fax) 212-580-0898
>> www.softwarefreedom.org
>>
>>
>> Executive Director
>> SFLC.IN
>> K-9, Second Floor
>> Jangpura Extn.
>> New Delhi-110014
>> (tel) +91-11-43587126
>> (fax) +91-11-24323530
>> www.sflc.in
>>
>> ____________________________________________________________
>> You received this message as a subscriber on the list:
>>     bestbits at lists.bestbits.net.
>> To unsubscribe or change your settings, visit:
>>     http://lists.bestbits.net/wws/info/bestbits
>>
>>
>> ____________________________________________________________
>> You received this message as a subscriber on the list:
>>      bestbits at lists.bestbits.net.
>> To unsubscribe or change your settings, visit:
>>      http://lists.bestbits.net/wws/info/bestbits
>>
>
>
>
> --
> “The fundamental cure for poverty is not money but knowledge" Sir William
> Arthur Lewis, Nobel Prize Economics, 1979
>
> ____________________________________________________________
> You received this message as a subscriber on the list:
>      bestbits at lists.bestbits.net.
> To unsubscribe or change your settings, visit:
>      http://lists.bestbits.net/wws/info/bestbits
>



-- 
*Raman Jit Singh Chima*
Policy Director
Access | accessnow.org

Email: raman at accessnow.org
Skype: raman.chima
PGP ID: 0x2A186000

*Join the Access team - *we're hiring <https://www.accessnow.org/about/jobs>
!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.igcaucus.org/pipermail/bestbits/attachments/20150922/5d2e403a/attachment.htm>


More information about the Bestbits mailing list