[bestbits] Update: Indian Encryption Policy
Anja Kovacs
anja at internetdemocracy.in
Tue Sep 22 12:04:10 EDT 2015
Here's what DeityY (the relevant government department) tweeted:
https://twitter.com/GoI_DeitY/status/646266722366832641
Best,
Anja
On 22 September 2015 at 20:49, Raman Jit Singh Chima <raman at accessnow.org>
wrote:
> Those links are confirmed, and the Minister did a formal statement at a
> press conference on this that the news wires have used for their stories.
>
>
> http://indianexpress.com/article/india/india-others/government-withdraws-draft-national-encryption-policy-after-furore/
>
> Do keep in mind though that they plan to try and bring this back - the
> Minister said they would redraft and then bring it back for public comment.
> We should celebrate this, but then pivot to focus on why undermining
> encryption should never be a policy step and what different governments
> across the world need to focus on - including India itself.
>
> Raman.
>
> On 22 September 2015 at 20:40, Deirdre Williams <
> williams.deirdre at gmail.com> wrote:
>
>> Try http://www.bbc.com/news/world-asia-india-34322118
>>
>> On 22 September 2015 at 11:07, Kevin Bankston <
>> bankston at opentechinstitute.org> wrote:
>>
>>> Is there a story or other link confirming that so we can tweet about our
>>> community winning a quick victory? Didn't even need to write comments!
>>>
>>> Sent via mobile
>>>
>>> __________________________________
>>> Kevin S. Bankston
>>> Director, Open Technology Institute
>>> Co-Director, Cybersecurity Initiative
>>> New America
>>> 1899 L Street NW, Suite 400
>>> Washington, DC 20036
>>> bankston at opentechinstitute.org
>>> Phone: 202-596-3415
>>> Fax: 202-986-3696
>>> @kevinbankston
>>>
>>> On Sep 22, 2015, at 11:03 AM, Mishi Choudhary <mishi at softwarefreedom.org>
>>> wrote:
>>>
>>> Post a public outcry, DEITY has withdrawn this policy.
>>>
>>> On 09/21/2015 03:46 PM, Raman Jit Singh Chima wrote:
>>>
>>> Happy to add a few brief notes on the background to this if it is
>>> helpful:
>>>
>>>
>>>
>>> - The Indian Govt has had encryption policy discussions ongoing for
>>>
>>> about a decade. Pre-existing telecom sector regulation placed a limit
>>> of 40
>>>
>>> bits on the encryption that could be deployed by ISPs or telcos on
>>> their
>>>
>>> networks, though that arguably applied only to them directly and was
>>>
>>> unclear as to how it affected third parties
>>>
>>> - A provision in the Information Technology Act (Section 69) allowed
>>> the
>>>
>>> Union Government to issue orders forcing decryption of data in
>>> addition to
>>>
>>> allowing for interception requests. When the Information Technology
>>> Act was
>>>
>>> amended in 2008, another provision was added (Section 84A) which
>>> allowed
>>>
>>> the Union Government to specify "modes or methods for encryption" by
>>>
>>> executive rule-making. The text of the provision said that this was
>>>
>>> supposed to be for "secure use of the electronic medium and for
>>> promotion
>>>
>>> of e-governance and e-commerce". The internal political context for
>>> this
>>>
>>> included strong political pressure from law enforcement and the
>>> security
>>>
>>> establishment, who raised concerns about not being able to intercept
>>>
>>> encrypted communications
>>>
>>> - No rules for the above provision was publicly brought up from 2008
>>>
>>> until now, though there have been regular internal discussions - mostly
>>>
>>> with industry and intergovernmental consultation
>>>
>>>
>>>
>>> Additionally - perhaps in response to the initial negative reaction in
>>> the
>>>
>>> press - the Indian Dept. of Electronics and IT released an addendum
>>> document
>>>
>>> <
>>> http://deity.gov.in/sites/upload_files/dit/files/Addendum%20-%20NEP-1_0.pdf
>>> >
>>>
>>> today. It essentially appears to be trying to suggest that the draft
>>> rules
>>>
>>> could exempt "mass use encryption products" along with SSL/TLS products
>>>
>>> used for Internet banking (though only those specified by the Reserve
>>> Bank
>>>
>>> of India) or for e-Commerce passwords.
>>>
>>>
>>> Sincerely,
>>>
>>> Raman.
>>>
>>>
>>> On 22 September 2015 at 01:12, Mishi Choudhary <
>>> mishi at softwarefreedom.org>
>>>
>>> wrote:
>>>
>>>
>>> Hi Carol,
>>>
>>>
>>> Thanks for highlighting this. Its a draft National Encryption Policy
>>>
>>> and public comments are invited by October 16, 2015. Comments are to be
>>>
>>> emailed to Mr A,S.A. Krishnan, akrishnan at deity.gov.in
>>>
>>>
>>> The key highlights of the policy are :
>>>
>>>
>>>
>>> 1. A stipulation that businesses and citizens are to maintain plain text
>>>
>>> (unencrypted) copies of encrypted content for a period of 90 days, to be
>>>
>>> made available to Law Enforcement Agencies (LEAs) when so directed under
>>>
>>> law.
>>>
>>>
>>> 2. Vendors of encryption products are required to register their
>>>
>>> products with the Government as a pre-condition to conducting business
>>>
>>> in India. They are also expected to re-register their products with
>>>
>>> every update. This requirement is not limited to vendors of dedicated
>>>
>>> encryption products, and seemingly includes even products that use
>>>
>>> encryption in the course of providing a larger service such as messaging
>>>
>>> or e-commerce. (Service Providers located within and
>>>
>>> outside India, using Encryption technology for providing any type of
>>>
>>> services in India must enter into an agreement with the Government
>>>
>>> for providing such services in India).
>>>
>>>
>>> 3. Encryption algorithms and key sizes shall be prescribed
>>>
>>> by the Government through Notifications from time to time.
>>>
>>>
>>>
>>> On 09/21/2015 03:33 PM, Carolina Rossini wrote:
>>>
>>> Hi folks, I feel this could be a good topic for a coalition response
>>>
>>> through the BB platform. Can the folks for India give some context to the
>>>
>>> folks in this list? Let us know if such an action would be helpful.
>>>
>>>
>>> Carol
>>>
>>>
>>> Sent from my iPhone
>>>
>>>
>>> On Sep 21, 2015, at 2:24 PM, Mishi Choudhary <mishi at softwarefreedom.org>
>>>
>>> wrote:
>>>
>>>
>>> Worrisome development from India through this encryption policy
>>>
>>>
>>>
>>>
>>>
>>> http://deity.gov.in/sites/upload_files/dit/files/draft%20Encryption%20Policyv1.pdf
>>>
>>>
>>> --
>>>
>>> Warm Regards
>>>
>>> Mishi Choudhary, Esq.
>>>
>>> Legal Director
>>>
>>> Software Freedom Law Center
>>>
>>> 1995 Broadway Floor 17
>>>
>>> New York, NY-10023
>>>
>>> (tel) 212-461-1912
>>>
>>> (fax) 212-580-0898
>>>
>>> www.softwarefreedom.org
>>>
>>>
>>>
>>> Executive Director
>>>
>>> SFLC.IN
>>>
>>> K-9, Second Floor
>>>
>>> Jangpura Extn.
>>>
>>> New Delhi-110014
>>>
>>> (tel) +91-11-43587126
>>>
>>> (fax) +91-11-24323530
>>>
>>> www.sflc.in
>>>
>>>
>>> ____________________________________________________________
>>>
>>> You received this message as a subscriber on the list:
>>>
>>> bestbits at lists.bestbits.net.
>>>
>>> To unsubscribe or change your settings, visit:
>>>
>>> http://lists.bestbits.net/wws/info/bestbits
>>>
>>>
>>>
>>> ____________________________________________________________
>>>
>>> You received this message as a subscriber on the list:
>>>
>>> bestbits at lists.bestbits.net.
>>>
>>> To unsubscribe or change your settings, visit:
>>>
>>> http://lists.bestbits.net/wws/info/bestbits
>>>
>>>
>>> --
>>>
>>> Warm Regards
>>>
>>> Mishi Choudhary, Esq.
>>>
>>> Legal Director
>>>
>>> Software Freedom Law Center
>>>
>>> 1995 Broadway Floor 17
>>>
>>> New York, NY-10023
>>>
>>> (tel) 212-461-1912
>>>
>>> (fax) 212-580-0898
>>>
>>> www.softwarefreedom.org
>>>
>>>
>>>
>>> Executive Director
>>>
>>> SFLC.IN
>>>
>>> K-9, Second Floor
>>>
>>> Jangpura Extn.
>>>
>>> New Delhi-110014
>>>
>>> (tel) +91-11-43587126
>>>
>>> (fax) +91-11-24323530
>>>
>>> www.sflc.in
>>>
>>>
>>>
>>> ____________________________________________________________
>>>
>>> You received this message as a subscriber on the list:
>>>
>>> bestbits at lists.bestbits.net.
>>>
>>> To unsubscribe or change your settings, visit:
>>>
>>> http://lists.bestbits.net/wws/info/bestbits
>>>
>>>
>>>
>>>
>>>
>>>
>>> --
>>> Warm Regards
>>> Mishi Choudhary, Esq.
>>> Legal Director
>>> Software Freedom Law Center
>>> 1995 Broadway Floor 17
>>> New York, NY-10023
>>> (tel) 212-461-1912
>>> (fax) 212-580-0898
>>> www.softwarefreedom.org
>>>
>>>
>>> Executive Director
>>> SFLC.IN
>>> K-9, Second Floor
>>> Jangpura Extn.
>>> New Delhi-110014
>>> (tel) +91-11-43587126
>>> (fax) +91-11-24323530
>>> www.sflc.in
>>>
>>> ____________________________________________________________
>>> You received this message as a subscriber on the list:
>>> bestbits at lists.bestbits.net.
>>> To unsubscribe or change your settings, visit:
>>> http://lists.bestbits.net/wws/info/bestbits
>>>
>>>
>>> ____________________________________________________________
>>> You received this message as a subscriber on the list:
>>> bestbits at lists.bestbits.net.
>>> To unsubscribe or change your settings, visit:
>>> http://lists.bestbits.net/wws/info/bestbits
>>>
>>
>>
>>
>> --
>> “The fundamental cure for poverty is not money but knowledge" Sir William
>> Arthur Lewis, Nobel Prize Economics, 1979
>>
>> ____________________________________________________________
>> You received this message as a subscriber on the list:
>> bestbits at lists.bestbits.net.
>> To unsubscribe or change your settings, visit:
>> http://lists.bestbits.net/wws/info/bestbits
>>
>
>
>
> --
> *Raman Jit Singh Chima*
> Policy Director
> Access | accessnow.org
>
> Email: raman at accessnow.org
> Skype: raman.chima
> PGP ID: 0x2A186000
>
> *Join the Access team - *we're hiring
> <https://www.accessnow.org/about/jobs>!
>
> ____________________________________________________________
> You received this message as a subscriber on the list:
> bestbits at lists.bestbits.net.
> To unsubscribe or change your settings, visit:
> http://lists.bestbits.net/wws/info/bestbits
>
--
Dr. Anja Kovacs
The Internet Democracy Project
+91 9899028053 | @anjakovacs
www.internetdemocracy.in
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.igcaucus.org/pipermail/bestbits/attachments/20150922/1a91fc1f/attachment.htm>
More information about the Bestbits
mailing list