[bestbits] Update: Indian Encryption Policy

Kevin Bankston bankston at opentechinstitute.org
Tue Sep 22 12:10:31 EDT 2015 

In regard to the continuing/future threat of a revised proposal, I think it’s worth highlighting that the U.S. President’s office is considering several options in regard to encryption policy (based on this leaked memo: http://apps.washingtonpost.com/g/documents/national/read-the-nsc-draft-options-paper-on-strategic-approaches-to-encryption/1742/ <http://apps.washingtonpost.com/g/documents/national/read-the-nsc-draft-options-paper-on-strategic-approaches-to-encryption/1742/>), and one of them—option 1—would be to repudiate encryption backdoors, with an eye toward influencing other countries' behavior on this issue.  To the extent we can figure out ways to leverage this example to push the White House in the right direction right now, it may pay healthy dividends later in India and around the world.
_____________________________________
Kevin S. Bankston
Director, New America's Open Technology Institute
Co-Director, New America’s Cybersecurity Initiative
1899 L Street NW, Suite 400
Washington, DC 20036
bankston at opentechinstitute.org
Phone: 202-596-3415
Fax: 202-986-3696
@kevinbankston

> On Sep 22, 2015, at 11:19 AM, Raman Jit Singh Chima <raman at accessnow.org> wrote:
> 
> Those links are confirmed, and the Minister did a formal statement at a press conference on this that the news wires have used for their stories.
> 
> http://indianexpress.com/article/india/india-others/government-withdraws-draft-national-encryption-policy-after-furore/ <http://indianexpress.com/article/india/india-others/government-withdraws-draft-national-encryption-policy-after-furore/>
> 
> Do keep in mind though that they plan to try and bring this back - the Minister said they would redraft and then bring it back for public comment. We should celebrate this, but then pivot to focus on why undermining encryption should never be a policy step and what different governments across the world need to focus on - including India itself.
> 
> Raman.
> 
> On 22 September 2015 at 20:40, Deirdre Williams <williams.deirdre at gmail.com <mailto:williams.deirdre at gmail.com>> wrote:
> Try http://www.bbc.com/news/world-asia-india-34322118 <http://www.bbc.com/news/world-asia-india-34322118>
> 
> On 22 September 2015 at 11:07, Kevin Bankston <bankston at opentechinstitute.org <mailto:bankston at opentechinstitute.org>> wrote:
> Is there a story or other link confirming that so we can tweet about our community winning a quick victory? Didn't even need to write comments!
> 
> Sent via mobile
> 
> __________________________________
> Kevin S. Bankston
> Director, Open Technology Institute
> Co-Director, Cybersecurity Initiative
> New America
> 1899 L Street NW, Suite 400 <>
> Washington, DC 20036 <>
> bankston at opentechinstitute.org <mailto:bankston at opentechinstitute.org>
> Phone: 202-596-3415 <tel:202-596-3415>
> Fax: 202-986-3696 <tel:202-986-3696>
> @kevinbankston
> 
> On Sep 22, 2015, at 11:03 AM, Mishi Choudhary <mishi at softwarefreedom.org <mailto:mishi at softwarefreedom.org>> wrote:
> 
>> Post a public outcry, DEITY has withdrawn this policy.
>> 
>> On 09/21/2015 03:46 PM, Raman Jit Singh Chima wrote:
>>> Happy to add a few brief notes on the background to this if it is helpful:
>>> 
>>> 
>>>   - The Indian Govt has had encryption policy discussions ongoing for
>>>   about a decade. Pre-existing telecom sector regulation placed a limit of 40
>>>   bits on the encryption that could be deployed by ISPs or telcos on their
>>>   networks, though that arguably applied only to them directly and was
>>>   unclear as to how it affected third parties
>>>   - A provision in the Information Technology Act (Section 69) allowed the
>>>   Union Government to issue orders forcing decryption of data in addition to
>>>   allowing for interception requests. When the Information Technology Act was
>>>   amended in 2008, another provision was added (Section 84A) which allowed
>>>   the Union Government to specify "modes or methods for encryption" by
>>>   executive rule-making. The text of the provision said that this was
>>>   supposed to be for "secure use of the electronic medium and for promotion
>>>   of e-governance and e-commerce". The internal political context for this
>>>   included strong political pressure from law enforcement and the security
>>>   establishment, who raised concerns about not being able to intercept
>>>   encrypted communications
>>>   - No rules for the above provision was publicly brought up from 2008
>>>   until now, though there have been regular internal discussions - mostly
>>>   with industry and intergovernmental consultation
>>> 
>>> 
>>> Additionally - perhaps in response to the initial negative reaction in the
>>> press - the Indian Dept. of Electronics and IT released an addendum document
>>> <http://deity.gov.in/sites/upload_files/dit/files/Addendum%20-%20NEP-1_0.pdf <http://deity.gov.in/sites/upload_files/dit/files/Addendum%20-%20NEP-1_0.pdf>>
>>> today. It essentially appears to be trying to suggest that the draft rules
>>> could exempt "mass use encryption products" along with SSL/TLS products
>>> used for Internet banking (though only those specified by the Reserve Bank
>>> of India) or for e-Commerce passwords.
>>> 
>>> Sincerely,
>>> Raman.
>>> 
>>> On 22 September 2015 at 01:12, Mishi Choudhary <mishi at softwarefreedom.org <mailto:mishi at softwarefreedom.org>>
>>> wrote:
>>> 
>>>> Hi Carol,
>>>> 
>>>> Thanks for highlighting this. Its a  draft National Encryption Policy
>>>> and public comments are invited by October 16, 2015. Comments are to be
>>>> emailed to Mr A,S.A. Krishnan,  akrishnan at deity.gov.in <mailto:akrishnan at deity.gov.in>
>>>> 
>>>> The key highlights of the policy are :
>>>> 
>>>> 
>>>> 1. A stipulation that businesses and citizens are to maintain plain text
>>>> (unencrypted) copies of encrypted content for a period of 90 days, to be
>>>> made available to Law Enforcement Agencies (LEAs) when so directed under
>>>> law.
>>>> 
>>>> 2. Vendors of encryption products are required to register their
>>>> products with the Government as a pre-condition to conducting business
>>>> in India. They are also expected to re-register their products with
>>>> every update. This requirement is not limited to vendors of dedicated
>>>> encryption products, and seemingly includes even products that use
>>>> encryption in the course of providing a larger service such as messaging
>>>> or e-commerce. (Service  Providers located  within  and
>>>> outside  India, using  Encryption  technology  for providing any type of
>>>> services in India must enter  into an agreement with the Government
>>>> for providing such  services in India).
>>>> 
>>>> 3. Encryption   algorithms   and key   sizes shall be prescribed
>>>> by   the Government through Notifications from time to time.
>>>> 
>>>> 
>>>> On 09/21/2015 03:33 PM, Carolina Rossini wrote:
>>>>> Hi folks, I feel this could be a good topic for a coalition response
>>>> through the BB platform. Can the folks for India give some context to the
>>>> folks in this list? Let us know if such an action would be helpful.
>>>>> 
>>>>> Carol
>>>>> 
>>>>> Sent from my iPhone
>>>>> 
>>>>>> On Sep 21, 2015, at 2:24 PM, Mishi Choudhary <mishi at softwarefreedom.org <mailto:mishi at softwarefreedom.org>>
>>>> wrote:
>>>>>> 
>>>>>> Worrisome development from India through this encryption policy
>>>>>> 
>>>>>> 
>>>>>> 
>>>> http://deity.gov.in/sites/upload_files/dit/files/draft%20Encryption%20Policyv1.pdf <http://deity.gov.in/sites/upload_files/dit/files/draft%20Encryption%20Policyv1.pdf>
>>>>>> 
>>>>>> --
>>>>>> Warm Regards
>>>>>> Mishi Choudhary, Esq.
>>>>>> Legal Director
>>>>>> Software Freedom Law Center
>>>>>> 1995 Broadway Floor 17
>>>>>> New York, NY-10023
>>>>>> (tel) 212-461-1912 <tel:212-461-1912>
>>>>>> (fax) 212-580-0898 <tel:212-580-0898>
>>>>>> www.softwarefreedom.org <http://www.softwarefreedom.org/>
>>>>>> 
>>>>>> 
>>>>>> Executive Director
>>>>>> SFLC.IN <http://sflc.in/>
>>>>>> K-9, Second Floor
>>>>>> Jangpura Extn.
>>>>>> New Delhi-110014
>>>>>> (tel) +91-11-43587126 <tel:%2B91-11-43587126>
>>>>>> (fax) +91-11-24323530 <tel:%2B91-11-24323530>
>>>>>> www.sflc.in <http://www.sflc.in/>
>>>>>> 
>>>>>> ____________________________________________________________
>>>>>> You received this message as a subscriber on the list:
>>>>>>    bestbits at lists.bestbits.net <mailto:bestbits at lists.bestbits.net>.
>>>>>> To unsubscribe or change your settings, visit:
>>>>>>    http://lists.bestbits.net/wws/info/bestbits <http://lists.bestbits.net/wws/info/bestbits>
>>>>>> 
>>>>>> 
>>>>>> ____________________________________________________________
>>>>>> You received this message as a subscriber on the list:
>>>>>>     bestbits at lists.bestbits.net <mailto:bestbits at lists.bestbits.net>.
>>>>>> To unsubscribe or change your settings, visit:
>>>>>>     http://lists.bestbits.net/wws/info/bestbits <http://lists.bestbits.net/wws/info/bestbits>
>>>> 
>>>> --
>>>> Warm Regards
>>>> Mishi Choudhary, Esq.
>>>> Legal Director
>>>> Software Freedom Law Center
>>>> 1995 Broadway Floor 17
>>>> New York, NY-10023
>>>> (tel) 212-461-1912 <tel:212-461-1912>
>>>> (fax) 212-580-0898 <tel:212-580-0898>
>>>> www.softwarefreedom.org <http://www.softwarefreedom.org/>
>>>> 
>>>> 
>>>> Executive Director
>>>> SFLC.IN <http://sflc.in/>
>>>> K-9, Second Floor
>>>> Jangpura Extn.
>>>> New Delhi-110014
>>>> (tel) +91-11-43587126 <tel:%2B91-11-43587126>
>>>> (fax) +91-11-24323530 <tel:%2B91-11-24323530>
>>>> www.sflc.in <http://www.sflc.in/>
>>>> 
>>>> 
>>>> ____________________________________________________________
>>>> You received this message as a subscriber on the list:
>>>>     bestbits at lists.bestbits.net <mailto:bestbits at lists.bestbits.net>.
>>>> To unsubscribe or change your settings, visit:
>>>>     http://lists.bestbits.net/wws/info/bestbits <http://lists.bestbits.net/wws/info/bestbits>
>>>> 
>>> 
>>> 
>>> 
>> 
>> -- 
>> Warm Regards
>> Mishi Choudhary, Esq.
>> Legal Director
>> Software Freedom Law Center
>> 1995 Broadway Floor 17
>> New York, NY-10023
>> (tel) 212-461-1912 <tel:212-461-1912>
>> (fax) 212-580-0898 <tel:212-580-0898>
>> www.softwarefreedom.org <http://www.softwarefreedom.org/>
>> 
>> 
>> Executive Director
>> SFLC.IN <http://sflc.in/>
>> K-9, Second Floor
>> Jangpura Extn.
>> New Delhi-110014
>> (tel) +91-11-43587126 <tel:%2B91-11-43587126>
>> (fax) +91-11-24323530 <tel:%2B91-11-24323530>
>> www.sflc.in <http://www.sflc.in/>
>> 
>> ____________________________________________________________
>> You received this message as a subscriber on the list:
>>     bestbits at lists.bestbits.net <mailto:bestbits at lists.bestbits.net>.
>> To unsubscribe or change your settings, visit:
>>     http://lists.bestbits.net/wws/info/bestbits <http://lists.bestbits.net/wws/info/bestbits>
> ____________________________________________________________
> You received this message as a subscriber on the list:
>      bestbits at lists.bestbits.net <mailto:bestbits at lists.bestbits.net>.
> To unsubscribe or change your settings, visit:
>      http://lists.bestbits.net/wws/info/bestbits <http://lists.bestbits.net/wws/info/bestbits>
> 
> 
> 
> -- 
> “The fundamental cure for poverty is not money but knowledge" Sir William Arthur Lewis, Nobel Prize Economics, 1979
> 
> ____________________________________________________________
> You received this message as a subscriber on the list:
>      bestbits at lists.bestbits.net <mailto:bestbits at lists.bestbits.net>.
> To unsubscribe or change your settings, visit:
>      http://lists.bestbits.net/wws/info/bestbits <http://lists.bestbits.net/wws/info/bestbits>
> 
> 
> 
> -- 
> Raman Jit Singh Chima
> Policy Director
> Access | accessnow.org <http://accessnow.org/> 
> 
> Email: raman at accessnow.org <mailto:raman at accessnow.org>
> Skype: raman.chima
> PGP ID: 0x2A186000
> 
> Join the Access team - we're hiring <https://www.accessnow.org/about/jobs>! 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.igcaucus.org/pipermail/bestbits/attachments/20150922/5487682f/attachment.htm>

More information about the Bestbits mailing list