[bestbits] Update: Indian Encryption Policy
Cynthia Wong
wongc at hrw.org
Tue Sep 22 12:40:55 EDT 2015
Question for those in India: Are there proactive advocacy pieces that the groups on this list can put together to make sure the next draft is less awful? Perhaps in coordination with David Kaye?
HRW would be keen to participate, if that would be helpful.
From: bestbits-request at lists.bestbits.net [mailto:bestbits-request at lists.bestbits.net] On Behalf Of Kevin Bankston
Sent: Tuesday, September 22, 2015 9:11 AM
To: Raman Jit Singh Chima
Cc: Deirdre Williams; Mishi Choudhary; bestbits at lists.bestbits.net> bestbits at lists.bestbits.net>bestbits at lists.bestbits.net>
Subject: Re: [bestbits] Update: Indian Encryption Policy
In regard to the continuing/future threat of a revised proposal, I think it’s worth highlighting that the U.S. President’s office is considering several options in regard to encryption policy (based on this leaked memo: http://apps.washingtonpost.com/g/documents/national/read-the-nsc-draft-options-paper-on-strategic-approaches-to-encryption/1742/), and one of them—option 1—would be to repudiate encryption backdoors, with an eye toward influencing other countries' behavior on this issue. To the extent we can figure out ways to leverage this example to push the White House in the right direction right now, it may pay healthy dividends later in India and around the world.
_____________________________________
Kevin S. Bankston
Director, New America's Open Technology Institute
Co-Director, New America’s Cybersecurity Initiative
1899 L Street NW, Suite 400
Washington, DC 20036
bankston at opentechinstitute.org<mailto:bankston at opentechinstitute.org>
Phone: 202-596-3415
Fax: 202-986-3696
@kevinbankston
On Sep 22, 2015, at 11:19 AM, Raman Jit Singh Chima <raman at accessnow.org<mailto:raman at accessnow.org>> wrote:
Those links are confirmed, and the Minister did a formal statement at a press conference on this that the news wires have used for their stories.
http://indianexpress.com/article/india/india-others/government-withdraws-draft-national-encryption-policy-after-furore/
Do keep in mind though that they plan to try and bring this back - the Minister said they would redraft and then bring it back for public comment. We should celebrate this, but then pivot to focus on why undermining encryption should never be a policy step and what different governments across the world need to focus on - including India itself.
Raman.
On 22 September 2015 at 20:40, Deirdre Williams <williams.deirdre at gmail.com<mailto:williams.deirdre at gmail.com>> wrote:
Try http://www.bbc.com/news/world-asia-india-34322118
On 22 September 2015 at 11:07, Kevin Bankston <bankston at opentechinstitute.org<mailto:bankston at opentechinstitute.org>> wrote:
Is there a story or other link confirming that so we can tweet about our community winning a quick victory? Didn't even need to write comments!
Sent via mobile
__________________________________
Kevin S. Bankston
Director, Open Technology Institute
Co-Director, Cybersecurity Initiative
New America
1899 L Street NW, Suite 400
Washington, DC 20036
bankston at opentechinstitute.org<mailto:bankston at opentechinstitute.org>
Phone: 202-596-3415<tel:202-596-3415>
Fax: 202-986-3696<tel:202-986-3696>
@kevinbankston
On Sep 22, 2015, at 11:03 AM, Mishi Choudhary <mishi at softwarefreedom.org<mailto:mishi at softwarefreedom.org>> wrote:
Post a public outcry, DEITY has withdrawn this policy.
On 09/21/2015 03:46 PM, Raman Jit Singh Chima wrote:
Happy to add a few brief notes on the background to this if it is helpful:
- The Indian Govt has had encryption policy discussions ongoing for
about a decade. Pre-existing telecom sector regulation placed a limit of 40
bits on the encryption that could be deployed by ISPs or telcos on their
networks, though that arguably applied only to them directly and was
unclear as to how it affected third parties
- A provision in the Information Technology Act (Section 69) allowed the
Union Government to issue orders forcing decryption of data in addition to
allowing for interception requests. When the Information Technology Act was
amended in 2008, another provision was added (Section 84A) which allowed
the Union Government to specify "modes or methods for encryption" by
executive rule-making. The text of the provision said that this was
supposed to be for "secure use of the electronic medium and for promotion
of e-governance and e-commerce". The internal political context for this
included strong political pressure from law enforcement and the security
establishment, who raised concerns about not being able to intercept
encrypted communications
- No rules for the above provision was publicly brought up from 2008
until now, though there have been regular internal discussions - mostly
with industry and intergovernmental consultation
Additionally - perhaps in response to the initial negative reaction in the
press - the Indian Dept. of Electronics and IT released an addendum document
<http://deity.gov.in/sites/upload_files/dit/files/Addendum%20-%20NEP-1_0.pdf>
today. It essentially appears to be trying to suggest that the draft rules
could exempt "mass use encryption products" along with SSL/TLS products
used for Internet banking (though only those specified by the Reserve Bank
of India) or for e-Commerce passwords.
Sincerely,
Raman.
On 22 September 2015 at 01:12, Mishi Choudhary <mishi at softwarefreedom.org<mailto:mishi at softwarefreedom.org>>
wrote:
Hi Carol,
Thanks for highlighting this. Its a draft National Encryption Policy
and public comments are invited by October 16, 2015. Comments are to be
emailed to Mr A,S.A. Krishnan, akrishnan at deity.gov.in<mailto:akrishnan at deity.gov.in>
The key highlights of the policy are :
1. A stipulation that businesses and citizens are to maintain plain text
(unencrypted) copies of encrypted content for a period of 90 days, to be
made available to Law Enforcement Agencies (LEAs) when so directed under
law.
2. Vendors of encryption products are required to register their
products with the Government as a pre-condition to conducting business
in India. They are also expected to re-register their products with
every update. This requirement is not limited to vendors of dedicated
encryption products, and seemingly includes even products that use
encryption in the course of providing a larger service such as messaging
or e-commerce. (Service Providers located within and
outside India, using Encryption technology for providing any type of
services in India must enter into an agreement with the Government
for providing such services in India).
3. Encryption algorithms and key sizes shall be prescribed
by the Government through Notifications from time to time.
On 09/21/2015 03:33 PM, Carolina Rossini wrote:
Hi folks, I feel this could be a good topic for a coalition response
through the BB platform. Can the folks for India give some context to the
folks in this list? Let us know if such an action would be helpful.
Carol
Sent from my iPhone
On Sep 21, 2015, at 2:24 PM, Mishi Choudhary <mishi at softwarefreedom.org<mailto:mishi at softwarefreedom.org>>
wrote:
Worrisome development from India through this encryption policy
http://deity.gov.in/sites/upload_files/dit/files/draft%20Encryption%20Policyv1.pdf
--
Warm Regards
Mishi Choudhary, Esq.
Legal Director
Software Freedom Law Center
1995 Broadway Floor 17
New York, NY-10023
(tel) 212-461-1912<tel:212-461-1912>
(fax) 212-580-0898<tel:212-580-0898>
www.softwarefreedom.org<http://www.softwarefreedom.org/>
Executive Director
SFLC.IN<http://sflc.in/>
K-9, Second Floor
Jangpura Extn.
New Delhi-110014
(tel) +91-11-43587126<tel:%2B91-11-43587126>
(fax) +91-11-24323530<tel:%2B91-11-24323530>
www.sflc.in<http://www.sflc.in/>
____________________________________________________________
You received this message as a subscriber on the list:
bestbits at lists.bestbits.net<mailto:bestbits at lists.bestbits.net>.
To unsubscribe or change your settings, visit:
http://lists.bestbits.net/wws/info/bestbits
____________________________________________________________
You received this message as a subscriber on the list:
bestbits at lists.bestbits.net<mailto:bestbits at lists.bestbits.net>.
To unsubscribe or change your settings, visit:
http://lists.bestbits.net/wws/info/bestbits
--
Warm Regards
Mishi Choudhary, Esq.
Legal Director
Software Freedom Law Center
1995 Broadway Floor 17
New York, NY-10023
(tel) 212-461-1912<tel:212-461-1912>
(fax) 212-580-0898<tel:212-580-0898>
www.softwarefreedom.org<http://www.softwarefreedom.org/>
Executive Director
SFLC.IN<http://sflc.in/>
K-9, Second Floor
Jangpura Extn.
New Delhi-110014
(tel) +91-11-43587126<tel:%2B91-11-43587126>
(fax) +91-11-24323530<tel:%2B91-11-24323530>
www.sflc.in<http://www.sflc.in/>
____________________________________________________________
You received this message as a subscriber on the list:
bestbits at lists.bestbits.net<mailto:bestbits at lists.bestbits.net>.
To unsubscribe or change your settings, visit:
http://lists.bestbits.net/wws/info/bestbits
--
Warm Regards
Mishi Choudhary, Esq.
Legal Director
Software Freedom Law Center
1995 Broadway Floor 17
New York, NY-10023
(tel) 212-461-1912<tel:212-461-1912>
(fax) 212-580-0898<tel:212-580-0898>
www.softwarefreedom.org<http://www.softwarefreedom.org/>
Executive Director
SFLC.IN<http://sflc.in/>
K-9, Second Floor
Jangpura Extn.
New Delhi-110014
(tel) +91-11-43587126<tel:%2B91-11-43587126>
(fax) +91-11-24323530<tel:%2B91-11-24323530>
www.sflc.in<http://www.sflc.in/>
____________________________________________________________
You received this message as a subscriber on the list:
bestbits at lists.bestbits.net<mailto:bestbits at lists.bestbits.net>.
To unsubscribe or change your settings, visit:
http://lists.bestbits.net/wws/info/bestbits
____________________________________________________________
You received this message as a subscriber on the list:
bestbits at lists.bestbits.net<mailto:bestbits at lists.bestbits.net>.
To unsubscribe or change your settings, visit:
http://lists.bestbits.net/wws/info/bestbits
--
“The fundamental cure for poverty is not money but knowledge" Sir William Arthur Lewis, Nobel Prize Economics, 1979
____________________________________________________________
You received this message as a subscriber on the list:
bestbits at lists.bestbits.net<mailto:bestbits at lists.bestbits.net>.
To unsubscribe or change your settings, visit:
http://lists.bestbits.net/wws/info/bestbits
--
Raman Jit Singh Chima
Policy Director
Access | accessnow.org<http://accessnow.org/>
Email: raman at accessnow.org<mailto:raman at accessnow.org>
Skype: raman.chima
PGP ID: 0x2A186000
Join the Access team - we're hiring<https://www.accessnow.org/about/jobs>!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.igcaucus.org/pipermail/bestbits/attachments/20150922/e85773f5/attachment.htm>
More information about the Bestbits
mailing list