[bestbits] Update: Indian Encryption Policy

Cynthia Wong wongc at hrw.org
Tue Sep 22 12:40:55 EDT 2015


Question for those in India: Are there proactive advocacy pieces that the groups on this list can put together to make sure the next draft is less awful?  Perhaps in coordination with David Kaye?

HRW would be keen to participate, if that would be helpful.

From: bestbits-request at lists.bestbits.net [mailto:bestbits-request at lists.bestbits.net] On Behalf Of Kevin Bankston
Sent: Tuesday, September 22, 2015 9:11 AM
To: Raman Jit Singh Chima
Cc: Deirdre Williams; Mishi Choudhary; bestbits at lists.bestbits.net&gt bestbits at lists.bestbits.net>bestbits at lists.bestbits.net>
Subject: Re: [bestbits] Update: Indian Encryption Policy

In regard to the continuing/future threat of a revised proposal, I think it’s worth highlighting that the U.S. President’s office is considering several options in regard to encryption policy (based on this leaked memo: http://apps.washingtonpost.com/g/documents/national/read-the-nsc-draft-options-paper-on-strategic-approaches-to-encryption/1742/), and one of them—option 1—would be to repudiate encryption backdoors, with an eye toward influencing other countries' behavior on this issue.  To the extent we can figure out ways to leverage this example to push the White House in the right direction right now, it may pay healthy dividends later in India and around the world.
_____________________________________
Kevin S. Bankston
Director, New America's Open Technology Institute
Co-Director, New America’s Cybersecurity Initiative
1899 L Street NW, Suite 400
Washington, DC 20036
bankston at opentechinstitute.org<mailto:bankston at opentechinstitute.org>
Phone: 202-596-3415
Fax: 202-986-3696
@kevinbankston

On Sep 22, 2015, at 11:19 AM, Raman Jit Singh Chima <raman at accessnow.org<mailto:raman at accessnow.org>> wrote:

Those links are confirmed, and the Minister did a formal statement at a press conference on this that the news wires have used for their stories.

http://indianexpress.com/article/india/india-others/government-withdraws-draft-national-encryption-policy-after-furore/

Do keep in mind though that they plan to try and bring this back - the Minister said they would redraft and then bring it back for public comment. We should celebrate this, but then pivot to focus on why undermining encryption should never be a policy step and what different governments across the world need to focus on - including India itself.

Raman.

On 22 September 2015 at 20:40, Deirdre Williams <williams.deirdre at gmail.com<mailto:williams.deirdre at gmail.com>> wrote:
Try http://www.bbc.com/news/world-asia-india-34322118

On 22 September 2015 at 11:07, Kevin Bankston <bankston at opentechinstitute.org<mailto:bankston at opentechinstitute.org>> wrote:
Is there a story or other link confirming that so we can tweet about our community winning a quick victory? Didn't even need to write comments!

Sent via mobile

__________________________________
Kevin S. Bankston
Director, Open Technology Institute
Co-Director, Cybersecurity Initiative
New America
1899 L Street NW, Suite 400
Washington, DC 20036
bankston at opentechinstitute.org<mailto:bankston at opentechinstitute.org>
Phone: 202-596-3415<tel:202-596-3415>
Fax: 202-986-3696<tel:202-986-3696>
@kevinbankston

On Sep 22, 2015, at 11:03 AM, Mishi Choudhary <mishi at softwarefreedom.org<mailto:mishi at softwarefreedom.org>> wrote:
Post a public outcry, DEITY has withdrawn this policy.

On 09/21/2015 03:46 PM, Raman Jit Singh Chima wrote:

Happy to add a few brief notes on the background to this if it is helpful:


  - The Indian Govt has had encryption policy discussions ongoing for
  about a decade. Pre-existing telecom sector regulation placed a limit of 40
  bits on the encryption that could be deployed by ISPs or telcos on their
  networks, though that arguably applied only to them directly and was
  unclear as to how it affected third parties
  - A provision in the Information Technology Act (Section 69) allowed the
  Union Government to issue orders forcing decryption of data in addition to
  allowing for interception requests. When the Information Technology Act was
  amended in 2008, another provision was added (Section 84A) which allowed
  the Union Government to specify "modes or methods for encryption" by
  executive rule-making. The text of the provision said that this was
  supposed to be for "secure use of the electronic medium and for promotion
  of e-governance and e-commerce". The internal political context for this
  included strong political pressure from law enforcement and the security
  establishment, who raised concerns about not being able to intercept
  encrypted communications
  - No rules for the above provision was publicly brought up from 2008
  until now, though there have been regular internal discussions - mostly
  with industry and intergovernmental consultation


Additionally - perhaps in response to the initial negative reaction in the
press - the Indian Dept. of Electronics and IT released an addendum document
<http://deity.gov.in/sites/upload_files/dit/files/Addendum%20-%20NEP-1_0.pdf>
today. It essentially appears to be trying to suggest that the draft rules
could exempt "mass use encryption products" along with SSL/TLS products
used for Internet banking (though only those specified by the Reserve Bank
of India) or for e-Commerce passwords.

Sincerely,
Raman.

On 22 September 2015 at 01:12, Mishi Choudhary <mishi at softwarefreedom.org<mailto:mishi at softwarefreedom.org>>
wrote:

Hi Carol,

Thanks for highlighting this. Its a  draft National Encryption Policy
and public comments are invited by October 16, 2015. Comments are to be
emailed to Mr A,S.A. Krishnan,  akrishnan at deity.gov.in<mailto:akrishnan at deity.gov.in>

The key highlights of the policy are :


1. A stipulation that businesses and citizens are to maintain plain text
(unencrypted) copies of encrypted content for a period of 90 days, to be
made available to Law Enforcement Agencies (LEAs) when so directed under
law.

2. Vendors of encryption products are required to register their
products with the Government as a pre-condition to conducting business
in India. They are also expected to re-register their products with
every update. This requirement is not limited to vendors of dedicated
encryption products, and seemingly includes even products that use
encryption in the course of providing a larger service such as messaging
or e-commerce. (Service  Providers located  within  and
outside  India, using  Encryption  technology  for providing any type of
services in India must enter  into an agreement with the Government
for providing such  services in India).

3. Encryption   algorithms   and key   sizes shall be prescribed
by   the Government through Notifications from time to time.


On 09/21/2015 03:33 PM, Carolina Rossini wrote:
Hi folks, I feel this could be a good topic for a coalition response
through the BB platform. Can the folks for India give some context to the
folks in this list? Let us know if such an action would be helpful.

Carol

Sent from my iPhone

On Sep 21, 2015, at 2:24 PM, Mishi Choudhary <mishi at softwarefreedom.org<mailto:mishi at softwarefreedom.org>>
wrote:

Worrisome development from India through this encryption policy



http://deity.gov.in/sites/upload_files/dit/files/draft%20Encryption%20Policyv1.pdf

--
Warm Regards
Mishi Choudhary, Esq.
Legal Director
Software Freedom Law Center
1995 Broadway Floor 17
New York, NY-10023
(tel) 212-461-1912<tel:212-461-1912>
(fax) 212-580-0898<tel:212-580-0898>
www.softwarefreedom.org<http://www.softwarefreedom.org/>


Executive Director
SFLC.IN<http://sflc.in/>
K-9, Second Floor
Jangpura Extn.
New Delhi-110014
(tel) +91-11-43587126<tel:%2B91-11-43587126>
(fax) +91-11-24323530<tel:%2B91-11-24323530>
www.sflc.in<http://www.sflc.in/>

____________________________________________________________
You received this message as a subscriber on the list:
   bestbits at lists.bestbits.net<mailto:bestbits at lists.bestbits.net>.
To unsubscribe or change your settings, visit:
   http://lists.bestbits.net/wws/info/bestbits


____________________________________________________________
You received this message as a subscriber on the list:
    bestbits at lists.bestbits.net<mailto:bestbits at lists.bestbits.net>.
To unsubscribe or change your settings, visit:
    http://lists.bestbits.net/wws/info/bestbits

--
Warm Regards
Mishi Choudhary, Esq.
Legal Director
Software Freedom Law Center
1995 Broadway Floor 17
New York, NY-10023
(tel) 212-461-1912<tel:212-461-1912>
(fax) 212-580-0898<tel:212-580-0898>
www.softwarefreedom.org<http://www.softwarefreedom.org/>


Executive Director
SFLC.IN<http://sflc.in/>
K-9, Second Floor
Jangpura Extn.
New Delhi-110014
(tel) +91-11-43587126<tel:%2B91-11-43587126>
(fax) +91-11-24323530<tel:%2B91-11-24323530>
www.sflc.in<http://www.sflc.in/>


____________________________________________________________
You received this message as a subscriber on the list:
    bestbits at lists.bestbits.net<mailto:bestbits at lists.bestbits.net>.
To unsubscribe or change your settings, visit:
    http://lists.bestbits.net/wws/info/bestbits





--
Warm Regards
Mishi Choudhary, Esq.
Legal Director
Software Freedom Law Center
1995 Broadway Floor 17
New York, NY-10023
(tel) 212-461-1912<tel:212-461-1912>
(fax) 212-580-0898<tel:212-580-0898>
www.softwarefreedom.org<http://www.softwarefreedom.org/>


Executive Director
SFLC.IN<http://sflc.in/>
K-9, Second Floor
Jangpura Extn.
New Delhi-110014
(tel) +91-11-43587126<tel:%2B91-11-43587126>
(fax) +91-11-24323530<tel:%2B91-11-24323530>
www.sflc.in<http://www.sflc.in/>
____________________________________________________________
You received this message as a subscriber on the list:
    bestbits at lists.bestbits.net<mailto:bestbits at lists.bestbits.net>.
To unsubscribe or change your settings, visit:
    http://lists.bestbits.net/wws/info/bestbits

____________________________________________________________
You received this message as a subscriber on the list:
     bestbits at lists.bestbits.net<mailto:bestbits at lists.bestbits.net>.
To unsubscribe or change your settings, visit:
     http://lists.bestbits.net/wws/info/bestbits



--
“The fundamental cure for poverty is not money but knowledge" Sir William Arthur Lewis, Nobel Prize Economics, 1979

____________________________________________________________
You received this message as a subscriber on the list:
     bestbits at lists.bestbits.net<mailto:bestbits at lists.bestbits.net>.
To unsubscribe or change your settings, visit:
     http://lists.bestbits.net/wws/info/bestbits



--
Raman Jit Singh Chima
Policy Director
Access | accessnow.org<http://accessnow.org/>

Email: raman at accessnow.org<mailto:raman at accessnow.org>
Skype: raman.chima
PGP ID: 0x2A186000

Join the Access team - we're hiring<https://www.accessnow.org/about/jobs>!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.igcaucus.org/pipermail/bestbits/attachments/20150922/e85773f5/attachment.htm>


More information about the Bestbits mailing list