The Department of Electronics and Information Technology (DeitY) had proposed, in a set of draft guidelines, that all messages sent through encrypted messaging services such as WhatsApp, Google Hangouts or Apple's iMessage, must be stored for 90 days. The move triggered widespread privacy concerns and generated heated debate.
There is very little clarity at this point on what will and will not be permitted by the government if the draft guidelines are adopted. In a digitally growing economy, when the government terms social networks like WhatsApp and Gmail as "anti-national elements", netizens have taken to social media with furious debates over government’s stand on the policy.
Shortly after the debate garnered social media buzz, DeitY clarified in a draft that social media websites and applications will be exempted from the purview of the Encryption Policy. According to the draft posted by Deity, there are certain categories of encryption products that will be exempted from the purview of the draft national encryption policy.
In an addendum to the draft policy, DeitY has exempted “mass use encryption products, which are currently being used in web applications, social media sites, and social media applications such as Whatsapp, Facebook, Twitter etc”. It also exempted SSL/TLS encryption products used in Internet-banking and payment gateways as well as SSL/TLS encryption products being used for e-commerce and password based transactions.
The draft policy, for which the DeitY has invited comments from the public till October 16, has suggested that all vendors of encryption products shall register their products with the designated agency of the Government. The final policy will be drafted only after the feedback is taken into account. At the moment, it seems the public reaction to the policy will be aggressive as it will affect almost all Internet users — a majority is not even aware that it is using encryption technologies.
The draft policy document states that the vision is to create an information security environment, and secure transactions. But the actual details mentioned in the draft appear to do the opposite, and put a focus more on the lines of limiting encryption only to technologies that likely could be intercepted by the government, when required.
This is in many ways similar to the Telecom Regulatory Authority of India's draft letter on Net Neutrality, which instead talked about issues like cyberbullying and 'sexting'. In the feedback period, TRAI received over 1 million emails, but the Department of Telecom report on Net Neutrality also went against public sentiment on certain things, suggesting that telcos should be allowed to charge extra for specific services, such as Skype or WhatsApp voice calls in India, showing that calls for feedback aren't necessarily being taken seriously.