Indian government amends encryption policy draft after outcry

The Indian government was at the receiving end of public’s wrath due to the controversial clauses included in a recently published draft of its new National Encryption Policy.

Nearly every internet-based message transmission uses some level of encryption. The policy draft, framed by the Department of Electronics and Information Technology (DeitY) under Section 84A of the Information Technology Act, 2000, required mobile users in the country to store any encrypted communications on their devices for up to 90 days, as reported by The Indian Express.

"All citizens, including personnel of Government / Business performing non-official / personal functions, are required to store the plaintexts of the corresponding encrypted information for 90 days from the date of transaction and provide the verifiable Plain Text to Law and Enforcement Agencies as and when required as per the provision of the laws of the country," the draft read.

This implies that deleting messages that are not more than three months old from commonly used instant messengers, like WhatsApp, Viber, Hike, and from e-mail clients such as Gmail, would be illegal.

However, following massive public uproar, an amendment has been made to exclude "mass encryption products, which are currently being used in web applications, social media sites, and social media applications such as Whatsapp, Facebook, Twitter etc”.

Moreover, it also exempted SSL/TLS encryption products used in Internet-banking and payment gateways along with SSL/TLS encryption products being used for e-commerce and password based transactions.