Following criticism it received for the “Draft National Encryption Policy” which aimed at regulating platforms like BBM and WhatsApp, the Department of Electronics & Information Technology (DEITY) has clarified the categories of encryption products which will be exempted from the purview of the draft policy.
In a statement released by DEITY, the department mentioned that social media sites and social media applications including Facebook, WhatsApp and Twitter will be exempted from the purview of the Encryption Policy.
Image source: DeitY/Twitter
So will encryption products used in internet-banking and payment getaways.
Part of the draft note, which you can read here, earlier said,
All citizens (C), including personnel of Government / Business (G/B) performing non-official / personal functions, are required to store the plaintexts of the corresponding encrypted information for 90 days from the date of transaction and provide the verifiable Plain Text to Law and Enforcement Agencies as and when required as per the provision of the laws of the country.
This is the part which seems to have irked many observers, activists and journalists keeping a watch on cyber-policy.
What it basically meant is that you cannot delete your WhatsApp messages for 90 days and you have to share it with the authorities if the law demands it. If you don’t, then you can be booked.
According to the draft, the mission of the policy is to provide confidentiality of information in cyber space for individuals, protection of sensitive or proprietary information for individuals and businesses, ensuring continuing reliability and integrity of nationally critical information systems and networks.
The objectives of the draft policy is to synchronize with the emerging global digital economy, network society and use of encryption for ensuring the security, confidentiality of data and to protect privacy in information and communication infrastructure without unduly affecting public safety and national security, it added.
The draft proposes to introduce the New Encryption Policy under section 84A of Information Technology Act 2000.
The last date for public to comment on the draft is October 16.
With inputs from IANS