After a huge outcry over government’s new draft encryption policy proposal making compulsory to store data in unencrypted format at least for 90 days, the government has made some exemptions.
According to new draft encryption policy, the encryption products that have been exempted include WhatsApp, Facebook, Twitter, payment gateways, e-commerce and password based transactions and more.
This draft was produced by expert group set up by the Department of Electronics and Information Technology (DeitY)
The Encryption products that are being exempted are as follows:
1.“mass use encryption products, which are currently being used in web applications, social media sites, and social media applications such as Whatsapp, Facebook, Twitter etc”.
2. SSL/TLS encryption products being used in Internet-banking and payment gateways.
3. SSL/TLS encryption products being used for e-commerce and password based transactions.
According to this new encryption policy draft user of the encryption messaging service should produce plain text which was transacted during communication on demand before law agencies failing to do so leads to imprisonment as per the law of the country.
This newly proposed policy would be applied to everyone either it be official or personal defined as B/C categories. All statutory organizations, Public sector undertakings, Academic institutions, business organizations comes under ‘B’ category while all citizens performing non-official or personal functions fall under category ‘C’ as per draft.
If a user communicated with any person abroad then he has the responsibility to produce the plain text along with encrypted information.
The draft has been proposed by Department of Electronics and Information Technology (DeitY) introduce the New Encryption Policy under Section 84A of the Information Technology Act, 2000.
The last date for public feedback on the draft is October 16, 2015.