Legal action that could also include imprisonment has been proposed in the draft policy unveiled by the government for failure to store and produce on demand the encrypted messages sent from any mobile device or computer. The policy also wants everyone to hand over their encryption keys to the Government.
The draft proposes that users of encrypted messaging service on demand should reproduce same text, transacted during a communication, in plain format before law enforcement agencies and failing which the government can take legal action as per the laws of the country.
The proposed policy, issued by the Department of Electronics and Information Technology, would apply to everyone including government departments, academic institutions, citizens and for all kind of communications - be it official or personal.
Generally, all the modern messaging services like WhatsApp, Viber, Line, Google Chat, Yahoo messenger etc, come with high level of encryption and many a time security agencies find it hard to intercept these messages.
“All information shall be stored by the concerned B/C entity for 90 days from the date of transaction and made available to Law Enforcement Agencies as and when demanded in line with the provisions of the laws of the country,” the draft said.
The draft has defined ‘B category’ as all statutory organizations, executive bodies, business and commercial establishments, including all Public Sector Undertakings, Academic institutions.
The ‘C category’ as per the draft are all citizens including personnel of government and business performing non-official or personal functions.
In case of the user having communicated with foreigner or entity abroad then the primary responsibility of providing readable plain text along with the corresponding encrypted information would be that of the user in the country.
Besides this, all service providers located within and outside India that use encryption technology for providing any type of services in India must register themselves with the government, as per the draft.
The draft proposes to introduce the New Encryption Policy under section 84 A of Information Technology Act 2000. This section was introduced through <g data-gr-id="46">amendment</g> in 2008.
The sub-section 84 C that was also introduced through the amendment has <g data-gr-id="52">provision</g> of imprisonment for violation of the act. The last date for <g data-gr-id="49">public</g> to comment on the draft is October 16, 2015.
“Having a draft on <g data-gr-id="60">issue</g> is a welcome step. It looks at everything with <g data-gr-id="59">prism</g> of law enforcement. It will create a license raj. There is very much concern around privacy of <g data-gr-id="58">citizen</g>. The policy wants messages to be given on demand. If my private information is sought by <g data-gr-id="56">government</g>, it should be done through courts,” Arun Sukumar, Head, Cyber Initiative, said.