You may soon need to keep a copy of all messages sent through encrypted messaging services such as WhatsApp, Gmail or any mail, for 90 days, if Narendra Modi proposed National Encryption Policy is implemented in its current form. Deleting email or whatsapp message that you receive or send might be a crime if the policy is implemented as such.
Online businesses too would need to keep your sensitive information including passwords in plain text for the same period of time, thus exposing your information to potential hacking attacks.
As per the draft New Encryption Policy of the Department of Electronics and Information Technology (DeitY), the government will have access to all encrypted information, including personal emails, messages or even data stored on a private business server.
The draft policy, however, states that the objective is “use of encryption for ensuring the security/ confidentiality of data and to protect privacy in information and communication infrastructure without unduly affecting public safety and national security”.
Prepared by an expert group set up under section 84 A of the Information Technology Act, 2000, the policy states that users of encrypted messaging service should reproduce same text transacted during a communication in plain format before law enforcement agencies when demanded. Failing to comply may lead to imprisonment.
The proposed policy will be applicable to all citizens, including government departments, academic institutions, citizens and for all kinds of communications, official and personal. The final policy will be drafted only after obtaining feedback from the public. Feedback can be sent to: A S A Krishnan, Scientist ‘G’, Dept of Electronics and Information Technology, Electronics Niketan, 6, CGO Complex, Lodhi Road, New Delhi: 110003, Email: email@example.com. The last date to send feedback is October 16.
Generally, all messaging services like WhatsApp, Viber, Line, Google Chat and Yahoo messenger come with a high-level of encryption and many a time, security agencies find it hard to intercept them.
In case the user has communicated with a foreigner or an entity abroad, then the primary responsibility of providing readable plain text along with the corresponding encrypted information would be that of the user in the country. Besides, all service providers located within and outside India that use encryption technology for providing any type of services in India must register themselves with the government.