The massively controversial encryption policy is back on the drawing board of the government. According to highly placed sources, the Department of Electronics and IT has started work on redrafting the policy, which was withdrawn in September last year after a huge public outcry.
The draft, which is at an initial stage now and being drafted by the department jointly with the office of the national security adviser, may take another two to three months to be ready. According to people in the know, the idea behind the policy is to secure communication over the Internet for citizens by mandating certain encryption standards. The mandated encryption strength in India is 40 bit, which is as per the Telegraph Act made decades ago, whereas the current need is for at least 256 bit
“The encryption policy is to protect communication between the sender and receiver from being hacked into. Why should the conduit have any kind of access to it?” asked a government official, adding that the proposed policy favoured a better privacy regime.
“The policy has to be absolutely crystal clear. Even if you look at encryption by WhatsApp , the government is in favour of it,” said the official, who is aware of the plans but did not want to be named.
Experts, however, are opposed to the idea of government mandating any standards as they argue that it may be a way to monitor content in the garb of outlining security standards. Another outcry may follow when the redrafted policy is released for debate.
“This idea of focusing on capping strength of encryption or building in backdoors for law enforcement only undermines modern security for all,” said Raman Jit Singh Chima, policy director at advocacy group Access Now. It is best to have just a policy statement that supports strong encryption in the country, added Chima. To be sure, it is not clear as to how the revised policy draft will be different from its earlier version.