National Encryption Policy Withdrawn

After widespread outcry over the draft National Encryption Policy, released by the Department of Electronics and Information Technology on September 21, the proposal was withdrawn by Union Communications and IT Minister Ravi Shankar Prasad on September 22. While it was still ‘alive’, the policy was widely panned for being ambiguous at best and for suggesting the government wanted to assume an autocratic stance on access to encrypted information, enforced using a “registration raj” to bring offending vendors of encryption services in line.

The Indian Express reported via a tweet:

Earlier today, the policy document released by DEITY was amended to exempt “mass-use surveillance products” following widespread apprehensions that the government would come to have unfettered access to users’ personal correspondences if the policy was implement as-is, including information exchanged over services like WhatsApp and GMail. But with the document entirely withdrawn, and with Prasad’s comment that it didn’t reflect the government’s “final view” on the topic of encryption, there is a chance that a revised version in the future will be more mindful of the nuances of cryptographic techniques and why – as was the cast until this noon – it wouldn’t make sense for a government to define what tools can be used and how. Speaking at a press conference, Prasad stated that the government would take necessary steps keeping in line with the government’s support for the freedom of the social media.

The document had its sanction in Section 84A of the Information Technology Act 2000, via an amendment inserted in 2008 by the erstwhile UPA-II government, that allows the government to define and prescribe encryption standards, although not as vaguely as the incumbent NDA government at the Centre ended up doing.