[video type='youtube' id='itwe8TgBqLw' height='350']
The Indian government was forced to withdraw a Draft National Encryption Policy after public uproar over the proposed measures. On #IndiaHangOut, our panel of experts debate if the government needs such a policy and what it should include.
The panel included Sanjay Kaul, the Spokesperson of BJP, Rajesh Chharia, the President of Internet Service Providers Association of India and Aditya Paul, Social Activist and Member of Aam Aadmi Party, along with Govindraj Ethiraj.
IT Minister Ravi Shankar Prasad said the proposals were released to the public without his knowledge. The draft, had it been implemented, would have forced Indians to store plain-text versions of their encrypted data for 90 days and make it available to security agencies.
The draft policy sparked outrage on social media, as most messaging services use some form of encryption. The encryption policy was proposed to enhance information security in India.
Sanjay Kaul defended the draft, saying that the exercise was done to collect responses from the public and that the intentions of the government had been clarified and the draft been withdrawn. "I found it very funny that a draft is being treated as a final policy and the idea of having public consultation has gone to the dogs," he said.
"The intent of the government is national security. We are not interested in reading your private WhatsApp messages. This alarmist tone is completely unnecessary. Short-circuiting any attempt at public consultation, even before it has started, is not complimentary to any democracy," he added.
Aditya Paul highlighted issues with the proposed draft, "You cannot choose to invade an individual's privacy in the name of national security. We lack strong laws to protect privacy in this country. The government needs to put these laws in place, that is the first step."
While the panel agreed that there is a need for a revised encryption policy in India, Rajesh Chharia suggested certain proposals that the government could include in the next draft. "The government is advising to keep encrypted data in text format for 90 days. This is shocking. What is the authenticity of such data? Here, R&D is required."
"Our law and order agencies want to decrypt-encrypt any message that they want to check. They cannot put this responsibility on the service provider and ask them to hand over their keys. The government should put their efforts in research and development and work towards proprietary software," he added.
Paul said that such a policy needs to promote startup culture and Digital India, and not shackle it. "The government needs to go back and look at local realities. It needs to be out of the C2C domain completely. There are other laws already in place for that. They need to frame laws that protect the privacy of individuals and companies. Once this has been addressed, the government will find it easier to formulate cyber laws. They will have faith in the government," he said.
Kaul concluded by emphasising that the current government is responsive and flexible enough. "We are open to listening to public opinion. We do agree that privacy laws need to be strengthened. Everybody agrees that we need an encryption policy as we move towards over a far more connected world. We need to secure our transactions, authentication of data."
"There is another aspect of how to be able to provide redress to people who have been threatened or find themselves wronged on the internet. For this, we only have legislation and a system of reward and punishment. We need a policy that answers to the imperatives of Digital India," he said.