IT Min revises work on encryption policy, seeks industry views

Last September, draft of policy had sought to mandate storage of all messages sent by people for 90 days, and to be made available on demand to security agencies

Less than a year after public backlash forced withdrawal of the controversial draft National Encryption policy, the government has restarted the work on drafting the blueprint, asking industry bodies for suggestions.

The Ministry of Electronics and IT recently wrote to leading industry associations including Cellular Operators Association of India (COAI), Association of Unified Telecom Service Providers of India (AUSPI), and Internet Service Providers Association of India (ISPAI) seeking their opinions and inputs that will facilitate a "robust and secure" encryption policy, sources said.

The ministry has given the associations a deadline of August 1, for sending their feedback, and said they would be invited for a more detailed discussion in the meeting of an Expert Committee.

However, associations such as COAI and AUSPI have asked the Ministry to bring out a specific discussion paper on the issue.

"We have written to them asking for more information on the proposed framework. Banks have a different encryption standard, Telecom Department has a different encryption standard... We need a consistent government approach on encryption," Rajan S Mathews, director general of COAI told PTI.

When contacted, ISPAI President, Rajesh Chharia said the reworked encryption policy, should be in sync with changes in technology.

"As per the proposed policy framework, the capability to encrypt and decrypt data should be within government. We will seek more time for giving our suggestions. The policy framework should be made after comprehensive discussions with all stakeholders," Chharia added.

Last September, the government had issued the draft of National Encryption Policy, which proposed to mandate storage of every message sent by people -- be it through WhatsApp, SMS, e-mail or any such service -- in plain text format for 90 days, and to made available on demand to security agencies.

Legal actions that also included imprisonment were proposed in the draft policy.

But following a public outcry and concerns over breaching right to privacy, government withdrew the proposal.

In February, previous Telecom Minister Ravi Shankar Prasad had said the government fully respected the upholding of right to privacy of citizens and acknowledged the need for protection of private data against misuse.

"There is no intention by the government to implement an encryption policy breaching right to privacy of public," Prasad had said.

The minister had further said encryption has been recognised by the government as means to secure data and transactions, and the provision in the Information Technology Act 2000 enables the use of encryption for such purposes.