Get ready to store emails, messages for 90 days

As per the draft New Encryption Policy of the Department of Electronics and Information Technology (DeitY), the government will have access to all encrypted information, including personal emails, messages or even data stored on a private business server.

The draft policy, however, states that the objective is “use of encryption for ensuring the security/ confidentiality of data and to protect privacy in information and communication infrastructure without unduly affecting public safety and national security”. 

Prepared by an expert group set up under section 84 A of the Information Technology Act, 2000, the policy states that users of encrypted messaging service should reproduce same text transacted during a communication in plain format before law enforcement agencies when demanded. Failing to comply may lead to imprisonment.

The proposed policy will be applicable to all citizens, including government departments, academic institutions, citizens and for all kinds of communications, official and personal. The final policy will be drafted only after obtaining feedback from the public. Feedback can be sent to: A S A Krishnan, Scientist ‘G’, Dept of Electronics and Information Technology, Electronics Niketan, 6, CGO Complex, Lodhi Road, New Delhi: 110003, Email: akrishnan@deity.gov.in. The last date to send feedback is October 16.

Generally, all messaging services like WhatsApp, Viber, Line, Google Chat and Yahoo messenger come with a high-level of encryption and many a time, security agencies find it hard to intercept them.

In case the user has communicated with a foreigner or an entity abroad, then the primary responsibility of providing readable plain text along with the corresponding encrypted information would be that of the user in the country. Besides, all service providers located within and outside India that use encryption technology for providing any type of services in India must register themselves with the government. 

“Encryption products may be exported but with prior intimation to the designated agency. Users in India are allowed to use only the products registered in India. Government reserves the right to take appropriate action as per the law for any violation,” the draft added. The draft has suggested that “all vendors of encryption products shall register their products with the designated agency of the government”. 

The B category users include: Statutory organisations, executive bodies, business and commercial establishments, including all public sector undertakings and academic institutions.

C category users include: Citizens, including personnel in government and business performing non-official or personal functions.