Govt withdraws draft encryption policy that raised overreach fears

Ravi Shankar Prasad asks the Department of Electronics and Information Technology to redraft the policy


A file photo of communications and information technology minister Ravi Shankar Prasad. Photo: PTI
A file photo of communications and information technology minister Ravi Shankar Prasad. Photo: PTI

New Delhi: The National Democratic Alliance (NDA) government on Tuesday withdrew the draft National Encryption Policy that called for users of social media and chatting apps to save their messages in plain text format—a provision that raised concerns of state overreach.

Communications and information technology minister Ravi Shankar Prasad on Tuesday asked the Department of Electronics and Information Technology (Deity) to withdraw the policy, which also raised fears that individual privacy may be compromised, and redraft it.

“It was giving rise to uncalled-for misgivings. The purport of this encryption policy is only to regulate those who encrypt. It is not to regulate consumers,” Prasad said, stressing the need for an encryption policy in the backdrop of a growing number of “cyber space transactions”.

“Some sort of encryption policy is being followed all over the world. We lack any sound policy on encryption. We will again put out the revised draft,” said Prasad. The government has set a 16 October deadline for public feedback on the law.

“This draft policy is not the final view of the government. Still, when I noted the concerns of the people and some expressions used in the draft policy that were unnecessary, I have asked the department to withdraw the draft, rework it and draft it properly and again put into the public domain, the minister said.

The draft has come in for criticism for requiring citizens and businesses using online services—including social media such as Twitter and Facebook—with encryption technology to store information such as messages and mails in the plain text format for 90 days. It also required users to produce those messages if demanded by law enforcement agencies.

The policy put the onus of producing encrypted information when demanded by government agencies on citizens as well as on all the online service providers using encryption technologies.

Many experts said the policy was “anti-privacy” and “draconian”, charges that Prasad denied.

“Our government supports social media freedom. We fully respect the right of articulation and freedom,” Prasad said.

Following a backlash from privacy advocates, techies and people on social media, the government had already made some changes to the policy.

The information technology ministry, in a bid to allay concerns, said in a statement that it would exempt mass-use encryption products, currently being used in web applications, social media sites and social media applications, from the purview of the draft national policy.

The draft policy was put online sometime between late night on Monday and Tuesday morning.

“This is the right step in a right direction, but it is only a temporary process,” Pavan Duggal, a cyberlaw expert and Supreme Court advocate, said about the decision to withdraw the draft policy.

“The policy will be reworked, reworded and revised, but the fundamental problem remains, which is the privacy issue. The policy in its present form violates the fundamental right to privacy,” he said.

The draft policy was withdrawn before Prime Minister Narendra Modi travels this weekend to Silicon Valley, home to leading Internet companies whose reputations partly depend on their use of encryption to protect user data.

Modi, an active user of social media, is scheduled to meet the chief executives of Microsoft Corp. and Google Inc. as well as visit the Facebook campus where he will address a townhall-style meeting with the social media giant’s co-founder Mark Zuckerberg.

India has more than 350 million Internet users and that number is expected to grow rapidly as more people use smartphones to go online.

Reuters and AP contributed to this story.

More From Livemint