The products that are being exempted from the purview of the draft national encryption policy include mass-use encryption products, which are currently being used in web applications, social media sites, and social media applications. Photo: AFP
The products that are being exempted from the purview of the draft national encryption policy include mass-use encryption products, which are currently being used in web applications, social media sites, and social media applications. Photo: AFP

Encryption policy amended to exempt social media, e-commerce platforms

This means services such as Whatsapp, Facebook and Twitter will be out of the national encryption policy's purview

New Delhi: The Department of Electronics and Information Technology has made amends in the draft national encryption policy after facing a severe backlash from industry experts and tech community.

The ministry has posted the proposed addendum to the draft encryption policy clarifying that the policy will not be applicable to some services like social media and e-commerce platforms that are being used by masses.

The products that are being exempted from the purview of the draft national encryption policy include mass-use encryption products, which are currently being used in web applications, social media sites, and social media applications, the statement by the ministry said.

This means services such as Whatsapp, Facebook and Twitter will be out of the policy’s purview. Neither citizens using these services will have to store messages in the plain text format for 90 days, nor the service providers will have to enter in a contract with the Indian government.

The ministry also clarified that SSL/TLS (secure sockets layer/transport layer security) encryption products that are used in Internet-banking and payment gateways (as directed by the Reserve Bank of India) as well as SSL/TLS products being used for e-commerce and password-based transactions will be exempted.

SSL provides a secure connection between Internet browsers and websites, allowing you to transmit private data online, while TLS is a protocol that ensures privacy between communicating applications and their users on the Internet.

The draft policy, which was released by the IT ministry late last week, drew a lot of criticism for requiring citizens and businesses using online services that use encryption technology to store information such as messages and mails in plain text format for 90 days. It also requires users to produce those messages if demanded by the law enforcement agencies. Many experts have said that the policy is “anti-privacy law" and is “draconian" in nature.

Close