Slashdot Mirror
India's Worrying Draft Encryption Policy
knwny writes: The government of India is working on a new National Encryption Policy the contents of which have raised a few alarms.Among other things, the policy states that citizens and businesses must save all encrypted messages (including personal or unofficial ones) and their plaintext copies for 90 days and make them available to law enforcement agencies as and when demanded. The policy also specifies that only the government of India shall define the algorithms and key sizes for encryption in India. The policy is posted on this website.
the use of Indian consultants is about to drop dramatically.
And here we go with yet another example of politicians and other assholes with no technical understanding deciding to legislate "solutions" for their needs without the barest understanding of reality.
Yet another country who has decided their need to spy magically changes how technology works.
And, as usual, this will never work in practice.
Lost at C:>. Found at C.
This'll just drive the use of steganography, and then the government won't even know when there ARE messages.
So, the Indian Govt thinks that intentionally weak crypto and forced plain text long term storage is a good idea? Never mind what the US might do with this. India's strategic and economic competitor is China, which will thus get so much more info product with so much less effort.
On the flip side, this may be so unacceptable to the business sector that it'll become another source of graft for officials to look the other way. Aka, The "Bureaucrat Bonus" Bill. Something for everyone.
Luke, help me take this mask off