Slashdot Mirror

← Back to Stories (view on slashdot.org)

India's Worrying Draft Encryption Policy

Posted by timothy on from the they'll-take-a-kilometer dept.

knwny writes: The government of India is working on a new National Encryption Policy the contents of which have raised a few alarms.Among other things, the policy states that citizens and businesses must save all encrypted messages (including personal or unofficial ones) and their plaintext copies for 90 days and make them available to law enforcement agencies as and when demanded. The policy also specifies that only the government of India shall define the algorithms and key sizes for encryption in India. The policy is posted on this website.

5 of 114 comments (clear)

  1. This should be interesting. by allaunjsilverfox2 · · Score: 4, Interesting

    What happens if, by accident or malicious intent, the storage medium you are using is destroyed? Or ironically enough, if you are attacked with malware that encrypts your drive. How do you explain that you can't decrypt the drive to so they can decrypt your messages? Or that the cloud solution provider you were using is down for a undetermined amount of time?

    --
    Restore the madness of youth's lechery
    1. Re:This should be interesting. by bigpat · · Score: 4, Interesting

      What happens if, by accident or malicious intent, the storage medium you are using is destroyed? Or ironically enough, if you are attacked with malware that encrypts your drive. How do you explain that you can't decrypt the drive to so they can decrypt your messages? Or that the cloud solution provider you were using is down for a undetermined amount of time?

      It depends what you are accused of and how politically connected or rich you are. Seriously, a law like this is meant as a catch all that nobody will be able to ensure their compliance with. Basically it outlaws encryption for all practical purposes. So if you are accused of something, anything, and you happened to use encryption then at least they can jail or fine you on a technicality when they can't prove that any real crime has been committed.

  2. Doesn't make sense by Chrisq · · Score: 4, Interesting

    If I'm accessing an https website in India that would mean that I would have to copy everything I typed in and save it for 90 days. That's every web search, amazon review, etc.

  3. Algorythms and Key Sizes but... by ComputerGeek01 · · Score: 3, Interesting

    I see nothing about the number of iterations. There are going to be an awful lot of pissed off spys when they find that decrypting a messages gives them another encrypted message

  4. Re:Yet another failed attempt ... by Anonymous Coward · · Score: 2, Interesting

    You're under the mistaken impression that this legislation has anything to do with encryption, technology, or is in any way designed to solve a problem for the public.

    Short, un-pc but painfully true answer: India is an apartheid state run by privileged class. (Cue shill posters in 3..2..1.. Sorry. India's been like this for 5-10x longer than most other countries have flown their flags period. Its not changing any time soon.)

    They've got two goals: 1. Make sure that the lower classes stay impoverished by limiting their access to private communications. 2. Have a bludgeon that, through selective enforcement, they can use to help keep lower classes impoverished.

    Welcome to geopolitics 101. Try not to stay too long or you'll end up hating humanity.