Slashdot Mirror

← Back to Stories (view on slashdot.org)

India's Worrying Draft Encryption Policy

Posted by timothy on from the they'll-take-a-kilometer dept.

knwny writes: The government of India is working on a new National Encryption Policy the contents of which have raised a few alarms.Among other things, the policy states that citizens and businesses must save all encrypted messages (including personal or unofficial ones) and their plaintext copies for 90 days and make them available to law enforcement agencies as and when demanded. The policy also specifies that only the government of India shall define the algorithms and key sizes for encryption in India. The policy is posted on this website.

12 of 114 comments (clear)

  1. This should be interesting. by allaunjsilverfox2 · · Score: 4, Interesting

    What happens if, by accident or malicious intent, the storage medium you are using is destroyed? Or ironically enough, if you are attacked with malware that encrypts your drive. How do you explain that you can't decrypt the drive to so they can decrypt your messages? Or that the cloud solution provider you were using is down for a undetermined amount of time?

    --
    Restore the madness of youth's lechery
    1. Re:This should be interesting. by bigpat · · Score: 4, Interesting

      What happens if, by accident or malicious intent, the storage medium you are using is destroyed? Or ironically enough, if you are attacked with malware that encrypts your drive. How do you explain that you can't decrypt the drive to so they can decrypt your messages? Or that the cloud solution provider you were using is down for a undetermined amount of time?

      It depends what you are accused of and how politically connected or rich you are. Seriously, a law like this is meant as a catch all that nobody will be able to ensure their compliance with. Basically it outlaws encryption for all practical purposes. So if you are accused of something, anything, and you happened to use encryption then at least they can jail or fine you on a technicality when they can't prove that any real crime has been committed.

  2. In other news... by Jon.Burgin · · Score: 4, Insightful

    the use of Indian consultants is about to drop dramatically.

  3. Yet another failed attempt ... by gstoddart · · Score: 4, Insightful

    And here we go with yet another example of politicians and other assholes with no technical understanding deciding to legislate "solutions" for their needs without the barest understanding of reality.

    Yet another country who has decided their need to spy magically changes how technology works.

    And, as usual, this will never work in practice.

    --
    Lost at C:>. Found at C.
  4. reactions by DriveDog · · Score: 3, Insightful

    This'll just drive the use of steganography, and then the government won't even know when there ARE messages.

    1. Re:reactions by U2xhc2hkb3QgU3Vja3M · · Score: 4, Funny

      Agent 1: Wow, this guy sure likes sending photos of kittens.
      Agent 2: Oh, look how cute this one is!

  5. Doesn't make sense by Chrisq · · Score: 4, Interesting

    If I'm accessing an https website in India that would mean that I would have to copy everything I typed in and save it for 90 days. That's every web search, amazon review, etc.

    1. Re:Doesn't make sense by Jason+Levine · · Score: 3, Funny

      Not to mention all of your spam e-mails that you looked at via HTTPS webmail. Because if you don't keep an unencrypted copy of "herbal viagra for sale by nigerian princes whose daughters want to video chat with you" for 90 days then you're breaking the law!

      --
      My sci-fi novel, Ghost Thief, is now available from Amazon.com.
  6. Algorythms and Key Sizes but... by ComputerGeek01 · · Score: 3, Interesting

    I see nothing about the number of iterations. There are going to be an awful lot of pissed off spys when they find that decrypting a messages gives them another encrypted message

  7. These backwards countries... by Jawnn · · Score: 3, Funny

    ...always trying to invade the privacy of their citizens. I'm just thankful that I Iive in the U.S.A. where that kind of thing... Oh, wait...

  8. Aka, The "China, Please Snarf My Data" Bill by cmholm · · Score: 3, Insightful

    So, the Indian Govt thinks that intentionally weak crypto and forced plain text long term storage is a good idea? Never mind what the US might do with this. India's strategic and economic competitor is China, which will thus get so much more info product with so much less effort.

    On the flip side, this may be so unacceptable to the business sector that it'll become another source of graft for officials to look the other way. Aka, The "Bureaucrat Bonus" Bill. Something for everyone.

    --
    Luke, help me take this mask off ... Just for once, let me butterfly kiss you with my own eyes.
  9. Any DRM exceptions? by Sloppy · · Score: 5, Funny

    Waitaminute. If an Indian watches a DRMed movie, he'll be required by law to have cracked it and ripped it? If I sell DRMed media to Indians, am I going to automatically be a conspirator, if my customer doesn't crack it?

    There needs to be a DRM exception.

    And I'd rather not discuss the consequences of such an exception. ;-)

    --
    As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.