Slashdot Mirror

← Back to Stories (view on slashdot.org)

India's Worrying Draft Encryption Policy

Posted by timothy on from the they'll-take-a-kilometer dept.

knwny writes: The government of India is working on a new National Encryption Policy the contents of which have raised a few alarms.Among other things, the policy states that citizens and businesses must save all encrypted messages (including personal or unofficial ones) and their plaintext copies for 90 days and make them available to law enforcement agencies as and when demanded. The policy also specifies that only the government of India shall define the algorithms and key sizes for encryption in India. The policy is posted on this website.

7 of 114 comments (clear)

  1. This should be interesting. by allaunjsilverfox2 · · Score: 4, Interesting

    What happens if, by accident or malicious intent, the storage medium you are using is destroyed? Or ironically enough, if you are attacked with malware that encrypts your drive. How do you explain that you can't decrypt the drive to so they can decrypt your messages? Or that the cloud solution provider you were using is down for a undetermined amount of time?

    --
    Restore the madness of youth's lechery
    1. Re:This should be interesting. by bigpat · · Score: 4, Interesting

      What happens if, by accident or malicious intent, the storage medium you are using is destroyed? Or ironically enough, if you are attacked with malware that encrypts your drive. How do you explain that you can't decrypt the drive to so they can decrypt your messages? Or that the cloud solution provider you were using is down for a undetermined amount of time?

      It depends what you are accused of and how politically connected or rich you are. Seriously, a law like this is meant as a catch all that nobody will be able to ensure their compliance with. Basically it outlaws encryption for all practical purposes. So if you are accused of something, anything, and you happened to use encryption then at least they can jail or fine you on a technicality when they can't prove that any real crime has been committed.

  2. In other news... by Jon.Burgin · · Score: 4, Insightful

    the use of Indian consultants is about to drop dramatically.

  3. Yet another failed attempt ... by gstoddart · · Score: 4, Insightful

    And here we go with yet another example of politicians and other assholes with no technical understanding deciding to legislate "solutions" for their needs without the barest understanding of reality.

    Yet another country who has decided their need to spy magically changes how technology works.

    And, as usual, this will never work in practice.

    --
    Lost at C:>. Found at C.
  4. Doesn't make sense by Chrisq · · Score: 4, Interesting

    If I'm accessing an https website in India that would mean that I would have to copy everything I typed in and save it for 90 days. That's every web search, amazon review, etc.

  5. Re:reactions by U2xhc2hkb3QgU3Vja3M · · Score: 4, Funny

    Agent 1: Wow, this guy sure likes sending photos of kittens.
    Agent 2: Oh, look how cute this one is!

  6. Any DRM exceptions? by Sloppy · · Score: 5, Funny

    Waitaminute. If an Indian watches a DRMed movie, he'll be required by law to have cracked it and ripped it? If I sell DRMed media to Indians, am I going to automatically be a conspirator, if my customer doesn't crack it?

    There needs to be a DRM exception.

    And I'd rather not discuss the consequences of such an exception. ;-)

    --
    As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.