Slashdot Mirror

← Back to Stories (view on slashdot.org)

Under Public Pressure, India Withdraws Draft Encryption Policy

Posted by timothy on from the rewording-furiously dept.

An anonymous reader writes: The government of India withdrew its draft policy on encryption owing to public responses just a day after releasing the document. The Communications and Information Technology minister Ravi Shankar Prasad said — "I read the draft. I understand that the manner in which it is written can lead to misconceptions. I have asked for the draft policy to be withdrawn and reworded." While it is encouraging that the government recognized it mistake and withdrew, many fear that this is part of a larger problem when it comes to this government taking technology policy decisions. Recently, the government was in the dock for its lack of clarity on Net Neutrality.

35 comments

  1. Do the needful by xxxJonBoyxxx · · Score: 3, Informative

    They yanked the link posted yesterday, but how's this for a pretentious domain name?

    >> "DIETY.gov.in" - http://deity.gov.in/sites/uplo...

    1. Re:Do the needful by Duhfus · · Score: 1

      Ha! It is an abbreviation of Department of Electronics & Information TechnologY. Nice play on words.

    2. Re:Do the needful by cloud.pt · · Score: 1

      It's just mostly an acronym (Department of Electronics & Information Technology), with an added Y at the end for simplicity (acronyms end better in vowel sounds), which can very well be taken from the last letter of the last word. I'd be more concerned with their dated website, using low-res, stretched imagery, and the notorious HTML 0.1 Alpha and Javascript 1999. It even looks like iframes are used at first glance... Maybe they still need to run stuff in Win98 down there.

    3. Re:Do the needful by PPH · · Score: 2

      DIETY

      Someone inside the NSA is kicking himself for having missed out on this acronym.

      --
      Have gnu, will travel.
    4. Re:Do the needful by Anonymous Coward · · Score: 1

      ...for simplicity...

      DIET

      Department of Information and Electronic Technology.

      Simpler yes?

    5. Re:Do the needful by ic3m4n1 · · Score: 1

      Works fine on my CRT. I dont know what the fuss is all about. What low res?

    6. Re:Do the needful by cloud.pt · · Score: 2

      If you believe diets are simple, I want you to tech me how to be able to stick to them easily :D

    7. Re:Do the needful by cloud.pt · · Score: 1

      How can you still see? CRT's release dangerous radiation! I hope you are using a filter...

  2. Translation by sjbe · · Score: 5, Insightful

    "I read the draft. I understand that the manner in which it is written can lead to misconceptions. I have asked for the draft policy to be withdrawn and reworded." .

    Translation: "This was a blatant power grab and we got caught. I have asked for it to be reworded so that people won't notice the problem next time."

    1. Re:Translation by Anonymous Coward · · Score: 0

      No-one that works in or around law should be able to use this statement. The law is meant to be clear and unambiguous and there shouldn't even be a suggestion that people aren't thinking about that. If there is then that's incompetence or dishonesty, so which is it?

      The public is not your review process for law. We shouldn't be telling you when you break it.

    2. Re:Translation by Anonymous Coward · · Score: 0

      Really, I assumed that the translation was: "We will copy and paste this into a new policy that will be implemented in secret so none of you whiners can complain."

    3. Re:Translation by penguinoid · · Score: 1

      "I read the draft. I understand that the manner in which it is written can lead to misconceptions. I have asked for the draft policy to be withdrawn and reworded." .

      Translation: "This was a blatant power grab and we got caught. I have asked for it to be reworded so that people won't notice the problem next time."

      Are you saying that they decided the legalese key length they used to encrypt the draft is insufficient, and needs a more thorough legalese encryption so it can't be decrypted by unauthorized voters?

      --
      Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
  3. We didn't misunderstand by Enigma2175 · · Score: 3, Insightful

    Oh, it's not "yeah, this proposal a horrible thing, we shouldn't have thought that this was a good idea", it's "You misunderstood what we are trying to do, we will do it again with more obfuscated language this time". No, we fucking didn't misunderstand. Your stupid proposal makes a nationwide backdoor into anything encrypted. If this were to actually happen, it would certainly be abused - India's government is notoriously corrupt. The Indian people need to tell their government in no uncertain terms that this is unacceptable.

    --

    Enigma

    1. Re:We didn't misunderstand by Anonymous Coward · · Score: 0

      I see this with almost all governments at some time. When in doubt, ban it and hope it doesn't bite you.

      The US was going to ban crypto altogether in the early 1990s until banks put the kibosh on that. Then when businesses starting losing sales to ITAR, that law was changed. There have been advanced to backdoor stuff, but usually end up stopped when a well-heeled party steps in and reminds Congress who its master really is [2].

      The problem is that the cat is out of the bag. The bad guys have crypto and know how to use it, and bans become a cat and mouse game that becomes unwinnable. Prohibition showed this lesson, and the War on Drugs drove this point home.

      Backdoors are also bad. If one group leaves a backdoor in, another group might find the key and use it to everyone's detriment, which has happened before. We saw this with hacking groups, and we saw this with Clipper/Skipjack.

      Storing stuff is also bad in general. If it is stored, it can be accessed or tampered with, so prudence states to have stuff expire and drop off whenever possible. If this can't be done, the next best thing is to archive it to encrypted WORM tape [1] and toss the tape in a back room somewhere, so the only cost for storage is basic HVAC and building security.

      So, India is learning the same lessons the US learned in the 1990s, and has been relearning these past few years.

      [1]: Yes, tape isn't fashionable, but once you have the drive/silo, media is cheap, has an archive life of 30 years (no other storage medium offers this), has AES-256 encryption (LTO-4 and newer), so if stuff has to be stored long term, might as well store it offline where it takes not just a physical breach, but obtaining the decryption key, to access the files.

      [2]: SOPA/PIPA come to mind, with China and Russia gently reminding Congress that dropping their sites from the Web is the same thing as a naval blockade -- an act of war -- , so once they "saw the light" on that (or more likely felt the heat), those bills promptly died.

  4. "Withdrew" by Anonymous Coward · · Score: 0

    So they're going to reword it, masking the law's intent through verbose legal jargon? At least they reacted at all, I suppose.

  5. Misconceptions? by sims+2 · · Score: 3, Informative

    What misconceptions? It seemed to be a pretty clear F U to anyone that might use encrypted communications as part of standard business practices.

    --
    Minimum threshold fixed. Thanks!
  6. Wouldn't just be abused by governments by sjbe · · Score: 3

    If this were to actually happen, it would certainly be abused - India's government is notoriously corrupt.

    It wouldn't just be abused by the government. Backdoors cannot be restricted to just the groups you intend - i.e. just the "good guys". It's simply not possible. Governments find this fact to be highly inconvenient and keep trying to find some way to weasel around it. This is just one of the more blatant attempts at weaseling.

    1. Re:Wouldn't just be abused by governments by gstoddart · · Score: 2

      Which is why governments do stupid stuff like this they demonstrate they're clueless idiots who don't understand the technology -- essentially they don't understand, or don't care that such a backdoor undermines the entire thing.

      As long as they get what they want, they simply don't give a damn.

      --
      Lost at C:>. Found at C.
    2. Re:Wouldn't just be abused by governments by Jason+Levine · · Score: 1

      I don't even find governments trying to weasel around this fact. They blatently ignore it. Even if we assumed that a LAW_ENFORCEMENT_ONLY backdoor provided to LAW_ENFORCEMENT_ORGANIZATION_X would never be abused by said organization, it would only be a matter of time before the backdoor was found and abused by someone else - someone who could pretend to be from LAW_ENFORCEMENT_ORGANIZATION_X.

      It's about the same as my policy on governmental powers: Even if you could guarantee that $AdministrationX would hold to its promise to never abuse $GovernmentPowerY, you couldn't guarantee the same about the next administration or the one after that. Eventually, any power will be abused by someone. That's why the US's founding fathers built checks and balances into their system - because they didn't trust any one person/group to be corruption-free. It's definitely not a perfect system, but checks and balances/accountability should be built into any system where a person is being granted great power.

      --
      My sci-fi novel, Ghost Thief, is now available from Amazon.com.
    3. Re:Wouldn't just be abused by governments by operagost · · Score: 1

      Of course they don't give a damn. If they create backdoors through law, then that will cause electronic crime to increase-- and create an opportunity to pass more laws. It's the usual cycle:

      1. Government passes laws to address an issue.
      2. Said laws create a new issue, or make the existing one worse.
      3. Government claims it has the solution to the problems it created, and the process repeats from step 1.

      --

      Gamingmuseum.com: Give your 3D accelerator a rest.
  7. This policy legitimises overthrowing government by Anonymous Coward · · Score: 1

    No country can call it a democracy if the people's communications are controlled through threats and intimidation. A people unable to communicate freely without censorship or privacy are not living in a true democracy or free state. Unfortunately many 'democracies' in Europe which claim to be free are not. They censor and punish holocaust deniers, censor communications online (for the 'good of the children'/decency, 'copyright', and in the name of 'privacy'). Unfortunately the evidence is these tools are being used to squash speech. And even in the United States we don't have a true democracy because the government enables parties to easily censor others via DMCA take-down requests and similar actions.

    One of the biggest mistakes I think of our 'founding fathers' was to implement copyright. The only time copyright should be permitted is when it doesn't involve violence against individuals (ie applicable to corporations only as it is in exchange for other legal protections) and copyleft (where the people are not threatened, but corporations can be).

  8. Typo in Story's Heading by Anonymous Coward · · Score: 0

    Under Public Pressure, India Withdraws Daft Encryption Policy

    CAP = 'socially'

  9. Nope by sexconker · · Score: 5, Insightful

    It wasn't public pressure.
    It was the realization that all the American companies that offshore tech work to India would have to offshore to somewhere else instead.

    1. Re:Nope by cbhacking · · Score: 2

      That... that is actually a really good point. For all the talk about NSA backdoors, the tech giants of the US have, for the most part, resisted government backdoors. They are probably even less happy with allowing foreign government backdoors, which means having India-based workers would become very difficult. That's a *lot* of money (taxes, for the government) lost, and a lot of ill will from the populace.

      --
      There's no place I could be, since I've found Serenity...
    2. Re:Nope by Anonymous Coward · · Score: 0

      For all the talk about NSA backdoors, the tech giants of the US have, for the most part, resisted government backdoors.

      How can anyone verify that claim?

    3. Re:Nope by afidel · · Score: 3, Interesting

      Exactly, here is the email I sent yesterday:

      Dear Mr. Krishnan,

      I am writing you in response to the draft National Encryption Policy recently released by your department. As an IT professional responsible for the security of my companies systems and data I feel I must write to inform you that these proposals are unacceptable to my organization. Should the proposed rules become law I will be forced to immediately terminate the access credentials of everyone who accesses our systems from the country of India. This will result in the loss of several hundred high paying jobs which we have outsourced to a company in your country. I feel that I am not alone in this stance and that you will find that there is a very real hit to your countries GDP as a large number of international companies pull access and contracts from suppliers in India as a result of these unconscionable rules. For the sake of the people of India I hope you reconsider your broad overreach in this area.

      --
      There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
  10. C'mon, folks, this is INDIA for crying out loud by vikingpower · · Score: 0

    I have never seen an example of the Indian state successfully enforcing anything, whether it be in the technological sphere or in the realm of keeping Indian men from gang-raping Indian women or tourist. Nothing to see here, folks.

    --
    Religous speak to God. Insane are spoken to by God. When all shut up, one can finally hear Shostakovich in peace
  11. Willful ignorance by sjbe · · Score: 2

    Which is why governments do stupid stuff like this they demonstrate they're clueless idiots who don't understand the technology

    Sometimes they are clueless but more often I think they understand just fine. Their "ignorance" is willful. They could easily reach out to parties that can explain the technology and the arguments for and against but they clearly are not doing this. So I think it's malicious instead of ignorant or if it is ignorant it is SO ignorant that there is effectively not difference.

    The police don't like encryption because it makes their job harder. They don't really care about the knock on effects. They only care about their ability to catch criminals and what politician wants to be against that? The politicians only care about staying in power. They don't really care about the knock on effects either so long as they don't affect their ability to stay in power. Easiest argument in the world for a politician to make is to be against criminals or terrorists. The collateral damage from their simplistic sound bite arguments gets brushed under the rug.

  12. selective enforcement ... by Ungrounded+Lightning · · Score: 3, Interesting

    I have never seen an example of the Indian state successfully enforcing anything....

    Selective enforcement is worse than no enforcement.

    Intermittent enforcement can give India all the downsides of the law without most of the (for them) benefits. The threat of occasional sporadic success, for instance, can cripple or kill outsourcing of anything with sensitive information to India, while the general failure of enforcement can still cause it to fail in its stated purpose of detecting planned attacks on the government and the like.

    As someone whose employment prospects and pay levels are severely impacted by outsourcing of technology work to India, it's tempting to cheer them on in re-wording and re-promulgating the regulation, and spiking the outsourcing. But that would probably just push the work to an even riskier to secrets country like China, rather than bring it to the US.

    Yes I know it's not a zero-sum game. But with the current US laws it's a massively sloped playing field, too.

    --
    Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
  13. Wise decision by Anonymous Coward · · Score: 0

    Maybe now the government can devote some funds to providing basic sanitation to the hundreds of millions of Indian citizens who lack it? It's shameful that India proclaims its power and prowess by engaging in what amounts to little more than pissing contests, while neglecting to provide for elementary dignity of its citizens.

    1. Re:Wise decision by silas_moeckel · · Score: 1

      I believe their current plan is ignore it and it will go away.

      --
      No sir I dont like it.
    2. Re:Wise decision by kaka.mala.vachva · · Score: 1

      How do we always get some folks commenting about sanitation when the discussion is about something entirely different? Talk about irrelevant posting - looking for easy karma, are you?

  14. Re:Fp 7acO by Anonymous Coward · · Score: 0

    Please update your link.

  15. India tries to destroy its tech industry by Anonymous Coward · · Score: 1

    India tries to destroy its only competitive industry

    They should go through with it so the rest of the world will have them as a 'case study' on what not to do. How much of their GDP will this epic rippling failure cost them.