All you want to know about the govt's proposed National Encryption Policy

The government has exempted social media including WhatsApp, Facebook and Twitter among others from the ambit of encryption policy after the public uproar on privacy issues. Here is all you need to know about the proposed National Encryption Policy:

• The draft on National Encryption Policy proposes to introduce the New Encryption Policy under section 84 A of Information Technology Act 2000. This section was introduced through an amendment in 2008.
• The proposed encryption policy aims to enhance the country's information security.
• According to the policy, all encrypted data has to be stored in plain text format for a period of 90 days and made available to the security agencies. Since all web-based social media messaging services use some form of encrypted data, Twitter, Facebook, WhatsApp, Viber, Line, Google Chat and Yahoo Messenger would have come under its ambit. But the government has now exempted social media messaging services from the purview of encryption policy.
• In case of the user having communicated with foreigner or entity abroad, then the primary responsibility of providing readable plain text along with the corresponding encrypted information would be that of the user in the country.
• Payment gateways, e-commerce and password based transactions have also been exempted from the encryption policy.
• The draft has all statutory organizations, executive bodies, business and commercial establishments, including all public sector undertakings and academic institutions under its purview.
• The 'C category' of the draft includes all citizens including government personnel and business performing non-official or personal functions.
• The draft on National Encryption Policy proposes legal action that could also entail imprisonment for failure to store and produce on demand the encrypted message sent from any mobile device or computer. The draft, issued by the Department of Electronics and Information Technology, would apply to everyone, including government departments, academic institutions, and citizens and for all kinds of communications - be it official or personal.
• Besides this, all service providers located within and outside India that use encryption technology for providing any type of services in India must register themselves with the government, as per the draft.
• The experts, however, have reservations on the proposed encryption policy. They point out the possibility that the 'plain text' data can be manipulated by hackers or by a government official with encryption keys.
• The draft on encryption policy has been put online and is open to public comment till October 16.