Public backlash sends draft encryption policy into recycle ban
S Madhusudhana Rao
Here is a government that came to power using the latest technology in mass communications such as Twitter, Facebook and WhatsApp. Still, Prime Minister Narendra Modi keeps millions of smart phone users across the country in good humor with his tweets and FB updates with selfies whenever he moves out. He wants a Digital India with Smart Cities and every nook and cranny networked. After all this hifalutin talk, we end up fighting the government for our right to privacy from bedrooms to boardrooms! In the process, the government is making an ass of itself with its flip-flop policies on digital media.
About a week ago, a draft proposal to control secured communications online, called National Encryption Policy, was released for public debate. Not many people, except software developers and experts in related fields, knew about it until Monday when the Internet exploded with the news about government’s intentions. Massive denouncement online and offline has forced the government to withdraw the proposal.
Communications and Information Technology Minister Ravi Shankar Prasad told a news conference in New Delhi on Tuesday that the draft National Encryption Policy would be reviewed before it was presented to the public for suggestions. The minister said: “I read the draft. I understand that the manner in which it is written can lead to misconceptions. I have asked for the draft policy to be withdrawn and reworded. Experts had framed a draft policy…it is not the government’s final view. There were concerns in some quarters. There were some words (in the draft policy) that caused concern. The draft will be reviewed and re-released. Experts will be asked to specify to whom the policy will be applicable.”
The government’s hasty retreat raises several questions. One, does it not think before contemplating policy decisions with wider implications? Two, the so-called expert advisors are so dumb that they blindly follow someone’s idea without applying their minds and draft a policy for public debate? Minister Ravi Shankar Prasad claimed the draft policy document was released without his knowledge. If it was true, he should pull up the officials concerned for the mess-up, but he had not promised to do any such thing. That means the National Encryption Policy draft was released to test the public reaction a la porno ban and Net neutrality. In both cases, the public had forced the BJP government to eat humble pie.
The binned proposal has faced the same fate as an earlier move to ban/block adult sites. In both cases, Netizens have raised privacy concerns and government’s attempts to interfere in the lives of people in the name of security and safeguarding moral values. While the porno ban proposal was defended on the ground that unrestricted and freely available online porn is corrupting the young, the encryption policy was aimed at, ostensibly, addressing the government’s security concerns.
The draft encryption policy had proposed that users of social media like WhatsApp, Facebook, Viber need to keep a record of personal data, read chats and exchange of photos, etc, for 90 days and they will have to provide these details in unencrypted form whenever they were sought by authorities. If the users couldn’t provide the details, they could be penalized.
Data maintenance stipulation was also applicable to government institutions, public sector units and private business establishments besides individual users. Moreover, the social media apps and platforms had to register the mode of encryption they were using with the government or adopt government-approved encryption services. Those (operating from other countries) who would fail to do so could be declared illegal in India.
Several objections had been raised on two fronts over the original proposal: encryption and threat to personal freedom to communicate with others online on any platform. A majority of users know little about encryption. In fact, there is no need for them to learn about technical aspects of digital communications.
Encryption originated and was widely used during battles to send secret messages to commanders on the war front through signals or codes. Only the sender and receiver would understand their meaning. Later, when machines started transmitting the messages from military headquarters to forward areas, decoders used to decrypt the messages. Now, with the development of sophisticated technologies, whatever message you key in will be converted into digital form and automatically encrypted by the users’ devices before transmitting and after receiving the data. At the receiving end, it is decrypted by his/her gadget and shown on the screen.
Every app or mobile company will have its own system of encryption and decryption to protect users from the onslaught of hackers, cyber crooks and online frauds. Financial institutions like banks, transactions involving credit cards and online business portals use highly secure encryption techniques to prevent hacking. In a majority of cases, only the users’ devices will have the conversion mechanism to scramble and unscramble the data sent by others through what is called ‘key.’ That means only those who have the ‘key’ on their devices could see the messages in a system known as end-to-end encryption.
For example, if two militants are using a smart phone with such a facility, none would know the info being exchanged unless one has the ‘key’. For intelligence and security agencies tracking criminals and terrorists it’s a problem to gather data on their movements and activities or to snoop in on their online activities. If the Indian security establishment could secure the required data under the National Encryption Policy, it hoped to crack down on anti-national elements with ease.
The issue here is, why did the draft policy include social media and want both encrypted and decrypted data stored in original form for 90 days? In any case, Indian security agencies have all the needed wherewithal to monitor suspicious and hideous activities of militants in the country. In fact, by asking the users not to delete chats, messages and personal info, the government is unwittingly exposing them to hackers and online frauds. In other words, what it wanted to achieve would have had an opposite effect!
A more serious issue is government’s bid to intrude into an individual’s private life. What he/she does online is his/her business and it is uncharitable on the part of government to make it public. And, is there any guarantee officials will not misuse such policy?
Nevertheless, as an afterthought, Communications and Information Technology Minister Ravi Shankar Prasad said those using social media platforms and web applications fell outside the scope of the encryption policy proposal. Before he announced the government’s climb down, an addendum was issued to keep the social media, secure banking and online business transactions out of the policy purview.
Still, the proverbial sword of Damocles is hanging on the digital media and personal liberties since the government has not ruled out another policy after a review of the disbanded National Encryption Policy. Though no time-limit has been set, it can come in some other form.