- Beyoncé’s ‘Lemonade’ is finally coming to Spotify, Apple Music Wednesday 8:48 PM
- Ubisoft is offering Assassin’s Creed Unity for free to support Notre Dame Wednesday 8:25 PM
- Are teens really eating foods with the ‘shells on’ for a new viral challenge? Wednesday 6:39 PM
- The new Samsung Galaxy Fold already seems to be falling apart Wednesday 4:17 PM
- Think the ‘Game of Thrones’ spirals are all connected? Think again Wednesday 3:13 PM
- Rudy Giuliani retweets prominent QAnon supporter Wednesday 2:03 PM
- India bans TikTok over concerns of child endangerment Wednesday 2:00 PM
- JJ Abrams says there’s more to Rey’s origin story Wednesday 1:16 PM
- Lisa Ann says Equinox trainer looked up her number and sent her a creepy text Wednesday 1:01 PM
- 8 essentials every grad needs to succeed as an adult Wednesday 1:00 PM
- Makeup artist shows you how to become Kylie Jenner’s baby Wednesday 12:54 PM
- People are more concerned with this woman’s age than her being a school shooting threat Wednesday 12:14 PM
- Why are conservatives so obsessed with cargo shorts? Wednesday 11:46 AM
- How to transfer your Nintendo Switch save data Wednesday 11:45 AM
- Trans military ban causes student to lose ROTC scholarship Wednesday 11:04 AM
Indian government proposes an encryption plan that would mandate backdoors
What started in the United States has quickly spread to other countries, with worrisome results.
The global debate over encryption reached India this weekend as the country’s government became the latest to publicly wrestle with the growing popularity of strong cryptography and its implications for law-enforcement operations.
The government of India, the world’s most populous democracy, released a draft National Encryption Policy over the weekend that would require all individuals and businesses using encryption to store decrypted versions of data for 90 days, available for law enforcement to demand pursuant to the country’s laws.
The law would apply to everyone using services in India, even if they are not Indian citizens.
The policy also says that “encryption algorithms and key sizes will be prescribed by the Government through Notification from time to time,” introducing the strong possibility of a legally mandated backdoor allowing the government to access encrypted data.
The policy would not apply to “sensitive departments / agencies of the government” but would apply to Central and State Government Departments, an exception deemed hypocritical by civil-liberties advocates.
The document is the work of an unspecified “expert group” inside India’s Department of Electronics and Information Technology (DeitY).
Other than releasing the draft, which is open to public comment until Oct. 16, Indian officials have not addressed its subject matter or responded to the intense criticisms it has generated.
India’s new draft policy comes in the midst of an ongoing global encryption debate that has pitted privacy activists and law enforcement officials in multiple countries against each other. As strong encryption becomes more prevalent, its implications for law-enforcement and national-security investigations become more worrisome to government officials.
In the U.S., the years-long public debate on the issue has seen the director of the FBI accusing companies like Apple of aiding terrorists by locking out government investigators. But the White House hasn’t taken a position in the debate, and reports suggest that the Obama administration is preparing to publicly support widespread strong encryption against the wishes of some intelligence officials.
Obama, who is being presented with multiple options by the National Security Council, seems likely to back off of a plan similar to India’s draft proposal.
In Europe, however, the debate is shifting in the opposite direction. A bill dubbed the “snoopers’ charter,” which is expected to become law in the newly empowered Conservative government, would ban apps from operating in the U.K. unless they contained a backdoor allowing government access to encrypted data.
Security experts across the world have slammed backdoors as unfeasible and insecure technical solutions.
“The path to hell starts at the backdoor,” Brad Smith, general counsel and executive vice president of legal and corporate affairs at Microsoft, said at the World Economic Forum. “You should not ask for backdoors. That compromises protection for everyone against everything.”
Privacy advocates in India immediately slammed the government’s draft policy. Pranesh Prakash, policy director at the Bengaluru-based Center for Internet and Society, told the Times of India that the policy was a “bad idea conceived by people who do not understand encryption,” because it exposed businesses and individuals to hackers like those who infiltrated Ashley Madison and those who have repeatedly broken into U.S. government systems.
Update 9:12am, Sept. 22: The Indian government has withdrawn the draft of its encryption proposal, arguing that it was misunderstood and did not reflect the government’s full views of encryption priorities.
Illustration by Max Fleishman
Patrick Howell O'Neill is a notable cybersecurity reporter whose work has focused on the dark net, national security, and law enforcement. A former senior writer at the Daily Dot, O'Neill joined CyberScoop in October 2016. I am a cybersecurity journalist at CyberScoop. I cover the security industry, national security and law enforcement.