- ‘Watchmen’ website expands what you know about its alt-history 4 Years Ago
- Smoke ’em, pass ’em Week 8: Mark Walton szn 4 Years Ago
- Venmo’s first-ever credit card to launch in 2020 4 Years Ago
- Wet Kylo Ren may turn everyone to the dark side Today 3:15 PM
- Man allegedly targeted trans women on dating app, robbed them at knifepoint Today 3:02 PM
- Researchers expose how Amazon Echo and Google Home can steal passwords Today 2:47 PM
- Facebook removing Instagram Story filters that mimic plastic surgery Today 2:16 PM
- Mom solves ‘ghost baby’ image mystery after viral post Today 1:23 PM
- Elon Musk tweeted ‘through space’ Today 1:16 PM
- Don’t want a Fitbit? These step tracker apps got you covered Today 12:51 PM
- Protesters sing ‘Baby Shark’ to soothe frightened toddler Today 12:47 PM
- Who is Babu Frik, the adorable, teeny mechanic from ‘Rise of Skywalker’? Today 12:36 PM
- Senators push for social media data portability Today 12:11 PM
- ‘Stage Fright’ is a therapeutic lens into Jenny Slate’s weird world Today 11:34 AM
- Congressmen call on Twitter to shut down accounts for Hamas, Hezbollah Today 11:12 AM
Indian government proposes an encryption plan that would mandate backdoors
What started in the United States has quickly spread to other countries, with worrisome results.
The global debate over encryption reached India this weekend as the country’s government became the latest to publicly wrestle with the growing popularity of strong cryptography and its implications for law-enforcement operations.
The government of India, the world’s most populous democracy, released a draft National Encryption Policy over the weekend that would require all individuals and businesses using encryption to store decrypted versions of data for 90 days, available for law enforcement to demand pursuant to the country’s laws.
The law would apply to everyone using services in India, even if they are not Indian citizens.
The policy also says that “encryption algorithms and key sizes will be prescribed by the Government through Notification from time to time,” introducing the strong possibility of a legally mandated backdoor allowing the government to access encrypted data.
The policy would not apply to “sensitive departments / agencies of the government” but would apply to Central and State Government Departments, an exception deemed hypocritical by civil-liberties advocates.
The document is the work of an unspecified “expert group” inside India’s Department of Electronics and Information Technology (DeitY).
Other than releasing the draft, which is open to public comment until Oct. 16, Indian officials have not addressed its subject matter or responded to the intense criticisms it has generated.
India’s new draft policy comes in the midst of an ongoing global encryption debate that has pitted privacy activists and law enforcement officials in multiple countries against each other. As strong encryption becomes more prevalent, its implications for law-enforcement and national-security investigations become more worrisome to government officials.
In the U.S., the years-long public debate on the issue has seen the director of the FBI accusing companies like Apple of aiding terrorists by locking out government investigators. But the White House hasn’t taken a position in the debate, and reports suggest that the Obama administration is preparing to publicly support widespread strong encryption against the wishes of some intelligence officials.
Obama, who is being presented with multiple options by the National Security Council, seems likely to back off of a plan similar to India’s draft proposal.
In Europe, however, the debate is shifting in the opposite direction. A bill dubbed the “snoopers’ charter,” which is expected to become law in the newly empowered Conservative government, would ban apps from operating in the U.K. unless they contained a backdoor allowing government access to encrypted data.
Security experts across the world have slammed backdoors as unfeasible and insecure technical solutions.
“The path to hell starts at the backdoor,” Brad Smith, general counsel and executive vice president of legal and corporate affairs at Microsoft, said at the World Economic Forum. “You should not ask for backdoors. That compromises protection for everyone against everything.”
Privacy advocates in India immediately slammed the government’s draft policy. Pranesh Prakash, policy director at the Bengaluru-based Center for Internet and Society, told the Times of India that the policy was a “bad idea conceived by people who do not understand encryption,” because it exposed businesses and individuals to hackers like those who infiltrated Ashley Madison and those who have repeatedly broken into U.S. government systems.
Update 9:12am, Sept. 22: The Indian government has withdrawn the draft of its encryption proposal, arguing that it was misunderstood and did not reflect the government’s full views of encryption priorities.
Illustration by Max Fleishman
Patrick Howell O'Neill is a notable cybersecurity reporter whose work has focused on the dark net, national security, and law enforcement. A former senior writer at the Daily Dot, O'Neill joined CyberScoop in October 2016. I am a cybersecurity journalist at CyberScoop. I cover the security industry, national security and law enforcement.