- Cooking Mama’s return whips up a fresh batch of memes Tuesday 8:18 PM
- Influencer body-shames model, Photoshops photo of self to ‘prove point’ Tuesday 7:27 PM
- Boosie Badazz goes on transphobic rant about Dwyane Wade’s daughter Tuesday 6:34 PM
- Royal Family’s website accidentally links to porn instead of charity Tuesday 5:39 PM
- Republican senator spreads false conspiracy about coronavirus Tuesday 5:11 PM
- New DNA technology could help exonerate Black man serving life sentence Tuesday 4:24 PM
- ‘SNL’s’ Kenan Thompson to host the White House Correspondents’ Dinner Tuesday 3:58 PM
- Singer Summer Walker dragged for insensitive HIV comments Tuesday 2:39 PM
- This video of a teddy bear getting steam cleaned makes a perfect meme Tuesday 2:27 PM
- Ted Cruz goes on Twitter tirade over proposed vasectomy bill Tuesday 2:22 PM
- Billie Eilish says she’s stopped reading Instagram comments Tuesday 2:13 PM
- Christian group blames satanists for Twitter poll results Tuesday 1:41 PM
- Coronavirus has pandemic-themed video games topping charts Tuesday 12:58 PM
- Bloomberg said kids are drawn to socialism because they think it involves social media Tuesday 12:55 PM
- Jake Paul gives ill-informed advice on how to deal with anxiety Tuesday 12:25 PM
Indian government proposes an encryption plan that would mandate backdoors
What started in the United States has quickly spread to other countries, with worrisome results.
The global debate over encryption reached India this weekend as the country’s government became the latest to publicly wrestle with the growing popularity of strong cryptography and its implications for law-enforcement operations.
The government of India, the world’s most populous democracy, released a draft National Encryption Policy over the weekend that would require all individuals and businesses using encryption to store decrypted versions of data for 90 days, available for law enforcement to demand pursuant to the country’s laws.
The law would apply to everyone using services in India, even if they are not Indian citizens.
The policy also says that “encryption algorithms and key sizes will be prescribed by the Government through Notification from time to time,” introducing the strong possibility of a legally mandated backdoor allowing the government to access encrypted data.
The policy would not apply to “sensitive departments / agencies of the government” but would apply to Central and State Government Departments, an exception deemed hypocritical by civil-liberties advocates.
The document is the work of an unspecified “expert group” inside India’s Department of Electronics and Information Technology (DeitY).
Other than releasing the draft, which is open to public comment until Oct. 16, Indian officials have not addressed its subject matter or responded to the intense criticisms it has generated.
India’s new draft policy comes in the midst of an ongoing global encryption debate that has pitted privacy activists and law enforcement officials in multiple countries against each other. As strong encryption becomes more prevalent, its implications for law-enforcement and national-security investigations become more worrisome to government officials.
In the U.S., the years-long public debate on the issue has seen the director of the FBI accusing companies like Apple of aiding terrorists by locking out government investigators. But the White House hasn’t taken a position in the debate, and reports suggest that the Obama administration is preparing to publicly support widespread strong encryption against the wishes of some intelligence officials.
Obama, who is being presented with multiple options by the National Security Council, seems likely to back off of a plan similar to India’s draft proposal.
In Europe, however, the debate is shifting in the opposite direction. A bill dubbed the “snoopers’ charter,” which is expected to become law in the newly empowered Conservative government, would ban apps from operating in the U.K. unless they contained a backdoor allowing government access to encrypted data.
Security experts across the world have slammed backdoors as unfeasible and insecure technical solutions.
“The path to hell starts at the backdoor,” Brad Smith, general counsel and executive vice president of legal and corporate affairs at Microsoft, said at the World Economic Forum. “You should not ask for backdoors. That compromises protection for everyone against everything.”
Privacy advocates in India immediately slammed the government’s draft policy. Pranesh Prakash, policy director at the Bengaluru-based Center for Internet and Society, told the Times of India that the policy was a “bad idea conceived by people who do not understand encryption,” because it exposed businesses and individuals to hackers like those who infiltrated Ashley Madison and those who have repeatedly broken into U.S. government systems.
Update 9:12am, Sept. 22: The Indian government has withdrawn the draft of its encryption proposal, arguing that it was misunderstood and did not reflect the government’s full views of encryption priorities.
Illustration by Max Fleishman
Patrick Howell O'Neill is a notable cybersecurity reporter whose work has focused on the dark net, national security, and law enforcement. A former senior writer at the Daily Dot, O'Neill joined CyberScoop in October 2016. I am a cybersecurity journalist at CyberScoop. I cover the security industry, national security and law enforcement.