NEW DELHI -- Swiftly responding to an online backlash over a proposed policy which allows the government to access all encrypted information on email, apps, websites and business servers, Union Information Technology Minister Ravi Shankar Prasad announced today that the government has withdrawn the draft on the encryption policy.
He made it clear that it was "just a draft and not the view of the government" but added that it will be released after being reworded properly.
At a press conference, Prasad told reporters that the draft, which had sparked a storm on the Internet, contained some expressions which were causing misgivings. The draft policy was open for public comments until October 16.
"Our government supports the freedom of social media," he said. "I want to make it very clear that this is just a draft and not the view of the government. I have noted the concern expressed by enlightened sections of the public."
"I personally feel that some of the expression used in the draft are giving rise to uncalled-for misgivings. Therefore, I have written to DeitY to withdraw that draft, rework it properly and thereafter put in the public domain," he told reporters.
Generally, all modern messaging services like WhatsApp, Viber, Line, Google Chat, Yahoo Messenger and the like come with a high level of encryption and many a time, security agencies find it hard to intercept these messages.
"Yesterday, it was brought to our notice that draft has been put in the public domain seeking comments. I wish to make it very clear that it is just a draft and not the view of the government. I have noted concerns expressed... by the public," Prasad said.
As per the original draft, the new encryption policy proposes that every message a user sends -- be it through WhatsApp, SMS, e-mail or any such service -- must be mandatorily stored in plain text format for 90 days and made available on demand to security agencies.
Prasad said the government under the leadership of Prime Minister Narendra Modi has promoted social media activism.
"The right of articulation and freedom, we fully respect but at the same time, we need to acknowledge that cyber space transaction is rising enormously for individuals, businesses, the government and companies," he said.
This is the government's second volte face in two months.
In August, the department of telecom withdrew a list of 857 websites it had asked internet service providers to ban after massive public outrage. The ministry said it will disregard the list, which was furnished by a petitioner in a still-pending case in the Supreme Court, seeking a blanket ban on pornographic websites.
Instead, the government said it will make it incumbent on internet service providers to filter pornographic content involving children.
The encryption draft proposed legal action that could entail imprisonment for failure to store and produce on demand the encrypted message sent from any mobile device or computer.
The decision to withdraw the draft comes ahead of Modi's visit to the United States in which he will meet technology entrepreneurs at Silicon Valley, and join Mark Zuckerberg for a town hall-style Q-and-A session at the Facebook headquarters in Menlo Park, California.
The government's IT ministry had stoked controversy by mulling a law that--almost impossibly--encumbers every citizen to be accountable for all encrypted information that passes through their email, apps, websites and business servers.
Thus companies, especially those who host mail services, have to keep passwords to your email and similar services in a plain text form that can be easily accessed by law-enforcement agencies.
Following the backlash by cyber-law activists and experts, the Department of Electronics and Information Technology on exempted WhatsApp, Facebook and Twitter from the proposed encryption policy.
In a terse, three-paragraph clarification on Monday, the Department of Electronics and Information Technology has said that some of the "encryption products" were "exempt." These include:
1. The mass use encryption products, which are currently being used in web applications, social media sites, and social media applications such a Whatsapp,Facebook,Twitter etc.
2. SSL/TLS encryption products being used in Internet-banking and payment gateways as directed by the Reserve Bank of India
3. SSL/TLS encryption products being used for e-commerce and password based transactions.
While this covers the vast majority of internet transactions that India's 300-million strong netizenry engage in, it would still force businesses and enterprise applications to conform to prescribed encryption methods and is still silent on whether this can make online communication vulnerable to malicious cyber attacks.
While withdrawing the draft, Prasad said that all countries use some level of encryption. "Some sort of encryption policy is there all over the world," he said. (With inputs from PTI)