The purpose of the poorly-worded Draft National Encryption Policy was to give the Government access to all online exchanges, including data stored on any private business server. Under the policy, users had to store all encrypted communication for at least 90 days, and make it available to security agencies, if required, in text form. In simple words, the Centre wanted access to all our activity online— whether it’s encrypted or unencrypted, official or personal.
An expert group set up by the Department of Electronics and Information Technology (DeitY) put together the draft under Section 84A of the Information Technology Act, 2000. When users realised that even their WhatsApp, Twitter and Facebook exchanges had to be stored, it naturally led to an uproar of protest, following which the DeitY issued an addendum exempting these services from the purview of the policy. It also gave a pass to encryption products used for internet- banking and payment gateways for e-commerce and password-based transactions.
But now, with relentless cries of hurting ‘freedom of speech and expression’, the entire draft policy has been withdrawn. Telecom Minister Ravi Shankar Prasad said that the policy was not the final view of the Government and had been placed in the public domain only for the comments and suggestions of people. Meanwhile, a new draft will be made keeping in mind people’s privacy concerns. Prasad has clarified that lay users would not be affected by the Centre’s revised encryption policy.