Under Public Pressure, India Withdraws Draft Encryption Policy

An anonymous reader writes: The government of India withdrew its draft policy on encryption owing to public responses just a day after releasing the document. The Communications and Information Technology minister Ravi Shankar Prasad said — "I read the draft. I understand that the manner in which it is written can lead to misconceptions. I have asked for the draft policy to be withdrawn and reworded." While it is encouraging that the government recognized it mistake and withdrew, many fear that this is part of a larger problem when it comes to this government taking technology policy decisions. Recently, the government was in the dock for its lack of clarity on Net Neutrality.

Do the needful

[xxxJonBoyxxx]

They yanked the link posted yesterday, but how's this for a pretentious domain name?

>> "DIETY.gov.in" - http://deity.gov.in/sites/uplo... [deity.gov.in]

Re:

[Duhfus]

Ha! It is an abbreviation of Department of Electronics & Information TechnologY. Nice play on words.

Re:

[cloud.pt]

It's just mostly an acronym (Department of Electronics & Information Technology), with an added Y at the end for simplicity (acronyms end better in vowel sounds), which can very well be taken from the last letter of the last word. I'd be more concerned with their dated website, using low-res, stretched imagery, and the notorious HTML 0.1 Alpha and Javascript 1999. It even looks like iframes are used at first glance... Maybe they still need to run stuff in Win98 down there.

Re:

[Anonymous Coward]

...for simplicity...

DIET

Department of Information and Electronic Technology.

Simpler yes?

Re:

[cloud.pt]

If you believe diets are simple, I want you to tech me how to be able to stick to them easily :D

Re:

[ic3m4n1]

Works fine on my CRT. I dont know what the fuss is all about. What low res?

Re:

[cloud.pt]

How can you still see? CRT's release dangerous radiation! I hope you are using a filter...

Re:

[PPH]

DIETY

Someone inside the NSA is kicking himself for having missed out on this acronym.

Translation

[sjbe]

"I read the draft. I understand that the manner in which it is written can lead to misconceptions. I have asked for the draft policy to be withdrawn and reworded." .

Translation: "This was a blatant power grab and we got caught. I have asked for it to be reworded so that people won't notice the problem next time."

Misconceptions?

[sims 2]

What misconceptions? It seemed to be a pretty clear F U to anyone that might use encrypted communications as part of standard business practices.

Re:

[penguinoid]

"I read the draft. I understand that the manner in which it is written can lead to misconceptions. I have asked for the draft policy to be withdrawn and reworded." .

Translation: "This was a blatant power grab and we got caught. I have asked for it to be reworded so that people won't notice the problem next time."

Are you saying that they decided the legalese key length they used to encrypt the draft is insufficient, and needs a more thorough legalese encryption so it can't be decrypted by unauthorized voters?

We didn't misunderstand

[Enigma2175]

Oh, it's not "yeah, this proposal a horrible thing, we shouldn't have thought that this was a good idea", it's "You misunderstood what we are trying to do, we will do it again with more obfuscated language this time". No, we fucking didn't misunderstand. Your stupid proposal makes a nationwide backdoor into anything encrypted. If this were to actually happen, it would certainly be abused - India's government is notoriously corrupt. The Indian people need to tell their government in no uncertain terms that this is unacceptable.

Wouldn't just be abused by governments

[sjbe]

If this were to actually happen, it would certainly be abused - India's government is notoriously corrupt.

It wouldn't just be abused by the government. Backdoors cannot be restricted to just the groups you intend - i.e. just the "good guys". It's simply not possible. Governments find this fact to be highly inconvenient and keep trying to find some way to weasel around it. This is just one of the more blatant attempts at weaseling.

Re:

[gstoddart]

Which is why governments do stupid stuff like this they demonstrate they're clueless idiots who don't understand the technology -- essentially they don't understand, or don't care that such a backdoor undermines the entire thing.

As long as they get what they want, they simply don't give a damn.

Willful ignorance

[sjbe]

Which is why governments do stupid stuff like this they demonstrate they're clueless idiots who don't understand the technology

Sometimes they are clueless but more often I think they understand just fine. Their "ignorance" is willful. They could easily reach out to parties that can explain the technology and the arguments for and against but they clearly are not doing this. So I think it's malicious instead of ignorant or if it is ignorant it is SO ignorant that there is effectively not difference.

The police don't like encryption because it makes their job harder. They don't really care about the knock on effects. They only ca

Re:

[operagost]

Of course they don't give a damn. If they create backdoors through law, then that will cause electronic crime to increase-- and create an opportunity to pass more laws. It's the usual cycle:

1. Government passes laws to address an issue.
2. Said laws create a new issue, or make the existing one worse.
3. Government claims it has the solution to the problems it created, and the process repeats from step 1.

Re:

[Jason Levine]

I don't even find governments trying to weasel around this fact. They blatently ignore it. Even if we assumed that a LAW_ENFORCEMENT_ONLY backdoor provided to LAW_ENFORCEMENT_ORGANIZATION_X would never be abused by said organization, it would only be a matter of time before the backdoor was found and abused by someone else - someone who could pretend to be from LAW_ENFORCEMENT_ORGANIZATION_X.

It's about the same as my policy on governmental powers: Even if you could guarantee that $AdministrationX would h

This policy legitimises overthrowing government

[Anonymous Coward]

No country can call it a democracy if the people's communications are controlled through threats and intimidation. A people unable to communicate freely without censorship or privacy are not living in a true democracy or free state. Unfortunately many 'democracies' in Europe which claim to be free are not. They censor and punish holocaust deniers, censor communications online (for the 'good of the children'/decency, 'copyright', and in the name of 'privacy'). Unfortunately the evidence is these tools are be

Nope

[sexconker]

It wasn't public pressure.
It was the realization that all the American companies that offshore tech work to India would have to offshore to somewhere else instead.

Re:

[cbhacking]

That... that is actually a really good point. For all the talk about NSA backdoors, the tech giants of the US have, for the most part, resisted government backdoors. They are probably even less happy with allowing foreign government backdoors, which means having India-based workers would become very difficult. That's a *lot* of money (taxes, for the government) lost, and a lot of ill will from the populace.

Re:Nope

[afidel]

Exactly, here is the email I sent yesterday:

Dear Mr. Krishnan,

I am writing you in response to the draft National Encryption Policy recently released by your department. As an IT professional responsible for the security of my companies systems and data I feel I must write to inform you that these proposals are unacceptable to my organization. Should the proposed rules become law I will be forced to immediately terminate the access credentials of everyone who accesses our systems from the country of India. This will result in the loss of several hundred high paying jobs which we have outsourced to a company in your country. I feel that I am not alone in this stance and that you will find that there is a very real hit to your countries GDP as a large number of international companies pull access and contracts from suppliers in India as a result of these unconscionable rules. For the sake of the people of India I hope you reconsider your broad overreach in this area.

C'mon, folks, this is INDIA for crying out loud

[vikingpower]

I have never seen an example of the Indian state successfully enforcing anything, whether it be in the technological sphere or in the realm of keeping Indian men from gang-raping Indian women or tourist. Nothing to see here, folks.

selective enforcement ...

[Ungrounded Lightning]

I have never seen an example of the Indian state successfully enforcing anything....

Selective enforcement is worse than no enforcement.

Intermittent enforcement can give India all the downsides of the law without most of the (for them) benefits. The threat of occasional sporadic success, for instance, can cripple or kill outsourcing of anything with sensitive information to India, while the general failure of enforcement can still cause it to fail in its stated purpose of detecting planned attacks on the government and the like.

As someone whose employment prospects and pay levels are severely impacted by outsourcing of technology work to India, it's tempting to cheer them on in re-wording and re-promulgating the regulation, and spiking the outsourcing. But that would probably just push the work to an even riskier to secrets country like China, rather than bring it to the US.

Yes I know it's not a zero-sum game. But with the current US laws it's a massively sloped playing field, too.

Re:

[silas_moeckel]

I believe their current plan is ignore it and it will go away.

Re:

[kaka.mala.vachva]

How do we always get some folks commenting about sanitation when the discussion is about something entirely different? Talk about irrelevant posting - looking for easy karma, are you?

India tries to destroy its tech industry

[Anonymous Coward]

India tries to destroy its only competitive industry

They should go through with it so the rest of the world will have them as a 'case study' on what not to do. How much of their GDP will this epic rippling failure cost them.