The government said on Tuesday it will keep mass-use social media and web applications like WhatsApp, Twitter and Facebook out of the purview of a new policy that seeks to control secured online communication.
Secure banking transactions as well as password protected e-commerce businesses would also be kept out of the ambit of the proposed National Encryption Policy, it said.
The climb down by the government came following a storm of protests from users who objected to any stringent state controls on the way people use their emails, social media accounts and apps.
The government proposed an addendum to the draft document, saying: "By way of clarification, the following categories of encryption products are being exempted from the purview of the draft national encryption policy:
1) The mass use encryption products, which are currently being used in web applications, social media sites, and social media applications such as Whatsapp, Facebook, Twitter etc.
2) SSL/TLSencryption products being used in Internet-banking and payment gateways as directed by the Reserve Bank of India.
3) SSL/TLS encryption products being used fore-commerce and password based transactions."
Experts told Hindustan Times the draft, if implemented in its current form, could compromise the privacy of users and hamper the functioning of several multi-national service providers in India.
Nikhil Pahwa, editor of the MediaNama website that tracks cyber issues and tech news, said there were several problems even with the addendum to the draft policy. “The usage of the phrase ‘currently in use’ renders the policy vague: Firstly, when is 'currently'?" he questioned in a post on his website.
"Will a new service that uses a different kind of encryption to protect its users, still be covered? Why should users be 'restricted to encryption currently in use'? Why should services like Whatsapp, Facebook and Twitter define our security standards?" said Pahwa, who also volunteers for savetheinternet.in.
According to the original draft policy, users of apps such as WhatsApp and Snapchat would be required to save all messages for up to 90 days and be able to produce them if asked by authorities.
"This clarification by the govt does not clarify anything, but further muddles the encryption policy (sic),” Pranesh Prakash, policy director for The Centre for Internet and Society tweeted after the government’s clarification.
While users on social media platforms called the draft “draconian” and “delusional”, Congress leader Manish Tewari also attacked the Union government.
“The encryption policy (draft) is a snooping and spying orgy. After net chats, the government may want you to keep a video record of what you do in your bedroom for 90 days,” the Congress spokesperson told reporters.
The draft policy was posted online to seek suggestions from the public before it is finalised by the government.
The author tweets at Nisheeth_U