WhatsApp, Google Hangouts Messages Deletion Could Become Crime in India Leading Behind Bars

It would be a crime if you are not able to store or keep a copy of all messages beamed through WhatsApp, Google Hangouts or Apple's iMessage, for 90 days. This could happen if National Encryption Policy proposal is passed in its current form. National Encryption Policy directs online businesses to store your users sensitive information which includes passwords in plain text for the same period of time increasing the high risk of information hacking attacks. To seek feedback from citizens and organizations, the government of India has published a draft of the policy document online.

National Encryption Policy Significance for Citizens and Companies

Citizens are supposed to use encryption technology for all and entities like Google and WhatsApp, prescribed by the government through notification from time to time for storage and communication if the policy is implemented in its current form. What's annoying is that an Indian citizen using encryption services such as WhatsApp need to store messages for 90 days or face action in case asked to reproduce as per the draft lists specific guidelines for all citizens by the government.

Outrageously it's such an offensive step of the government of India which is expecting all citizens to be aware of encrypted communication and the way to store messages in plain text securely. In reality, a large section of users aren't aware of that WhatsApp and iMessage use encryption. The draft of National Encryption Policy says "all citizens including personnel of Government / Business (G/B) performing non-official / personal functions, are required to store the plaintexts of the corresponding encrypted information for 90 days from the date of transaction and provide the verifiable Plain Text to Law and Enforcement Agencies as and when required as per the provision of the laws of the country."

Similar guidelines for B2B or enterprise users where data exchange is even more critical and for B2C communication have been proposed in drafts. "On demand, the user shall be able to reproduce the same Plain text and encrypted text pairs using the software / hardware used to produce the encrypted text from the given plain text. Such plain text information shall be stored by the user/organisation/agency for 90 days from the date of transaction and made available to Law Enforcement Agencies as and when demanded in line with the provisions of the laws of the country," which means e-commerce websites such as Flipkart, Snapdeal, Myntra, Paytm, Freecharge or any other website or encryption services need to have to keep a plain-text copy of user details leaving their information vulnerable (unprotected) to hackers.

National Encryption Policy compels the Service Providers located within and outside India to sign a MoU or agreement with the government for providing such services in India using encryption technology. Hence, it articulates that WhatsApp, Apple, and Google will need to sign agreements with the Indian government to provide services in the country since they use encryption technology. Following this kind of policy would make the process more bureaucratic and create roadblocks for app providers, says experts. However, encryption policy is detrimental (causing harm) on the privacy of citizens, disclosing sensitive data to potential abuse.

Send Your Grievances, Opinions Online Addressing Policy Based Issues

National Encryption Policy draft adds "All vendors of encryption products shall register their products with the designated agency of the government. While seeking registration, the vendors shall submit working copies of the encryption software / hardware to the Government along with professional quality documentation, test suites, and execution platform environments. The vendors shall work with the designated Government Agencies in security evaluation of their encryption products."

Recent Developments in Draft

Shortly after a controversy erupted over government's proposal to investigate on every message that an individual will send via WhatsApp, Facebook, Twitter, SMS, or Google Hangouts, the Department of Electronics and Information Technology clarified in a draft that social media websites and applications will be exempted from the purview of the Encryption Policy. 

An expert group set up under the Department of Electronics and Information Technology (DeitY) is believed to have drafted the National Encryption Policy document as per the direction of the union ministry of communications and information technology. If you feel offended and are concerned about your privacy we urge you send, forward your comments, views, ideas and opinions over the issue National Encryption Policy as all citizens can send their comments on the draft policy to akrishnan@deity.gov.in by October 16 and give suggestions.

Hang on with me for more reliable and trustworthy feeds in the interest of citizens of India by bookmarking this web page in your web browser for easy navigation.