Indian Encryption Policy Must Be Formulated

Encryption policy of India is long overdue but India has been slow in formulating this much needed policy. At the same time encryption is also a controversial issue in India that requires a balancing of conflicting interests of law enforcement requirements and personal privacy and security.

Provisions pertaining to encryption usage in India are scattered in various laws, rules and regulations of India. We do not have a centralised or dedicated legal framework for encryption related matters and this is hindering proper usage and innovation in the field of encryption in India.

The cyber law of India, as applicable through information technology act 2000 (IT Act 2000) has a single provisions in this regard. Section 84A of IT Act 2000 says that the Central Government may prescribe the modes or methods of encryption. Till now the Central Government has not prescribed any “modes or methods” of encryption usage in India.

We are compromising the cyber security of India, mobile security of India and mobile governance in India by insisting upon a weak encryption infrastructure. Mobile cyber security in India is not up to the mark and unencrypted communication would further increase the risks.

There are many service providers that use encryption for private and secure communications. The ministry of home affairs has been insisting upon surrendering of encryption keys of such services and in the absence of same banning such encrypted services. However, the ministry of communication and information technology has made it clear that it is not possible to do so.

India has taken too much time to resolve encryption issues and the same must be resolved as soon as possible. Encrypted services would bring both benefits and problems for India. On the benefit side, it would bring secure, private and confidential services. The problem with encryption, like any other technological service, is that it can be abused by criminals.

However, the possibility of abuse should not deter Indian government from using encryption in India. Further, Indian government must develop core cyber skills to deal with encryption related crimes rather than downsising the same and making Indian cyber and mobile security vulnerable to threats.

India needs to upgrade its intelligence infrastructure that is in real mess. Intelligence agencies need to develop intelligence gathering and analysis skills so that situations like the present one can be taken care of. E-surveillance is not a substitute for cyber skills and Indian government and its agencies must realise this truth as soon as possible. However, the call is for the Indian government to take that is shying away from taking a well informed decision in this regard.