Intelligence agencies of India have been insisting upon use of 40 bits encryption alone that is easy to crack in case a need arises. However, deploying a 40 bits encryption is risky for cyber security, Internet banking, e-commerce, e-governance, etc.
This position has also made the commercial use of encryption in India beyond 40 bits a legally risky initiative. Although India is waking up to encryption realities yet a good and complete solution in this regard may still take few years to implement. So virtualisation, cloud solutions and encryption usage in India must be undertaken only after ensuring cyber law due diligence in India.
There is no second opinion that an encryption policy of India is needed that clearly demarcates the legal as well as illegal uses of encryption in India. The information technology act 2000 (IT Act 2000) incorporates a single provision in this regard and even that provision has remained dormant for many years. The fact is that we have no dedicated encryption laws in India to address the growing requirements of encryption usages in India.
Now it has been reported that the Standing Committee on Information Technology has shown it displeasure with the Department of Telecommunication (DoT) for delay in resolving the BlackBerry encryption issue. This is despite the fact that the Indian government formed a committee to come up with mechanism to deal with encryption issues for providing data access to security agencies.
However, the Standing Committee has considered constitution of such committee as another delaying tactics and nothing more. The Standing Committee has asked DoT to analyse the position internationally in this regard and act upon it appropriately.
DoT has already declared its intentions to establish the central monitoring system project of India as well as a mechanism to tap phones in India. However, this entire exercised has failed to address the “constitutional issues” that have been ignored by both Standing Committee and DoT.
Perry4Law and Perry4Law Techno Legal Base (PTLB) believe that the parliamentary oversight of intelligence agencies of India is needed but neither Standing Committee nor DoT has said a word about it. Similarly, we have no “constitutionally sound” phone tapping law in India that is urgently required. These are the issues that both Standing Committee and DoT must also consider. We hope the Indian government in general and DoT in particular would also consider these issues on priority basis.