WhatsApp, social media exempted from purview of Encryption Policy: Govt

New Delhi: The Government is planning to have access to all encrypted information, including personal emails, messages or even data stored on a private business server, according to the draft of a new encryption policy. But shortly after a controversy erupted over its plans, the Department of Electronics and Information Technology clarified that social media websites and applications will be exempted from the purview of the draft National Encryption Policy.

Earlier, the government has mulled to make it mandatory for the masses to keep all textual communications for at least 90 days and if required, user will have to make it available to security agencies in text form. This would include  all the emails, WhatsApp texts, Apple's iMessage etc. This clearly means a ban on deleting text messages and internet chats for 90 days.

The draft was formulated by an expert group set up by the Department of Electronics and Information Technology (DeitY) under Section 84A of the Information Technology Act, 2000. Since every messaging service and email, including WhatsApp and Gmail, use some form of encryption, this draft would cover almost all instant messages and emails.

As per the draft, "all citizens including personnel of Government / Business (G/B) performing non-official / personal functions, are required to store the plaintexts of the corresponding encrypted information for 90 days from the date of transaction and provide the verifiable Plain Text to Law and Enforcement Agencies as and when required as per the provision of the laws of the country."

As the issue started snowballing on social media, DeitY issued an addendum to the draft policy exempting “mass use encryption products, which are currently being used in web applications, social media sites, and social media applications such as Whatsapp, Facebook, Twitter etc”. It also exempted SSL/TLS encryption products used in Internet-banking and payment gateways as well as SSL/TLS encryption products being used for e-commerce and password based transactions.

Reportedly, the draft also implies that there may be punishment associated with the deletion of WhatsApp communication for 90 days.

Related News