The Draft National Encryption Policy: The good, the bad and the downright ugly
The department of electronics and information technology (DeitY) recently released the draft of the National Encryption Policy seeking methods of data encryption of data and communications used by the government, businesses, and even citizens.
New Delhi: The department of electronics and information technology (DeitY) recently released the draft of the National Encryption Policy seeking methods of data encryption of data and communications used by the government, businesses, and even citizens.
After public outcry over the controversial nature of the policy threatening privacy and security of user, a new draft of the policy will be issued soon after considering all aspects to secure the internet consumers. Here are the important points you should know about the policy:
- The policy aims to "enable (an) information security environment and secure transactions in cyberspace for individuals, businesses and government including nationally critical information systems and networks."
- It can help to assure the confidentiality, non-repudiability and integrity of information in transit and storage as well as to authenticate the asserted identity of individuals and computer systems.
- All sensitive departments and agencies of the government designated for performing sensitive and strategic roles.
- From Central and State Government departments involved in non-strategic roles to academic institutions to businesses to all citizens.
- Then, the clause that drives home the point that the ‘expert group’ behind this document is so completely removed from the immediacy and efficacy of digital communication today.
- So your choice to go with a proven data encryption application (like TrueCrypt or KeePass) basically goes out the window.
- The draft basically suggests removing all of your personal and business files from being encrypted and placing the job of safeguarding it in the hands of the government.