Government exempts WhatsApp, social media from purview of encryption policy

You may soon need to keep a copy of all messages sent through encrypted messaging services such as WhatsApp (Android version supports encryption), Google Hangouts or Apple's iMessage, for 90 days, if the proposed National Encryption Policy is implemented in its current form. Online businesses too would need to keep your sensitive information including passwords in plain text for the same period of time, thus exposing your information to potential hacking attacks.

The government has published a draft of the policy document online to seek feedback from citizens and organisations. It details methods of encryption of data and communication used by the government, businesses and citizens.

Here are some implications for citizens and companies if the policy is implemented in its current form ...According to the draft, citizens may use encryption technology for storage and communication. However, encryption algorithms and key sizes will be prescribed by the government through Notification from time to time. This means that the government will determine the encryption standards for all and entities like Google and WhatsApp will have to follow the encryption standards prescribed by the Indian government.What's bizarre is that the draft lists specific guidelines for all citizens who use encryption services including instructions that individuals should store in plain text versions of communication for 90 days. So this may imply that you'll have to store your WhatsApp messages for 90 days or face action in case asked to reproduce.What's appalling is that the government expects all citizens to be aware of encrypted communication and the way to store messages in plain text securely. A large number of users may in fact not even know that WhatsApp and iMessage use encryption. Shortly after a controversy erupted over government's proposal to investigate on every message that an individual will send via WhatsApp, SMS, or Google Hangouts, the Department of Electronics and Information Technology clarified in a draft that social media websites and applications will be exempted from the purview of the Encryption Policy. According to the draft posted by Deity, there are certain categories of encryption products that will be exempted from the purview of the draft national encryption policy.