India’s draft encryption policy puts user privacy in danger - Polidicks

[b]India’s draft encryption policy puts user privacy in danger[/b] Via [url=http://economictimes.indiatimes.com/tech/internet/experts-pick-big-holes-in-indias-encryption-policy/articleshow/49040483.cms]The Economic Times[/url] / [url=http://www.medianama.com/2015/09/223-india-draft-encryption-policy/]Medianama[/url] ____________________ [quote][img]http://i.imgur.com/5Bs95f0.jpg[/img] An “Expert” group set up by the Department of Electronics and Information Technology (DeitY) appears to have thrown all sense of individual rights and privacy out the window, and sought to make encryption (and personal and business security) weaker via a draft (and daft) policy on encryption. You may send your comments to [email]akrishnan@deity.gov.in[/email]. The last date for sending comments is 16th October. An abridged (simplified) version of the policy is below, but if there was one sentences that symbolises how dangerous this policy is, it is this: [i]All citizens (C), including personnel of Government / Business (G/B) performing non-official / personal functions, are required to store the plaintexts of the corresponding encrypted information for 90 days from the date of transaction and provide the verifiable Plain Text to Law and Enforcement Agencies as and when required as per the provision of the laws of the country.[/i] This approach is totalitarian in nature, and seems to hold every individual in the country as a potential criminal. How exactly does the government of India expect users to know: 1. About all the communication taking place from their devices, given all the communication that takes place via apps 2. Whether their communication is encrypted or not 3. How to store plaintext version of encrypted communication for 90 days, given that much of the information is transient. 4. Know whether the law enforcement agency is seeking data as per the laws of the country 5. Keep this plaintext data secure Lets not forget that the Indian government argued in the Supreme Court that “Violation of privacy doesn’t mean anything because privacy is not a guaranteed right” one week, and in case of porn and privacy, said “if someone wants to watch in the privacy of their bedroom, how can we stop that?” in another.[/quote] Holy shit, Indian government...

Welcome. Many times those who propose these laws, blocks, and policies do not know how things work aside from breif explanations on function. For example the github block.

God I wish the NSA hadn't pushed US lawmakers to start this, now everybody is trying to make encryption illegal because its somehow unbreakable when its been thoroughly demonstrated that it's not and that any reasonably talented agency can already circumvent these things

This isn't only terrible its impossible. Storing all encrypted data as unencrypted for at least 90 days? That's fucking impossible with the bandwidth of hte internet [editline]21st September 2015[/editline] Oh keep the plaintext secure, so, encrypt it?

India synonym for morons. "This place is full of India"