Encryption is the new challenge facing law enforcement not just in India but around the world. Social media apps such as WhatsApp and Viber have gone ahead and provided end-to-end encryption (E2EE) communications to users. Law enforcement officials have said that this makes it impossible for them to engage in legitimate monitoring of communications by terrorists and criminals.
Encryption is not a new technology and forms the backbone of secure communications and data transmissions over the Internet. Without encryption, financial transactions and secure data transmission would be impossible. Efforts by social media companies to encrypt their data is a more recent phenomenon and is a direct fall-out of the mid-2013 Snowden revelations.
Types of Encryption
IT Act on Encryption
Section 84A of the IT Act 2008 calls for encryption to keep the electronic medium secure, and also mentions that the Central Government would prescribe the methods of encryption. The telecom sector is limited to the encryption of 40 bits. Section 69 of IT Act 2008 gives power to both Central and State Governments to intercept data taking into account the security of the State. The agency facilitating the transfer of data could also be mandated to decrypt the data.
In a recent move, the Ministry of Home Affairs asked companies like WhatsApp, Facebook, and Google to maintain servers in India.
Draft Encryption Policy
The 2015 draft encryption policy recommended the use of 256 bit key for encryption and promoting the use of digital signatures thereby envisioning a secure cyberspace. However, certain contradictions in the provisions regulating encryption that mandated users and companies to preserve the plain text and companies providing encryption to enter into an agreement with the Government were harshly criticized and led to the withdrawal of the policy.