Sensored

Sensored

Wikipedia: In cryptography, encryption is the process of encoding messages or information in such a way that only authorized parties can read it.Encryption does not of itself prevent interception, but denies the message content to the interceptor

At a time when countries are debating strategies for cyber war, we outrage without knowing anything on that topic. Basically the draft was about a 2 pronged strategy in cyberspace-

protecting Indian citizens from foreign snooping
being able to decrypt in an instant any suspicious communication (messages)

It could be to ensure corporations aren’t fronts, check corporate espionage cases etc. (Recall recent Reliance attempts to steal information from government offices but happening in cyberspace; or foreign corporations stealing Indian corporations (& defense)secrets- Like China did with US & India-

“Users / Organizations within B group (i.e. B2B Sector) may use Encryption for storage and communication. Encryption algorithms and key sizes shall be prescribed by the Government through Notifications from time to time. On demand, the user shall be able to reproduce the same Plain text and encrypted text pairs using the software / hardware used to produce the encrypted text from the given plain text. Such plain text information shall be stored by the user/organisation/agency for 90 days from the date of transaction and made available to Law Enforcement Agencies as and when demanded in line with the provisions of the laws of the country.”

“ISP would be required to help decrypt messages by sharing encryption keys & using pre-decided standards set by government-Service Providers located within and outside India, using Encryption technology for providing any type of services in India must enter into an agreement with the Government for providing such services in India. Government will designate an appropriate agency for entering into such an agreement with the Service provider located within and outside India. The users of any group G,B or C taking such services from Service Providers are also responsible to provide plain text when demanded”

The last line is a bit ambiguous but its is bureaucratic language & for experts on the topic & not laymen ‘experts’.

These 2 points seem very ambiguous to the uninitiated:

“Users within C group (i.e. C2C Sector) may use Encryption for storage and communication.Encryption algorithms and key sizes will be prescribed by the Government through Notification from time to time. All citizens (C), including personnel of Government /Business (G/B) performing non-official / personal functions, are required to store the plaintexts of the corresponding encrypted information for 90 days from the date of transaction and provide the verifiable Plain Text to Law and Enforcement Agencies as and when required as per the provision of the laws of the country.”

“ Algorithms and key sizes for Encryption as notified under the provisions in this Policy only will be used by all categories of users.”

You do not personally use a different encryption algorithm for your whatsapp communication, nor are you required to store whatsapp logs for 90 days ! The government deals with them at the B level- with Whatsapp Inc. Years back BBM was banned in India & they refused to share similar information.

Except strategies, none of the sections are relevant to the layman. Rest are for the hardware manufacturers, ISPs etc. A section is also devoted to those who want to pursue research in the same

An addendum was also issued which clarified-

Social media including whatsapp excluded from purview. It was basically to allay fears as most people don’t know that they don’t encrypt their whatsapp & rumour mongering had started.
In laymen’s terms SSL/TLS are encryption protocols. The padlock sign you see when doing an online transaction is part of it. In case people were afraid of government snooping on their transactions.

Counter done, now I’ll outrage like these so called journalists. The draft has been deleted now but I’ll put it up for you to read along with it. Also whats worrying in journalists & ‘intellectuals’ rushing in to blame bureaucrats. Most of them don’t even know what encryption is & think writing with lemon juice on a paper is encryption.

I could have avoided outrage but problem is India lacks any tech journalist worth his salt. Hence they should refrain from writing foot in the mouth articles. They keep writing baseless articles (it makes me both laugh & swear. As an electronics engineer is unbearable for me to witness such rampant sacrilege) on technical issues, that I understand too well, to ignore it. Only problem is each time these people write, I have to read up the drafts- last time it was a 109 page Net Neutrality Consultation Paper, even after writing on which on medium, these arts degree experts asked me who am I to write on it & question them!

The article that sparked outrage was followed by a click bait by TOI where the headline & content read drastically different.

When you read the PIB tweets quoted in the article itself , you notice the meaning is completely different. Read it yourself:

It specified that it will merely be reworded so the common man doesn’t think the guidelines are for him. Moreover these so called journalists failed to grasp that its a draft asking for reviews from the industry.

Sad days. I would conclude by saying lets not be an outrage nation. First understand what’s being talked about.

Sensored or Failing to sense what’s written ?

The problem is those outraging have no idea what encryption is. Other so-called tech journalists even less so. I discovered it when I had a debate with some of them during the net neutrality issue few months back. My counters as tweets or 2 medium posts were also conveniently dismissed as “who are you to write on the topic.”

The so-called tech journalists have no technical background & at max have a certification in something that would make them understand tech as much as a 2 day ethical hacker certification would make a college student an hacker. Others are from one of the host of nondescript private engineering colleges that mushroom in every lane of certain cities now.

Also an addendum that had to be released by DeITY because these so-called “technical journalists” didn’t understand the technical language in the draft. In specifically clarified that social media & whatsapp are excluded from its purview.

The government isn’t Ashley Madison nor is it so easy to tap into someone’s data (permission from relevant higher authorities needed- contrast with DMRC case). This isn’t a mass surveillance programme like PRISM. Rather its ensuring like it was done with BBM earlier that in case someone information need to be accessed in can be done instantly, rather than govt needing to put its hackers on the case in an emergency.

The govt doesn’t give 2 hoots what you’re doing — so don’t delete your snapchats or sexts. In most probability it will be these apps that will be hacked before the govt snoops on you to cleanse & saffronise the cyberspace.

The draft has been deleted hence putting up the draft here