
Govt. Of India Draft National Encryption Policy [pdf] - thewarrior
http://deity.gov.in/sites/upload_files/dit/files/draft%20Encryption%20Policyv1.pdf
======
thewarrior
Posting this here in order to raise awareness of what the govt. of India is
trying to do. This really bad , worse than my worst nightmares. This needs
more visibility.

Here is the most ridiculous excerpt :

B / C groups (i.e. B2C, C2B Sectors) may use Encryption for storage and
communication.

Encryption algorithms and key sizes will be prescribed by the Government
through Notification from time to time.

On demand, the user shall reproduce the same Plain text and encrypted text
pairs using the software / hardware used to produce the encrypted text from
the given plain text. All information shall be stored by the concerned B / C
entity for 90 days from the date of transaction and made available to Law
Enforcement Agencies as and when demanded in line with the provisions of the
laws of the country. In case of communication with foreign entity, the primary
responsibility of providing readable plaintext along with the corresponding
Encrypted information shall rest on entity (B or C) located in India.

6\. Service Providers located within and outside India, using Encryption
technology for providing any type of services in India must enter into an
agreement with the Government for providing such services in India. Government
will designate an appropriate agency for entering into such an agreement with
the Service provider located within and outside India. The users of any group
G,B or C taking such services from Service Providers . are also responsible to
provide plain text when demanded.

7\. Users within C group (i.e. C2C Sector) may use Encryption for storage and
communication. Encryption algorithms and key sizes will be prescribed by the
Government through Notification from time to time. All citizens (C), including
personnel of Government / Business (G/B) performing non-official / personal
functions, are required to store the plaintexts of the corresponding encrypted
information for 90 days from the date of transaction and provide the
verifiable Plain Text to Law and Enforcement Agencies as and when required as
per the provision of the laws of the country

