Proposed Indian Law requires consumers to surrender encryption data
A proposed Indian encryption policy has been called harmful to security and privacy itself.
With the stated aim of providing “confidentiality of information in cyber-space for individuals, protection of sensitive or proprietary information for individuals and businesses, ensuring continuing reliability and integrity of nationally critical information systems and networks," the policy has been drafted with the desire to monitoring the use of technology by Indians.
Among the proposals contained therein include statutes that require Indian consumers and businesses to keep their encryption data in text up to three months after initial encryption.
In fact, the few exempt from this proposed law will include various agencies of the government. Apart from the arguable ethical breaches already inherent in the law, plain text files are not encrypted and thus can be vulnerable to hacking.
What is more, CIO, an online IT security news outlet, reports that though the government wants users to keep their encryption data in plain text, once it's handed over there will be no way to verify it with the original data. The proposals exempt banking, online purchases, and, after massive public revulsion at the proposals, social media.