Cloud Hosting

New Delhi, Delhi, India: On Tuesday, June 1, 2021, The Dialogue, a Delhi-based technology policy think tank, released its Expert Stakeholder Consultation Report on the Indian Encryption Debate. This report is based on the three expert stakeholder consultations hosted by The Dialoguefrom October 2019 to February 2021, held in partnership with NULLCON, Asias leading information security conference.

The recommendations are as follows:

Dr. Gulshan Rai, the Former National Cyber Security Coordinator, who wrote the foreword of the report noted,

There exists a legitimate state interest in seeking access to data for law enforcement purposes. The balance between privacy and national security is not bereft of technological or operational solutions. While aiming to achieve them it is crucial that none of the key stakeholders take an extremist position where we end up compromising security and privacy of Indians.

Among veterans from law enforcement agencies who participated, Mr. Yashovardhan Azad, who served as the Special Director at the Intelligence Bureau and Secretary (Security), Government of India explained,

The State may have reasons in the legitimate interest of national security to seek access to information. A blanket measure to seek access which renders the entire platform susceptible to attacks by hostile actors must not be relied on. Implementing such a measure will not only compromise user privacy but also national security. The State must assess the technical feasibility of the measures it directs the platforms to implement to effectuate exceptional access while also ensuring that the measure does not fail on the anvil of the Puttaswamy test.

Describing end-to-end encryption as a non-negotiable Dr. Aruna Sharma, Former Secretary of the Ministry of Communications and Information Technology pointed out,

There is technical dichotomy between end to end encryption and that of tracing the originator for a message as the new rule states as a mandatory requirement.

Explaining the challenges around overarching mandates like backdoor access to encrypted chats for the exceptional use by the law enforcement agencies, Cyber Security Professional Mr. Anand Venkatnarayanan explained,

Most hacks and attacks are done by disabling the encryption or working around the same. In todays time, hackers understand that fooling people is far more easier than breaking encryption so they workaround the same through fake OTPs and other parallel systems to gain access to encrypted devices. If the objective of the Government is to stop these attacks, it is possible through targeted attacks and interceptions and there is no real need for a blanket policy of a backdoor that affects everyone instead of just the offender. A policy cannot be about making 99% of the population safe from the 1% by making all 100% of them unsafe

The report based on the expert stakeholder consultations seeks to shed light on the crucial aspects of the Indian encryption debate. This is even more relevant given the promulgation of the IT Rules of 2021 which may end up undermining end-to-end encryption owing to its originator traceability mandate. The experts had agreed that the way forward must be consultative keeping the privacy and security of the users in mind.

Link:
Expert Stakeholder Consultation Report on the Indian Encryption Debate - Business Wire India