<div><strong><em>By Mala Bhargava</em></strong></div><div> </div><div>The draft of a new policy in which the Government of India has proposed extensive control over various forms of online communication has outraged the general public.</div><div> </div><div>Abruptly and in stark clarity, the policy seems to show just what the government's thinking is with regard to the common man's freedom of thought, speech and privacy. It's difficult to escape noticing that, day by day, the right to live as one chooses is being eroded. From the ban on meat to the ban on certain websites, an increasing number of areas seem to be shifting under the purview of government control. And this is a frightening development.</div><div> </div><div>On Monday night, social media broke out into an uproar as netizens protested the proposed plan for the government to get right inside the encrypted communication of the common man, whether it was an online transaction or an exchange of terrible jokes between two people.</div><div> </div><div>The National Encryption Policy seeks to control communication to such an extent that it calls for users of online technology and apps to keep their communication in text form for a period of 90 days in case the authorities should demand to see it for any reason. This was quite apart from the fact that the government wanted each application to register with it and hand over the keys to any encryption used.</div><div> </div><div><strong>None of Your Business</strong></div><div>"#ModiDontReadMyWhatsApp" appeared on Twitter as a trending hashtag as vociferous protests grew louder. "I'm fervently hoping that the internet kills the government before the government kills the internet" tweeted Ramesh Srivats, humourist and commentator.</div><div> </div><div>A number of others compared today's era to George Orwell's book, 1984, and interestingly, Modi supporters who are normally quick to get outright abusive and verbally violent, went quiet.</div><div> </div><div><strong>Backtracking A Few Steps</strong></div><div>Some hours later however, in an addendum, the government proposed exemptions to some categories of encryption products:</div><div> </div><div>1) The mass use encryption products, which are currently being used in web applications, social media sites, and social media applications such as Whatsapp, Facebook, Twitter etc.</div><div> </div><div>2) SSL/TLS encryption products being used in Internet-banking and payment gateways as directed by the Reserve Bank of India.</div><div> </div><div>3) SSL/TLS encryption products being used for e-commerce and password based transactions."</div><div> </div><div><strong>Unclear Clarifications</strong></div><div>Experts are saying that the addendum clarifies little and warn that there's plenty of confusion up ahead.</div><div> </div><div>"I think it was a very half-baked plan," says Prasanto Roy, speaker and consultant on technology. "That's why they had to do a knee-jerk reaction mentioning some exemptions. It was a sweeping policy and now they mention WhatsApp, Facebook and Twitter and in doing so they tried to target specifically whatever was causing public outrage. I think they believe that if they remove Facebook and WhatsApp by and large the public will be happier. But the basic concerns remain. This policy is not aimed at making India safer, but controlling it."</div><div> </div><div>Roy described the policy draft as being outright bizarre, especially as it left out government departments and sensitive agencies out of the control oversight.</div><div> </div><div><strong>A Field Day For Hackers</strong></div><div>Cyber lawyer Pavan Duggal thinks it is by no means time to relax. Facebook and social media apps are, in any case, public and there is plenty else that gives cause for alarm. "These clarifications are pretty vague," Duggal says.</div><div> </div><div>"Because what has been exempted is only Whatsapp, which isn't a social media application, and social media applications which is in any case public enough. What about other mobile applications? What about email? SMS? Though internet payments and banking are also exempted, there is plenty of confusion because the fundamental problem with the policy still remains. Specially the 90-day period in which the user is to retain messages in text form because retention without security leaves all communication vulnerable to hackers," he says.</div><div> </div><div>"It isn't going to help cyber security. It's a field day for hackers."</div><div> </div><div>Duggal hopes that the period that has been set aside for comments and reactions from experts and the general public will finally lead the government to incorporate something sensible and practical into the policy.</div><div> </div><div>He warns however that India still doesn't have a comprehensive law on cyber security. Under those conditions, it's only too easy for a government to impose its own rules.</div>