• This forum contains old posts that have been closed. New threads and replies may not be made here. Please navigate to the relevant forum to create a new thread or post a reply.
  • Welcome to Tamil Brahmins forums.

    You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our Free Brahmin Community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today!

    If you have any problems with the registration process or your account login, please contact contact us.

India still doesn’t understand how online security works

Status
Not open for further replies.

prasad1

Active member
The Indian government has made a fool of itself and caused anxiety among citizens with a woefully misguided proposal for a national encryption policy that it’s just released to the public for feedback.

While its mission is to “provide confidentiality of information” and ensure “protection of sensitive or proprietary information”, the policy essentially calls for online services operating in India to hand over their encryption keys to the government — similar to what the NSA wants for spying on US citizens.
An ‘expert’ group set up by the Department of Electronics and Information Technology (DeitY) has proposed a framework that requires every citizen to store plain text versions of all encrypted data from their devices for 90 days and produce it upon request from law enforcement agencies.
Most people wouldn’t even know which parts of their correspondence, login details across several services, software downloads and other data are encrypted, much less be able to capture and store it. That’s just not how things work.
Other gems from the draft include:
Service Providers located within and outside India, using Encryption technology for providing any type of services in India must enter into an agreement with the Government for providing such services in India. Government will designate an appropriate agency for entering into such an agreement with the Service provider located within and outside India.
and my personal favorite:
Encryption algorithms and key sizes will be prescribed by the Government.
There are thousands of services based outside the country that encrypt users’ data. DeitY expects them all to play ball and offer the government backdoors into their secure data.
By attempting to prescribe a limited set of encryption technologies, the proposal could make things easier for potential attackers and put service providers and their users at risk.
With that, the Indian government has once again proven itself to be out of touch with issues of privacy and online security.
Pranesh Prakash, Policy Director at Center for Internet and Society in Bangalore, told The Times of India he found it strange that ‘sensitive departments’ of the government are exempt from the policy. “What the government ought to be doing is setting minimum standards for encryption for governmental use. But here, they are doing the opposite,” he said.
You can view the policy draft in full here (PDF) and send your comments to [email protected] by October 16.
India’s draft encryption policy puts user privacy in danger [Medianama]

http://thenextweb.com/in/2015/09/21...campaign=Feed:+TechknowledgeitNews+(TKI+News)
 
Last edited:
Many years ago I had opportunities (as part of business) to meet with Secretaries of various government organizations in Delhi primarily about many aspects of vulnerability and threats they face that is part of the new cyber world. Their organization had talented people at the lower levels of the organization but the bureaucrats who control the agenda are largely clueless.

This is true in most governments including US, Japan to name a few.

When major cyber attacks happens and it is a matter of time , only then there will be awareness to act ,more intelligently. For now, they all think it is about controlling others by policies without regard to privacy of anyone which is unenforceable.
 
Status
Not open for further replies.

Latest ads

Back
Top