Govt mulls a policy that requires users to save messages, and hand them over to law enforcement agencies, if asked.
Deleting WhatsApp messages might become difficult in India in the days to come. The government is planning to bring a policy under which an individual will be required to store the plain texts of the encrypted information for 90 days from the date of transaction and provide the verifiable plain text to law enforcement agencies as and when required.
The draft National Encryption Policy posted by the Department of Electronics and Information Technology (DeitY) on its website points to some serious considerations that might become rules soon.
Under Section 84A of the Information Technology Act, 2000, rules are to be framed to prescribe modes or methods for encryption. DeitY has invited comments from the public on the draft policy; it has asked for the comments to be emailed to firstname.lastname@example.org, before October 16, 2015.
The draft envisages synchronising with the emerging global digital economy / network society and use of encryption for ensuring the security and confidentiality of data for national security.
However, while the draft talks about the adoption of information security best practices by all entities and stakeholders in the government, public and private sectors and citizens, there could be problems for the consumer.
It says businesses and consumers might use encryption for storage and communication, but the encryption algorithms and key sizes should be prescribed by the government through notification from time to time.
And, when sought, the user shall have to reproduce the same plain text and encrypted text pairs using the software / hardware used to produce the encrypted text from the given plain text. “All information shall be stored by the business and consumer entity concerned for 90 days from the date of transaction and made available to law enforcement agencies, as and when demanded, in line with the provisions of the laws of the country. In the case of communication with a foreign entity, the primary responsibility of providing readable plain text, along with the corresponding encrypted information, shall rest with the entity (business or consumer) located in India.”
Besides, the service providers located within and outside India that use encryption technology for providing any type of services in India must enter into an agreement with the government for providing such services in the country. The government would designate an appropriate agency for entering into such agreements with service providers located within and outside India, the draft said.
Since WhatsApp messages are now end-to-end encrypted, if the draft guidelines become laws, you might have to maintain a copy of WhatsApp messages for 90 days on your handset. So, be ready to either extend the memory on your smartphone or delete heavy multimedia files.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.