Thanks, I wasn't clear about the statement that it would just hit open source encryption. For instance, if you use Bitlocker, there IS no unencrypted data, and it makes no sense to keep a "plaintext" version of the system disk. Mind you, that doesn't seem to deter governments from trying it on.
From a privacy perspective this is concerning. My company works with Indian consulting companies (Tata Consulting) for most of their IT solutions. They have copies of sensitive data as part of that role. Having plain text versions of that information lying around for law enforcement scares me. It will change how many companies handle their relationship with Indian consulting companies. The risk assessments prior to approving these types of contracts is about to get a whole lot more interesting. I think companies working in sensitive sectors (healthcare, power generation, etc) will be more likely to pass working with Indian consulting companies.
They do not understand encryption. Neither do they understand privacy, security or even internet. Inept group is the right word.
Good point, and I guess, not only consulting companies - it applies to all kinds of outsourcing and the many high quality software producers and maintainers there. Anything that has IP. Same equation as passing on US cloud services. It's my opinion that, given the supine, bent and crazed attitude of governments and legislatures, the only effective sanctions that can be bought to bear to get to a more equitable and sane outcome are purchasing power decisions.
Updated @ 9.45am BST, September 22: It is now being reported that the Indian government has withdrawn the draft policy completely, and will issue a new version in due course.
I'm afraid I don't buy these explanations, even though it would be nice to think that were the reason. Problem is, policy-makers around the world have a dismal track-record of producing these bizarre proposals, has happened in my country repeatedly - a combination of fibbing about requirements, exaggerating the benefits, then making proposals that ignore the feasibility,costs and iatrogenics. And the reason for the proposals emerging are (maybe in combination): a) the consultants and technologists involved are taking the money and giving their masters the messages they want to hear; dissenting voices are not allowed. b) this is the old ploy of coming out with a dreadful proposal on the basis that just maybe, the one they wanted all along will not be seen as quite so outrageous.
This is all over news here, and there's a lot of heat. http://www.dnaindia.com/india/repor...ffected-emails-operating-systems-wifi-2127715 This was proposed Quoting the telecom minister, from Indian Express Why this was removed, from official press release And an excellent article here.
Maybe that will be the defense for the Office of Personel Management. Does the Indian government specify that the password file needs to be called passwords.txt
Come to think of it, I think you are probably right. Not everyone who proposes this type of ridiculous thing is an idiot. People with expertise can be bought to say really stupid things that their political masters want to hear and many of them really have no problem doing this.