India joins war on crypto, wants everyone to keep plaintext copy of encrypted data for 90 days

Discussion in 'privacy problems' started by Minimalist, Sep 21, 2015.

  1. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,067
    http://arstechnica.co.uk/tech-polic...ext-copies-of-all-encrypted-data-for-90-days/
     
  2. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,150
    Location:
    UK
    Thanks, I wasn't clear about the statement that it would just hit open source encryption. For instance, if you use Bitlocker, there IS no unencrypted data, and it makes no sense to keep a "plaintext" version of the system disk. Mind you, that doesn't seem to deter governments from trying it on.
     
  3. driekus

    driekus Registered Member

    Joined:
    Nov 30, 2014
    Posts:
    489
    From a privacy perspective this is concerning.
    My company works with Indian consulting companies (Tata Consulting) for most of their IT solutions. They have copies of sensitive data as part of that role. Having plain text versions of that information lying around for law enforcement scares me. It will change how many companies handle their relationship with Indian consulting companies. The risk assessments prior to approving these types of contracts is about to get a whole lot more interesting. I think companies working in sensitive sectors (healthcare, power generation, etc) will be more likely to pass working with Indian consulting companies.
     
  4. UnknownK

    UnknownK Registered Member

    Joined:
    Nov 3, 2012
    Posts:
    160
    Location:
    Unknown
    They do not understand encryption. Neither do they understand privacy, security or even internet.

    Inept group is the right word.​
     
  5. subhrobhandari

    subhrobhandari Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    708
    Here's the official PDF in case anyone is interested.
     
  6. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,150
    Location:
    UK
    Good point, and I guess, not only consulting companies - it applies to all kinds of outsourcing and the many high quality software producers and maintainers there. Anything that has IP. Same equation as passing on US cloud services.
    It's my opinion that, given the supine, bent and crazed attitude of governments and legislatures, the only effective sanctions that can be bought to bear to get to a more equitable and sane outcome are purchasing power decisions.
     
  7. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,853
    Updated @ 9.45am BST, September 22: It is now being reported that the Indian government has withdrawn the draft policy completely, and will issue a new version in due course.
     
  8. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,150
    Location:
    UK
    I'm afraid I don't buy these explanations, even though it would be nice to think that were the reason. Problem is, policy-makers around the world have a dismal track-record of producing these bizarre proposals, has happened in my country repeatedly - a combination of fibbing about requirements, exaggerating the benefits, then making proposals that ignore the feasibility,costs and iatrogenics.
    And the reason for the proposals emerging are (maybe in combination):
    a) the consultants and technologists involved are taking the money and giving their masters the messages they want to hear; dissenting voices are not allowed.
    b) this is the old ploy of coming out with a dreadful proposal on the basis that just maybe, the one they wanted all along will not be seen as quite so outrageous.
     
  9. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    I hope the new version won't ban encryption altogether...
     
  10. driekus

    driekus Registered Member

    Joined:
    Nov 30, 2014
    Posts:
    489
    Maybe they will ask to have printed copies of all communications mailed to the government. ;)
     
  11. subhrobhandari

    subhrobhandari Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    708
    This is all over news here, and there's a lot of heat.

    http://www.dnaindia.com/india/repor...ffected-emails-operating-systems-wifi-2127715


    This was proposed


    Quoting the telecom minister, from Indian Express


    Why this was removed, from official press release


    And an excellent article here.
     
  12. driekus

    driekus Registered Member

    Joined:
    Nov 30, 2014
    Posts:
    489
    Maybe that will be the defense for the Office of Personel Management. ;)

    Does the Indian government specify that the password file needs to be called passwords.txt :)
     
  13. UnknownK

    UnknownK Registered Member

    Joined:
    Nov 3, 2012
    Posts:
    160
    Location:
    Unknown
    Come to think of it, I think you are probably right. Not everyone who proposes this type of ridiculous thing is an idiot. People with expertise can be bought to say really stupid things that their political masters want to hear and many of them really have no problem doing this.
     
Loading...