is you encrypted data safe?

[chubs159]

India has published a new proposal to change the law on encrypted applications. The new proposal states that any applications using encryption must store plain text documents of all encrypted data for 90 days. They also require any overseas companies using encryption to submit their full crypto software, testing suites, and supporting documentation. They will not allow any encrypted algorithms or key lengths that have not been approved by the government. The only exceptions to this new rule are SSL/TLS and sensitive government departments. SSL is a standard security technology to establish an encrypted link between a web server and a browser, and TLS is a successor to SSL. So you don't have to worry about hackers getting your credit card info when you buy something on amazon with the LTT affiliated code. Google and apple are already fighting their domestic security agencies, so they aren’t likely to comply with the Indian government on this issue. These are proposal rules only, and the Indian government does have a public comment period open until october 16th.

full article: http://www.theregister.co.uk/2015/09/21/indias_proposed_rules_on_encryption/

[Arty]

http://linustechtips.com/main/topic/11724-read-before-posting-in-this-section/

[Centurius]

India has tried shit like this before, most companies usually just flip them the bird.

[babadoctor]

India has tried shit like this before, most companies usually just flip them the bird.

this bird?

<3

[blackadder]

Hmmm. Good at circular arithmetic anyone?

[Trik'Stari]

Good luck enforcing that on the entirety of the internet.

[ThomasD]

How do you say "all your privacy are belong to us" in Hindi?

[adamdidthis]

How do you say "all your privacy are belong to us" in Hindi?

सब आपकी गोपनीयता हमारे लिए संबद्ध हैं

[BobbyG2]

Oh lovely, the government feels they have a right to use encryption bit god forbid the people and companies use it...

[rockking1379]

So what I see out of this is an application should use TLS to connect to a web server before downloading user data. Then upon exit, delete said data so as not to actually "use" encryption

[Rohith_Kumar_Sp]

Related : http://linustechtips.com/main/topic/454123-is-you-encrypted-data-safe/

The government of India doesn’t understand the concept of online privacy and the importance of encryption. A new government body of “experts” has proposed a new Encryption Policy ruling out the need of online encryption.

The Indian government has made a fool of itself by creating an environment of anxiety with its newly proposed unmindful national encryption policy.

 

The Department of Electronic and Information Technology (Deity) has made a body of “experts” that has proposed a new Draft Encryption Policy that rules outthe need of online encryption.

 

This so-called expert panel has proposed that a company, or a user, will have to store the plain text of the corresponding encrypted information for future 90 days. This makes your data unencrypted and vulnerable for good 90 days.
 

The policy states:

“….user shall reproduce the same Plain text and encrypted text pairs using the software/hardware used to produce the encrypted text from the given plain text. All information shall be stored by the concerned B/C (business/citizen) entity for 90 days from the date of transaction and made available to Law Enforcement Agencies as and when demanded in line with the provisions of the laws of the country.”
 

This new encryption policy defeats the fundamental principle and the need of encryption. According to this, you are required to store your encrypted data, information, passwords etc. for the next 90 days.
 

 

Most of you don’t even know which parts of your online activity is encrypted, leave aside the act of saving and storing it. Another big-fat misguided statement in the policy is:

“…encryption algorithms and key sizes will be prescribed by the Government.”
 

With this, the government wants the thousands of services to follow the norms and encryption technologies prescribed by the government and risk the security of the user data.
 

This also means you may need to keep a copy of all the chats done using encrypted messaging service such as Google Hangouts, WhatsApp, or Apple’s iMessage, for 90 days. This could happen if the proposed National Encryption Policy is implemented without any change.
 

The government of India is already facing flak over its buggy net neutrality policies, and it has once again made a fool of itself with is new national encryption policy – that rejects the need of encryption.
 

You can read/download the complete policy draft here 

Source : 

http://gadgets.ndtv.com/internet/features/deleting-a-whatsapp-message-could-become-illegal-in-india-742503

http://timesofindia.indiatimes.com/tech/tech-news/Deleting-WhatsApp-Google-Hangouts-messages-could-become-illegal-in-India/articleshow/49046713.cms

[kwljunky]

 

 

They do understand the concept, they just don't like it very much. 

[Rohith_Kumar_Sp]

 

 

They do understand the concept, they just don't like it very much. 

that's actually Bangladesh train - Indo-Bangladesh train.

[jurian123]

eh kden well in america you have 0 privacy with NSA behind there computer  

[Sunako]

repost even thou this one is better writen.

http://linustechtips.com/main/topic/454123-is-you-encrypted-data-safe/

[Dabombinable]

Repost: http://linustechtips.com/main/topic/454123-is-you-encrypted-data-safe/

[Rohith_Kumar_Sp]

repost even thou this one is better writen.

http://linustechtips.com/main/topic/454123-is-you-encrypted-data-safe/

Repost: http://linustechtips.com/main/topic/454123-is-you-encrypted-data-safe/

that post didn't even have India in the title, i think i deserve a break.  

[Sunako]

not made just letting you know your post was much better i wish if  could stand

[beingGamer]

Related : http://linustechtips.com/main/topic/454123-is-you-encrypted-data-safe/

The government of India doesn’t understand the concept of online privacy and the importance of encryption. A new government body of “experts” has proposed a new Encryption Policy ruling out the need of online encryption.

The Indian government has made a fool of itself by creating an environment of anxiety with its newly proposed unmindful national encryption policy.

 

The Department of Electronic and Information Technology (Deity) has made a body of “experts” that has proposed a new Draft Encryption Policy that rules outthe need of online encryption.

 

This so-called expert panel has proposed that a company, or a user, will have to store the plain text of the corresponding encrypted information for future 90 days. This makes your data unencrypted and vulnerable for good 90 days.

 

The policy states:

“….user shall reproduce the same Plain text and encrypted text pairs using the software/hardware used to produce the encrypted text from the given plain text. All information shall be stored by the concerned B/C (business/citizen) entity for 90 days from the date of transaction and made available to Law Enforcement Agencies as and when demanded in line with the provisions of the laws of the country.”

 

This new encryption policy defeats the fundamental principle and the need of encryption. According to this, you are required to store your encrypted data, information, passwords etc. for the next 90 days.

 

 

Most of you don’t even know which parts of your online activity is encrypted, leave aside the act of saving and storing it. Another big-fat misguided statement in the policy is:

“…encryption algorithms and key sizes will be prescribed by the Government.”

 

With this, the government wants the thousands of services to follow the norms and encryption technologies prescribed by the government and risk the security of the user data.

 

This also means you may need to keep a copy of all the chats done using encrypted messaging service such as Google Hangouts, WhatsApp, or Apple’s iMessage, for 90 days. This could happen if the proposed National Encryption Policy is implemented without any change.

 

The government of India is already facing flak over its buggy net neutrality policies, and it has once again made a fool of itself with is new national encryption policy – that rejects the need of encryption.

 

You can read/download the complete policy draft here 

Source : 

http://gadgets.ndtv.com/internet/features/deleting-a-whatsapp-message-could-become-illegal-in-india-742503

http://timesofindia.indiatimes.com/tech/tech-news/Deleting-WhatsApp-Google-Hangouts-messages-could-become-illegal-in-India/articleshow/49046713.cms

Wrong.

Don't fall into media's trap.

All they want you to do is believe that current Gov is against your privacy etc.

Services liek whatsapp, facebook etc do not fall under this. nothing to do with Social media.

[beingGamer]

With reference to the above quote marked in red & big font

 

 

(http://imgur.com/vxkzpg8)

 

Admin please close this thread.

Its a media lie being spread without fact checking.

[Rohith_Kumar_Sp]

Update : Public outrage forces government to withdraw the controversial Draft National Encryption Policy

 

The controversial Draft National Encryption Policy proposed by the government has been withdrawn, say sources. The proposed policy that was seen as draconian in nature was met with widespread protests from Indian Internet users and experts. A new draft of the policy will be issued soon after considering all aspects to secure the internet consumers.

 

The policy says it aimed to encourage use of encryption and intends to put regulations in place for the purpose. However, a reading of some of its provisions reveals a different face.

According to the original version of the draft policy, users of services that use encryption to secure communication, such as WhatsApp and other instant messaging services, could have been required to store all their communication for as long as 90 days and make them available to law enforcement agencies when legally asked to.
 

Buckling under public pressure the Department of Electronics & Information Technology (DeitY) took a U-turn and issued an addenum to the original draft clarifying that "mass use encryption products, which are currently being used in Web applications, social media sites, and social media applications such as Whatsapp, Facebook, Twitter," will be exempted, along with "SSL/TLS encryption products being used in Internet - banking and payment gateways as directed by the Reserve Bank of India."
 

The draft policy says that that service providers using encryption technology or those providing such services in India "must enter into an agreement with the government for providing such services in India." A large number of communication and other services use some form of encryption. This means thousands of companies around the world providing such services will be required to enter into an agreement with the Indian government, something that experts think is unrealistic.

The policy also requires businesses and users to store communication in both unencrypted and encrypted forms. This defeats the very purpose of encryption.
 

According to the draft policy, the government will also prescribe the algorithms and key sizes for encryption. The government's choices of encryption technology has also invited criticism.

Given the large number of flaws in the proposed policy coupled with the widespread backlash, the government is already rethinking the policy and it is expected to be withdrawn soon.