Every message that is sent, through email, Whatsapp or SMS, should be stored in plain text format for 90 days from the date of transaction and should be made available to the law enforcement agencies on demand, says a draft National Encryption Policy.
The mission of the policy is to provide confidentiality of information in cyber space for individuals, protection of sensitive or proprietary information for individuals and businesses, ensuring continuing reliability and integrity of nationally critical information systems and networks, it said.
“Users or organizations within B group (that is business to business sector) may use encryption for storage and communication. Encryption algorithms and key sizes shall be prescribed by the government through notifications from time to time,” the draft said.
“On demand, the user shall be able to reproduce the same plain text and encrypted text pairs using the software or hardware used to produce the encrypted text from the given plain text. Such plain text information shall be stored by the user or organization or agency for 90 days from the date of transaction and made available to law enforcement agencies as and when demanded in line with the provisions of the laws of the country.”
The objectives of the draft policy is to synchronise with the emerging global digital economy, network society and use of encryption for ensuring the security, confidentiality of data and to protect privacy in information and communication infrastructure without unduly affecting public safety and national security, it added.
The draft proposes to introduce the New Encryption Policy under section 84A of Information Technology Act 2000.
The last date for public to comment on the draft is October 16.