Instead of asking citizens to dial down digital privacy, the govt must work on meeting the challenges this poses for it
Privacy is one area where the governments have seldom seen eye-to-eye with citizens in the digital age—while people vie for greater privacy, governments have backed greater surveillance. Against this backdrop, the Indian government, too, is set to bring a policy on what data of private parties (companies and individuals) should and shouldn’t be accessible to the government agencies in the name of security. The government is taking another shot at bringing a National Encryption Policy after introducing a draft last September—and withdrawing it within a week, following protests over “government overreach” and “violation of privacy”. The digital-privacy debate has been on for sometime now in the West, particularly in the US after the Snowden expose. The latest FBI and Apple tangle, too, has stirred the waters. In India, the government, paradoxically, is trying to both strengthen and weaken digital security.
The new draft is expected to set a new, higher encryption standard, but there is a chance that the government might make storing messages in plain text for a period of 90 days mandatory. While upgrading encryption from the current 40 bits to 256 bits will be a welcome step, given that globally some companies, like Google, have moved on to 2048-bit RSA encryption, asking companies to provide the keys to encryption violates privacy. At the same time, asking users to store messages on their phones leaves their privacy vulnerable to hackers. The government would do better if it were to upgrade its security and tracking protocols as well as working on its own resources to meet challenges that higher encryption standards may pose for national security.