Taking a sharp U-turn on the controversy raised after government's plan to snoop on social media sites like whatsapp,SMS and email, the Department of Electronics and Information Technology has cleared the air that these apps are being exmepted.
According to the statement issued by the department, the mass-use encryption products, which are currently being used in web applications, social media sites, and social media applications such as WhatsApp, Facebook, Twitter etc are being exempted from the purview of the draft National Encryption Policy, said a proposed addendum to the policy posted on the department's website.
Also, encryption products used in Internet banking and payment gateways, and those used for e-commerce and password-based transactions will be exempted as well.
The draft new encryption policy had originally envisaged that every message sent through WhatsApp, SMS, e-mail or any such service must be stored in plain text format for 90 days and made available on demand to security agencies.
all the modern messaging services like WhatsApp, Viber come with high level of encryption and many a time security agencies find it hard to intercept these messages.
"All information shall be stored by the concerned B/C entity for 90 days from the date of transaction and made available to Law Enforcement Agencies as and when demanded in line with the provisions of the laws of the country," the draft said.
The draft has defined 'B category' as all statutory organizations, executive bodies, business and commercial establishments, including all Public Sector Undertakings, academic institutions.
The 'C category' as per the draft are all citizens including personnel of government and business performing non-official or personal functions.
"The common man is not likely to be impacted by this (proposal)," an IT Ministry spokesperson had earlier said.
In case of the user having communicated with foreigner or entity abroad, then the primary responsibility of providing readable plain text along with the corresponding encrypted information would be that of the user in the country, as per the original draft.
Besides this, all service providers located within and outside India that use encryption technology for providing any type of services in India must register themselves with the government, as per the draft.
The draft proposes to introduce the New Encryption Policy under Section 84 A of Information Technology Act, 2000. This section was introduced through amendment in 2008.
The sub-section 84 C that was also introduced through the amendment has provision of imprisonment for violation of the act.