Government's welcome U-turn: your WhatsApp texts are still private

Yesterday, on 21 September, the government told the citizens of India to pretty much throw all their notions of individual rights and privacy out of the window. Today, 22 September, thankfully for the bewildered citizens, the government has withdrawn the draft National Encryption Policy that would have drastically altered how services like WhatsApp and others operate.

Telecom Minister Ravi Shankar Prasad told reporters: "I personally feel that some of the expression used in the draft are giving rise to uncalled-for misgivings. Therefore, I have written to DeitY to withdraw that draft, rework it properly and thereafter put in the public domain."

The draft policy states: All citizens (C), including personnel of Government / Business (G/B) performing non-official / personal functions, are required to store plain texts of the corresponding encrypted information for 90 days from the date of transaction and provide the verifiable plain text to Law and Enforcement Agencies as and when required as per the provision of the laws of the country.

If the policy was to be implemented, here's how it would have affected the layman:

1. The policy is applicable to all citizens and covers all of their personal usage. So that #DrunkTextFromLast night could have been cause for more concern than you imagined.

2. It also applies to all Central and State government departments, all statutory organizations and business and commercial establishments, including public sector undertakings and academic institutions.

3. If the government demanded the plain text then the individual or group would have to hand it over to the Law Enforcement Agencies. This is in accordance with the provisions and laws of the country.

4. In simple terms, at the moment, the data you send is encrypted from end-to-end, meaning only the user sending it and the user receiving it can see it. However, this law would have reversed that privacy.

5. Essentially, the data would have remained unencrypted for 90 long days and hence, would have been vulnerable to hackers.

There was no clarity on what all data would come under this policy, but for now, the government has listened to public feedback and withdrawn the controversial draft.

Small mercies.