--- layout: default title: "Govt Presses 'Undo' Button on Draft Encryption Policy" description: "A Business Standard news report on the government's withdrawal of the controversial draft National Encryption Policy following widespread outrage, featuring Sunil Abraham's analysis on appropriate encryption regulation scope, IT Minister Ravi Shankar Prasad's clarifications, and opposition party criticisms of the 90-day plaintext storage mandate." categories: [Media mentions] date: 2015-09-23 source: "Business Standard" permalink: /media/govt-withdraws-encryption-policy-business-standard/ created: 2026-01-10 --- **Govt Presses 'Undo' Button on Draft Encryption Policy** is a *Business Standard* news report published on 23 September 2015. The article covers the government's hasty withdrawal of the draft National Encryption Policy following fierce criticism from technology activists, industry executives, and opposition parties over provisions requiring 90-day plaintext storage of all encrypted communications and mandatory government access, featuring IT Minister Ravi Shankar Prasad's damage control statements, Sunil Abraham's recommendations on limiting policy scope to government agencies, and political responses from Congress and AAP characterizing the policy as totalitarian surveillance infrastructure. ## Contents 1. [Article Details](#article-details) 2. [Full Text](#full-text) 3. [Context and Background](#context-and-background) 4. [External Link](#external-link) ## Article Details
đź“° Published in:
Business Standard
đź“… Date:
23 September 2015
đź“„ Type:
News Report
đź“° Article Link:
Read Online
## Full Text

The government on Tuesday scrapped a draft national encryption policy that mandated firms and individuals to allow authorities access to all encrypted information on email, apps, websites and business servers.

The decision came a day before Prime Minister Narendra Modi embarked on a visit to the US, where he is expected to meet leaders of firms such as Apple, Facebook, Google and Tesla. Activists and executives from technology firms had expressed outrage on the draft policy, saying the move would have taken India a step back in technology adoption.

At a meeting of the Union Cabinet on Tuesday, Modi was livid at the controversy generated by the draft policy and directed officials to withdraw it ahead of his US trip, sources said.

The draft had global ramifications, as Facebook, Twitter and messaging apps such as WhatsApp were named in it.

Ravi Shankar Prasad, Union minister for communications and information technology, distanced the government from the draft hosted on the IT department site, but admitted it gave "uncalled-for misgivings". He directed officials to rework the draft but did not set a timeframe for seeking feedback from the public.

"Yesterday (Monday), it was brought to our notice that the draft had been put in the public domain for, seeking comment. I read the draft. I understand that the manner in which it was written could lead to misconceptions. I have asked for the draft policy to be withdrawn and reworded. I personally feel some of the expressions used in the draft are giving rise to uncalled-for misgivings," Prasad said. "Experts had framed the draft policy. It is not the government's final view."

According to the original draft, the encryption policy sought every message sent by a user, be it through services such as WhatsApp, an SMS or an email, be mandatorily stored in plain text format for 90 days and made available on demand to security agencies. Failure to do so, it added, would draw legal action.

This was because typically, all messaging apps and services such as WhatsApp, Viber, Line, Google Chat and Yahoo! Messenger have high levels of encryption, which security agencies find hard to crack and intercept.

Early on Tuesday, before Prasad announced the withdrawal of the draft policy, the government had issued an addendum to keep social media and web applications such as WhatsApp, Twitter and Facebook out of its purview.

In a three-point clarification, the Department of Electronics and Information Technology (DeitY) said some encryption products were exempt. "Mass-use encryption products, currently being used in web applications, social media sites and social media applications, such as WhatsApp, Facebook and Twitter…SSL/TLS encryption products being used in internet banking and payment gateways, as directed by the Reserve Bank of India", and SSL/TLS encryption products being used for e-commerce and password based transactions," it said.

"Ideally, the new policy should only focus on two objectives: It should mandate encryption standards within the government, military, law enforcement and intelligence agencies. It shouldn't regulate the use of encryption by the private sector; the private sector should be allowed to use whatever it believes is appropriate, as long as it is considered a reasonable security measure by courts, under section 43A of the IT Act," said Sunil Abraham, director, Centre for Internet and Society (CIS).

Prasad reiterated the government, under the leadership of Prime Minister Narendra Modi, had promoted social media activism. "The right of articulation and freedom we fully respect. But at the same time, we need to acknowledge that cyber space transaction is rising enormously for individuals, businesses, the government and companies," he said.

Opposition parties slammed the Draft policy. Congress communications in-charge Randeep Surjewala said, "Subjugation of individual freedom, surveillance of the citizen and suppression of dissent have emerged as the DNA of the Narendra Modi-led BJP government. The draft policy on encryption, first circulated, then amended and now, withdrawn with a rider for re-issuing it, is a totalitarian, misconceived and a failed attempt of the Modi government to override all sense of individual freedom of speech and expression and encroach upon the right to privacy of communication…With 243.1 million internet users in India at the end of 2014 (173 million being mobile internet users), 112 million Facebook users, 80 million WhatsApp users, 22 million Twitter users and 950 million mobile connections, the intrusion of individual liberty is fraught with dangerous dimensions under the Modi government."

Aam Aadmi Party spokesperson Raghav Chadha said, "Only a fascist government can bring such a policy. The draft policy was in violation of the right to personal liberty and the fundamental tenets of freedom of speech and expression…the draft policy was for snooping. It presupposes the 1.2 billion people of India are potential criminals. It reflects the inclination of the government and its intention to turn India into a totalitarian state."

About the National Encryption Policy

Five things the government draft policy wanted

Things that caused outrage

Amendment & withdrawal

{% include back-to-top.html %} ## Context and Background This news report captured a rare instance of rapid government policy reversal driven by technological community mobilization and diplomatic timing pressures. The draft National Encryption Policy released by the Department of Electronics and Information Technology on 21 September 2015 proposed sweeping surveillance powers requiring all encrypted communications—including WhatsApp messages, emails, and SMS—be stored in plaintext format accessible to authorities for 90 days. The policy's withdrawal within 24 hours followed intense criticism from civil society organizations, technology companies, and political opposition ahead of Prime Minister Modi's high-profile Silicon Valley visit. Abraham's recommendation to restrict encryption policy to government, military, and intelligence agencies whilst leaving private sector encryption unregulated reflected international best practices from jurisdictions balancing security and privacy concerns. His reference to Section 43A of the IT Act 2000—which imposed data protection obligations on private entities handling sensitive personal information—suggested encryption strength should be evaluated as a reasonable security measure by courts rather than prescribed by government mandate. This approach would have avoided the policy's fundamental contradiction: weakening encryption for surveillance purposes simultaneously undermined the information security the policy purported to enhance. The 90-day plaintext storage requirement revealed misunderstanding of encryption's technical function and security implications. End-to-end encrypted messaging services like WhatsApp, by design, ensured only communicating parties possessed decryption keys—service providers themselves couldn't access plaintext even if legally compelled. Requiring plaintext storage would necessitate either eliminating end-to-end encryption entirely (reverting to vulnerable client-server models) or implementing key escrow systems where copies of decryption keys remained accessible to authorities—precisely the "backdoor" architecture cryptography experts globally opposed as creating systemic vulnerabilities exploitable by malicious actors beyond law enforcement. The policy's hasty amendment exempting social media platforms and banking SSL/TLS encryption before complete withdrawal illustrated ad-hoc crisis management rather than considered policy development. The initial draft's breadth—covering individual users alongside service providers—would have criminalized ordinary citizens using encrypted communications without maintaining plaintext archives, an absurd compliance burden. The timing of withdrawal one day before Modi's US trip where meetings with Apple, Facebook, and Google CEOs were scheduled demonstrated diplomatic considerations overriding domestic surveillance ambitions when international technology industry relationships were at stake. ## External Link - [Read on Business Standard](https://www.business-standard.com/article/economy-policy/govt-presses-undo-button-on-draft-encryption-policy-115092201014_1.html)