The Department of Telecommunication (DoT) released the first draft for the National Digital Communication Policy yesterday. One of the three key focuses of the policy is ensuring digital sovereignty, safety and security of digital communications. By contrast, the previous National Telecom Policy 2012 finds only three mentions of safety, without any specific goals or plans.
The policy’s security goals emphasize on upholding net neutrality principles, safeguarding individual’s freedom and choice, developing digital network security, building testing capacity and standards for security mechanisms, addressing security-related issues in encryption and security clearance, among others.
Some key policy highlights:
Change in legal framework
- The policy speaks of amending licenses and terms and conditions to incorporate provisions of privacy and data protection.
- It speaks of protecting data by enforcing core principles of data protection and security principles are applied and enforced.
- Promoting the use of indigenous communication products and services.
On net neutrality
- The policy listed amending license agreements to incorporate the principles of non-discriminatory treatment of content, along with appropriate exclusions and exceptions as necessary.
- It also mentioned introducing appropriate disclosure and transparency requirements for ensuring compliance with net neutrality principles.
Developing standards and policy
- The policy discussed formulating policy on encryption and data retention, keeping in mind India’s legal and regulatory regime as well as global standards.
- The draft mentioned forming a Telecom Testing and Security Certification (TTSC) for enforcing security standards in digital communication.
- It also put emphasis on enhancing institutional capacity for testing through domestic testing hubs.
- It put emphasis on aligning legal and regulatory frameworks for security standards—BIS Act, Electronics & Information Technology Goods (Requirements for Compulsory Registration) Order, Indian Telegraph Act, etc.
- It spoke of aligning with global standards on safety and security.
- The policy speaks of establishing a Central Equipment Identity Registry for addressing security, theft, reprogramming mobile phone identity.
- It added forming lawful interception agencies with interception and analysis systems.
- Increasing user awareness about security related issues on networks, devices and services.
As security concerns have mounted over past years, the government has become more aware of the need of safety. The TRAI has already given out a consultation paper on data protection for making specific rules on it, and asked for stakeholder comments and recommendations. Last year, the Ministry of Electronics & Information Technology issued guidelines saying that all government related data from state and central departments residing in cloud storage networks should be located servers in India and not in foreign countries. More recently, the RBI mandated that all payments system operators working in India must ensure that data related to payment systems operated by them is stored in the country.
While the draft policy’s emphasis on security seems like a step in the right direction, details on specific schemes, programmes and policies directed to citizens and industry will be the real indicator of the policy’s possible impact.