NASSCOM and DSCI (Data Security Council of India) have proposed that law enforcement agencies should only be allowed to decrypt data on the device that is already with them and not remotely access/decrypt other encrypted information. This will, their new discussion paper argues, form the basis for “formulating a strong legal mechanism that could restrict LEA to access information only in legitimate cases”. The paper believes that this will satisfy the needs of the law enforcement agencies and address concerns of mass surveillance that have been raised by privacy advocates. A strong encryption policy framework needs to address two concerns, as per the report, “state interception of information, and the citizen’s right to privacy and data protection”. NASSCOM-DSCI are inviting comments and responses to the discussion paper until September 30, 2020 at policy@nasscom.in. The report has been prepared by NASSCOM and DSCI with research by and inputs from Quantum Hub Consulting. Questions raised by the report The paper has asked several important questions related to encryption and the kind of measures that can be taken to check government surveillance: Should a right to deploying encryption be recognised in line with the right to privacy as held by the Supreme Court in the Puttaswamy judgement? Should the Review Committee, that issues interception orders under the Telegraph Act in India, include judiciary members? Should there be any disclosure requirements imposed upon the government in relation to interception, monitoring and decryption orders? How would India’s legal framework need to change to be compatible…
