A wave of outrage over clauses in a draft of its new National Encryption Policy, which seeks to improve India's cybersecurity, has led the government to amend the proposed legislation.
The policy draft, written by the Department of Electronics and Information Technology, stipulated that mobile users in the country would be legally required to store any encrypted communications on their devices for up to 90 days -- and could be punished if they failed to comply.
Almost every Internet-based method of communication uses some level of encryption. This means that deleting messages that are less than three months old from widely used instant messengers, like WhatsApp, Viber and Hike, as well as from e-mail clients such as Gmail, would be illegal.
"All information shall be stored by the concerned [organisations/citizens] entity for 90 days from the date of transaction and made available to Law Enforcement Agencies as and when demanded in line with the provisions of the laws of the country," the draft read.
Another controversial measure that was outlined in the original draft stated that all services that offer encrypted communications were to alert themselves to the government.
"All vendors of encryption products shall register their products with the designated agency of the Government," it read. "While seeking registration, the vendors shall submit working copies of the encryption software / hardware to the Government along with 4 professional quality documentation, test suites and execution platform environments."
The draft policy is likely to change more, as the department has opened it up for public comment until October 16.
It comes months after the issue of Net neutrality was a hot topic in India. At the heart of the debate was telco Airtel, who attempted a zero-rating plan which involved select sites, like e-retail giant Flipkart, becoming data-free for customers, which some cited as anti-competitive practice.