Want CNET to notify you of price drops and the latest stories?

Outcry forces India to amend legislation that would ban deletion of emails, IMs

A draft of the country's encryption policy would have made it mandatory for residents to keep all encrypted data, which includes Gmail and WhatsApp, for 90 days.

Daniel Van Boom Senior Writer
Daniel Van Boom is an award-winning Senior Writer based in Sydney, Australia. Daniel Van Boom covers cryptocurrency, NFTs, culture and global issues. When not writing, Daniel Van Boom practices Brazilian Jiu-Jitsu, reads as much as he can, and speaks about himself in the third person.
Expertise Cryptocurrency, Culture, International News
Daniel Van Boom
2 min read

Enlarge Image
Photo by James Martin/CNET

A wave of outrage over clauses in a draft of its new National Encryption Policy, which seeks to improve India's cybersecurity, has led the government to amend the proposed legislation.

The policy draft, written by the Department of Electronics and Information Technology, stipulated that mobile users in the country would be legally required to store any encrypted communications on their devices for up to 90 days -- and could be punished if they failed to comply.

Almost every Internet-based method of communication uses some level of encryption. This means that deleting messages that are less than three months old from widely used instant messengers, like WhatsApp, Viber and Hike, as well as from e-mail clients such as Gmail, would be illegal.

"All information shall be stored by the concerned [organisations/citizens] entity for 90 days from the date of transaction and made available to Law Enforcement Agencies as and when demanded in line with the provisions of the laws of the country," the draft read.

However, following public and social media outcry, an amendment was made excluding "mass encryption products" like the above mentioned services from the policy.

Another controversial measure that was outlined in the original draft stated that all services that offer encrypted communications were to alert themselves to the government.

"All vendors of encryption products shall register their products with the designated agency of the Government," it read. "While seeking registration, the vendors shall submit working copies of the encryption software / hardware to the Government along with 4 professional quality documentation, test suites and execution platform environments."

The draft policy is likely to change more, as the department has opened it up for public comment until October 16.

It comes months after the issue of Net neutrality was a hot topic in India. At the heart of the debate was telco Airtel, who attempted a zero-rating plan which involved select sites, like e-retail giant Flipkart, becoming data-free for customers, which some cited as anti-competitive practice.