The Government has confirmed that it will exempt WhatsApp and social media like Facebook, Twitter, payment gateways, e-commerce and password based transactions from the Draft National Encryption Policy.
The latest move comes from the Government after the public outcry over the new draft encryption policy that made it mandatory for users to store data in plain text (unencrypted) format for 90 days. The draft was formulated by an expert group set up by the Department of Electronics and Information Technology (DeitY) under Section 84A of the Information Technology Act, 2000. The encryption policy was proposed to enhance information security in India. But experts argue that if enforced in its current form, the policy could make personal information vulnerable to hacking.
The following categories are being exempted from the purview of the draft national encryption policy:
1. The mass use encryption products, which are currently being used in web applications, social media sites, and social media applications such as Whatsapp,Facebook,Twitter etc.
2. SSL/TLS encryption products being used in Internet-banking and payment gateways as directed by the Reserve Bank of India
3. SSL/TLS encryption products being used for e-commerce and password based transactions.