Draft encryption policy: Frequent changes in key positions & talent crunch in DeitY led to the debacle

Draft encryption policy: Frequent changes in key positions & talent crunch in DeitY led to the debacle

As the blame game for the fiasco created by the draft National Encryption Policy plays out, experts are asking if frequent changes in key positions and a talent crunch in the Department of Electronics and Information Technology (DeitY) led to the debacle.

After the government held a junior scientist responsible, officers in the department are now pointing fingers at each other, while maintaining all along that due procedure was followed.

"You think anything in the government moves without due procedure? All I can tell you is that all rules and regulations were followed," said an official who requested anonymity. The draft policy, which proposed that social media text messages be stored for scrutiny by the government, was withdrawn after a public outcry.

Another set of officials alleged that the junior officer did not seek the advice of higher-ups before making the policy public. Some officials said they were out of the country when the policy was released online and others said they were not involved in framing it, laying the blame squarely on the junior official.

The episode has led experts to ask whether organisational instability in DeitY over the past few months led to the embarrassment. The department, which is part of the Ministry of Communications and IT, has the mandate of running the government's ambitious Digital India project. However, several key posts have been lying vacant for many months. DeitY has also seen several changes, including that of the secretary, additional secretary and joint secretary, over the last one month.

"Unfortunately, DeitY has gone through a number of changes very frequently. Every change affects function and decision making," said an official of a Big Four consultancy firm, who requested not to be identified.

While the position of the director general of the National Informatics Centre (NIC), which manages technology of the entire government machinery, has been lying vacant for over a year, the key post of director general of the Computer Emergency Response Team (CERT) has not been filled after Gulshan Rai was appointed national cyber security chief under the PMO in March.

CERT is responsible for warding off and fighting cyber attacks. While ministry officials have been given additional ge of these positions, it may be adding to instability and workloads. Nodal officer for the encryption policy is supposed to be the group coordinator for cyber law -- but there is confusion in the ministry on who holds that post after Rai moved to the PMO.

Even the National e-Governance Division and the Controller of Certifying Authorities are being run by acting chiefs for months now. Appointments to the position of additional secretary (egovernance) and joint secretary (electronics) are also awaited.

"Though vacancies and frequent changes are routine in the government, the secretary, additional secretary and joint secretary, all in charge of the same function - e-governance - should not have been changed at the same time, especially with all the focus on Digital India," said another technology consultant. The person added that because of these vacancies, several key initiatives such as restructuring of NIC have been stuck.

Ministry officials, while conceding that there are vacancies, countered by saying that business in the government never stops. "There are lots of competent people in the department to take on additional responsibilities," said a senior official of the department.

The first consultancy official said there is a vacuum in the department in terms of the second rung of leadership.


Iran blocks encrypted messaging apps amid nationwide protests

For the past six days, citizens have taken to the streets across Iran, protesting government oppression and the rising cost of goods. Video broadcasts from the country have shown increasingly intense clashes between protesters and riot police, with as many as 21 people estimated to have died since the protests began. But a complex fight ...

Bitcoin Exchange Has Been Forced to Close After Second Cyber-Attack

A South Korean Bitcoin exchange has been forced to close after suffering another major cyber-attack. Youbit claimed it was “very sorry” but has filed for bankruptcy after it suffered the cyber-attack, less than eight months after the first. In a statement in Korean on its homepage the firm said it had lost 17% of its ...

It is difficult for the FBI to crack most smartphone encryption

The FBI is struggling to decode private messages on phones and other mobile devices that could contain key criminal evidence, and the agency failed to access data more than half of the times it tried during the last fiscal year, FBI Director Christopher Wray told House lawmakers. Wray will testify at the House Judiciary Committee ...

Texas Church Shooting: More Calls for Encryption Backdoors

US Deputy Attorney General, Rod Rosenstein, has decided to use the recent mass shooting at a Texas church to reiterate calls for encryption backdoors to help law enforcers. The incident took place at the First Baptist Church in Sutherland Springs, killing at least 26 people. Deceased suspect Devin Kelley’s mobile phone is now in the ...