Data encryption policy blamed on lack of talent, key changes: Report


Data encryption policy blamed on lack of talent, key changes: Report

The whole draft encryption policy episode has left netizens with a bitter-sweet taste. And now, the blame game has begun.

Soon after the government retracted the policy and said it was simply wrongly worded which led to the confusion, it has blamed a junior scientist for the fiasco. An official now told The Economic Times that ‘you think anything in the government moves without due procedure? All I can tell you is that all rules and regulations were followed.’

The report adds that some officials said that the junior officer didn’t seek advice of higher-ups while some other said they were out of the country.

Citing an official of a Big Four consultancy firm who didn’t want to reveal his identity, the report adds that DeitY has undergone several changes and this could have affected the function and decision making.

Director general of the National Informatics Centre (NIC) responsible to manage the technology of the entire government machinery has been vacant for more than a year now. However, a senior officer said there are many competent people who can take on additional responsibilities.

The government had released a draft encryption policy aimed at keeping a tab on the use of technology by specifying algorithms and length of encryption keys used by ‘all’. It wanted businesses, telcos and Internet companies to store all encrypted data for 90 days in plain text which should be presented before the law enforcement agencies whenever asked to. Moreover, failing to do so would mean legal action as per the laws of the country.

After a huge outcry, the government put out an addendum clarifying the exempted products such as social media sites including WhatsApp, Facebook and Twitter; payment gateways; e-commerce and password based transactions and more from the draft policy. The outcry finally led the government to withdraw the draft policy.

Caution needed with anti-encryption tools that dodge data retention surveillance


Caution needed with anti-encryption tools that dodge data retention surveillance

Hot on the heels of Canberra’s successful push for mandatory retention of telco records about who we call, and how much we web surf, and when we email, we sense a new debate about technologies that scramble the actual contents of our communications, so an investigator may be able to work out who we called or mailed, but never what was said or written.

Recent media articles have noted that the New South Wales Crime Commission has been hindered by phone systems that encrypt conversations that prevent a crime fighter from eavesdropping. While the new data retention laws may alert Batman to the fact that Joker and Penguin have been trading a lot of calls lately, and Commissioner Gordon might be more than willing to authorise a bat-intercept on the strength of that information, the chase comes to naught when the caped crusader’s phone tap reveals nothing more than gibberish on the line.

As Fairfax Media also reports, drug dealers and money launderers are using Phantom Secure, an encryption tool for Blackberry messages, and BlackPhones, a voice encrypter for Android phones, to communicate in code. No doubt terrorists are customers for the same technologies. So, just months after the national parliament reached an accord on mandatory requirements for communications companies to retain details about our calls, messages and web surfing, do we need to decide the even thornier questions of whether a ban on certain voice and data encryption tools is possible and, if so, whether it would be the right thing to do?

That’s a key difference between the existing so-called metadata retention law and any move against products like Phantom Secure and BlackPhone.All the retention law does, and even this much is highly contentious from a civil liberties perspective, is requires comms companies to keep certain transactional records.

A law dealing with encryption technologies would need to go much further, criminalising hardware, software and services that are already in common use including, as New South Wales police readily agree, by legitimate businesses. Mind you, as the human rights movement would point out, you needn’t be a business to have a right to communicate privately.

What might an anti-encryption law look like? 99 per cent of all encryption would have to be excepted. Every time we visit an authenticated website, or buy online using a bank or quasi-bank like Paypal, we unknowingly use automated encryption. These communications are scrambled on their way across the internet, but they begin and end language, and an appropriately authorised regulator that wants to know what information was exchanged can get their hands on it. This isn’t the kind of encryption that investigators need to worry about.


One option is a law requiring users of high strength encryption tools to be licensed, like gun owners need a licence. Before guffawing at such a thought, be aware that this is how Team America tried to deal with the issue internationally. The first mass market, effectively unbreakable text encryption tool was called PGP, standing for Pretty Good Privacy. The acronym was an in-joke. The developers knew how good their solution was, and gave it a name that was like calling Adam Gilchrist PGC, a Pretty Good Cricketer.

PGP wasn’t restricted within the USA itself. They have a constitutional right of free speech. But anyone involved in unlicensed export to other countries committed a criminal offence against, believe it or not, a law against unauthorised sale of munitions. That was thirty years ago, and the discussion we may now be about to have about drug runners, money launderers and terrorists will cross ground that was well traversed back then.

Why should we let people we don’t trust access technologies that facilitate conversations that might be against our interests and that we can’t intercept no matter how reasonable our suspicions and how high the stakes?

The problem with that approach in 2015 is that any solution that compromises the rights to free or private speech and the presumption of innocence, and criminalises or licenses existing freedoms, should ring every alarm and flash every red light a modern democracy has to ring and flash.

If drug runners, money launderers and their ilk are using encryption tools, by all means let’s deal with that in a targeted, measured way. But let’s also never forget the thanks the developer of PGP once received from a dissident behind the Iron Curtain, for serving freedom and saving lives.

Recommendation of Folder Encryption Software

Recently I downloaded a folder encryption software, Best Folder Encryptor.

Recommendation of Folder Encryption Software

Generally speaking, Best Folder Encryptor is quite good. Compared with other folder encryption software usually adopting common fast encryption method, Best Folder Encryptor is different and provides 5 kinds of encryption methods. The first two methods are quite common fast encryption method, and the following three methods are true data encryption.

After using fast encryption method of Best Folder Encryptor to encrypt a folder, I tried to using the methods I knew to break down it, but failed, which makes me very interested in Best Folder Encryptor.

I also experiment the other three methods. Obviously data encryption cannot be broken down.

The usage of Best Folder Encryptor is very simple: after downloading and installing, right-click a file you wanting to encrypt and select encryption, then enter password and choose encryption type in the pop-up encryption window.

In a word, Best Folder Encryptor owns high encryption strength and simple usage.

Official website: