Private keys need to be revealed to the govt! - New Indian Encryption policy

[skang]

The Dept of Electronics & IT has issued a draft policy doc on encryption calling for inputs by Oct 16.

http://deity.gov.in/sites/upload_files/dit/files/draft%20Encryption%20Policyv1.pdf

"On demand, the user shall reproduce the same Plain text and encrypted text pairs using the  software / hardware used to produce the encrypted text from the  given  plain  text. All information shall be stored by the concerned B /  C entity for 90 days from the date of transaction and made available to Law Enforcement Agencies as and when demanded in line with the provisions of the laws of the country."

"Algorithms and key sizes for Encryption as notified under the provisions in this Policy only will be used by all categories of users."

- This could directly mean bitcoin becoming illegal since it's encryption is not registered and prescribed by Indian govt.
- You would become obligated by law to reveal your private keys. You become a criminal if you don't.

We need to speak up against this.
At the very least, let the govt know your opinion my mailing them on the address given in the document.

[1713575737]

1713575737

[1713575737]

1713575737

[aakashsangwan]

The Dept of Electronics & IT has issued a draft policy doc on encryption calling for inputs by Oct 16.

http://deity.gov.in/sites/upload_files/dit/files/draft%20Encryption%20Policyv1.pdf

"On demand, the user shall reproduce the same Plain text and encrypted text pairs using the  software / hardware used to produce the encrypted text from the  given  plain  text. All information shall be stored by the concerned B /  C entity for 90 days from the date of transaction and made available to Law Enforcement Agencies as and when demanded in line with the provisions of the laws of the country."

"Algorithms and key sizes for Encryption as notified under the provisions in this Policy only will be used by all categories of users."

- This could directly mean bitcoin becoming illegal since it's encryption is not registered and prescribed by Indian govt.
- You would become obligated by law to reveal your private keys. You become a criminal if you don't.

We need to speak up against this.
At the very least, let the govt know your opinion my mailing them on the address given in the document.

If the Government starts to take like this steps to stop growing Bitcoins in India, then its a very bad sign for bitcoin development in india.

This will force the Peoples who are trying to go for bitcoins as their payment for business.

[Paradigm_Shift]

The Dept of Electronics & IT has issued a draft policy doc on encryption calling for inputs by Oct 16.

http://deity.gov.in/sites/upload_files/dit/files/draft%20Encryption%20Policyv1.pdf

"On demand, the user shall reproduce the same Plain text and encrypted text pairs using the  software / hardware used to produce the encrypted text from the  given  plain  text. All information shall be stored by the concerned B /  C entity for 90 days from the date of transaction and made available to Law Enforcement Agencies as and when demanded in line with the provisions of the laws of the country."

"Algorithms and key sizes for Encryption as notified under the provisions in this Policy only will be used by all categories of users."

- This could directly mean bitcoin becoming illegal since it's encryption is not registered and prescribed by Indian govt.
- You would become obligated by law to reveal your private keys. You become a criminal if you don't.

We need to speak up against this.
At the very least, let the govt know your opinion my mailing them on the address given in the document.

If the Government starts to take like this steps to stop growing Bitcoins in India, then its a very bad sign for bitcoin development in india.

This will force the Peoples who are trying to go for bitcoins as their payment for business.

Granted the stance of the government is not one that serves towards the best interest of individuals and their rights, this move from the government will have zero impact on the possibilities of businesses accepting Bitcoin as a payment. On the contrary, I believe this serves towards the best interest of both the government and corporations. Think about the number of businesses that keep two books of accounts - one for personal record keeping, and the other for mandatory disclosures with necessary "adjustments" made for officials to look at. Imagine, all these records were actually on the block-chain and stake-holders and shareholders alike could verify the flow of money. I believe that would work towards the vision Satoshi Nakamoto had for currency. Corporations and individuals alike tend to engage in "funny business" when they know they are beyond the 'eyes" of people. Bitcoin made it possible for transactions to be verified by just about anyone and businesses should embrace the same and be more transparent about how it handles its money.

I run a start-up with 200,000 users and we have all our finances open to all our team members, verifiable on the blockchain. Everything from payment of salary to payment for hosting or other ancillary requirements happen on the blockchain. This makes accounting a lot more easier for those within the team.

Also, these encryption laws have lasted for long. Its just that it has been bought to the limelight off late.

[Amitabh S]

The Dept of Electronics & IT has issued a draft policy doc on encryption calling for inputs by Oct 16.

http://deity.gov.in/sites/upload_files/dit/files/draft%20Encryption%20Policyv1.pdf

"On demand, the user shall reproduce the same Plain text and encrypted text pairs using the  software / hardware used to produce the encrypted text from the  given  plain  text. All information shall be stored by the concerned B /  C entity for 90 days from the date of transaction and made available to Law Enforcement Agencies as and when demanded in line with the provisions of the laws of the country."

"Algorithms and key sizes for Encryption as notified under the provisions in this Policy only will be used by all categories of users."

- This could directly mean bitcoin becoming illegal since it's encryption is not registered and prescribed by Indian govt.
- You would become obligated by law to reveal your private keys. You become a criminal if you don't.

We need to speak up against this.
At the very least, let the govt know your opinion my mailing them on the address given in the document.

Fixed this. Bitcoin is NOT encryption. You *cannot* use ECDSA (a variant of DSA) for encryption. I believe this was intentional design decision of NIST (who invented DSA) to not give the ability to encrypt. Thus as far as I know these rules do not apply to Bitcoin. They cannot "force you to sign" something as there is no hidden information to be revealed from the signatures.

http://crypto.stackexchange.com/questions/2585/why-dsa-cannot-be-used-for-encryption

[skang]

Bitcoin is NOT encryption. You *cannot* use ECDSA (a variant of DSA) for encryption. I believe this was intentional design decision of NIST (who invented DSA) to not give the ability to encrypt. Thus as far as I know these rules do not apply to Bitcoin. They cannot "force you to sign" something as there is no hidden information to be revealed from the signatures.

http://crypto.stackexchange.com/questions/2585/why-dsa-cannot-be-used-for-encryption

Section IV.2 of the document, includes "Digital Signature and hashing" as well.

I agree with you that "encryption" in bitcoin is not being used to "secure any information" but only for "authentication".
The preamble section, includes authentication as well.


(As a sidenote, well, I have read in my curriculum that DSA supports encryption using El Gamal. (I'll try to link the book))

[Benson Samuel]

Ufff, that is one very broadly worded Document!

[Amitabh S]

Bitcoin is NOT encryption. You *cannot* use ECDSA (a variant of DSA) for encryption. I believe this was intentional design decision of NIST (who invented DSA) to not give the ability to encrypt. Thus as far as I know these rules do not apply to Bitcoin. They cannot "force you to sign" something as there is no hidden information to be revealed from the signatures.

http://crypto.stackexchange.com/questions/2585/why-dsa-cannot-be-used-for-encryption

Section IV.2 of the document, includes "Digital Signature and hashing" as well.

I agree with you that "encryption" in bitcoin is not being used to "secure any information" but only for "authentication".
The preamble section, includes authentication as well.


(As a sidenote, well, I have read in my curriculum that DSA supports encryption using El Gamal. (I'll try to link the book))

Yes they do mention digital signatures (just saw the doc). The three groups are G (Govt), B (Organizations) and C (persons)
They do have one sentence mentioning that the algorithms for digital signatures for G2B and G2C communication will be notified from time to time.

Though I would assume in case of digital sigs, since there is no secrecy involved, the mandate would be to use "sufficiently strong keys" (i.e. to enhance security rather than reveal keys).

Looking forward to the reference about El Gamal and DSA.

[tech_solutions]

The Dept of Electronics & IT has issued a draft policy doc on encryption calling for inputs by Oct 16.

http://deity.gov.in/sites/upload_files/dit/files/draft%20Encryption%20Policyv1.pdf

"On demand, the user shall reproduce the same Plain text and encrypted text pairs using the  software / hardware used to produce the encrypted text from the  given  plain  text. All information shall be stored by the concerned B /  C entity for 90 days from the date of transaction and made available to Law Enforcement Agencies as and when demanded in line with the provisions of the laws of the country."

"Algorithms and key sizes for Encryption as notified under the provisions in this Policy only will be used by all categories of users."

- This could directly mean bitcoin becoming illegal since it's encryption is not registered and prescribed by Indian govt.
- You would become obligated by law to reveal your private keys. You become a criminal if you don't.

We need to speak up against this.
At the very least, let the govt know your opinion my mailing them on the address given in the document.

Fixed this. Bitcoin is NOT encryption. You *cannot* use ECDSA (a variant of DSA) for encryption. I believe this was intentional design decision of NIST (who invented DSA) to not give the ability to encrypt. Thus as far as I know these rules do not apply to Bitcoin. They cannot "force you to sign" something as there is no hidden information to be revealed from the signatures.

http://crypto.stackexchange.com/questions/2585/why-dsa-cannot-be-used-for-encryption

I totally agree with you, when the transactions are openly viewed in exchanges then why do need the private keys to be revealed like if you have bank account the you have to show the transaction but not that you give you account number and password to them to access anything and do anything.

[polynesia]

This seems to have made it to the mainstream media.
You could soon have public opinion building up (a la net neutrality debate)

[aakashsangwan]

This seems to have made it to the mainstream media.
You could soon have public opinion building up (a la net neutrality debate)

WOW  it is nice to hear that it had made it to the mainstream Media. by keeping it in public opinion building we can know that how many peoples are their who knows about bitcoin and are aware of the day to day bitcoins news and are ready to take bitcoin in their daily routine business.

[buysellbitcoin]

This seems to have made it to the mainstream media.
You could soon have public opinion building up (a la net neutrality debate)

And mainstream media knows how to make hoopla about it. How they present ?

Government will read your whatspp message now. You will need to store your whatsapp, google hangout messages in text file for 90 days. You will need to upgrade your phone storage to store these much data in plain text. Givernment want to read what you are sending to your girlfriend/boyfirend.

Thats too much fun. I hope it goes to general public and courts take cognizance about it.

Regards

[buysellbitcoin]

And due to backlash in MSM and social media, its withdrawn now.

Regards

[BitCoinDream]

And due to backlash in MSM and social media, its withdrawn now.

Regards

Seems it is temporarily winthdrawn, but not totally gone. We need to be vigilant...

I have written for that draft to be withdrawn, made changes to and then re-released: RS Prasad : ANI

https://twitter.com/firstpost/status/646221371932962816

[thenoblebot]

This Govt is a joke. Ravi Shankar Prasad should have atleast known what was in the draft, it makes him look so silly. Reminds me of Modi ji tying to snoop during snoopgate.

[polynesia]

This Govt is a joke. Ravi Shankar Prasad should have atleast known what was in the draft, it makes him look so silly. Reminds me of Modi ji tying to snoop during snoopgate.

In this aspect, at least the government is receptive to criticism.
That is a positive. 

[thenoblebot]

In this aspect, at least the government is receptive to criticism.
That is a positive. 

Yep sure. After fudging up on Net Neutrality, tying to impose bans on everything under the sun and now trying to come up with such a draft on encryption policy it obviously had to back down and take a u-turn after mounting public pressure and criticism on social media. The positive here is democracy where people can criticize the Govt rather than this particular Govt which doesn't even care to do its homework before releasing documents and when caught on the wrong foot - feigns ignorance about it !! Its hilarious to be honest 

[chronicsky]

what kind of joke is that?

why would someone reveal their private keys?

[aakashsangwan]

The Government will have access to all encrypted information, including personal emails, messages or even data stored on a private business server, according to the draft of a new encryption policy. The Draft National Encryption Policy wants users to store all encrypted communication for at least 90 days and make it available to security agencies, if required, in text form. It also wants everyone to hand over their encryption keys to the government.

As the issue started snowballing on social media, DeitY issued an addendum to the draft policy exempting “mass use encryption products, which are currently being used in web applications, social media sites, and social media applications such as Whatsapp, Facebook, Twitter etc”. It also exempted SSL/TLS encryption products used in Internet-banking and payment gateways as well as SSL/TLS encryption products being used for e-commerce and password based transactions.

According to Duggal, the policy presumes that everyone will fall in line, while the technology providers, most of whom are based outside India, will not conform to these rules. “In fact, the policy will be counter productive and only discourage people from using encryption,” he said, adding that the draft was also in contrast to the objectives of the IT Act under which it has been framed.

so as per the information from this news it is still not clear what it will take turn of this policy.

[tnrmedia]

Presently the site/page is not working.  But if we reveal Private Key/s of our wallet/s to third party, that means we put money in our wallet/s in to those pockets. So, No one can ready to do this.

[BTCIndia]

I don't mind. I share with you, my super private key--5KUeC76yinZPRUnrxe6C3aBZCJAKcSqCV5VcDg1UbikTcXbSaNZ

Have fun!