Recommendations for

Encryption Policy
u/s 84A of the IT (Amendment) Act, 2008

Prepared by:
DSCI/NASSCOM
With inputs from the industry

Submitted to
Department of Information Technology
Ministry of Communications & Information Technology

1
 Data Security Council of India

Recommendations for Encryption Policy Regulation u/s 84A of the

Information Technology (Amendment) Act, 2008

FOREWORD

The Information Technology (Amendment) Act, 2008 was notified in the Gazette on
February 5, 2009 after it received presidential assent. The Department of Information
Technology, Ministry of Communications and Information Technology sought views of
DSCI and NASSCOM, and other associations on encryption policy u/s 84A, in a
meeting held on March under the chairmanship of Prof N. Balakrishnan.

DSCI convened a meeting of all associations, at their request, on the April to deliberate
on the issues involved. It was attended by 24 participants from most of the associations.
DSCI prepared a Consultation Paper on the subject and circulated it to all of them on
the April. Some of them came back with their comments on the same. DSCI circulated
it to all NASSCOM members, to DSCI Chapters/E-Security Forums, and to its Steering
Committee. A number of responses from the industry were received. These have been
analyzed, and DSCI, has prepared the following recommendations on behalf of DSCI
and NASSCOM for submission to the government.

Kamlesh Bajaj

CEO, DSCI

July 13, 2009

2
 Data Security Council of India

“Recommendations for Encryption Policy”

In developing these comments and recommendations, DSCI shares the government’s concern on the
need for security and the importance of encryption. In reviewing the concerns raised by the
government, we understand the imperatives and investigatory needs of law enforcement. Our
responsive comments are provided in two sections;
• The first section is a review of government proposals and approaches which highlight some of
the issues and concerns that those approaches may create;
• The second section sets out DSCI’s recommendations for an encryption proposal.

Section I – Discussion of scenarios raised by the government

Information Technology (Amendment) Act, 2008 provides for encryption under Section 84A, which reads
as follows:

“84A. The Central Government may, for secure use of the electronic medium and for promotion
of e-governance and e-commerce, prescribed the modes or methods for encryption.”

2. DIT has set up a committee for formulating the Encryption Policy under Section of the amended IT
Act. It has initiated consultation process with the industry. The committee held its first meeting with
the Industry Associations that included NASSCOM and DSCI; CII, FICCI and ACTO, AUSPI on the March,
2009. While the industry put forward the need for enhancing encryption from the presently allowed
limit of 40-bits to 128/256 bits, the committee expressed the need for Law Enforcement agencies (LEA)
of the Government to have access to unencrypted data, i.e. plain text information. The committee
requested the associations to deliberate on the Government requirement in view of the increasing
terrorist threats to the nation, and make appropriate recommendations to the Government.

3. The industry associations, in an informal meeting decided that DSCI/NASSCOM should take a lead in
formulating unified views of all the industry associations. A meeting of all the industry associations was
organized on April , 2009 by DSCI in its office. Twenty four participants from CII, FICCI, ACTO and
DSCI/NASSCOM and from a number of interested companies, who are members of these associations,
attended the meeting. The associations were unanimous in expressing that globalization and the needs
of economic growth require encryption which should be in line with the needs of various applications
and the way these are being implemented in the United States, the UK, Europe and other countries of
the world. The imperatives of globalization, with companies operating in most parts of the globe dictate
that the same level of encryption should be used in the applications irrespective of the country that a
user or corporate connects from. But it was also clear during the discussion that LEA in these countries
also has stringent requirements for access to plain text data and that they must have ways and means of
getting access to the encrypted data in times of need, and/or for sanctioned surveillance. In order to
assure the protection of individual and civil liberties many of these countries have developed processes
and requirements which control government access to personal, non-public information, India as a

3
nation, should have appropriate policies that both help the economic growth, while at the same time
enabling LEA to access data much the same way it happens in the developed world. All the industry
associations were willing to find a workable solution for helping the Government in tracking down the
terrorists and other bad actors.
4. The group discussed the various scenarios that may make use of encryption in e-commerce
applications and where the LEA may need to have access to unencrypted data. It emerged during the
discussions that the use of encryption for e-commerce applications in these scenarios implies that one is
talking about users/employees of the corporates, their trading partners, collaborators, service providers
etc. Citizens at large have access to encryption tools, and who may use encryption in their
communications with one another, will be out of the purview of the scenarios outlined in this paper.
Encryption policy based on such scenarios will thus exclude citizens at large – thus a very large segment
of population will continue to use freely available encryption tools. The government will of course
manage or direct the management of encryption in e-government systems so access to unencrypted
information and documents in those systems is of less concern. There are, however, business-to-
business e-commerce systems where regulation not narrowly tailored to achieve the desired objective,
regulation not in keeping with global approaches or regulation that dissuades or unnecessarily impedes
businesses from deploying effective encryption, may serve to impair the security of private sector
organizations operating in India or otherwise impair the global competitiveness of Indian industry or
attractiveness of India as a processing location.

5. The scenarios that require use of encryption in e-commerce applications, that may be covered by an
Encryption Policy under Section 84A, broadly fall in two categories namely, Data at Rest, and Data in
Transit. Various scenarios in these two categories are as follows:

(i) Data at Rest: Corporate data stored in data servers, end points that include Desktops, Laptops,
Personal Digital Assistants (PDAs), Mobile Phones with e-mail, USB Drives, Backup tapes and
other media- all of these contain corporate data that can be encrypted if required by data
protection considerations. It should be noted, however, that mobile devices are not always
capable of encrypting data at rest due to functionality limitations of the equipment these may
use other mechanisms to protect stored data such as passwords to unlock a device. In fact,
more and more clients are demanding that their Data at Rest be protected through some
mechanism from password to encryption. Encryption is often used to encrypt this data with PKI
being used for digitally signing the content that is stored in order to vouch for confidentiality
and integrity of data, as also for non-repudiation. At times people use signing keys for
encryption, thus asymmetric crypto can also be used for encryption Which increases the
potential negative consequences and risks of any failures or abuses should governments access
those keys. In any case, one is talking of a large number of keys when encryption is
implemented, on such a massive scale, in an organization. While the corporate data servers
may have encryption keys that may be easy to manage as part of data centre operations,
encryption keys for the end points that may run into hundreds of thousands poses a major
challenge. It is observed that centralized encryption platforms are very expensive and require
skilled resources; majority of companies will find it difficult to implement.

(ii) Data in Transit: Corporates are communicating with their clients, trading partners, collaborators
and their service providers which typically include exchange of document including RFPs,
proposals, commercial quotes, deliverables, operational e-mails and other types of sensitive
4
 data among designated individuals. Encryption is often employed to protect these types of Data
in Transit, although there may be scenarios where the underlying document may be encrypted
but the communication may not require encryption. This again requires use of symmetric
encryption with PKI, PGP, S/MIME use for authentication. Since a very large number of persons
may be involved - potentially all employees of a company - key management would be a major
challenge from the view point of having a key escrow or key recovery process in the
organization, with a view to have the processes in place, for making plain text available to LEA .
It is observed that centralized encryption platforms are very expensive and require skilled
resources; majority of companies will find it difficult to implement.

Even more complex may be the management of keys for SSL / TLS sessions. Those keys are
generated randomly and only used for a particular session – for a variable period of time (for
example the length of a e-commerce purchase on a website) Managing keys for this use
scenario quickly grows exceedingly complex, and in fact may be entirely useless when the data
at either end of the encrypted SSL / TLS reverts back to the original plain text otherwise the
customer would not be able to see the web catalog, or the vendor would be unable to process
their payment for lack of account information. Put simply, there may be more efficient ways to
obtain the clear text than trying to decrypt the data in transit.

(iii) Encrypted Messaging Services: Corporates, as a part of collaboration strategy or enhancing

enterprise mobility, are implementing mobile messaging solutions. Some of them also advocate
use of peer-to-peer (P2P) communication tool. This kind of solution is either deployed at the
organization, or it avails of the service from a service provider. A well-known service Blackberry,
which offers end-to-end encryption, requires deployment of the Blackberry Enterprise Server.
The master key is exchanged between the server and Blackberry end device. These P2P
communication services, which are also used by organizations, offer encrypted communication.
While making an arrangement of providing plain-text information to LEA, the technical
feasibility of interception of this kind of communication could pose a challenge because of use
of proprietary encryption or non-escrowed encryption mechanism.

Corporate that is offering, or availing of mobile messaging, or peer-to-peer communication

services, or any such services that facilitate collaboration, and that service sends encrypted
messages, may have to make available the plain text information to LEA. Again, the fact that
the transmission is encrypted may be tolerated because the data at either end of the
transmission could be made available in clear text. The blackberry message exists at the server
as well as on the client device, and it may be more effective for LEA to compel disclosure of the
plain text at the endpoints.

6. E-Commerce applications: There is yet another class of applications in e-commerce, which is

mediated by an application server or web server such as travel booking, Internet banking, bill payments
etc. More and more transactions make use of https for secure transmission. The user can connect to
such servers through secure communications channels known as SSL. The transaction is encrypted so
that the sensitive data being transacted cannot be accessed by anyone. In fact, the principle of
encryption involves generation of multiple encryption keys between the server and the end user during
5
a single session. The session keys are generated dynamically, and after use in that session these get
destroyed. Making the session keys available to the LEA, in real-time, for monitoring purposes may be
extremely difficult, although technically there are other solutions for interception . However, digital
signature certificates that are unique to the server and the user can be used to authenticate a server
and the users. But mandating the use of digital signature certificates has its own problems in a practical
environment though with this it would be possible to authenticate a user even after the transaction is
over. Moreover, mandating Digital Certificates for SSL ECom transactions will threaten Indian ECom
companies. Foreign customers will just use ECom companies in other countries. Indian customers will
use foreign ECom companies for purchases that do not require physical delivery of goods. For
purchasing physical goods, Indian customers will just use phone shopping (like the pizza home
delivery) or visit the nearby store. One would not really want to have a Digital Certificate to buy ,say a
mobile phone and shaving cream.

While requiring decryption of information under limited circumstances will always be required, in
general where it is possible to provide decrypted information it should suffice for LEA.

7. Monitoring at the gateways in real-time: All mails, documents, and transactions must take place
pass through Internet/communication gateways of the country. If these are to be monitored, which we
believe must be for specific persons, for specified time durations, through a court order or a due process
that is transparent, then LEA may need access to keys for decrypting the communications in real-time.
This is on the assumption that keys are static ; but if a company uses continually variable keys (e.g.
quantum crypto systems), or changes keys frequently, updating key registries and version control will be
problematic and may be exceedingly expensive for all parties involved given that alternative
mechanisms may deliver better results at a lower cost. Key management will pose a major challenge for
the LEA to securely store, use and destroy the keys on such a large scale. Can it be done safely without
compromising the privacy of users and citizens? Key escrow and key recovery procedures, as per
experience of some countries, have not proved to be effective and useful. However, the LEA has to
shoulder a much greater responsibility, since if their systems are compromised because of hacking
and/or internal sabotage, they will expose the privacy of nearly the entire corporate world thereby
compromising their business interests and their competitiveness, as also the economic well being of the
country. Whether this is done at national gateways, or at ISP level to distribute the risk, it is fraught
with high risk. The associations strongly feel that monitoring , with key recovery centralized with LEA,
will create more problems, rather than leading to desired results of surveillance. This was the lesson
learned in the US with the clipper chip debates of the mid-to-late 90s. The US and the EU rely on court
orders that require data preservation or data retention and the requirement to provide decrypted
copies rather than an attempt to access the messages directly through the forced deposit of keys.

Providing plain text data to LEA without resorting to key recovery is the right approach.

Secure transmission over SSL through protocols like https can be intercepted using standard open ICAP
protocol – man in the middle. This requires installing a proxy server at the ISP gateway that will
intercept communication from a specified company using ICAP, and send the unencrypted data to a
specified server co-located with the gateway. There are several servers like Bluecoat, Squid and Ironport
which have ICAP capability (also known as SSL-bouncing). But then there technical solutions to bypass
this kind of monitoring too. Hence, it is not recommended that this solution be considered by LEA for
real-time monitoring.
6
It is difficult to visualize the need for LEA to intercept all traffic from a company in real time! It is
presumed that such a step, if absolutely essential, will be resorted to with due process, for specific IP
addresses only.

Section II DSCI Recommendations

Recommendations for Encryption Policy: Following the April meeting, DSCI circulated a summary
record of discussions on the April, along with a set of recommendations, to all the 24 participants.
Comments and inputs were received from Wipro, TCS, Verizon, Airtel, ACTO and some others. US IBC
was also consulted on this.

DSCI and NASSCOM, based on the scenarios listed above, make the following submission to the
government for formulating the encryption policy for e-commerce under Section 84A:

Encryption policy requires consideration of various technical issues, national security issues, business
privacy, and international competitive pressures for the growth of e-commerce and e-governance
applications. Continued economic growth of Indian industries and business in an increasingly global
economy require availability of cryptography to all legitimate users that include employees and business
associates of the corporate sector. The following recommendations are made for inclusion in the policy
that may be framed by the government:

(i) That careful consideration be paid to the impact and effectiveness of any proposed regulations.
The same companies that will comply with registration and/or deposit requirements are also
likely to comply with requirements to provide information in unencrypted form. Thus, will
requirements only burden law-abiding companies while not impacting those bad actors that are
the objective of the law? Furthermore, with plain text disclosure mandated, the bit-length of
algorithms is less relevant, as is the registration of products.
(ii) That dialogue be engaged on the type of due process requirements that companies must meet
in other countries. In this way processes for access to information in India may be informed by
the types of process a foreign company must be able to provide to other authorities should the
request need to be enforced outside of India. Definition of process, and its predictable
application, further establishes the credibility of the relevant system and India’s global
competitiveness. Those processes may also be beneficial in helping Indian intelligence and law
enforcement agencies structure investigatory cooperation agreements with similar entities in
other jurisdictions.

With these caveats in mind, we propose the following recommendations:

(iii) Use of symmetric encryption for e-commerce applications, including SSL for end-to-end
authentication, is allowed with encryption of up to and including 256 bits with AES algorithms,
or equivalent algorithms.

7
(iv) LEA may be provided with plain text of encrypted communications that it wants to monitor,
within a reasonable time of request being made, only after a due process has been followed,
that is transparent and subject to oversight. There is no question that the government will have
legitimate reasons based in national security and law enforcement to require companies to
provide access to information in decrypted form. That being said, to maintain the international
credibility of doing business in India such requests must be made pursuant to established
processes with required element of proof, appropriate documentation and authority for the
request and subject to appropriate oversight and redress. There must also be a recognition that
the requirements can only apply to the extent that the data custodian undertook or sanctioned
the encryption. There may be some hosted systems where the data owner does not have the
decryption key. Key escrow or key recovery should not be asked for, as far as possible. Real-time
monitoring request should be based on even more stringent process that combines oversight.
Requirements of transparency relate to the process in general and are not meant to
compromise sensitive information related to investigations or investigatory methods.
(v) Plain Text Disclosures. Subject to the conditions detailed in para 5, corporates may cooperate
with the government and LEA by providing plain text information, within three business days of
a request being made. This will include making available information from both Data at Rest as
well as Data in Transit. Where possible, companies will expedite such disclosures where LEA
indicates greater urgency in the request.

For encrypted messaging services, companies that are offering, or availing of mobile messaging
or peer-to-peer communication services, or any such services that facilitate collaboration, and
that service sends encrypted messages, may be asked to make available the plain text
information, wherever possible, although better option for LEA would be to ask for plain text
from the end user. Government has already rightly decided to allow Blackberry services; and
this should continue in order to help organizations secure their business transactions.

(vi) No registration of encryption products. If a registration system, however, is to be considered,

its purpose and the requirements should be defined in consultation with the private sector
and registrations should only require companies to provide publicly available product and
technology details, use scenarios and any algorithm use data. . Although the government
may consider registration of encryption products for use in the country, the concept of required
registration may pose problems. If an organization uses a global encryption solution, and that
solution is not registered in India because the company providing the solution has no other
clients in India, what is the incentive for registration? There would be a penalty on the company
using the encryption. Furthermore what is inherent in the certification/registration
requirement? Is it more than information that the company makes public about its products?
Does it require a costly lab certification? Such registration can raise concerns, similar to what
happened in some other countries that have applied disclosure or registration regimes, that
these government requests for information are part of a business intelligence gathering process.
However, algorithms certified by NIST, that have been widely tested and accepted for safe
usage of encryption, may be taken up for approval by the Government of India agency. Though
use of proprietary secret encryption algorithms is not recommended by many security
professionals, several companies like Skype consider that their secret algorithms are a major
factor for their success. Moreover, permitting only approved algorithms will have a negative
8
 impact on research on encryption algorithms in India. Lack of a professional body like NIST in
India that can be trusted and looked upon as an industry thought leader is also a point that
should be kept in view.

Moreover, Opensource encryption products related to OpenSSH (including libssl), which are
very popular, may not register with the government. They will have no reason to do so. Besides,
it will not be feasible to request every release of opensource encryption tools to register with
the Indian government. OpenSSL are industry thought leaders (they are not a commercial
company), and what if they don’t register within the deadline?

(vii) Difficulties of Implementation. It is important for the government to note that corporates
providing services to their clients abroad have signed what is known as Master Service
Agreements (MSAs). Even providing of plain text information to LEA will have a bearing on MSAs
signed with customers and partners; this will require at the very least, rearticulating of
requirements with customers and partners. Moreover, standardization of encryption products,
if considered, will involve review of all existing technology deployed for encryption, and may
require changes based on registration of companies with the Government of India. Change in
existing technology/devices would attract capital investment, and a long lead time to
implement. Moreover, any major rearchitecure approach will not be acceptable to customers
and customer-hosting information in India will likely resist the context of providing plain text
information to the Indian Government based on extraterritorial reach. It is also observed that
centralized encryption platforms are very expensive and require skilled resources; majority of
companies will find it difficult to implement.

(viii) Proprietary Encryption. Some software like Skype use proprietary encryption which will
not be disclosed. Several outsourcing companies use such software for communication. How will
the government verify and approve proprietary algorithms? Instead of mandating approved
algorithms, it should ‘recommend’ their use. This 'recommendation' of algorithms does not
affect the security posture since the amendment requires that companies must provide plain
text information when requested by LEA.

(ix) Education and Training. Corporates shall educate their employees on implications of Encryption
Policy and will ensure that their policies only permit their employees to use encryption
technology approved by the company and that the use of non-approved products will be a
violation of policy that may be a violation of local law.

(x) Exceptional Circumstances, Needed Safeguards. We believe that in the vast majority of cases
involving legitimate companies, LEA should be satisfied with having access to plain text
information. However, in exceptional case that an encryption key has to be made available to
the LEA validated by a higher level of due process, appropriate safeguards are necessary for
protecting the employer company against any possible damages and lawsuit by the employee
under investigation, in case of possible misuse of his keys by involved agencies. These
safeguards include not only heightened oversight and accountability of the agency, but the need
9
 to provide for verified destruction or return of the key as soon as possible. Since companies that
would comply with registration and deposit requirements are also the companies that would
comply with legal requests for information, there must be an individualized basis for the
provision of decrypting mechanisms that can demonstrate that the provision of plain text is not
sufficient. There may be requirements of attestation as to the process and chain of title related
to decryption or if needed for judicial proof, decryption in the presence of appropriate law
enforcement personnel. All reasonable efforts should be undertaken to protect both the
privacy of individuals and the confidentiality of information in these disclosure processes.

(xi) Employee Privacy: Employers will safeguard the privacy of their employees as far as possible,
even though they may get their employees to sign appropriate documents at the time of joining
to this effect.

(xii) ISPs: Internet Service Providers (ISPs) and some hosted services providers act as mere conduits
or stores of their customers’ data which may be encrypted. They do not have access to
encryption keys or plain text, and hence ISPs should not be responsible for decrypting data, or
for providing any help to LEA in this regard.

Epilogue:

1. It is the belief of DSCI and NASSCOM that those companies that would comply with the
requirements would also comply with any reasonable due process based requirements for
disclosure of data in plain text. In the US, pursuant to the Omnibus Crime Control and Safe
Streets Act of 1968 requires the Administrative office of the United States Courts (AO) the
number and nature of orders authorizing or approving the interception of wire, oral, or
electronic communication. Among the information elements that need to be included (Public
Law 106-197 amended 18 U.S.C. 2519(2)(b)) are the number of wiretaps where encryption was
encountered and whether such encryption prevented access to plain text by law enforcement.
These reports are required to be filed annually, and a review of even the most recent filings of
these reports is that encryption is not often found and where found only resulting in a problem
in a few instances. This information further supports the conclusion that among law abiding
entities; encryption does not pose a significant hurdle to compliance. This also vindicates the US
resolution to the key escrow debate of 10 years ago that it enhances security to enable the use
of encryption. This is in contrast to the idea that strong control of encryption by governments is
the best path. The concern, which we believe to be borne out, is that controls on encryption
would actually limit or inhibit the use of encryption, which results in a less secure commercial
infrastructure and a greater risk to security. The encryption policy may also impact the
competitiveness and desirability of doing business in India. Concerns over controls and lack of
dues process that rely on over-burdensome or overbroad methods of access could serve as such
a disincentive to doing or expanding business in India. This holds true for both providers of
information services and the custodians of information who consider processing and other
operations in India. Again we believe that reliance on requirements of disclosure in plain text
for compelling public policy reasons subject to appropriate due process requirements will
10
 provide equally effective access for law enforcement while limiting any possible negative
competitive impacts or counterproductive inhibitions that might be created by legislative
constraints.

2. The downside is that foreign companies are likely to restrict outsourcing to India if plain text is
asked for by LEA without due process and/or court orders, since they may not be able to
guarantee the security of their trade secrets. Threats of competitors bribing (India still has a high
corruption index) LEA or others to obtain clear text sensitive data from Indian outsourcing
companies will be perceived to be real. Very good information can be obtained in such ways
without causing too much visibility and suspicion: For example confiscate a Program Manager's
laptop of an outsourcing firm that develops software for a large aviation company. Obtain
encryption keys from him for decrypting the laptop hard disk, and see all project files. How
much will the aviation competitor pay for that data? How much is that data worth in the
hands of rogue nations? terrorist organizations?
The requirement that plain text must be provided within 72 hours of LEA request, and the
absence of a judicial order or a warrant to procure that data multiplies the risk even further.
3. As noted above, the use of encryption for e-commerce applications in the scenarios presented
above implies that only users/employees of the corporates, their trading partners, collaborators,
service providers etc. are under scrutiny. Citizens at large have access to encryption tools, and
they may use encryption in their communications with one another – they will be out of the
purview of the scenarios outlined in this paper. Encryption policy based on such scenarios will
exclude citizens at large – thus a very large segment of population will continue to use freely
available encryption tools. And it is this segment, which is much larger than the corporate users,
that perhaps requires heightened surveillance.

11