Law of Encryption in India, U.S. and U.K.

Law relating to encryption deals with the legislation which ensures that information is safe and delivered confidentially. Many countries have different policies which are designed to keep encryption secure from the intruders or unauthorized persons. Government of every country develops tools to transform data via encryption technology to prevent modification and unauthorized access on any sensitive information. Issues regarding cryptography law fall into four basic categories: export control, import control, patent issues, and search and seizure. 

 ENCRYPTION LAWS IN INDIA:

India does not have any encryption policy nor is there specific legislation governing the use of encryption techniques to secure electronic communication. The basic legislation concerning electronic data and communication and its processing, the Information Technology Act, 2000 (IT Act) is also silent on the level and type of encryption that a person or organization can deploy to protect electronic communication and data.

Information Technology (Amendment) Act, 2008 provides for encryption under Section 84A, which says that “The Central Government may, for secure use of the electronic medium and for promotion of e-governance and e-commerce, prescribe the modes or methods for encryption.”

In addition to the ISP Guidelines and the ISP License Agreement, there are various industry-specific regulations already in place these are as follows:

• Department of Telecommunications
• Securities and Exchange Board of India Guidelines on Internet Based Trading and Services
• Reserve Bank of India Guidelines on Internet Banking
• The Information Technology (Certifying Authorities) Rules, 2000
• Data Security Council of India views

1.      Department of Telecommunications:

“Use up to 40-bit key length in the symmetric key algorithms or its equivalent in other algorithms without having to obtain permission from the DoT, but for use of any encryption equipment higher than this limit, the same can be done only with the prior approval of the DoT.”

2.      Securities and Exchange Board of India Guidelines on Internet Based Trading and Services:

The Securities and Exchange Board of India (SEBI) prescribes a 64-bit/128-bit encryption for standard network security and mandates the use of encryption technology for security, reliability and confidentiality of data. SEBI recommends use of secured socket layer security preferably with 128-bit encryption, for securities trading over a mobile phone or a wireless application platform.

3.      Reserve Bank of India Guidelines on Internet Banking:

The Reserve Bank of India recommended 128 bit encryption and public key infrastructure for secure internet banking in June 2001. Banks should use secured socket layer for securing the browser to server communication and make the password and other sensitive data in encrypted form.

4.      The Information Technology (Certifying Authorities) Rules, 2000:

In this rule it says that electronic communication systems used for the transmission of sensitive information, such as routers, switches, network devices and computers, must be equipped with suitable security software and, if necessary, with an encryption software. . The Rules also provide that stored passwords must be encrypted using ‘internationally proven encryption techniques’ to prevent unauthorized disclosure and modification. The standards use for encryption according to rule are PKCS#1 RSA, PKCS#5 or PKCS#7. The encryption algorithms provided by these rules are very strong and secure.

5.      Data Security Council of India views:

The DSCI in its recommendations of 13 July 2009 recommended adoption and implementation of an Encryption Policy and suggested that, Use of symmetric encryption for e-commerce applications, including SSL for end-to-end authentication, be allowed with encryption of up to and including 256 bits with AES algorithms, or equivalent algorithms.

ENCRYPTION LAWS IN U.S.:

Encryption is subject to the law in the United States for two reasons: public key cryptography is subject to several patents in the United States; and U.S. law currently classifies cryptography as munitions, and as such, regulates it with export control restrictions.

While these restrictions have hampered the widespread use of cryptography within the United States, they have done little to limit the use of cryptography abroad, one of the putative goals of the export control restrictions. 

ENCRYPTION LAWS IN U.K.:

In UK there is a law known as key disclosure law in this it every individual have to surrender his cryptographic key to law enforcement for the purpose to allow the access to the encrypted content for confiscation or digital forensics purpose and use it either as evidence in a court of law or to enforce national security interests.

Files that look encrypted, such as radio telescope noise, can land you in jail. If the UK police really want you jailed, they can demand you decrypt files hidden using Stenography inside your vacation photos. Can't do it? Off to jail. The UK now can send you to jail if you can't decrypt what they think is encrypted.