Enquiry Ordered on Encryption Policy Faux pas at Department of IT

The recent issue of a draft encryption policy caused acute embarrassment to the Government of India and had to be withdrawn almost instantly because of the immediate opposition it raised.  Commenting on its withdrawal we had suggested that an enquiry should be ordered on how such a shoddy policy document was released to the public and whether it was done to embarrass the Minister.

We now understand that an enquiry has indeed been ordered to identify the individual responsible for the release of the shoddy draft and to give him an “orientation” on how to communicate on such issues.

In the meantime, the report also quotes S.D.Saxena, former finance director of BSNL that the document was prepared by a team of officials and bureaucrat.

I suspect that this is an attempt to defuse the blame and protect a mole who could be a mischievous person wanting to discredit the present IT minister and probably even Mr Modi who was about to embark on his US trip. There is distinctly a reason to suspect Conspiracy by a team of officials owing loyalty elsewhere. This is what the enquiry needs to find out, namely the political orientation of the person who was responsible.

One reason why I suspect that everything is not normal in this case is the way the notifications are presented including the latest withdrawal note

The copies of these three notes are available  here.

  1. Encryption policy
  2. Clarification
  3. Withdrawal

All three notes are supposed to be official documents from the Government of India. But they have not been issued on a letter head or a typed mast-head in the name of the department. There is no signature in any of these notes. (Obviously there is no digital signature on the electronic copy as well”. If the policy was attributed to a “High level Expert Committee”, then the secretary of the committee or its chairman should have signed the document. The posting on the deity website and the presence of a contact email ID in the draft policy are the only indications that this is an official communication.

This is not the way we know the Government functions. The policy must have been drafted and forwarded to the IT Secretary who should have approved it. At least a Director of the department ought to have owned up the note and signed. The clarification and the withdrawal note appear to be simply photocopy of a chit of paper on which some typewritten notes are scribbled.

The fact that unsigned documents are being released on official websites itself is highly objectionable. Tomorrow any hacker can post such documents on the Government websites and further embarrass the Government.

Hence the responsibility should be fixed in the department not only for the content of the note but also on the manner in which a global communication was released through an unauthenticated letter.

I wish that the issue should not be closed just by finding a scapegoat at a lower level bureaucrat but identify the real mole who could be behind a conspiracy and who may not after all be a junior scientist.

The enquiry should therefore be conducted by a trusted team of appropriate officials from outside the DeitY and cover the entire department.

Naavi

 

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.