The present world of information technology cannot be visualised without the element and use of encryption and encryption related services. Still India has been able to achieve this task though this is no achievement. This is a regressive policy that has found favour with Indian government for reasons best known to it.
Almost two years back the Standing Committee on Information Technology pulled Department of Telecommunication (DOT) over encryption issues. Further absence of strong and robust privacy and data protection laws is another case of concern. All these deliberate or unintentional lacunas are pointing towards e-surveillance oriented approach of Indian government that also without any e-surveillance policy of India (PDF).
There are many techno legal encryption related regulatory compliances in India that various websites and their owners must comply with. However, different levels and different standards of encryption have really created confusion among various stakeholders. For instance, cloud computing, m-health, e-commerce, e-mail service providers, online payment service providers, mobile payment, online pharmacies, etc have different sets of regulatory requirements regarding encryption usage in India.
Indian government, especially the security agencies, is stressing that Internet telephony and VOIP service providers must establish servers in India. The Ministry of Home Affairs, India and Intelligence Bureau (IB) are already exploring this possibility. We at Perry4Law believe that all Subsidiary/Joint Ventures Companies in India, especially those dealing in Information Technology and Online Environment, must mandatorily establish a server in India. Otherwise, such Companies and their Websites should not be allowed to operate in India.
The encryption laws and regulations in India need clarity. Legal risks for websites development companies in India would also increase due to improper use of encryption for such websites. Payment gateway and POS terminal service providers would also required compliance with encryption related compliances, including cyber law due diligence compliances (PDF). The proposed e-mail policy of India would add another dimension to encryption usages in India. A dedicated encryption policy of India (PDF) and techno legal encryption law in India is need of the hour.