In a secular state, you would not expect to find a website with the URL deity.gov.in. Such a site does exist however, and relates not to any official religion (though that might well come to pass should the present government stay in power for an extended period) but to the ministry of communications and information technology. Two days ago, the ministry’s Department of Electronics and Information Technology (DeitY for short) released a draft policy covering encryption of electronic communications. It faced, in response, the cyber equivalent of the devil stoning ceremony performed by pilgrims during Haj.
More in a bit about the policy and the government’s subsequent U-turn. The deity on my mind for the past week has been Ganapati, which is to be expected in the middle of Maharashtra’s most distinctive religious festival. The Ganesha cult is flourishing, spreading rapidly among non-Marathi speakers in the state. For those who value peace of mind over religiosity, though, the festival’s got substantially worse.
For one thing, many pandals now ignore the almanac and conduct the visarjan ritual on unprescribed dates. The police, harried enough during the cacophony of traditional immersion days, have little energy to maintain their vigil once the festival is officially over. A single procession, unsupervised, is sufficient to create a massive traffic pile up, and that sort of thing regularly happens on the 11th and even 12th day of the festival.
Secondly, in the past, the god would be brought to his temporary abode in relative silence, and the synthesisers and rock concert-worthy loudspeakers used only for the visarjan ceremony. This time round, the music and dance began on the route to the pandal, and traffic gridlock commenced even before the festival proper. On the eve of Ganesh Chaturthi, it took me nearly three hours to get from my home in central Bombay to Goregaon in the north, a journey that normally occupies between 45 minutes to an hour. Ganapati is known as the destroyer of obstacles, or vighnaharta, but the festival that honours him transforms Bombay from a difficult city for commuters into a nearly impossible one. Ganeshotsav can, with justice, be classified as a major vighnakarta, or creator of obstacles.
Ambitious goals
That observation brings me back to the state entity known as DeitY. Its hastily drawn and withdrawn draft policy refers to its mission, “To provide confidentiality of information in cyber space for individuals” and “protection of sensitive or proprietary information for individuals & businesses”. Sounds great, except that the policy goes on to do the exact opposite, making all personal communication easily accessible by government and law enforcement officials, and rendering secure transmissions vulnerable to abuse. It’s a case of the government promising to act as a vighnaharta, while carrying within it the deep-rooted character of a vighnakarta.
Trying to explain away the controversy as a misunderstanding, the communications and IT minister Ravi Shankar Prasad said, “The purport of this encryption policy relates only to those who encrypt… As far as ordinary consumers of applications are concerned, they do not fall in this domain.” He admitted he was not aware of the draft being placed in the public domain, but his statement suggests he hadn’t even read it. Had he done so, he may have stumbled upon this passage:
“B / C groups (i.e. B2C, C2B Sectors) may use Encryption for storage and communication. Encryption algorithms and key sizes will be prescribed by the Government through Notification from time to time. On demand, the user shall reproduce the same Plain text and encrypted text pairs using the software / hardware used to produce the encrypted text from the given plain text. All information shall be stored by the concerned B / C entity for 90 days from the date of transaction and made available to Law Enforcement Agencies as and when demanded in line with the provisions of the laws of the country.”
The C in this case refers to, “All citizens (including personnel of Government / Business (G/B) performing non-official / personal functions)”. How does this not relate to “ordinary consumers of applications”? A later section of the draft, devoted exclusively to consumers and not businesses, says pretty much the same thing.
Disingenuous explanations
The encryption episode was like a re-run in miniature of the pornography controversy of a few weeks past. The government blocked hundreds of websites, and then claimed to be acting solely from a desire to eliminate child pornography, although child pornography is not available anywhere on established porn sites which are policed very thoroughly by a number of affluent democracies.
Ravi Shankar Prasad was either disingenuous or deeply ignorant in both instances, and neither option is comforting. It’s also troubling that a nation claiming to be a digital superpower not only has terrible IT infrastructure but cannot seem to produce intelligent policy in that area. Fortunately, at least as far as the internet is concerned, we have vigilant citizens preventing those claiming to be vighnahartas from turning into nightmarish vighnakartas.
