Hacker News new | ask | show | jobs
by vkrm 3226 days ago
This is currently a grey area. All ISPs in India have to abide by their licensing terms with the Department of Telecommunication which restricts encryption to 40 bit RSA or equivalent. Any higher grade encryption can only be used with special permission and requires the decryption keys to be submitted to the DoT.

Whether or not this restriction also applies to end users and non-ISP organizations hasn't yet been tested in the judicial system AFAIK.
1 comments
_jgdh 3226 days ago
You have a link to that? Either way, I'm not sure how that would be implemented, other than outright blocking sites that are HTTPS-only. But I don't think blocking Google, Facebook, Whatsapp and other major websites is going to fly. I have no doubt that the Indian government would like to read people's communications and internet history, but that's not possible today.
link
vkrm 3226 days ago
https://cis-india.org/internet-governance/blog/how-india-reg...

AFAIK, the government has not attempted to prosecute anyone for using stronger encryption, and other government departments/organizations have made conflicting recommendations, especially when it comes to online banking and capital markets. Barring new regulations that clarify the government's position, the status quo is that ISPs cannot apply strong encryption themselves, but are not obligated to prevent their users from doing so.

At least one ISP has gone beyond this mandate and tried to block the use of stronger encryption by their customers[0].

[0]https://www.privateinternetaccess.com/blog/2017/07/indian-is...

link