Public memory may be shortlived or so the saying goes. However, not many will forget last year’s government ruckus over the issue of encryption of Blackberry from Research in Motion (RIM).

The security officials wanted RIM to lower its encryption from 256 bits to a 40-bit encryption. RIM refused the request, saying that its data encryption is designed so that no third party, or RIM itself, can access the data being transmitted wirelessly. RIM officials were later reported to have reached an understanding with the government since encryption is a “politically-sensitive” issue too given the recent terrorist attacks.

The government now has quietly introduced a policy on encryption — for the first time in India since the advent of the internet.

Clause 84A of the Information Technology (Amendment) Bill, 2008, states: “The Central Government may, for secure use of the electronic medium and for promotion of e-governance and e-commerce, prescribe the modes or methods for encryption”.

Accordingly minor amendments have been made under the Indian Penal Code (IPC) Act too. In Section 118, for the words “voluntarily conceals, by any act or illegal omission, the existence of a design”, the words “voluntarily conceals by any act or omission or by the use of encryption or any other information hiding tool, the existence of a design” shall be substituted; and in Section 119, for the words “voluntarily conceals, by any act or illegal omission, the existence of a design”, the words “voluntarily conceals by any act or omission or by the use of encryption or any other information hiding tool, the existence of a design” shall be substituted.

However, it’s still not clear what will actually take place. Cyber experts are saying that the government needs to be complemented for enacting special provisions pertaining to encryption. However, the real challenges begin now. One of the major challenges before the Government would be how to come up with appropriate secondary legislation that mirrors the aspirations of corporate India regarding using encryption and how further encryption can be utilised as an effective servant for furthering the cause of furthering electronic governance.

Needless to say, the government should encourage bonafide use of encryption for legitimate purposes and should provide an enabling platform for the industry. Similarly, the government must come down strongly against any detected misuse of Encryption.

We need to learn from our own mistakes as a nation. We should not come up with new secondary legislation that would be observed in breach than in observance, being the condition what happened pertaining to the earlier provisions of 40-bit encryption.

With some ecommerce activities not only demanding 128- and 256-bit encryption but also 512- and 1024-bit encryption levels, a 40-bit one will only become one big media joke again.