India’s War On Encryption Could Drive Apple Inc., Facebook From Tech’s Next Big Growth Market

LONDON -- China is widely considered tech’s hottest growth story among emerging markets, but India is a close second. With just 15 percent of the country's population of 1.3 billion owning smartphones so far, the subcontinent could see a boom in device sales that would rival that of the People’s Republic. But India’s similarities with China go beyond the vastness of its market – and not in a good way, from the standpoint of Western tech companies and privacy advocates.

Like China, India -- despite being a democracy – is cracking down on communications and Internet freedoms as it deals with presumed internal and external threats. It’s a trend that could see U.S. manufacturers like Apple, as well as social media giants like Google and Facebook, pull back from India if laws under consideration prove too draconian.

Indian authorities on Tuesday reversed course on a proposed encryption standard that would have mandated that handset makers give the government unfettered access to all communications on their devices. But the concerns that prompted the rules, including terrorist attacks in Mumbai, Delhi and elsewhere, and a high-profile rape case involving an Uber driver, are still very much alive. Observers think the government of Prime Minister Narendra Modi will eventually enact the measures in some form.

Apple Inc. today has a very small share (under 5 percent) of a market dominated by Android smartphones. But as China shows, the iPhone can very quickly become a major player in new markets, and in a country where the number of people defined as middle class is set to quadruple by 2020, India could represent the company's next frontier.

But recent developments have raised red flags. On Monday, the Department of Electronics and Information Technology in New Delhi published a draft of its National Encryption Policy, suggesting every single one of the hundreds of millions of Indians with computers and cell phones must monitor his email and messages and store all of them in unencrypted form for up to 90 days.

Almost all digital communications these days are encrypted by default, with most people completely unaware of it. Popular services like WhatsApp, Gmail and Facebook all use some form of encryption. That means that only the sender and intended receiver can read the message. Forcing users to store communications in plain text would allow anyone to read it -- and that's assuming they can figure out how to do it in the first place.

The proposed law also suggests that only encryption keys in the possession of the government can be used, meaning everyone from Apple to Facebook and all other foreign companies using encryption would need to hand over their keys to Modi’s government. China has its own restrictions on Internet freedoms, but does not insist that citizens decrypt private communications.

The reaction to the draft laws has been loud and angry. The Indian government moved quickly Tuesday to withdraw the proposed draft law, saying it would be reworked in light of the reaction before being published again.

It is unclear if Modi will mention these proposals on his visit to the U.S. West Coast this weekend, where he is scheduled to meet leaders of Google, Tesla Motors and Facebook, among others.

'We Are Not Reading Your Email'

It's unlikely that Apple would acquiesce to such a request. CEO Tim Cook has stood firm in the face of pressure from the U.S. government and the National Security Agency to hand over encryption keys to iMessage, the company’s instant messaging protocol. Indeed Cook recently said that even if Apple wanted to, it couldn’t.

“We’re not reading your email. We’re not reading your iMessage,” Cook told Charlie Rose earlier this month. “If the government laid a subpoena to get iMessages, we can’t provide it. It’s encrypted and we don’t have a key. And so it’s sort of — the door is closed.”

However, despite the apparent retreat by India, the proposed laws are still likely to contain a lot of what was set out in the original draft, and this presents problems not only technical but also ethical.

“The current version of the policy, as drafted, is unworkable in many respects -- even the underlying principles are unworkable,” Richie Tynan, a technologist at Privacy International, told International Business Times. “Individuals have a burden to store, and turn over, unencrypted versions of their communications when requested, which is likely beyond any possible understanding of the average computer user anywhere.”

Addressing the issue of using Apple’s smartphone in the country, Tynan said: “It is difficult to see how any form of travel with an iPhone to a country that implements such a policy would even be possible.”

Lost In Translation

Tynan believes that the controversy stems partly from an error in translating the draft laws. Mandating the use of encryption only from registered vendors is practically unworkable in a modern society where hundreds of competing companies use their own encryption standards. “This may have been an error in translation, because otherwise it would mark an unprecedented and draconian shift in policy,” Tynan said.

These draft proposals may sound like measures expected from a dictatorship, but encryption is being undermined all over the world as governments push back against improved cryptography. In Britain, the Regulation of Investigatory Powers Act, which came into force 15 years ago, has been used to compel users to disclose unencrypted data in certain instances.

Following his victory at the polls in May, Prime Minister David Cameron has made it clear that he plans to increase the powers of U.K. law enforcement agencies by undermining the encryption used by most major communication platforms with the reintroduction of the so-called Snoopers' Charter.

As well as threatening the privacy of Indian citizens, Modi's move to store unencrypted files would make India a prime target for hackers the world over -- and Tynan believes this could be exactly the reason the law is being drafted as it is.

“The requirement to keep data in an unencrypted state would be a gold mine for hackers; however, governments are in the hacking business," Tynan said. "This may be exactly what they have in mind. By forcing communications and data to be in both encrypted and unencrypted form, their hacking suites would permit them to hoover up information at will. It is disgraceful that a government would force citizens to be kept in such a vulnerable state.”