wordpress blog stats
Connect with us

Hi, what are you looking for?

Promoting encryption should be ‘primary focus area’ of National Cyber Security Strategy 2020: Internet Freedom Foundation

The National Cyber Security Strategy 2020 (NCSS 2020) should promote encryption, protect decentralised internet, encourage robust data breach reporting mechanisms, prohibit the use of malware and reward the community of security researchers, the Internet Freedom Foundation wrote in its recommendations to the National Security Council Secretariat (NSCS).

The NSCS, which has been tasked with formulating the NCSS 2020 had invited comments for the same, and the last date of submission was January 10, 2020. Calling for transparency in the formulation of the strategy, IFF said that a draft of the proposed NCSS 2020 should be put out in the public domain following the first round of consultations.

It suggested that the task force which will formulate NCSS 2020 should consider digital rights of Indians, such as privacy, as complementary to a holistic cybersecurity approach. IFF added that NCSS 2020 should not see digital civil liberties and digital security as competing, because they are in fact complimentary.

Recommendations made by IFF

Encryption protects citizens, and in turn, the nation: Promotion of encryption should be one of the “primary focus areas” of the Strategy, since a failure to encourage it would put individual users at risk, who can be potential entry point vulnerabilities, IFF said. It said that concerns around encryption often fail to factor in the technical architecture of modern ICT devices, and the “many elements of personal data that are often outside of encrypted channels”.

  • “Radically expansive” surveillance measures do not prevent cybersecurity breaches, and increase costs and resource deployment without advancing the security of individuals and government institutions, the organisation added.

Let the internet be decentralised: IFF cautioned against moving away from the decentralised framework of the internet, though several economic and regulatory forces are essentially threatening that decentralisation. It said that consolidation of the telecom sector will not only limit the diversity of network architectures, but also inhibit user choice and increase the risk of a single point of failure.

  • Regulations that seek to centralise databases containing sensitive personal information of Indians, and proposals to create data exchange networks around community data, also raise similar concerns, IFF noted, and added that this negatively affects cyber security in “real and tangible” ways.

Devise strong data breach notification mechanisms: The task force should make a strong case in support of the proposed data breach notification provision in the Personal Data Protection Bill before Parliament, since such a provision will enhance cybersecurity “immensely,” IFF said. Also, the proposed Data Protection Authority in the Bill should be involved in any national cybersecurity coordination mechanism, it added.

Ban malware: Use of malware “should be clearly prohibited” in the NCSS 2020, IFF said. Zero-day hacks and an increase in the use of technical exploits to hack into devices and digital services of Indian citizens also makes India insecure, it noted, adding that individuals can use these tools to create backdoors.

Advertisement. Scroll to continue reading.

Reward security researchers: The policy should account for a standard operating procedure for departments to be notified by security researchers, IFF said. They should be rewarded for “upholding and securing our [India’s] national interest,” and the government should adopt bug bounty programmes and responsible vulnerability mechanisms, the organisation submitted.

[embeddoc url=”http://staging.medianama.com/wp-content/uploads/IFF-comments-to-National-Cybersecurity-Strategy-Consultation-Jan-2020-1.pdf” download=”all”]

Written By

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



Looking at the definition of health data, it is difficult to verify whether health IDs are covered by the Bill.


The accession to the Convention brings many advantages, but it could complicate the Brazilian stance at the BRICS and UN levels.


In light of the state's emerging digital healthcare apparatus, how does Clause 12 alter the consent and purpose limitation model?


The collective implication of leaving out ‘proportionality’ from Clause 12 is to provide very wide discretionary powers to the state.


The latest draft is also problematic for companies or service providers that have nothing to with children's data.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ