India backtracks on making you store secure chats in plain text

The Indian government has a history of freaking out over internet security only to tone things down later on, and it's not about to stop this pattern any time soon. Officials have withdrawn the draft of an encryption policy which, as written, would require that you store any encrypted communications in plain text for 90 days. The measure was ostensibly meant to help law enforcement collect evidence that would otherwise be inaccessible, but it doesn't take much to spot the glaring privacy and security problems this would create. You'd have to expose your recent conversations to anyone determined to read them, and even your online purchases might be laid bare.

The government isn't completely giving up on its encryption policy, but it's going back to the drawing board to narrow the scope. The rules were never meant to target WhatsApp, shopping and other "common" activities, telecom minister Ravi Shankar says. That's somewhat reassuring, but it raises questions about the services that would be covered by the policy, and whether or not any revised approach to encryption would still leave your info at risk. As security experts will tell you, there isn't really such a thing as a government-only back door for your data -- anything that lets police read what you're saying also opens it up to crooks.

[Image credit: Anna Zieminski/AFP/Getty Images]