GOVERNMENT OF INDIA

MINISTRY OF ELECTRONICS AND INFORMATION TECHNOLOGY

RAJYA SABHA

UNSTARRED QUESTION NO. 4089

TO BE ANSWERED ON: 07.04.2017

SECURITY STANDARD FOR ONLINE TRANSACTIONS

4089. SHRI RAJEEV CHANDRASEKHAR:

Will the Minister of Electronics & Information Technology be pleased to state:-

(a) whether Government is aware that RBI in the Report on Internet Banking, 2001, recommends a minimum security standard of SSL or 128 bit encryption for online transactions, securing passwords and ensuring a secure connection between web browser to servers; and

(b) if so, whether Department of Telecommunications (DoT) still only authorises the use of 40 bit encryption technologies?

ANSWER

MINISTER OF STATE FOR ELECTRONICS AND INFORMATION TECHNOLOGY

(SHRI P.P. CHAUDHARY)

(a): Yes, Sir.

(b): With the availability of high performance and powerful computing technology systems, including communication devices and tools, 40-bit encryption is no longer used. The current trend towards stronger encryption standard is in response to the demands of the industry and users. Presently such encryption systems use minimum 128-bit or higher encryption standard for protection of information. Use of strong encryption with appropriate modes and methods of encryption has been recognized by the Government as means to securing data/transactions in electronic media and promotion of e-Governance and e-commerce. Information Technology Act, 2000 enables the use of encryption for such purposes.

The Unified License Agreement issued by Department of Telecommunications dated 19.08.2013 under Internet Service Providers Guidelines has been modified in line with the technology trends in encryption technology and the use of encryption technology shall be governed by the Government Policy/Rules made under the Information Technology Act 2000.