Online users in India will soon get the same level of email security as BlackBerry subscribers. Those who are worried about their online transactions and mails being hacked into would therefore be able to heave a sigh of relief.

The Department of Information Technology (DIT) is planning to allow data encryption levels for service providers to increase from the existing 40-bit to 256-bit.

Encryption is the process of encoding information in such a way that only the person or the computer with a key can decode it. Sensitive information sent through the internet is always encoded at different levels to protect the information from being leaked. Banks generally have the highest level of encryption to safeguard account holder information and money.

Most of the web browsers now have elevated from the earlier 40-bit encryption to 128-bit, to increase security. However, internet service providers have been limited to 40-bit encryption by the DIT till date.

The issue was of security. Since, higher levels of security are very difficult to break into, the security agencies in India were worried that they will not be able to track illegal transactions or plans, especially those pertaining to terrorism.

Last year the Indian security agencies had raised objection on the encryption level used by BlackBerry mobile, which was beyond 40-bits. The security agencies had sought the decryption key to monitor data transferred through BlackBerry. According to security guidelines, an operator would have to provide the decryption key or unlocking code to the security agencies in any use of encryption beyond the 40-bit level.

According to Pavan Duggal, a Supreme Court advocate and cyber law expert, the government should come up with clear encryption rules. “We should learn from the best practices of developed nations like the US and the UK where there are clearly-stated guidelines defining encryption and privacy. The rules should make a distinction between corporate data privacy and personal privacy,” he said.

On Saturday, the department had convened a meeting with the IT industry associations seeking recommendations to formalise guidelines under the Information Technology Amendment Act 2008. The law was notified in February.

A senior DIT official told Financial Chronicle that industry associations had recommended increasing the encryption level to ensure better security for online users across the network. The meeting was attended by representatives from CII, Association of Competitive Telecom Operators, Nasscom and Data Security Council of India. “At present the government guidelines permit 40-bit encryption for networks. Although there has not been any amendment to increase the encryption level, we want to bring in the global best practices to increase efficiency and privacy levels,” the official said.