21 phonemakers asked to share security practices
Asks 21 smartphone makers — mostly Chinese — to share security practices
The government has asked 21 smartphone makers, the majority of these Chinese, to share the security practices and architecture they follow while making devices. The move by the Ministry of Electronics and IT comes in the backdrop of a stand-off between India and China over Doklam. According to sources in the IT ministry, the Indian government is concerned about data security as most of the Chinese firms making smartphones in India have their servers in China.
The government has asked 21 smartphone manufacturers — the majority of them from China — to share the security practices and architecture they follow while making devices, in a bid to strengthen and secure cyberspace and digital infrastructure in the country.
The move by the Ministry of Electronics and Information Technology comes against the backdrop of a military standoff between India and China in Doklam.
According to sources in the ministry, the government is concerned about data security as most of the Chinese firms making smartphones in India have their servers in China, which make the data more vulnerable to hacking and misuse.
These companies have been working in India for the past many years and, till now, there are no security standards in place. Also, trade balance in the electronics sector is heavily tilted in favour of China, which is also a concern for India, an official said, adding that the government now wants to ensure that all smartphone makers follow a strict protocol to ensure data security. In a letter to the 21 companies, the ministry has given the August 28 deadline for submitting detailed responses on the safety and security practices, architecture, guidelines or standards followed and implemented in the products, and services made for the country. Based on the responses, the government would start verification and audit of devices, wherever required, the official said. The government has also warned that if the procedures are not followed by the companies, it will impose penalties under provisions of the IT Act.
The official further said the testing and verification of devices would be done in India, and the government was upgrading testing facilities in existing labs for the same.
The government feels that smartphones are playing a crucial role in achieving the goals of Digital India and have achieved an impressive penetration of 65 to 75 per cent in the country. “Today these devices hold valuable information of the users while empowering them to interact with their surroundings in innovative ways…There is a need to ensure the security and safety of these devices,” the letter sent to smartphone makers said.
Handset makers that Business Standard spoke to said they were reviewing the letter and not yet ready with their replies. While most of the 21 firms said they had got the letter, two companies said they were yet to receive it. According to sources, the handset firms are mulling the option of lobbying the government through an industry body, instead of presenting their cases separately.
“Our team is working on it, and we will reply by the stipulated date. My sense is, the onus is on the open operating system providers and not the handset companies. Whatever thirdparty applications one downloads, their servers have access to certain data and information,” said Arvind Vohra, chief executive and managing director, Gionee India.
Pankaj Mohindroo, national president, Indian Cellular Association, said while there could be no argument against the need to have secure communication and protection of data, "we must grasp the issue in its entirety". “Different levels of consumer verticals need different levels of security commensurate with the degree of risk. We should not move towards an ecosystem which can stop innovation in the development of mobile application,” he said.