Source: The Economic Times, Aug 24, 2017
NEW DELHI: Concerned over theft of personal and financial data at the hands of mobile companies, especially the large number of Chinese firms, the government is set to mandate strict security and privacy guidelines and standards for device makers.
The cyber-security standards may be announced over the next few weeks and are aimed at protecting the data and information of mobile users. Also, they will look at controlling the clandestine movement of personal information of users to servers abroad, sources in the IT Ministry told TOI.
“This is a very serious matter and we will soon be issuing standards and guidelines that guard against any theft of information from mobile devices,” one of the source said.
The concern of the government stems from the fact that internet access in India is led by mobile devices which has emerged as the main source of contact with the online world. “Also, with digital transactions going on an overdrive after the government’s efforts in this direction, the fear of hacking and siphoning of data is at alarming levels,” the source said.
A large number of phones sold in the country are from Chinese companies or have their origins in the neighbouring country. The government feels that rising tensions with China may lead to a situation where critical data of individuals may be compromised, when procured illegally.
The standards will be based on the recommendations of two high-level committees – one led by the RBI and the other by the Department of Telecom (DoT). These will be in addition to the provisions in the IT Act that guard against any theft of data.
The government fears that apart from financial and personal data, the information being accessed illegally also includes location of individuals, their medical records, and their browsing history.
The IT ministry will also take reference from ISO standards issued on the matter and also other relevant guidelines that have been prescribed from time-to-time, the source said.
The government’s decision to mandate security standards for phone companies comes at a time when it has issued notice to nearly 30 phone companies on concerns over cyber security. These include Chinese makers such as Vivo, Oppo, Xiaomi, Huawei, Gionee and OnePlus. The notice has also been issued to non-Chinese makers such as Samsung and Apple, apart from homegrown companies like Micromax, Karbonn and Lava. The concern on security includes the device, it’s operating system, the browser on the device and pre-loaded apps.
The government’s action comes after reports that devices are increasingly being used to siphon data. “These devices must provide secure transmission and storage of data. The security of the mobile devices must address all layers, including hardware security, operating system security, applications security, securing network communications and the encryption standards being used. Some of these may be compromised. We are talking about stealing of data,” a top official said while talking about the notice to the phone companies who have been asked to report their compliance by August 28.