The Internet Freedom Foundation (IFF) has raised concerns regarding the proposed “Indian Telecom Security Assurance Requirements” for smartphones, warning that these measures could facilitate extensive surveillance, compromise device security, and infringe on constitutional privacy rights.
In a statement, IFF referred to a series of Reuters reports indicating that the Ministry of Electronics and Information Technology is considering mandatory notification of these requirements. Although the proposals are publicly available, the foundation noted that they have not undergone public consultation by the Department of Telecommunications.
The proposed regulations would require manufacturers to disclose proprietary source code, retain device logs for a period of 12 months, and obtain government pre-approval for significant operating system updates and security patches. IFF argued that these measures would “treat every citizen as a suspect and every device as a surveillance endpoint.”
“We strongly reject any proposed regime that effectively grants the state access to confidential source code and embeds persistent controls into devices used daily by hundreds of millions of Indians,” stated the organization.
The foundation also highlighted the lack of a clear statutory basis for these proposals and the absence of meaningful public consultation, suggesting that their development has primarily involved bilateral discussions between the Union government and smartphone manufacturers.
From a constitutional perspective, IFF cited the Supreme Court’s landmark 2017 decision in Justice K.S. Puttaswamy v. Union of India, which affirmed informational privacy as a fundamental right. The ruling specified that any government intrusion must adhere to principles of legality, necessity, and proportionality.
The requirement for manufacturers to submit proprietary source code to government-designated laboratories has been characterized by IFF as “technically unsound and dangerous.” The foundation expressed concern that centralizing widely used operating system code could create a cybersecurity “honeypot,” exposing millions of devices to potential attacks.
IFF also contended that retaining detailed login and application installation logs for a year could result in a “high-resolution map” of users’ private lives, thereby violating essential data protection principles.
Requiring governmental notification or approval prior to the release of major updates or security patches was criticized as counterproductive. “Security patches are time-sensitive,” IFF noted, warning that bureaucratic delays could leave users vulnerable to existing cyber threats.
Additionally, IFF argued that measures such as tamper-detection warnings, anti-rollback protections, and restrictions on “rooting” or “jailbreaking” would undermine users’ control over their devices. The foundation posited that such provisions could also criminalize advanced users and conflict with the right to repair and modify legally owned hardware.
The organization has called on the Union government to cease any plans to notify these requirements and to engage in transparent, open consultations with civil society groups and independent technical experts. IFF intends to formally reach out to the Department of Telecommunications and the Ministry of Electronics and Information Technology, seeking increased transparency on these proposals.
Tags: Digital rights group raises alarm over proposed telecom security rules for smartphones Extract 5 SEO-friendly keywords as tags. Output only keywords, comma separated.
Hashtags: #Digital #rights #group #raises #alarm #proposed #telecom #security #rules #smartphones
