Rishi Ranjan Kala
With increasing incidence of leakage and theft of mobile data, the government has started working on several policy initiatives — from asking handset makers to inform about their device security protocols to creating a registry of stolen mobiles to drafting a comprehensive data protection law and working on more stringent cyber security regulations in the new national telecom policy (NTP).
Several government officials that FE spoke to said in the past few months, the government has initiated the process of creating a slew of policies and regulations which will focus on ensuring safety and security of mobile data. This is important as the government is banking on mobiles to play a crucial role in the success of its ambitious ‘Digital India’ programme.
Several meetings have been held between stakeholder ministries on how to proceed on this matter. The latest in this is the move by the ministry of electronics and IT (MeitY) directing all smartphone companies, including Apple, Xiaomi and Samsung, to outline the procedures and protocols used for ensuring safety and privacy of user’s data. The 21 device makers, a majority of whom are Chinese, have been asked to furnish the details by August 28, an official said. “The ministry will review the protocols that handset manufacturers are using, and if need be will conduct a security audit. Also, MeitY will invest on device security testing facilities so that there is a dedicated infrastructure to deal with such issues,” the official added.
That apart, MeitY has formed a committee of experts under the chairmanship of former Supreme Court Judge B N Srikrishna to study and identify key data protection issues and recommend methods for addressing them. The panel will also suggest a draft Data Protection Bill.
Meanwhile, the department of telecom (DoT) is creating a registry that will list all the lost or stolen mobile phones so that they can be blocked. This is being done to curb the use of counterfeit handsets and to aid law enforcement agencies in lawful interception of such devices.
Even telecom sector regulator Trai has floated a consultation paper on privacy, security and ownership of data in the telecom sector. It has also come out with recommendations on cloud services centring on regulatory framework, security, legal framework among others.
The recommendations by the authority, which came out of Wednesday, include a disclosure mechanism regarding data security. Besides, it has also suggested that the government draw a robust mutual legal assistance treaty (MLAT) to address jurisdictional issues as well as amend existing MLATs to include lawful interception and access to data.