Indian digital rights group warns Modi govt’s proposed smartphone rules could enable mass surveillance
New Delhi: The Internet Freedom Foundation, New Delhi-based digital rights organization, has expressed alarm over the proposed “Indian Telecom Security Assurance Requirements” for smartphones, warning that the measures could enable sweeping surveillance, undermine device security and violate constitutional privacy protections.
According to Kashmir Media Service, in a statement issued in New Delhi, the IFF said that the proposals, under consideration by the Indian Ministry of Electronics and Information Technology, would mandate the disclosure of proprietary source code, require companies to retain device logs for 12 months and seek government pre-approval for major operating system updates and security patches.
“IFF strongly rejects any regime that effectively grants the state access to confidential source code and embeds persistent controls into devices used daily by hundreds of millions of Indians,” the organisation said, adding the proposals “treat every citizen as a suspect and every device as a surveillance endpoint.”
The foundation noted there is no clear statutory basis for the measures and no evidence of meaningful public consultation, adding that their development appeared to be limited to bilateral discussions between the Indian government and smartphone manufacturers. It described the requirement for manufacturers to submit proprietary source code to government-designated laboratories as “technically unsound and dangerous.” Centralizing source code for widely used operating systems, it said, could create a cybersecurity “honeypot” vulnerable to state and non-state attackers, potentially compromising the security of millions of devices.
The group also warned that retaining detailed logs of login attempts and app installations for a year could create a “high-resolution map” of users’ private lives, associations and interests, violating basic principles of data protection.
Requiring government notification or approval before releasing major updates or security patches was criticised as counterproductive. “Security patches are time-sensitive,” the IFF said, warning that bureaucratic delays could leave users exposed to active cyber threats.
Additional measures such as tamper-detection warnings, anti-rollback protections and restrictions on “rooting” or “jailbreaking”, would erode users’ control over their own devices, criminalize advanced users and conflict with the right to repair and modify legally owned hardware, the IFF added.
The foundation urged the Indian government to halt any move toward implementing the proposals and to instead initiate transparent consultations with civil society groups and independent technical experts.
