Ericsson has objected to new rules introduced by India's Department of Telecommunications (DOT) last month, which among other things require equipment vendors to give the Indian government the right to inspect software source code and designs of their equipment.
"We deeply respect and support the steps taken to beef up security of the ICT (information and communications technology) network in India," an Ericsson India spokesman said in an e-mail on Friday. "However we feel that some of the clauses are unprecedented," he added.
Ericsson has requested a dialogue to ensure that security concerns can be balanced with good international practices, the spokesman said.
A local newspaper, The Economic Times, reported on Friday that Ericsson had sent a letter to the DOT, asking that it be excluded from the requirement that source code of its equipment be kept in an escrow account with the government. The Ericsson spokesman confirmed the letter, but did not discuss its contents.
Ericsson is also insisting that that the responsibility for security should not be vested completely on foreign vendors, according to the newspaper.
Under the new rules, equipment vendors will be required to allow service providers and the DOT or designated agencies to inspect their hardware, software, design, development, manufacturing facility and supply chain, and subject all software to a security threat check at the time of procurement and at specified instances thereafter.
Vendors can also face stiff fines and get blacklisted as equipment suppliers if a security breach is detected at a later stage after the deployment of the equipment. It would be unfair for the DOT to blame equipment providers if some third party introduces malware or spyware by hacking or some other means, a spokesman for Huawei Technologies said on Friday.
The new rules may not really achieve the security objectives of the Indian government, said Kunal Bajaj , director for India at telecom consultancy, Analysys Mason. The source code for equipment usually runs into hundreds of thousands of lines of code and investigating that for spyware, malware and security holes is not a trivial task, he added.
On the flip side, new rules such as the potentially unlimited liability on vendors and the escrow account for source code will come at a cost for the industry, such as costly insurance policies, which will have to be absorbed either by the vendors or the service providers, Bajaj said.
The Indian government would have been better off with an earlier plan to get equipment vendors to get their equipment certified for the absence of security issues by an independent certifying agency, he said.
The rules were introduced after Chinese vendors like Huawei and ZTE said that orders placed by telecom service providers since February did not get security clearance from the DOT. The rules requiring security clearance for equipment imports were introduced in December.
A DOT official however said that there wasn't a ban on equipment suppliers from any specific country. India and China went to war in 1962, and still have a border dispute.
A number of vendors who sell to Indian service providers have in private expressed reservations about the new rules. Huawei said its officials were meeting over the weekend in China to discuss the new rules of the Indian government, and take a decision.
Vendors are however unlikely to pull out of India in protest against the new rules, according to Bajaj. "The market runs into billions of dollars, and we would not give it up easily," said an official at a large equipment company. The proposed investments by telecom service providers on the rollout of 3G services, and on expansion of their current networks in the country is an obvious attraction for equipment vendors.
But vendors may modify their ways of operating in the country, including perhaps delaying the introduction of state-of-the-art products in the country, Bajaj said. The new rules will also add to the perception that policy making in the country's telecom sector tends to be unpredictable, he added.