Ericsson Objects to New Indian Telecom Rules
Ericsson has objected to new rules introduced by India's Department of Telecommunications (DOT) last month, which among other things require equipment vendors to give the Indian government the right to inspect software source code and designs of their equipment.
Fri, August 06, 2010
IDG News Service — Ericsson (ERIC) has objected to new rules introduced by India's Department of Telecommunications (DOT) last month, which among other things require equipment vendors to give the Indian government the right to inspect software source code and designs of their equipment.
"We deeply respect and support the steps taken to beef up security of the ICT (information and communications technology) network in India," an Ericsson India spokesman said in an e-mail on Friday. "However we feel that some of the clauses are unprecedented," he added.
Ericsson has requested a dialogue to ensure that security concerns can be balanced with good international practices, the spokesman said.
A local newspaper, The Economic Times, reported on Friday that Ericsson had sent a letter to the DOT, asking that it be excluded from the requirement that source code of its equipment be kept in an escrow account with the government. The Ericsson spokesman confirmed the letter, but did not discuss its contents.
Ericsson is also insisting that that the responsibility for security should not be vested completely on foreign vendors, according to the newspaper.
Under the new rules, equipment vendors will be required to allow service providers and the DOT or designated agencies to inspect their hardware, software, design, development, manufacturing facility and supply chain, and subject all software to a security threat check at the time of procurement and at specified instances thereafter.
Vendors can also face stiff fines and get blacklisted as equipment suppliers if a security breach is detected at a later stage after the deployment of the equipment. It would be unfair for the DOT to blame equipment providers if some third party introduces malware or spyware by hacking or some other means, a spokesman for Huawei Technologies said on Friday.
The new rules may not really achieve the security objectives of the Indian government, said Kunal Bajaj , director for India at telecom consultancy, Analysys Mason. The source code for equipment usually runs into hundreds of thousands of lines of code and investigating that for spyware, malware and security holes is not a trivial task, he added.
On the flip side, new rules such as the potentially unlimited liability on vendors and the escrow account for source code will come at a cost for the industry, such as costly insurance policies, which will have to be absorbed either by the vendors or the service providers, Bajaj said.
The Indian government would have been better off with an earlier plan to get equipment vendors to get their equipment certified for the absence of security issues by an independent certifying agency, he said.