The Ministry of Electronics and Information Technology (Meity) has added smartwatches, CCTV cameras and recorders, iris scanners, and optical fingerprint scanners among 13 new electronic products to the Electronics and Information Technology Goods (Requirement for Compulsory Registration) Order, 2012, making it compulsory for manufacturers of these products to meet standards as stipulated by the Indian government, and companies will also not be allowed to import any non-compliant product for sale in the country. This will come into effect from February 2018.
The other products on the list are Plasma/LCD/LED television of screen size up to 32″, video display units and video monitors of screen size up to 32″, USB driven barcode readers, and barcode scanners among others.
The standard that is required to be followed in case of smartwatches and CCTV cameras are covered by the Information Technology Equipment – Safety General Requirements. Read it here.
The government’s objective seems to curb the entry of sub-standard and/or unsafe electronic products into the country. However, it’s not clear if the government has also taken into consideration the increase in episodes of cyber-attacks using Internet of Things (IoT) devices such as smartwatches. Last year, the multiple cyber-attacks on the Internet infrastructure company Dyn shut down web browsing across America and Europe for hours. Over 100,000 devices were reportedly connected via a malware botnet named Mirai for this attack. This attack specifically was carried out by using a medley of devices connected to the internet, including security and street view cameras used for industrial security. More on the security and privacy concerns related to IoT devices here.
In July this year, the Federal Bureau of Investigation (FBI) had also issued an advisory saying that consumers should consider the cybersecurity risks before “introducing smart, interactive, Internet-connected toys into their homes.” What the FBI didn’t mention is names of toy manufacturers or app developers that consumers need to be careful about. The reason they should have is that an advisory of this nature doesn’t come up in isolation. The FBI must have been made aware of or found out instances where personal data collected through Internet-connected toys was being misused or exploited. Another question that arises is should products similar to the Amazon Echo be considered an Internet-connected toy?
Mobile handset data security
It’s worth noting that last month, Meity had directed 21 mobile handset makers (especially a lot of Chinese brands) to submit information on security architecture and standards that they follow for storing customer data online. The information the government was seeking included security practices followed on handsets, mobile operating system, browser on the device and pre-loaded apps.
Given what we have recently learned about WeChat’s private user data policy, it makes sense to put Internet-connected devices such as smartwatches through stringent quality checks, provided data security is evaluated as minutely as components. Unlike western countries, CCTV cameras aren’t omnipresent in India. It is both good and bad – good because more CCTV cameras mean increased citizen surveillance, and bad because the presence of a CCTV camera might help apprehend criminals/miscreants. So, simply adding CCTV cameras to this list is not enough, the government also needs to come up with concrete measures to ensure footage recorded by said cameras isn’t misused. Finally, the inclusion of some of the other electronic items on the list is perplexing to say the least, because it will further hamper ease of doing business in the country.