Relevance: GS III (Cybersecurity, Internal Security, Science & Technology) | Source: The Economic Times / The Hindu
Context
To curb cyber espionage and ensure ‘Trusted Sources’, the Government is finalising the Indian Telecom Security Assurance Requirements (ITSAR).
The draft norms propose mandating smartphone manufacturers to share source code for security audits, triggering a debate between national security imperatives and corporate Intellectual Property (IP) rights.
Key Proposals (Draft ITSAR Framework)
- Source Code Access: Manufacturers must share source code with designated government labs to detect ‘backdoors’ or hidden vulnerabilities.
- Mandatory Log Retention: Devices must store system and security logs for 12 months to aid post-incident forensics.
- Surveillance Safeguards: Strict restrictions on apps accessing the camera/microphone when the phone is idle.
- Bloatware Control: Users must be allowed to uninstall non-essential pre-loaded applications.
Why It Matters
- Digital Sovereignty: Reduces dependence on foreign-controlled OS (Operating Systems) and mitigates supply-chain risks.
- Countering Espionage: Prevents hostile actors from using mass-market devices as surveillance tools.
- Concerns: Tech giants argue that source code disclosure compromises Trade Secrets and sets a difficult global precedent.
UPSC Value Box: Key Concepts
| Term | Significance for Prelims |
| Source Code | The fundamental set of human-readable instructions written by a programmer. Access allows detection of intentionally hidden malicious commands. |
| Backdoor | A secret method within software to bypass normal authentication and gain remote access. |
| NCCS | National Centre for Communication Security. Functions under Dept. of Telecommunications (DoT); responsible for drafting ITSAR standards. |
| MTCTE | Mandatory Testing and Certification of Telecom Equipment. A regime ensuring only certified and safe telecom gear is sold in India. |
- With reference to the ‘Indian Telecom Security Assurance Requirements (ITSAR)’, consider the following statements:
- It is a security framework formulated by the National Centre for Communication Security (NCCS).
- It mandates the public disclosure of smartphone source code to ensure transparency.
- It serves as a standard to detect supply-chain vulnerabilities and backdoors in telecom equipment.
Which of the statements given above is/are correct?
(a) 1 and 2 only
(b) 2 and 3 only
(c) 1 and 3 only
(d) 1, 2 and 3
Correct Answer: (c)
Share This Story, Choose Your Platform!
Start Yours at Ajmal IAS – with Mentorship StrategyDisciplineClarityResults that Drives Success
Your dream deserves this moment — begin it here.
