‘Draconian’ Indian telecoms rules attacked

Global telecoms equipment companies are angry at “draconian” Indian security rules that will require them to submit to third-party inspection their equipment and closely guarded network source codes.

New Delhi unveiled the sweeping new rules last week to address security agencies’ concerns that Chinese telecoms equipment suppliers such as Huawei and ZTE could use networks built for Indian telecoms operators to intercept sensitive government conversations and documents.

India’s moves are being watched by regulators and industry experts around the world, as several governments fear the import of foreign gear could open the door to spying but worry that blocking certain suppliers on security grounds would trigger criticism they violate free trade rules.

“Such rules could offer a justification for everyone else to install similar restrictions – let’s see who dares to drag whom to the [World Trade Organisation] first,” said a former US government official familiar with the issue.

China has been expanding requirements for certification of products with encryption functions, including some network gear, which could eventually exclude foreign suppliers. In some instances, Beijing’s rules, also fiercely opposed by industry, require companies to provide source codes as well.

According to New Delhi’s proposed rules, equipment suppliers must allow the local operator, the government or designated third-party agencies, to “inspect the hardware, software, design, development, manufacturing facility and supply chain and subject all software to a security/threat check”.

If “spyware” or “malware” is found in networks, operators will face penalties of Rs500m ($11m, €8.4m, £7m) per order, and 100 per cent of the contract value, while vendors could be banned.

However, international equipment companies have taken strong issue with the idea of sharing their closely-guarded source codes, and allowing authorities, or third parties, to access – and potentially modify them – at any time.

“This is just not done globally anywhere,” said one executive for a foreign equipment supplier. “In the industry, this source code is something sacred.”

The proposed penalties for breaches are also seen as excessive since spyware or malware can sometimes creep into network software without any deliberate malfeasance by the supplier or service providers.

“Companies could go bankrupt if they comply to this,” the executive said. “Even if they do comply, it would be introducing an element of risk that could affect the bankability of their project.”

Ericsson, the Swedish company that recently won a $1.3bn contract to help Bharti Airtel expand its network and prepare for the roll out of third-generation services, has already written to the Department of Telecommunications, calling the rules “unjustly onerous and unprecedented for a vendor like Ericsson”.

Telecoms industry executives are due to hold an emergency meeting on Monday, and are expected to appeal to the government to ­reconsider.

Executives fear the dispute could put the brake on the expansion of India’s mobile phone networks.

Yet that could be stalled indefinitely if equipment suppliers decide they are unwilling to abide by New Delhi’s sweeping rules.

“Operators are under tremendous pressure,” the executive said. “They have shelled out a huge sum for 3G licences. If this deadlock is allowed to continue, India would be confronted with the same situation as Europe in the post-spectrum auction, which led to the complete collapse of the industry.”

India has 640m mobile phone connections, with 20m new subscribers each month. But network expansion stalled this year after New Delhi ordered that all telecoms equipment purchases would need security clearance.

India’s rules follow a move by its country’s Department of Telecommunications earlier this year to specifically exclude Chinese vendors such as Huawei and ZTE from network gear orders. The two fast-growing Chinese companies tried to dispel the Indian security worries in talks.

Huawei has yet to win a major network gear contract from a first-tier operator in the US. ZTE declined to comment on the new rules, but said it had noticed they were designed to treat all suppliers equally instead of discriminating against Chinese companies.