Thank You, Rajesh Pantji
Context :
Government to implement mobile privacy and security initiative: Rajesh Pant / ET / 11 Dec 2021
Extract :
The Centre is implementing an ambitious program for mobile privacy and security which would alert citizens to the vulnerabilities present in their mobile phones and applications installed on it, National Cyber Security Coordinator, Lt General ( Retd ) Rajesh Pant said ( ncsc@gov.in )
“ We are also implementing a project called ICAPS. That is the Indian Citizen Assistance for Mobile Privacy and Security
It is a project where the objective is to build an integrated server system which can collate all the mobile security-related information and provide customized and actionable knowledge to individual Indian citizens to secure their mobile devices and data on those devices “, Pant said at the Indian Mobile Congress ( IMC ) 2021
The new system would verify the handset model and the applications installed on it and send a message to alert about vulnerabilities if any, while the relevant information would be provided to citizens in their native language, or the language that they understand
The solution should not only inform but also answer questions in a manner that users can understand , Pant said, adding queries such as on mitigating vulnerabilities, and relevant Government advisories, would be addressed
With consumer IoT now entering the workspaces, Pant said that vulnerabilities represent significant potential risks for individuals and organizations of all kinds
“ We are going down to the semiconductor level, the silicon level and see where the chips are coming from, and what is the importance of those chips in that particular product and then only we are certifying that it is a trusted product “, Pant added
On June 15, this year, the government launched an online mechanism and mandated any equipment connected to the National Telecom Network, must have trusted products from a trusted source
MY COMMENTS :
Ø This is indeed, very good news. I hope, Govt will require all mobile phone manufacturers, to pre-install ICAPS software, before a device leaves factory gate
Ø Then there is the question of hundreds of APPS which come pre-installed with a smartphone - AND - which the user, simply cannot UNINSTALL ! This must not be permitted. User should be able to UNINSTALL any app that he does not need
Ø Apart from the mobile phone manufacturers, even Mobile Service Providers ( MSP ), install apps from time to time, without explicit permission of the users. This too must be prohibited
Ø Most smart-phone users access web portals from their mobiles ( rarely from tablet – PC ) and download apps. Most of these “ steal “ user data . A vague – and long – “ TERMS “ statement is required to be “ I ACCEPT “ click . Can Govt send a “ VULNERABILITY WARNING “ ( to person downloading ), within minutes of download ? And suggest “ Action “ ?
Ø As it happened recently in case of PM’s Twitter account getting hacked for posting a FAKE news, can ICAPS immediately alert all mobile phone owners about such incidences ?
Ø Currently, mobile App developers upload their apps on Google Store or Apple Store . Users download from these stores . Can Govt develop a “ VULNERABILITY SCORE “ ( on a scale of 1 > 10 ) and assign such a score to each and every App ? – and “ mandate “ that Google / Apple Stores display these scores against each app ?
Ø How do ICAPS expect to catch those “ NO CLICK “ spying soft-wares ( like what PEGASUS recently launched ) ?
Ø It is hoped that “ access “ to ALL the smart-phones in the country ( 1 BILLION ? ), by Central Government’s “integrated server system “, would not lead to the Central Government , snooping and listening / recording, everything a user is doing with his Apps !
Ø On the UPSIDE, such “ integrated server system “ with dynamic / up-to-date, database of ALL the mobile phones ( including Feature Phones where too, some APPS are about to start working ), would greatly facilitate implementation of :
# Monetizing of Personal Data by data-owners
# Every citizen’s Health Records
With Regards,
Hemen Parekh / hcp@RecruitGuru.com / 14 Dec 2021
No comments:
Post a Comment