Xiaomi, Lenovo, Huawei face government security heat

Call it knee-jerk radicalism or pre-emptive plugging of legitimate data loopholes, the government is waking up to the much ignored issue of data security. 

Chinese mobile companies Xiaomi, Lenovo and Huawei have come under the government scanner for allegedly violating privacy and data security concerns.

According to sources familiar with the development, the Modi government is keen to upgrade security levels for safeguarding data available with government, business houses and security establishments.

For a start, the armed forces have stepped in to apply the heat on the Chinese handset manufacturers. The Indian Air Force had two days ago issued an alert to its squadrons as well as family members of IAF personnel to stay away from Xiaomi devices.

 According to IAF sources, Xiaomi phones have been sending confidential call data to Chinese servers.

 In a statement issued on Friday, Xiaomi India spokesperson clarified that the Beijing-headquartered smartphone company decided to migrate data of its non-Chinese customers from its servers in Beijing to Amazon AWS data centres in California (US) and Singapore as it looks to address the rising privacy concerns.

The migration process, which began earlier this year, will be completed by the end of October and will benefit users in international markets — Hong Kong, India, Indonesia, Malaysia, Philippines, Singapore, and Taiwan, Xiaomi Vice- President Hugo Barra said in a blogpost on Friday.

However, the armed forces apparently feels that the threat of confidential data landing in the wrong hands persists. 

IAF had last week issued an alert to air force squadrons as well as family members to stay away from Xiaomi devices. The IAF alert came with a ‘medium’ severity rating, which is considered serious according to an IAF official, and has not been withdrawn at the time of going to press.

Earlier this year, Finnish security firm F-Secure has seemingly proven that Xiaomi smartphones (specifically the company’s budget smartphone, the Xiaomi Redmi 1s) do in fact upload data without the user’s knowledge or permission.

 But the company strongly denied these allegations in the statement issued on Friday. When contacted by Deccan Herald, Huawei officials said they haven’t received any note from government agencies on security violations. “There are routine checks by the government on all foreign companies. Huawei doesn’t violate any security criteria followed by India,” a Huawei official said.

Former Harvard law graduate and global cyber security advisor Richard H L Marshall, who has worked on homeland security with the George Bush administration, had said recently that government officials have not yet woken to cyber attacks, a modern day battle methodology. “China and Russia are unleashing cyber warfare battles across the globe.

 Cyber criminals have two objectives: find targets that will yield high payoffs for their
 efforts and attack those high payoff targets that offer the least resistance,” he had said.

According to a source familiar with the development, there is solid information on Chinese companies flouting security and actively involved in cyber attacks on India from their territory.

 “We have a system in India where 16 agencies are doing R&D on products imported from aborad. We should have a single regulator under the government to look into the issue so that there will be more transparency and dissemination of  information,” the source said.