Just days after the Ministry of Electronics and Information Technology (MeitY) implemented a total ban on uncertified Chinese surveillance hardware, the "Iron Shield" of Indian digital sovereignty is facing its first major internal audit not from engineers, but from Parliament.
1. The Allegation: "Surveillance Inside the Gates"
On Saturday, April 4, the Leader of the Opposition issued a scathing critique of the current transition, alleging that the public-facing ban is masking a deeper failure within government infrastructure.
- Legacy Persistence: The core allegation is that while new sales are blocked, thousands of Chinese-made cameras remain active inside high-security government buildings.
- The "One Million" Problem: Critics pointed back to a 2021 government admission that approximately 10 lakh (one million) Chinese cameras were in use across India, posing significant data exfiltration risks. Five years later, there is still no public confirmation that these specific units have been purged.
- The "App" Shell Game: The briefing also highlighted that banned Chinese applications are reportedly "resurfacing" under altered names and that foreign AI platforms are processing sensitive Indian data without a clear "Trust" certification.
2. The MeitY Response: "Verbiage Without Figures"
The Ministry’s response to these parliamentary inquiries has been characterized by the opposition as "evasive."
- The Official Stance: Minister of State Jitin Prasada emphasized that the National Security Directive on Trusted Sources (2021) and the Telecommunication Act 2023 provide a robust legal framework for current and future deployments.
- The Evasion Claim: Opposition leaders noted that the Ministry failed to provide specific numbers on how many legacy cameras have been replaced, which foreign AI platforms are vetted, or the exact country of origin for the chipsets currently monitoring "vital locations."
3. The Reality on the Ground: The STQC Bottleneck
Despite the political noise, the technical shift is undeniably occurring, albeit with significant friction.
- The Certification Barrier: As of April 1, all internet-connected CCTVs must pass the Standardisation Testing and Quality Certification (STQC). This includes a full "Source Code Audit" and a "Bill of Materials" disclosure.
- The Market Shift: Indian firms like CP Plus, Prama, and Sparsh now reportedly control 80% of the market, having successfully pivoted to Taiwanese chipsets and local firmware. However, the cost of this "sovereign hardware" has increased by 15–20%, creating a financial hurdle for rapid replacement in smaller government offices.
Hacklido Technical Takeaway: Auditing Your "Trusted" Sources
For the Hacklido community, the New Delhi allegations serve as a reminder that "Policy" is not "Security."
- Hardware vs. Software Shadowing: A banned app is easy to delete; a banned camera is a physical asset. If you are managing a network, do not assume a "National Ban" has cleared your rack. Run a MAC address OUI lookup on every surveillance node on your network to identify the true manufacturer of the network interface.
- The "Rebranded" App Threat: The opposition's claim about "resurfacing apps" is technically accurate. Attackers often use repackaged APKs with identical backend C2 (Command & Control) infrastructure. Use a tool like MobSF (Mobile Security Framework) to audit the destination URLs of any new "utility" or "system" apps on corporate devices.
The SoC "Black Box": Even "Indian-made" cameras may use Chinese-origin System-on-Chips (SoCs). The new STQC rules require disclosure of the SoC origin for a reason. If your hardware provider cannot name the foundry that printed their silicon, they are not compliant with the April 1 mandate.
