The Digital Trojan Horse

INDIA’S DIGITAL ECONOMY is taking off in a big way. Most of the large businesses that have emerged in the last decadeand-a-half can be aptly called the ‘Children of Internet and Data Centres’ without which the modern-day consumer interneteconomy companies would not have been possible.

Added to this is India’s desire to keep itself safe to ensure a growing and stable economy. India today is also ramping up its surveillance networks for national security besides homes and businesses which are equally investing in safety monitoring mechanisms.

But this foundation seems to run the risk of being silently and systematically compromised by a massive influx of illegally imported, refurbished, and end-of-life hard disk drives (HDDs) and surveillance drives. These undermine India’s national security apparatus and constitute a sweeping act of consumer deception. The recent decisive actions taken by government agencies to crack down on this illicit trade are a commendable beginning, yet it must be sustained and intensified. These cannot be brushed off as mere customs evasions as they pose a critical challenge to our digital sovereignty and national security.

The core danger of this practice lies in misrepresentation. These used drives or long-retired enterprise units from other countries are frequently repackaged and sold as new or specialised ‘surveillance drives’ designed for 24x7 operations. The technical analysis carried out by agencies like the Directorate General of Foreign Trade (DGFT) reveals the deception—drives that appear pristine on the outside possess internal diagnostics, known as SMART (Self-Monitoring, Analysis, and Reporting Technology) logs, confirming thousands of hours of prior use. When these low-quality, high-wear drives are deployed in critical surveillance infrastructure—be it Smart City CCTV cameras, police control rooms, or railway security systems— the results are disastrous as these are not new and failures would come at a time when these devices are needed most and they come with no OEM (original equipment manufacturer) guarantee.

Current Regulations

As per the Foreign Trade Policy (FTP) governed by DGFT, the import of secondhand goods is generally restricted and requires a specific import licence, unless explicitly exempted. Additionally, used electronic goods fall under the purview of the E-Waste (Management) Rules, 2016 which mandate prior permission from the Ministry of Environment, Forest and Climate Change (MoEF&CC). Importers must also comply with applicable Bureau of Indian Standards (BIS) certification requirements wherever notified. Furthermore, customs authorities may require detailed documentation, including a certificate of inspection from an authorised agency in the exporting country, to confirm the fitness and residual life of the product. These regulations are designed to prevent the dumping of obsolete or hazardous materials and to promote sustainable trade practices.

Threat to Digital Sovereignty

Surveillance drives are highly specialised, engineered to write massive amounts of data constantly without failure. A genuine surveillance drive might be rated for three to five years of continuous operation. A refurbished hard drive, operating far beyond its intended lifespan and often with wear indicators fraudulently reset, can fail prematurely. Such failure can occur at the most critical moment, leading to the irreversible loss of crucial footage during a crime, security breach, or natural disaster.

Furthermore, importing unverified, end-of-life hardware poses a potential security backdoor issue. Drives sourced from unknown overseas sources may carry undetected firmware modifications, transforming them into hardware vulnerabilities that compromise data integrity or even facilitate unauthorised access to Indian networks. Various reports indicate that these spurious drives may have unfortunately found their way even into government procurement platforms like the Government e-Marketplace (GeM).

Consumer Harm and Economic Loss

Beyond the strategic implications, the pervasive illegal import is fundamentally hurting millions of honest consumers and businesses. The unsuspecting buyer, whether an individual or a small enterprise, believes they are acquiring a warranted, new product. When the drive fails unexpectedly—often taking irreplaceable personal or business data with it—the consumer finds the warranty void and the seller elusive. This erosion of trust damages the reputation of the entire legitimate electronics industry, making consumers wary of even genuine products.

The economic fallout cannot be ignored either. The illegal trade, which some estimates place at over `800 crore in value over recent years, involves massive evasion of customs duties and Goods and Services Tax (GST). This illicit economy undercuts legitimate global and domestic manufacturers and importers who adhere to India’s FTP and the mandatory compliance required under BIS and E-Waste (Management) Rules. This dumping of global electronic refuse not only steals revenue from the exchequer but also transforms the nation into a surrogate dumping ground for hazardous e-waste.

Sustained Enforcement

The government and its enforcement agencies have begun to acknowledge the severity of this issue. Recent interdepartmental alerts issued by DGFT to the Central Board of Indirect Taxes and Customs (CBIC) and subsequent actions highlight a strategic shift. Alarmingly, officials identified that over 90 per cent of the country’s refurbished HDD imports were routed through facilities in the Hyderabad Air Cargo and Inland Container Depot, solidifying its status as a critical hub for these imports. The ongoing Operation DigiScrap and similar enforcement actions like those by the Directorate of Revenue Intelligence (DRI) are essential steps. Paragraph 2.31(D)(e) of FTP classifies the import of refurbished IT components as “restricted” and requires prior DGFT authorisation. This means the goods are not simply secondhand but they are also illegal when imported without the necessary licence and sold as new.

While some court rulings have affirmed the right to sell refurbished goods, they strictly mandate clear, transparent disclosure and labelling to prevent consumer confusion—a disclosure the illegal importers consistently skip and conveniently misrepresent.

India must maintain this pressure. Enforcement must be paired with public awareness campaigns that educate consumers and procurement managers about verifying product authenticity, identifying drives with reset SMART logs, and demanding legitimate warranties. For a nation rapidly building its digital infrastructure, the integrity of every component matters. We cannot allow the lure of cheap, fraudulent hardware to become the single point of failure in our surveillance systems and digital lives.

Seven Recommendations

Here is how India, its economy and consumers can be kept safe.

. Strengthen Import Regulations and Licensing

. Mandatory Licensing: Enforce mandatory import licences for all secondhand hard drives and surveillance equipment, regardless of declared value or origin.

. Restricted Category Classification: Move used storage and surveillance equipment to the ‘restricted’ or ‘prohibited’ category under FTP unless certified by authorised agencies.

. Certification and Inspection Protocols

. Pre-shipment Certification: Require a certificate from an accredited third-party agency in the exporting country verifying the originality (non-counterfeit status), functional integrity, data sanitisation status (to avoid illegal data trade), and residual life and warranty.

. Strengthen Customs Screening

. Use of AI and Advanced Scanning Tools: Equip customs with AI-driven scanning and detection tools that can flag shipments of used electronics for inspection.

.Randomised Sampling and Deep Forensics: Conduct random sampling of imported used hard drives for forensic examination to detect malware, counterfeit firmware, or surveillance risks.

. Create a National Register of Importers

. Track Record Verification: Maintain a national registry of licenced importers of second-hand electronics, and monitor their import history for red flags, such as repeated violations or product recalls.

. Penal Provisions and Blacklisting

. Strict Penalties: Impose heavy fines, confiscation, and criminal charges for import of spurious or counterfeit drives, especially if they pose cybersecurity threats.

. Blacklist Offenders: Publicly blacklist importers and foreign suppliers found guilty of repeatedly exporting spurious goods to India.

. Inter-agency Coordination

. Cybersecurity Agencies Involvement: Engage CERT-In, NCIIPC, and other cybersecurity bodies to vet imported surveillance products for potential backdoors or data leakage risks.

. Customs–DGFT–MeitY Collaboration: Establish a working group involving Customs, DGFT, and the Ministry of Electronics and IT to review high-risk imports.

. Public Awareness and Industry Partnership

. Importer Awareness Campaigns: Launch awareness campaigns to educate importers and distributors about the legal and cybersecurity risks of importing unverified secondhand drives.

. OEM Engagement: Collaborate with original equipment manufacturers (OEMs) to verify authenticity through serial number validation APIs or blockchain-based supply chain tracking.

Strong, unwavering action on illegal imports is not a matter of choice; it is a necessity for protecting India’s people, its economy, and its future.