Thursday, July 3, 2014

India Is A Sitting Duck In Cyber Security Field Says Praveen Dalal

Cyber security has become a nightmare for India. For considerable period of time India ignored cyber security to its own detriment. Now past mistakes are haunting Indian government and India cannot do anything except issuing statements and warnings. However, these statements and warning have no value and impact at all to cyber adversaries across the world.

Cyber security in India is simply beyond the contemplation of our politicians and government. The cyber security challenges in India are tremendous and our government is sleeping over the matter. Other countries are invading Indian cyberspace with no difficulty or challenge at all.

According to Praveen Dalal, managing partner of New Delhi based ICT law firm Perry4Law and CEO of Perry4Law’s Techno Legal Base (PTLB), India is a Sitting Duck in the Cyberspace and Civil Liberties Protection Regime. Malware like Stuxnet, Duqu, Flame, Uroburos/Snake, Blackshades, FinFisher, Gameover Zeus (GOZ), etc cannot be tackled by India due to lack of Offensive and Defensive Cyber Security Capabilities. Cyber Security Breaches are increasing World over and India must be “Cyber Prepared” to deal with the same. The Cyber Security Challenges before the Narendra Modi Government are not easy to manage and Indian Cyberspace must be protected on a “Priority Basis”.

Governments ranging from Congress to Bharatiya Janata Party (BJP) have done nothing to improve the privacy laws in India and cyber security of India. Even the Narendra Modi lead government has done nothing except summoning of few officials of United States for blatant violation of privacy rights of Indians and invading Indian cyberspace.

In these circumstances it would not be wrong to declare that India is a sitting duck in the field of cyber security. These days cyber security is an integral part of national security as well. The national security policy of India must also incorporate cyber security as an essential component. Only time would tell whether Modi government would be successful in bringing privacy rights to Indians and meeting the cyber security challenges of India.

Saturday, June 21, 2014

E-Health Laws And Regulations In India Needed Opines Law Firm Perry4Law

This is the research article of New Delhi based ICT law firm Perry4Law. It is covering many crucial areas pertaining to use of information and communication technology (ICT) for providing healthcare related services in India. However, like any service, e-health services in India depend upon compliance of certain Indian laws that is missing as on date. Similar is the case regarding m-health that is the upcoming field in this regard.

Information and communication technology (ICT) has streamlined the way medical services and para medical services are provided world over. E-health and telemedicine are examples of use of ICT for medical purposes.

However, when technology is used for medical purposes, it gives rise to medico legal and techno legal issues. In United States, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Health Information Technology for Economic and Clinical Health Act (HITECH Act), etc are some of the laws that take care of medico legal and techno legal issues of e-health and telemedicine.

On the contrary, we have no dedicated e-health and telemedicine laws in India. Even essential attributes of these laws like privacy protection, data protection (PDF), data security, cyber security, confidentiality maintenance, etc are not governed by much needed dedicated laws.

However, numerous statues carry individual provisions that may be applicable to e-health and telemedicine activities in India. For instance, the e-governance and e-commerce related aspects of e-health and tele medicine may be governed by the Information Technology Act, 2000 (IT Act 2000) that is the cyber law of India. All electronic contraventions and violations pertaining to e-health and tele medicine can be regulated b the IT Act 2000.

Similarly, privacy and data protection aspects (PDF) in cyberspace pertaining to e-health are also governed by the IT Act 20000. Further, the Supreme Court of India has interpreted Article 21 of Indian Constitution as conferring a right to privacy upon all persons in India. Even in some cases the Supreme Court of India has held that patients have a right to privacy to protect their health related information except where non disclosure of such information is violating fundamental rights of others and is against public interest and public policy.

Even data security and cyber security aspects have been covered by the IT Act 2000 to some extent. The real problem is that these provisions that protect privacy, data protection, data security, etc are piecemeal efforts and they are not serving the purposes as required.

We need to have dedicated e-health laws and regulations in India that are presently missing. The sooner these e-health laws and regulations are formulated in India the better it would be for the larger interest of medical community and patients in India.

Unregulated M-Health Activities May Be Health Hazard In India

Technology is assisting in making affordable healthcare services available to the residents of even the most remote corners of a territory. Technology has the potential to tackle the healthcare related problems of India as well. However, regulatory and legal issues must be kept in mind while using technology for healthcare related services in India.

For instance, most of the m-health service providers in India are violating Indian laws and there may be legal actions against them very soon. However, the biggest nuisance creators are online pharmacies providers of India that are operating without any legal compliance. Some of the areas where the m-health service providers are not observing Indian laws are privacy protection, data protection (PDF), cyber law due diligence (PDF), encryption regulations, cloud computing regulations, etc.

Similarly, medical devices must be thoroughly scrutinised to rule out any possible legal violation in India. The legal risks for developer and owners of food, healthcare and medicine related websites cannot be ignored. Mobile medical devices and handsets and their respective applications must also be in strict conformity with Indian laws. Medical device makers, software providers and medical fraternity of India must also keep in mind the encryption laws of India and cloud computing related compliances of India.

According to experts, dedicated m-health laws and regulations in India are urgently needed to prevent m-health related legal violations. In India, e-health and m-health related legal framework is missing. For instance, e-health in India is facing legal roadblocks. Till now we do not have any dedicated e-health laws and regulations in India. The legal enablement of e-health in India is urgently required. Naturally, dedicated m-health laws and regulations in India are also missing and different laws apply to m-health related issues in India. Telemedicine and online pharmacies laws in India and their legal implications and liabilities are also unknown to various m-health professionals.

In United States, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Health Information Technology for Economic and Clinical Health Act (HITECH Act), etc are some of the laws that take care of medico legal and techno legal issues of e-health and telemedicine. India also needs laws like HIPPA and other similar laws that can regulate m-health related issues in India. Otherwise, unregulated m-health activities may be a great health hazard in India.

Saturday, June 14, 2014

Centre Plans To Scrap Aadhaar Project As Per Experts Suggestions

It is really unfortunate how political consideration overweight the national interest of India. The Congress led government has taken many steps and launched many projects that were clearly illegal in nature. Despite warnings from legal experts, the Congress led government kept on pushing those projects at the cost of Indian exchequer and civil liberties.

It seems the Congress led government was pursuing a secret agenda in a desperate attempt to regain the power at the centre. However, those efforts of Congress failed miserably and the BJP led government came with a clear majority. The natural question that has arisen is whether Modi government would “simply step into the shoes of Congress” or actually protect the Constitutional Rights of Indian Citizens, opines Praveen Dalal, managing partner of New Delhi based ICT law firm Perry4Law and leading techno legal expert of Asia.  

One such unconstitutional project of Congress led government is Aadhaar that should not have been started at all. The problem with aadhaar project is that it was never implemented in a legal and constitutional manner. However, there were very few individuals who raised their voices against this illegal project.

One of the early, stern and incessant opposers of the Aadhaar project is Praveen Dalal who was the first one to demand for scrapping of Aadhaar project in the year 2010. Dalal claimed that the UIDAI must not use public funds till provisions regarding the same are incorporated in the law to be formulated by Parliament of India. He still believes that Aadhaar project must be scrapped till a constitutional law supporting the project is in place as it is a fraud against the constitution.

According to Dalal, “The Aadhaar Project is the most “Obnoxious” and “Evil” Project that Indian Government has been pursuing till now. In my personal opinion, the very foundation of Aadhaar Project is based upon “Lies and Deception” and this Project should have been “Scrapped” long before. However, the previous Government not only deliberately kept this “Illegal and Unconstitutional Project” alive but also wasted crore of “Hard Earned Public Money” on a Project that is clearly Illegal and Unconstitutional. Narendra Modi “Must Scrap Aadhaar Project” as well along with the Cabinet Committee on UIDAI, recommends Dalal.

Fortunately, the Constitutional Validity of Aadhaar Project has been questioned in the High Courts and Supreme Court of India. The Supreme Court has even held that Aadhaar Card/Number cannot be made mandatory for availing public services in India. The Supreme Court has also prohibited UIDAI from sharing biometric data with Indian Government Agencies without data owner’s consent. Even a Parliamentary Committed rejected the proposed National Identification Authority of India Bill 2010 finding it “Inadequate and Unsuitable”, informs Dalal.

Fortunately, the Modi led government has considered the suggestions of experts like Dalal and it is now considering scrapping the Aadhaar project altogether. The intent of the Modi led government to take such a move was apparent when Prime Minister Modi decided to discontinue the previous government’s Cabinet committee on the Unique Identification Authority of India.

“As the UIDAI has no legal backing, a decision would soon be taken to scrap it and in its place the entire exercise would be handed over to the NPR, which will not only provide Unique ID number to a person but also establish bonafide citizenship," sources said. However, the NPR exercise has its own “Demerits and Constitutional Issues” and they must be resolved first, warns Dalal.

Monday, June 9, 2014

Mandatory Or Effective Legal Framework For E-Governance Is Needed In India Says Praveen Dalal

E-governance cannot be attained till policy level changes are made in India. We have no dedicated e-governance law in India and some provisions pertaining to e-governance have been incorporated in the Information Technology Act, 2000 (IT Act 2000). However, these provisions are not only defective but they are grossly inadequate according to Praveen Dalal, Managing Partner of Perry4Law and the Leading Techno-Legal Expert of India.

Dalal believes that India needs to repeal the IT Act, 2000 and enact appropriate and dedicated laws pertaining to ecommerce, e-governance, cyber law, cyber security, cyber forensics, telegraph and other similar fields. Presently all these areas have been stuffed into a single law known as IT Act, 2000. This has resulted in lack of a specialised legal framework for all these fields.

Even the Department of Telecommunication (DoT) believes that the IT Act 2000 must be replaced by a more suitable law. This seems to be in conformity with the suggestions of Dalal regarding repeal of Telegraph and Cyber Law of India.

As far as e-governance is concerned, we have no legal framework that requires mandatory e-governance services in India. As a result Indian government departments have nothing to loose even if they deliberately fail to comply with e-governance requirements suggests Dalal. For instance, most of the e-governance projects of India under the national e-governance plan (NEGP) are still in the pipeline despite the deadline being passed long before. This is despite the fact that thousand of crores of public money has already been utilised for e-governance projects of India but without any constructive and practical results.

This is happening because although the IT Act 2000 carries provisions pertaining to e-governance services in India yet they are “non mandatory” in nature. This has resulted in a poor e-governance services delivery in India. Till now we have no legal framework that mandates that citizens and organisations can claim e-governance as a matter of right, informs Dalal. There are many reasons for the failure of e-governance projects of India and an effective, time bound and accountable implementation alone can make Indian e-governance initiative successful, suggests Dalal.

Further, the scope of NEGP is very wide covering almost all aspects of governance - right from delivery of services and provision of information to business process re-engineering within the different levels of government and its institutions. It is essential that NEGP is implemented, monitored and regulated through a legal framework so that it is no more just a plan but reality. For instance, access to justice for marginalised people in India cannot be a reality till e-courts and online dispute resolution (ODR) are suitably and urgently introduced in India. Till June 2014 we are still waiting for the establishment of first e-court in India.

According to Dalal while implementing the NEGP, various structural and institutional issues have already arisen which clearly call for a statutory mandate for their resolution. The purpose would be to give statutory mandate to the institutional entities, setting up of a separate fund, defining responsibilities and providing for time frames and oversight mechanisms. According to Perry4Law, this legislation may, inter alia, contain provisions regarding the following:

(a) Definition of e-governance in the Indian context, its objectives and role,

(b) Coordination and oversight mechanisms, support structures at various levels, their functions and responsibilities,

(c) Role, functions and responsibilities of government organisations at various levels,

(d) Mechanism for financial arrangements including public-private partnership,

(e) Specifying the requirements of a strategic control framework for e-government projects dealing with statutory and sovereign functions of the government,

(f) Responsibility for selection and adoption of standards and inter-operability framework,

(g) Framework for cyber security, privacy protection, data security and data protection etc,

(h) Parliamentary oversight mechanism, and

(i) Mechanism for co-ordination between government organisations at Union and State levels.

The “hands off model” regarding e-governance in India has proved to be a big failure and a mandatory e-governance legal framework alone can bring successful e-governance services in India in the absence of a transparent and accountable government system, opines Dalal.

Sunday, June 8, 2014

Mandatory E-Governance Services In India Are Urgently Needed

This is the updated article of my previous post about the need to have a mandatory e-governance legal framework in India. There are many reasons why e-governance in India has miserably failed. According to legal experts, the “hands off model” regarding e-governance in India has proved to be a big failure. They believe that a mandatory e-governance legal framework alone can bring successful e-governance services in India in the absence of a transparent and accountable government system.

Legal framework for mandatory e-governance services in India is long due. If we make e-governance service optional or discretionary, the whole purpose would be defeated. This is the reason why we need time bound and accountable e-governance based public services in India. Keeping this objective in mind, the central government formulated the draft electronic delivery of services bill 2011 (EDS Bill 2011). The EDS Bill 2011 intends to provide delivery of government services to all citizens by electronic means by phasing out of manual delivery of services delivered by the government including matters connected therewith or incidental thereto.

The Bill if made a law would require complete overhaul of the present e-governance infrastructure and services delivery mechanism of Indian government. However, the real problem with Indian e-governance initiative is that legal framework for mandatory electronic delivery of services in India is missing, says Praveen Dalal, Supreme Court lawyers and Managing Partner of India’s exclusive techno legal law firm Perry4Law.

Till now there was no provision under which citizens could ask for mandatory electronic delivery of services by the government. After the Bill becomes an enforceable law, the Indian Government may be under an obligation to mandatorily provide electronic services to its citizens, opines Dalal.

It is obvious that Indian e-governance services cannot be successful till there is a mandatory compliance requirement attached to them. Alternatively, the administrative system of Indian government must be streamlined so that they voluntarily adopt and implement e-governance projects that have been avoided so far.

Friday, June 6, 2014

Can Narendra Modi Government Ensure Privacy To Indians?

Privacy is a sacrosanct civil liberty that no nation can take it for granted. Yet most of the nations, including India, have been taking privacy for a ride. Till date we have no dedicated privacy law in India and this has made Indian citizens vulnerable to various forms of civil liberties violations in both online and offline worlds. To add further miseries to this situation we have draconian laws like telegraph and cyber law that deserve immediate repeal.

India’s love for e-surveillance is also well known. We have unconstitutional projects like central monitoring system and Netra that are operating in India without any procedural safeguards and parliamentary oversight. The latest to add to this list would be the national intelligence grid (Natgrid) project that has been taken up once again by Narendra Modi’s government. However, Natgrid project is a useful project as well provided it is made accountable to parliament of India.

Modi government needs to understand well the importance of civil liberties in cyberspace like privacy right, speech and expression right, etc. The government must also understand that privacy rights in the information era require a mature and well reasoned approach. It has to do what no other Indian government has done so far. Modi’s government would be required to formulate an e-surveillance policy of India that incorporate various issue in a holistic and comprehensive manner.

There is no doubt that big brother in India has been listening and watching for long but while doing so it must not exceed its limits. Unfortunately, the big brother has been transgressing upon all constitutional rights and procedural safeguards till now. Vodafone has also confirmed that governments across the world, including Indian government, have forced it and other telecom companies to install secret wires for e-surveillance purposes.

This is really unfortunate as our own government is violating our civil liberties that it was supposed to protect. According to privacy advocates, the digital life of Indian citizens is not at all safe and is open to various forms of e-surveillance and eavesdropping. In the absence of support form Indian Government, self defence is the only viable option left before Indian citizens to safeguard their digital lives. Let us hope that the Modi government would not force its citizens to adopt self defence measures.