Thursday, January 13, 2011

Data Security And Cyber Security Laws Needed In India

India is a country that urgently needs privacy laws, data protection laws, data security laws and cyber security laws. Presently, India has no dedicated privacy, data protection, data security and cyber security law. The main reason for absence of these laws is the growing anxiety of Indian government and its intelligence agencies towards e-surveillance. Unfortunately, Indian government has misunderstood that e-surveillance is a substitute for good cyber security and cyber forensics skills.

For instance, the dictate of India government to research in motion’s (RIM) Blackberry, Google’s G-Mail and voice over internet protocol (VOIP) provider Skype is a classic example of over emphasis upon e-surveillance.

In my personal opinion, these demands of Indian government from Blackberry, Google and Skype are unjustified and without any rationale and against common sense. Further, in the absence of a constitutionally valid lawful interception law in India, Google, Skype and Blackberry can legally refuse to disclose information regarding their users.

In this background we must analyse the privacy, cyber security, data protection and data security environment of India. The truth is that we do not have any sort of cyber security and data security in India. Further, with the ever growing e-surveillance in India, absence of cyber security, data security and privacy law becomes more dangerous.

Projects like Aadhar, Natgrid, CCTNS, etc require strong privacy laws and effective data security and data protection practices. In the absence of these procedural safeguards, it is advisable to scrap the most controversial and endemic e-surveillance project named Aadhar and authority named UIDAI.

For similar reasons the central monitoring system (CMS) project of India (CMS project of India) and use of cloud computing and SaaS services in governmental functions are also going to fail.

Indian Parliament must urgently enact laws regarding privacy, data and cyber security and data protection. In the absence of these crucial laws, we cannot trust our own government for projects like Aadhar, Natgrid, CCTNS, CMS, Cloud Computing, etc.

Now the bigger question is will the Parliament of India keep on ignoring its constitutional duties by abstaining from enacting suitable laws in this regard or would it wake up from its deep slumber and do some legislative functions? I would keep my figures crossed.