Sunday, January 30, 2011

Is Internet Under Potential Threat?

Internet is facing a growing threat from dictators and draconian nations. The recent example of shutting down the services by internet service providers (ISPs) in Egypt is the example of the former whereas the proposed “internet kill switch” legislation by America is the example of latter.

India is clinging in between these two situations as the sole cyber law of India, i.e. information technology act, 2000 (IT Act, 2000), empowers Indian government and its agencies to do what America is looking for.

Although the approach taken by Egypt would, most probably, not be taken by India as India cannot afford to have a “digital emergency” like its infamous national emergency of 1975. India, on the other hand is about to face the “self defence war” that civil liberty activists and other digital rights activists are bound to fight due to increasing interference of Indian government with constitutional rights of Indians.

For instance, till now India does not have a “Constitutionally Valid” Phone Tapping, E-Surveillance and Lawful Interception Law, informs Praveen Dalal a Supreme Court Lawyer and Leading Techno Legal Expert of India. The Executive Branch of Constitution of India has literally “Hijacked the Constitutional Safeguards” and this Era can be safely termed as an “Electronic Emergency” of India, says Dalal.

Surprisingly, this is happening right in front of and under the nose of our Prime Minister Dr. Manmohan Singh. It is surprising that the prime minister office (PMO) has not taken account of this situation till now. It is high time for PMO to ensure a constitutionally sound cyber law for India that respects constitutional safeguards.

Saturday, January 29, 2011

When Self Defence In Cyberspaces Ceases To Exist?

Self defence in cyberspace is a much needed capability that must be developed by not only a nation but also by its citizens. Nations are facing increasing threats of cyber espionage and cyber security breaches by cyber criminals and other nations. Similarly, citizens are under constant threats of unconstitutional privacy violations through e-surveillance, eavesdropping and electronic interceptions. Both nations and citizens must know the methods of self defence.

But the crucial question is what the dividing line is between self defence and cyber crime? Legally speaking, while using such self-help measures the property and rights of the general public, companies, government, etc should not be affected. It would also not be unreasonable to demand that such self-help measures should not themselves commit any illegal act or omission.

According to Praveen Dalal, a Supreme Court lawyer and leading techno legal expert of India, the Right of Self Defence ceases the moment it violates a “Constitutionally Sound Law”. It is not any law that ends Self Defence but a Constitutionally Valid Law alone that can restrict its applicability, suggests Dalal.

With a growing zest for getting greatest e-surveillance and interception powers, governments all over the world are enacting laws that are not constitutionally sound. Though ordinary citizens silently follow these laws, technical minds are at constant rebel.

Take the example of the recent distributed denial of service (DDoS) attacks on web sites of Visa, MasterCard, Amazon, and PayPal that severed ties with WikiLeaks. The group Anonymous, accused of the attack, claims that DDoS attacks are simply the digital equivalent of a protest or sit-in. They claim it to be a form of modern civil protest in cyberspace.

Whether Anonymous would be guilty for DDoS or not depends upon the fact whether they “exceeded their Constitutional Rights” and “Violated a Constitutionally Valid Law”, says Praveen Dalal. If they did exceed their “Constitutional Rights”, they would be held liable. If either they have not exceeded that limit or there is “no Constitutionally Valid Law” under which they could be booked, they are not liable, says Dalal.

In the Indian context, one such law that is definitely unconstitutional is information technology act, 2000 (IT Act, 2000) as it provides unregulated, unaccountable and unconstitutional e-surveillance, Internet censorship and website blocking powers to Indian government and its agencies. There are no procedural safeguards that can prevent civil liberties violations through misuse of such powers. In fact, phone tapping is already happening in India in an unconstitutional manner and the matter is pending before the Supreme Court of India. Let us see how Indian government would face self defence in Indian cyberspace and prove it an offence in India.

Draft RTI Rules 2010 Are Retrograde

Right to information (RTI) is an important right that empowers Indian citizens to fight corruption. With the passage of right to information act, 2005 (RTI Act 2005), a new era in the field of informational rights started in India. The RTI Act, 2005 resulted in bringing much transparency and assisting in the punishment of many offenders in India.

However, the need to make it more effective and strong was always felt. RTI Act, 2005 is managed by department of personnel and training (DoPT) that has recently introduced new draft rules in the RTI Act. The rules are known as Right to Information Rules, 2010.

However, according to experts and civil liberty activists like Praveen Dalal, the proposed rules are not strengthening the RTI Act, 2005. Instead, they are retrograde in nature and are diluting the right to information under the RTI Act. Of course, some provisions of the proposed Rules are worth considering, but in totality these Rules should not be adopted, opines Dalal.

India has a very poor track record of transparency and accountability. India is also facing the menace of corruption that is prevalent too much in governmental and private circles. Instead of reducing the corruption and bringing transparency and accountability, DoPT is further closing the doors to challenge the growing corruption in India.

Our Prime Minister Dr. Manmohan Singh is an honest and upright person. However, if regulations like the proposed rules are allowed to operate in India and he does not do anything to remedy the same, he is also vicariously liable for the acts or omissions of DoPT.

Wednesday, January 26, 2011

Google Coming Heavily Upon Splogs

A spam blog (Splog) is a blog whose primary purpose is to promote affiliated websites or to increase the search engine rankings of associated sites or to earn revenue through links and advertisements, etc.

The purpose of a Splog can also be to increase the rank of a page in Google search engine or to help in appearance of products or services at various search engines like Yahoo and Bing. These Splogs typically overburden the blog hosting platforms and make them less productive and efficient.

These Splogs also clog the search engines results pushing back the genuine and productive results at back pages. Go to any major search engine and you would come across useless search results. Even results unrelated to search term are found on first page of major search engines.

Google has taken an initiative in this regard and lots of blogs are now blocked for violating its terms of service. It is using automated bots to search for Splogs and also using users’ inputs to detect and block Splogs. Users typically flag a blog as Splog and after some flaggings Google takes the necessary action.

This is a welcome step on the part of Google as it would result in an overall improvement in the users’ services. To make the situation even better, Google must also target search engine optimisation (SEO), especially Blackhat SEO techniques. These techniques are even worst than Splogs as they force unreliable and unproductive results at the very first page of any search engine.

Finally, Google’s bots and team are also protecting users’ accounts so that they can be prevented from being misused. Any unusual activity happening at a Google account is immediately noticed and the account is blocked to prevent its abuse.

In exceptional cases, this may cause some inconvenience to genuine Bloggers as well as their account may be accidentally blocked, though finally restored back. But this is the price that we must be willing to bear if we need good and effective web services. Google keep it up with your good work.

Tuesday, January 25, 2011

Malicious Websites Are Posing Great Cyber Security Risks

You must have noticed that Google shows a warning in its search results immediately below some sites that these sites are infected with malware and they may harm your computer. Of all these infected websites some of them are infected by third parties without actual knowledge and consent of the owner of the site.

However, some sites are deliberately infected with malware so that secret and financial details can be acquired. Some infected sites are more interested in turning computers into bots so that they may be sold as a part of botnets. This trend is growing as more and more computers are found infected by companies around the world.

There are many ways to infect a computer system and malicious websites is one of the most effective methods of doing so, informs Praveen Dalal, CEO of exclusive cyber security research and training centre of India (CSRTCI). Malicious websites have been targeting innocent web users for long. By infecting a popular website or by deliberately making a website laden with customised malware, criminals are getting sensitive information, like bank accounts details, from innocent users, informs Dalal.

Projects like Metasploit have been providing useful information and tools for penetration testers, security researchers, and IDS signature developers. This project was created to provide information on exploit techniques and to create a functional knowledgebase for exploit developers and security professionals. The tools and information on this site are provided for legal security research and testing purposes only.

Website owners can test their websites through projects like Metasploit or similar projects. Surprisingly, most of governmental websites in India are vulnerable to cyber attacks and are not secure. Indian government must make its websites secure before these websites start turning Indian computers into bots.

Cyber Prankster Arrested In Karnataka

Sending threatening e-mail or hoax e-mails have become common in India. The latest to add to this list is a stock broker who sent as many as 15 hoax e-mails to blow up the Bombay Stock Exchange (BSE). He was later on arrested by the Mumbai Anti-Terrorism Squad (ATS) from his home town.

The accused has been booked under various sections of the Information Technology Act, 2000 (IT Act 2000) and has been handed over to the Mumbai police's cyber crime investigation cell.

On preliminary investigation it was found by ATS Chief, Rakesh Maria that the aim of these pranks e-mails was to force fall in prices of share so that he can invest further. To meet this objective he sent e-mails to BSE threatening to blow up the Dalal Street building in south Mumbai on January 24 or the day after Republic Day.

After the FIR was registered, the internet protocol (IP) address led the police to Shahbad and finally to the residence of the accused. He told the police that he had got the idea after watching news about hoax calls on television. He said that he created the ID a week before he sent the emails to BSE security officer S Dange.

India has neither a stringent law punishing prank calls nor its cyber law is stringent enough to tackle such nuisances. Almost all cyber crimes are bailable under the IT Act, 2000 and in cases like these the accused would be released on bail as a matter of right.

There is an urgent need to formulate suitable laws in this regard so that valuable time of police can be used for saving lives of those who are in need and actual danger.

Monday, January 24, 2011

Cyber Security Research And Development Needed In India

Cyber security is one of the aspects that India cannot ignore. In fact, it is so important that we must have a dedicated cyber security policy of India. This policy must outline the strategies regarding cyber security, its adoption and use and its growth and development in India.

Any good cyber security policy must have at least two components. These are adoption of good cyber security practices and further growth and development of cyber security capabilities. India is lax on both these counts.

Further, cyber security should not be confined to mere technical aspects of computer security. Cyber security is both technical as well as legal in nature. In other words, cyber security must be techno legal in nature. We have no legal framework for cyber security in India. Even our cyber law is a weak and ineffective legislation to deal with growing cyber crimes and cyber attacks.

We have a single techno legal cyber security research and training centre in India (CSRTCI). It is managed by Perry4Law Techno Legal Base (PTLB), the leading techno legal institution of India.

CSRTCI is providing techno legal research and training in the fields like cyber law, cyber security, cyber forensics, anti cyber espionage, anti cyber terrorism, anti cyber warfare, etc.

Online training is also provided by PTLB in various techno legal courses, including cyber security and cyber forensics.

India must develop research and development capabilities in cyber security field. Indian cyberspace is vulnerable to cyber crimes and cyber attacks. Website defacements, e-mail accounts cracking, cyber espionage by foreign countries, malware infection of crucial governmental computer networks, etc have already happened in Indian cyberspace. It is high time for us to take cyber security research and development in India seriously.

Sunday, January 23, 2011

Cyber Appellate Tribunal Of India Got A Website

Finally cyber appellate tribunal (CAT) of India got a website of its own. CAT is a very important tribunal that has not received enough attention of the stakeholders. This is evident from the number of cases referred to and decided by CAT so far.

CAT has been established under the information technology act, 2000 (IT Act, 2000) that is the sole cyber law of India. It is working under the aegis of Controller of Certifying Authorities (CCA).

There is a general lack of awareness about cyber law relates issues in India. People are not much aware of cyber law related issues and they seldom approach courts and tribunals for resolving their disputes.

Indian Government must pay more attention to CAT that has a very important role to perform, says Praveen Dalal, a Supreme Court Lawyer and leading Techno Legal and Cyber Law Expert of India. CAT is managing the “Apex Adjudicatory Function” under the IT Act, 2000 yet not much people and organisations are aware about it, says Dalal.

Even the lawyers and courts are not well versed with cyber law related cases. There are very few cases registered in India regarding cyber crimes despite a sharp rise of cyber crimes in India. Even lesser are conviction for cyber crimes in India.

With the launch of website, much information about CAT, its functions and powers, procedures, decisions, etc is available online. This is a good step in right direction and may be beginning of “Adjudicatory Regime” in India, says Dalal.

Cyber Appellate Tribunal (CAT) Of India

Cyber appellate tribunal (CAT) is one of the tribunals of India that is not very well heard. Not much people are aware that we have a CAT that adjudicates cyber related disputes in India.

CAT has been established under the information technology act, 2000 (IT Act, 2000) that is the sole cyber law of India. It is working under the aegis of Controller of Certifying Authorities (CCA).

However, the red tape policy of Indian government has not allowed it to be an effective cyber crimes redressal forum. CAT cannot effectively serve its purpose till we make it functional in every aspect. The manpower need training, the government needs to be serious, law enforcement must be aware about cyber crimes, etc.

Indian Government must pay more attention to CAT that has a very important role to perform, says Praveen Dalal, a Supreme Court Lawyer and leading Techno Legal and Cyber Law Expert of India. CAT is managing the “Apex Adjudicatory Function” under the IT Act, 2000 yet not much people and organisations are aware about it, says Dalal.

The problem is that our IT Act, 2000 is a piecemeal legislation that is trying to cover many aspects without much success. It would be better if we make a “Comprehensive Legislation” on each aspects covered under the IT Act, 2000 suggests Dalal.

In the absence of appropriate action on the part of ministry of communication and information technology (MCIT), it is the duty of prime minister’s office (PMO) to intervene and take appropriate steps towards making Indian cyber laws more effective and strong. Even CAT needs PMO’s immediate and urgent attention so that it can perform the crucial functions entrusted to it.

ODR In India: Will It Succeed?

Online dispute resolution in India (ODR in India) is in its infancy stage. Although it is much known in India yet when it comes to its actual implementation and use, India is slow in this regard.

The primary reason for this slow growth and adoption of ODR in India is lack of legal enablement of ICT systems in India. As a consequence, innovative methods like e-courts and ODR are still not introduced in the legal and judicial system of India.

Till the end of January 2011, India does not have even a single e-court and government supported ODR initiative. Of course, we have some private techno legal institutions like Perry4Law Techno Legal Base (PTLB) that are providing ODR services in India. PTLB is also managing the exclusive e-courts training and consultancy centre of India.

Law Minister Veerappa Moily has announced many good initiatives to bring legal and judicial reforms in India. However, their actual implementation is still missing. Law Ministry has announced national litigation policy of India (NLPI), amendments to arbitration law of India, legal education reforms, legal practitioners’ bill, etc.

Not only these initiatives have remained unfulfilled but also none of them carries provisions regarding ODR and e-courts. Naturally, ODR and e-courts have neither any legislative nor governmental backing.

Another crucial problem pertains to lack of international harmonisation in this regard. There is a lack of dialogue between Indian and international community that can convince India to use ODR and e-courts.

Even there is inadequate and improper representation of India at various international bodies and organisations like United Nations Commission on International Trade Law (UNCITRAL). Institutions like PTLB are not part of these international organisations and institutions and this make the case of adoption of ODR and e-courts in India very weak.

In these circumstances, it would be safe to conclude that India would not be able to have ODR and e-courts for another five years. After this period, ODR and e-court may find a place in Indian legal and judicial system.

Saturday, January 22, 2011

Law Ministry Of India Must Implement Its Projects

Law Minister Veerappa Moily has announced many crucial projects and plans. They are landmark in nature and if implemented would go a long way in bringing judicial reforms in India.

The only problem seems to be that Law Ministry is taking way too much time to implement these projects and plans. In the absence of actual implementation of these projects, they would just remain mere promises and nothing more.

For instance, our judicial system has come to a complete halt due to growing number of cases in India. The arrear of cases is increasing day after day. Although national litigation policy of India (NLPI) has been declared by Law Ministry, it has remained mere promise alone with no actual implementation.

Similarly, reforms in alternative dispute resolution (ADR) mechanisms of India are long overdue. Although reenactment of Arbitration and Conciliation Act, 1996 has long been suggested, there is no progress in this regard except a consultation paper by Law Ministry.

On the front of use of information technology for legal and judicial purposes in India as well Law Ministry is well behind the required initiatives. There is neither use of online dispute resolution (ODR) in India nor we have even a single e-court in India.

In fact, Law Minister Veerappa Moily has recently himself observed “I have seen enough for one-and-a-half years. This year is for implementation”. This shows the appreciation of difference between mere promises and their actual implementation.

Even on infrastructure front, Indian courts are in a dismal state. The Centre has allocated Rs 5000 crore for judicial reforms, of which Rs1000 crore will be used for enhancing the infrastructure in subordinate courts. Many undertrial prisoners were released recently as a policy decision taken by Law Ministry. This was the only positive step taken by Law Ministry of all declared promises.

Finally, there is an urgent need of good research and training institutes for training of judges, lawyers and police officers in India. Presently, we have a single techno legal research and training centre managed by Perry4Law Techno Legal Base (PTLB). Law Ministry must utilise the techno legal expertise of institutions like PTLB for its various projects and plans.

It is high time for Law Ministry to deliver results as mere promises would not improve the declining standards of legal and judicial system of India. With a statement from Law Minister himself, we could expect some actual results very soon.

Cyber Crimes In India Are Increasing Unchecked

Cyber crimes and contraventions are increasing at an alarming rate. What is more worrisome is the fact that neither the legal framework nor the law enforcement agencies of India are capable enough to curb growing cyber crimes. With adoption of 2G and 3G technologies, cyber crimes would also witness a great surge.

On the legal front we have a very weak cyber law of India. Information technology act, 2000 (IT Act 2000) is the sole cyber law of India that has expressly made almost all cyber crimes bailable. The intention behind this move is not yet known but this has made India a safe heaven for cyber criminals.

On the law enforcement front, our police forces are ill equipped and lack basic level training to deal with cyber crimes. When it comes to highly sophisticated technology crimes, they cannot at all solve such cases. Naturally, cyber crimes, white colour crimes, transnational crimes and economic crimes have increased drastically in India.

To a great extent ministry of communication and information technology (MCIT) is responsible for this mess. It has been taking anti national and anti consumers policy decisions. Even the cyber law of India was made impotent by introducing the information technology amendment act, 2008 (IT Act, 2008) by it despite stiff protests from legal experts.

However, equally responsible is the prime minister’s office (PMO) of India. Our Prime Minister Dr. Manmohan Singh never took pain to see how telecom related policies and laws are operating in India. In fact, PMO was made aware of these situations many times yet the political commitments never allowed it to take just and pro nation decisions.

Once again information regarding weak cyber law, defective telecom polices, harassment of consumers by telecom companies like Vodafone India, etc is available with the PMO. However, till now no sign has been shown by PMO that these maladies would be cured.

However, PMO has been actively taking interest in MCIT policy decisions and perhaps some days these crucial issues would also get its attention. But for the time being, Indian citizens have to bear with growing nuisance of cyber crimes in India.

National Intelligence Grid (Natgrid) Of India

Any project that is not properly planned is bound to fail. One such project is national intelligence grid (Natgrid) of India. Even after best of my efforts, I could not find relevant details about Natgrid project of India.

There is no background materials, policy documents, implementation and progress reports, etc. Most astonishing is that there is no website of the project. This is surprising because a project that has tremendous potentials of privacy and other civil liberties violations has been implemented, rather imposed, in the most secret or casual manner.

As I could gather from media reports, Natgrid project is a brain child of home minister Mr. P. Chidambaram. Clearly, he has been too much influenced by American and other developed countries models that are not at all suitable for India.

Natgrid project is headed by Captain Raghu Raman who is equally shy about sharing details, scope, applicability and implementation of this project. I also tried to search home ministry of India’s site but it returned no results in this regard.

Clearly, the entire scheme of Natgrid project is unconstitutional in nature. There are no procedural safeguards against the very possible misuse of this e-surveillance project. According to Praveen Dalal, Advocate at Supreme Court of India and Leading Techno Legal Expert of India, NATGRID Project is both “Essential as well as Controversial”. It is essential as it Safeguards the Security of India. It is Controversial because it does not provide “Adequate Safeguards” to prevent its abuse.

Natgrid is currently awaiting the approval of the Cabinet Committee on Security (CCS) of India. This is the only safeguard that is available against this endemic e-surveillance project of home ministry. CCS must not clear this project till stringent procedural safeguards are established before the launch of the project.

So what is Natgrid: a boon or bane? Natgrid is an essential requirement for robust and effective intelligence agencies and law enforcement functions in India. The only requirement is to ensure that its abuses can be anticipated, prevented and remedied, says Praveen Dalal. Let us hope CCS would consider all these aspects before giving a go ahead to this project.

Friday, January 21, 2011

Cyber Security For Banking Industry Of India

Banking industry is growing at a rapid rate. With its ever growing speed, it is also adopting technology driven banking model. More and more technology is inducted in banking and financial transactions in India in the form of ATM machines, credit and debit cards, online banking and internet banking, etc.

With the growing use of technology for banking business, technology driven crimes have also increased. This is partly due to the increasing penetration of internet and other technologies all over India and partly due to lax cyber law of India.

According to Praveen Dalal, a Supreme Court Lawyer and Leading Techno legal Expert of India, with an Extremely Weak Cyber Law of India, the only other option left to Banking Institutions is the use of Robust Cyber Security and other Techno Legal Measures.

Cyber security cannot be used by banking sector of India till it is systematically used by all the banks and financial institutions. For that a dedicated cell or wing must be established that can take care of issues pertaining to cyber law, cyber security, cyber forensics, etc.

Reserve Bank of India (RBI) has recently shown its intentions to adopt security measures for ATM machines. RBI may also issue guidelines regarding due diligence under Indian cyber law and other laws, cyber security and cyber forensics.

Banks would find it really difficult to ensure legal and regulatory compliances, especially cyber law related compliances, till steps in this regard are taken right now. It would be a good idea to start developing capabilities in this regard right now.

RBI Planning To Boost ATM Security In India

ATM fraud in India is not a new crime. It has been in existence for long. Even techno legal solutions for the same have been provided in this regard by techno legal experts for long. However, ATM frauds were not taken seriously by Indian government in general and reserve bank of India (RBI) in particular.

It is only recently that RBI took some pro active actions in this regard. RBI would soon ask banks to shift to chip-based ATM cards from the existing magnet strips ones and upgrade the currency vending machines. This was one of the original solutions provided by Praveen Dalal, a Supreme Court Lawyer and leading techno legal expert of India.

According to Praveen Dalal ATM frauds cannot be tackled successfully till we use techno legal measures. The technological mechanisms like Designated time, Microchip technology, Biometric tokens, Enhanced security, ATM Monitoring, Customised softwares, Customer motivation, Alerts, etc can be used to minimise and prevent ATM frauds in India, suggests Dalal.

In a welcome move, RBI has accepted some of the suggestions of Praveen Dalal, including using a chip-based ATM card. According to Dalal the banks should use cards containing a microchip that can make them harder to forge.

RBI has also decided to adopt widespread changes in the existing IT system of the Indian banking industry to make banking services more safe and secure. The apex bank has also suggested setting up separate cell on bank fraud in police departments.It has also suggested that for debit or credit card transactions at the POS (point of sale) terminals, PIN-based authorisation should be put in place instead of the signature-based system. The non-PIN based POS terminal would be withdrawn in a phased manner.

Thursday, January 20, 2011

UN Must Protect Human Rights In Cyberspace

If the world believes in human rights, it must start thinking towards its new form in this technological era. There is no reason why human rights in cyberspace must be given any lesser importance than its traditional offline counterpart.

After all human rights like right to speech and expression, right to information, right to know, privacy rights, etc are similar in an electronic environment. Even governmental intrusions are similar, rather easier, in an electronic environment.

The world community on Human Rights must start thinking in this direction as issues like Cyber Warfare, Cyber Terrorism, Cyber Espionage, Cyber Crimes, E-Surveillance, Unlawful Interceptions, etc are “Transnational” in nature, suggest Praveen Dalal, a Supreme Court Lawyer and founder of exclusive Centre for Protection of Human Rights in Cyberspace in India (HRPCI). If different countries would have different laws for these issues, it would be very difficult to truly enforce protective provisions against these menaces, says Dalal.

This is the reason why we must a “Harmonised Legal Framework” in this regard, preferably under the regime of United Nation’s Human Rights Organisation, suggests Dalal. The governments all over the world are engaging in illegal and unlawful phone tapping and interceptions. This is violating various human rights that must be addressed immediately by the international community, suggests Dalal.

India has its own share of human rights violating projects and authorities. For instance projects like Aadhar project/UID project, national intelligence grid (Natgrid), crime and criminal tracking network and systems (CCTNS), etc are some such projects. Similarly, the unique identification authority of India (UIDAI) is an example of unconstitutional authority that is violating human rights of Indians.

The present UN framework for Human Rights can be “Suitably Amended” to accommodate Human Rights in Cyberspace. Almost all the countries of the world are member of UN and this would extend Human Rights Protection in Cyberspace to their Citizens automatically, suggests Praveen Dalal. The call is for UN to take and the sooner it is taken by it the better it would for citizens’ world wide.

PMO Must Ensure A New Cyber Law For India

India took a good step in 2000 by enacting the information technology act, 2000 (IT Act 2000). It was a futuristic step in the field of law making in India. Since this was the first time India was enacting a full fledged technology law, some deficiencies were natural.

However, what is not natural is that these deficiencies must be kept in the law even after 10 years of its enactment. Even further worst is the fact that cyber law of India has been made cyber criminals friendly by making almost all the cyber crimes bailable.

For instance, if a person cracks your e-mail account or online banking account, the courts have to release him on bail as a matter of right. He cannot be put in jail and he would go free even after committing the offence of cracking (read hacking) in India. This equally applies to almost all other cyber crimes that can be committed against you.

Somewhere in 2006 the process of amending the IT Act 2000 started. But the very purpose and foundation of such amendments was based upon industrial lobbying and exonerating the multi national e-commerce companies from the punishments under the IT Act, 2000.

This exercise cumulated into the information technology amendment act 2008 (IT Act 2008) that was finally made enforceable in 2009. From here started the real problem because it is this amendment that made almost all cyber crimes and contraventions bailable.

Another drawback of IT Act 2008 is that it gave illegal and unconstitutional e-surveillance, e-interceptions and snooping powers without procedural safeguards and guidelines. Civil liberties like right to speech and expression, right to privacy, etc have been totally violated without due process in India.

In fact, till now India does not have a “Constitutionally Valid” Phone Tapping, E-Surveillance and Lawful Interception Law, informs Praveen Dalal a Supreme Court Lawyer and Leading Techno Legal Expert of India. The Executive Branch of Constitution of India has literally “Hijacked the Constitutional Safeguards” and this Era can be safely termed as an “Electronic Emergency” of India, laments Dalal.

After the 2G scam prime minister of India Dr. Manmohan Singh has started taking interest in ministry of communication and information technology (MCIT). However, he must also make it sure that the present cyber law of India is cured from the ailments of industrial lobbying and e-surveillance. He must direct the MCIT to urgently draft a new, better and comprehensive cyber law for India. Let us hope for the best in this regard.

Finally PMO Is Taking Interest In Technological Issues

Technology related issues were kept out of the scrutiny of prime minister’s office for many years. However, after 2G scam it became imperative to have regular and better PMO scrutiny. Now almost all the decisions are referred to PMO and its opinion is sought for those decisions.

The PMO recently directed the department of telecom (DoT) to examine whether 2G licences issued to Etisalat DB and other new players should be cancelled because of security concerns.

Similarly, in a communiqué to the PMO, DoT has proposed the imposition of a penalty between Rs 1 lakh and Rs 2 crore for breaches under different sections of the Indian Telegraph Act, 1885.

Now the Prime Minister Dr. Manmohan Singh has launched nation-wide mobile number portability (MNP), a service that allows subscribers to change service provider while retaining the number. This may be a beginning of consumer friendly telecom policies in India that was absent till now.

However, one area that is still not touched by PMO pertains to cyber law. There is an urgent need to enact effective and strong cyber laws in India. The present information technology act 2000 (IT Act 2000) is a very weak and cyber criminals friendly legislation.

Another related area pertains to legal enablement of ICT systems in India. This has resulted in a complete failure of use of ICT for legal and judicial purposes in India. Even almost all the e-governance projects of ministry of communication and information technology (MCIT) have failed in the absence of accountability and time bound performance. It would be a good idea if PMO also considers these issues on a priority basis.

Cloud Computing Regulations In India Missing

Cloud computing has been in news in India. The obvious benefits of cloud computing are very vigorously propagated by cloud computing vendors and India is seen as a huge market for cloud computing.

Even India government is also interested in using cloud computing for delivery of its digital services. However, what is not obvious is the fact that Indian government, intelligence agencies of India, law enforcement agencies of India, etc are interested in cloud computing for a reason not very much known in Indian circles.

Cloud computing is a very good platform for e-surveillance, snooping and interceptions, both lawful and unlawful. This is more so when India does not have dedicated privacy laws, data protection laws and data security laws. Even research in motion (RIM) has arranged for an architecture that allows Indian intelligence agencies to snoop upon blackberry messenger services at will and in real time.

So from any angle cloud computing is a risky business for civil liberty activists in general and those in believing privacy rights in particular. Add to this scenario the fact that in India phone tapping is done under a colonial law called Indian telegraph act that is definitely not a constitutionally sound law. Further, there is no judicial scrutiny while either tapping a phone in India or engaging in e-surveillance or engaging in various interceptions activities.

This practically means that intelligence agencies and law enforcement agencies in India can simply pull your private information by approaching the cloud computing vendor. There would not be any privacy safeguards nor would any judicial order be required.

India is turning into an endemic e-surveillance society. It is high time Indian Parliament must enact effective laws regarding privacy, data protection, data security and cyber security. Further, before cloud computing is implemented in India, there is a dire need of effective cloud computing regulatory framework that is presently missing.

Legal Enablement Of ICT Systems In India Is Missing

One of the biggest drawbacks of Indian e-governance initiatives is absence of legal enablement of ICT systems in India. This is one of the main reasons why almost all the mission mode projects (MMPs) under the national e-governance plan (NEGP) of India have failed to materialise.

Another drawback pertains to lack of will and expertise to implement these MMPs. India is not willing to improve its digital delivery of governmental services and upgrade its e-readiness. All India is doing is announcing various projects under NEGP without actually implementing and successfully completing the same.

The problem is that India has no mandatory legal requirements under which the citizens can claim e-services as a matter of right. Neither the information technology act 2000 nor any other law allows an action against government or its agencies in case of failure to achieve a time bound performance or failure to provide e-services.

Interestingly, digital preservation and digitilisation of records is also absent even if right to information act 2005 mandates doing so. However, in the absence of legal enablement of ICT systems in India, nothing is moving in the right direction.

As a result the objectives of transparency, eradication of corruption, time bound results, etc have failed to materialise. Even on the legal and judicial fronts, technology has failed to find a place. We do not have even a single e-court in India. Further, our legal system and arbitration law does not use innovative methods like online dispute resolution (ODR) and e-courts.

Te problem lies at the policy level. For instance, even the national litigation policy of India (NLPI) is silent about e-courts establishment and use of ODR within a fixed period of time. All these factors have resulted in a complete denial of legal enablement of ICT systems in India and corresponding e-delivery of services to Indian citizens.

The Privacy Nightmare Of India

One of the most unique feature of governance by Indian government is that while government keeps even it’s public and basic level communications a “secret”, it plays with even the most intimate and private aspects of its citizens openly and without any legal framework.

There is no reason why we have official secrets act, Indian telegraph act and other similar draconian colonial law on our statute books. Still even if a person exercises his right to information under the Indian right to information act, 2005, the government is quick enough to find one excuse or other to deny the information.

I recall a recent episode where even the most basic information regarding the number of phone taps in India was denied by Home Ministry of India on the extraneous grounds. Yet when it comes to issues like phone tapping, e-surveillance, interceptions of communications, all of them are done without any constitutionally sound law in this regard.

Phone tapping is done unconstitutionally under the Indian telegraph act. There are no practical safeguards that are actually followed by Home Ministry in this regard. Even a court warrant is not obtained before tapping any phone in India.

Similarly, Indian government made the sole cyber law of India e-surveillance legislation by enacting provisions that provide absolute e-surveillance powers to Indian government and its agencies but without any procedural safeguards for their abuse. So much so that even rules required to be framed for the same have been deliberately kept in abeyance by Indian government.

Realising that interceptions and snooping is financially viable, even private individuals and organisations are openly doing the same for professional charges. Even department of telecommunications (DoT) India is aware of this practice. Although DoT has issued a notification banning such practice yet does it have a right to ask for same when its own house in not clear and in constitutional order.

The only solution to this privacy assassination by Indian government seems to be technology. However, Indian government is not even happy if we use technologies like encryption to safeguard our privacy. Blackberry, Google and Skype have been threatened by Indian government to part away with their encryption keys and give Indian government and their agencies a backdoor access to the same.

These companies may or may not provide a backdoor to Indian government but nothing is safer if we use open source encryption and other security mechanisms to ward away illegal and unconstitutional e-surveillance and phone tapping in India. After all self help and self defence are the most viable solutions in the absence of any desire on the part of Indian executive and parliament to protect our privacy rights in India.

Tuesday, January 18, 2011

MCIT Must Be Put Under Direct Control Of PMO

The decision of department of telecommunications (DoT) to use Aadhar numbers issued by the unique identification authority of India (UIDAI) as proof of identity and proof of address for getting new mobile connections is once again without much deliberations and planning.

According to DoT notification numbered 800-29/2010-VAS dated 14-01-2011 Aadhar number has been allowed to be used for abovementioned purposes. According to the notification the Aadhaar number shall be taken as valid proof of identity (PoI) and proof of address (PoA) after details of identity and address are confirmed through Aadhaar authentication procedure. After implementation of the Aadhaar authentication procedure, it can be used as valid PoI and PoA in Jammu & Kashmir, Assam and north-east service areas also.

This notification is absurd to say the least. Neither Aadhar project/UID project nor UIDAI are governed by any legal framework. They are operating without any law and Parliamentary oversight. According to Praveen Dalal, a Supreme Court Lawyer and leading techno legal expert of India, even after the National Identification Authority of India Bill 2010 (Bill), both Aadhar project and UIDAI would remain “Unconstitutional”.

In this background, DoT India must analyse it decision. DoT is supporting a project that has no legal significance and endorsing a number that has no legal sanction. In fact, government of India is imposing Aadhar project upon Indian citizens piece by piece and through a backdoor. It is making Aadhar “mandatory” through dubious means and arm twisting techniques.

It is high time for the Prime Minister of India Dr. Manmohan Singh to intervene before it is too late. Further, the prime minister’s office (PMO) must also put ministry of communication and information technology (MCIT) directly under its control to avoid future scams and controversies.

The cabinet reshuffle is expected very soon and it would be a good idea if PMO reserves MCIT under its own control rather than allotting it to some Minister.

DOT India Is Committing Another Blunder

Department of telecommunications (DoT) has been taking wrong and anti national decisions for long. Whether it is 2G scam, defective and anti users’ telecom policies, supporting illegal telemarketing practices or paying too much attention to industrial lobbying, DoT is in limelight for all wrong reasons.

The latest to add to this list is the use of Aadhar number issued by the unique identification authority of India (UIDAI) as proof of identity and proof of address for getting new mobile connections. According to DoT notification numbered 800-29/2010-VAS dated 14-01-2011 Aadhar number has been allowed to be used for abovementioned purposes.

This step is an attempt on the part of DoT to push a document that has no legal sanctity. It is surprising to see that mobile subscribers who have submitted documents that have proven legal sanctity at the time of getting connections are now forced to resubmit the same in the name of reverification. This was the main reason why legal notice has been served upon Vodafone India and a consumer complaint filed against it.

The entire exercise seems to be to primarily guided by e-surveillance requirements of Indian government rather than any genuine national security interest. There is no justification to allow Aadhar number as a valid document when even the Aadhar project and UIDAI are unconstitutional and illegal project and authority respectively.

Surprisingly, DoT has not taken action against the mobile companies who have lost and dumped the documents submitted by users at the time of getting their connections. Instead, it is harassing genuine and law abiding users with repeated reverification requirements. Now with this latest notification, DoT has openly shown its intention to support an unconstitutional project like Aadhar in an illegal manner.

Minister of communication and information technology Mr. Kapil Sibal is himself a lawyer and he must be well aware of the far reaching consequences of this notification. If he is still supporting Aadhar number for mobile connections verification and reverification purposes, nothing can be more unfortunate for DoT.

Mr. Sibal India needs a consumer friendly telecom policy and not anti consumer policies. If this is the way telecom policy related issues are dealt with at DoT, it is better if we do not formulate the new telecom policy as it would be worst than its predecessor policy.

Monday, January 17, 2011

E-Readiness Of India In Poor Shape

E-readiness shows the ability and willingness of any government to utilise information and communication technologies (ICT) for the development of its economy and to ensure welfare of its citizens. E-readiness also shows the commitment of any government to fight against corruption and red tappism by bringing transparency and accountability through use of ICT.

E-readiness of India has never been good enough to make any mark. On the contrary it has been declining and degrading in India with an ever growing corruption in India. To make the matter worst excessive bureaucratisation and red tappism has also kept at bay citizen’s oriented services in India.

India’s ranking for e-readiness has been declining year after year. For instance, India ranked 53rd in 2006, 54th in 2007, 54th in 2008 and 58th in 2009. As can be seen from these rankings, Indian e-readiness is declining despite spending crores of public money.

Another closely related issue pertains to digital delivery of services in India. Unfortunately, digital delivery of services has no meaning and significance in India as they are purely discretionary and not mandatory.

Even after ten years of enactment of information technology act, 2000, Indian government is not confident that it can deliver electronic services. The embargo on mandatory delivery of services is still present in the Act and none can claims as a matter of right e-governance and electronic delivery of services in India.

This shows why Indian e-readiness and electronic delivery of services is in bad shape. Neither there is a legislative compulsion in this regard nor there is an intention on the part of Indian parliament to enact suitable law in this regard. India claims itself to be a super power in ICT field but when it comes to delivering electronic services to its own citizens, it stands nowhere.

Digital Delivery Of Services in India Are Missing

It has been more than 10 years since the information technology act, 2000 (IT Act 2000) has been enacted. The primary purpose of IT Act 2000 was to encourage e-governance and e-commerce in India. Some cyber crimes were also included in the Act to curb growing menace of cyber crimes.

However, even after 10 years of its enactment, IT Act 2000 failed to achieve any of its purpose. We do not have effective e-commerce utilisation in India, we lack effective e-governance services in India, cyber law of India has become cyber criminal’s friendly as it has made almost all the cyber crimes bailable and so on.

The problem is that India does not have a mandatory law that imposes an obligation upon Indian government to use e-governance and information technology for governmental purposes. On the contrary the IT Act 2000 expressly states that none would have a right to claim electronic and digitial services from Indian government.

Under pressure of industrial lobbying, ministry of communication and information technology (MCIT) has compromised India’s position on all the above aspects. Even matters like cyber security, cyber forensics, good telecom policies, etc have been totally neglected.

It seems our Prime Minister Mr. Manmohan Singh has given too much leverage and freedom to MCIT. It is high time for the prime minister’s office (PMO) to keep a close watch upon MCIT, especially regarding its legislative and policy making roles.

Sunday, January 16, 2011

Income Tax Department Of India And Cyber Forensics Trainings

Of late, I have come across lots of news where income tax (IT) department of India has shown its willingness to use and adopt latest technologies and innovative methods. Whether it is e-filing or use of cyber forensics for resolving tax related offences, IT department is all set to give its best shot. The creation of directorate of criminal investigation (DCI) within the department is the latest proposal of IT department.

If we leave aside the constitutionality aspect of DCI for the time being, another issue that remains unresolved is the development of cyber forensics capabilities among the IT department in general and DCI and its officers in particular.

India has been negligent regarding enacting good and effective cyber laws and cyber forensics laws. In the name of lawmaking it is adopting a piecemeal approach. The sole cyber law of India is contained in the information technology act, 2000 (IT Act 2000) that is at best a piecemeal legislation. The present cyber law of India must also be repealed and it must be substituted with a new and better cyber law.

Similarly, there is no awareness regarding use of cyber forensics in Indian legal and judicial system. Cyber forensics is also not used in our governmental purposes. The main reason for this non use of cyber forensics is that India lacks good and effective cyber forensics capabilities. India has a single techno legal cyber forensics research and training centre (CFRTCI) managed by Perry4Law.

Further, on the front of techno legal cyber forensics training and education as well, we have a single cyber forensics training and education centre managed by Perry4Law Techno Legal Base (PTLB). This e-learning and online platform provides trainings and education in the fields of cyber law, cyber security, cyber forensics, malware analysis, e-courts, etc. It is also the exclusive repository for cyber security and cyber forensics tools and software in India. It is also providing best practices for cyber security, cyber forensics, etc.

Finally, DCI would also be required to tackle the data security cyber security issues. Data and information collected by DCI must be tamper proof and immuned from leakages and cyber crimes. Good and effective cyber security must be put at place to keep the sensitive and secret data out of the reach of cyber criminals.

Finance Minister Pranab Mukherjee must ensure all these requirements before DCI is finally launched. Even otherwise there is no harm in developing good cyber law knowledge and effective cyber forensics capabilities among the revenue officers.

Income Tax Directorate Of Criminal Investigation Of India

The income tax department (ITD) of India is planning to revamp its tax collection mechanism. Among other crucial initiatives, there is also a proposal to create a directorate of criminal investigation (DCI).

The directorate will maintain a centralised repository of data collected from telephone and Internet intercepts, banking and market transactions, cross-border deals, ATM transactions, etc. The department will also develop cyber forensics capabilities and obtain latest forensics tools.

It seems the directorate would analyse inputs in real time as well as coordinate and share information with other intelligence agencies. Naturally, directorate would act in coordination with other projects like national intelligence grid (Natgrid), unique identification project of India (UID project) or Aadhar project of India, crime and criminal tracking network and systems (CCTNS) project of India (CCTNS Project), etc.

The initiative though praiseworthy has many problems of its own says techno legal experts. There is great possibility of misuse of the intelligence information gathered with the help of such an agency, informs Praveen Dalal, a Supreme Court Advocate and leading Cyber Forensics Expert of India. India has no dedicated Privacy Laws, Data Protection Laws and Data Security Laws and in the absence of such laws DCI should not be established at all, suggests Dalal.

India is already facing lots of troubles for similar projects like Aadhar, Natgrid, CCTNS, etc where in the absence of relevant laws these projects have become unconstitutional. For some strange reasons Indian Parliament has shown a grave indifference towards these crucial laws. Instead of making comprehensive laws in this regard, either India is managing various projects without any law or with the draconian and colonial laws like Indian Telegraph Act, 1885.

Another area of concern that DCI must resolve is regarding a constitutionally sound lawful interception and phone tapping law in India. Presently, phone tapping in India is “Unconstitutionally Performed” and India urgently needs a Lawful Interception Law, suggests Praveen Dalal.

The DCI in general and Finance Minister Pranab Mukherjee in particular must resolve these issues before imposing another unconstitutional authority named DCI. We are already bearing with an unconstitutional authority like UIDAI and DCI should not be a part of this unconstitutional race of Indian government.

Lawful Interception Law Is Needed In India Opines Praveen Dalal

Despite being a democracy, we do not have a lawful interception law in India. Despite being a democratic country, our Parliamentary democracy is in serious jeopardy. Despite having separation of powers under the Constitution of India, the same has faded away and lost its significance these days. It is very difficult to accept that we have separation of powers in India any more. This is so because the legislative function of Parliament of India has almost lost its purpose and significance these days.

According to Praveen Dalal, a Supreme Court Lawyer and leading Techno Legal Expert of India, India is the only country of the World where phone tapping is done without a Court Warrant and by Executive Branch of the Constitution of India. Phone tapping in India is “Unconstitutional” and the Parliament of India has not thought it fit to enact a “Constitutionally Sound Law” in this regard. Even the Supreme Court’s directions in PUCL case have proved futile and presently the Court is dealing with the issue once more, informs Dalal.

In the meantime, department of telecommunications (DoT) India seems to have accepted some of the suggestions of Praveen Dalal. DoT has proposed a penalty of up to Rs. 2 crore on unlawful tapping, as against just Rs. 500 at present, under different sections of the Indian Telegraph Act, 1885. For breach of Section 26 of the Act, which prohibits telegraph officers or other officials from making away with or altering, unlawfully intercepting or disclosing messages, or divulging the purport of signals, the maximum penalty has been proposed.

The proposed amendment to the Indian Telegraph Act is likely to be tabled in Parliament soon. Amendments to the Indian Telegraph Rules for electronic surveillance and collection of call data records (CDRs) have also been proposed. A decision is likely to be taken on these amendments very soon.

Although this is a welcome step in the right direction yet it is more like a “Knee Jerk Reaction” and a “Piecemeal Work” on the part of DOT. We do not need piecemeal acts at this stage but a “Comprehensive Lawful Interception Law” in India, suggest Praveen Dalal. Presently, DOT decision is Piecemeal as has been done in case of other technology laws like Cyber Law of India that made it a Cyber Criminal’s Friendly Legislation.

A similar exercise was undertaken in the year 2008 regarding information technology act, 2000. With the passing of the information technology amendment act 2008, India became a safe heaven for cyber criminals. Even now DoT is planning rules under the IT Act 2000 that is again a piecemeal effort.

India needs a comprehensive lawful interception law, effective and strong cyber law, better telecom policies, good legal framework for law enforcement and intelligence agencies and many more crucial legislations. India in general and DoT India in particular should at all cost avoid knee jerk and piece meal efforts that it/they is presently engaging in.

Has Indian Criminal Justice System Collapsed?

Recently a Bench of justices Aftab Alam and R M Lodha observed that criminal justice system of India is not working properly. The Supreme Court recommended urgent steps to stem the rot in the Indian criminal justice system.

The Court also recommended that the criminal cases relating to offences against the State, corruption, dowry death, domestic violence, sexual assault, financial fraud and cyber crimes are fast-tracked and decided in a fixed time frame, preferably, within three years.

This suggestion seems to be in line with the national litigation policy of India (NLPI) that has recommended a time frame of three years to dispose of any case. However, NLPI and other governmental polices are lacking upon at least two of the aspects mentioned in the recent observation of Supreme Court.

Firstly, neither the present legal and judicial system of India nor the NLPI are technology friendly and technology compliant. For instance, we do not have good video conferencing facilities in India. Similarly, till the month of January 2011 we are still waiting for the establishment of first e-courts of India. Further, India is also not interested in developing and using online dispute resolution (ODR).

The Supreme Court observed that the criminal trials in India are protracted because of non-appearance of official witnesses on time and the non-availability of the facilities for recording evidence by video conferencing. The courts remain over-burdened with the briefs listed on the day and they do not have adequate infrastructure. It is high time for law minister Veerappa Moily to consider establishment of e-courts in India and use of ODR for effective and alternative dispute resolution (ADR) in India.

The Supreme Court also suggested that it is high time that immediate and urgent steps are taken in amending the procedural and other laws to achieve the above objectives. Surprisingly, instead of making the cyber law of India stronger, Indian government made it cyber criminals friendly due to pressure of industrial lobbying. The truth is that we need a new and better cyber law to deal with growing nuisance of cyber crimes in India.

The present information technology act 2000 is a piecemeal legislation that is serving the purpose of IT industries and limited segments of Indian government. It is not at all in the Interest of India. In fact, it is going against the interests of India by making almost all the cyber crimes bailable. It has made India a safe heaven for cyber criminals. There is an urgent need that a new cyber law must be enacted in India.

The Supreme Court also reiterated the need of good and effective techno legal trainings for law enforcement agencies of India. The Supreme Court observed that the investigators hardly have professional orientation. They do not have modern tools. Let us hope law ministry of India in general and Indian government in particular would consider these recommendations and act in the larger interest of India.

Saturday, January 15, 2011

Indian Crime And Criminal Tracking Network And Systems (CCTNS)

Crime and Criminal Tracking Network and Systems (CCTNS) Project of India (CCTNS Project) is a very ambitious project of Indian government. It intends to connect all the police stations of India so that information sharing can happen on a real time basis. Further, it also intends to automate the law enforcement functions so that efficiency and transparency can be achieved. In short, it is the biggest leap in the direction of modernisation of law enforcement of India.

Modernisation is not just installing computers and other information and communication technology (ICT). According to experts of India modernisation means a complete overhaul of the legal framework as well as intelligence gathering techniques. Similarly, there is also an urgent need to establish a good legal framework for lawful interception in India.

Presently, phone tapping and interception of communications in India are “Unconstitutional” as they are not strictly in accordance with the provisions of Constitution of India. We need a dedicated Lawful Interception Law in India in this regard, says Praveen Dalal a Supreme Court Lawyer and leading techno legal expert of India.

It seems Parliament of India is not fulfilling its constitutional duties. It is shying away from legislating crucial and mandatory laws regarding privacy, data protection, data security, law enforcement agencies and intelligence agencies, etc. Even worst is the fact that Indian government is relying upon draconian colonial laws to suppress the civil liberties of Indians.

The CCTNS project is a very important project and it should not be failed for the mere reason that we have no procedural safeguards against its misuse. Presently, Parliament of India is acting if there is no separation of powers between executive, legislature and judiciary. It is high time for Parliament of India to enact suitable laws in this regard by actually doing legislative business and keeping the “parliamentary democracy” alive in India.

Cyber Security Policy Is Needed In India

India has been ignoring for long many policies related issues. Some of the most important policies and strategies are missing in India. For instance, we do not have national ICT policy in India. We also do not have a user friendly telecom policy in India. We do not have cyber forensics policy in India and most importantly we do not have a cyber security policy in India.

What I mean by policy is a well planned and actually implemented strategy. Merely saying that a policy of a particular field has been formulated does not make it a policy. Unfortunately India is just making policies on papers alone with no actual implementation.

The telecom policy of India is highly defective and is the main reason for corruption charges in the 2G scam. We also do not have a national IPv6 policy for India. With the gradual shift from IPv4 to IPv6 world over, India is not at all prepared in this regard.

As far as cyber security is concerned, India is least bothered in this regard. Whether it is cracking of crucial governmental computer systems, attack at the critical infrastructure of India, cyber security of defence forces of India, absence of cyber forensics expertise of law enforcement agencies of India, etc India is least bothered.

Even we have no well adopted crisis management plan in this regard that is nationally implemented. To make the matter worst, we have a cyber criminal’s friendly cyber law in India. The information technology act, 2000 is the sole cyber law of India that is useless regarding cyber law, cyber forensics and cyber security related issues.

The real problem is that Indian government and its intelligence and law enforcement agencies believe that e-surveillance is a substitute for cyber security and cyber forensics capabilities. Thus, instead of developing cyber forensics and cyber security capabilities, they are forcing a weaker cyber security regime upon India that can be snooped by them with their limited capabilities. The security and law enforcement issues related to the adoption of IPv6 norms would also face similar consequences.

It is high time for India to enact a robust and effective cyber security policy in general and national ICT policy in particular.

India Is Not Ready For M-Governance And Cloud Computing

Words like e-governance, m-governance, cloud computing, etc are glamorous enough to draw attention of any person or institution. However, their true meaning and actual applicability is an altogether different ball game. In India although much has been talked about e-governance, m-governance and cloud computing yet when it comes to their actual implementation India stands nowhere.

India does not have any infrastructure, legal framework, policies and strategies and most importantly expertise to implement these ambitious projects. The talks of using m-governance and cloud computing by Indian government are nothing but a big joke.

For instance we have no legal framework for mandatory electronic services and m-governance in India. Still Indian government is over enthusiastic about using m-governance. Similarly, we do not have any legal framework for privacy protection, data protection and data security in India. This makes the use of software as a service (SaaS) and cloud computing highly vulnerable, unsafe and unreliable.

The real problem is that India does not have any dedicated Privacy Law, Data Protection Law and Legal Enablement of M-Governance in India informs Praveen Dalal, a Supreme Court Lawyer and leading Techno Legal expert of India. With the proposed use of Cloud Computing, Software as a Service (SaaS) and M-Governance by Indian Government, more “Privacy Violations”, “Cyber Security” and many more “Regulatory Issues” would arise in future. These “Initiatives” cannot succeed in India in the absence of adequate and strong Laws in this regard, informs Dalal.

It is obvious that the present legal and regulatory regime of India is not compatible and conducive for cloud computing services, e-governance and m-governance in India and India is still not ready for these initiatives. If India still believes in self regulation in these crucial fields, nothing can be more suitable as a corruption breeding ground than these initiatives.

Regulatory Framework For M-Governance In India

Indian government is planning to adopt and use mobile governance (m-governance) for governmental purposes. This is a good decision but like other projects is unsupported by capacity building and necessary legal, regulatory and information technology infrastructure.

One of the main reasons for failure of e-governance in India is absence of accountability, lack of transparency and no time bound performance. Take the example of e-courts in India. Till the month of January 2011 we are still waiting for the establishment of first e-court in India. Even the national litigation policy of India (NLPI) failed to consider information technology for legal and judicial purposes in India.

Another key issue regarding e-governance and m-governance is absence of any legal framework for mandatory electronic delivery of services in India (MEDSI). The real problem with Indian E-Governance and M-Governance initiatives is that Legal Framework for Mandatory Electronic Delivery of Services in India is missing, says Praveen Dalal, Supreme Court lawyers and Managing Partner of India’s exclusive techno legal law firm Perry4Law. There is no effective Legal Enablement of ICT Systems in India and even the Information Technology Act, 2000 is “Non-Mandatory” regarding E-Governance and M-Governance in India, informs Praveen Dalal.

India has a poor track record of launching projects like Aadhar, Natgrid, CCTNS, etc and authorities like UIDAI without any proper planning and strategy. Even legal frameworks for these projects/authorities are missing.

Let us hope that India would learn from the failures of these projects and would make proper planning, policies and legal framework for m-governance in India before launching the same in bewilderment.

Friday, January 14, 2011

MCIT India Needs Overhaul And PMO Scrutiny

Ministry of communication and information technology (MCIT) is one of the most important ministries of Indian government. It consists of department of information technology (DIT), department of telecommunications (DoT) and department of posts (DoP).

Some of the areas that it governs include cyber law, cyber security, e-governance, e-commerce, telecom policies and strategies, spectrum allocation and management, telecom security, e-surveillance, etc.

As can be seen from this partial list, the functions of MCIT are of prime national importance and they deserve the scrutiny of prime minister’s office (PMO). Of course, every ministry/department deserves autonomy and independence so that it can run properly. However, non accountability, lack of transparency and defective policies and decisions can never be considered to be autonomy.

Of late, this is exactly what is happening in the name of autonomy. There is an urgent need that PMO must interfere and seek answers and provide direction to MCIT that is directionless presently.

For instance, we have a criminal friendly cyber law, no cyber security, missing cyber forensics capabilities, failed e-governance projects, surge in endemic e-surveillance activities, bad and anti Indian telecom policies, absence of telecom security, privacy violations through telemarketing, lack of data security and data protection laws, etc.

These are some of the examples that deserve immediate attention of our Prime Minister Dr. Manmohan Singh. Even the Supreme Court does not seem to be happy with the MCIT and on one occasion or other notices are issued to it asking for explanations and answers.

In the present political turmoil and busy schedule of Indian government in general and PMO in particular, this demand of PMO scrutiny may not find favour. However, sooner or later this exercise must be done in the larger interest of India.

Thursday, January 13, 2011

India Needs Consumer Friendly Telecom Policy

One of the major problems with the present telecom policy of India is that it is anti consumer in nature. For instance, there are no regulations of telemarketing in India. Telemarketing companies are targeting Indian telecom consumer with all sorts of calls and schemes and department of telecommunications (DoT) India and telecom regulatory authority of India (TRAI) are doing nothing in this regard.

Clearly telemarketing lobby is playing with the telecom policies of India otherwise there is no reason why consumers should not be given the amount of fines and penalties imposed upon telemarketing companies. Instead, these fines are collected by the telecom companies that obviously are interested in promoting more telemarketing products and services.

Further, there is no effective mechanism through which telecom disputes of consumers can be effectively handled in India. Even the consumer protection law of India needs a fine tune keeping in mind the telecom disputes. A recent consumer complaint filed against Vodafone India may begin a new consumer dispute resolution regime in India.

Another area of concern is that there is no privacy law and data protection laws in India. Essential and private details of telecom consumers are openly available for sale in the markets. Telemarketing companies purchase this information and use the same without any fear of punishment as there are no deterrent rules or regulations in this regard.

If this is not enough, we have the unconstitutional Aadhar project of India in pipeline. Under the project biometric details of Indian residents would be collected without any legal framework. Combine it with the growing e-surveillance in India, lack of data protection and privacy laws and unregulated telecom sector and you would get the telecom policy of India.

It is high time India must formulate effective and proper telecom policy of India. Of course, DoT India and TRAI need to perform the functions entrusted to them instead of supporting telemarketing and rouge telecom companies in order to achieve this task. Is somebody listening?