Cloud Computing In India Is Legally Risky

It is a severe jolt to freedom to speech and expression if critical news and views are either censored or they are removed from various search platforms, news, etc. Our latest news upon e-commerce and cloud computing topics were first appeared and later disappeared.

We have also reported the matter to a very good civil liberties protection platform in this regard known as Websites, Blogs and News Censorship by Google and India for their evaluation and reporting. The platform is a repository for many sorts of censorships and manipulations activities done by Indian government and Google.

In this article we are exploring the potential benefits and risks of using cloud computing in India. Legal risks of cloud computing in India are numerous and unless they are mitigated cloud computing in India cannot be successful.

Cloud computing is the buzz word these days in India. Cloud computing has many advantages over maintaining your own data centers and storage spaces. However, if the data is not of great quantity, cloud computing is not a viable option at all.

The data generated on Internet and computing world is tremendous in volume. The processing and management may be a costly affair at an organisational level. This is the reason why individuals and organisations prefer to use cloud computing services to reduce their costs and improve their efficiencies.

The benefits of cloud computing are correlated with the drawbacks associated with the same. For instance, cloud computing is a potential landmine for privacy violations. Similarly, cloud computing may also be responsible for data theft, data breaches, confidentiality breach, etc.

Obviously cloud computing without legal framework and procedural safeguards should not be adopted at all. This is exactly the problem of cloud computing in India. We have no dedicated cloud computing laws in India and cloud computing regulations in India. Despite may protests the legal framework for cloud computing in India is still missing.

Further, we have no dedicated privacy law or data protection law in India as well. Handing over of personal, secret and confidential information to law enforcement agencies of India without any judicial order is also possible as Indian laws does not requires a court warrant to be the prerequisite before such data and information can be parted away by an Internet intermediary or Internet service provider.

According to a recent research analysis by Perry4Law and Perry4Law Techno Legal Base (PTLB), Indian chief information officers (CIOs) and chief executive officers (CEOs) are not comfortable using cloud computing in the present situations. Many other organisations have also endorsed this analysis of Perry4Law and PTLB. Now even Telecom Regulatory Authority of India (TRAI) has endorsed these research results of Perry4Law and PTLB.

TRAI has accepted the suggestions of Perry4Law on telecom policy of India 2012. TRAI has clearly maintained that there must be a balance between privacy protection and law enforcement requirements vis-à-vis cloud computing usage in India.

So for all practical purposes, use of cloud computing in India is risky. India is still not ready for cloud computing and India should not use software as a service (SaaS) or cloud computing till suitable legal frameworks and procedural safeguards are at place.

Legal Risks Of Cloud Computing In India

Cloud computing is the buzz word these days in India. Cloud computing has many advantages over maintaining your own data centers and storage spaces. However, if the data is not of great quantity, cloud computing is not a viable option at all.

The data generated on Internet and computing world is tremendous in volume. The processing and management may be a costly affair at an organisational level. This is the reason why individuals and organisations prefer to use cloud computing services to reduce their costs and improve their efficiencies.

The benefits of cloud computing are correlated with the drawbacks associated with the same. For instance, cloud computing is a potential landmine for privacy violations. Similarly, cloud computing may also be responsible for data theft, data breaches, confidentiality breach, etc.

Obviously cloud computing without legal framework and procedural safeguards should not be adopted at all. This is exactly the problem of cloud computing in India. We have no dedicated cloud computing laws in India and cloud computing regulations in India. Despite may protests the legal framework for cloud computing in India is still missing.

Further, we have no dedicated privacy law or data protection law in India as well. Handing over of personal, secret and confidential information to law enforcement agencies of India without any judicial order is also possible as Indian laws does not requires a court warrant to be the prerequisite before such data and information can be parted away by an Internet intermediary or Internet service provider.

According to a recent research analysis by Perry4Law and Perry4Law Techno Legal Base (PTLB), Indian chief information officers (CIOs) and chief executive officers (CEOs) are not comfortable using cloud computing in the present situations. Many other organisations have also endorsed this analysis of Perry4Law and PTLB. Now even Telecom Regulatory Authority of India (TRAI) has endorsed these research results of Perry4Law and PTLB.

TRAI has accepted the suggestions of Perry4Law on telecom policy of India 2012. TRAI has clearly maintained that there must be a balance between privacy protection and law enforcement requirements vis-à-vis cloud computing usage in India.

So for all practical purposes, use of cloud computing in India is risky. India is still not ready for cloud computing and India should not use software as a service (SaaS) or cloud computing till suitable legal frameworks and procedural safeguards are at place.

Infosys And CII Endorsed Opinion Of Perry4Law On Cloud Computing Regulation

Use of cloud computing in India has many cost benefits. However, it has to solve many regulatory issues as well. For instance, we have no dedicated data protection law in India, no privacy law in India and no data security law in India.

In these circumstances, cloud computing is not a viable option for India as cloud computing is based upon essentials like privacy protection, data protection and data security and India has none. As a matter of fact, we have no cloud computing policy in India except the one suggested by Perry4Law, the exclusive techno legal ICT law firm of India.

According to Geeta Dalal, Partner at Perry4Law and a techno legal specialist, “There is no cyber security in India and even cyber security policy of India is missing. There is no privacy law in India. There is no data protection law in India. And there is no data security law in and cyber security law in India. In short, there is no legal framework for cloud computing in India at all. With these negative developments India should not use software as a service (SaaS) and cloud computing for crucial governmental services”.

This viewpoint has now got the support of corporate house like Infosys and industrial body like CII. Infosys, which is sharpening focus on tapping “cloud computing”, today said India needed a policy framework for the new service that enables companies to share IT infrastructure and cut costs. It opined that some of the issues like data privacy and security should be addressed properly, which is possible only with a regulatory framework.

Regulatory framework would give confidence that the service providers will provide the service securely and reliably. We need a regulatory framework in place also to ensure data privacy.

Perry4Law is in the process of providing techno legal inputs regarding privacy, data security and data protection laws to the Indian government very soon. Let us hope the suggestions of Perry4Law would be accepted for better cloud computing environment in India.

Privacy, Data Protection And India

India has no privacy laws and data protection laws. This is despite the fact that without these essential laws many governmental projects are simply illegal and unconstitutional. Even future technologies like cloud computing are not safe to be used in India. Further, a special protection to privacy rights in the information age is need of the hour.

However, instead of strengthening the privacy laws and data protection laws in India the government is working in the opposite directions. Indian government has increased its e-surveillance activities and established many e-surveillance oriented projects without proper legal framework.

India has launched many crucial Projects like Aadhar, National Intelligence Grid (NATGRID), Crime and Criminal Tracking Network and Systems (CCTNS), National Counter Terrorism Centre (NCTC), Central Monitoring System (CMS), Centre for Communication Security Research and Monitoring (CCSRM), etc, informs Praveen Dalal, managing partner of Perry4Law and leading techno legal expert of India. None of these Projects and Initiatives are governed by any Legal Framework and none of them are under Parliamentary Scrutiny, informs Dalal.

The latest to add to this e-surveillance wish list is the demand to ensure call data records storage for Five years. However, of all these e-surveillance projects nothing can match the Aadhar project of India or UID project of India that is hiding truth from Indian citizens. Further, illegal phone tapping in India is also a big nuisance that would be put under a scrutiny very soon.

All these illegal and unconstitutional projects are a direct violation of privacy rights and data protection rights of Indians. This lack of privacy has already stalled national intelligence grid (Natgrid) project. The truth is the irrespective of governmental claims, Natgrid is in doldrums.

India must not only formulate a good e-surveillance policy but must also enact strong and effective privacy laws, data protection laws and data security laws. The sooner they are formulated the better it would be for the larger interest of India.

The Evil Intentions Of Aadhar Project And UIDAI

Aadhar project of India or UID project of India is the most controversial project of India. It has many weaknesses and fallacies that make it illegal and unconstitutional from the very beginning. Both Aadhar project and unique identification authority of India (UIDAI) are illegal and unconstitutional.

What is ironical is that even the prime minister’s office (PMO) is supporting this unconstitutional project with great disregard to the constitutional aspirations. The truth is that Indian government and UIDAI are fooling Indian citizens regarding the nature and purpose of Aadhar project. The real purpose of Aadhar project is to make it the most offensive and unaccountable tool of e-surveillance in India. Even Nandan Nilekani is wrong regarding the nature, purpose and objective of Aadhar project.

Aadhar project is not supported by any legal framework and it is also not subject to parliamentary oversight. The executive branch has literally hijacked the constitution of India and its requirements and is doing everything without any accountability and transparency.

India has neither a dedicate privacy law nor any authority for data protection. Rumours are spreading that the right to privacy bill 2011 would be formulated and a data protection authority of India would be established under it. However, keeping in mind the past record and e-surveillance hunger of Indian government, this does not seems to be the truth.

According to Praveen Dalal, managing partner of New Delhi based ICT law firm Perry4Law and leading techno legal expert of India, we have no “Dedicated” Data Protection Law in India. Even India does not have a Data Security Law and Privacy Law. This makes the sensitive information and personal details of Indian Citizens “Highly Vulnerable” to misuse, informs Dalal.

In truth revealing news, the Mysore district authorities have declared that quoting of Aadhar number would be compulsory at various levels in the state government offices in the district. This clearly contradicts the claim of UIDAI that the Aadhar number would be optional. There is no second opinion that in the near future Aadhar number would be made mandatory for all public services.

With constitution of India taken for a ride, it is high time for the PMO and Supreme Court of India to interfere lest civil liberties of India are gone forever. Even citizens must protest against these governmental excesses.

The Right to Privacy Bill, 2011 Of India

Privacy is an area that has been ignored by India for decades. We have no dedicated data protection laws in India. Further data security laws in India are missing and so are privacy laws in India. In short, there is nothing that can safeguard the sensitive information and data of corporate houses or individuals.

Recently the Supreme Court of India said that with the technological advancement, privacy is virtually disappearing. This has shown the growing concerns and requirements for urgent formulation of privacy laws in India. The truth is that India urgently needs privacy laws. This is so because data protection, privacy rights and civil liberties are interrelated.

Now the government of India has proposed establishment of data protection authority of India. This is another instance when Indian government has declared to do something like this. In the past as well on many occasions Indian government “declared” that privacy and data protection bills have been formulated. But till now we do not have data security, data protection and privacy laws in India.

There is no sign of the proposed draft right to privacy bill 2011 of India whose praises have already been found in abundance in Indian media. Further, the nomenclature itself is misleading. The proposed bill, if any, is a bill on data protection and not privacy protection. Data protection is just a single aspect of privacy protection. It means we may have to wait for another decade or more for a dedicate privacy law of India.

We are waiting for a copy of the proposed data protection bill and would come up with our analysis the moment it is available for public inputs.

Aadhar Project Of India

Unique identification project of India (UID project of India) or Aadhar project of India is one of the most controversial projects of India. Aadhar is managed by Nandan Nilekani led unique identification authority of India (UIDAI). Despite the claims by UIDAI and Indian government, Aadhar project and UIDAI are big troubles. Not only they are troubles but both Aadhar project of India and UIDAI are unconstitutional as well.

The National Identification Authority of India Bill 2010 was suggested by UIDAI and Nandan Nilekani as a façade and to gain time and divert public attention from this illegal and unconstitutional project. Even the Parliament’s Standing Committee on Finance grilled Nandan Nilekani on certain basis issues that were remained unanswered by Nandan Nilekani. This shows that Nandan Nilekani is wrong regarding Aadhar project.

Unfortunately, India has been imposing projects and authorities without any legal framework and in active violation of the provisions of Indian Constitution. Both Aadhar project and UIDAI are operating in India without any legal sanction and Parliamentary oversight. Further, both Aadhar Project and UIDAI are using hard earned public money that also in an “Unconstitutional manner”, informs Praveen Dalal, managing partner of New Delhi based law firm Perry4Law and leading techno legal expert of India.

What is most surprising is the role of Prime Minister’s Office (PMO) in this entire episode. Aadhar project of India and UIDAI must be scrapped. However, PMO is supporting unconstitutional Aadhar project and even the Finance Ministry is issuing funds to UIDAI with active disregard of the Constitutional provisions.

Further, India is also not ready for Aadhar project itself. There is a lack of privacy laws, data protection laws and data security laws in India. Aadhar project is not supported by either proper legal frameworks or technical infrastructure.

Aadhar project and UIDAI should have been abolished till now. However, vested interests have kept them alive. This has been done even if it means violating the provisions of Indian Constitution with no regard to Fundamental Rights and civil liberties.

Indian government has recently issued a gazette notification forming joint drafting committee to draft proposed Lokpal Bill. Clearly, it is a step towards eradication of corruption rampant in India. However, who would eliminate the institutional corruption existing in India through projects like Aadhar and authorities like UIDAI is still to be seen. I wish both PMO and Finance Ministry took notice of this fact and act immediately.