Infosys And CII Endorsed Opinion Of Perry4Law On Cloud Computing Regulation

Use of cloud computing in India has many cost benefits. However, it has to solve many regulatory issues as well. For instance, we have no dedicated data protection law in India, no privacy law in India and no data security law in India.

In these circumstances, cloud computing is not a viable option for India as cloud computing is based upon essentials like privacy protection, data protection and data security and India has none. As a matter of fact, we have no cloud computing policy in India except the one suggested by Perry4Law, the exclusive techno legal ICT law firm of India.

According to Geeta Dalal, Partner at Perry4Law and a techno legal specialist, “There is no cyber security in India and even cyber security policy of India is missing. There is no privacy law in India. There is no data protection law in India. And there is no data security law in and cyber security law in India. In short, there is no legal framework for cloud computing in India at all. With these negative developments India should not use software as a service (SaaS) and cloud computing for crucial governmental services”.

This viewpoint has now got the support of corporate house like Infosys and industrial body like CII. Infosys, which is sharpening focus on tapping “cloud computing”, today said India needed a policy framework for the new service that enables companies to share IT infrastructure and cut costs. It opined that some of the issues like data privacy and security should be addressed properly, which is possible only with a regulatory framework.

Regulatory framework would give confidence that the service providers will provide the service securely and reliably. We need a regulatory framework in place also to ensure data privacy.

Perry4Law is in the process of providing techno legal inputs regarding privacy, data security and data protection laws to the Indian government very soon. Let us hope the suggestions of Perry4Law would be accepted for better cloud computing environment in India.

Privacy, Data Protection And India

India has no privacy laws and data protection laws. This is despite the fact that without these essential laws many governmental projects are simply illegal and unconstitutional. Even future technologies like cloud computing are not safe to be used in India. Further, a special protection to privacy rights in the information age is need of the hour.

However, instead of strengthening the privacy laws and data protection laws in India the government is working in the opposite directions. Indian government has increased its e-surveillance activities and established many e-surveillance oriented projects without proper legal framework.

India has launched many crucial Projects like Aadhar, National Intelligence Grid (NATGRID), Crime and Criminal Tracking Network and Systems (CCTNS), National Counter Terrorism Centre (NCTC), Central Monitoring System (CMS), Centre for Communication Security Research and Monitoring (CCSRM), etc, informs Praveen Dalal, managing partner of Perry4Law and leading techno legal expert of India. None of these Projects and Initiatives are governed by any Legal Framework and none of them are under Parliamentary Scrutiny, informs Dalal.

The latest to add to this e-surveillance wish list is the demand to ensure call data records storage for Five years. However, of all these e-surveillance projects nothing can match the Aadhar project of India or UID project of India that is hiding truth from Indian citizens. Further, illegal phone tapping in India is also a big nuisance that would be put under a scrutiny very soon.

All these illegal and unconstitutional projects are a direct violation of privacy rights and data protection rights of Indians. This lack of privacy has already stalled national intelligence grid (Natgrid) project. The truth is the irrespective of governmental claims, Natgrid is in doldrums.

India must not only formulate a good e-surveillance policy but must also enact strong and effective privacy laws, data protection laws and data security laws. The sooner they are formulated the better it would be for the larger interest of India.

The Evil Intentions Of Aadhar Project And UIDAI

Aadhar project of India or UID project of India is the most controversial project of India. It has many weaknesses and fallacies that make it illegal and unconstitutional from the very beginning. Both Aadhar project and unique identification authority of India (UIDAI) are illegal and unconstitutional.

What is ironical is that even the prime minister’s office (PMO) is supporting this unconstitutional project with great disregard to the constitutional aspirations. The truth is that Indian government and UIDAI are fooling Indian citizens regarding the nature and purpose of Aadhar project. The real purpose of Aadhar project is to make it the most offensive and unaccountable tool of e-surveillance in India. Even Nandan Nilekani is wrong regarding the nature, purpose and objective of Aadhar project.

Aadhar project is not supported by any legal framework and it is also not subject to parliamentary oversight. The executive branch has literally hijacked the constitution of India and its requirements and is doing everything without any accountability and transparency.

India has neither a dedicate privacy law nor any authority for data protection. Rumours are spreading that the right to privacy bill 2011 would be formulated and a data protection authority of India would be established under it. However, keeping in mind the past record and e-surveillance hunger of Indian government, this does not seems to be the truth.

According to Praveen Dalal, managing partner of New Delhi based ICT law firm Perry4Law and leading techno legal expert of India, we have no “Dedicated” Data Protection Law in India. Even India does not have a Data Security Law and Privacy Law. This makes the sensitive information and personal details of Indian Citizens “Highly Vulnerable” to misuse, informs Dalal.

In truth revealing news, the Mysore district authorities have declared that quoting of Aadhar number would be compulsory at various levels in the state government offices in the district. This clearly contradicts the claim of UIDAI that the Aadhar number would be optional. There is no second opinion that in the near future Aadhar number would be made mandatory for all public services.

With constitution of India taken for a ride, it is high time for the PMO and Supreme Court of India to interfere lest civil liberties of India are gone forever. Even citizens must protest against these governmental excesses.

The Right to Privacy Bill, 2011 Of India

Privacy is an area that has been ignored by India for decades. We have no dedicated data protection laws in India. Further data security laws in India are missing and so are privacy laws in India. In short, there is nothing that can safeguard the sensitive information and data of corporate houses or individuals.

Recently the Supreme Court of India said that with the technological advancement, privacy is virtually disappearing. This has shown the growing concerns and requirements for urgent formulation of privacy laws in India. The truth is that India urgently needs privacy laws. This is so because data protection, privacy rights and civil liberties are interrelated.

Now the government of India has proposed establishment of data protection authority of India. This is another instance when Indian government has declared to do something like this. In the past as well on many occasions Indian government “declared” that privacy and data protection bills have been formulated. But till now we do not have data security, data protection and privacy laws in India.

There is no sign of the proposed draft right to privacy bill 2011 of India whose praises have already been found in abundance in Indian media. Further, the nomenclature itself is misleading. The proposed bill, if any, is a bill on data protection and not privacy protection. Data protection is just a single aspect of privacy protection. It means we may have to wait for another decade or more for a dedicate privacy law of India.

We are waiting for a copy of the proposed data protection bill and would come up with our analysis the moment it is available for public inputs.

Data Protection Authority of India

India has no dedicated data protection law in India. Further, we also do not have any data security laws in India. Even privacy laws in India are also missing. It is surprising how India ignored these much needed requirements for decades.

Indian government has announced from time to time about enactment of relevant laws to ensure effective privacy laws and data protection laws. However, till now no such laws have been enacted by Indian government. Rumours are spreading again that Indian government is planning to set up a three-member Data Protection Authority of India (DPAI). Among other things, the DPAI would monitor and enforcing compliance of the any future proposed data protection laws and to investigate any data security breach.

According to Praveen Dalal, managing partner of New Delhi based ICT law firm Perry4Law and leading techno legal expert of India, we have no “Dedicated” Data Protection Law in India. Even India does not have a Data Security Law and Privacy Law. This makes the sensitive information and personal details of Indian Citizens “Highly Vulnerable” to misuse, informs Dalal.

With the proposed use of Cloud Computing, Software as a Service (SaaS) and M-Governance by Indian Government, more “Privacy Violations”, “Cyber Security” and many more “Regulatory Issues” would arise in future. These “Initiatives” cannot succeed in India in the absence of adequate and strong laws in this regard, informs Dalal.

Another closely related issue pertains to absence of lawful interception law in India. Lawful Interception Law of India is urgently required, suggests Dalal. India is the only country of the World where phone tapping is done without a Court Warrant and by Executive Branch of the Constitution of India. Phone tapping in India is “Unconstitutional” and the Parliament of India has not thought it fit to enact a “Constitutionally Sound Law” in this regard. Even the Supreme Court’s directions in PUCL case have proved futile and presently the Court is dealing with the issue once more, informs Dalal.

The issues are not as simple as the Indian government is presuming. In fact, very complicated and constitutional issues are involved that must be addressed by enacting suitable laws in India as soon as possible.

Aadhar Project Of India

Unique identification project of India (UID project of India) or Aadhar project of India is one of the most controversial projects of India. Aadhar is managed by Nandan Nilekani led unique identification authority of India (UIDAI). Despite the claims by UIDAI and Indian government, Aadhar project and UIDAI are big troubles. Not only they are troubles but both Aadhar project of India and UIDAI are unconstitutional as well.

The National Identification Authority of India Bill 2010 was suggested by UIDAI and Nandan Nilekani as a façade and to gain time and divert public attention from this illegal and unconstitutional project. Even the Parliament’s Standing Committee on Finance grilled Nandan Nilekani on certain basis issues that were remained unanswered by Nandan Nilekani. This shows that Nandan Nilekani is wrong regarding Aadhar project.

Unfortunately, India has been imposing projects and authorities without any legal framework and in active violation of the provisions of Indian Constitution. Both Aadhar project and UIDAI are operating in India without any legal sanction and Parliamentary oversight. Further, both Aadhar Project and UIDAI are using hard earned public money that also in an “Unconstitutional manner”, informs Praveen Dalal, managing partner of New Delhi based law firm Perry4Law and leading techno legal expert of India.

What is most surprising is the role of Prime Minister’s Office (PMO) in this entire episode. Aadhar project of India and UIDAI must be scrapped. However, PMO is supporting unconstitutional Aadhar project and even the Finance Ministry is issuing funds to UIDAI with active disregard of the Constitutional provisions.

Further, India is also not ready for Aadhar project itself. There is a lack of privacy laws, data protection laws and data security laws in India. Aadhar project is not supported by either proper legal frameworks or technical infrastructure.

Aadhar project and UIDAI should have been abolished till now. However, vested interests have kept them alive. This has been done even if it means violating the provisions of Indian Constitution with no regard to Fundamental Rights and civil liberties.

Indian government has recently issued a gazette notification forming joint drafting committee to draft proposed Lokpal Bill. Clearly, it is a step towards eradication of corruption rampant in India. However, who would eliminate the institutional corruption existing in India through projects like Aadhar and authorities like UIDAI is still to be seen. I wish both PMO and Finance Ministry took notice of this fact and act immediately.

Cloud Computing in India Is Risky

The moment we heard about cloud computing, a question comes to our mind. The question is whether cloud computing in India is safe and secure? In other words, is India ready for cloud computing and should India use cloud computing?

India has no legal framework that can help in the safe, secure and successful use of cloud computing. For instance, India does not have data security and cyber security laws. This means crucial and sensitive data is not safe in India. Even the cyber law of India is a weak and ineffective law to deal with data breaches and cyber security breaches.

Similarly, there are no cloud computing regulations in India. With an ever increasing hunger for e-surveillance in India by Indian government and its agencies, cloud computing is a sure method of unlawful and illegal e-surveillance and interceptions. Even research in motion (RIM) has arranged for an architecture that allows Indian intelligence agencies to snoop upon blackberry messenger services at will and in real time.

Cloud computing in India also cannot be successful because of absence of privacy laws in India. In fact, cloud computing is a landmine for privacy rights in India. There is no reason whatsoever that cloud computing would not violate privacy rights, data protection principles and data security practices in India.

The truth is that India is still not ready for concepts like m-commerce and cloud computing. Cloud computing is a risky business from all counts.

Before cloud computing is imposed upon Indian citizens, Indian government must ensure a constitutionally sound privacy law for India. Absence of privacy laws in India has already made projects like Aadhar, Natgrid, CCTNS, central monitoring system, etc unconstitutional.

In the absence of legal framework for cloud computing in India and privacy laws in India, cloud computing is risky and must be avoided by private and government players.