Saturday, June 25, 2011

Natgrid Is Still A Nebulous And Unconstitutional Project

A friend of mine has written a very apt article titled Natgrid and NIA became more Obscure and unconstitutional. This piece has been widely appreciated and generously quoted. However, surprisingly, the original source of this article has disappeared from Google’s search results.

However, keeping in mind the fact that Wordpress has censored and deleted our Blogs and Google is censoring the search and news results, this is no big surprise. Wordpress has crossed all the limits by even disabling the accounts of all our contributors at the Techno Legal News and Views platform as well. If you have observed, you must also be aware of the strange behaviour of Blogspot during the last few months.

However, despite the Internet censorship, website blocking and e-surveillance exercises of Wordpress, Blogspot and Indian government, the constitution of India empowers me to freely express my views in India. Now even the United Nations has declared that access to internet is a human right.

So what is this national intelligence grid (Natgrid) project of India? Natgrid is a project pertaining to intelligence gathering and its analysis. While there is nothing wrong with having a project like Natgrid but the way it has been implemented makes it illegal and unconstitutional.

Firstly, Natgrid is not at all trying to reconcile the conflicting interests of civil liberties and national security. On the contrary it is expressly violating the civil liberties of Indians in cyberspace. Till now Indian government has not specified the procedural safeguards that can prevent the misuse of Natgrid.

Secondly, there is no official website of Natgrid where the objects, purpose, scope, limitations, etc of Natgrid have been mentioned. In the absence of adequate information about Natgrid, its veracity and genuineness is in great doubts.

Thirdly, neither the Natgrid project nor the intelligence agencies and other agencies who are going to use it are subject to any “parliamentary oversight”. When the Natgrid project and agencies are themselves governed by no legal framework and they are not accountable to the parliament and judiciary, this make the very project unconstitutional and unwarrantable.

Fourthly, even the cabinet committee on security (CCS) is aware of the “constitutional limitations” and that is the reason why it gave Natgrid a “conditional approval”. Statutory enactments have to be enacted before Natgrid can proceed with the crucial stages of its implementation.

Despite the media campaign to give a positive image to Natgrid project, it is and would always remain an e-surveillance project that has no constitutional sanction and is unconstitutional in nature.

Friday, June 24, 2011

Infosys And CII Endorsed Opinion Of Perry4Law On Cloud Computing Regulation

Use of cloud computing in India has many cost benefits. However, it has to solve many regulatory issues as well. For instance, we have no dedicated data protection law in India, no privacy law in India and no data security law in India.

In these circumstances, cloud computing is not a viable option for India as cloud computing is based upon essentials like privacy protection, data protection and data security and India has none. As a matter of fact, we have no cloud computing policy in India except the one suggested by Perry4Law, the exclusive techno legal ICT law firm of India.

According to Geeta Dalal, Partner at Perry4Law and a techno legal specialist, “There is no cyber security in India and even cyber security policy of India is missing. There is no privacy law in India. There is no data protection law in India. And there is no data security law in and cyber security law in India. In short, there is no legal framework for cloud computing in India at all. With these negative developments India should not use software as a service (SaaS) and cloud computing for crucial governmental services”.

This viewpoint has now got the support of corporate house like Infosys and industrial body like CII. Infosys, which is sharpening focus on tapping “cloud computing”, today said India needed a policy framework for the new service that enables companies to share IT infrastructure and cut costs. It opined that some of the issues like data privacy and security should be addressed properly, which is possible only with a regulatory framework.

Regulatory framework would give confidence that the service providers will provide the service securely and reliably. We need a regulatory framework in place also to ensure data privacy.

Perry4Law is in the process of providing techno legal inputs regarding privacy, data security and data protection laws to the Indian government very soon. Let us hope the suggestions of Perry4Law would be accepted for better cloud computing environment in India.

Tuesday, June 21, 2011

Was Pranab Mukherjee's Office Bugged For E-Surveillance?

Last September, finance minister Pranab Mukherjee complained that his office was bugged. Mukherjee requested the PM to order a secret inquiry into the "serious breach of security in his office" in the form of "planted adhesives" in 16 locations in a possible surveillance attempt. Though no live microphone devices were found, he had reported it to the PM. Realising the seriousness of the issue, Intelligence Bureau (IB) immediately swept into action.

However, IB found nothing wrong at Mukherjee’s office and no surveillance equipment was found. To be on the safer side, IB increased the frequency of its “technical sweeping” in high offices.

Technical sweeping is a more advanced form of surveillance detection than the ordinary surveillance detection technique. Now instead of occasional anti-bugging exercise inside finance ministry, the IB has now included this ministry in North Block as part of its regular “technical sweeping” work like what it does for its own premises and offices of the PM in South Block and home minister in North Block.

E-surveillance has become a nuisance for not only Indian citizens but also for the government itself. Private individuals have been doing e-surveillance and phone tapping in India with or without governmental orders. We have no constitutionally sound e-surveillance and phone tapping law in India. Further, even the e-surveillance policy of India is missing. We urgently need a lawful interception law in India.

There is no provision for “judicial scrutiny” of e-surveillance and “phone tapping orders in India and this is giving lots of room for private individuals and those who have no authority of law to indulge in illegal e-surveillance and phone tapping.

Indian government must urgently do something about this serious problem that has already taken a gigantic shape. A system devised by Indian government is itself proving a nuisance for it. Time has come for the Indian government to clean the mess created by itself.

Natgrid And NIA Became More Obscure And Unconstitutional

Accountability and transparency are two words that do not apply to Indian law enforcement and intelligence agencies. India has chosen to stick to the British legacy of non transparency. Whether it is laws like official secrets act, Indian telegraph act or the accountability of Indian law enforcement and intelligence agencies, Indian government has even surpassed the Britishers in this regard.

Instead of strengthening the transparency and Parliamentary scrutiny, India is further making these agencies more unaccountable and lawless. The right to information act 2005 (RTI Act 2005) is the sole transparency law of India that needs further amendments and strengthening. However, the proposed right to information rules 2010 instead of strengthening the RTI Act, 2005 took steps that are retrograde in nature.

Firstly, India amended the cyber law of India through the draconian information technology amendment act 2008 that empowered Indian government and its agencies with unconstitutional e-surveillance, internet censorship and website blocking powers. Subsequently, it made the RTI Act 2005 weaker and redundant.

Now Indian government has announced that Central Bureau of Investigation (CBI), national investigation authority of India (NIA) and national intelligence grid (Natgrid) would be exempted from the applicability of RTI Act, 2005. The constitutional validity of national investigation agency act, 2008 (NIA 2008) is still doubtful and CBI and Natgrid are not governed by any law at all. Even the proposed central monitoring system of India is without any parliamentary oversight.

Whether it is CBI or Intelligence Agencies of India, none of them are presently Accountable to Parliament of India, informs Praveen Dalal, managing partner of New Delhi based ICT law firm Perry4Law and CEO of exclusive Human Rights Protection Centre for Cyberspace in India. This casts a doubt about the Impartiality and Transparency of these Agencies, suggests Dalal. Exempting these Agencies without any parallel “Parliamentary Oversight” is against the provisions of Indian Constitution, informs Dalal.

In these days the role of Indian Parliament has been reduced to almost nothing. Important laws are never passed and existing laws like the cyber law of India have been made e-surveillance instrumentality for Indian government and its agencies. The Parliament of India needs to take its legislative role seriously, at least now.

Sunday, June 19, 2011

What ICANN’s 41st Meeting At Singapore Must Also Consider

The Internet Corporation for Assigned Names and Numbers (ICANN) would hold the Second Public Meeting of the year on 20th June 2011 at Singapore. There are many crucial issues that would be discussed by ICANN in this meeting and allotting new gTLDs would be just one of them. Of course, ICANN 41 meeting is more than a gTLD meeting.

However, it is clear that not everybody agrees with the agenda and issues of this meeting. Besides, this is also not a “one for all” meeting as many more crucial issues have yet to be decided by ICANN in this meeting or subsequent meetings.

According to Praveen Dalal, Managing Partner of New Delhi based IP and ICT Law Firm Perry4Law and CEO of the exclusive Techno Legal Online Dispute Resolution Centre of India (TLODRCI), ICANN needs to consider and adopt many more crucial issues like upgradation of UDRP procedure, better and expeditious Dispute Resolution Mechanism, enhanced Cyber Security Initiatives for Domain Name and DNS, better National and International Cooperations with Governments, NGOs and Dispute Resolution Providers, considering interests of Developing Countries and NGOs, etc.

In the present meeting, ICANN would also consider other crucial issues like internationalised domain names (IDNs), inter-registrar transfers, new gTLD applicants from developing countries, etc.

These are just a few examples of dozens of topics that the ICANN Community will discuss during a week containing more than 120 panels, presentations, workshops and other sessions.

Let us see the outcome of this meeting and how the domain name framework changes with this crucial meeting.

Saturday, June 18, 2011

Icann’s Generic Top Level Domain Names Dispute Resolution

The Internet Corporation for Assigned Names and Numbers (ICANN) is the authority that is administering the implementation of Internet’s domain name system. ICANN has proposed to hold its second public meeting of the year on June 20th, 2011.

ICANN could approve its proposed program to introduce an unlimited number of new generic top-level domain names (gTLD). These gTLDs are in great demand among world reputed brands and trademarks owners. The new gTLDs would allow such brand and trademark owners to register their brands and trademarks as the domain name.

Naturally, these GTLDs are in great demand and there would be attempts to squat famous brands and trademarks of others. ICANN would stringently deal with such attempts by allotting the GTLDs to only “Bonafide Applicants” after verifying their “Claims”, informs Praveen Dalal, managing partner of New Delhi based IP and ICT law firm Perry4Law and a Neutral at World Intellectual Property Organisation’s (WIPO) Arbitration Centre.

Earlier WIPO had informed that cyber squatting cases are on rise. This proves that well known brands and trademarks are at risk of being misappropriated by dubious individuals and organisations.

The present allotment of GTLD would also face similar problems if an effective “Pre Screening Procedure” along with “Reasonably High Application Fee” is not prescribed by ICANN, suggests Dalal. ICANN and WIPO would also be required to “Streamline” their Dispute Resolution Services keeping in mind the recent Technological Advances, suggests Dalal.

Let us see how ICANN, WIPO and similar organisations would deal with the issues of cyber squatting, brand violations and trademark violations in the near future.

Thursday, June 16, 2011

WordPress Is Engaging In Unreasonable Blogs Censorship

Blogging platform Wordpress is engaging in unilateral and unreasonable Blogs censorship. Our platform Techno Legal Journalists was censored by Wordpress without any information. Our query to WordPress in this regard has not been answered even after a week. Further, Wordpress has also disabled the accounts of all our contributors at the Techno Legal News and Views platform as well.

Even Blogs hosted upon Blogspot platform are inaccessible in New Delhi, India once more. But they keep on shifting as accessible and non accessible from time to time. Till the time of writing this news piece, Blogspot Blogs are not accessible once more.

As far as the Wordpress censorship issue is concerned, this is a serious matter as it violates the civil liberties in cyberspace of all those who dare to speak against the authorities. We appreciate very much the bold support of prolific Blogger Jayasree Saranathan in this regard and we expect similar courage from the Blogging community. Today it is our Blog tomorrow it may be yours.

Issues of civil liberties violations must be agitated at the United Nations level and UN must protect human rights in cyberspace. Finally, UN has shown some inclination in this regard. UN now considers Internet access a Human Right and considers disconnecting people from the Internet as a violation of Human Rights and International Law, informs Praveen Dalal, managing partner of New Delhi based law firm Perry4Law and CEO of the exclusive Cyberspace Human Rights Protection Centre of India.

If disconnecting people from Internet is human right, censorship of Blogs and websites is definitely a violation of human rights in cyberspace. I wish UN also takes issues of Blogs and websites censorship seriously and expressly declare them violation of human right in cyberspace.

Wednesday, June 15, 2011

Jan Lokpal Bill Of India Still A Dream


Jan lokpal bill of India has been lingering for more than 42 years. What miracle could have been expected from Indian government in two months? At the end of the prescribed period, it is now clear that Jan lokpal bill may still not be an accomplished dream.

Jan Lokpal Bill must not be any simple piece of Legislation. Rather, it must be Strong, Robust and Effective, says Praveen Dalal, a Supreme Court Lawyer and leading techno legal expert of India. None can doubt the effectiveness of Technology for bringing Accountability and Transparency. Unfortunately, the version of both Civil Society and Indian Government failed to consider this aspect, says Dalal.

It seems Indian government is not willing to accommodate suggestions and inputs of public at large. If this is the scenario then the chances of Jan lokpal being a good one are very bleak.

Even the concerns and suggestions of the civil society members of the joint drafting committee were not considered by the governmental representative. The core issues have been rejected by the member of government and without those core issues and the one suggested by experts of India, Jan lokpal bill would be just a formality.

In these circumstances we are trying to win a game that we have already lost. Well begun is half done but this maxim just applies to Indian government that has tactfully sidelined the main issues and has ignored the critical inputs of various experts.

22nd Session Of WIPO’s Standing Committee On Copyright And Related Rights

World Intellectual Property Organisation (WIPO) is conducting a very landmark meeting these days. WIPO’s Standing Committee on Copyright and Related Rights is holding its Twenty-Second Session from June 15, 2011 to June 24, 2011 at Geneva, Switzerland.

The session is covering many far reaching issues pertaining to copyright and related rights. For instance, issues like protection of audiovisual performances, protection of broadcasting organisations, copyright limitations and exceptions for the visually impaired persons and other persons with print disabilities, exceptions and limitations for the persons with disabilities, educational and research institutions, libraries and archives, etc would be discussed at the present session. This session would also prepare the background drafts for various international treaties on the abovementioned issues.

This is a landmark Session for the WIPO’s Standing Committee on Copyright and Related Rights, says Praveen Dalal, managing partner of New Delhi based IP and ICT law firm Perry4Law and a Neutral at WIPO Arbitration and Mediation Centre dealing with highly specialised technology related dispute resolutions.

The Copyright Laws around the World must be more “Receptive and Liberal” towards the demands and requirements of differently abled people, suggests Dalal. By considering suggestions of “Fair Use Exceptions” in favour of differently abled people, WIPO is moving in the right direction and Perry4Law welcomes this initiative of WIPO.

The talks are in the initial stage and once the session is over WIPO may come out with the summary of the same.

Entertainment And Media Industry Disputes Resolutions

Entertainment and media industry has to invest a lot to create commercial contents. This also necessitates the protection of such digital contents in both online and offline environment. Although creation of digital contents requires lots of efforts, money and manpower yet its violation and misuse requires little effort and expenditure. This is the reason why there are lots of entertainment, media and film industry related disputes these days.

A very strange trend in the Asian countries, especially India, regarding entertainment, media and film industry related disputes is that they are essentially resolved through traditional litigation methods. There is hardly any use of alternative dispute resolution (ADR) or online dispute resolution (ODR) methods to resolve such disputes.

Even more bizarre is the fact that such disputes are seldom taken to International level, informs Praveen Dalal, managing partner of New Delhi based IP and ICT law firm Perry4Law and a Neutral at World Intellectual Property Organisation (WIPO) Arbitration and Mediation Centre. Although WIPO has a dedicated mechanism to resolve Entertainment and Film Industry related Disputes yet Asian Countries are mostly “Respondents” there, inform Dalal.

This shows that Asian countries are not utilising international platforms of organisations like WIPO for getting their disputes resolved. This is a trend that needs to be changed as use of ADR and ODR is certainly “More Beneficial” for Entertainment, Media and Film Industry, suggests Dalal.

However, despite all assurances, entertainment, media and film industry would not be encouraged to approach international platforms in the absence of national level participations. Perry4Law Techno Legal Base (PTLB) has opened a techno legal ODR platform where ADR and ODR is used for resolving all sorts of commercial and civil disputes that can be resolved using ADR and ODR.

With national initiatives becoming popular and frequently used, international platforms may also be approached later on. However, collaboration between national and international ADR and ODR institutions is need of the hour to achieve that objective.

First EU´s Digital Assembly Meeting

The first digital agenda assembly would be held during 16th and 17th June, 2011. Issues like open data and re-use of public sector information, e-identity and e-signatures, interoperability and standards, cyber security, financing and facilitating broadband projects, partnership-based ICT research and innovation, importance of social networks, mainstreaming e-learning in education and training, access and digital ability, smart mobility, ICT and management of creative content, IPv6 deployment in Europe, online safety of children, spectrum for wireless innovation in Europe, cloud computing strategy for Europe, digital literacy and e-inclusion, e-government driving innovation, etc would be discussed.

The European Commission launched the Europe 2020 Strategy in March 2010 to strengthen the EU economy for the ICT challenges of the next decade. The Digital Agenda for Europe is one of the seven flagship initiatives of the Europe 2020 Strategy, informs Praveen Dalal, managing partner of New Delhi based IP and ICT law firm Perry4Law and leading techno legal expert of India.

ICT has to play a key role if Europe wants to succeed in its ambitions Europe 2020 Strategy. Issues like E-Governance, E-Commerce, Online Dispute Resolution (ODR) and E-Courts, Technological issues of IPRs, etc must also be discussed in this or subsequent meetings, suggests Dalal.

It is also expected that issues like copyright, piracy, broadcasting rights, digital contents, cross-border distribution of audiovisual contents, etc may also be discussed. As per the recent studies, losses caused by counterfeiting and piracy could reduce the EU GDP by €8 billion annually.

The issues that would be discussed at this meeting are very important and the outcome of the same would definitely be productive for European countries.

Tuesday, June 14, 2011

What Ails Jan Lokpal Bill Of India?

Till now all of us are aware of the fiasco of jan lokpal bill of India. It is now clear that there is no material consensus between the civil society members and government members of the joint drafting committee.

Further, it is also obvious that government would not make the contents of the proposed draft jan lokpal bill of India, if any, public. The same may be introduced in the parliament during the forthcoming session. However, even there is no guarantee of the same.

Further, even if the Bill is introduced there is no guarantee that it would become a law. Techno legal experts of India have been pointing out many technical and legal shortcomings that government is not willing to hear at all.

The Jan Lokpal Law of India must be “Techno Legal” in nature that must incorporate the benefits of Law, Technology and Constitutional Duties, suggests Praveen Dalal, managing partner of New Delhi based law firm Perry4Law and leading techno legal expert of India.

Further, if Jan Lokpal Law Of India 2011 has to be successful it must incorporate many more issues like Technology, Whistleblower Protection, Harmonisation between Judicial and Lokpal fields, Right to Information, Mandatory Electronic Services Delivery, etc, suggests Dalal.

Till now even the suggestions of the member of joint drafting committee have not been accepted. There are little chances that suggestions of experts and general public would also be incorporated in the proposed Bill.

We are still far from an ideal jan lokpal bill of India. In these circumstances, enactment of a strong, robust and effective jan lokpal law is ruled out.

Friday, June 10, 2011

Asian Film And Entertainment Industry And WIPO Dispute Resolution

Asian film industry engages in lots of disputes pertaining to intellectual property rights (IPRs) issues. Surprisingly, Asian companies prefer to utilise tradition litigations methods instead of alternative dispute resolution (ADR) or online dispute resolution (ODR).

Although the World Intellectual Property Organisation (WIPO) has a dedicated centre known as WIPO Mediation and Expedited Arbitration for Film and Media yet Asian countries are shy to use such international platforms.

Instead they prefer to approach the courts to get their disputes resolved. Further, a majority of Asian companies are respondents at such dispute resolution platforms. So where lies the problem?

According to Praveen Dalal, managing partner of New Delhi based IP and ICT law firm Perry4Law and a Neutral at WIPO’s Arbitration and Mediation Centre, this may be due to two reasons. Firstly, a majority of Respondents may be defending themselves against the Intellectual Property Rights (IPRs) violations cases. Secondly, Asian Companies may not be effectively using the ADR and ODR Dispute Resolution Services of International Organisations and Institutions, informs Dalal.

This is very surprising as use of ADR and ODR is definitely more beneficial for these companies. However, they still prefer the litigation route than the ADR and ODR route.

According to Dalal, a great deal of ADR and ODR Disputes are “Referred” by Law Firms and Practicing Legal Professionals. They incorporate suitable “ADR and ODR Clauses” in the Technology Agreements, Film and entertainment related Agreements, etc. If these Firms and Professionals do not incorporate proper Arbitration Clause, a Dispute can never reach to International Organisations and would land up in a Court of Law, informs Dalal.

It seems the need to collaborate with the locals seems to be the success formula. Local disputes are generally settled using local means and it requires great persuasion an awareness to utilise the services of international organisations in this regard.

Thursday, June 9, 2011

Citigroup Confirms Bank’s Network Faced Cyber Attack

Reserve Bank of India (RBI) has been stressing upon ensuring cyber security for banks in India. RBI has also constituted the working group on information security. As per the recommendations of the working group, RBI has directed that all banks would have to create a position of chief information officers (CIOs) as well as steering committees on information security at the board level at the earliest.

Meanwhile, RBI sought the inputs of various stakeholders upon the report of the working group. After analysing the public inputs, the final notification has been recently released by the RBI. The notification mandates complying with the recommendations of RBI in a time bound manner.

However, it seems the recommendations of the working group constituted by RBI have still not been implemented. A “progress report” must be sought from banks of India in this regard by RBI as soon as possible.

RBI has also made the appointment of chief of internal vigilance mandatory for banks in India. RBI has also prescribed cyber security due diligence for banks in India. In fact, cyber due diligence and banking due diligence could have prevented the recent Citibank fraud.

The truth is that banks and financial institutions in India are not serious at all regarding cyber due diligence, cyber crimes, financial frauds and cyber security. This is resulting in an increase in banking related cyber crimes and financial frauds.

As per the latest news, Citigroup Inc said computer hackers breached the bank's network and accessed data on hundreds of thousands of bank card holders in the latest of a string of cyber attacks on high-profile companies. Citigroup said about 1% of its card customers were affected by the breach, which had been discovered in May during routine monitoring. The names of customers, account numbers and contact information, including email addresses, were viewed during this cyber attack. However, other information such as birth dates, social security numbers, card expiration dates and card security codes (CVV) were not compromised.

Cyber attacks against banking and financial institutions are very common and frequent. They cannot be eliminated absolutely but efforts must be made to make them as less as possible. Banks and financial institutions of India must consider cyber security very seriously in the larger interest of their customers.

Monday, June 6, 2011

United Nations Must Protect Human Rights In Cyberspace

United Nations has been regulating many international issues all over the world and the most important one is protection of human rights. However, UN is not very serious about protection of human rights in cyberspace.

In the past as well suggestions have been given by many techno legal experts to UN to ensure protection of human rights in cyberspace. However, this issue seems to be a complicated one as UN is taking lots of time to protect human rights in cyberspace.

The World community on Human Rights, Cyber Law and Cyber Security must start thinking in this direction as issues like Cyber Warfare, Cyber Terrorism, Cyber Espionage, Cyber Crimes, E-Surveillance, Unlawful Interceptions, etc are “Transnational” in nature, says Praveen Dalal, managing partner of New Delhi based law firm Perry4Law and CEO of the exclusive Cyberspace Human Rights Protection Centre of India.

If different Countries would have different laws for these issues, it would be very difficult to truly enforce protective provisions against these menaces at National and International levels, opines Dalal.

Finally, UN has shown some inclination in this regard. UN now considers Internet access a Human Right and considers disconnecting people from the Internet as a violation of Human Rights and International Law, informs Dalal.

A Report by the UN Human Rights Council’s 17th Session underscored the “unique and transformative" nature of the Internet allowing individuals to exercise a range of Human Rights, and to promote the progress of society as a whole.

This is a good step taken by the UN especially with the growing use of e-surveillance, Internet censorship and website blockings all over the world. India is one such country that is indulging in endemic e-surveillance activities that also without any legal framework or with the help of unconstitutional laws like cyber law of India.

Experts in India have even suggested repeal of the information technology act 2000, the sole cyber law of India. Let us hope UN would come up with international standards for protection of human rights in cyberspace very soon.

Sunday, June 5, 2011

An Ideal Jan Lokpal Bill 2011 Of India By Praveen Dalal

In this guest column, Praveen Dalal, Managing Partner of New Delhi based Law Firm Perry4Law and leading Techno Legal Specialist of India has shared his views regarding the ideal Jan Lokpal Law of India. He has also sent his suggestions in this regard to the Government of India.

Any Person or Institution that believes that Jan Lokpal Law of India is not requires is certainly Corrupt and Anti National. This is the reason why the Government of India cannot deny its enactment. However, Indian Government can “Delay” it enactment and the same would amount to “Denial” of the very Jan Lokpal Law of India.

This “Delaying Tactics” is not new to Indian Government. The Lokpal Bill has been drafted for more than 42 years by Indian Government and it has failed to become an applicable law till now. The first Lokpal Bill was passed in the 4th Lok Sabha in 1969 but could not get through in the Rajya Sabha. Subsequently, Lokpal bills were introduced in 1971, 1977, 1985, 1989, 1996, 1998, 2001, 2005 and in 2008.

India’s intentions to ignore Corruption were also apparent when it did not “Ratified” the United Nations Convention against Corruption. Although India signed the Convention in 2005 but Indian Government refused to ratify the same. This is also the reason why Anti Corruption Laws of India remained not only “National’ in nature but also redundant and ineffective. Of course, India has now ratified the Convention and it has become mandatory for India to keep its laws in line with the same.

Realising that India is not at all serious in eradicating corruption, the Civil Society took up the task upon itself. Under the leadership of Anna Hazare the fight against widespread corruption in India was started. This resulted in the formulation of a “Joint Drafting Committee” (JDC) to draft a Jan Lokpal Bill of India 2011. However, the JDC failed to reach at a “Consensus” and it is believed that the deadline of drafting of the Jan Lokpal Bill would pass without any such Bill being drafted.

In the meanwhile, Baba Ramdev also started his fight against widespread corruption in India. He also raised a demand to consider black money deposited in foreign bank accounts as “National Property” and to formulate a law in this regard. Unfortunately, in my personal opinion, the Government of India adopted “Unconstitutional Methods” to derail and demoralise this agitation of Baba Ramdev and he was detained and then deported from New Delhi. This entire episode is “Highly Unfortunate” and it would have been better if the matter could have been solved through “Negotiations”.

Although Indian Government has taken a “Drastic Step” yet my “Concerns” are more than that alone. In this entire episode we have forgotten about enactment of suitable Corruption Laws in India like Jan Lokpal Act of India 2011. My specific concerns at this stage are what the Indian Jan Lokpal Act 2011 must incorporate to make it Just, Reasonable, Strong, Robust and Effective. I believe that Jan Lokpal Act 2011 of India is “Not a Panacea” for all sorts of Corruption related problems in India. Nevertheless it is an important “Milestone” in the fight against corruption in India. So besides fighting Corruption, India must also focus upon Administrative, Legal and Judicial Reforms.

Further, if Jan Lokpal Act 2011 of India has to be successful it must incorporate many more issues like Technology, Whistleblower Protection, Harmonisation between Judicial and Lokpal fields, Right to Information, Mandatory Electronic Services Delivery, etc.

The Jan Lokpal Act 2011 of India must be Techno Legal to be most successful. It must “Empower” Indian Citizens not only Legally but also Electronically. E-Governance and use of Information and Communication Technology (ICT) must be an essential part of the Lokpal Mechanism. Further, the proposed Jan Lokpal Act 2011 of India must be kept “Flexible” by incorporating “Enabling Provisions” now for which Rules can be framed subsequently. This way a “Vested Right” is created in favour of Indian Citizens to fight against corruption in India and even the Government of India would have sufficient time to develop finer modalities at a later stage.

I hope India Government would consider these “Concerns and Suggestions” of mine and they would prove useful to all concerned.

Saturday, June 4, 2011

Is India Serious About Cyber Security?

Cyber security is an international issue but its dealings are still mostly national in nature. Recently the second worldwide cyber security summit was organised at London. It emerged from the summit that there are little chances of having an international cyber security treaty.

Naturally, countries are working in the direction of protecting their own turfs rather than protecting the cyberspace at large. For instance, Scotland Yard has established a cyber flying squad to fight cyber crimes. Australia has planned a cyber defence strategy to combat cyber crimes. India and US have signed a cyber security agreement. ICANN and INTERPOL have decided to ensure Internet security. The list is endless but all these initiatives have missed a crucial point.

These are “Piecemeal Efforts” and without “International Harmonisation” Cyber Crimes and Cyber Security Attacks cannot be effectively tackled, opines Praveen Dalal, managing partner of Perry4Law and CEO of Indian Human Rights Protection Centre for Cyberspace.

International Organisations must be more proactive towards fighting Cyber Crimes at International level. Time has come to abandon the “Bilateral Agreements” approach and adopt Multilateral and International Harmonisation approach, suggests Dalal.

At the national level, we are not at all good at cyber security in India. We have no cyber security strategy of India. Further, we have neither the cyber warfare policy of India nor critical ICT infrastructure protection policy of India. The worst aspect is that we have no legal framework for cyber security in India. Even the cyber law of India is redundant and impotent and it deserves to be repealed.

Our banks and financial institutions are not safe from cyber attacks. Even though a RBI working group on information security has provided guidelines to ensure cyber security due diligence by banks of India no banks has implemented these cyber security guidelines so far.

India has adopted a casual approach towards cyber security and the same need to be changed as soon as possible.

Repeal Indian Cyber Law Says Experts

Cyber law of India is present in the form of information technology act 2000 (IT Act 2000). It was drastically amended by the information technology amendment act 2008 (IT Act 2008). This amendment was supposed to strengthen the cyber law of India.

However, the IT Act 2008 made the cyber law of India impotent and ineffective. India has become a safe heaven for cyber criminals who have no fear as there is no stringent law to punish them. This is also the reason why phishing frauds and spam communications have increased a lot in India.

Although we have a Cyber Law but we do not have a Cyber Crimes Law, says Praveen Dalal, managing partner of New Delhi based ICT law firm Perry4Law and leading techno legal expert of India. This is so because after the IT Act 2008 Amendments almost all the Cyber Crimes have been made “Bailable” in India, says Dalal. The IT Act 2000 is vaguely dealing with issues like E-Commerce, E-Governance, Cyber Crimes, etc but practically it caters the requirements of none, opines Dalal.

India has committed a big mistake by incorporating provisions regarding e-governance, e-commerce, cyber crimes, etc at a single place. This way India could not do justice to either of them. This is also the reason why experts in India have been suggesting that cyber law of India should be repealed.

It would be a better approach if issues of E-governance, E-Commerce, Cyber Law, Cyber Security, Cyber Forensics, etc have “Independent Legislations” rather than clubbing them all at a single place, suggests Dalal. It would be better if the Cyber Law of India is repealed and separate laws are formulated for each of the abovementioned areas, opines Dalal.

Although this is a good suggestion but it would be expecting too much from Parliament of India that is very indifferent towards law making these days.

Privacy, Data Protection And India

India has no privacy laws and data protection laws. This is despite the fact that without these essential laws many governmental projects are simply illegal and unconstitutional. Even future technologies like cloud computing are not safe to be used in India. Further, a special protection to privacy rights in the information age is need of the hour.

However, instead of strengthening the privacy laws and data protection laws in India the government is working in the opposite directions. Indian government has increased its e-surveillance activities and established many e-surveillance oriented projects without proper legal framework.

India has launched many crucial Projects like Aadhar, National Intelligence Grid (NATGRID), Crime and Criminal Tracking Network and Systems (CCTNS), National Counter Terrorism Centre (NCTC), Central Monitoring System (CMS), Centre for Communication Security Research and Monitoring (CCSRM), etc, informs Praveen Dalal, managing partner of Perry4Law and leading techno legal expert of India. None of these Projects and Initiatives are governed by any Legal Framework and none of them are under Parliamentary Scrutiny, informs Dalal.

The latest to add to this e-surveillance wish list is the demand to ensure call data records storage for Five years. However, of all these e-surveillance projects nothing can match the Aadhar project of India or UID project of India that is hiding truth from Indian citizens. Further, illegal phone tapping in India is also a big nuisance that would be put under a scrutiny very soon.

All these illegal and unconstitutional projects are a direct violation of privacy rights and data protection rights of Indians. This lack of privacy has already stalled national intelligence grid (Natgrid) project. The truth is the irrespective of governmental claims, Natgrid is in doldrums.

India must not only formulate a good e-surveillance policy but must also enact strong and effective privacy laws, data protection laws and data security laws. The sooner they are formulated the better it would be for the larger interest of India.

Friday, June 3, 2011

Techno-Legal Measures To Prevent ATM Frauds In India

Reserve Bank of India (RBI) has recently released the report of its working group on securing card present transaction that covers ATM security as well. RBI has also prescribed cyber security due diligence for banks of India. Despites these pro active steps, ATM frauds are increasing in India.

ATM frauds are executed by techniques like wire tapping, replicating the digital signature of the card, getting authentic personal data at fake data call centres, tampering ATM slots by rigging, phishing through e-mail accounts and fixing hidden cameras at vantage points inside ATM installations to steal the secret PIN number of the customers. Fraudsters use special devices like skimmers, duplicate ATMs, to withdraw stacks of money from ATMs.

In this interview of Praveen Dalal, Managing Partner of New Delhi based ICT Law Firm Perry4Law and leading Techno Legal Expert of India, he has shared the techno legal methods to prevent ATM Frauds in India. ATM frauds can be tackled by using techno legal measures alone.

Q-1 Apart from the spamming and phishing, what are the various kinds of ATM frauds? Please specify the ones that take place at the ATM machine or at the counter.

A.1 ATM frauds happen when someone leaves his/her credit card unattended in a vehicle or changing room or allows anyone else to use the card or looses the card that is misused by others or discloses the Personal Identification Number (PIN) to others, etc. These mistakes allow the offender to withdraw money by using the stolen information. Fraudsters are using special devices, skimmers, duplicate ATMs, etc to withdraw money from ATMs. Sometimes such frauds are an insider job with the collusion of the employees of the company issuing those cards.

Q-2 Out of all the techniques, which one is the most common?

A.2 The misuse of disclosed PIN for withdrawing money is the most common techniques used for committing ATM Frauds.

Q. 3 What the individual can do to avoid their money from being siphoned off due to ATM fraud?

A.3 Some basic precautions by the card holders can be very effective in preventing ATM frauds. For instance, never leave your credit card unattended in a vehicle or changing room, never allow anyone else to use your card, always retain sales/charge slips to compare with the amount specified on the billing statement, do not disclose your PIN to anyone, etc.

Q. 4 Is any new technology available to handle ATM frauds? If yes, please elaborate.

A.4 The technological mechanisms like Designated time, Microchip technology, Biometric tokens, Enhanced security, ATM Monitoring, Customised softwares, Customer motivation, Alerts, etc can be used to minimise and prevent ATM frauds in India.

Q.5 What is the scenario abroad? Are ATM frauds more rampant outside?

A.5 The culture of e-banking is more prevalent in foreign countries. Obviously, the menace of ATM frauds is more in those countries. However the problem of ATM frauds is global in nature and its ramifications have been felt in India as well. Information and Communication Technology (ICT) is forcing Indian legal system to adapt itself as per its requirements. Presently, there is a lack of legal enablement of ICT systems in India and we need good laws in this regard.

Q. 6 What does IT Act 2000 say about ATM frauds?

A.6 The IT Act, 2000 does not contain any specific provisions regarding the same and the traditional law of IPC, 1860 also cannot be relied solely and independently to tackle this problem. We need a better law for this purpose and Perry4Law has already provided its suggestions and recommendations in this regard and other ICT related matters to the Government of India, Department of Information Technology, Department of Science and Technology, Prime Minister’s Office, etc. Till we have suitable and apt laws, we must apply existing laws in a purposive and updating manner.

Are Indian Banks Ready For Cyber Due Diligence?

Recently Reserve Bank of India (RBI) constituted a working group on information security that gave its report to RBI. Subsequently RBI issued a notification asking the bank to follow the guidelines and recommendations mentioned in the notification. The notification had demarcated the immediately implementable and subsequently implementable aspects of these recommendations.

This “notification” has set a specific timeline for implementation of the final recommendations of working Group. While not all these recommendations are immediately implementable yet some of them are and banks of India must comply with the same till October 31, 2011, informs B.S.Dalal, senior partner of New Delhi based law firm Perry4Law and an ex manager of RBI. These mandatory recommendations pertain to policies and procedures which do not require extensive investment, informs Dalal.

In order to provide focused project oriented approach towards implementation of these guidelines, banks would be required to conduct a formal gap analysis between their current status and stipulations as laid out in the circular and put in place a time-bound action plan to address the gap and comply with the guidelines.

However, banks need to ensure implementation of basic organizational framework and put in place policies and procedures which do not require extensive budgetary support, infrastructural or technology changes, by October 31, 2011. The rest of the guidelines need to be implemented within period of one year unless a longer time-frame is indicated in the circular. There are also a few provisions which are recommendatory in nature, implementations of which are left to the discretion of banks.

It is clear that not all provisions of the report are discretionary but only a small portion of the same. Banks have to establish adequate cyber security and cyber due diligence mechanisms within stipulate periods otherwise action can be taken against them by RBI.

Recently RBI imposed penalty upon 19 banks for non compliance of prescribed standards. Similarly, RBI has also directed that any strictures passed against directors of a bank by any financial sector regulators must be reported to it. Non compliance of the recommendations of RBI working group may attract both penalty and strictures, suggest B.S.Dalal.

The notification also suggests a quarterly review process and the first calendar quarter after the issue of the guideline falls on 30th June 2011. Banks must do the needful in their own interest. They may also seek the expert techno legal services of Perry4Law and Perry4Law Techno Legal Base (PTLB) in this regard. Interested banks and financial institutions may contact them in this regard.