Sunday, January 15, 2012

Google and Facebook In Indian Cyber Law Tangle

Internet intermediaries in India are required to follow certain due diligence requirements under the cyber law of India incorporated in the information technology act, 2000 (IT Act 2000). If they fail to observe such cyber due diligence, the safe harbour protection available under the IT Act 2000 is lost.

While pre screening of contents and expecting Internet intermediaries like Google, Facebook, Microsoft, Yahoo, YouTube, Linkedin, etc to keep a vigil watch upon the Internet is simply unreasonable and unrealistic yet asking Internet intermediaries to block or remove offending contents, after they have been duly notified in this regard, is a genuine need and reasonable demand.

Such removal or non removal of objectionable and offending contents cannot be considered to be right or wrong as per Internet intermediaries or Indian government’s viewpoint. Rather an independent analysis of the same must be made by courts keeping in mind the facts and applicable laws.

Further, there must be uniformity in application of Indian laws to all in similar situations. If there is a discrimination against foreign companies and favour for domestic companies, this undermines the confidence and trust of online community world over. For instance, recently Reliance and Airtel blocked websites in India whose legality is still doubtful. Department of information technology (DIT) must investigate such blocking in order to rule out favoritism for domestic companies.

It has also been reported that social media websites users in other states of India are planning to engage in legal battles in such states to access any blockage of such websites. Legally they can do so but in the long run such a move would be counter productive.

Companies like Google and Facebook would appear today before the Delhi High Court to prove their innocence in the recently filed criminal case before a trial court. In fact, the trial court has asked the representatives of the parent companies to appear before it and face the trial.

Clearly, the argument of being a subsidiary has kicked back and now the parent company has to face the trial. Even if the subsidiaries are exempted from any criminal liability, the liability of parent company is now emerging as an even bigger issue. Let us see how Delhi High Court would decide the case today.

How Would Google, Facebook, Microsoft And Yahoo Approach Delhi High Court?

Recently the Indian government granted its approval to criminally prosecute companies like Google, Facebook, Microsoft and Yahoo for posting objectionable contents on their websites. Indian government claims that despite repetitive requests being made to these websites, they failed to remove the objectionable contents from their websites.

Before that companies like Google and Facebook approached the Delhi High Court to quash the complaint against them. However, the Delhi High Court refused to do so and this cleared the way for continuance of the complaint against these companies. With the granting of sanction by central government under section 196 of the Code of Criminal Procedure (CrPC), 1973, the criminal trial against these companies can now be started for diverse offenses under Indian laws.

The trial court has adjourned the matter till March 13, 2012. The trial court has also directed the external affairs ministry to serve the summons issued to foreign-based social networking and other websites. With this the excuse of being an Indian subsidiary is also gone and now parent companies would have to face the heat and their executives have to appear personally before the trial court. Now the Delhi Police can also prosecute these parent companies after the sanction has been received.

The representatives of companies may or may not appear before the trial court. If they appear, they have to face the trial and prove their innocence as per Indian laws. If they do not appear, this may have serious ramifications that these companies cannot afford to face.

On 16th January 2012 the Delhi High Court would hear further arguments of these companies. However, it seems the matter would not be settled easily and lightly by Delhi High Court. Techno legal experts like Praveen Dalal have been warning against unconstitutional cyber laws in India. He was the only cyber law expert of India who protested against the information technology amendment act 2008 (IT Act 2008) in its present form that is root of all present cyber law related distortions in India.

According to Praveen Dalal, the cyber law of India should be repealed. There is no second opinion about the fact that the cyber law of India needs urgent reforms if not a repeal. However, the companies like Google, Facebook, Microsoft, Yahoo, etc cannot complain now when they did not complain earlier at the time of IT Act 2008, opines Praveen Dalal. Now the IT Act 2000, as amended by the IT Act 2008, is the law of the land and these companies must follow the same, suggests Dalal.

It seems these companies are in hot water as they have not complied with Indian cyber laws requirements and now they cannot turn back and question the very same cyber law that they silently endorsed earlier.

Saturday, January 14, 2012

DOT India Must Investigate Reliance Websites Blocking Case

The department of information technology (DIT) is the concerned department that deals with issues pertaining to websites blocking in India. DIT has prescribed a standard procedure if an individual or company wishes to get a website blocked in India. Such procedure has been prescribed under the information technology act 2000 (IT Act 2000) and its rules that is the cyber law of India.

In a recent criminal case, a trial court of Delhi has asked representatives of companies like Google, Facebook, Yahoo, Microsoft, etc to appear in person. If these companies fail to make a proper representation and comply with Indian laws, Indian government can block their websites in India.

Every country has this right to block websites to enforce its national laws and India is not unique in adopting this approach. However, the laws of website blocking must be uniformly applied without any discrimination. If foreign websites and companies are treated stringently then domestic websites and companies must also be treated similarly.

According to Praveen Dalal, managing partner of law firm Perry4Law and leading cyber expert of Asia, Websites can be “Legally Blocked” in India on the direction of a Competent Court of India if these Websites fail to “Comply” with such Court’s Directions. Further, Websites can also be blocked in India if the Designated Officer, appointed by Indian Government, Directs an Indian Government Agencies like Computer Emergency Response Team, India (CERT-IN) to block such Websites, informs Praveen Dalal.

Clearly, there is no provision where private individuals or companies can block websites according to their own whims and fancies. Recently, doubts about the legality of websites blocking by Reliance entertainment have surfaced. If DIT wishes to maintain a neutral and justice oriented approach towards all companies and websites, then it must investigate whether Reliance entertainment has blocked such site legally or illegally?

If telecom companies are allowed to block websites by bypassing Indian cyber law, then the entire purpose of the same is frustrated. Further, in such situations it is wrong to ask companies like Google, Facebook, Yahoo, Microsoft, etc to comply with Indian laws.

DIT must first set its own home in order so that its can ask others to follow its directions. This episode of Reliance has put a question mark upon the very system that has been used in India to block domestic and foreign websites. We hope Reliance in general and DIT in particular would publicly come up with an explanation in this regard.

Friday, January 13, 2012

Has Reliance Entertainment Blocked Websites Illegally In India?

Broadly speaking, websites blocking in India can be done either by a court order or by an order of competent authority of Indian government. There is nothing that allows private individuals or companies to block websites on their own and in their self interests. It is also now well settled that Indian government can and should block offending websites if they fail to comply with Indian laws.

Many US based websites and social media platforms are showing great reluctance to comply with Indian laws and requests originating out of the same. These include companies like WordPress, Google, Facebook, etc. Similarly, many Indian websites may be involved in copyright violations and other contraventions and may not be responsive to demands originating from US. Naturally, countries have no other option but to block such websites in their respective jurisdictions either by a court order or by enacting draconian laws like SOPA and PIPA.

However, such blocking of websites by any country must be done in a proper manner. According to Praveen Dalal, managing partner of law firm Perry4Law and leading techno legal expert of India, Websites Blocking in India by Judiciary must be Just, Reasonable and Fair. There should not be an “Unreasonable” or “Casual Approach” towards Blocking of Websites in India by Indian Courts. If Websites are “Violating” Laws of India and they have been “Notified” to this effect and still they “do not Remedy the Situation”, then the Safe Harbour Protection under Indian Information Technology Act, 2000 is “Lost” and such Websites/Owners can be Prosecuted in India, informs Praveen Dalal.

Such Websites can be “Legally Blocked” in India if they fail to “Comply” with Court’s Directions or Directions of Indian Government Agencies like Computer Emergency Response Team, India (CERT-IN) that are duly ordered in this regard by a Designated Officer, informs Praveen Dalal.

In this background we must analyse the recent blocking of foreign websites in India. Recently, Reliance Entertainment has once again convinced the court to issue an order in its favour or at least it is interpreting it so. The broadband customers of Reliance were not able to access certain legitimate file sharing/hosting websites as Reliance blocked such sites. Hints have been given that CERT-In has not been involved in this process at all and Reliance blocked the website unilaterally. The same websites were accessible on the networks of other ISPs.

Naturally, the question arises has the Delhi High Court ordered such blocking of websites? The relevant portion of order of Delhi High Court reads:

“One can also not lose sight of the fact that film piracy in respect of such new release is not uncommon and judicial note of this fact can be taken. In the facts of this case as detailed above, in my view plaintiff (Reliance) has succeeded in making a, prima facie, case in its favour. Plaintiff has exclusive copyright over the film “DON2” which is yet to be released. For the forgoing reasons, defendants and other unnamed and undisclosed persons (websites), are restrained from copying, recording or allowing camcording or communicating or making available or distributing, or duplicating, or displaying, or releasing, or showing, or uploading, or downloading, or exhibiting, or playing, and/or defraying the movie “DON2” in any manner without a proper license from the plaintiff or in any other manner which would violate/infringe the plaintiff’s copyright in the said cinematograph film “DON2” through different mediums like CD, DVD, Blue- ray disc, VCD, Cable TV, DTH, Internet services, MMS, Pen drives, Hard drives, Tapes, CAS or in any other like manner”.

Obviously this is a simple order of temporary injunctions and not blocking of any website whatsoever. On what basis Reliance Entertainment, as an Internet service provider (ISP), blocked websites in question is still not clear. In fact, from the bare reading of these facts and order, it seems Reliance Entertainment illegally blocked such websites in India.

Cert-In must investigate this matter unless it has itself given permission to block such websites. However, this does not seem to be the case and now it is for the Reliance Entertainment and Cert-In to explain this unreasonable websites blocking and Internet censorship behaviour.

Indian Government Can And Should Block Offending Websites

Lots of hue and cry has been seen these days due to the stern warning of Delhi High Court to block websites that do not comply with Indian laws and legal demands arising out of the same. It seems the mainstream media is not understanding the situation and just hysterically reporting the matter for the sake of reporting.

The better news is that the Indian government has sanctioned prosecution of websites and social networking platforms like Facebook, Google, Microsoft and Yahoo India over objectionable content on their sites. Now the question arises is blocking of Facebook, Google, Microsoft, Yahoo, etc in India is required? Can Indian government block such websites and should it block such websites?

The answer is very simple. Yes it can and in fact Indian government should block all such websites that do not comply with Indian laws as in force. Few of us already believe that such websites must be blocked in India if they violate copyright and other laws of India and fail to comply with them despite them being suitably notified.

In fact, Indian government has already started the process in this regard. Filing its reply in the trial court the government gave its nod to invoke serious charges against the accused websites.

Meanwhile, the trial court on Friday adjourned till March 13, the hearing in the case of 21 social networking sites allegedly hosting objectionable content. The court has directed the external affairs ministry to serve the summons issued to foreign-based social networking sites and websites. The efforts of trail court are worth praising and let us hope that these efforts would come out with a concrete result.

So what is the law of India in this regard? According to Praveen Dalal, managing partner of law firm Perry4Law and leading techno legal expert of India, Websites Blocking in India by Judiciary must be Just, Reasonable and Fair. There should not be an “Unreasonable” or “Casual Approach” towards Blocking of Websites in India by Indian Courts. If Websites are “Violating” Laws of India and they have been “Notified” to this effect and still they “do not Remedy the Situation”, then the Safe Harbour Protection under Indian Information Technology Act, 2000 is “Lost” and such Websites/Owners can be Prosecuted in India, informs Praveen Dalal.

Thus, as far as prosecution of these accused websites are concerned that is perfectly legal as per Indian laws. Now let us examine the desirability of blocking of such websites if they do not comply with orders of Indian courts. Websites can be “Legally Blocked” in India if they fail to “Comply” with Court’s Directions or Directions of Indian Government Agencies like Computer Emergency Response Team, India (CERT-IN) that are duly ordered in this regard by a Designated Officer, informs Praveen Dalal. So even blocking of such websites is justified and legal in India.

I am sure when the Delhi High Court would hear the accused websites lawyers in next hearing; the offending contents would be already removed by these websites. There was no need to drag the matter to such an extent and the offensive material should have been deleted earlier. All that was required to be seen was whether the offending material in question violates any law of India. If it does the material must be removed after the communication in this regard is duly made to the concerned website.

You have a right to speech and expression but you cannot defame others and post pornographic materials upon sites. The poster of such material is definitely liable for punishment but even the Internet intermediaries like websites and social media websites loose their safe harbour protection if they fail to exercise due diligence.

There is nothing new in this position as even US laws like Digital Millennium Copyright Act (DMCA) 1998 do not extend safe harbour protection if the internet intermediary fails to observe due diligence. When these websites are following similar norms, rather more stringent one, in US why they are reluctant in doing so in India. The entire episode has shown just one thing that these websites do not wish to follow Indian laws and if they cannot be successfully tried in India, blocking of such websites is a good option.

I am a firm believer of civil liberties in cyberspace and am against unreasonable and illegal technology control, e-surveillance, Internet censorship and websites blocking, but i also believe that laws of various countries must be followed by all as well. Thus, Indian government and courts can and should block these websites in India if they keep on ignoring Indian laws anymore. Of course, those who wish to access such websites in India can still access the same through anti censorship mechanism.

Sunday, January 8, 2012

Should Wordpress.Com Be Blocked In India For Copyright Violations?

A Wordpress.Com hosted blog named legal locus, managed by author/owner Raghu Vamsy Dasika, has recently engaged in copyright violation. These things are common in cyberspace and so are the redressal mechanisms to resolve copyright infringement complaints.

The article e-banking in India is not safe has been posted without our approval. Even another article titled mobile banking cyber security is required in India has been posted without permission. Complaints with Wordpress.Com were made on three different grounds yet Wordpress is adamant upon using DMCA procedure to remove apparent copyright violating posts.

What I have realised from this episode is that lack of international harmonised cyber law is the main problem as we have no universally applicable cyber law. Situations like these suggest that an international cyber law treaty is urgently required. Strangely, intellectual property rights (IPRs) are protected by TRIPS Agreement at the international level to which both India and US are parties. Despite this Internet intermediaries like Wordpress have developed their regional procedures with great disregard to International comity and cooperation.

The real problem is that when there is a clear copyright violation, insisting upon following a DMCA notice procedure by a non citizen and international entity is more a problem and façade and a supporting tool to copyright infringer than a solution. The US government in general and US Department of Justice in particular must device some mechanism so that sites like Wordpress.com must comply with international laws as well especially when countries like India and US are both parties to the TRIPS Agreement. Otherwise such episodes can affect mutual harmony and international relations between various countries.

Similarly, the Indian department of telecommunication (DoT) in general and computer emergency response team, India (Cert-In) in particular must device some mechanisms to make companies like Wordpress.Com liable for cyber crimes and IPRs violations if the matter has been brought to their knowledge. If such websites fail to comply with Indian laws, they should be blocked in India. This is more so if a website continuously flouts Indian laws. Wordpress is consistently denying removal of copyright infringing articles from its platform. It seems Wordpress policy and TOS is encouraging copyright violations than curbing the same. If this is not enough, Wordpress is also engaging in censorship of blogs unilaterally without any information to the blog owners.

Now the big question is what should Indian government do to make sites like Wordpress follow Indian laws? If a site or platform has no base in India, it would obviously prefer to apply the law of its country. However, this does not solve the problem of copyright violations and cyber crimes committed by using such platform in India. Blocking of such platform in India may be a viable option to get the Indian laws enforced at such platforms.

However, in India there are no rules and mechanisms through which private individuals can request blocking of websites like Wordpress.Com. India must amend its rules in this regard so that private individuals can enforce their rights as well.

Alternatively, DoT and Cert-In can act on the basic of public information like the present article after being satisfied of a prima facie case in this regard. Sufficient is to say that when copyright violation is apparent on the face of a case, that should be sufficient ground for DOT and Cert-In to block a site if it fails to act even after a written notice pointing towards such copyright violation. Let us see how US Department of Justice, DoT and Cert-In reacts to this proposal.

Consumer Protection (Amendment) Act, 2011 Proposes E-Filing

Consumer Protection Act, 1986 is one of the most pro active laws of India. It was serving its legislative purpose very well till information and communication technology (ICT) related issues overshadowed its utility. Telecom disputes and consumer protection in India received biggest jolt when the Supreme Court of India ousted the jurisdiction of consumer forums over telecom related disputes. The Supreme Court order declared that in case of telecom disputes, consumer forums/courts do not have jurisdiction as appropriate remedy is by way of arbitration.

This was not a good decision and it needs to be “Reviewed” by a Larger Bench of Supreme Court, suggests Praveen Dalal, Leading Techno Legal Expert of India and managing partner of techno legal ICT law firm Perry4Law. While the ambit, scope and merit of the order is debatable and controversial, yet it would be a good idea if the Consumer Protection Act (CPA) is properly amended to neutralise this decision, opines Dalal.

According to Dalal, the CPA was enacted long time back and contemporary ICT related disputes and dispute resolution mechanisms were well beyond Parliament’s contemplation at that time. However, it is high time for the Department of Consumer Affairs in general and Parliament of India in particular to bring suitable amendments in the CPA to make it more effective and responsive, suggests Dalal.

It seems the Parliament of India has agreed with the suggestions of Praveen Dalal regarding use of ICT for consumer dispute resolution mechanism in India. The proposed draft Consumer Protection (Amendment) Bill 2011 has now suggested using electronic mode for filing consumer complaints to the District Forum.

This is a good step in the right direction, says Praveen Dalal. However, the proposed Amendments have still to “Nullify” the decision of Supreme Court regarding Telecom Disputes in India. It would be a good idea if the Parliament of India also includes a provision to this effect in the proposed Bill, suggests Dalal.

These are good suggestions and hopefully Indian Parliament would incorporate them while passing the ultimate amending bill.

Saturday, January 7, 2012

UIDAI Thinks It Is Above Indian Constitution

Unique Identification Authority of India (UIDAI) is managing one of the most controversial projects of India known as Aadhar project of India. Till now it is well known and established that Aadhar project of India is unconstitutional, undemocratic and anti parliamentarian. This is also the reason that in all probability Aadhar project of India would be scrapped.

Although UIDAI framed a legal framework titled National Identification Authority of India Bill-2010 (NIDAI Bill 2010) yet techno legal experts like Praveen Dalal out rightly rejected such Bill. He maintained that in the absence of various Procedural and Constitutional Safeguards in the proposed Bill, both Aadhar Project and UIDAI were Unconstitutional. Even today, Aadhar Project and UIDAI are Unconstitutional, opines Praveen Dalal.

However, UIDA persisted in its endeavours without meeting the constitutional requirements and the NIDAI Bill 2010 was finally rejected by the Parliament's standing committee on finance. The panel unanimously recommended that the government should withdraw the present NIDAI Bill 2010 and bring a new one. Further, the committee also found the Aadhar project directionless and recommended that the project should reviewed by bringing in a fresh Bill. This seems to be acceptance of the suggestions provided by experts like Praveen Dalal and endorsing the concerns raised by Aadhar Watch Initiative of India.

So for the time being the UIDAI is functioning under an executive order of the ministry of planning. So legally Aadhar project and UIDAI are working without any legal framework and with great disregard to the constitutional requirements. If this was not enough, UIDAI director general R.S. Sharma believes that the authority will take up the legal framework matter at the Union cabinet level and continue to function as per the mandate of the planning ministry.

He is of the opinion that the need for legislation was felt to give a separate and independent role to the UIDAI so that the process becomes fast, easy and flexible but in case any proposed Bill is not passed, work of the authority is not going to be affected.

This is a strange opinion that shows how our constitution and parliamentary functioning is of no significance to the executive of this nation. The executive branch of Indian constitution is simply bypassing the Indian parliament and constitution of India with great disregard to the constitutional safeguards. This explains how the Aadhar project and UIDAI continued unconstitutionally for such a long period of time. This is also a warning that constitutional failure is imminent if this approach continues for long.

Friday, January 6, 2012

Cloud Computing in India Is Still Not Trusted

Cloud computing in India has not been able to generate trust among various cloud computing users. As per the research and studies of Perry4Law and Perry4Law Techno Legal Base (PTLB), cloud computing in India is risky and India is not ready for cloud computing. Now even other companies have endorsed this conclusion and it has been reported that chief information officers (CIOs) in India are not comfortable using cloud computing in India.

India has no legal framework for cloud computing and cloud computing regulations in India are missing. India has no dedicated privacy laws, data protection laws and data security laws. Even leading techno legal expert of India Praveen Dalal believes that India should not use Software as a Service (SaaS) and cloud computing for crucial governmental services.

In these circumstances, use of cloud computing in India is a landmine for privacy violations. Further, the cyber law of India also prescribes cyber law due diligence in India that must be adhered to by cloud computing service providers in India. Even cloud computing due diligence in India is required to be followed. Similarly, the cloud computing security in India must also be ensured.

In these circumstances, it is safe to conclude that India is not ready for cloud computing and before conditions are not made favourable cloud computing should not be used in India.

Thursday, January 5, 2012

Securing Critical National Infrastructure Of India From Cyber Attack

This is the updated version of my previous article on similar topic. Lots of changes have taken place since then and it is essential to incorporate those changes in this new piece of article.

The cyber security trends in India 2011 by Perry4Law Techno Legal Base (PTLB) indicate that cyber security in India is still ignored by various stakeholders. Whether it is banks or strategic computers of Indian government, all of them have proved to be vulnerable to cyber attacks.

Highly sophisticated malware like Duqu, Stuxnet, etc targeted India in the year 2011 and India is still investigating the Duqu malware. Indian nuclear facilities, automated power grids, satellites, defense networks, governmental informatics infrastructures, etc are vulnerable to sophisticated cyber attacks. It is still not clear whether Indian satellites are safe from cyber attacks.

The supervisory control and data acquisition (SCADA) systems may be the new cyber attack priority for cyber criminals and rouge nations. We must ensure sufficient cyber protection of SCADA systems in India in general and critical infrastructure in particular. In short, Indian defense and security against cyber warfare needs to be streamlines to meet the growing cyber attacks upon its critical infrastructures.

Although cyber security in India has started gaining attention of Indian government yet the cyber security initiatives of Indian government are still far from satisfactory. We do not have a cyber security policy in India that clearly stipulates the cyber security strategy of India.

Cyber security of India is also an essential part of national ICT policy and strategy of India. However, despite some very good suggestions by experts, India has not taken cyber security seriously. On the other hand, the International Community is focusing really hard to make cyber security an essential part of their day to day lives.

Internationally, it is an accepted fact that to ensure effective cyber security, there must be a coordinated and collaborative approach, metrics and assessment tools must be developed, an effective legal and policy framework for cyber security must be created and the human dimension of cyber security must be addressed.

Although there are numerous aspects of Cyber Security Policy of India yet Critical Infrastructure Protection in India and Critical ICT Infrastructure Protection in India are the most important aspects of the same, informs Praveen Dalal, leading techno legal expert of India and managing partner of New Delhi based techno legal law firm Perry4Law. The Critical National Infrastructure of India is under constant cyber attacks and India must urgently do something in this regard, informs Dalal.

Experts like Praveen Dalal also feel that India does not have strong and effective cyber laws to deal with issue pertaining to critical infrastructure. India is blind towards cyber law, cyber security and cyber forensics requirements. The IT Act, 2000 is a poorly drafted law and badly implemented legislation. It is weak and ineffective in dealing with growing cyber crimes in India as it is the most soft and cyber criminal friendly legislation of the world.

Thus, on all the fronts of policy, legal framework and effective cyber security initiatives, India has failed to give proper attention. In these circumstances, critical national infrastructures of India are at grave cyber security risks. They are vulnerable to cyber threats and cyber attacks. India must urgently do something in this regard as soon as possible.