Monday, December 7, 2015

Cyber Security Problems And Challenges in India: Report By Perry4Law Organisation (P4LO)

Cyber security is a techno legal field that requires patience and techno legal expertise to practice. India has been a late entrant in the cyber security field and a robust and resilient cyber security infrastructure in India is still missing. We have a national cyber security policy of India (NCSP) 2013 but the same has remained on paper only so far. An analysis of the existing cyber security policy of India would reveal that India has still to do its homework in the cyber security field. We at Perry4LawOrganisation (P4LO) believe that a new and proper cyber security policy of India 2015 must be urgently formulated by Narendra Modi government.

With fast urbanisation and stress upon establishment of smart cities, which mainly depends on information and communication technologies (ICT) to provide public services, we can expect increased number of cyber attacks upon critical infrastructure of India. The critical infrastructure protection in India (PDF) has its own challenges and issues. Similarly, smart cities cyber security in India would have their own problems and solutions. There is no second opinion that cyber attacks are going to increase further and this would raise complicated international legal issues of cyber attacks and cyber security.

For instance it was reported in 2014 that there was a 136% increase in cyber threats and attacks against Indian government organisations as compared to the previous year. Similarly, there was 126% increase in attacks targeting financial services organisations. There is no doubt that a strong cyber security infrastructure is need of the hour in India. Even the national cyber security policy of 2013 must be substituted with the new cyber security policy of India 2015.

Perry4Law Organisation (P4LO) has been suggesting formulation of the encryption policy of India (PDF) for long. As a result Indian government tried to bring an encryption policy recently under Section 84A of the Information Technology Act, 2000 (IT Act 2000) but it was highly defective. The government ultimately scrapped the encryption policy but it need to be formulated in a proper manner again.

As on date we are facing the following cyber security challenges in India:

(1) Cyber security is not a very easy process to manage. It requires both technological expertise and legal compliances which are lacking in the country.

(2) There are no dedicated cyber security laws in India, except one or two sections in the the IT Act 2000 which also has its shortcomings such as lack of privacy, lack of civil liberties protection, absence of cyber security breaches disclosure norms etc.

(3) The IT Act 2000 was passed to govern legal issues of e-commerce, e-governance, cyber crimes, etc. But, according to experts, new and better techno-legal laws must be enacted in place of the old law. Techno legal experts believe that Indian laws like IT Act 2000 and telegraph act require urgent repeal and new and better techno legal laws must be enacted to replaces these laws.

(4) On 13 April 2015, the government announced that the Ministry of Home Affairs would form a committee of officials from the Central Bureau of Investigation, Intelligence Bureau, Delhi Police, National Investigation Agency and ministry itself to produce a new legal framework similar to the erstwhile Section 66A of IT Act 2000. However, it is still to be enacted as per the information available with Perry4Law Organisation (P4LO).

(5) Many critical cyber security related issues need to be taken care of such as critical infrastructure protection, cyber warfare policy (PDF), cyber terrorism, cyber espionage, e-governance cyber security, e-commerce cyber security, cyber security of banks, etc.

(6) The cyber security obligations of stakeholders like law firms, e-commerce websites, directors of companies, Government departments, thermal power sector, power and energy utilities, etc must be properly understood and effectively implemented in India.

India is presently facing many type of cyber security threats. These include sophisticated cyber attacks, cracking, child pornography, cyber stalking, denial of service (DoS) attacks, distributed denial of service (DDoS) attack, malware infections, zero day vulnerabilities, phishing attacks, data theft, etc. In June 2012, cyber attacks were reported on the Indian Navy’s Eastern Command systems. On July 12, 2013, just few days after the release of the National Cyber Security Policy, several high-level GOI officials reported their emails had been hacked. A report later on revealed that almost 12,000 systems were hacked which included systems from the Ministry of External Affairs, Defence Research and Development Organisation, Ministry of Home Affairs, National Informatics Centre etc. There are also few reports of Pakistan indulging in threatening cyber warfare. Hacker groups based out of Karachi and Lahore have in recent years managed to hack the websites of the Central Bureau of Investigation (CBI) and the Bharat Sanchar Nigam Limited (BSNL) mostly to leave hate mail. It is widely believed that regional terrorist outfits, like the Indian Mujahideen (IM) have also made use of social media sites to communicate effectively.

Perry4Law Organisation (P4LO) has provided the following suggestions to Indian government from time to time:

(1) The Narendra Modi government must take cyber security of the country seriously considering the ever-increasing cyber security challenges in India.

(2) It is high time that India must be cyber prepared to protect its cyberspace.

(3) Draft of the National cyber security policy of India 2015 should be formulated as soon as possible.

(4) There must be a dedicated cyber security law of India keeping in mind contemporary cyber security threats.

(5) Cyber security disclosure norms in India must be formulated as soon as possible.

(6) The cyber security awareness in India must be further improved and spread so that various stakeholders can also effectively take part to the implementation of cyber security initiatives of Indian government.

Perry4Law Organisation (P4LO) hopes that this cyber security research report of India would be useful to all cyber security stakeholders in India and foreign jurisdictions.

Sunday, November 22, 2015

Digital India Project Of India Lacks Cyber Security Infrastructure

In this article, Praveen Dalal, Managing Partner and CEO of Perry4Law Organisation (P4LO) and PTLB, is discussing shortcomings of Digital India project of Indian government. Digital India and cyber security issues in India have been ignored by Indian government so far and this article is addressing that aspect as well.

The success or failure of any project depends upon it due research and analysis. Without a proper homework and due diligence, a project may face many shortcomings, lacuna and limitations. One such project is known as Digital India. As on date, the Digital India project of India government is heading towards rough waters and problems. This is because Digital India project is suffering from many shortcomings and limitations that Indian government has failed to remove.

For instance, the cyber security infrastructure of India is not in a good shape. Take the example of smart grids cyber security in India. India is contemplating using of smart meters but the same has become a headache for the power companies. Even a Grid Security Expert System (GSES) of India was suggested by Indian government in the past but the same has not been implemented till now.

The Digital India Project of India Government is the classic example of use of Information and Communication Technology (ICT) for delivery of public services. Like any great project, Digital India is also suffering from some “Shortcomings”. The chief among them are lack of Cyber Security, ineffective Civil Liberties Protection, absence of Data Protection (PDF) and Privacy Protection, unregulated E-Surveillance in India, absence of Intelligence Agencies Reforms in India, etc.

Unfortunately, the initial objective of public delivery of services through use of ICT seems to be fading away day by day. Instead of public services the focus has now been shifted towards e-surveillance and data mining. To make this work, Indian Government has been using e-surveillance projects like Aadhaar, Central Monitoring System, Network and Traffic Analysis System (NETRA), National Intelligence Grid (NATGRID), National Cyber Coordination Centre (NCCC), etc. None of them is supported by any “Legal Framework” and “Parliamentary Oversight”.

In fact, Vodafone has confirmed that India has been using “Secret Wires” in the Telecom Infrastructure to indulge in e-surveillance. Indian Department of Telecommunications suppressed the whole incidence with a mere assurance of “Investigation” that never took place. As per my personal information, no “Public Report” was made available in this regard by Indian Government so far.

In a latest twist, the Indian Government clubbed its latest Project named Digital Locker with Aadhaar. Essentially it means that Digital Locker is a legal project based upon illegal technology named Aadhaar. I have serious doubts that Digital Locker would serve its or Digital India’s purpose in these circumstances. The matter does not end here. Indian Government has claimed before the Supreme Court that Aadhaar is not mandatory for availing public services. However, this stand of Indian Government is not correct as Aadhaar has already been made compulsory for many public services and many more are added on regular basis.

Surprisingly, Supreme Court has not invoked either the Contempt or the Perjury proceedings against Central Government and States for making false claims and giving incorrect statements. Is not it the duty of Supreme Court to protect the Fundamental and Human Rights of Indian Citizens and residents? It is difficult to believe that Supreme Court is not aware of the ground situation that is actually happening in India. How can the Supreme Court simply rely upon false and misleading statements and allow the Central Government and States to operate in a manner that is clearly prejudicial to the Constitutional Protections and Principles?

It would be really unfortunate if Digital India Project is made the biggest Panopticon of Human History and an endemic E-Surveillance Instrumentality for the Indian Government where every bit of “Digital Information” can be accessed and manipulated by Indian Government. If this is the intention of Indian Government then Digital India Project is heading for rough waters.

Wednesday, November 4, 2015

Smart Cities Cyber Security In India: The Problems And Solutions

Smart cities are the future of urbanisation and population sustainability. The aim of smart cities is to provide a conductive environment for living, commercial activities, healthcare and overall development. Smart cities also predominantly rely upon use of information and communication technologies (ICT) to render public services. Wherever applicable, Internet of Things (IoT) (PDF), cloud computing and virtualisation and machine to machine (M2M) system usage is also there. However, this omnipresent usage of ICT, IoT, M2M, cloud computing, etc has a potential drawback as well in the form of indifference towards smart cities cyber security.

It is not difficult to visualise a scenario of cyber attacks against the critical infrastructures of the smart cities that are run by ICT and technology. Such a cyber attack can cripple the entire smart city if properly executed. Critical infrastructure protection in India (PDF) is still at nascent stage. The national cyber security policy of India 2013 is also very weak and even that has not been implemented by Indian government so far. The much awaited cyber security policy of India 2015 is also missing so far.

A strong cyber security infrastructure of India is need of the hour especially when there is no well settled international legal issues of cyber attacks that can be invoked in the case of a cyber incidence. It is very important that international legal issues of cyber attacks must be resolved by various government and non government stakeholders. There is no globally acceptable cyber law treaty and cyber security treaty (PDF) that can govern the relationships between various countries.  Even the Tallinn Manual on the International Law Applicable to Cyber Warfare  (PDF) is just an academic document with no legal binding obligations. The truth is that Tallinn Manual is not applicable to international cyber warfare attacks and defence and countries are free to take measures as per their own choices.

This has necessitated that cyber security related projects in India must be not only expedited but they must also be successfully implemented as soon as possible. Unfortunately, cyber projects like National Cyber Coordination Centre (NCCC) of India, National Critical Information Infrastructure Protection Centre (NCIPC) of India, Grid Security Expert System (GSES) of India, National Counter Terrorism Centre (NCTC) of India, Cyber Attacks Crisis Management Plan of India, Crisis Management Plan Of India For Cyber Attacks And Cyber Terrorism, Cyber Command For Armed Forces Of India, Tri Service Cyber Command for Armed Forces of India, Central Monitoring System (CMS) Project of India, National Intelligence Grid (Natgrid) Project of India, Internet Spy System Network And Traffic Analysis System (NETRA) of India, Crime and Criminal Tracking Network and Systems (CCTNS) Project of India, etc have still not been implemented successfully by Indian government.

This raises the pertinent question as to how Indian government would ensure cyber security of smart cities in India. We at Centre of Excellence for Cyber Security Research and Development in India (CECSRDI) believe that Modi government must take cyber security seriously. The cyber security challenges in India would increase further and India must be cyber prepared to protect its cyberspace. CECSRDI believes that the starting point is to draft the cyber security policy of India 2015 as the 2013 policy is highly defective and of little significance. We also believe that a dedicated cyber security law of India is need of the hour. The same must be a techno legal framework keeping in mind contemporary cyber security threats. Further cyber security disclosure norms in India must be formulated by Modi government. The cyber security awareness in India must be further improved so that various stakeholders can contribute significantly to the growth and implementation of cyber security initiatives of Indian government.

Monday, July 20, 2015

Aarushi Murder Case And The Neglected Cyber Forensics Issues

In an in-depth research article by Perry4Law Organisation (P4LO) it has been revealed that the Aarushi murder case reflects poor cyber forensics usage by CBI and defense lawyers. The way investigation and prosecution was conducted in the Aarushi case, it is clear that electronic evidences were not given the importance that they deserved. It was very much possible to ascertain the truth with great certainty if electronic evidences were forensically acquired by CBI and the defense lawyers used the same while examination and cross examination of the prosecution witnesses.

However, the case was decided merely on the basis of circumstantial evidences that also relying upon many presumptions and circumstances. Some of these presumptions and circumstances could have been proved or disproved by using electronic evidence and cyber forensics methods.

Nevertheless, both CBI and defense lawyers neglected the cyber forensics angle and the case was decided by the lower court based upon the version given by CBI. It is not clear what would the fate of this case at the higher court level be as the High Court has to keep in mind many more considerations besides the circumstantial evidences on the basis of which the prosecution case rests.

The logs, details and data from the accessed websites, computer’s hard disk, router’s logs, etc could have provided valuable lead and evidences regarding the case, opines Praveen Dalal, the leading techno legal lawyer of Asia. The digital evidence from all available technology platforms and instruments must have been analysed in depth and they must have been used by the parties to the case for claiming rights and avoiding liabilities, says Dalal.

India has recently announced the digital India initiatives that intend to strengthen e-delivery of services in India. However, along with e-delivery of services, Indian government must also be ready to deal with increased cyber crimes. We have very few initiatives in India that are catering to the requirements of cyber crimes investigation and cyber forensics analysis of the growing cyber crimes and cyber contraventions happening in India. Indian government must ensure modernisation of law enforcement agencies of India as soon as possible along with making them accountable to the Parliament of India.

Tuesday, June 30, 2015

Aadhaar Is The Worst E-Surveillance Instrumentality Abused By Indian Government: Praveen Dalal

This is the guest post of Praveen Dalal elaborating the dangers that Aadhaar project is posing to the democracy and fundamental rights of Indian citizens. The persistent use of Aadhaar by Indian government even at the cost of contempt of court and prohibition by the Supreme Court of India shows that Indian government is well committed to violate the civil liberties of Indian citizens, opines Dalal. In fact, the Digital India project has become the biggest digital panopticon of human history as Indian government has illegally linked the same with the illegal and unconstitutional technology names Aadhaar, says Dalal.

Aadhaar Project was visualised as a public good project but it ended up being a project that is violating various Constitutional and Statutory Provisions. The Constitutional Validity of the Aadhaar Project has been questioned before the Supreme Court of India. In another related case, the Supreme Court of India has held that the Aadhaar cannot be made compulsory for availing Public Services. Similarly, the Supreme Court has also restrained UIDAI from transferring any Biometric Information of any person who has been allotted the Aadhaar number to any other Agency without his consent in writing (PDF).

Just like Congress Government even the BJP Government has declared that it would bring and ensure a Legal Framework for Aadhaar. However, till the writing of this Article, no news about a Legal Framework for Aadhaar is available. As a result the position on the date is that Aadhaar is operating without any Legal Framework and Parliamentary Oversight.

Aadhaar Project in its “Current Form” is suffering from many “Illegalities and Infirmities”. For instance:

(1) Aadhaar has been made “Mandatory and Exclusive” for availing many Public Services in India despite Supreme Court’s Interim Order and Constitutional Prohibitions.

(2) Aadhaar Project is not supported by any Legal Framework and is not subject to “Parliamentary Oversight”.

(3) Aadhaar Project is violating various “Civil Liberties” like Privacy Rights of Indians.

(4) Aadhaar Project is “Grossly Weak” on the fronts of Cyber Security and Data Security.

(5) Aadhaar is not “Full Proof and Tamper Proof” and it can be “Obtained Illegally” and in Wrong Name.

(6) The “Authentication Mechanism” of Aadhaar Project is also faulty and in many cases gives “False Negative Alarms”.

(7) The present Practices and Methods adopted by Indian Government and its Agencies for Biometric Collection of Indians/Residents is Unconstitutional.

(8) Even “Clubbing/Merging” of Biometric Data of Aadhaar and National Population Register (NPR) has “Serious Constitutional Ramifications” and the same should not be done.

(9) Absence of Encryption Policy of India (PDF) to safeguard Biometrics Data, etc.

If we add the “Unaccountable Intelligence Related Exercises” of Indian Government, its Agencies and Foreign Partners like United States, the list is too bulky to be discussed here. Suffice is to say that the Aadhaar Project is suffering from many “Vices and Illegalities”. These include Civil Liberties Violations, Unconstitutional E-Surveillance Issues, Data Security and Cyber Security Issues, Compulsory Nature of Aadhaar, Unaccountable Intelligence Agencies, Foreign E-Surveillance Threats, Telecom Security Issues, Integration with Surveillance projects like NATGRID, Unconstitutional Biometrics Collections, etc.

All these aspects make the Aadhaar Project an Unconstitutional Project that was required to be Scrapped by the Modi Government. Alternatively, all these Constitutional Infirmities and Illegalities were required to be “Eliminated” by the Modi Government before allotting further funds to Aadhaar Project. There cannot be a “Third Option” for the Modi Government and wasting precious “Public Money” on Unconstitutional Project like Aadhaar “Can Never Be Justified” even by the Standards of the “Fancy Words and Empty Promises” made by the Congress and BJP Governments regarding Aadhaar Project.

Not only this, the entire situation has also raised “Serious Questions” about the “Real Intentions” of Indian Government vis-à-vis Aadhaar Project. The “Present Form” of Aadhaar Project and the behaviour of Indian Government regarding Civil Liberties have definitely negated the theory of Welfare Project as projected by both Congress and BJP Government. But if Aadhaar Project is not a Welfare Project what is its purpose and true nature?

In my personal opinion, Aadhaar in its present form has no Welfare Elements attached to it whatsoever but is an “Endemic E-Surveillance Project” that is operating well beyond the Constitutional Protections, Parliamentary Oversight and Judicial Scrutiny. The sole purpose seems to be to club the Biometric Details of Indian Citizens/resident with other “Centralised Databases” like National Intelligence Grid (NATGRID) Project of India, Central Monitoring System (CMS) Project of India, Internet Spy System Network and Traffic Analysis System (NETRA) of India, Crime and Criminal Tracking Network and Systems (CCTNS) Project of India, etc. Gradually, both Biometrics and Non Biometrics based details and data would be clubbed with the DNA Databank of India that Indian Government would definitely go for in the near future.

It is for You to decide whether You wish to give Your Children a “Free and Transparent India” or You wish Your Children to be a Guinea Pig or Lab Rat for Indian E-Surveillance Projects like Aadhaar that are clearly Illegal and Unconstitutional.

Online Gaming And Gambling Websites May Be Legally Risky In India: Perry4Law

India is presently gripped in the euphoria of digital India. This is also a time when many have started exploring the entrepreneurship instead of seeking an employment career. While this is a good move yet entrepreneurship without a legal framework or in derogation of the laws of India is not a thing to be encouraged. One such area where there is a need of urgent laws and regulations is online gaming and online gambling.

Online gaming has created great interest among the gaming stakeholders. India has also witnesses many companies and gaming stakeholders trying to establish their online gaming business. These include launch of online poker and rummy websites, online card games websites, etc. However, in the absence of a holistic and comprehensive regulatory framework in this regard, online card games and online games are still legally risky ventures.

In fact, online card games websites may be legally risky if not properly drafted and managed. Till now the position regarding playing rummy with stakes is not clear and different High Courts have given conflicting judgments in this regard. This has exposed all those who are playing card games with stakes to numerous litigations across the India.

For instance, a majority of online poker and rummy websites are flouting laws of India and they can be punished any time by the government. Perry4Law strongly recommends that till the time Indian Supreme Court or Central Government clarifies the legal position regarding online gaming in India, the online gaming/gambling stakeholders must comply with existing and applicable techno legal requirements of Indian laws.

Unfortunately, this is not happening as on date and online gaming websites are openly flouting the laws of India. They are not at all complying with the cyber law due diligence (PDF) requirements of Indian cyber law.

What is more surprising is the stand of Indian Government in this regard. Indian Government is neither clarifying its stand before the Supreme Court nor is bringing a suitable techno legal legislation to make the regulatory uncertainty clear.

Perry4Law believes that the least various online gaming stakeholders can do is to comply with the maximum possible laws of India. This compliance requirement must consider technological, traditional and commercial laws of India.

Digital India Has Severe Civil Liberties And Cyber Security Issues

We all are systematically, continuously and vigorously brainwashed with daily doses of social media and other forms of publicity regarding the digital India project of Indian government. However, when it comes to critical analysis of the digital India project, they are severely censored in India. Even the facets of digital India like smart cities are suffering from violation of civil liberties issues and facing dangers of inadequate cyber security.

In this guest post, Praveen Dalal has wonderfully analysed the shortcomings of digital India project that must be removed by Indian government. He believes that digital India is biggest panopticon of human race the moment it is clubbed with e-surveillance tool named Aadhaar.

According to Dalal, Digital India is a very ambitious and significant project by Indian Government. However, it is also suffering from some “Shortcomings” that have still not been tackled properly. As a result the Digital India project is heading towards rough waters and may face many legal and technological challenges in the near future.

I would not discuss all these shortcomings in this article but am focusing on a particular problem that has taken the shape of a “Civil Liberties Violations Menace”. Yes I am talking about the E-Surveillance and Eavesdropping aspects of Indian Government projects like Central Monitoring System (CMS), National Intelligence Grid (Natgrid), Internet Spy System Network and Traffic Analysis System (NETRA), National Cyber Coordination Centre (NCCC), etc. To make the matter worst, Indian Government has been postponing Intelligence Agencies Reforms for many decades.

However, nothing can beat the draconian e-surveillance project named Aadhaar that has been designed to take a complete control over the digital lives of Indians. Surprisingly both the Indian Parliament and Supreme Court of India are watching helplessly while the Executive branch has usurped the “Legislative Powers” and literally mocked all sorts of Judicial Review.

Take the example of the interim order (PDF) issues by Supreme Court of India mandating that Aadhaar cannot be made mandatory for availing various public services. Although Central Government has informed the Supreme Court that Aadhaar is not mandatory for availing public services yet it has been made compulsory for almost all the digital and non digital services in India. As a result a wonderful project like Digital India would be heading for rough waters if our Judiciary is even “Remotely Sensitive” to Civil Liberties Violation issues.

This is also not the end of the story. When everything is clubbed with Aadhaar, it gives a complete control to our E-Surveillance loving Government over our digital and non digital lives. There is nothing left to claim Informational Privacy from our own Government. Privacy is our Human Right and not a Government charity and it should not be taken away with direct or indirect methods.

What is most anguishing is the “Deafening Silence” of the Parliament of India and Indian Supreme Court to resolve these issues. Why Parliament has abdicated its “Legislative Powers” in favour of the Executive and why Supreme Court has not taken the Executive stringently cannot be explained with any rationale explanation. However, in the absence of exercise of their “Constitutional Duties” we can safely conclude the “Separation of Powers” under the Indian Constitution has “ceased to exist” in the present and turbulent E-Surveillance era of India.

Monday, March 30, 2015

Online Petition And Survey By CCICI Regarding Cyber Law Due Diligence In India

Interpretation and analysis of the judgment of Supreme Court of India in Shreya Singhal v. Union of India (24th March 2015), Writ Petition (Criminal) No.167 Of 2012 (PDF) has already been started by various cyber law stakeholders of India. Most of them have based their observations upon Section 66A alone leaving aside other sections like Section 69A and Section 79 of the Information Technology Act, 2000.

However, it seems while doing justice to freedom of speech and expression in India, the Supreme Court has erred in reading down Section 79 and Rule 3 of Information Technology (Intermediaries Guidelines) Rules, 2011 (PDF) that pertains to Internet Intermediary liability and observance of cyber law due diligence (PDF) by them. In fact, it has been claimed that Supreme Court has killed cyber law due diligence in India to a great extent.  

Cyber Crimes Investigation Centre of India (CCICI), the premier cyber crime investigation centre of Perry4Law Organisation (P4LO), has been covering these issues from the very beginning. Now CCICI has taken this interpretation and effort to another level by starting an online petition and survey titled “Do We Need a Stronger Cyber Law Due Diligence in India?”

Unfortunately, most of the interpretations and observations regarding the judgment of Supreme Court were directed towards Section 66A alone and the issue of cyber law due diligence was totally ignored. This has serious ramifications for all cyber victims whose locus standi has been taken away by the Supreme Court to approach the Intermediary.

It is of utmost importance that this issue must be discussed in great detail and then taken up before the Supreme Court through a review petition. Similarly, the collective inputs can also be shared with Indian government and Parliament so that they can come up with a more potent and effective cyber law due diligence requirement in India.

If you are a cyber victim or you know a person who has been a cyber victim, please share your views through this petition and review. Your views would shape the cyber law of India and make it more meaningful. If you have ever suffered from harassment over e-mail, SMS, chatting, Social media, etc or you know a person who has been so harassed, then please share your views at the petition/survey page. Collectively let us make a responsible cyber society and culture in India.

Source: Cyber Law Blog.

Saturday, March 28, 2015

Reading Down Of Section 79(3)(b) And Rule 3(4) is More Problem Than Solution: Praveen Dalal

Cyber law jurisprudence is still evolving in India despite the fact that Indian cyber law was enacted almost 15 years back. This is so because Indian Legislature and Executive are not at all comfortable to deal with technology related laws. Techno legal experts have been maintaining that India must establish a techno legal framework to deal with growing cases of cyber crimes and cyber attacks. Nevertheless the position has remained the same and India is still lagging far behind in formulating technology related laws.  

Not only Indian Parliament is not capable of enacting good and effective techno legal laws but it is also very keen in abdicating its duties to Executive. As a result successive Indian governments have used subordinate/delegated legislations to impose draconian and civil liberties violating laws upon Indians. Obviously, the Supreme Court of India is not pleased  to either such draconian laws or to the approach adopted by Indian Executive and Parliament.

Recently Supreme Court held that Aadhaar is not compulsory to avail government services in India. Now Supreme Court has struck down Section 66A of Information Technology Act, 2000 (IT Act 2000) as unconstitutional. The case of Shreya Singhal v. Union of India (24th March 2015), Writ Petition (Criminal) No.167 Of 2012 (PDF) can be analysed for more details in this regard.

However, the judgment is not just about Section 66A but many other sections and rules as well. For instance, Section 79 of IT Act 2000 and Rule 3 of Information Technology (Intermediaries Guidelines) Rules, 2011 have also been analysed by Supreme Court. As the constitutionality of these provisions was challenged, Supreme Court had limited choices. Supreme Court preferred to narrow down these provisions to keep them operational and constitutional. But it has not been realised at what cost this has been done.

According to Praveen Dalal, managing partner of ICT law firm Perry4Law, Supreme Court’s Judgment on Section 66A is a big blow for Cyber Law Due Diligence in India and reading down of Section 79(3) (b) and Rule 3(4) by Supreme Court in the present manner is “Counter Productive” in long run. He has also suggested that Modi Government must urgently bring suitable Amendments in the IT Act 2000 to tackle growing Cyber Threats and Cyber Crimes in India.

Indian cyber law has not been appropriate since its inception. Too much stress is given to suppress civil liberties and enhance e-surveillance. However, it has now reached a stage where immediate steps must be taken to protect civil liberties in cyberspace on the one hand and projects like Digital India on the other. This is also the high time to leave politics and do positive things for Indian masses.

Ed Note: This is the updated version of the article titled “Supreme Court Erred In Reading Down Section 79(3)(b) And Rule 3(4): Praveen Dalal” published by my friend Priyanka Sharma. For reasons unknown it failed to appear at Google News. Hence this updated article has been posted for our readers.


Supreme Court Erred In Reading Down Section 79(3)(b) And Rule 3(4): Praveen Dalal

The judgment of Shreya Singhal v. Union of India (24th March 2015), Writ Petition (Criminal) No.167 Of 2012 (PDF) is not just about Section 66A but many other sections and rules as well. For instance, Section 79 of IT Act 2000 and Rule 3 of Information Technology (Intermediaries Guidelines) Rules, 2011 have also been analysed by Supreme Court.

As the constitutionality of these provisions was challenged, Supreme Court had limited choices. Supreme Court preferred to narrow down these provisions to keep them operational and constitutional. But it has not been realised at what cost this has been done.


Indian cyber law has never been appropriate since its inception. Too much stress is given to suppress civil liberties and enhance e-surveillance. However, it has now reached a stage where immediate steps must be taken to protect civil liberties in cyberspace on the one hand and projects like Digital India on the other. This is also the high time to leave politics and do positive things for Indian masses.

Wednesday, February 25, 2015

Twitter Is Censoring Dissenting Digital India Related Tweets In Real Time

In a surprising disclosure, it has been revealed that Twitter is censoring digital India related dissenting tweets in India. Previously it was revealed that Twitter was censoring tweets pertaining to Aadhaar in similar fashion. In fact, aadhaar is a heavily censored subject in India for long.

Speech and expression in general and civil liberties in cyberspace in particular are under severe attack from none other than our own government.  Praveen Dalal, whose tweets on Digital India are censored on a regular basis, believes that far from digital empowerment, Digital India has become the Biggest Panopticon of Human Race. Any tweet about this “Digital Panopticon of India” is also censored by Twitter almost in “Real Time”.

It is not the purpose of Twitter to be a “Media Agent” of Indian Government and censor tweets that are criticising the Digital India project for its Weaknesses, Illegalities and Unconstitutionalities, suggests Dalal.

All this is happening because Indian Parliament and Supreme Court have failed to curb the growing constitutional violations through illegal and unconstitutional e-surveillance by our Executive. Supreme Court has also failed to declare Aadhaar as unconstitutional and this is the root cause of all troubles in India.

Even United Nations has failed to fulfill its duties in this regard. Human Rights protection in cyberspace must be internationally recognised by the United Nations that it has failed to do so far. Let us hope that good sense would prevail and Indian government would stop abusing civil liberties of Indians.

Thursday, February 12, 2015

Digital Locker Is A Legal Project Based Upon Illegal Technology Named Aadhaar: Praveen Dalal

Modi Government has recently launched a beta version of the digital locker facility. This may be an attempt on the part of the Government to show its progress especially in the direction of fulfilling Digital India dream. However, not everything is smooth and legal in the digital locker project.

On a closer analysis, it becomes apparent that digital locker relies upon illegal and unconstitutional technology popularly known as Aadhaar. Till the time of writing of this article, Aadhaar project is not supported by any legal framework and is clearly violating the civil liberties and fundamental rights of Indian masses.

According to Praveen Dalal, managing partner of Perry4Law Organisation (P4LO) and leading techno legal expert of Asia, there is no doubt about the utility of Digital Locker project as it can save tremendous time, energy and resources. Its users would be spared from the troubles of showing again and again the certificates and documents in question. Further, chances of manipulation and forgery of such documents and certificates would also be lowered.

However, the moment Digital Locker is made dependent upon Aadhaar, it becomes a “Controversial and Unconstitutional” Project. This is more so when Aadhaar is the sole criteria to avail the service that is also in violation of the Supreme Court’s directions (PDF), opines Dalal. In short, Digital Locker Is a Legal Project Based upon Illegal Technology named Aadhaar, concludes Dalal.

As the matter is presently pending before the Supreme Court of India, it would only be wise and constitutionally required to declared Aadhaar project unconstitutional. The truth is that Aadhaar project in its present form has no welfare element but is purely an e-surveillance project that needs to be declared unconstitutional immediately. Neither Aadhaar nor Unique Identification Authority of India (UIDAI) has the legal status that can justify their existence at the expense of scarce financial resources.

Tuesday, January 6, 2015

Perry4Law Sets Trend For Cyber Forensics And Cyber Security Legal Practice Worldwide

Few years back no law firm was wiling to touch areas like cyber law, cyber security, cyber forensics, e-discovery, etc. This was more so in India where intellectual property rights (IPRs) was considered to be the latest field of legal practices. In the year 2002, Perry4Law Organisation (P4LO) came into picture and that changed the entire scenario of legal practice not only in India but also at global level.

P4LO has a very unique and clear vision about techno legal issues and their national and international legal interpretations. Numerous national and international stakeholders have found their dedicated techno legal resources and services very useful. These include online resources on Cyber Law, Cyber Security, Cyber Forensics, E-Discovery, Telecom Laws,  Intellectual Property Rights (IPRs), Corporate Laws, etc. This list of legal fields is just indicative as there are many more techno legal areas where Perry4Law Law Firm and P4LO are providing their techno legal services.

Besides the domain specific and unique techno legal expertise, Perry4law Law Firm and P4LO are also distinct then other law firms in the sense that they take Civil Liberties issues like Privacy, Data Protection and data security very seriously. This is also need of the hour as cyber security obligations of laws firms are increasing world over. Nevertheless, cyber security legal practice in India is still maturing with Perry4Law Law Firm dominating the field.

No Client would be happy if its/his/her confidential and sensitive documents are obtained through cracking/hacking the Law Firm Website or Database, opines Praveen Dalal, managing partner of Perry4Law Law Firm and P4LO and leading techno legal expert of Asia. Perry4Law Law Firm uses the “Best Cyber Security Practices” recommended by International Organisations, informs Dalal.


Clearly P4LO and Perry4Law Law Firm are class apart and world leaders in techno legal services. Other Law Firms of India must also replicate this model of P4LO and start thinking in the direction of providing techno legal services.

Saturday, January 3, 2015

Cyber Security Trends In India 2015 By CECSRDI

Cyber security is a complex field that requires domain specific expertise. As on date we cannot say with certainty that any particular country is fully cyber secure. Different countries have different level of cyber preparedness but India is lagging far behind in cyber security fields.

The cyber security trends and developments of India 2013 (PDF) and Cyber Security Trends and Developments in India 2014 have categorically proved that India is way behind in cyber security field than its western counterparts. Similarly, the cyber law developments in India 2014 are also not very promising.

If we keep in mind the cyber security trends in India 2015 released by CECSRDI, there are many complicated cyber security challenges that are waiting for India in the year 2015. Some of the areas of concern pointed out by CECSRDI are international legal aspects of cyber security, state sponsored cyber attacks, increasing use of malware, cyber espionage, cloud computing adoption in India, mobile security and mobile governance issues, critical infrastructure protection requirements in India, etc.

India has lax and outdated cyber law and there is no dedicated cyber security law in India as on date. In the past Indian government expressed its desire to enact cyber security breach disclosure norms but lack of political will resulted in lapse of that idea.

In short, the cyber security preparedness of India is not up to the mark. On top of it Indian government announced technology driven projects like Digital India and Internet of Things (IoT) (PDF) that also without any cyber crisis management plan of India and establishment of offensive and defensive cyber security capabilities.

It is also expected that malware like Stuxnet, Duqu, Flame, etc would be used more aggressively in the year 2015. These malware are not only stealth but they are also too sophisticated to be detected by India. Let us hope that Indian government would consider cyber security as a top priority area in the year 2015.

Thursday, January 1, 2015

Telecom Trends In India 2014

Perry4Law Organisation (P4LO) is on the forefront of providing various techno legal trends of India since 2006. The latest to add to this list are Cyber Security Trends and Developments in India 2014 and Telecom Related Trends and Development in India 2014. The cyber security trends of India 2014 have also been covered here1 and here2.

In this work, Perry4Law’s Techno Legal Base (PTLB) is providing the summary of the telecom trends of India 2014. The telecom trend of India in the year 2014 witnessed a combination of progressive and regressive steps being taken by Indian Government.

On the progressive side the Telecom Commission of India has allowed satellite based mobile services in India in the year 2014. On the regressive side, the Indian Government has failed to protect civil liberties in cyberspace once again. In fact, telecom operator Vodafone revealed use of secret wires for government e-surveillance and eavesdropping worldwide, including in India.

Indian Department of Telecommunications (DoT) promised to investigate govt snooping allegations of Vodafone but it failed to do so till the end of December 2014. The dangerous central monitoring system (CMS) of India was also activated without any legal framework and Parliamentary oversight.

Similarly, the redundant and outdated telecom related laws remained on the statue book in the year2014. For instance, the telegraph and cyber law of India remained outdated, colonial and draconian in the year 2014. Similarly, encryption related dedicated laws in India are also missing till the end of December 2014.

Further, new lawmaking was also missing in the year 2014. For instance, there is no dedicated laws regarding cell phones and their dealings in India and the same continued till the end of December 2014 as well. In particular, the cell site data location laws in India and privacy issues are still not redressed by Indian Government so far.

India is also one of the countries where phone tapping is possible without any court order/warrant. This is a serious civil liberty violation that continued in the year 2014. A lawful and constitutional interception law in India is urgently needed. Privacy rights in India in the information era (PDF) have still not been recognised by Indian Government.

Overall, the telecom trends of India in the year 2014 were far from satisfactory. Rather they were on the negative side of development that must be taken care of by Indian Government in the year 2015.

Source: Telecom Blog.