Tuesday, December 24, 2013

RBI Says Use Of Bitcoins In India Is Legally Risky

The much awaited public advisory by the Reserve Bank of India (RBI) regarding the legality of Bitcoins in India has been finally released. As per the press release, RBI cautioned users of virtual currencies against risks of use of Bitcoins in India. The advisory of RBI is in conformity with the views expressed by Perry4Law so far.

RBI has warned the users, holders and traders of Virtual currencies (VCs), including Bitcoins, about the potential financial, operational, legal, customer protection and security related risks that they are exposing themselves to.

According to RBI the creation, trading or usage of VCs including Bitcoins, as a medium for payment are not authorised by any central bank or monetary authority. No regulatory approvals, registration or authorisation is stated to have been obtained by the entities concerned for carrying on such activities. As such, they may pose several risks to their users.

RBI also observed that there have been several media reports of the usage of VCs, including Bitcoins, for illicit and illegal activities in several jurisdictions. The absence of information of counterparties in such peer-to-peer anonymous/ pseudonymous systems could subject the users to unintentional breaches of anti-money laundering and combating the financing of terrorism (AML/CFT) laws.

In other words, RBI has said that Bitcoins users and stakeholders are exposing themselves to a wide variety of risks, including the legal risks, while dealing in Bitcoins.

According to Praveen Dalal, leading techno legal expert of Asia and managing partner of ICT law firm Perry4Law, “The dealing in Bitcoins in India is still A “Grey Area” and it is not safe to consider it “Strictly Legal”. Till the time Indian Government or other Regulatory Authorities of India make use and dealing of Bitcoins Legal in India, the use of the same in India is at the own “Legal Risk” of concerned person or Institution”.

It is legally wrong to assume that dealings in Bitcoins in India if strictly legal as individuals and companies have to take care of the cyber law due diligence and Internet intermediary rules compliances. For instance, a platform selling and purchasing or trading in Bitcoins must not only comply with the provisions of Information Technology Act, 2000 but also with laws applicable to online trading and income tax.

The Reserve Bank has also stated that it is presently examining the issues associated with the usage, holding and trading of VCs under the extant legal and regulatory framework of the country, including Foreign Exchange and Payment Systems laws and regulations. The net result of the advisory by RBI is that it has made the position of Bitcoins in India legally risky i.e. unless laws of India are duly complied with, dealings of Bitcoins in India could be punishable under Indian laws.

Monday, December 16, 2013

The Jan Lokpal Bill Is Testing The Legitimacy Of Indian Parliament- Praveen Dalal

No time the legitimacy of Indian Parliament was questioned so much as in the present times. Illegal and unconstitutional projects like Aadhaar are operating without any legal framework and essential laws like Lokpal Bill are still pending enactment. Even the Supreme Court of India has held that Aadhaar card cannot be made compulsory for availing public services in India. But the defective policies of Indian government are still forcing such projects without analysing their long term consequences.

Now legal experts like Praveen Dalal have expressed that Parliament to Retain Its Respect and Legitimacy Must Pass Lokpal and Lokayuktas Act, 2011 today. He also believes that the proposed Lokpal Law must also be supported by a Whistleblowers Protection Law of India.

It is a “Do or Die” situation for both Congress and BJP and they cannot afford to be “Indifferent” any more. Congress and BJP have to show their commitment towards people of India by passing the Lokpal and Lokayuktas Act, 2011 in the Rajya Sabha. Otherwise, the Respect and Legitimacy for Parliament of India and Political Parties like Congress and BJP is in “Real Danger”, opines Dalal.

This sad situation has not arisen on a single day but due to decades of indifference on the part of Indian government and Indian Parliament. Not only this, the very purpose of Parliament of India is in question. What is the Purpose and Use of a Parliament if it cannot pass appropriate and required Laws? Why a tragedy is always needed to wake up Indian Parliament? Do we have Separation of Powers in India any more? Is Indian Government really interested in making CBI Autonomous and Independent?

Anna Hazare is already on fast to get the Jan Lokpal bill passed and his health condition is deteriorating day by day. Indian Parliament cannot afford to postpone the proposed Jan Lokpal bill anymore as people of India are not only angry but their patience is also wearing out.

Parliament Must Pass Lokpal And Lokayuktas Act, 2011 Tomorrow To Retain Its Respect And Legitimacy

This is the Guest Column by Praveen Dalal, Managing Partner of Law Firm Perry4Law and the founder of exclusive Centre for the Protection of Civil Liberties in Cyberspace. In this article he is sharing his views about the proposed Lokpal Bill. The views and opinion given by him are his personal opinion and not that of this platform or Perry4Law.

The Lokpal and Lokayuktas Act 2011 as Passed by Lok Sabha was the first step in the direction of bringing Transparency, Fairness and Lack of Corruption in Government dealings. However, the proposed Law could not see the light of the day till December 2013. Now veteran Leader Anna Hazare has once again raised the issue and he is on fast at the time of writing this article.

Meanwhile many Activists and Social Workers have come to the support of Anna and there is tremendous pressure upon Indian Government and Parliament of India to pass the proposed Law as soon as possible.

I believe that Parliament Must Pass Lokpal and Lokayuktas Act, 2011 tomorrow to Retain Its Respect and Legitimacy. I also believe that the proposed Lokpal Law must also be supported by a Whistleblowers Protection Law of India.

Political Parties have already seen the Power of Vote whose benefit was derived by a new party named Aam Aadmi Party. Now every issue is a “Politically Sensitive Issue” and no Political Party can “Afford to Offend Public Sentiments” regarding Lokpal Law.

Not only this, the very purpose of Parliament of India is in question. What is the Purpose and Use of a Parliament if it cannot pass appropriate and required Laws? Why a tragedy is always needed to wake up Indian Parliament? Do we have Separation of Powers in India any more? Is Indian Government really interested in making CBI Autonomous and Independent?

These are pertinent and controversial questions that need to be answered immediately. The Anti National Steps by Congress Government and their support by Political Party BJP have forced People of India to vote in favour of “Alternative Parties” like Aam Aadmi Party.                                                             

If Congress and BJP are smart enough they must understand the mood of People of India and mend their ways and Policies accordingly. I sincerely wish that the proposed Lokpal and Lokayuktas Act 2011 would be passed by Rajya Sabha tomorrow. I also sincerely wish that Shri. Anna Hazare would break his fast tomorrow for the common good and larger benefits of all. Time has also come to form a National Political Party under his Leadership as we need Good People “Inside the Political System” that needs a Complete Overhaul from inside.

Thursday, December 12, 2013

Tata Teleservices Limited (TTL) And Airtel Are Violating IT Act 2000

What is common between foreign technology companies and websites and their Indian counterparts? The answer is non compliance with Indian laws especially the cyber law of India. Indian telecom companies like Tata Teleservices Limited and Airtel are openly flouting the  cyber law due diligence requirements of India and complaints against them have been filed at Department of Telecommunication (DoT) and Telecom Regulatory Authority of India (TRAI).

The proposed e-mail policy of India has been suggested to decrease the dependence upon foreign e-mail service providers. However, before we do that we must make our own house in order. If companies like Tata Teleservices Limited and Airtel openly disregard the laws of India what respect we can expect from foreign companies.

Indian government has been trying to force companies like Facebook, Google, etc to establish servers in India. Similarly, the Internet telephony and VOIP service providers must establish servers in India very soon. However, isn’t it partiality and adopting double standards on the part of Indian government by putting pressure upon foreign companies and leaving Indian companies untouched?

By not complying with the Information Technology (Intermediaries Guidelines) Rules, 2011 (PDF) companies like Tata Teleservices Limited and Airtel are actually committing cyber crimes and cyber contraventions. As per the Information Technology Act, 2000 both these companies and the defaulting officials are liable to be prosecuted. Even their telecom licences can be suspended/cancelled and fine be imposed by DoT.

When Tata Teleservices Limited and Airtel are least bothered about Indian laws we can never expect compliance from foreign companies. Indian government in general and DoT in particular must take punitive and stringent action against Tata Teleservices Limited and Airtel to set an example before the whole world. Otherwise, we can keep on lamenting about non compliance of Indian laws by national and international companies.

Wednesday, December 4, 2013

Illegal Use Of Bitcoins Increasing And RBI And Indian Government Are Sleeping

The virtual currency known as Bitcoins is increasingly being used in India that also in an unregulated and illegal manner. Although laws and regulations are there that prohibits the use of Bitcoins in India in their present form yet individuals, companies and institutions are openly using the same with great disregard to Indian laws.

Thailand has recently banned use and dealing of Bitcoins in its jurisdictions. According to legal experts, Bitcoins may be specifically regulated in India as well very soon. While the trading of Bitcoins has been suspended in Thailand due to Bank of Thailand advisement (PDF) yet the reserve Bank of India (RBI) is not fulfilling its statutory duties in this regard. As a result Bitcoins are used in India for multiple purposes including conducting medical and surgical abortions in India.      

Many Bitcoins enthusiastics wonder whether use and dealing in Bitcoins legal or illegal in India?  There is no straight forward answer to this question but the legality of Bitcoin in India is in doubts.

According to Praveen Dalal, managing partner of ICT law firm Perry4Law and leading techno legal expert of Asia, the Information Technology Act, 2000 clearly puts Internet Intermediary under Legal Obligations to observe Cyber Law Due Diligence in India and to meet Internet Intermediary Compliance Requirements.

Some Regulatory Guidance regarding Bitcoins can be obtained from the Indian Virtual Currency Schemes issued by RBI but Regulatory Authorities like RBI, Medical Council of India, etc must clearly specify the use and manner of use of digital currencies like Bitcoins for various purposes. Bitcoins, their functionality and legality of use in India is still a “Grey Area” till then, informs Dalal.

Those companies and websites that are accepting Bitcoins in exchange of goods and services are doing it in an illegal manner and they can be prosecuted and punished. It is always better to observe cyber law due diligence before engaging with Bitcoins in India in any manner whatsoever.

Friday, November 15, 2013

Centre Of Excellence For Cyber Crimes Investigation In India

The moment a cyber crime is committed, techno legal efforts to trace the culprit start. However, cyber crime investigation is a complicated process that may involve multiple jurisdictions and cross border organised cyber crimes. Since Internet recognises no boundaries, a cyber crime committed in one jurisdiction may have rippling effects in another jurisdiction. This gives rise to conflict of laws in cyberspace that are difficult to manage.

The framework for cyber crime investigation in India is still developing. In fact, in a Public Interest Litigations (PILs) the Supreme Court of India has issued notice to Centre to seek its views in this regard. Supreme Court was approached to ensure regulations and guidelines for effective investigation of cyber crimes in India.

Like other parts of the world, India is also trying to bridge the gap of skilled cyber workforce and trained law enforcement agencies. However, we have very few cyber crime and cyber security research and development centres in India. Similarly, there are very few cyber law firms in India that are providing legal assistance for cyber crime cases in India.

Perry4Law and Perry4Law’s Techno Legal Base (PTLB) have been working in the direction of spreading public awareness regarding cyber law on the one hand and cyber crimes investigation on the other. PTLB is managing the exclusive techno legal Centre of Excellence for Cyber Crimes Investigation in India.

PTLB is providing the exclusive techno legal cyber crimes investigation training in India for various stakeholders. PTLB is also managing the exclusive techno legal virtual campus for techno legal trainings in India.

Recently a Constitution Bench (PDF) of Supreme Court of India in Lalita Kumari v. Govt Of UP (2013) SC (5J) (PDF) held that police officers are bound to register FIR upon receiving information of commission of a cognizable offence in India. This means that for cognizable offences, as mentioned in the judgment, police officers would be left with no option but to register an FIR unless the case falls in one of the exceptions mentioned by the Supreme Court. Police officers would now be required to register an FIR for various cyber crimes as well and investigate the same promptly.

In this background, the cyber crime investigation has assumed great importance in India as cyber crimes have increasing a lot in India. Cyber crimes like online defamation, hate speech, fake social media profiles, misuse of social media, hacking, defacing of websites, etc require techno legal expertise to solve. With compulsorily filing of FIR police officials would now be required to investigate all these cyber crimes.

However, investigation of these cyber crimes would require techno legal expertise that is presently missing in India. Realising this fact, the Central Bureau of Investigation (CBI) and Serious Fraud Investigation Office (SFIO) are planning to hire contractual services of experts. The suggestions regarding rules pertaining to inspection, inquiry and investigation (SFIO) by Perry4Law (PDF) have already been provided and these suggestions equally apply to cyber crime investigations conducted by law enforcement agencies of India.
                                                                                   
Indian government must consider these issues on a priority basis. Further, techno legal expertise of firms like Perry4Law and institutions like PTLB must also be utilised by Indian government to fullest extent to make cyber crime investigation in India meaningful and effective.

Friday, November 8, 2013

10 Point Legal Framework For Law Enforcement, CBI And Intelligence Agencies In India By Perry4Law

The purpose of legislature is to enact appropriate laws and the same is implemented by the executive branch of the government. However, if legislature fails to fulfill its constitutional duties and executive usurps the powers of legislature, a constitutional deadlock is inevitable.

For too long techno legal experts like Praveen Dalal have been stressing that law enforcement agencies and intelligence agencies of India must not only be regulated through a legal framework but they must also be bound by parliamentary oversight. However, Indian government preferred to keep this crucial aspect under the carpet.

The 10 Point Legal Framework for Law Enforcement and Intelligence Agencies in India by Perry4Law was submitted to Indian government in the past. It is a framework prescribed by Perry4Law in September 2009 to Government of India and the first of its kind in India.

However, the Indian Government failed to act on the same in a timely manner and questions about its intention to make law enforcement agencies like Central Bureau of Investigation (CBI) independent kept on arising.

The Supreme Court of India has even given a deadline to Indian Government to formulate a Law for CBI. Reacting to this deadline, the Indian government has set up a Group of Ministers (GoM) to draft a law for CBI. However, that once again proved to be another time gaining exercise by Indian Government.

In a recent judgment (PDF), the constitution of CBI was held Unconstitutional by Gauhati High Court. The Division Bench of Gauhati High Court has endorsed the views that have been expressed by selective few legal experts of India like Praveen Dalal. According to experts like Praveen Dalal, the decision of Gauhati High Court declaring CBI Unconstitutional is Legally Sustainable.

The Central Government has decided to file an appeal against the order of Gauhati High Court in the Supreme Court of India. However, the task would not be as simple as the Central Government is anticipating as the position taken by the Gauhati High Court is legally tenable.

The Decision Of Gauhati High Court Declaring CBI Unconstitutional Is Legally Sustainable- Praveen Dalal

For too long techno legal experts like Praveen Dalal have been stressing that law enforcement agencies and intelligence agencies of India must not only be regulated through a legal framework but they must also be bound by parliamentary oversight. However, Indian government preferred to keep this crucial aspect under the carpet.

Indian Government did not understand and accept that law enforcement and intelligence work is not an excuse for non accountability. For some strange reasons intelligence infrastructure of India has become synonymous for unaccountability and mess. There is neither any parliamentary oversight nor and transparency and accountability of the working of intelligence agencies of India.

Lawlessness and unreasonableness is guaranteed if there is no accountability. Accountability is absent when there is no legal framework for those managing essential governmental functions challenging the human rights and fundamental rights of the affected persons. Perry4Law has already provided a “10 Point Legal Framework for Law Enforcement and Intelligence Agencies in India” (PDF) to the Government of India in September 2009. However, the Indian government failed to act upon the same and to formulate a techno legal framework accordingly.

The problem with the central bureau of investigation (CBI) is that it has not been constituted under a valid law and till now CBI has been operating through an executive order. Even Indian government was well aware of this dangerous situation and despite that it failed to remedy the situation.

In a recent landmark judgment (PDF), the constitution of CBI was held Unconstitutional by Gauhati High Court. The Division Bench of Gauhati High Court has endorsed the views that have been expressed by selective few legal experts of India like Praveen Dalal.

According to Praveen Dalal, managing partner of law firm Perry4Law and a Supreme Court Lawyer, although almost all have criticised this decision of Gauhati High Court yet it is “neither absurd nor an uncalled one”. Parliamentary Oversight of any Law Enforcement Agency is the “Core Requirement” under Indian Constitution. However, our Intelligence Agencies and many Law Enforcement Agencies, including CBI, are not governed by any sort of Parliamentary Oversight, opines Dalal.

So judged from this legal position, the decision of Gauhati High Court is correct and legally sustainable. Even CBI is well aware of this ground reality. The Draft Central Bureau of Investigation Act, 2010 was suggested by CBI but the same could not see the light of the day. CBI’s case is a political fiasco that has arisen due to the PMO indifference.

Even the Intelligence Services (Powers and Regulation) Bill, 2011 failed to materialise and till now our intelligence agencies are not governed by any law. In fact, intelligence agencies are vehemently opposing the proposed Right to Privacy Bill 2013 so that they remain ungoverned and unaccountable in every possible sense.

India has already launched illegal and unconstitutional projects like Aadhar, central monitoring system, national intelligence grid (Natgrid), etc without any legal framework and parliamentary oversight. Now when we have a chance to bring some sanity among the chaos created by the intelligence infrastructure of India, the intelligence agencies have pulled their sleeves to stall the proposed privacy bill.

There are no Shortcuts to Worth Initiatives and Agencies and in case of CBI the Indian Government preferred the “Shortcut Mode”, says Dalal. The correct procedure was to formulate a Comprehensive and Holistic Legal Framework for the CBI rather than keeping it operational under an Executive Order, opines Dalal. Let us see how the Supreme Court of India would decide in this regard.  

CBI Is An Unconstitutional Agency Says Gauhati High Court


Central bureau of investigation (CBI) is the premier investigation agency of India. It has been managing many high profile cases of India. However, CBI has not been constituted under a valid law and till now CBI has been operating through an executive order.

From time to time many legal experts have asked the Indian government to confer legal status upon CBI through a separate law. However, Indian government failed to do so and now a situation has arisen where the very existence of CBI is in danger.

In a recent landmark judgment (PDF), the constitution of CBI was held Unconstitutional by Gauhati High Court. The Division Bench of Gauhati High Court has endorsed the views that have been expressed by selective few legal experts of India.

According to Praveen Dalal, managing partner of law firm Perry4Law and a Supreme Court Lawyer, although almost all have criticised this decision of Gauhati High Court yet it is “neither absurd nor an uncalled one”. Parliamentary Oversight of any Law Enforcement Agency is the “Core Requirement” under Indian Constitution. However, our Intelligence Agencies and many Law Enforcement Agencies, including CBI, are not governed by any sort of Parliamentary Oversight, opines Dalal.

So judged from this legal position, the decision of Gauhati High Court is correct and legally sustainable. Even CBI is well aware of this ground reality. The Draft Central Bureau of Investigation Act, 2010 was suggested by CBI but the same could not see the light of the day. CBI’s case is a political fiasco that has arisen due to the PMO indifference.

Even the Intelligence Services (Powers and Regulation) Bill, 2011 failed to materialise and till now our intelligence agencies are not governed by any law. In fact, intelligence agencies are vehemently opposing the proposed Right to Privacy Bill 2013 so that they remain ungoverned and unaccountable in every possible sense.

India has already launched illegal and unconstitutional projects like Aadhar, central monitoring system, national intelligence grid (Natgrid), etc without any legal framework and parliamentary oversight. Now when we have a chance to bring some sanity among the chaos created by the intelligence infrastructure of India, the intelligence agencies have pulled their sleeves to stall the proposed privacy bill.

There are no Shortcuts to Worth Initiatives and Agencies and in case of CBI the Indian Government preferred the “Shortcut Mode”, says Dalal. The correct procedure was to formulate a Comprehensive and Holistic Legal Framework for the CBI rather than keeping it operational under an Executive Order, opines Dalal. Let us see how the Supreme Court of India would decide in this regard.

Sunday, September 29, 2013

ICICI Pocket Application May Be Insecure And Violative Of Indian Laws

ICICI’s pocket application/service is an application that allows sending or receiving of money using a Facebook account. Money can be transferred to friends using the application and a redeemable coupon is issued in favour of the transferee friend.

However, doubts have been raised about the legality of such a service and its use in India especially keeping in mind the recent developments in the banking field. Techno legal experts have opined that ICICI’s Facebook application Pockets may be violating Indian cyber and banking laws.  

According to Praveen Dalal, managing partner of New Delhi based ICT law firm Perry4Law and leading techno legal expert of Asia, the Reserve Bank of India (RBI) has recently declared that Risk Management for Card Present Transactions would become operational from 1st October 2013.

Banks that are Negligent in implementing the provisions of the same and other related Notifications by the RBI would be punishable under the provisions of Payment and Settlement Systems Act, 2007 and would also be liable to bear the losses arising out of any Fraud or Illegal Monetary Transactions, informs Dalal.

Presently credit card frauds, ATM frauds and online banking frauds are on rise in India. However, banks are shifting their liability for these frauds and crimes to the victims of these frauds and crimes. Most of the victims are not aware that it is the primary liability of the banks to compensate the victims of such frauds as they have failed to adopt proper cyber security practices.

Before using applications/services like pockets, online users must ascertain the legality and security of the same. No matter howsoever fancy or attractive a service may appear, its consequences must be analysed in advance.

Monday, September 9, 2013

Is Mobile Banking Safe And Cyber Secure In India?

Mobile banking in India is moving towards an acceptance level. However, till now very few people and institutions are comfortable in using mobile banking in India. Mobile banking in India is still not popular according to RBI. There are certain shortcomings of mobile banking in India that are still left unaddressed.

For instance, mobile governance in India is still not well established. M-governance in India is essential before mobile banking can be successfully implemented in India. We have no regulatory framework for m-governance in India. Even the proposed electronic delivery of services bill 2011 of India has failed to provide a mandatory legal framework for electronic delivery of services in India, including for mobile banking. In short, India is still not ready for m-governance and cloud computing especially in the absence of dedicated e-commerce laws in India.

Mobile banking in India is risky due to absence of mobile cyber security in India. Further, online banking system of India is not secure. In the absence of adequate cyber security safeguards, e-banking in India is not safe. The cyber security trends in India 2011 have also proved that Internet banking cyber security in India is in poor shape and it needs to be strengthened. Even data security, privacy and cyber security in Indian banking industry is not satisfactory.

Online banking risks in India are increasing and this is also shaking the confidence of customers in the same. Even RBI has acknowledged risks of e-banking in India. ATM frauds in India are increasing. In fact, Reserve Bank of India (RBI) has recently released the report of its working group on securing card present transaction that covers ATM security and credit card security issues as well. Internet banking risks in India cannot be effectively tackled till we have dedicated Internet banking laws in India.

Although an integrated banking law of India has been proposed yet it may take some years before it is actually enacted. In an interesting development, the RBI removed limits from mobile banking transactions limits in India. This is good for the development of mobile banking in India but is bad for the interests of mobile banking customers who have almost no safeguards against cyber crimes and technology assisted financial frauds happening in the mobile banking field.

The cyber law in India has prescribed cyber law due diligence for various stakeholders. Cyber due diligence for banks in India is just a part of the same. Cyber due diligence for Indian companies including banks operating in India is very stringent. However, Indian banks are not following the guidelines of RBI prescribing mandatory cyber security requirements for banks of India. Further, banks are also liable

Even on the policy front, mobile banking has received a bad response form Indian government. For instance, absence of effective encryption laws in India and non use of robust encryption in India has made the mobile security very weak in India. Instead of making the encryption requirements redundant and weak, India must concentrate upon further strengthening the same for better and secure mobile communications. Governments of most developed countries allow the usage of strong encryption standards ranging from 128 bits to 256 bits or more to ensure the security of sensitive information exchanged via Internet and other networks. However, India is still clinging to 40 bits encryption standards for the simple reason that intelligence and security agencies of India are not capable enough to break strong encryptions.

A weak mobile banking infrastructure would also affect other projects and schemes as well. For instance, recently the Securities and Exchange Board of India (SEBI) has declared about its intentions to introduce electronic initial public offer (E-IPO) in India. This is a good step but E-IPO cannot succeed in the absence of strong mobile banking and Internet banking infrastructure. Online payments mechanisms in India must also be suitable strengthened to make such proposals workable.

India must give these considerations some serious thoughts if it wishes to encash the benefits of technology. Otherwise, concepts like Internet banking and mobile banking are more nuisance than luxury in India.

Sunday, September 1, 2013

E-Commerce In India Would Be Regulated By Comprehensive Guidelines

E-commerce in India is, by and large, unregulated in nature. This is resulting in open violation of the laws of India on the one hand and increasing number of e-commerce frauds on the other hand. Techno legal experts of India have been demanding a comprehensive e-commerce legal framework for India for long.

Finally, Indian government has decided to act upon the suggestions of various techno legal experts. As per media reports, India is mulling formulating a comprehensive guideline to deal with e-commerce.

In fact, the Consumer Affairs Ministry of India has already started working on this and has sought suggestions from other ministries. However, as on date no international level study has been conducted on the subject.

E-commerce dispute resolution in India is another grey are in this field. E-commerce related frauds and crimes have increased significantly and they need to be curbed urgently.

There is a surge of illegal e-commerce ventures in India that are not at all in conformity with Indian laws. As on date, the e-commerce websites dealing with online pharmacies, online gamming and gambling, online selling of adult merchandise, etc are openly and continuously violating the laws of India, especially the cyber law of India.

This move of Indian government is a timely move provided there is some actual work in this direction.

Monday, July 8, 2013

International Trademarks Can Now Be Registered In India

The Trademark registration has gone global and applications for international trade marks would be accepted in India from Monday. This has become possible as India submitted instrument of accession to the Madrid Protocol for international registration of marks in the past and the same has become effective vis-à-vis India from 8th July 2013 says Praveen Dalal, managing partner of New Delhi based IP and ICT law firm Perry4Law.

As a consequence, the Trade Marks Registries in Chennai, Delhi, Mumbai and Kolkata will start receiving applications for international trade marks as per the Madrid Protocol, from July 8.

The trademark registration procedure in India is governed by the Indian Trademark Act, 1999. The convention application under Indian trademark law is governed by section 154(2) of the Trademarks Act 1999 of India.

The International registration of trademarks under Madrid Agreement and Madrid Protocol has attracted the attention of international companies and trademark stakeholders.  However, the Madrid Agreement and Madrid Protocol and its applicability and implementation in India were long due.

This is one of the most important developments in Indian trademark law in recent years, providing a system for obtaining international trade mark protection that is streamlined and potentially very cost-efficient.

Indian Trademark Act and the corresponding Trademark Rules have also been amended to accommodate the requirements of international trademark filing. The international application would confer a wider protection to a trademark and would reduce unnecessary procedural formalities, opines Dalal.

Wednesday, July 3, 2013

The National Cyber Security Policy, 2013 (NCSP) May Face Implementation Hurdles

Indian government has finally released the much awaited national cyber security policy (NSCP), 2013. It took India many years to learn and appreciate the importance of cyber security but still this is a good step in the right direction. The policy is at the infancy stage as its actual implementation is yet to take place.

The policy is a broad outline and it is still lacking on many counts. Cyber security of India must be improved so that Indian cyberspace can be a safe place to do personal and business related online transactions.

According to the exclusive techno legal cyber security research and development centre of India (TLCSRDCI),  the objectives of the NCSP 2013 include creation of a cyber ecosystem in the country, encouraging open standards, strengthening of regulatory framework, securing e-governance services, critical infrastructure protection, promotion of research and development in cyber security, spreading cyber security awareness, providing fiscal benefits to businesses for adoption of standard security practices and processes, developing effective public private partnerships and collaborative engagements through technical and operational cooperation.

All of these objectives require tremendous techno legal cyber security expertise and capabilities. These objectives cannot be achieved overnight and they require systematic, continuous and dedicated efforts on the part of Indian government.

For instance, India has no dedicated cyber security legal framework. It would take Indian government decades before it come up with comprehensive cyber security legislation. Even the present cyber law of India is grossly offensive and is unconstitutional on numerous counts. Experts have even suggested repeal of the same. In these circumstances meeting the regulatory framework objective of the NCSP would be expecting too much from Indian government.

Similarly, the cyber security awareness in India is also missing. Though Indian government has prescribed a requirement to provide cyber security awareness brochures by electronic products vendors, including hardware vendors, yet nobody is following this direction in India. A legislation mandating strict cyber security disclosure norms in India has also been proposed by Indian government but there is no progress on this front as well.

Meanwhile, Indian PMO has sanctioned Rs. 1,000 crore to strengthen Indian cyber security. Indian security agencies are promoting their own cyber security agendas and they are insisting upon indigenously made cyber security software usage in India.

No doubt the NCSP is praiseworthy but the real question is would India be able to achieve the objectives prescribed by the same? Keeping in mind the previous track record of Indian government it would be safe to presume that the national cyber security policy, 2013 (NCSP) may face implementation hurdles in India if the Indian government does not pursue the same in proper and holistic manner.

Thursday, June 20, 2013

Central Monitoring System Of India Launched Without Any Parliamentary Oversight And Legal Framework

The dangerous central monitoring system (CMS) of India has been finally launched as per various media reports. However, till now no confirmed and official report has been provided by Indian government in this regard.

The CMS is an e-surveillance and law enforcement tool in the hand of Indian government and its agencies. However, the entire concept of e-surveillance and projects like CMS is full of controversies. India has no constitutionally sound lawful interception legal framework.

Both phone tapping and e-surveillance are done in India without any judicial intervention and purely at the executive level. Even the law enforcement and intelligence agencies of India are not governed by constitutionally sound legal frameworks.

It is only now that the group of ministers has been constituted to draft law for central bureau of investigation (CBI) to make it autonomous and insulate from executive interference.

This is an alarming situation especially when governments around the world are engaging in limitless and unregulated e-surveillance. This has forced even the United Nations to raise its voice against civil liberties violations by various national governments.

India has been playing with the propose privacy bill for long and there seems to be no intention on the part of Indian government to enact the same. Till Indian government respects the privacy rights and civil liberties of Indian citizens, we must use self defence measures to protect the same.

Saturday, June 8, 2013

Central Monitoring System Of India Is Extremely Dangerous And Violates Civil Liberties

This is the Guest Post of Mr. Praveen Dalal, managing partner of New Delhi based ICT law firm Perry4Law. The post outlines how the Central Monitoring System of India works and why it is dangerous for civil liberties in India.

Much has been discussed about the Central Monitoring System of India. For those who are still wondering what it is all about, the central Monitoring System (CMS) of India is a Big Brother Project of Indian Government without any Legal Framework, Procedural Safeguards and Parliamentary Oversight.

In short, beware as the big Brother is Listening. However, the Big Brother is not only listening but the Big Brother has Exceeded its Limits as well. The “Blanket Implementation” of the central Monitoring System (CMS) Project of India is violation of Civil Liberties in Cyberspace. The CMS Project would be “Illegal and Unconstitutional” if implemented in its “Current Form”.

But the crucial question is how would the CMS Project achieve its task of E-Surveillance in India? The CMS project could eavesdrop on all incoming, outgoing and ISD calls, text, messages, etc and the same can be monitored “At Will and at All Times”.

This would be achieved by passing all forms of Digital Communications through the Centralised System. Consider it to be “Refined Form of Men in the Middle (MITM) Attack” that is capable of knowing everything leaving your Mobile or Computer.

As you have to connect “Through the ISP” for gaining Internet access, you are passing through the MITM System of Indian Government that has been Illegally and Unconstitutionally Established.

ISPs would have no option in this regard as their Telecom Infrastructure would be passing through the CMS System and there would be no need to take their assistance every time the Indian Government wishes to do E-Surveillance or Eavesdropping.

In India there is no requirement to obtain a Court Warrant to engage in E-Surveillance and Eavesdropping. Even the lawful Interception Law in India is also missing. Both the Indian Telegraph Act, 1885 and Indian Information technology Act, 2000 carries many “Unconstitutional Provisions” and “Both Deserve to be Repealed”.

In short, the CMS System is an Illegal and Unconstitutional MITM System that does not require any Court Warrant or Permission to engage in E-Surveillance. CMS Project is another Unconstitutional Project like Aadhaar that has been imposed upon Indian Citizens. The Aadhaar Project has already been questioned in many Indian Courts and CMS Project would be next in line.

India is not only using the FinFisher Malware but the command and Control Servers of FinFisher are also Established in India. Spyware and Malware can be implanted upon the “Targeted Machines” with great ease and with the CMS in place this would be a child’s play. Wake up and fight for your Civil Liberties because if Rights Are Outlawed, Only Outlaws Will Have Rights in India.

Wednesday, May 29, 2013

Indian Government Wishes More Indian Software For Better Cyber Security

There is no second opinion that cyber security in India must be improved. Even Indian government has accepted this proposition and has admitted that it is a late entrant in this field. Indian government has also announced that a cyber command for armed forces of India would also be established.

India has also formulated the cyber security policy that carries many far reaching reforms in the field of cyber security. The policy has stressed upon indigenous development of hardware and software. Even the security agencies of India have been insisting upon using Indian cyber security software for protecting India’s critical infrastructures. Security agencies re also insisting that VoIP services providers wishing to do business in India must establish servers in India.

It has also been suggested that India must launch its own social media websites so that law enforcement problems can be avoided. As cyber litigation against foreign websites in India is going to increase, we must ensure that they comply with Indian laws. But this is not happening and recently U.S. government also refused to serve Indian summons upon foreign websites located in their jurisdiction.

Recently it has been reported that U.S. government is the biggest buyer of malware. Further, it is also a known fact that even the anti virus and security products can be manipulated to install malware upon victim’s system.

Thus, the decision to use Indian security softwares may seem absurd on the face of it but it is a very crucial and relevant decision. Foreign hardware and software may have backdoors installed in them. If we have indigenously manufactured software and hardware, we can analyse the same for backdoors. Let us see how things would take shape from this stage.

NATO’s Tallinn Manual Has Started Raising Objections

Recently the NATO cooperative cyber defence centre of excellence (NATO CCD COE) released a manual titled the Tallinn Manual on the international law applicable to cyber warfare.

The effort is the first of its kind to provide a non binding and unofficial document to provide guidance regarding applicability of international law to cyber warfare activities. However, from the very beginning, cyber security experts have been warning that this document can create real troubles in the global cyberspace.

According to Praveen Dalal, managing partner of ICT law firm Perry4Law and leading techno legal expert of Asia, “The effort is Significant as it is the first Coordinated and Collaborative effort in the direction of tackling the menaced of Cyber Warfare at the International Level. However, this effort of NATO is also “Highly Risky” and “Pre Mature” as “International Consensus” is not an essential part of this effort”.

It seems now others have also endorsed this viewpoint of Praveen Dalal. Now it has been reported that Russia has warned against NATO document as legitimising cyber wars. According to Russian experts, while Russia is trying to prevent militarisation of cyberspace by urging the international community to adopt a code of conduct in this sphere, the United States and its allies are already agreeing the rules for prosecuting cyber warfare.

The “Real Problem” is that we have no “Internationally Acceptable” Cyber Security and Cyber Law Treaty, says Dalal.  In the absence of such “International Harmonisation”, the documents like Tallinn Manual are “More Problem than Solution”, opined Dalal.

NATO must be very cautious while releasing such documents as they may have serious consequences. This may also be seen as a backdoor entry for the rules and regulations prescribed by U.S. that other nations would not found very convincing and binding. 

Thursday, May 16, 2013

The Uncontrolled And Unregulated Organ Transplantation Mafia In India

Organ transplantation mafia of India is working right under the nose of India government that also without any fear or law and punishment. In one such reported incidence, the organ transplantation mafia has crossed all the limits of humanity.

The parents of a girl child have accused that medical workers in India have murdered their daughter to sell her organs to the rich receivers of such organs. They have also claimed that neither the medical staff nor the police have cooperated with them and they have hushed up the matter.

A request to Indian government has also been made to look into the matter and get the matter investigated through central bureau of investigation.

Medical malpractices in India have increased significantly. Whether it is deaths due to clinical trials in India or online selling of medicine by pharmacies in India, nothing is in order.

As far as organ transplantation is concerned, we have the Transplantation of Human Organs Act, 1994. However, the same requires urgent amendments to make it more effective and stringent.

It has failed to deter the organ transplantation mafia of India and sending a dead body to the relatives of an innocent child without crucial organs is a very gruesome act that requires punishment of most stringent nature.

We hope that Indian government would not allow any such incidence to reoccur in future and no parents would find themselves in this unfortunate situation as the unfortunate girl child’s parents are.

They deserve justice and not the one that is presently prevailing in India but an instant and appropriate one.

Tuesday, May 7, 2013

Indian Central Monitoring System: Part II

 The central monitoring system (CMS) of India has reiterated the long claimed notion of civil liberty advocates that the big brother is listening. While this may be tolerable to the extent of genuine law enforcement requirements but a blanket implementation of the central monitoring system (CMS) project of India has proved that the big brother has exceeded its limits.

Civil liberty protection in cyberspace is the cherished mandate of every democratic and constitution abiding government. However, countries around the world are not only ignoring this obligation but are also actively working in the direction of violating the same. Spy software like FinFisher is openly used by governments around the world.

In shocking news, it has been reported that command and control servers for FinFisher were found in 36 countries including India. The malware FinFisher has also tried to hide itself behind genuine software like Mozilla Firefox and Mozilla has issued a cease and desist notice to Gamma International for maliciously using its brand and reputation.  

The central monitoring system (CMS) project of India is one of the most controversial projects about to be launched by Indian government. It the CMS project of India is attached with other controversial projects like Aadhaar; this would be a serious civil liberty fiasco. The Aadhaar project is already questioned in the Indian courts and the CMS project would also face similar fate. The fact is that India must reconcile civil liberties and national security requirements immediately.

According to Praveen Dalal, managing partner of New Delhi based ICT law firm Perry4Law and leading techno legal expert of Asia, The CMS Project of India is a good and ambitious project that is required to manage National Security and Law Enforcement requirements of the country. However, adequate “Procedural Safeguards” must also be established in the System so that it is not abused for political and personal reasons, warns Dalal. The CMS Project would be “Illegal and Unconstitutional” if implemented in its current form, warns Dalal.

India is giving wrong signals to the entire world. In the present circumstances it is not wrong to conclude that India is not only adopting double standards but is also abdicated the rule of law. Further, the draconian cyber law of India must be repealed as piecemeal actions on the part of various activists would not help us in the long run.

The PMO must interfere at this crucial stage and scrap both Aadhaar and CMS projects as soon as possible. Recently U.S refused to sign the treaty that could have regulated Internet in the worst form. U.S. has also refused to serve summons upon Internet companies of U.S. citing constitutional reasons.

India has to mend its ways so that it remains on the side of protection of civil liberties and use e-surveillance in only those cases that are absolutely required.