Wednesday, December 31, 2014

Indian Cyber Security Trends 2014 By Perry4Law Organisation

Cyber security has become a top priority in the present world where technology is used for numerous purposes. From business to government services, everything now depends upon technology. This has raised serious cyber security issues around the world.

India is a late entrant in the cyber security field. As a result Indian cyber security is still at the infancy stage. There is no clear cut picture of cyber security in India. However, the Centre of Excellence for Cyber Security Research and Development in India (CECSRDI) of Perry4Law Organisation (P4LO) has been providing the cyber security trends of India.

For the year 2013, P4LO provided the cyber security trends and developments of India 2013 (PDF). For the year 2014 as well P4LO has released the cyber security trends and developments in India 2014.

The trends document has covered vast areas pertaining to cyber security of India. These include areas like policy and legal framework, national cyber coordination centre, bitcoins, e-commerce websites, cyber security obligations of directors, etc.

For those interested in Indian cyber security, the CECSRDI Twitter account can be a good place to hang out. The account is a good platform to keep oneself updated about Indian and global cyber security related issues.

The cyber security challenges before the Indian government would be tremendous in the year 2015. The international nature of cyber attacks would require a totally different approach towards cyber crimes and cyber security in India. Keeping this in mind, even the cyber law of India would be required to be suitably amended or repealed.

Wednesday, October 29, 2014

E-Judiciary In India Is Needed

India has been experimenting with technology for long. Even a basic level legal framework has been introduced in India in the form of Information Technology Act, 2000 though it requires immediate repeal or amendment. There are many shortcomings of the IT Act 2000 and one of them is non binding nature of e-governance obligations of Indian government. The National E-Governance Plan (NEGP) of India has also failed to meet its objectives and marks. As a result India has failed on the fronts of both e-government and e-governance.

While India is still struggling to deal with basic level technology adoption, the BJP government has announced projects like Digital India and Internet of things (IoT) that rely prominently upon technology. These projects intend to extend the services to general public in the filed like healthcare, education, judicial services etc.

As far as judiciary is concerned, we are still struggling to establish the first e-court of India till October 2014. In these circumstances, achieving the objective of establishing e-judiciary in India is still a distant dream. E-judiciary project of India is also suffering from lack of techno legal expertise to manage the same. For instance, we have a single techno legal e-courts training centre in India. There is urgent need to develop e-courts skills in India so that e-judiciary project can become a reality.

However, it is not the case that no progress has been made in this regard. India judiciary has taken a pro active role to introduce technology for legal and judicial purposes. For instance legal notices can be served through e-mails, e-filing directions has been prescribed by Delhi High Court, marriage registration certificates can be obtained through video conferencing, etc.

If India wishes to achieve her noble objective of providing access to justice to marginalised segment of India, courts automation and digital preservation, much more is required to be done. Mere policy formulation is not going to be helpful and it is the actual implementation that is important. The BJP government must stress upon actual implementation than formulating policies and strategies that remain on paper alone.

Sunday, October 19, 2014

Making Aadhaar Compulsory Is Unconstitutional And Contempt Of Court

Aadhaar initiative was introduced as an optional and enabling technology. With the passage of time, Indian government has made Aadhaar not only compulsory but also an intrusive, privacy violating and mass surveillance instrument. Surprisingly, none of the e-surveillance projects of India have any sort of parliamentary oversight. Aadhaar is also suffering from various vices and constitutional infirmities. This was the reason that the Supreme Court of India declared that Aadhaar cannot be made mandatory (Pdf) for availing services in India.

Aadhaar is also suffering from many other infirmities. For instance, there is no privacy law in India and data protection law in India (pdf) as on date. Aadhaar has also failed to address the concerns of data security, cyber security (PDF) and civil liberties in India. The intelligence agencies of India are operating without any parliamentary oversight and they need urgent reforms in these circumstances.

It is not the case that Indian government is not aware of these issues and circumstances. However, Indian government prefers to keep the things in a state of anarchy and chaos by citing national security and welfare schemes. The truth is that both the concepts of national security and welfare schemes are baseless in India when it comes to blatant violation of civil liberties of Indians.

The only solace is the fact that these issues are presently pending before the Indian Supreme Court to be adjudicated upon. The Supreme Court has already issues interim orders prohibiting the state governments and central government from discriminating on the ground of non availability of Aadhaar number. However, till now these directions have been openly violated by Indian government and various state governments.

This is also a hint of confrontation between the executive and judiciary that is solely provoked by the executive in an illegal and unconstitutional manner. There is little hope that the proposed law in this regard may be enacted very soon, if at all. The only option left in these circumstances is that the Supreme Court of India must declare Aadhaar project illegal and unconstitutional and scrap the same in the larger interest of India.

Saturday, October 18, 2014

Online Poker And Rummy Websites Are Flouting Laws Of India Says Perry4Law

Gambling in India is a complicated legal field as Indian Constitution has conferred the power to make laws regarding gambling to various states of India. While these states are free to make gambling and gaming laws within the parameters of their respective jurisdictions, they cannot encroach upon the territories of other states in this regard.

When Internet and other technologies are used, gambling and gamming assumes the character of online gambling and gaming. This is clearly not allowed as per the constitutional scheme. This is the reason that online gambling in India is a subject for the central government to manage. However, online gambling legal issues in India are not easy to manage.

The issue of legality of online gaming in India is pending before the Supreme Court of India says Praveen Dalal, managing partner of New Delhi based technology law firm Perry4Law. However, the decision of Supreme Court in this regard may not bring a relief to online gaming stakeholders at large. The Supreme Court sought the opinion of Central Government in this regard but the same was not formally provided by the Central Government till now.

The problem with online poker and online rummy websites of India is that a dominant majority of them are not at all following the laws of India and are actually violating the same, informs Dalal. They may be prosecuted very soon as allowing them to operate in an illegal manner would be counterproductive in the long run, opines Dalal.

There has been an increased numbers of arrests and prosecutions of various individuals and companies in India in this regard. For instance, recently the owner of an online betting website for IPL 7 was arrested in Mumbai for allowing betting on his website. Similar arrests have been made by police of Delhi, Ahmedabad, Mumbai, etc. The Central Bureau of Investigation (CBI) has also established a Sports Integrity Unit to investigate illegal sports betting in India.

According to Perry4Law, till the time Indian Supreme Court or central government clarifies the legal position regarding online gaming and gambling in India, the online gaming/gambling stakeholders must comply with existing and applicable techno legal requirements of Indian laws.

Wednesday, September 3, 2014

Online Rummy And Poker Still Legally Risky In India

Rummy and poker are two of the most favourite games played in India. As the economy progressed, technology added its own charm and convenient to the games of rummy and poker. Concepts like online rummy and online poker have emerged in India just like other jurisdictions.

However, India is still following colonial laws regarding gaming and gambling and they are clearly ill suited for the contemporary times. It has become a common practice that Indian laws are improved and modified by Supreme Court of India instead of our Parliament.

Once again the legality of conducting rummy competitions and plays with involvement of cash has reached the Indian Supreme Court. Rummy and poker enthusiastics are happy with this development as they see a ray of hope in this legal development. They believe that this case may finally help in legalising online rummy and online poker in India.

However, legal experts having extensive knowledge about online gaming and gambling are skeptical about such hope and interpretation. According to Praveen Dalal, managing partner of techno legal ICT law firm Perry4Law, online rummy and online poker would still be illegal in India despite Supreme Court’s favourable decision unless those managing these games comply with various techno legal requirements prescribed by Indian laws.

This seems to be logical as well as the Supreme Court of India is presently not hearing about the legality of online rummy or online poker. In fact, online poker is not even in question as the Supreme Court is analysing the issue from the limited perspective of use of cash for playing rummy in India.

Rummy is a game of skill and everybody is aware of this fact in India. However, there is no judicial precedent in favour of online poker as on date that can be applied at the national level and even the Supreme Court is not going to touch the same.

It seems the best option for online rummy and online poker websites of India is to comply with techno legal laws of India rather than blindly relying upon the skills argument that has limited relevance for deciding the legality of online games like rummy and poker.

Sunday, August 31, 2014

E-Commerce Websites Of India Now Under Enforcement Directorate Scanner

E-commerce has attracted great interest of various stakeholders in India. We see lots of innovation and entrepreneurship efforts in the field of e-commerce in India on regular basis. Some of these e-commerce ventures are truly innovative and promising. However, a dominant majority of these e-commerce ventures and websites are flouting the laws of India while conducting their businesses in India.

There is a general misconception that e-commerce in India can be operated without any legal compliances. This is not true as there are various legal requirements that must be complied with in order to run an e-commerce business in a legal manner. According to Perry4Law, a New Delhi based techno legal corporate and ICT law firm, “E-Commerce in India requires compliance with various Statutory Laws of India. The chief among them are the Cyber Law of India, Indian Contract Act, Privacy and Data Protection Regulations, Cyber Security Regulations, Foreign Investments Regulations, etc.”

However, Indian e-commerce websites are not complying with Indian laws and there is an urgent need to suitably regulate Indian e-commerce. Indian government has already started working in this direction and e-commerce business structuring in India may be regulated accordingly. India has also declared that foreign companies and e-commerce portals would be required to register in India and would be required to comply with Indian laws.

There are some areas where e-commerce websites of India are in direct conflict with Indian laws. These include non observation of cyber law due diligence (PDF), e-commerce due diligence and foreign exchange management act (FEMA) compliances. Even Indian government is well aware of these irregularities and illegalities and it waited for long to initiate any action against the guilty e-commerce websites. Now enforcement directorate has started investigation against many e-commerce websites and their owners for possible violation of provisions of FEMA.

According to Praveen Dalal, managing partner of Perry4Law, the legal position is that Foreign Direct Investment (FDI) is not allowed in India for Business to Consumer (B2C) Multi Retail E-Commerce Activities. However, almost all E-Commerce Websites of India have accepted Foreign Funding and utilised them for their E-Commerce Businesses in direct violation of Indian Laws. They have tried to circumvent Indian Laws by showing it as a funding for advertisement and other expenses but this labelling would not change the “True Nature” of the transaction, opines Dalal. Besides, there are other Techno Legal Compliances that these E-Commerce Websites have failed to comply with and these Irregularities and Illegalities would be investigated by Indian Government very soon, informs Dalal.

Now it is for the e-commerce website owners to show that they did not violate any law of India. However, this would be a tall claim as clearly they are on the wrong side of Indian laws.

Thursday, July 3, 2014

India Is A Sitting Duck In Cyber Security Field Says Praveen Dalal

Cyber security has become a nightmare for India. For considerable period of time India ignored cyber security to its own detriment. Now past mistakes are haunting Indian government and India cannot do anything except issuing statements and warnings. However, these statements and warning have no value and impact at all to cyber adversaries across the world.

Cyber security in India is simply beyond the contemplation of our politicians and government. The cyber security challenges in India are tremendous and our government is sleeping over the matter. Other countries are invading Indian cyberspace with no difficulty or challenge at all.

According to Praveen Dalal, managing partner of New Delhi based ICT law firm Perry4Law and CEO of Perry4Law’s Techno Legal Base (PTLB), India is a Sitting Duck in the Cyberspace and Civil Liberties Protection Regime. Malware like Stuxnet, Duqu, Flame, Uroburos/Snake, Blackshades, FinFisher, Gameover Zeus (GOZ), etc cannot be tackled by India due to lack of Offensive and Defensive Cyber Security Capabilities. Cyber Security Breaches are increasing World over and India must be “Cyber Prepared” to deal with the same. The Cyber Security Challenges before the Narendra Modi Government are not easy to manage and Indian Cyberspace must be protected on a “Priority Basis”.

Governments ranging from Congress to Bharatiya Janata Party (BJP) have done nothing to improve the privacy laws in India and cyber security of India. Even the Narendra Modi lead government has done nothing except summoning of few officials of United States for blatant violation of privacy rights of Indians and invading Indian cyberspace.

In these circumstances it would not be wrong to declare that India is a sitting duck in the field of cyber security. These days cyber security is an integral part of national security as well. The national security policy of India must also incorporate cyber security as an essential component. Only time would tell whether Modi government would be successful in bringing privacy rights to Indians and meeting the cyber security challenges of India.

Saturday, June 21, 2014

E-Health Laws And Regulations In India Needed Opines Law Firm Perry4Law

This is the research article of New Delhi based ICT law firm Perry4Law. It is covering many crucial areas pertaining to use of information and communication technology (ICT) for providing healthcare related services in India. However, like any service, e-health services in India depend upon compliance of certain Indian laws that is missing as on date. Similar is the case regarding m-health that is the upcoming field in this regard.

Information and communication technology (ICT) has streamlined the way medical services and para medical services are provided world over. E-health and telemedicine are examples of use of ICT for medical purposes.

However, when technology is used for medical purposes, it gives rise to medico legal and techno legal issues. In United States, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Health Information Technology for Economic and Clinical Health Act (HITECH Act), etc are some of the laws that take care of medico legal and techno legal issues of e-health and telemedicine.

On the contrary, we have no dedicated e-health and telemedicine laws in India. Even essential attributes of these laws like privacy protection, data protection (PDF), data security, cyber security, confidentiality maintenance, etc are not governed by much needed dedicated laws.

However, numerous statues carry individual provisions that may be applicable to e-health and telemedicine activities in India. For instance, the e-governance and e-commerce related aspects of e-health and tele medicine may be governed by the Information Technology Act, 2000 (IT Act 2000) that is the cyber law of India. All electronic contraventions and violations pertaining to e-health and tele medicine can be regulated b the IT Act 2000.

Similarly, privacy and data protection aspects (PDF) in cyberspace pertaining to e-health are also governed by the IT Act 20000. Further, the Supreme Court of India has interpreted Article 21 of Indian Constitution as conferring a right to privacy upon all persons in India. Even in some cases the Supreme Court of India has held that patients have a right to privacy to protect their health related information except where non disclosure of such information is violating fundamental rights of others and is against public interest and public policy.

Even data security and cyber security aspects have been covered by the IT Act 2000 to some extent. The real problem is that these provisions that protect privacy, data protection, data security, etc are piecemeal efforts and they are not serving the purposes as required.

We need to have dedicated e-health laws and regulations in India that are presently missing. The sooner these e-health laws and regulations are formulated in India the better it would be for the larger interest of medical community and patients in India.

Unregulated M-Health Activities May Be Health Hazard In India

Technology is assisting in making affordable healthcare services available to the residents of even the most remote corners of a territory. Technology has the potential to tackle the healthcare related problems of India as well. However, regulatory and legal issues must be kept in mind while using technology for healthcare related services in India.

For instance, most of the m-health service providers in India are violating Indian laws and there may be legal actions against them very soon. However, the biggest nuisance creators are online pharmacies providers of India that are operating without any legal compliance. Some of the areas where the m-health service providers are not observing Indian laws are privacy protection, data protection (PDF), cyber law due diligence (PDF), encryption regulations, cloud computing regulations, etc.

Similarly, medical devices must be thoroughly scrutinised to rule out any possible legal violation in India. The legal risks for developer and owners of food, healthcare and medicine related websites cannot be ignored. Mobile medical devices and handsets and their respective applications must also be in strict conformity with Indian laws. Medical device makers, software providers and medical fraternity of India must also keep in mind the encryption laws of India and cloud computing related compliances of India.

According to experts, dedicated m-health laws and regulations in India are urgently needed to prevent m-health related legal violations. In India, e-health and m-health related legal framework is missing. For instance, e-health in India is facing legal roadblocks. Till now we do not have any dedicated e-health laws and regulations in India. The legal enablement of e-health in India is urgently required. Naturally, dedicated m-health laws and regulations in India are also missing and different laws apply to m-health related issues in India. Telemedicine and online pharmacies laws in India and their legal implications and liabilities are also unknown to various m-health professionals.

In United States, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Health Information Technology for Economic and Clinical Health Act (HITECH Act), etc are some of the laws that take care of medico legal and techno legal issues of e-health and telemedicine. India also needs laws like HIPPA and other similar laws that can regulate m-health related issues in India. Otherwise, unregulated m-health activities may be a great health hazard in India.

Saturday, June 14, 2014

Centre Plans To Scrap Aadhaar Project As Per Experts Suggestions

It is really unfortunate how political consideration overweight the national interest of India. The Congress led government has taken many steps and launched many projects that were clearly illegal in nature. Despite warnings from legal experts, the Congress led government kept on pushing those projects at the cost of Indian exchequer and civil liberties.

It seems the Congress led government was pursuing a secret agenda in a desperate attempt to regain the power at the centre. However, those efforts of Congress failed miserably and the BJP led government came with a clear majority. The natural question that has arisen is whether Modi government would “simply step into the shoes of Congress” or actually protect the Constitutional Rights of Indian Citizens, opines Praveen Dalal, managing partner of New Delhi based ICT law firm Perry4Law and leading techno legal expert of Asia.  

One such unconstitutional project of Congress led government is Aadhaar that should not have been started at all. The problem with aadhaar project is that it was never implemented in a legal and constitutional manner. However, there were very few individuals who raised their voices against this illegal project.

One of the early, stern and incessant opposers of the Aadhaar project is Praveen Dalal who was the first one to demand for scrapping of Aadhaar project in the year 2010. Dalal claimed that the UIDAI must not use public funds till provisions regarding the same are incorporated in the law to be formulated by Parliament of India. He still believes that Aadhaar project must be scrapped till a constitutional law supporting the project is in place as it is a fraud against the constitution.

According to Dalal, “The Aadhaar Project is the most “Obnoxious” and “Evil” Project that Indian Government has been pursuing till now. In my personal opinion, the very foundation of Aadhaar Project is based upon “Lies and Deception” and this Project should have been “Scrapped” long before. However, the previous Government not only deliberately kept this “Illegal and Unconstitutional Project” alive but also wasted crore of “Hard Earned Public Money” on a Project that is clearly Illegal and Unconstitutional. Narendra Modi “Must Scrap Aadhaar Project” as well along with the Cabinet Committee on UIDAI, recommends Dalal.

Fortunately, the Constitutional Validity of Aadhaar Project has been questioned in the High Courts and Supreme Court of India. The Supreme Court has even held that Aadhaar Card/Number cannot be made mandatory for availing public services in India. The Supreme Court has also prohibited UIDAI from sharing biometric data with Indian Government Agencies without data owner’s consent. Even a Parliamentary Committed rejected the proposed National Identification Authority of India Bill 2010 finding it “Inadequate and Unsuitable”, informs Dalal.

Fortunately, the Modi led government has considered the suggestions of experts like Dalal and it is now considering scrapping the Aadhaar project altogether. The intent of the Modi led government to take such a move was apparent when Prime Minister Modi decided to discontinue the previous government’s Cabinet committee on the Unique Identification Authority of India.

“As the UIDAI has no legal backing, a decision would soon be taken to scrap it and in its place the entire exercise would be handed over to the NPR, which will not only provide Unique ID number to a person but also establish bonafide citizenship," sources said. However, the NPR exercise has its own “Demerits and Constitutional Issues” and they must be resolved first, warns Dalal.

Monday, June 9, 2014

Mandatory Or Effective Legal Framework For E-Governance Is Needed In India Says Praveen Dalal

E-governance cannot be attained till policy level changes are made in India. We have no dedicated e-governance law in India and some provisions pertaining to e-governance have been incorporated in the Information Technology Act, 2000 (IT Act 2000). However, these provisions are not only defective but they are grossly inadequate according to Praveen Dalal, Managing Partner of Perry4Law and the Leading Techno-Legal Expert of India.

Dalal believes that India needs to repeal the IT Act, 2000 and enact appropriate and dedicated laws pertaining to ecommerce, e-governance, cyber law, cyber security, cyber forensics, telegraph and other similar fields. Presently all these areas have been stuffed into a single law known as IT Act, 2000. This has resulted in lack of a specialised legal framework for all these fields.

Even the Department of Telecommunication (DoT) believes that the IT Act 2000 must be replaced by a more suitable law. This seems to be in conformity with the suggestions of Dalal regarding repeal of Telegraph and Cyber Law of India.

As far as e-governance is concerned, we have no legal framework that requires mandatory e-governance services in India. As a result Indian government departments have nothing to loose even if they deliberately fail to comply with e-governance requirements suggests Dalal. For instance, most of the e-governance projects of India under the national e-governance plan (NEGP) are still in the pipeline despite the deadline being passed long before. This is despite the fact that thousand of crores of public money has already been utilised for e-governance projects of India but without any constructive and practical results.

This is happening because although the IT Act 2000 carries provisions pertaining to e-governance services in India yet they are “non mandatory” in nature. This has resulted in a poor e-governance services delivery in India. Till now we have no legal framework that mandates that citizens and organisations can claim e-governance as a matter of right, informs Dalal. There are many reasons for the failure of e-governance projects of India and an effective, time bound and accountable implementation alone can make Indian e-governance initiative successful, suggests Dalal.

Further, the scope of NEGP is very wide covering almost all aspects of governance - right from delivery of services and provision of information to business process re-engineering within the different levels of government and its institutions. It is essential that NEGP is implemented, monitored and regulated through a legal framework so that it is no more just a plan but reality. For instance, access to justice for marginalised people in India cannot be a reality till e-courts and online dispute resolution (ODR) are suitably and urgently introduced in India. Till June 2014 we are still waiting for the establishment of first e-court in India.

According to Dalal while implementing the NEGP, various structural and institutional issues have already arisen which clearly call for a statutory mandate for their resolution. The purpose would be to give statutory mandate to the institutional entities, setting up of a separate fund, defining responsibilities and providing for time frames and oversight mechanisms. According to Perry4Law, this legislation may, inter alia, contain provisions regarding the following:

(a) Definition of e-governance in the Indian context, its objectives and role,

(b) Coordination and oversight mechanisms, support structures at various levels, their functions and responsibilities,

(c) Role, functions and responsibilities of government organisations at various levels,

(d) Mechanism for financial arrangements including public-private partnership,

(e) Specifying the requirements of a strategic control framework for e-government projects dealing with statutory and sovereign functions of the government,

(f) Responsibility for selection and adoption of standards and inter-operability framework,

(g) Framework for cyber security, privacy protection, data security and data protection etc,

(h) Parliamentary oversight mechanism, and

(i) Mechanism for co-ordination between government organisations at Union and State levels.

The “hands off model” regarding e-governance in India has proved to be a big failure and a mandatory e-governance legal framework alone can bring successful e-governance services in India in the absence of a transparent and accountable government system, opines Dalal.

Sunday, June 8, 2014

Mandatory E-Governance Services In India Are Urgently Needed

This is the updated article of my previous post about the need to have a mandatory e-governance legal framework in India. There are many reasons why e-governance in India has miserably failed. According to legal experts, the “hands off model” regarding e-governance in India has proved to be a big failure. They believe that a mandatory e-governance legal framework alone can bring successful e-governance services in India in the absence of a transparent and accountable government system.

Legal framework for mandatory e-governance services in India is long due. If we make e-governance service optional or discretionary, the whole purpose would be defeated. This is the reason why we need time bound and accountable e-governance based public services in India. Keeping this objective in mind, the central government formulated the draft electronic delivery of services bill 2011 (EDS Bill 2011). The EDS Bill 2011 intends to provide delivery of government services to all citizens by electronic means by phasing out of manual delivery of services delivered by the government including matters connected therewith or incidental thereto.

The Bill if made a law would require complete overhaul of the present e-governance infrastructure and services delivery mechanism of Indian government. However, the real problem with Indian e-governance initiative is that legal framework for mandatory electronic delivery of services in India is missing, says Praveen Dalal, Supreme Court lawyers and Managing Partner of India’s exclusive techno legal law firm Perry4Law.

Till now there was no provision under which citizens could ask for mandatory electronic delivery of services by the government. After the Bill becomes an enforceable law, the Indian Government may be under an obligation to mandatorily provide electronic services to its citizens, opines Dalal.

It is obvious that Indian e-governance services cannot be successful till there is a mandatory compliance requirement attached to them. Alternatively, the administrative system of Indian government must be streamlined so that they voluntarily adopt and implement e-governance projects that have been avoided so far.

Friday, June 6, 2014

Can Narendra Modi Government Ensure Privacy To Indians?

Privacy is a sacrosanct civil liberty that no nation can take it for granted. Yet most of the nations, including India, have been taking privacy for a ride. Till date we have no dedicated privacy law in India and this has made Indian citizens vulnerable to various forms of civil liberties violations in both online and offline worlds. To add further miseries to this situation we have draconian laws like telegraph and cyber law that deserve immediate repeal.

India’s love for e-surveillance is also well known. We have unconstitutional projects like central monitoring system and Netra that are operating in India without any procedural safeguards and parliamentary oversight. The latest to add to this list would be the national intelligence grid (Natgrid) project that has been taken up once again by Narendra Modi’s government. However, Natgrid project is a useful project as well provided it is made accountable to parliament of India.

Modi government needs to understand well the importance of civil liberties in cyberspace like privacy right, speech and expression right, etc. The government must also understand that privacy rights in the information era require a mature and well reasoned approach. It has to do what no other Indian government has done so far. Modi’s government would be required to formulate an e-surveillance policy of India that incorporate various issue in a holistic and comprehensive manner.

There is no doubt that big brother in India has been listening and watching for long but while doing so it must not exceed its limits. Unfortunately, the big brother has been transgressing upon all constitutional rights and procedural safeguards till now. Vodafone has also confirmed that governments across the world, including Indian government, have forced it and other telecom companies to install secret wires for e-surveillance purposes.

This is really unfortunate as our own government is violating our civil liberties that it was supposed to protect. According to privacy advocates, the digital life of Indian citizens is not at all safe and is open to various forms of e-surveillance and eavesdropping. In the absence of support form Indian Government, self defence is the only viable option left before Indian citizens to safeguard their digital lives. Let us hope that the Modi government would not force its citizens to adopt self defence measures.

Natgrid Must Be An Accountable Project Says Praveen Dalal

Even after more than 5 years of launch of the Natgrid project of India, the same has remained a non starter only. Despite spending many crore upon this crucial project, it has remained a failure only. There is no doubt that the successful implementation of Natgrid project depends upon numerous factors that are techno legal in nature. According to experts in this field, the Natgrid project of India needs techno legal implementation to be successful. Till now the Natgrid project has failed to address both technological and legal issues pertaining to the project.

Media reports have confirmed that Raghu Raman, the former CEO of Natgrid, would not be able to continue with the project as his contractual term has come to an end. Indian government is considering a new CEO for the Natgrid project. Obviously, the policies regarding Natgrid would also change and so would be its implementation strategy.

So what are the factors that have resulted in the failure of Natgrid project of India?  According to Praveen Dalal, managing partner of New Delhi based law firm Perry4Law and leading techno legal expert of Asia, NATGRID is an essential requirement for robust and effective intelligence agencies and law enforcement functions in India. The only requirement is to ensure that its abuses can be anticipated, prevented and remedied.

However, NATGRID cannot survive in the absence of “Political Will” to make it an effective and responsible tool. With the benefits of NATGRID come the issues of accountability and fairness in its operation. India must formulate adequate “Safeguards” before making NATGRID functional. The NATGRID project must not die like the other projects handled by India from time to time, opines Dalal. It seems the Natgrid project lacked all these attribute and this is the reason why it failed.

Lack of accountability and transparency are also responsible for poor intelligence related project implementations in India. According to Dalal “the Intelligence Agencies of India Need Parliamentary Oversight and the Intelligence Infrastructure of India needs Transparency and Strengthening. There should not be any “Legal Immunity” to Intelligence Agencies of India in the absence of Parliamentary Oversight and the system of “Using Executive Orders” to confer “Legitimacy” upon Intelligence Agencies must be abandoned as soon as possible by the Government.

There are crucial policy and legal issues of Natgrid project that previous government failed to notice. In fact, from the working of the previous government it is clear that it never wished to confer any legitimacy to law enforcement and intelligence agencies of India. This must be avoided by the BJP led government. 

As per the current home ministry’s  proposal, Natgrid will connect data providing organisations and users besides developing a legal structure through which information can be accessed by the law enforcement agencies. So there are some hints towards making Natgrid accountable towards Indian parliament. But only time will tell how Natgrid project would be handled by the new government.

Sunday, June 1, 2014

Congress Unhappy Over Misra’s Ordinance But Would Not Challenge It In Parliament

The ordinance pertaining to appointment of Nripendra Misra as Principal Secretary in the Prime Minister’s Office (PMO) witnessed some heated debate between various politicians. However, the constitutionality of this ordinance has still not been discussed by media or any political party so far. So the natural question that arises is whether the appointment of Nripendra Misra by Narendra Modi government is constitutional or not?

There is little debate in the media circles and political parties regarding the constitutionality of the ordinance in question. However, according to Praveen Dalal, partner at New Delhi based ICT law firm Perry4Law, “Prima facie this Ordinance has been promulgated in conformity with the Constitutional requirements and there are little reasons to agitate against the same. However, the allegations of “Political Impropriety” cannot be ignored in these circumstances”.

“The only thing that remains to be seen is what “Potential Benefits” the appointment of Mr. Misra would bring in these circumstances. Nevertheless, no “Constitutional Infirmity or Illegality” can be attributed to this Ordinance as on date”, opines Dalal.

This may also be the legal position as the Congress party is not challenging the legality or constitutionality of this ordinance. According to media reports, although the Congress party is “unhappy” with the ordinance to appoint Misra yet it is unlikely to vote against it in Parliament. This is also the most appropriate reaction and approach of Congress towards this issue as the capabilities of Misra is not in dispute.

The main contention of Congress is that the BJP, when in the opposition, had opposed several ordinances of the Congress-led government. Even so, it is not likely to oppose the ordinance when this comes for ratification before Parliament next week.

Monday, May 26, 2014

Union Home Ministry Officials Dropped NCTC From Project List Due To Fear Of Modi

Prime Minister designate Narendra Modi has asked bureaucrats in various government departments to apprise him of the status of various pending projects, their progress and problems and what projects are required to be taken forward for implementation. All bureaucrats are busy in making presentations to be made to Modi.

However, what is the use of such reporting if it is not based upon fair, fearless and honest grounds. For instance, the Department of Telecommunication (DoT) has listed the projects that were blatantly ignored by it in the past. Now home ministry officials have released a list of areas and projects that must be carried forward by the home ministry.

Surprisingly, the home ministry officials have dropped the reference of National Counter Terrorism Centre of India (NCTC) at all. It is learnt that they have done this because Prime Minister-elect Narendra Modi had been at loggerheads with the UPA government when he was Gujarat chief minister. Is this a valid reason to drop a project in a democratic country like India?

According to Praveen Dalal, managing partner of New Delhi based ICT law firm Perry4Law “This is a highly unfortunate situation. No project should be dropped simply because Mr. Narendra Modi has disliked the same in the past. It is the constitutional duty of bureaucrats to suggest inclusion of projects of National Importance keeping aside their own biases, prejudices or fears. If they simply drop a worth project like NCTC on the basis that Mr. Modi disliked it in the past nothing is more embarrassing and unfortunate than such an approach”.

“Even if Mr. Modi is averse to NCTC as on date, the bureaucrats must suggest the same. Of course, if there are some other issues, besides personal preferences or dislikes of Mr. Modi, they must be openly and frankly communicated to Mr. Modi and let him decide ultimately”. The NCTC of India must be constituted on a priority basis as it is need of the hour, opines Dalal.

Fortunately, the National Intelligence Grid (Natgrid) has found a mention in the proposed list. However, Natgrid is also facing many problems and this has made it non operational. The fact is that intelligence infrastructure has been plagued by administrative lapses and legal irregularities. Modernisation of law enforcement and intelligence agencies is need of the hour.

The chief opposition of Modi against NCTC was that he considered it to be a poorly conceived idea that tinkers with age-old existing systems. He believed that rather than strengthening our anti terrorism fight it will do irreparable loss to our internal security apparatus. Although time has drastically changed since then but our bureaucrats have given preference to their Modi’s fear over national interest and anti terrorism fight.

Sunday, May 25, 2014

Indian Department Of Telecom (DoT) Projects The Ignored Areas As Priorities Now

Facing tremendous pressure from the future Prime Minister of India, the Department of Telecom (DoT) of India has marked the priority areas. Surprisingly, these areas are the same that have been deliberately avoided and ignored by DoT for so many years.  Is this adoption of double standards on the part of DoT or a sincere effort to remove the inadequacies of Indian telecom sector is still to be seen.

The present working and policy decisions of the DoT have put the cyber security of India in a precarious situation. There are many cyber security challenges that the Narendra Modi government would be required to deal with simply because DoT and previous government failed to take effective steps in this direction.

According to Praveen Dalal, managing partner of New Delhi based ICT law firm Perry4Law and leading techno legal expert of Asia, “Cyber Security of India needs a “Ground Level Overhaul” as it has been ignored in India for decades. Even on the legislation front, India has failed to do the needful. For instance, we need to repeal the laws like Information Technology Act, 2000 (IT Act 2000), Indian Telegraph Act, 1885, etc but for some strange reasons our bureaucrats and Indian government kept them intact”.

“I have been suggesting these recourses for the past five years but till now nothing concrete has happened in this regard. Similarly, crucial laws are absent from Indian statute books. These include law regarding privacy, data protection (PDF), telecom security, encryption, cloud computing, etc, informs Dalal”.

Surprisingly, now DoT believes that introduction of new laws and norms, including the communication bill to replace century-old Indian Telegraph Act, security of networks, and infrastructure must be the priority areas for the new government. DoT has even listed top 10 priority areas for the sector with the Cabinet Secretary. The Cabinet Secretary has asked all the departments to keep a presentation ready for appraising the new Prime Minister of achievements as well as failures of the outgoing government and steps the departments would like to take in order to boost the growth.

The DoT’s list include introduction of Communication Bill that will replace over century old Indian Telegraph Act, 1885, as well as Indian Wireless Telegraphy Act 1933, TRAI Act 1997, Cable TV Network (Regulation) Act 1995, IT Act 2000, official sources said. An internal committee of DoT has already recommended providing telecom, cable and broadcasting services by a single company and paying for the services though a common bill.

Apart from this, DoT has listed six major incomplete projects, including Rs 20,000-crore National Optical Fibre Network (NOFN) project aimed to provide high speed broadband services across all 2.5 lakh panchayats in the country along with Wi-Fi services that were started by the outgoing UPA government.

DoT has said that there is a need to further amend telecom licences for facilitating growth”. There is a need to separate network licensing from services licensing and ease barriers to entry and exit for telecom players. The new government should work on implementation of full Unified Licensing Regime”, an official source said.

Amid growing cyber espionage threat, DoT has listed security of communication network in the agenda. The department said there is a need for “comprehensive plan for telecom security, including creation of testing facilities for integrity of communications network”. At present, India does not have any security testing facility for telecom equipment to detect complex malware. DoT has also listed need to strengthen mobile services in border area, dedicated communication network for defence forces as part of communication security.

Saturday, May 24, 2014

Ebay Plans To Boost Its Cyber Security Amid Threats Of Global Legal Actions

The computer systems of eBay were recently attacked and compromised by unknown hackers. Ebay initially downsized the incidence and its impact by stressing upon mere password change. However, things are not as casual and easy as Ebay has considered. Three U.S. States are investigating whether Ebay’s has committed any wrong by not reporting the matter in a timely manner.

In short, Ebay is under investigation to ascertain the effectiveness of its cyber security practices. This is not the first case of this type and this certainly would not be the last of its kind as well. For instance, Target Corporation was also cyber attacked in the past and as a result of that Target Corporation faced litigation threats around the world. Now EBay is also facing similar litigation threats.

There seems to some very serious policy level lapses in U.S. that is allowing the companies to go away with legal consequences. However, this would not help these U.S. companies in other jurisdictions and they are vulnerable to diverse forms of legal actions there.

According to New Delhi based ICT law firm Perry4Law, “U.S. companies cannot hide behind the veil of conflict of laws in cyberspace anymore. No company can know this much better than Google who is facing online defamation case in India and has to comply with the right to be forgotten in Europe. Now the Luxembourg and U.K. data-protection authorities may probe EBay regarding the cyber-attack that exposed passwords and personal information of consumers around the world, including India. Even Indian regulatory authorities may initiative an investigation against EBay to ensure that privacy rights and data of Indian citizens may not have been violated during the cyber breach”.

Now Ebay has decided to streamline its cyber security. However, this would not be enough as the damage has already been done. U.S. needs to set an example by investigating and challenging the cyber security practices of U.S. companies. Till big corporations are forced to follow the norms there would not be any change.

Indian government must also introduce cyber security disclosure norms as soon as possible as Indian cyber security is in a bad shape. As the cyber security breaches are increasing world over, India cannot afford to keep its cyber security lax.

Wednesday, April 9, 2014

Online Pharmacies In India Under Scrutiny

Online pharmacies in India are operating in an unregulated manner for long. This has created a serious risk environment for many individuals who prefer to purchase a medicine from an online pharmacy. There is nothing wrong in purchasing a medicine from an online pharmacy provided the pharmacy is legitimate and is in compliance with all the applicable laws pertaining to healthcare.

Internet is full of illegal and unregulated online pharmacy websites. These websites are real health hazard but these websites are also very difficult to regulate as they operate from jurisdictions with low prosecution rates. India is one such jurisdiction that is high on tolerance of illegal online pharmacies. Healthcare technology law and regulations in India need to be strictly enforced in India.

In India we have set laws for opening an online pharmacy store in India. Even the Ayurvedic and Nutraceuticals e-businesses are required to comply with Indian laws to operate legally. Health, food and medicine related legal compliances in India have become really stringent. A good compilation of food, health, cosmetics, drugs, medicines and nutraceutical laws, rules and regulations in India has been provided by New Delhi based law firm Perry4Law.

However, online pharmacies in India are not at all complying with the legal requirements pertaining to their operation in India. Rather they are actively violating the laws of India in this regard. Illegal and unregulated online sale of prescribed medicines in India is still happening despite the threat of the Directorate of Drugs Control of India to punish such illegal pharmacies.

Recently, United States shut down 1677 illegal online pharmacies websites that were not in compliance with US laws. Illegal online pharmacies are also on hit list of Google and federal authorities of US. Even in India some developments have taken place in the direction of curbing illegal online pharmacies. The Maharashtra FDA has approached DCGI for regulating illegal online pharmacies operating in India. Similarly, the Hyderabad drug authorities are also keen on regulating illegal sale of drugs through online mechanism.

Although these are good developments yet they are too insignificant to make any potential impact upon the flourishing illegal online pharmacy industry of India. The websites pertaining to Ayurvedic and Nutraceuticals have further complicated the scenario. It is high time for Indian government to take strict penal action against illegal online pharmacy, Ayurveda and Nutraceutical websites as soon as possible.

Friday, March 28, 2014

Regulatory Compliances Under Indian Companies Act 2013 In Pipeline

The corporate environment of India all set for a big change that has brought tremendous regulatory obligations on the part of Indian companies. The hints of such change were obvious even before the recent notifications under the Indian Companies Act, 2013 (PDF) by the Ministry of corporate Affairs (MCA).

MCA has recently notified 183 sections under the Companies Act, 2013 and rules for 11 chapters under the Act. A complete list of all these notifications and the potential techno legal compliances that Indian companies may be required to follow from 01-04-2014 is available here. The same has been provided by New Delhi based corporate and ICT law firm Perry4Law.

According to Perry4Law, MCA has notified Rules for 11 chapters of the Companies Act, 2013. These include Rules for specifications and definitions, incorporation of companies, prospectus and allotment of securities, shares and debentures, registration of charges, management and administration, declaration and payment of dividend, accounts, appointment and qualification of directors, board meetings and powers, and corporate social responsibility.

As these Sections and Rules would become operational from 1st April 2014 there would be lots of regulatory compliance issues that would be involved. Similarly, it is not easy to migrate from the 1956 Act to the 2013 Act so easily. The times have changed especially due to the techno legal requirements that Indian companies cannot ignored anymore. These include cyber law due diligence (PDF) and cyber security due diligence, opined Perry4Law.

It would be in the best interest of all Indian companies to manage their regulatory issues as soon as possible. Further, it would take considerable time before the true implications of the Indian Companies Act, 2013 and the corresponding rules thereunder would be understood by the companies. Early starters would definitely be at advantageous position.