Sunday, January 29, 2012

Google And Facebook Must Comply With Indian Laws

Companies like Google, Facebook, etc are facing criminal trial in India. With the passage of time, more and more legal arsenal is now becoming available for Indian courts to hold these companies liable for violation of Indian laws. In fact, hints are now given that these companies are deliberately ignoring and violating Indian laws like copyright law, trademarks law and cyber law of India of which United States must take a serious and urgent notice.

Even laws of United States like Digital Millennium Copyright Act (DMCA) 1998 (DMCA) and Online Copyright Infringement Liability Limitation Act (OCILLA) are not complied with by many US companies and websites. A recent DMCA complaint filed with Google Incorporation and notice to Google India are still to be complied with as per US and Indian laws.

In fact, Perry4Law and Perry4Law Techno Legal Base (PTLB) have also provided their suggestion for the strengthening of remedies for small copyright claims in US that covers acts or omissions of companies like Google as well. These suggestions also cover the practical difficulties that Indian nationals, companies and Indian government face while getting the offending contents removed from companies like Google, WordPress, etc.

The new privacy policy and terms of service of Google have been recently announced and the same would become applicable from 01-03-2012. It has many far reaching legal consequences that are applicable to Indian cyberspace as well. India must develop alternatives of DMCA complaint to Google, WordPress and other companies and websites. Wherever applicable, legal blocking of foreign websites in India as per Indian laws must also be performed.

We believe that India must take urgent steps so that companies and websites like Google, Facebook, etc comply with legal demands as per Indian laws as well. We suggest the following in this regard:

(1) All subsidiary/Joint ventures companies operating in India that deal in information technology and online environment, must mandatorily establish a server in India. Otherwise, such companies and their websites should not be allowed to operate in India.

(2) A stringent liability for Indian subsidiaries dealing in information technology and online environment must be established by laws of India.

(3) More stringent online advertisement and e-commerce provisions must be formulated for Indian subsidiary companies and their websites.

We at Perry4Law and PTLB believe that any attempt by Internet intermediaries to pre screen contents uploaded by users in India is not practical and feasible. However, we believe that cyber law due diligence by Internet intermediaries operating in India cannot be taken casually and with great disregard to India laws as is presently happening in India. If companies are not willing to follow either foreign laws like DMCA or Indian laws, they clearly lack the intention to comply with various legal frameworks.

In any case, companies and websites that have Indian existence and are deriving financial gains from India must adhere to India’s laws that they are currently flouting. We hope the lower court and Delhi High Court would consider these aspects as well while deciding the fate of these companies.

Saturday, January 28, 2012

India Must Invent Alternatives Of DMCA Complaint To Google And Others

Of late foreign companies and websites like Google, Facebook, etc are increasingly finding themselves in the legal net of India. In fact, a criminal case is already pending against Google, Facebook, etc for failure to exercise cyber law due diligence.

If websites like Google, Facebook, etc fail to exercise cyber law due diligence as per the requirements of Indian information technology act, 2000 (IT Act 2000), the Internet intermediary protection is lost. All that is required to make Internet intermediaries like Google, Facebook, etc liable under Indian laws is to notify them about the objectionable contents.

The objectionable contents may take the form of defamatory contents, cyber stalking, pornography, religious riots incitement materials, intellectual property violating contents, etc. Indian cyber law allows 36 hours to such Internet intermediaries to remove the offending contents from their platforms.

While there is no problem in applying Indian laws to foreign companies and websites operating in India yet these companies and websites use the façade of parent company by declaring themselves as mere subsidiaries of such parent companies. And when these parent companies are called to comply with Indian laws, they openly deny the same by saying that they are governed by foreign laws.

Naturally, Indians also cannot be forced to follow foreign laws like Digital Millennium Copyright Act (DMCA) 1998 and Online Copyright Infringement Liability Limitation Act (OCILLA).

As many of you may be aware that we are currently pursuing a copyright violation, trademark infringement and impersonation matter with Google Incorporation and Google India. Further, Perry4Law and Perry4Law Techno Legal Base (PTLB) have also provided their suggestions to US Copyright office regarding remedies for small copyright claims in United States so that interests of small copyright holders can be protected.

We have also filed a DMCA complaint to Google Incorporation (US) and a notice under IT Act 2000 to Google India on 22-01-2012 for copyright violation, trademark infringement and impersonation.

From the responses we received so far, it seems Google Incorporation is not willing to respect and comply with Indian laws and Indian legal requests even if DMCA procedure is duly complied with. We are still waiting for the response of Google India and would proceed further once the time limit of 36 hours is expired.

However, this has forced us to think in a very different direction. We believe that India must take urgent steps so that companies and websites like Google, Facebook, etc comply with legal demands as per Indian laws as well. We suggest the following in this regard:

(1) All subsidiary/Joint ventures companies in India, especially those dealing in information technology and online environment, must mandatorily establish a server in India. Otherwise, such companies and their websites should not be allowed to operate in India.

(2) A stringent liability for Indian subsidiaries dealing in information technology and online environment must be established by laws of India.

(3) More stringent online advertisement and e-commerce provisions must be formulated for Indian subsidiary companies and their websites.

Further, US government needs to change its policies towards foreign IP infringements and enforcements. Incidences like not following laws of other jurisdictions are responsible for enacting harsh laws like SOPA and PIPA. These incidences are also responsible for filing of civil and criminal complaints against companies like Google in India.

Indian government and Indian courts need to consider these aspects while deciding various cases against foreign websites and social media platforms. If Indian intellectual property and cyber laws are not respected, there is no other option but to choose a harsh stand of foreign websites blocking in India.

The matter would come for hearing before the Delhi High Court on 02-02-2012 and we hope the Delhi High Court would take judicial note of these facts also while adjudicating upon that matter.

Thursday, January 26, 2012

Google’s New Privacy Policy And Terms Of Service As On March 2012

Google is presently managing 60 different privacy policies across multiple products and services of Google and is in the process of replacing them with a single privacy policy that’s a lot shorter and easier to read. The updated Google Privacy Policy and Terms of Service are available online to read and analyse. These changes will take effect on March 1, 2012.

Google new privacy policy would allow sharing of personal information for many reasons including for legal reasons. Google will share personal information with companies, organizations or individuals outside of Google if it has a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:

(a) Meet any applicable law, regulation, legal process or enforceable governmental request.
(b) Enforce applicable Terms of Service, including investigation of potential violations.
(c) Detect, prevent, or otherwise address fraud, security or technical issues.
(d) Protect against harm to the rights, property or safety of Google, our users or the public as required or permitted by law.

Google’s enforcement aspects have also been explained by the new privacy policy. Google regularly reviews its compliance with the Privacy Policy. Google also adheres to several self regulatory frameworks. When Google receives formal written complaints, Google will contact the person who made the complaint to follow up. Google works with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of personal data that Google cannot resolve with our users directly.

Google’s Terms of Services (TOS) also carry many interesting aspects. These TOS provide that the user must follow any policies made available to him within the Services. Google does not allow misusing its Services. For example, a user must not interfere with Google’s Services or try to access them using a method other than the interface and the instructions that Google provides. A user may use Google’s Services only as permitted by law, including applicable export and re-export control laws and regulations. Google may suspend or stop providing its Services to the user if he does not comply with Google’s terms or policies or if Google is investigating suspected misconduct.

Google’s Services display some content that is not Google’s. This content is the sole responsibility of the entity that makes it available. Google may review content to determine whether it is illegal or violates its policies, and Google may remove or refuse to display content that Google reasonably believe violates its policies or the law. But that does not necessarily mean that Google reviews content.

Google responds to notices of alleged copyright infringement and terminate accounts of repeat infringers according to the process set out in the U.S. Digital Millennium Copyright Act.

Google provides information to help copyright holders manage their intellectual property online. If you think somebody is violating your copyrights and want to notify Google, you can find information about submitting notices and Google’s policy about responding to notices in its Help Center.

The laws of California, U.S.A., excluding California’s conflict of laws rules, will apply to any disputes arising out of or relating to these terms or the Services. All claims arising out of or relating to these terms or the Services will be litigated exclusively in the federal or state courts of Santa Clara County, California, USA, and you and Google consent to personal jurisdiction in those courts.

Video Conferencing Laws In India

Video conferencing is increasingly being used for the purposes of digital evidencing in India. Video conferencing would also be an important part of e-courts of India once they would be established. Presently, video conferencing is used for many computerised courts in India.

The information technology act 2000 (IT Act 2000) is the cyber law of India that has provided a legal framework for electronic governance, electronic commerce and many other aspects of online dealing. By implications, the IT Act 2000 also allows use of video conferencing for various purposes.

Despite these provisions and active use of video conferencing in India, video conferencing in India is a troubled technology. The recent episode of Rajasthan government and Rajasthan police not allowing the video conferencing of Salman Rushdie shows Indian anxiety with use information technology.

This controversy happened because we have no dedicated video conferencing laws and regulations in India. Obviously, we have no dedicated video conferencing blocking laws in India as well. In the absence of a clear cut law, Indian government is still applying traditional methods to regulate video conferencing in India. However, if at all any law applies to video conferencing in India the same must be the IT Act 2000 and not any Police Act or local law.

Surprisingly, few of our posts pertaining to video conferencing disappeared from Google India’s SERPs and Blogs search results and appeared again only after reporting of the same. It seems controversial posts that are well within the constitutional right to speech and expressions are screened in India once they are posted. But who is doing so is still a big question that must be answered to properly analyse the role of Internet intermediaries in India in this regard.

While Internet intermediaries have declined to pre screen users generated contents yet post screening is happening in many cases. If this post screening is happening due to Internet intermediary law of India then such post screening and removal may be fine if legally and constitutionally done. This is so because if the companies and Internet intermediaries fail to observe cyber law due diligence in India they may face civil and criminal trials in India.

It would be a good idea to clarify the position of use of video conferencing in India by Indian government so that its uses, abuses and regulation can be legally managed.

Wednesday, January 25, 2012

Foreign Exchange (Compounding Proceedings) Rules, 2000 Of India

Reserve Bank of India (RBI) has been appointed as one of the Compounding Authority under the Foreign Exchange Management Act 1999 (FEMA 1999) that can compound certain contravention under the FEMA 1999. The regional offices of RBI have been given compounding powers under the FEMA Act 1999.

Further, the RBI master circular on compounding of contraventions under Indian FEMA 1999 has been recently issued. It prescribes a set procedure for compounding of contraventions under Indian FEMA 1999. The compounding authority (CA) can compound contraventions committed under the FEMA Act 1999 if an application has been duly made in the prescribed manner. Even a post compounding procedure of compounding authority under the Indian FEMA 1999 has been prescribed.

The Central Government has formulated the Foreign Exchange (Compounding Proceedings) Rules, 2000 under section 46 read with sub-section (1) of section 15 of the FEMA, 1999. The Rules are as follow:

(1) These Rules have come into force on the 1st day of June, 2000.

(2) Definitions - In these rules, unless the context otherwise requires -
(a) 'Act' means the Foreign Exchange Management Act, 1999 (42 of 1999);
(b) 'Authorised officer' means an officer authorised under sub-rule (1) of rule 3;
(c) 'Applicant' means a person who makes an application under section 15 (1) of the Act to the compounding authority;
(d) 'Compounding Order' means an order issued under sub-section (1) of Section 15 of the Act;
(e) 'Form' means a form appended to these rules;
(f) 'Section' means a section of the Act;
(g) All other words and expressions used in these rules and not defined but defined in the Act, shall have the meaning respectively assigned to them in the Act.

(3) (1) 'Compounding Authority' means the persons authorised by the Central Government under sub-section (1) of section 15 of the Act, namely;
(a) An officer of the Enforcement Directorate not below the rank of Deputy Director or Deputy Legal Adviser (DLA).
(b) An officer of the Reserve Bank of India not below the rank of the Assistant General Manager.

(4) Power of Reserve Bank to compound contravention -
[(1) If any Person contravenes any provisions of Foreign Exchange Management Act, 1999 (42 of 1999) except clause (a) of Section 3 of the Act.]
(a) In case where the sum involved in such contravention is ten lakhs rupees or below, by the Assistant General Manager of the Reserve Bank of India;
(b) In case where the sum involved in such contravention is more than rupees ten lakhs but less than rupees forty lakhs, by the Deputy General Manager of Reserve Bank of India;
(c) In case where the sum involved in the contravention is rupees forty lakhs or more but less than rupees hundred lakhs by the General Manager of Reserve Bank of India;
(d) In case the sum involved in such contravention is rupees one hundred lakhs or more, by the Chief General Manager of the Reserve Bank of India;

Provided further that no contravention shall be compounded unless the amount involved in such contravention is quantifiable.

(2) Nothing contained in sub-section (1) shall apply to a contravention committed by any person within a period of three years from the date on which a similar contravention committed by him was compounded under these rules.

Explanation: For the purposes of this rule, any second or subsequent contravention committed after the expiry of a period of three years from the date on which the contravention was previously compounded shall be deemed to be a first contravention.

(3) Every officer specified under sub-rule (1) of rule 4 of the Reserve Bank of India shall exercise the powers to compound any contravention subject to the direction, control and supervision of the Governor of the Reserve Bank of India.

(4) Every application for compounding any contravention under this rule shall be made in Form to the Reserve Bank of India, Exchange Control Department, Central Office, Mumbai along with a fee of Rs. 5000/- by Demand Draft in favour of compounding authority.

(5) The Power of Enforcement Directorate to compound contraventions -

2[(1) If any Person contravenes provisions of Section 3(a) of Foreign Exchange Management Act.]

(a) In case where the sum involved in such contravention is five lakhs rupees or below, by the Deputy Director of the Directorate of Enforcement;
(b) In case where the sum involved in such contravention is more than rupees five lakhs but less than rupees ten lakhs, by the Additional Director of the Directorate of Enforcement;
(c) In case where the sum involved in the contravention is rupees ten lakhs or more but less than fifty lakhs rupees by the Special Director of the Directorate of Enforcement;
(d) In case where the sum involved in the contravention is rupees fifty lakhs or more but less than one crore rupees by Special Director with Deputy Legal Adviser of the Directorate of Enforcement;
(e) In case the sum involved in such contravention is one crore rupees or more, by the Director of Enforcement with Special Director of the Enforcement Directorate.
Provided further that no contravention shall be compounded unless the amount involved in such contravention is quantifiable.

(2) Nothing contained in sub-section (1) shall apply to a contravention committed by any person within a period of three years from the date on which a similar contravention committed by him was compounded under these rules.

Explanation: For the purposes of this rule, any second or subsequent contravention committed after the expiry of a period of three years from the date on which the contravention was previously compounded shall be deemed to be a first contravention.

(3) Every officer of the Directorate of Enforcement specified under sub-rule (1) of this rule shall exercise the powers to compound any contravention subject to the direction, control and supervision of the Director of Enforcement.

(4) Every application for compounding any contravention under this rule shall be made in Form to the Director, Directorate of Enforcement, New Delhi, along with a fee of Rs.5000 by DD in favour of the Compounding Authority.

(6) Where any contravention is compounded before the adjudication of any contravention under section 16, no inquiry shall be held for adjudication of such contravention in relation to such contravention against the person in relation to whom the contravention is so compounded.

(7) Where the compounding of any contravention is made after making of a complaint under sub-section (3) of section 16, such compounding shall be brought by the authority specified in rule 4 or rule 5 in writing, to the notice of the Adjudicating Authority and on such notice of the compounding of the contravention being given, the person in relation to whom the contravention is so compounded shall be discharged.

(8) Procedure for Compounding -

(1) The Compounding Authority may call for any information, record or any other documents relevant to the compounding proceedings.
(2) The Compounding Authority shall pass an order of compounding after affording an opportunity of being heard to all the concerned as expeditiously as possible and not later than 180 days from the date of application.

(9) Payment of amount compounded -

The sum for which the contravention is compounded as specified in the order of compounding under sub-rule (2) of rule 8, shall be paid by demand draft in favour of the Compounding Authority within fifteen days from the date of the order of compounding of such contravention.

(10) In case a person fails to pay the sum compounded in accordance with the rule 9 within the time specified in that rule, he shall be deemed to have never made an application for compounding of any contravention under these rules and the provisions of the Act for contravention shall apply to him.

(11) No contravention shall be compounded if an appeal has been filed under section 17 or section 19 of the Act.

(12) Contents of the order of the Compounding Authority -

(1) Every order shall specify the provisions of the Act or of the rules, directions, requisitions or orders made there under in respect of which contravention has taken place along with details of the alleged contravention.
(2) Every such order shall be dated and signed by the Compounding Authority under his seal.

(13) Copy of the order - One copy of the order made under rule 8(2) shall be supplied to the applicant and the Adjudicating Authority as the case may be.

Tuesday, January 24, 2012

Post Compounding Procedure Of Compounding Authority Under Indian FEMA Act 1999

In this special column, Mr. B.S.Dalal, Senior Partner at Perry4Law and a Techno Legal Banking and Financial Expert, is discussing the post compounding procedure for Compounding Of Contraventions Under Indian FEMA, 1999, as followed by the Compounding Authority.

Reserve Bank of India (RBI) is one of the Compounding Authority under the Indian Foreign Exchange Management Act (FEMA), 1999 that compounds certain contravention under the FEMA Act 1999. The regional offices of RBI have been given compounding powers under the FEMA Act 1999.

RBI master circular on compounding of contraventions under Indian FEMA 1999 has been recently issued. It prescribes a set procedure for compounding of contraventions under Indian FEMA 1999. The compounding authority (CA) can compound contraventions committed under the FEMA Act 1999 if an application has been duly made in the prescribed manner.

Once an application has been made in prescribed manner and a compounding order has been made, the post compounding procedure starts. It is as follows:

(1) The sum for which the contravention is compounded as specified in the order of compounding under sub-rule (2) of Rule 8 of Foreign Exchange (Compounding Proceedings) Rules, 2000 is payable by way of a demand draft in favour of the “Reserve Bank of India” within fifteen days from the date of the order of compounding of such contravention. The demand draft has to be deposited in the manner as directed in the compounding order.

(2) The provisions of the Rules do not confer any right on the contravener, after a compounding order is passed, to seek to withdraw the order or to hold the compounding order as void or request a review of the order passed by the CA.

(3) In case of failure to pay the sum compounded within the time specified in the compounding order, it shall be deemed in terms of Rule 10 of the Foreign Exchange (Compounding Proceedings) Rules, 2000, that the contravener had never made an application for compounding of any contravention under these Rules.

(4) On realization of the demand draft for the sum for which contravention is compounded, a certificate in this regard shall be issued by the Reserve Bank subject to the specified conditions, if any, in the order.

(5) In respect of the contraventions of FEMA, 1999 (as defined in section 13 of the FEMA, 1999), which are not compounded by the Compounding Authority, other relevant provisions of FEMA, 1999, shall apply.

However, there are certain pre-requisites for compounding process that must be met by the contravener before a compounding order can be passed. These are as follow:

(1) In respect of a contravention committed by any person within a period of three years from the date on which a similar contravention committed by him was compounded under the Compounding Rules, such contraventions would not be compounded. Such contravention would be dealt with under relevant provisions of the FEMA, 1999 for contravention. Any second or subsequent contravention committed after the expiry of a period of three years from the date on which the contravention was previously compounded shall be deemed to be a first contravention.

(2) Contraventions relating to any transaction where proper approvals or permission from the Government or statutory authority concerned, as the case may be, have not been obtained, such contraventions would not be compounded unless the required approvals are obtained from the authorities concerned.

(3) Cases of contravention, such as, those having a money laundering angle, national security concern and / or involving serious infringements of the regulatory framework or where the contravener fails to pay the sum for which contravention was compounded within the specified period in terms of the compounding order, shall be referred to the Directorate of Enforcement for further investigation and necessary action under FEMA, 1999 or to the authority instituted for implementation of the Prevention of Money Laundering Act 2002, (PMLA) or to any other agencies, for necessary action , as deemed fit.

(4) The Reserve Bank generally advises the persons concerned of their choice and option to make an application for compounding as and when such contraventions come to its notice. The facts constituting such contraventions will be brought to the notice of the Directorate of Enforcement in case no application for compounding is made within the time indicated by the Reserve Bank.

RBI Master Circular On Compounding Of Contraventions Under Indian FEMA, 1999

In this special column, Mr. B.S.Dalal, Senior Partner at Perry4Law and a Techno Legal Banking and Financial Expert, is discussing the current position of Compounding Of Contraventions Under Indian FEMA, 1999.

In the past, Reserve Bank of India (RBI) has liberalised and decentralized many crucial issues of Indian Foreign Exchange Management Act (FEMA), 1999. This includes the procedure for compounding of contraventions under the FEMA 1999. Now the RBI has issued a master circular that further elaborates about this crucial issue.

The compounding of contraventions under FEMA, 1999 is a voluntary process by which an applicant can seek compounding of an admitted contravention of any provision of FEMA, 1999 under Section 13(1) of the FEMA, 1999.

The compounding provisions are presently available till 30th June 2012 as they are subject to a sunset clause of one year. In short, the master circular would cease to be operative on July 1, 2012 and would be replaced by a new Master Circular in this regard.

Under the FEMA 1999, if an individual/person violates the provisions of this Act or corresponding rules, notifications, direction, etc, he shall, upon adjudication, be liable to a penalty up to thrice the sum involved in such contravention where the amount is quantifiable or up to Rupees Two lakh, where the amount is not quantifiable.

For repeated infringers more stringent provisions have been prescribed. The Act provides that where the contravention is a “continuing one”, further penalty, which may extend to Rupees Five thousand for every day after the first day during which the contravention continues, may be imposed.

As per the Rule 4 of the Foreign Exchange (Compounding Proceedings) Rules, 2000, the powers to compound the contraventions have been prescribed for compounding authorities with regard to the sum involved in such contravention and no contravention shall be compounded unless the amount involved in the contravention is quantifiable.

The Foreign Exchange (Compounding Proceedings) Rules, 2000 empowers RBI to compound contraventions under FEMA, 1999. The provisions of Section 15 of FEMA, 1999 permit compounding of contraventions and empower the Compounding Authority to compound any contravention as defined under Section 13 of the Act on an application made by the person committing such contravention either before or after the institution of adjudication proceedings.

The responsibility of administering compounding of contraventions has been entrusted to RBI except contraventions that are covered under Section 3(a) of FEMA, 1999. Thus, collectively the compounding powers of RBI and the Directorate of Enforcement (DoE), respectively, are as under:

(a) RBI has been empowered to compound the contraventions of all the Sections of FEMA, 1999, except clause (a) of Section 3 of the Act,

(b) Directorate of Enforcement would exercise powers of compounding under clause (a) of Section 3 of FEMA, 1999 (dealing essentially with Hawala transactions).

For effective implementation of compounding process under FEMA, 1999, RBI has framed the procedure for compounding of contraventions. Once a contravention has been compounded by the Compounding Authority, no proceeding or further proceeding will be initiated or continued, as the case may be, against the contravener.

The Regional Offices of the RBI, as mentioned below, can compound the contraventions of FEMA involving (i) delay in reporting of inward remittance, (ii) delay in filing of form FC-GPR after allotment of shares and (iii) delay in issue of shares beyond 180 days (viz. paragraphs 9(1)(A), 9(1)(B) and 8, respectively, of the Schedule I to the Foreign Exchange Management (Transfer or Issue of Security by a Person Resident Outside India) Regulations, 2000, notified vide Notification No. FEMA 20/2000-RB dated 3rd May 2000 and as amended from time to time:

(a) Bhopal, Bhubaneshwar, Chandigarh, Guwahati, Jaipur, Jammu, Kanpur, Kochi, Patna and Panaji for amount of contravention below Rupees One hundred lakh only (Rs. 1,00,00,000 /-).

(b) Ahmedabad, Bangalore, Chennai, Hyderabad, Kolkata, Mumbai and New Delhi for amount of contravention without any limit.

Video Conferencing Blocking Laws In India

Video conferencing has revolutionized the way our say to day affairs are managed. Video conferencing facilitates many important commercial and personal communications in a cost effective and efficient manner.

Obviously, video conferencing is regulated by laws of various nations. However, we have no dedicated video conferencing law in India. Of course, some shades of video conferencing regulations are governed by the cyber law of India incorporated in the form of information technology act 2000 (IT Act 2000).

However, there is no express provision that talks about blocking of video conferencing in India except to the extent permitted by the IT Act 2000. Video conferencing, just like other electronic communications, should be allowed unless it can be blocked as per the provisions of IT Act 2000 or other applicable laws. Even for such blocking of video conferencing in India, the norms established by the IT Act 2000 or any other similar law must be followed.

It seems the norms laid down by the IT Act 2000 have not been followed by the Rajasthan government and Rajasthan police and by not allowing the video conferencing of Salman Rushdie, without complying with the requirements of IT Act 2000, they have clearly transgressed the constitutional limitations that they are constitutionally bound to observe.

The fundamental right to speech and expression cannot be defeated through arbitrary and extraneous methods. Right to speech and expression can be curtailed only as per the well established constitutional procedure.

Although the intentions of Rajasthan government may be legal and justified yet the manner of executing those intentions is clearly unconstitutional. The legality and constitutionality of the Rajasthan government’s action is still doubtful and appropriate action must be taken in this regard.

Video Conferencing Laws And Regulations In India

Use of vide conferencing in business community of India is not new and it is in use for long. Even use of vide conferencing for legal and judicial purposes is not new in India. Courts in India have been using video conferencing for litigation purposes especially for receiving evidence from witness.

Even Indian laws like Information Technology Act, 2000 (IT Act 2000), Code of Criminal Procedure, 1973, Indian Evidence Act, 1872, etc allows use of video conferencing for various legal and judicial purposes. The cyber law of India even confers recognition to electronic documents, e-governance and e-commerce.

Use of information technology for legal and judicial purposes is well known. For instance, IT can be use for establishment of e-courts in India. Similarly, IT can also be used for establishing online dispute resolution (ODR) mechanism in India. Even electronic bail granting and communication system in India may be a possibility in near future.

However, use of video conferencing in India is not free from trouble. Recently a man who filed his divorce petition through a video conference from Canada was directed to make a personal appearance in the court. Now personal appearance is a concept that strikes at the very concept of e-courts and video conferencing.

Similarly, the recent cancellation of the Salman Rushdie’s video conferencing in India is another example of troubled use of the same in India. It seems the permission to broadcast such video conferencing was not given by the police.

Crucial speech and expression and law and order maintenance issues are involved in such cases. There is an urgent need to formulate clear and constitutional norms and regulations regarding video conferencing in India.

Monday, January 23, 2012

Legal Issues Of Cloud Computing In India

Cloud computing is a process in which essential hardware and software based services are provided by a third party with no requirement to install such hardware and software by the service seeker. In other words, computational powers, hardware upgrades and latest software are provided on rent in an online environment where individuals and organisations can use the same.

Cloud computing is basically a cost saving mechanism where hardware and software costs are saved by using third party hardware and software. However, cloud computing has its own share of troubles especially in countries like India.

For instance, as per the research and studies of Perry4Law and Perry4Law Techno Legal Base (PTLB), cloud computing in India is risky and India is not ready for cloud computing. Now even other companies have endorsed this conclusion and it has been reported that chief information officers (CIOs) in India are not comfortable using cloud computing in India.

So the chief problem that is emerging in India is that cloud computing in India is still not trusted and India is still not ready for cloud computing. We have no cloud computing policy of India.

This is the reason why cloud computing in India is still at the infancy stage. The primary reasons for this situation is absence of legal framework for cloud computing in India, missing privacy laws, absence of data protection laws in India, inadequate data security in India, etc. Even the basic level cloud computing regulations in India are missing.

Even the cloud computing due diligence in India is missing and companies and individuals are using the same in great disregard of the various laws of India. Cloud computing service providers in India are required to follow cyber law due diligence in India. The cyber law due diligence for Indian companies is now well established but cloud computing and e-commerce service providers are not taking it seriously.

In fact, some companies are already facing a criminal trial in India for posting of objectionable contents by third parties on their platforms. Cloud companies are also required to follow the cyber law of India before they establish their businesses in India. This seems to be missing for the time being.

In fact, many legal experts in India have opined that India must not use software as a service (SaaS), cloud computing, m-governance, etc till proper legal frameworks and procedural safeguards are at place. This has also been accepted by the CIOs community and it is now for the Indian government to do the needful.

Huawei And ZTE In Telecom Security Tangle Of India

With the proposal to establish National Telecom Network Security Coordination Board (NTNSCB) of India, the issues of cyber security and telecom security in India have arisen once again. Even the national telecom policy of India 2011 reflects these concerns.

The issues pertaining to telecom security policy in India and telecom equipments security framework in India are not new. The home ministry of India and ministry of information and communication technology have been raising security concerns regarding telecom hardware manufactured by foreign dealers. Concerns regarding possible existence of backdoors in such hardware are frequently raised in India.

There is no mechanism in India through which telecom hardware and software can be analysed for backdoors and malware. Indian government has declared that telecom equipments must be certified by TEC before use in India. A proposal to store call data records has also been given. The norms for import of telecom equipments in India would also be formulated very soon (may be already formulated).

At present, India has two separate policy guidelines for import of telecom gear. Chinese vendors such as Huawei and ZTE follow the July 2010 guidelines while Western telecom equipment manufacturers were given the option of following the policy issued in late 2009, after they refused to operate in India under the July rules.

According to latest news, in an internal report, the security unit of the department of telecommunication (DoT) has raised fresh concerns about Chinese equipment vendors - Huawei and ZTE. The report adds that India must also be on the guard against equipment from the West, including US and Europe. It has been reported that the new security norms had brought all these vendors under a common security framework.

To counter the possible threats from foreign hardware vendors, India is encouraging to develop indigenous hardware manufacturing capabilities. In fact, India has announced to give preferences, including tax cuts, to indigenously manufactured telecoms equipment, despite concerns raised by the United States and the European Union, which had said that such concessions would violate WTO commitments.

There is an urgent need to provide reasonable and sufficient regulatory norms regarding telecom security in India. The sooner they are formulated the better it would be for all the telecom stakeholders in India.

National Telecom Network Security Coordination Board (NTNSCB) Of India

Announcement pertaining to telecom security and cyber security in India have been made from time to time. Even a new national telecom policy of India 2011/2012 has also been suggested by Department of Telecommunication (DoT), India.

DoT has also suggested the creation of the Telecoms Security Council of India (TSCI) that would look into security related aspects of hardware and network equipments. In the past proposals for the establishment of Telecom Security Regulatory Authority of India (TSRAI) were also mooted.

However, till now we have no telecom security policy in India and telecom equipments security framework in India. There is no mechanism in India through which telecom hardware and software can be analysed for backdoors and malware. Now Indian government has declared that telecom equipments must be certified by TEC before use in India. A proposal to store call data records has also been given. The norms for import of telecom equipments in India would also be formulated very soon. Similarly, a telecom security policy of India may also be drafted.

In the past news regarding establishment of various authorities to safeguard telecom security in India have also surfaced. These proposed authorities include Authority for Telecom Security in India, Telecom Security Council of India, etc. Further legal framework to streamline telecom related issues in India have also bee suggested. The National Spectrum Act of India is also in pipeline.

Now as per the latest news, Indian government is planning to form a new body to supervise telecom and cyber security in India. This may be a good step in right direction or just another declaration with no actual implementation, just like the past declarations.

The proposed body plans to oversee telecom and cyber security to avoid overlap between various ministries and intelligence agencies that are currently handling this issue. The proposed body has been given the name National Telecom Network Security Coordination Board (NTNSCB) of India.

It has been proposed to establish the same at Department of Information technology (DIT) and it may be headed by the telecom secretary. The NTNSCB will have representatives from the defence and home ministries, intelligence agencies, IT department, intelligence bureau, National Security Advisor and NTRO, among others reports Economic Times.

In addition to suggesting measures to address network security related issues, NTNSCB will also set up objectives and targets to the various departments and agencies handling telecom and cyber security related issues. The NTNSCB may also facilitate the Central Monitoring system (CMS) Project of India. This is a good step and its implementation is urgently required.

Saturday, January 21, 2012

Legal Actions Against Offending Foreign Websites In India

Websites based in foreign jurisdictions are engaging in various forms of illegal activities that are offences under Indian laws. For instance, they are openly violating intellectual property rights (IPRs) like copyright of Indian nationals. When these foreign websites are contacted to remove the offending contents, they simply ask you to follow foreign law procedures that are neither practical nor effective for an Indian national.

Take another example. A foreign website is openly hosting defamatory remarks as per Indian laws against you. You request the website to remove the same and the same are still not removed.

Another common example is hosting and publication of pornographic and obscene contents upon a platform or website. Even worst is the case when a morphed photograph of a female member of your family is posted on such platform. You contact the website to remove the same but they never listen to you.

Even worst case is the illegal sales of drugs and medicines online without a prescription slip. Many prohibited medicines are sold in countries through websites in clear disregard of local laws.

Another example may be of offering illegal sex determination tests through websites. Many countries of the world prohibit such testing and India is one of them.

These are some of the examples where day to day lives are affected by culpable conducts in an online environment. Many believe that no effective actions can be taken against such foreign websites in India. However, this is not true.

Under the cyber law of India, appropriate legal actions can be taken against such foreign websites if they have sufficient connection or nexus with Indian jurisdiction. Although an international cyber law treaty is required to being uniformity in legal frameworks yet till such time local laws of India and foreign laws can be invoked to get appropriate remedy.

Further, if nothing works, blocking of such offending websites in India can be undertaken. It would be wrong to suggest that such websites cannot be blocked in India by a court order or through an order of department of information technology, India.

India must formulate appropriate laws or regulations to make such offending foreign websites liable under Indian laws. Further, special regulations for their subsidiaries operating in India must be made so that they cannot do more business than as mentioned in such regulations. A sound tax framework for such subsidiaries must be formulated so that there cannot be any case of tax evasion and tax manipulations by such subsidiaries.

Monday, January 16, 2012

Cyber Law Trends Of India 2012

The cyber law trends of India 2011 were provided by Perry4Law and Perry4Law Techno Legal Base (PTLB). This trend covered many techno legal issues that are of tremendous importance to various stakeholders. However, it seems various stakeholders have still not taken issues like cyber law, cyber security, cyber due diligence, e-discovery, social media due diligence, etc seriously.

The year 2012 would be even more challenging for various stakeholders in India and world wide. This is more so for US based companies and websites that are increasingly involved in various conflict of laws issues with India. Some of the issues that may be challenging of various stakeholders in 2012 include legal issues of cyber security, privacy and data protection requirements, cloud computing security and privacy issues, e-surveillance and Internet censorship issues, cyber due diligence requirements, social media due diligence, data privacy laws, online IP violations including copyright violations issues, etc.

The cyber law due diligence in India struck the first blow in the year 2012. Companies like Google, Yahoo, Microsoft, Facebook, etc are already facing criminal prosecution under the cyber law of India and other criminal laws. So serious is the situation that the executives of parent companies of these companies have been summoned to personally appear before Indian court.

Further, online copyright violations by US websites are also testing the effectiveness of US laws vis-à-vis foreign IP rights enforcement. Many websites in US are talking advantage of the conflict of laws and hide behind US laws to escape copyright violation liabilities. In fact, the US copyright office is trying to streamline the Digital Millennium Copyright Act (DMCA) 1998 requirements pertaining to DMCA agents so that safe harbour protection cannot be misused by US based websites.

Perry4Law and PTLB believe that the year 2012 would bring many techno legal challenges in the fields like cyber law, cyber security, e-discovery, cyber law due diligence, online IP enforcements, etc. Further, new fields like e-legal due diligence and technological legal due diligence in India would also assume significance. It would be a good idea to formulate suitable policies in this regard by various stakeholders.

US Companies, India, Conflict Of Laws And Criminal Liabilities

Companies like Google, Microsoft, Yahoo, etc and social media websites like Facebook, etc are currently facing criminal trail in India for not removing objectionable contents from their respective websites.

According to cyber law of India and laws of other jurisdiction, the safe harbour protection of Internet intermediaries is lost the moment they are notified of the offending act or omission. However, till they are notified regarding offending contents, they are not liable for violations committed by their users.

However, US companies are not following Indian laws and they are insisting upon following of US laws even if Indian laws are clearly violated. For instance, websites located in US are openly violating the copyright of Indian websites and when they are contacted in this regard to remove the copyright violating posts they ask Indians to use US laws like Digital Millennium Copyright Act (DMCA) 1998.

Surprisingly, even if these US companies are informed in writing and with relevant information like weblinks of copyright violating posts and copyright subsisting posts, they still insist upon following of DMCA procedure. What is more frustrating is that a majority of these US websites and companies are themselves not following the requirements of DMCA and hence are not entitled to its safe harbour protection.

Even in the case of cyber laws, US companies are applying US standards and are not following Indian standards. This is a classic situation that is occurring due to conflict of laws. This is also the reason why an international cyber law treaty is required to being harmonious application of cyber law principles.

US need to change its policy regarding enforcement of foreign IP rights and cyber laws. By not respecting the laws of other countries, US websites and companies are imposing laws like SOPA and PIPA upon themselves. Further, companies like Google must pay special attention as they are deriving revenue out of online advertisements placed upon such copyright violating posts. This makes them not only a beneficiary but also liable for damages in appropriate cases.

Companies like Microsoft, Yahoo, Google and Facebook are facing prosecution under the Indian cyber law. Further, if we analyse the cyber law trends in India of 2012 and cyber security trends of India 2012, such prosecutions are going to increase further in future. Insisting upon following of US laws to take action against offenders and websites located in US would not serve any purpose if branches or subsidiaries of such companies are located in India. Further, if such websites and companies fail to comply with Indian laws, Indian government can block such foreign websites in India.

The present litigation before Indian courts is just a beginning and US companies and websites must start respecting Indian laws. If cyber crimes are committed with great disregard to Indian laws and the copyright and other IP rights are openly violated by such companies and websites, their prosecution in India is inevitable. Perry4Law and Perry4Law Techno Legal Base (PTLB) strongly recommend that such foreign companies and websites must ensure cyber due diligence in India to escape various civil, criminal and financial obligations.

Why Vinay Rai Did Not Contact The Concerned Websites?

Vinay Rai, the person behind criminal complaint against social media websites and companies like Facebook and Google, has become instrumental in testing the internet intermediary law of India. Presently, Google and Facebook are gripped in the Indian cyber law tangle.

To make the matter worst, not only the executives of parent companies have been personally summoned by the trial court but it has also been proved that Google and Facebook are beneficiaries of the revenue arising out of offending contents. This may make even the subsidiary companies of Google and Facebook liable for violation of Indian laws.

It is not the case that these companies have not protested in the past against the provisions of the Indian laws. For instance, Yahoo had filed a petition raising the questions regarding the right to privacy of a company that stores sensitive data of its customers and users and to what extent Indian authorities can coerce it to part with the information considered necessary to either track terror perpetrators or thwart future attacks.

The Google’s outcry for lack of Internet intermediary law in India is another example of growing dissatisfaction towards Indian cyber laws, especially Internet intermediary laws and social media laws of India. But the same has come too late and is too insignificant at this stage.

However, in this entire episode one thing is simply not understandable. Why Vinay Rai did not contact the concerned websites and brought to their knowledge about the offending contents? As per Vinay he did not deem it appropriate to approach foreign companies himself. Rather he thought it fit to invoke the governmental machinery to get appropriate remedy.

Surprisingly, he has been pursuing this matter with the information technology ministry for over a year now. The ministry took no action despite constant reminders and follow ups from his end. It was only two to three months ago that the ministry held an internal meeting on the issue and ordered enquiry.

It seems both Vinay Rai and our IT ministry are guilty of not taking appropriate steps in this regard. Clearly, Vinay Rai did not approach these companies and informed them about the offending contents. Now the only question that remains to be seen is whether the IT ministry has also not contacted these companies in this regard?

If even the IT ministry has not intimated these companies “appropriately”, then this may be as serious lapse on the part of Indian government. In such a situation companies like Google, Facebook, etc cannot be held liable for offensive contents posted by the users. Only time would tell what was communicated and what was not and who is responsible and who is not.

Corruption And Technology Related Due Diligences In India

The recent spate of corruption related disclosures in India has sent a strong message to Indian and foreign companies to ensure that their business are strictly in compliance with Indian and foreign laws. Naturally, companies that have entered into merger and acquisitions (M&A) in the past are now looking forward to ensure that nothing fishy happened during such M & A transactions.

These Indian and foreign companies are worried about the potential legal and tax liabilities arising out of various scams and corporate frauds and they are engaging law firms to do a due diligence analysis on the M&As or foreign direct investments (FDIs) they’ve made in India. Law firms are carrying out legal due diligence exercises to detect any loopholes that could result in liabilities on behalf of their clients to avoid litigation possibilities arising out of deals done in the past.

Some multinational companies are also doing legal due diligence to ensure that the Indian subsidiaries and companies they are about to invest or have already invested in are complying with the foreign laws like Foreign Corrupt Practices Act (FCPA) 1977 of the US and the UK Bribery Act 2010.

Even companies that are now exploring the possibility of M&A are taking precautions before entering into such partnerships. While there is no particular department for dealing with all the aspects of corporate business at a single place (Ministry of Corporate Affairs deals with corporate matters) yet department of information technology (DIT) is the chief department that deals with technology related issues. These include cyber law, cyber security, e-commerce, e-governance, spectrum allocation, telecom licensing, etc.

However, till now companies were not very cautious in their dealings in cyberspace and technology related fields. The information technology act 2000 (IT Act 2000) is the cyber law of India that prescribes various cyber law due diligence in India for areas like e-commerce, e-governance, Internet intermediary liability in India, social media due diligence in India, etc.

However, companies are in controversy these days in India. For instance, doubts have been raised regarding the manner in which Reliance and Airtel blocked websites in India. Similarly, some have even suggested that DIT must investigate the case of blocking of websites in India by Reliance, Airtel and other Internet service providers (ISPs).

Similarly, companies like Google, Facebook, etc are already in cyber law legal tangle in India. Indian government is claiming that these companies failed to comply with Indian laws, including cyber law of India. While the guilt or innocence of these companies is still to be established yet this episode has shown the importance of cyber due diligence for Indian companies.

Cyber crimes at social media websites in India are increasing and these social media platforms cannot ignore the same especially once they are made aware of the same. The social media websites investigation in India is going to increase and more and more e-discovery for social media in India would be conducted. Even cyber law due diligence for banks in India is going to increase.

Another area that requires a special mention is the contemporary practice known as e-legal due diligence in India. This requires domain specific techno legal expertise and a sound knowledge of both technical and legal aspects. It is an advanced and improved form of traditional legal due diligence in India that is done in an offline environment. With companies now shifting their data and information to data centers and virtual data rooms (VDRs), e-legal due diligence in India and abroad would be the norm.

Perry4Law and Perry4Law Techno Legal Base (PTLB) strongly recommend that Indian and foreign companies must conduct a thorough corruption and technology related due diligence analysis in India as soon as possible.

Thursday, January 12, 2012

India Must Stress Upon International Cyber Law Treaty

United States (US) has been working in the direction of making laws that are primarily targeted towards foreign websites. This means that foreign websites that are indulging in unethical behaviours like cyber crimes, intellectual property rights (IPRs) violations, etc can be forced to be taken down or blocked in US by US government.

While this is a policy decision of US that has been widely criticised yet very few have raised points regarding violations of IPRs by US companies of foreign nationals. For instance, if an Indian has to inform a US website of copyright violation, he has to essentially follow the provisions of Digital Millennium Copyright Act (DMCA) 1998. In fact, even those US websites that are themselves not following DMCA and are not entitled to “safe harbour” provisions are insisting upon DMCA notices.

Clearly, US policy towards IP violations of foreign nationals needs to be revised. On the contrary laws like Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act of 2011 (PIPA) and the "Stop Online Piracy Act (SOPA) has also been proposed. They target foreign nationals and websites with almost no additional liabilities for US websites and citizens. Clearly, US websites and companies are forcing US and other nations to enact laws like SOPA and PIPA by not taking down IPRs violating materials.

If the attitude of US websites and companies is not changed other countries may also consider enacting draconian laws like SOPA and PIPA. In the absence of reciprocal arrangement between US and India, the least India can do to prevent cyber crimes against and IPRs violation of Indian citizens is to block websites that engage in such activities. This is more so for those websites and Internet intermediaries that deliberately ignore compliances of Indian laws.

While laws like SOPA and PIPA are targeting foreign websites including Indian websites yet the foreign websites, including US websites, are not complying with Indian cyber law and copyright law. The Indian Copyright Act, 1957 and Indian Information technology Act, 2000 prescribes various civil, criminal and administrative penalties that are presently not implantable against such foreign websites. India must seriously discuss this issue with US as this also amounts to non compliance of the provisions of Trade-Related Aspects of Intellectual Property Rights Agreement (TRIPS Agreement).

The real problem in this regard seems to be that there is no International cyber law treaty that is universally followed. Different countries have different cyber laws and this result in confusion and non enforcement. Even there is no international cyber security treaty that can be followed globally. International cyber law treaty and Indian role cannot be underestimated in this regard.

India must stress upon formulation of an international cyber law treaty to safeguard the interests of its own citizens as countries like US are doing in the absence of mutual cooperation.

Wednesday, January 11, 2012

Electronic Authentication Policy Of India

Electronic authentication (e-authentication) is a very useful service provided it is safe, secure and reliable. Similarly, e-authentication must also be supported by a sound legal framework that governs its uses and abuses.

We have no e-authentication policy in India. Even we have no legal framework for e-authentication in India. Although some efforts in this regard were made through the Aadhar project of India yet the very constitution and functioning of Aadhar project is unconstitutional. For some strange reasons, the unique identification authority of India (UIDAI), which is managing the Aadhar project, thinks that it is above constitution of India. This attitude of Aadhar and UIDAI has brought it to a stage where it is about to be scrapped.

So as on date we have no legal framework for e-authentication in India, no authority that can deal with e-authentication in India and no policy framework for e-authentication in India that has been implemented at the national level. If this is not enough, we have no encryption usage policy of India that can ensure cyber security of e-authentication in India.

If both cyber security in India and use of encryption in India are missing, the credibility of any e-authentication system is in great doubt. Possibility of data breaches and cyber attacks cannot be ruled out. Securing of critical national infrastructure of India from cyber attacks has still not achieved and introducing an e-authentication system without robust cyber security is not a wise move.

The cyber security trends in India 2011 by Perry4Law Techno Legal Base (PTLB) indicate that cyber security in India is still ignored by various stakeholders. Whether it is banks or strategic computers of Indian government, all of them have proved to be vulnerable to cyber attacks.

E-authentication is also useful for providing mobile banking services in India. Cyber security of Internet banking in India is still poor and e-banking risks in India are abundant. Mobile banking cyber security in India is still to be established before it can be explored in India.

E-authentication cannot succeed in India till we take care of various techno legal policy issues. Without removing various obstacle of e-authentication, using the same in India would create more problem than solutions providing.

Sunday, January 8, 2012

Mobile Banking Cyber Security In India

Mobile Banking is the buzz word these days. While the idea of mobile banking is promising yet it requires certain prerequisites to be successful in India. The chief among these requirements is the requirement to have a robust cyber security for mobile banking in India.

Cyber security in India in general and cyber security for online banking transactions in particular is not in good shape. The Cyber security trends in India 2011 also reflected this position. Mobile banking in India is still not popular due to various factors. For instance, e-banking in India is not safe, Internet banking cyber security in India is missing and online banking in India is not safe. In these circumstances, mobile banking in India is risky due to absence of mobile cyber security in India.

Even the Reserve Bank of India (RBI) is aware of this situation. RBI constituted a working group on information security to ensure cyber security among Indian banks. As per RBI’s recommendations, all banks should create a position of chief information officers (CIOs) as well as steering committees on information security at the board level at the earliest.

However, banks of India have shown no willingness to incorporate cyber security into their day to day functions. Till now the directions of RBI to appoint CIOs and steering committee has not been followed by banks of India. The recommendations of the RBI have still not been implemented.

Naturally, Indian banks are poor at developing cyber security policies and implementing the same. Banks of India are also not providing positive confirmation to the originator of NEFT transactions. When basic level aspects are missing, incorporating cyber security in the day to day transactions of banks in India is really difficult. In these circumstances, the decision of RBI to remove financial limits from mobile banking transaction in India can be a trouble than facility. Hopefully, the proposed integrated banking law of India would address all these issues.

However, Indian banks cannot afford to ignore one aspect. The cyber law in India has prescribed cyber law due diligence for various stakeholders. Cyber due diligence for banks in India is just a part of the same. Cyber due diligence for Indian companies including banks operating in India is very stringent. If these due diligence requirements are not followed by Indian banks, civil, criminal and financial penalties can occur.

Cyber security for banking and financial sectors of India is urgently required as they perform very crucial functions. RBI must ensure the same by getting its directions strictly enforced as soon as possible.