Showing posts with label CYBER LAW IN INDIA. Show all posts
Showing posts with label CYBER LAW IN INDIA. Show all posts

Monday, January 2, 2012

Electronic Legal Due Diligence In India

Legal due diligence in India is not a new concept. Legal due diligence involves assessing the suitability, efficiency and viability of a company or organisation. Legal due diligence may be required to meet statutory and regulatory requirements or it may be necessary when a company wishes to invest in another company.

A contemporary form of legal due diligence, especially for companies and individuals engaged in information and communication technology (ICT) related services, is known as cyber due diligence. Cyber law due diligence in India has become mandatory due to the stringent nature of cyber law of India. In fact, cyber due diligence for companies in India and cyber due diligence for banks in India has already been prescribed. Similarly, cyber security due diligence in India is also becoming a must to have requirement.

Securities and Exchange Board of India (SEBI) is planning to use electronic initial public offer (IPO) in India. Foreign investments in pharmaceutical in India has been liberalised by Reserve Bank of India. Similarly, foreign direct investment (FDI) in India has also been liberalised in many crucial areas. Naturally, lots of investments, IPOs, private equity funds exchange and many more collaborative and cooperative activities would take place in India in the year 2012.

These developments would also make legal due diligence necessary. However, the traditional legal due diligence procedure relies heavily upon paper based documents and transaction. A better option is to engage in electronic legal due diligence in India (e-legal due diligence in India). The e-legal due diligence in India is cost effective, timely and efficient. It also can provide the best possible results for legal due diligence purposes.

Even legal frameworks are in the process of being established to accommodate these contemporary changes. For instance, the electronic delivery of services bill 2011 (EDS Bill 2011) has been proposed by Indian government that would make electronic delivery of services in India an acceptable norm.

Similarly, existing legal frameworks also facilitates digital preservation in India, e-governance, e-commerce, etc that would also require e-legal due diligence in India. The public records keeping framework of India requires keeping of public records that very few organisations in India are doing. Of course, public records keeping framework of RBI is an exception in this regard. Public records are also required to be maintained by the information technology act 2000 and right to information act 2005 of India.

All these requirements of public records keeping and e-legal due diligence in India can be managed by establishing virtual data rooms (VDRs). Many leading companies are already using VDRs to ensure legal due diligence in a smooth and efficient manner. With VDRs thousands of pages of content can be made available in just 24hrs or less. VDRs provide a secure and highly efficient method for sharing critical business information for electronic due diligence in merger and acquisition (M&A) advisory, IPO and secondary offerings, asset purchases, venture capital due diligence, bio tech licensing, commercial and corporate real estate ventures, financial restructuring, preparing for exit strategies, and many other transactions that require large amounts of document sharing.

Further, e-legal due diligence in India would also ensure that electronic discovery (e-discovery) requirements in India are duly met whenever needed. E-discovery services in India would be required in near future in India and e-legal due diligence can greatly facilitate the same. Individuals and companies must start exploring using e-legal due diligence as soon as possible for greater benefits of their own.

Sunday, January 1, 2012

Cyber Law Of India Should Be Reformed

Technological issues when collaborated with legal framework bring complex situations. It is very difficult to provide a legal framework for technological issues. India is also trying to grapple with this problem. Although cyber law in India has been enacted in the form of information technology act 2000 (IT Act 2000) yet it has remained archaic and non performer. The cyber law trends in India 2011 proved this point.

Cyber law of India needs to be rejuvenated. The emphasis must be to develop and protect Indian cyberspace rather than considering as a threat to be tackled through Internet censorship, websites blocking, e-surveillance, phone tapping and similar anti civil liberties protection in cyberspace.

Similarly stress should be given to cyber security of India through cyber security due diligence and mandatory obligations. The cyber security trends in India 2011 have proved that various stakeholders in India are not paying enough attention to cyber security. This is more so regarding banks in India that are not following the cyber security guidelines of Reserve Bank of India (RBI).

Perry4Law and Perry4Law Techno Legal Base (PTLB) believe that a major reason for poor performance on Indian cyber law and cyber security is that we have mixed all the aspects in a single law. For instance, although IT Act 2000 covers issues like cyber law, cyber security, cyber forensics, encryption, e-governance, e-commerce, cyber terrorism, etc yet the same are covered by a single section or more. This way none of them are individually effective.

We must have a separate and dedicated law for each of these issues that seem to have been dumped into a single law making it ineffective and useless for those issues. Further, the information technology amendment act 2008 (IT Act 2008 amendments) have further complicated the issue. By making almost all the cyber crimes “bailable”, Indian government has created a big nuisance for itself.

Perry4Law and PTLB hope that the year 2012 would bring major relief in this regard. Law making is a lengthy and tedious process and the sooner it is started the better it would be for the larger interest of India.

Friday, December 23, 2011

Cyber Due Diligence For Indian Companies

Cyber due diligence in India has finally arrived in India. The information technology act, 2000 (IT Act 2000) is the sole cyber law of India. IT Act 2000 prescribes cyber due diligence requirements on the part of various stakeholders like banks, companies, individuals, Internet intermediaries, e-commerce sites, etc.

However, till now cyber due diligence in India has not been taken seriously. This is so because cyber law awareness is not very good among various stakeholders. Similarly, civil and criminal prosecutions for lack of cyber due diligence in India is a rare phenomenon. Since ignorance of law if no excuse, in future cases for lack of cyber due diligence would increase in India.

IT and cyber frauds in Indian companies is increasing these days. However, a majority of Indian companies are not performing cyber due diligence in India. The companies in India are required to follow cyber law due diligence in India and cyber security due diligence in India. In the absence of proper due diligence these companies may find themselves in trouble.

Social media laws in India and social networking laws in India would bring their own share of cyber due diligence. Cyber law on social media and networking sites in India is pretty stringent and employees of a company may violate the same intentionally or unintentionally. Internet intermediary law in India and cyber due diligence cannot be taken lightly in India anymore.

Another sector that is urgently demanding cyber due diligence is banking industry of India. Cyber due diligence for banks in India is long due. Banks and companies in India are facing growing threats from malware attacks, phishing attacks, ATM frauds, online banking threats, trading fraud, etc. If a bank cannot show that it performed cyber due diligence and such cyber frauds and cyber crimes occurred without its negligence, it may be required to bear the financial loss. Presently Indian banks are not complying with cyber law due diligence requirements in India.

Finally, the scope and use of e-discovery in India is also increasing. Whether it is a corporate investigation, civil suit or criminal proceedings, e-discovery is playing a decisive role world over. Further, e-discovery laws and practices in India are developing as well. Even e-discovery related litigation, LPO and KPO services in India are growing.

Perry4Law and Perry4Law Techno Legal Base (PTLB) strongly recommend that cyber due diligence training in India needs to be developed so that cyber due diligence compliances by various stakeholders is possible. This training should be a regular and integral part of the corporate strategy of each company. There is no escape from cyber due diligence in India and companies must accept this reality as soon as possible.

Tuesday, December 6, 2011

Internet Censorship In India

Internet in India is under potential threat of censorship and e-surveillance. Internet censorship in India has increased a lot. Similarly, e-surveillance in India has also increased to intolerable limits.

India has a draconian but cyber criminals’ friendly cyber law in the form of information technology act, 2000 (IT Act 2000). It was amended in 2008 to confer unregulated e-surveillance, Internet censorship and website blocking powers to Indian government and its agencies. The present cyber law of India is an unconstitutional one in the absence of procedural safeguards that can prevent these abusive draconian powers under the IT Act 2000. It requires an urgent repeal.

On top of it we have the proposed central monitoring system (CMS) project of India that has been proposed without any parliamentary oversight. Further, stress upon Internet kill switch is also given by India without realising that Internet kill switch is not a solution to cyber threats. Anti Internet kill switch measures are needed to prevent Indian government from taking recourse of any such unconstitutional and draconian action.

Website blocking and Internet censorship should be resisted as far as possible in India. This fight should be techno legal in nature where both technical and legal measures must be adopted to thwart surveillance and censorship activities of Indian government and its agencies. Proactive self defence in cyberspace is needed not only against alien enemies but also against our own Orwellian government.

Self defence in cyberspace is a concept whose time has come at both national and international level. At the national level of India self defence is required not only against cyber criminals but also against our own over zealous and e-surveillance oriented Indian government. Suggestions have been given in the past that United Nations (UN) must protect human rights in cyberspace as well. However, UN is not serious about protecting human rights in cyberspace.

At the national level, Indian government acquired itself unregulated, illegal and unconstitutional e-surveillance, Internet censorship and website blocking powers with no procedural safeguards. The information technology act, 2000 (IT Act 2000) was amended through the information technology amendment act 2008 (IT Act 2008) and this amendment gave unconstitutional and illegal powers to Indian government and its agencies. With the notification of the IT Act, 2008, the journey from welfare state to a police state was completed for India.

Instances of website blocking in India and Internet censorship in India have increased a lot. What is more worrisome is the fact that e-surveillance and Internet censorship in India have increased without any lawful interception law in India. Lawful interception law in India is missing and phone tapping in India is done in an unconstitutional manner.

Of all e-surveillance project, nothing is worst than the Aadhar project of India and its implementing unique identification authority of India (UIDAI) headed by Nandan Nilekani. Irrespective of what Nandan Nilekani and Indian government says, Aadhar project and UIDAI are serving a very vicious, evil and nefarious objective of e-surveillance without procedural safeguards. Surprisingly, even Google is censoring results pertaining to Aadhar project and UIDAI and is messing up with search placement results.

Now Internet intermediaries in India have been asked to pre screen contents before they are posted on their platforms by the account holders. India wants companies like Google and Facebook to censor users’ contents. In fact, Goggle web censorship has greatly increased in the past. Perhaps somebody at Google was already doing the pre screening of some web contents in India, with or without knowledge of Google.

Google has been in controversies from time to time. Whether it is illegal data gathering, censorship of Google news searches, manipulation of search results, etc, Google has been doing it all. In fact, it seems Google was actively helping Indian government and its agencies for messing up with Aadhar project, UIDAI, World Bank or any other similar post that questions the wrong practices of Indian government. During that period Google continued its censorship drive in India and many posts failed to appear in news, blogs and search segments.

What Internet intermediaries are facing now is a direct result of their succumbing to Indian government pressure and unconstitutional laws like IT Act 2008. They should have challenged the constitutional validity of IT Act 2008 that is the root cause of all these troubles. Fortunately Yahoo took Indian government to court over e-surveillance and more such litigations are expected in the near future. Let us see how cyber law of India would develop in this regard.

Friday, November 25, 2011

Yahoo Took Indian Government To Court Over E-Surveillance

E-surveillance in India has become a big nuisance for intermediaries like internet service providers (ISPs), e-commerce sites, search engines, e-mail providers, etc. The liability of Internet intermediaries for copyright violations is also well known that has further increased the troubles of intermediaries in India.

Intermediaries liability for cyber law due diligence in India has become very stringent after the information technology amendment act 2008 has been notified. Information technology act 2000 (IT Act 2000) now carries many e-surveillance, websites blocking and Internet censorship provisions.

The problem is that there are “no procedural safeguards” subject to which these wide and sweeping powers can be exercised. This is also the reason why these provisions are unconstitutional and illegal as they are violating the provisions of Indian constitution.

However, in the larger interests of their commercial activites in India, these intermediaries not only accepted the draconian amendments in the cyber law of India but they are also complying with the legal as well as illegal orders of Indian government and its agencies. However, this approach would be counter productive for them in the long run and they must come forward against such laws and draconian provisions.

Yahoo has taken a very significant step in this regard. Yahoo has approached the Delhi High Court against the Union home ministry's attempts to obtain information about nearly a dozen Yahoo IDs/IP addresses it suspects are used by Islamic terrorists and Maoists.

Yahoo has challenged the legality of the government's decision to penalise it by slapping it with a fine of Rs 11 lakh because Yahoo refused to share profile details of the users of these email ID's that are under the scanner of the agencies. Recently, the HC stayed the imposition of the fine, and sought a response from the Centre.

In its petition, Yahoo has raised questions on the right to privacy of a company that stores such sensitive data and to what extent authorities can coerce it to part with the information considered necessary to either track terror perpetrators or thwart future attacks. "The government cannot under the cloak of national security implications bypass legal procedures," the petitioner has argued, claiming the section and clauses invoked by the Union ministry to demand information from Yahoo doesn't empower the government to do so.

Yahoo has taken a bold step that even companies like Google have not been able to do so. The matter is pending before the Delhi high court that has a good chance to bring some order in the otherwise chaosed e-surveillance world of India. The issue of phone tapping and privacy violations in India is also pending before the Supreme Court of India.

The matter must also be looked from another angle. Human rights protections in cyberspace in India are not safeguarded at all. Even at the international level United Nations has not shown much interest in protecting civil liberties in cyberspace. The data privacy laws in India are also missing. In short, there is complete negation of human rights in cyberspace in the Indian context.

Yahoo’s case may bring to the knowledge of Indian courts this situation and we may expect some respect for the constitutional rights and freedoms that are seldom respected in India these days.

Sunday, April 4, 2010

Techno-Legal Online Cyber Security Research, Training And Educational Centre of India

Cyber security management is a tough task especially if it is techno-legal in nature. In that case one has to manage not only the technical aspects but also the legal aspects. Perry4Law is the leading Techno-legal ICT law firm of World. It has many techno-legal segments like Perry4Law Techno-Legal Base (PTLB), Perry4Law Techno-Legal ICT Training Centre (PTLITC), etc. Perry4Law is also running various online techno-legal research, training and educational centre in India. Techno-Legal Cyber Security Research, Training and Educational Centre is one of them.

Cyber security in India is not in a good shape. India is on the verge of a technology revolution and the driving force behind the same is the acceptance and adoption of Information and Communication Technology (ICT) and its benefits. This technology revolution may, however, fail to bring the desired and much needed result if we do not adopt a sound and country oriented e-governance policy. A sound e-governance policy presupposes the existence of a sound and secure e-governance base as well. The security and safety of various ICT platforms and projects in India must be considered on a priority basis before any e-governance base is made fully functional. This presupposes the adoption and use of security measures more particularly empowering judiciary and law enforcement manpower with the knowledge and use of cyber forensics and digital evidencing, says India’s leading techno-legal expert Praveen Dalal.

India cannot achieve a good cyber security till it takes care of both technical as well as legal aspects of cyber security. There is no doubt about the proposition that Indian Parliament is not technology sound and we need to empower it through ICT. At the same time we must also train the governmental officials holding key positions in crucial ministries and departments about basic technology, cyber law and cyber security. These individuals must be trained suitably so that cyber security of crucial systems may not be compromised.

Cyber security is very important to protect businesses, governments and general public at large. The same must be a part of the national policy of a nation. Another crucial aspect related to a secure and strong cyber security in India pertains to critical ICT infrastructure protection in India. Critical infrastructure is becoming increasingly dependent upon ICT these days. If we are unable to secure an ICT system we are also risking critical ICT infrastructure as well.

On the one hand India has a weak and criminal friendly cyber law whereas on the other hand it does not possess tech-savvy law enforcement machinery. Even lawyers and judges are not that much aware about the nitty-gritty of cyber laws. It is high time for India to take some serious steps towards not only making the cyber law of India stronger but also to streamline cyber security of India.



Sunday, January 17, 2010

Cyber Laws All Over The World Are Becoming Unreasonable And Oppressive

Cyber Laws all over the World are intentionally designed to violate civil rights like privacy, speech and expression, etc. They are also intentionally formulated to facilitate “Internet Censorship” and “E-Surveillance” beyond the legitimate limits of “National Security”. This approach is more dangerous and is detrimental to the national security in the long run.

The Google’s episode regarding China’s censorship shows the growing hunger of various nations for Internet censorship and e-surveillance. India is no different from China when it comes to “Internet Censorship” and “E-Surveillance”, though the extent and degree may be somewhat lesser. The Information Technology Act 2000 (IT Act 2000) is the sole cyber law of India that was amended by the Information Technology Act 2008 (IT Act 2008). From here starts the real problem.

According to Praveen Dalal, Managing Partner of Perry4Law and the leading Techno-Legal Expert of India, “The IT Act 2008 made India a “Safe Heaven” for cyber criminals on the one hand and an “Endemic E-Surveillance Society” and “Internet Censorship State” on the other hand. It seems the main aim of the proposed IT Act 2008 was to strengthen the “Internet Censorship” and “E-Surveillance Capabilities” of India.

With the passage of IT Act 2008 India has now officially become an endemic e-surveillance society. The amendments have provided unregulated, unconstitutional and arbitrary e-surveillance and Internet censorship powers to Government of India and its agencies and instrumentalities, says Praveen Dalal. The fact is that India has become an E-Police State, states the ICT Trends of India 2009.

Surprisingly, Minister of State for Communication Sachin Pilot believes that Indian cyber law is strong enough to meet the challenges posed by technology-assisted terrorism and cyber-terrorism. It seems he has not gone through the present IT Act 2000 after its 2008 amendments.

Some observers in India have rejoiced the exit of Google from China believing that it may be a good opportunity for India. However, they fail to understand the “ground reality” that India is no different from China when it comes to Internet Censorship and E-Surveillance. If India does not abdicate its alliance to Internet censorship and e-surveillance similar incidence may happen in India as well.


Thursday, February 7, 2008


In recent years, the frequency and sophistication of cyber security attacks on global Critical Information and Communication Technology (ICT) Infrastructure (Critical ICT Infrastructure) has greatly increased. Cyber-security experts have been warning of the vulnerability of Critical Infrastructure like Power, Energy, Transportation, Water Systems, etc to malicious hackers. Recently hackers have penetrated power systems in several regions outside the U.S. and in one case caused a power blackout affecting multiple cities. This shows the importance of a “Robust Cyber Security Mechanism” for Critical ICT Infrastructure. The Cyber Security Trends in India are not very encouraging.[1] To worsen the situation we have a weak Cyber Law in India.[2] Critical Infrastructure Protection in India must be taken seriously in the larger interest of Indian Citizens/Persons. Crisis and Risk Management by improving security systems integration, interconnectivity and interoperability would help India a lot.[3] The Power and Energy Sector of India must also take the cyber security risks seriously as their ignorance may bring disastrous results. The Government of India has still not shown its “E-Readiness” to accept this reality despite the suggestions and recommendations of Perry4Law and PTLB TM/SM in this regard. India also performed poorly as per the norms and standards of “UN E-Government Survey-2008”. This work is also an appeal to the Government of India to take “Cyber Security Seriously” in India. Cyber Security is witnessing many important phases and trends. From the perspective of mere “fun game” cyber crimes and contraventions have emerged as “professional activities” and have been transformed into a “profession” itself. No country of the world is safe from various cyber crimes and contraventions and all are struggling hard to tackle them. But the fact remains that law and its enforcement are lagging far behind than the standards and practices needed to effectively curb them. The Cyber Security in India is missing and we have a weak Cyber Law in India. We have to develop technologies and capabilities to protect Indian Citizens/Persons in areas such as transport, civil protection, energy, environment, health, etc. Additionally we have to increase the Security of infrastructures and utilities supporting areas such as ICT, transport, energy and services in the financial and administrative domain, etc. Critical Infrastructure Protection in India must be taken seriously in the larger interest of Indian Citizens/Persons. Crisis Management by improving security systems integration, interconnectivity and interoperability would help people of India a lot. The first step towards establishment of a safe and secure cyber space is enactment of a stringent cyber law. The cyber security initiatives are of no use in the absence of a strong, safe and effective law. Similarly, a strong law unsupported by ICT Security and Cyber Security would be impotent in effect. Thus, we need a “Good Combination” of cyber law and cyber security initiatives. Cyber Law in India is witnessing ups and downs of important dimensions. The journey from its origin to its development is not very smooth and conducive for the ICT oriented Indian society. Perry4Law and PTLB TM/SM have been raising these issues from considerable period of time. Though most of the recommendations given by them have been accepted by the Government of India, yet India has to cover a long distance. India must concentrate upon:

(a) Technology building blocks for creating, monitoring and managing secure, resilient and always available information infrastructures that link critical infrastructures,

(b) Risk assessment and contingency planning for interconnected transport or energy networks,

(c) Modelling and simulation for training of concerned officials and manpower,

(d) Optimised situational awareness through intelligent surveillance of interconnected transport or energy infrastructures,

(e) ICT support meeting crises occurring in critical infrastructures,

(f) Security issues with regard to the interaction of individuals with the digital world, etc.
In today’s electronic era, citizens and businesses expect and demand access to reliable, transparent and uninterrupted e-government services. The State must address the challenges associated with protecting confidential information on its systems while providing these groups with the required information. A reliable and uninterrupted e-governance base requires periodic vulnerability assessments. Perry4Law and PTLB TM/SM believe that if commercial and government organisations reevaluate their security, safety, and financial obligations to customers, shareholders, employees, and citizens, the importance of a properly implemented security vulnerability assessment is apparent. The duty of the State in this regard is not only absolute but is also unavoidable unless we ignore the important lesson that Estonia has learnt recently. Let us hope for the best in this regard in the Indian context.

© Praveen Dalal. All rights reserved with the author.
*Techno-Legal ICT, IPR and Cyber Security Specialist at
Managing Partner-Perry4Law (First Techno-Legal and ICT Law Firm, New Delhi, India).
LL.M, Ph.D (Cyber Forensics in India: A Techno-Legal Perspective).
Contact at: ,

[1] Praveen Dalal, “ Cyber Security Trends by PTLB”,

[2] Praveen Dalal, “ Cyber Security Trends by PTLB: Cyber Law in India”,

[3] Praveen Dalal, “ Cyber Security Trends by PTLB: Cyber Terrorism and Risk Management”,