Friday, November 25, 2011

Yahoo Took Indian Government To Court Over E-Surveillance

E-surveillance in India has become a big nuisance for intermediaries like internet service providers (ISPs), e-commerce sites, search engines, e-mail providers, etc. The liability of Internet intermediaries for copyright violations is also well known that has further increased the troubles of intermediaries in India.

Intermediaries liability for cyber law due diligence in India has become very stringent after the information technology amendment act 2008 has been notified. Information technology act 2000 (IT Act 2000) now carries many e-surveillance, websites blocking and Internet censorship provisions.

The problem is that there are “no procedural safeguards” subject to which these wide and sweeping powers can be exercised. This is also the reason why these provisions are unconstitutional and illegal as they are violating the provisions of Indian constitution.

However, in the larger interests of their commercial activites in India, these intermediaries not only accepted the draconian amendments in the cyber law of India but they are also complying with the legal as well as illegal orders of Indian government and its agencies. However, this approach would be counter productive for them in the long run and they must come forward against such laws and draconian provisions.

Yahoo has taken a very significant step in this regard. Yahoo has approached the Delhi High Court against the Union home ministry's attempts to obtain information about nearly a dozen Yahoo IDs/IP addresses it suspects are used by Islamic terrorists and Maoists.

Yahoo has challenged the legality of the government's decision to penalise it by slapping it with a fine of Rs 11 lakh because Yahoo refused to share profile details of the users of these email ID's that are under the scanner of the agencies. Recently, the HC stayed the imposition of the fine, and sought a response from the Centre.

In its petition, Yahoo has raised questions on the right to privacy of a company that stores such sensitive data and to what extent authorities can coerce it to part with the information considered necessary to either track terror perpetrators or thwart future attacks. "The government cannot under the cloak of national security implications bypass legal procedures," the petitioner has argued, claiming the section and clauses invoked by the Union ministry to demand information from Yahoo doesn't empower the government to do so.

Yahoo has taken a bold step that even companies like Google have not been able to do so. The matter is pending before the Delhi high court that has a good chance to bring some order in the otherwise chaosed e-surveillance world of India. The issue of phone tapping and privacy violations in India is also pending before the Supreme Court of India.

The matter must also be looked from another angle. Human rights protections in cyberspace in India are not safeguarded at all. Even at the international level United Nations has not shown much interest in protecting civil liberties in cyberspace. The data privacy laws in India are also missing. In short, there is complete negation of human rights in cyberspace in the Indian context.

Yahoo’s case may bring to the knowledge of Indian courts this situation and we may expect some respect for the constitutional rights and freedoms that are seldom respected in India these days.

Wednesday, November 23, 2011

Data Privacy Laws In India

Privacy rights and data protection are essential for protecting civil liberties and commercial interests. We do not have a dedicated privacy law in India as well as data protection law in India. There is no second opinion that privacy laws in India and data protection law in India is needed.

Privacy rights and laws in India have been ignored for long. Privacy rights in India in the information era are seldom respected in India. Although right to privacy bill of India 2011 has been suggested many times in the year 2011 yet till now we do not have any conclusive draft in this regard that can be introduced in that parliament of India. In fact, we are still waiting for a public disclosure of final and conclusive proposed draft right to privacy bill 2011 of India that can be discussed in the parliament.

Fortunately, the issue of phone tapping and violation of privacy rights as a result of the same is pending before the Supreme Court of India. The unconstitutional phone tapping in India is wide prevalent and the Supreme Court of India must also address this issue.

The Supreme Court of India must expand privacy rights in India as that is the need of hour. Fortunately, the issue is already pending before it and there would not be much trouble in formulating a privacy framework for India.

However, the real solution can come from the parliament of India alone. The parliament of India must pass strong and effective privacy and data protection laws for India. Even there is a need to revisit the telephone tapping legal framework of India.

At the executive level, Indian government must formulate the national privacy policy of India that must address all these issues. Unfortunately, Indian government is deliberately avoiding these crucial issues on one pretext or other. In the larger interest of India and as a direct obligation under the constitution of India, executive, legislature and judiciary must protect the fundamental rights and civil liberties of Indian citizens.

Monday, November 21, 2011

Are Indian Satellites Safe From Cyber Attacks?

Cyber attacks and cyber espionage by one nation against another are very common these days. Though nations are attacking one another through cyber intrusions yet none of them come forward to accept the same. Whether we like it or not but cyber attacks and cyber espionage would continue to be used by various nations against each other.

This process is a part of traditional strategic information gathering by defence forces, intelligence agencies, etc. For instance, the systems and techniques capable of destroying an adversary’s satellites have been a major focus of arm race in outer space. With the active use of Internet, the same process has taken a shape of cyber espionage and cyber attacks.

Naturally, we must focus upon a robust and effective cyber security in India. For instance, Indian preventive and offensive capabilities against cyber warfare must be developed to ward off growing incidences of cyber espionage and cyber attacks against India.

Indian critical infrastructure if frequently targeted by cyber attacks. Malware like Stuxnet and Duqu are increasingly found in the computers managing the critical infrastructure of India. In fact some believe that Stuxnet was also responsible for the destruction of an Indian broadcasting satellite. Cyber security of Indian satellites is a natural choice in these circumstances.

The Indian government must deliberate upon cyber threats like cyber espionage and cyber warfare that are increasingly targeting strategic computers and facilities. With growing interest in cyber security, this may be achieved within few years in India.

Sunday, November 20, 2011

Indian Legal Workforce Needs To Be Skill Driven

Practical training and skills are two of the most important attributes of a successful and highly paying career. These attributes are also the most commonly absent essentials of various educational courses. As a natural result, almost 75% of the educated masses are either unemployable or simply not suitable for the relevant jobs.

Even Indian companies are facing shortage of skilled workforce to manage their day to day functions. In the information technology field, there is an urgent need of cyber skilled workforce in India. Further, technical education and skill development in India need to be considered on a top priority basis.

As far as legal field is concerned, the situation is not very different. For instance, the legal research in India is not qualitative and plagiarism is rampant in Indian legal research community.

Although legal process outsourcing (LPO) in India is flourishing yet there are very few e-discovery related LPO and KPO firms in India. In future e-discovery related LPO and KPO services in India would increase considerably. However, the skilled workforce needed to execute such high end and domain specific work is missing.

PTLB online skills development initiative is trying to bridge all these gaps so that a skilled legal workforce can meet all the future employment related challenges in India. Interested stakeholders, students and professional from around the globe can enroll for these courses, training, education and skills development programs of PTLB.

Friday, November 18, 2011

National Cyber Security Policy of India Is Needed

Cyber security policy and strategy is an important aspect of national security. Till now we have no national security policy of India. There is no second opinion about the fact that national security policy of India is required and the sooner it is drafted and implemented the better it would be for India.

In fact, national security of India is affected by turf war that is putting the entire national security at risk. For instance, Indian nuclear facilities may not be cyber secure. Indian websites are occasionally defaced.

Crucial computers at strategic government departments and defense forces are frequently compromised. The servers of national informatics centre (NIC) of India were recently hacked. This puts the entire governmental web infrastructure at risk.

A sound national security policy must have many essential and important aspects incorporated into it. One such essential component is cyber security policy and strategy of India. Till now we have no implementable national cyber security policy of India.

India’s national cyber security policy must be suitable formulated and immediately implemented. Further, Indian counter terrorism capabilities needs rejuvenation to deal with traditional terrorism and cyber terrorism. Indian banks are also not very good at cyber security and they are not willing to upgrade their cyber security despite the mandatory recommendations by Reserve Bank of India (RBI).

At the international level efforts have been streamlined to strengthen cyber security and global cyber security cooperation. Recently NATO requested cyber security cooperation from India.

Even at the individual level countries are strengthening their offensive and defensive cyber capabilities. In United States, the DARPA is developing offensive and preventive cyber capabilities. Indian defense and security against cyber warfare must also be developed.

It is high time for India to develop cyber offensive and defensive capabilities so that it can manage cyber threats like cyber terrorism, cyber warfare, cyber espionage, etc in a timely and effective manner.

Thursday, November 17, 2011

Indian Defense And Security Against Cyber Warfare

Of late, India is increasingly targeted for cyber espionage, cyber warfare, cyber terrorism and many similar cyber attacks. Indian response to the same remained lukewarm. Obviously the news of sophisticated Malware targeting Indian critical infrastructure is no big surprise.

For instance, some claim that Stuxnet Malware was responsible for the destruction of an Indian broadcasting satellite. Similarly the Duqu Malware used the command and control servers located in India. The latest being that the servers of National Informatics Centre (NIC) of India were compromised and used for launching cyber attacks upon other nations.

In this background India must analyse its cyber skills and capabilities. Is India ready for cyber warfare, cyber terrorism, cyber espionage, cyber attacks, etc? We have still not formulated any cyber warfare policy of India. In fact, cyber security in India is an ignored world. Even there is no cyberspace crisis management plan of India that is actually implemented at the national level.

At the legal framework level as well India is lagging far behind. We have no dedicated legal framework for cyber security in India. Even the cyber law of India needs many suitable amendments as it has become outdated.

These issues require political will to resolve and presently that seems to be missing. Although Kapil Sibal is doing a great job yet he seems to be overburdened with many responsibilities. This is resulted in sidelining of cyber law and cyber security issues.

Now Kapil Sibal has given positive hints about these issues, things may change in the near future. But till then Indian cyberspace is vulnerable to all sorts of cyber attacks.

India is not at all ready to tackle cyber warfare, cyber terrorism, cyber espionage, etc with the present framework of mind and cyber capabilities. Indian defense and security against cyber warfare is missing and the same needs to be strengthened as soon as possible.

Tuesday, October 18, 2011

Virtual Campuses Can Eliminate Corruption In Higher Education Of India

All of you must remember Jaspal Bhatti’s flop show and the episode pertaining to PhD. The episode explained how PhD researchers in India are exploited by their supervisors in cash and kind. That was a classical comedy that portrayed the corrupt higher educational system of India.

Years have passed but the bitter truth still prevails in India. Although HRD minister Kapil Sibal is doing great to improve and strengthen the dying educational system of India yet PhDs in India are still facing the menace of corruption.

Recently, e-mails were also sent to both Kapil Sibal and Salman Khurshid to bring to their notice the deteriorating conditions of higher legal education in India. The truth is that higher legal education in India needs urgent reforms.

Higher education in India is suffering from many deficiencies and irregularities. These include lack of practical training, academic nature of education, absence of skills development, corruption, lack of research capabilities, etc.

Universities and colleges are engaging in all sorts of undesirable behaviours and practices and this is affecting the higher education and research oriented courses like PhDs. Indian government is also not very much enthusiastic in curing these deficiencies and eliminating the irregularities.

The lack of transparency and prevalent corruption is eating up the higher education system of India and it can be cured if we allow foreign educational institutions to open their centers in India. This way not only the monopoly of Indian colleges and institutions can be eliminated but better and qualitative education can be made available to Indian students.

Further, this would also force the Indian educational institutions and colleges to focus and stress upon quality rather than upon corrupt practices and exploitation. We need more virtual campuses as well so that Indian students can have qualitative education through e-learning and distance learning method.

At Perry4Law Techno Legal Base (PTLB) we are trying to bridge this qualitative gap in a corruption free environment through its Online Skills Development and Training platform. PTLB is managing the exclusive techno legal e-learning and virtual legal education campus of India and world wide. It also provides many other qualitative and highly specialised courses through its virtual campus that would remain a dream through traditional Indian educational institutions. We hope this initiative of ours would be beneficial for all the stakeholders.

Saturday, October 8, 2011

Privacy Laws In India

We have no dedicated privacy laws in India and data protection laws in India. Naturally, this is a troublesome and undesirable situation. The supreme court of India has interpreted Article 21 as empowering Indian citizens with right to privacy in India.

However, despite this constitutional protection, various governmental projects in India are opening ignoring Article 21 and are clearly violating the same. This is happening because we have no national privacy policy in India.

Further, we have no privacy laws in India as well. Although some privacy guidelines have been issued by one or two departments of Indian government yet they are far from satisfactory and cannot replace a well structured privacy law of India.

Privacy rights in the information era require a totally different outlook. In fact, privacy rights form an essential part of civil liberties protection in cyberspace that India is presently ignoring.

For instance, consider the projects like Aadhar, National Intelligence Grid (NATGRID), Crime and Criminal Tracking Network and Systems (CCTNS), National Counter Terrorism Centre (NCTC), Central Monitoring System (CMS), Centre for Communication Security Research and Monitoring (CCSRM), etc.

They must be supported by a techno legal framework and must be civil liberty complaint. Presently, none of them are governed by any Legal Framework and none of them are under Parliamentary Scrutiny. These projects are openly violating various human rights/civil liberties, including right to privacy.

It is high time to formulate privacy laws in India so that constitutional freedoms and rights are not considered to be just legal jargon we no actual implementation.

Thursday, October 6, 2011

Cyber Warfare Policy Of India

Cyber Warfare is a concept that is not clear yet. Some believe that there is nothing like Cyber Warfare as there is no involvement of traditional military actions. Others believe that Cyber Warfare is a reality of the present time and future wars would be fought in Cyberspace. Whatever the opinion may be but it is clear that Nations have to protect their Critical ICT Infrastructures and Strategic Computers from growing Cyber Attacks.

Cyber Warfare and Cyber Terrorism are issues that cannot be taken lightly by any Country. From these threats emerge the necessity of having a robust Cyber Security for Defense Forces in India. These issues are important as they strike at the very root of the Critical ICT Infrastructure Protection in India. However, India is not doing the needful in this regard. Cyber War Capabilities should be an Integral Part of Indian National Defense and Security.

India needs a sophisticated and robust Technological Command Centre to defend its global network of computer systems. It must develop both offensive and defensive capabilities under one roof. Strategic information and tactical inputs are essential part of modern warfare that can be lost or gained through Cyber War methods. There is no doubt that India needs good Cyber War Capabilities to meet the growing threats of Cyber Warfare.

Malware are posing significant threat to India yet there is no attention towards Cyber Security in India. For instance, we need Express Legal Provisions and Specified Policies to deal with issues like Denial of Service (DOS), Distributed Denial of Services (DDOS), Bots, Botnets, Trojans, Backdoors, Viruses and Worms, Sniffers, SQL Injections, Buffer Overflows Exploits, etc. Till now India has done nothing in this crucial direction and we are still waiting for the Cyber Security Policy and Strategy of India. Obviously, we have no Cyber Warfare Policy of India as well. Even the Cyber Law of India is weak and ineffective and deserves to be repealed.

The biggest hurdle before curbing Cyber Warfare Threats at the International level is Lack of Harmonisation in this regard. Till now we have no “Internationally Acceptable Definition” of Cyber Warfare. Further, we have no Universally Acceptable Cyber Crimes Treaty as well. There is also no International Cyber Security Treaty. India is not a part of any International Treaty or Conventions regarding Cyber Crimes, Cyber Security, etc.

We cannot have a Cyber Terrorism Policy in India till we have a Cyber Crimes Policy in India, Cyber Security Policy in India other similar Policies. Indian Government must urgently work in this crucial direction as it is the most urgent need of the hour.

Wednesday, October 5, 2011

Cyber Warfare Against India

Cyber warfare is a concept that is still haunting the international community. The situation is so serious that north atlantic treaty organisation (NATO) has sought stronger cooperation with India to counter growing cyber threats.

Cyber warfare is still a murky area as different countries deal with cyber attacks and cyber warfare attacks differently. While countries like US are considering it as an act of aggression on the footing of war yet other countries are taking divergent views. However, all countries are willing to use every possible cyber capabilities as preventive and curative cyber methods.

Till United Nations (UN) steps in and enacts “universally acceptable” international cyber law treaty and international cyber security treaty, this problem would remain murky and difficult to resolve. Further, nothing can benefit more than an international cyber security cooperation that is urgently required.

The incidences of cyber attacks, cyber terrorism, cyber espionage, cyber warfare, etc are increasing against India. However, in the absence of India’s national cyber security policy, cyber security in India is a neglected field. We must urgently develop cyber warfare capabilities in India to thwart growing cyber attacks against India. Further, we must also formulate a cyber warfare policy in India that is presently missing.

Cyber warfare is also the reason why we need to ensure critical infrastructure protection in India and critical ICT infrastructure protection in India. In fact the growing cyber attacks are affecting Indian critical infrastructure. Thus, cyber security capabilities through techno legal cyber security trainings in India must be strengthened. We must stress upon cyber security skills development in India.

The situation is equivalent to a wake up call and Indian government must take urgent steps to strengthen Indian cyber security. The sooner it is adopted the better it would be for a safe and secure cyberspace of India.