Friday, December 16, 2011

Social Media Laws In India

Social media laws in India are in limelight these days. Social media websites are very popular among technology savvy as well as ordinary Netizens. More and more Netizens are joining social platforms to share their opinions, views, data and details. However, social networking laws in India are not adequate and properly drafted.

Social media includes social networking sites, blogs, forums, wikis, etc. Social media is growingly seen as a medium to connect with millions of professionals, friends and like minded individuals and organisations.

India is also witnessing a growing revolution of information and communication technology (ICT) and social media usage. However, till now we have no social media policy in India. Even we do not have dedicated social networking laws in India that can take care of the misuses of social platforms.

However, the framework and guidelines for use of social media for government organisations has been recently suggested by department of information technology. Theses guidelines provide an Indian social media framework for governmental departments and organisations that employees of these organisations must follow.

Perry4Law and Perry4Law Techno Legal Base (PTLB) strongly recommend that Indian government must enact strong and effective social media laws, e-governance laws and e-commerce laws in India. These three fields are going to assume centre stage in the near future and their regulation by Indian government would be required.

Till now India has enacted a single technology law in the form of information technology act 2000 (IT Act 2000). It has tried to cover all the three issues but not with great success. This is so because these three fields are very vast and require a different treatment and separate law. Perry4Law and PTLB strongly recommend enacting suitable laws in this regard.

Tuesday, December 6, 2011

Internet Censorship In India

Internet in India is under potential threat of censorship and e-surveillance. Internet censorship in India has increased a lot. Similarly, e-surveillance in India has also increased to intolerable limits.

India has a draconian but cyber criminals’ friendly cyber law in the form of information technology act, 2000 (IT Act 2000). It was amended in 2008 to confer unregulated e-surveillance, Internet censorship and website blocking powers to Indian government and its agencies. The present cyber law of India is an unconstitutional one in the absence of procedural safeguards that can prevent these abusive draconian powers under the IT Act 2000. It requires an urgent repeal.

On top of it we have the proposed central monitoring system (CMS) project of India that has been proposed without any parliamentary oversight. Further, stress upon Internet kill switch is also given by India without realising that Internet kill switch is not a solution to cyber threats. Anti Internet kill switch measures are needed to prevent Indian government from taking recourse of any such unconstitutional and draconian action.

Website blocking and Internet censorship should be resisted as far as possible in India. This fight should be techno legal in nature where both technical and legal measures must be adopted to thwart surveillance and censorship activities of Indian government and its agencies. Proactive self defence in cyberspace is needed not only against alien enemies but also against our own Orwellian government.

Self defence in cyberspace is a concept whose time has come at both national and international level. At the national level of India self defence is required not only against cyber criminals but also against our own over zealous and e-surveillance oriented Indian government. Suggestions have been given in the past that United Nations (UN) must protect human rights in cyberspace as well. However, UN is not serious about protecting human rights in cyberspace.

At the national level, Indian government acquired itself unregulated, illegal and unconstitutional e-surveillance, Internet censorship and website blocking powers with no procedural safeguards. The information technology act, 2000 (IT Act 2000) was amended through the information technology amendment act 2008 (IT Act 2008) and this amendment gave unconstitutional and illegal powers to Indian government and its agencies. With the notification of the IT Act, 2008, the journey from welfare state to a police state was completed for India.

Instances of website blocking in India and Internet censorship in India have increased a lot. What is more worrisome is the fact that e-surveillance and Internet censorship in India have increased without any lawful interception law in India. Lawful interception law in India is missing and phone tapping in India is done in an unconstitutional manner.

Of all e-surveillance project, nothing is worst than the Aadhar project of India and its implementing unique identification authority of India (UIDAI) headed by Nandan Nilekani. Irrespective of what Nandan Nilekani and Indian government says, Aadhar project and UIDAI are serving a very vicious, evil and nefarious objective of e-surveillance without procedural safeguards. Surprisingly, even Google is censoring results pertaining to Aadhar project and UIDAI and is messing up with search placement results.

Now Internet intermediaries in India have been asked to pre screen contents before they are posted on their platforms by the account holders. India wants companies like Google and Facebook to censor users’ contents. In fact, Goggle web censorship has greatly increased in the past. Perhaps somebody at Google was already doing the pre screening of some web contents in India, with or without knowledge of Google.

Google has been in controversies from time to time. Whether it is illegal data gathering, censorship of Google news searches, manipulation of search results, etc, Google has been doing it all. In fact, it seems Google was actively helping Indian government and its agencies for messing up with Aadhar project, UIDAI, World Bank or any other similar post that questions the wrong practices of Indian government. During that period Google continued its censorship drive in India and many posts failed to appear in news, blogs and search segments.

What Internet intermediaries are facing now is a direct result of their succumbing to Indian government pressure and unconstitutional laws like IT Act 2008. They should have challenged the constitutional validity of IT Act 2008 that is the root cause of all these troubles. Fortunately Yahoo took Indian government to court over e-surveillance and more such litigations are expected in the near future. Let us see how cyber law of India would develop in this regard.

Wednesday, November 30, 2011

Online Dispute Resolution Services Are Growing

International online dispute resolution (international ODR) is no more a fiction. With growing disputes being resolved through an online mechanism, ODR has also assumed significance. ODR has significant advantages over not only traditional litigation methods but also against alternative dispute resolution (ADR) mechanisms.

International community is working really hard in the direction of recognising use of ODR as an effective dispute resolution mechanism. For instance, European Union has been considering use of ODR for cross border consumer disputes. Similarly, efforts of United Nations to streamline ODR are also well known. Similarly, use of ODR for cross border e-commerce transactions is also suggested. Similarly, WIPO is also using ODR for dispute resolution.

These international efforts must also be implemented at the national level. In other words, ODR needs international harmonisation to be effective. If we implement ODR at the international level alone, using ODR at national level would never be successful.

For instance, online dispute resolution in India is still evolving. ADR and ODR services in India are still in their infancy stages. Obviously, online dispute resolution services in India are still maturing. We have very few online dispute resolution centers in India. Further, Perry4Law Techno Legal Base (PTLB) is the sole techno legal ADR and ODR services provider in India.

Interest in ODR must be invoked among the stakeholders at both national and international level. ODR can be really effective where stakeholders are located at different jurisdiction. With the help of technology, disputes can be resolved without even leaving the residence of any party. Let us hope that ODR would be used at mass scale and at all levels to resolve disputes in the best possible manner.

Saturday, November 26, 2011

Surveillance of Internet Traffic In India

E-surveillance in India is no more a secret as Indian government is openly engaging in e-surveillance activities. This is despite the fact that an unregulated and unguided e-surveillance is violating the civil liberties protection in cyberspace in India.

Now e-surveillance is proposed to be expanded to even mobile infrastructure. The cell site location based e-surveillance in India is also in contemplation. Cell site data location laws in India and privacy issues are once again bypassed for this proposal. Even the e-surveillance policy of India is missing that can provide some safeguards against illegal and unconstitutional e-surveillance in India.

Similarly projects like Aadhar project of India, central monitoring system project of India, etc are also intended to strengthen the e-surveillance capabilities of India without and constitutional safeguards.

On the top of India, India is trying every possible method to discourage the cyber security initiatives like encryption. Encryption policy of India is missing and so are encryption laws in India.

Now Indian government has forced the telecom service providers and internet service providers (ISPs) to deploy monitoring equipment for surveillance of internet traffic as per the conditions of the respective license agreements and as per the requirements of security agencies. At present, indigenous internet monitoring systems are being deployed in the network of ISPs.

Based on the feedback and traffic projections provided by the ISPs, the internet monitoring systems are upgraded and deployed continuously as per the requirement of security agencies.

India needs to upgrade its intelligence infrastructure that is in real mess. Intelligence agencies need to develop intelligence gathering and analysis skills so that situations like the present one can be taken care of. E-surveillance is not a substitute for cyber skills and Indian government and its agencies must realise this truth as soon as possible.

Even by forcing the telecom service providers and ISPs to filter internet traffic at large would not serve any purpose. Cyber criminals and terrorists are already well aware to use sophisticated technology to hide their tracks. This exercise would only violate the civil liberties of law abiding citizens.

Fortunately, Yahoo has dragged Indian government regarding e-surveillance to the Delhi High Court and a judicial scrutiny of e-surveillance in India may be possible. Time has come to consider all these aspects in detail and at the highest levels by the Indian government and parliament of India.

Friday, November 25, 2011

Yahoo Took Indian Government To Court Over E-Surveillance

E-surveillance in India has become a big nuisance for intermediaries like internet service providers (ISPs), e-commerce sites, search engines, e-mail providers, etc. The liability of Internet intermediaries for copyright violations is also well known that has further increased the troubles of intermediaries in India.

Intermediaries liability for cyber law due diligence in India has become very stringent after the information technology amendment act 2008 has been notified. Information technology act 2000 (IT Act 2000) now carries many e-surveillance, websites blocking and Internet censorship provisions.

The problem is that there are “no procedural safeguards” subject to which these wide and sweeping powers can be exercised. This is also the reason why these provisions are unconstitutional and illegal as they are violating the provisions of Indian constitution.

However, in the larger interests of their commercial activites in India, these intermediaries not only accepted the draconian amendments in the cyber law of India but they are also complying with the legal as well as illegal orders of Indian government and its agencies. However, this approach would be counter productive for them in the long run and they must come forward against such laws and draconian provisions.

Yahoo has taken a very significant step in this regard. Yahoo has approached the Delhi High Court against the Union home ministry's attempts to obtain information about nearly a dozen Yahoo IDs/IP addresses it suspects are used by Islamic terrorists and Maoists.

Yahoo has challenged the legality of the government's decision to penalise it by slapping it with a fine of Rs 11 lakh because Yahoo refused to share profile details of the users of these email ID's that are under the scanner of the agencies. Recently, the HC stayed the imposition of the fine, and sought a response from the Centre.

In its petition, Yahoo has raised questions on the right to privacy of a company that stores such sensitive data and to what extent authorities can coerce it to part with the information considered necessary to either track terror perpetrators or thwart future attacks. "The government cannot under the cloak of national security implications bypass legal procedures," the petitioner has argued, claiming the section and clauses invoked by the Union ministry to demand information from Yahoo doesn't empower the government to do so.

Yahoo has taken a bold step that even companies like Google have not been able to do so. The matter is pending before the Delhi high court that has a good chance to bring some order in the otherwise chaosed e-surveillance world of India. The issue of phone tapping and privacy violations in India is also pending before the Supreme Court of India.

The matter must also be looked from another angle. Human rights protections in cyberspace in India are not safeguarded at all. Even at the international level United Nations has not shown much interest in protecting civil liberties in cyberspace. The data privacy laws in India are also missing. In short, there is complete negation of human rights in cyberspace in the Indian context.

Yahoo’s case may bring to the knowledge of Indian courts this situation and we may expect some respect for the constitutional rights and freedoms that are seldom respected in India these days.

Wednesday, November 23, 2011

Data Privacy Laws In India

Privacy rights and data protection are essential for protecting civil liberties and commercial interests. We do not have a dedicated privacy law in India as well as data protection law in India. There is no second opinion that privacy laws in India and data protection law in India is needed.

Privacy rights and laws in India have been ignored for long. Privacy rights in India in the information era are seldom respected in India. Although right to privacy bill of India 2011 has been suggested many times in the year 2011 yet till now we do not have any conclusive draft in this regard that can be introduced in that parliament of India. In fact, we are still waiting for a public disclosure of final and conclusive proposed draft right to privacy bill 2011 of India that can be discussed in the parliament.

Fortunately, the issue of phone tapping and violation of privacy rights as a result of the same is pending before the Supreme Court of India. The unconstitutional phone tapping in India is wide prevalent and the Supreme Court of India must also address this issue.

The Supreme Court of India must expand privacy rights in India as that is the need of hour. Fortunately, the issue is already pending before it and there would not be much trouble in formulating a privacy framework for India.

However, the real solution can come from the parliament of India alone. The parliament of India must pass strong and effective privacy and data protection laws for India. Even there is a need to revisit the telephone tapping legal framework of India.

At the executive level, Indian government must formulate the national privacy policy of India that must address all these issues. Unfortunately, Indian government is deliberately avoiding these crucial issues on one pretext or other. In the larger interest of India and as a direct obligation under the constitution of India, executive, legislature and judiciary must protect the fundamental rights and civil liberties of Indian citizens.

Monday, November 21, 2011

Are Indian Satellites Safe From Cyber Attacks?

Cyber attacks and cyber espionage by one nation against another are very common these days. Though nations are attacking one another through cyber intrusions yet none of them come forward to accept the same. Whether we like it or not but cyber attacks and cyber espionage would continue to be used by various nations against each other.

This process is a part of traditional strategic information gathering by defence forces, intelligence agencies, etc. For instance, the systems and techniques capable of destroying an adversary’s satellites have been a major focus of arm race in outer space. With the active use of Internet, the same process has taken a shape of cyber espionage and cyber attacks.

Naturally, we must focus upon a robust and effective cyber security in India. For instance, Indian preventive and offensive capabilities against cyber warfare must be developed to ward off growing incidences of cyber espionage and cyber attacks against India.

Indian critical infrastructure if frequently targeted by cyber attacks. Malware like Stuxnet and Duqu are increasingly found in the computers managing the critical infrastructure of India. In fact some believe that Stuxnet was also responsible for the destruction of an Indian broadcasting satellite. Cyber security of Indian satellites is a natural choice in these circumstances.

The Indian government must deliberate upon cyber threats like cyber espionage and cyber warfare that are increasingly targeting strategic computers and facilities. With growing interest in cyber security, this may be achieved within few years in India.

Sunday, November 20, 2011

Indian Legal Workforce Needs To Be Skill Driven

Practical training and skills are two of the most important attributes of a successful and highly paying career. These attributes are also the most commonly absent essentials of various educational courses. As a natural result, almost 75% of the educated masses are either unemployable or simply not suitable for the relevant jobs.

Even Indian companies are facing shortage of skilled workforce to manage their day to day functions. In the information technology field, there is an urgent need of cyber skilled workforce in India. Further, technical education and skill development in India need to be considered on a top priority basis.

As far as legal field is concerned, the situation is not very different. For instance, the legal research in India is not qualitative and plagiarism is rampant in Indian legal research community.

Although legal process outsourcing (LPO) in India is flourishing yet there are very few e-discovery related LPO and KPO firms in India. In future e-discovery related LPO and KPO services in India would increase considerably. However, the skilled workforce needed to execute such high end and domain specific work is missing.

PTLB online skills development initiative is trying to bridge all these gaps so that a skilled legal workforce can meet all the future employment related challenges in India. Interested stakeholders, students and professional from around the globe can enroll for these courses, training, education and skills development programs of PTLB.

Friday, November 18, 2011

National Cyber Security Policy of India Is Needed

Cyber security policy and strategy is an important aspect of national security. Till now we have no national security policy of India. There is no second opinion about the fact that national security policy of India is required and the sooner it is drafted and implemented the better it would be for India.

In fact, national security of India is affected by turf war that is putting the entire national security at risk. For instance, Indian nuclear facilities may not be cyber secure. Indian websites are occasionally defaced.

Crucial computers at strategic government departments and defense forces are frequently compromised. The servers of national informatics centre (NIC) of India were recently hacked. This puts the entire governmental web infrastructure at risk.

A sound national security policy must have many essential and important aspects incorporated into it. One such essential component is cyber security policy and strategy of India. Till now we have no implementable national cyber security policy of India.

India’s national cyber security policy must be suitable formulated and immediately implemented. Further, Indian counter terrorism capabilities needs rejuvenation to deal with traditional terrorism and cyber terrorism. Indian banks are also not very good at cyber security and they are not willing to upgrade their cyber security despite the mandatory recommendations by Reserve Bank of India (RBI).

At the international level efforts have been streamlined to strengthen cyber security and global cyber security cooperation. Recently NATO requested cyber security cooperation from India.

Even at the individual level countries are strengthening their offensive and defensive cyber capabilities. In United States, the DARPA is developing offensive and preventive cyber capabilities. Indian defense and security against cyber warfare must also be developed.

It is high time for India to develop cyber offensive and defensive capabilities so that it can manage cyber threats like cyber terrorism, cyber warfare, cyber espionage, etc in a timely and effective manner.

Thursday, November 17, 2011

Indian Defense And Security Against Cyber Warfare

Of late, India is increasingly targeted for cyber espionage, cyber warfare, cyber terrorism and many similar cyber attacks. Indian response to the same remained lukewarm. Obviously the news of sophisticated Malware targeting Indian critical infrastructure is no big surprise.

For instance, some claim that Stuxnet Malware was responsible for the destruction of an Indian broadcasting satellite. Similarly the Duqu Malware used the command and control servers located in India. The latest being that the servers of National Informatics Centre (NIC) of India were compromised and used for launching cyber attacks upon other nations.

In this background India must analyse its cyber skills and capabilities. Is India ready for cyber warfare, cyber terrorism, cyber espionage, cyber attacks, etc? We have still not formulated any cyber warfare policy of India. In fact, cyber security in India is an ignored world. Even there is no cyberspace crisis management plan of India that is actually implemented at the national level.

At the legal framework level as well India is lagging far behind. We have no dedicated legal framework for cyber security in India. Even the cyber law of India needs many suitable amendments as it has become outdated.

These issues require political will to resolve and presently that seems to be missing. Although Kapil Sibal is doing a great job yet he seems to be overburdened with many responsibilities. This is resulted in sidelining of cyber law and cyber security issues.

Now Kapil Sibal has given positive hints about these issues, things may change in the near future. But till then Indian cyberspace is vulnerable to all sorts of cyber attacks.

India is not at all ready to tackle cyber warfare, cyber terrorism, cyber espionage, etc with the present framework of mind and cyber capabilities. Indian defense and security against cyber warfare is missing and the same needs to be strengthened as soon as possible.