Wednesday, November 14, 2012

Legal Issues Of Internet Banking In India

Internet banking is a popular and convenient method of doing online banking transactions. We have no dedicated Internet banking laws in India but the Reserve Bank of India (RBI) has issued some guidelines in this regard. However, Internet banking guidelines in India by RBI are not sufficient to make the banks follow robust and required cyber security procedures.

This means that Internet banking risks in India are high and even RBI acknowledged risks of e-banking in India.  Despite this position, banks in India are ignoring the cyber security due diligence requirements prescribed by RBI. The online banking risks in India have increased tremendously due to this position.

RBI has also released a report of the RBI working group on securing card present transaction in order to provide preventive measures for ATM frauds in India. Sill Internet banking frauds in India and ATM Frauds are increasing. Banks in India are not serious about cyber security and they are not following the recommendations of RBI.

RBI has also insisted upon ensuring of cyber security of banks in India. In fact, recently RBI warned Indian banks for inadequate cyber security as well. This is resulting in increased financial crimes and cyber crimes in India. Mobile banking cyber security in India is also at risk.

The legal issues of Internet banking in India must be taken more seriously by all stakeholders especially the Indian banks. However, better results cannot be achieved till cyber security requirements made mandatory on the part of Indian banks.

Internet Banking Frauds In India

Cyber crimes in India are on rise thanks to the growing use of information technology. With limited numbers of cyber law firms in India, these cyber crimes are not reported properly. Even the cyber security of India is still catching up with the present requirements.

Cyber security of banks in India is also not upto the mark. The mobile banking cyber security in India is also missing. The preventive measures for ATM frauds in India are also missing. The truth is that Indian banks are poor at cyber security. The online banking risks in India are increasing due to this indifference towards cyber security.

RBI has recently issued a report titled Report on Trend and Progress of Banking in India 2011-12. RBI needs banks to build a robust mechanism to prevent incidents of fraud in areas of mobile/net banking and electronic fund transfer. RBI has already issued guidelines pertaining to national electronic funds transfer (NEFT) system of India but banks in India are not providing positive confirmations of NEFT transactions.  

Ensuring effectiveness of the banking sector by way of technology combination while minimising the incidences of fraudulent cases has become one of the major objectives of the RBI in recent years.

According to RBI, complaints related to unauthorised fund transfers, fraudulent withdrawals from ATMs using duplicate cards, phishing e-mails aimed at extracting personal information have registered significant increase in recent times. RBI’s ombudsman office is already flooded with ATM related complaints in India.  

RBI must take a hard stand against defaulting banks who have not adopted sound cyber security policies and strategies for Internet banking and other online financial transactions.

Monday, November 5, 2012

The Proposed IT Act 2000 Amendments: Boon Or Bane

The aim of this article, written in 2006, is to consider the far reaching consequences of the proposed IT Act, 2000 amendments as suggested by the Expert Committee appointed by the Government in this regard. These amendments were severely criticised in India because of their inherent weaknesses and retrograde approach. If these proposed amendments have been approved by the cabinet without considering the critical evaluations or without the necessary modification, India will surely be a “safe heaven” for various cyber crime and contraventions. Equally at risk are e-governance in India and e-commerce in India. In the present scenario, cyber law in India is going to be a remedy worse than the malady. We may have a cyber law without teeth. Rather, it may actively encourage and support the criminal tendencies and cyber crimes in India. It is ironical that though India is emerging as the leading country in the field of Information and Communication Technology (ICT) yet the law that is needed to make it a ground reality is itself removing the protection and safeguards necessary for the survival and continued existence of ICT in India.

I. Introduction

The cyber law, in any country of the World, cannot be effective unless the concerned legal system has the following three pre requisites:

(1) A sound Cyber Law regime,
(2) A sound enforcement machinery, and
(3) A sound judicial system.

Let us analyse the Indian Cyber law on the above parameters.

(1) Sound Cyber Law Regime: The Cyber law in India can be found in the form of IT Act, 2000. Now the IT Act, as originally enacted, was suffering from various loopholes and lacunas. These “Grey Areas” were excusable since India introduced the law recently and every law needs some time to mature and grow. It was understood that over a period of time it will grow and further amendments will be introduced to make it compatible with the International standards. It is important to realise that we need “qualitative law” and not “quantitative laws”. In other words, one single Act can fulfil the need of the hour provided we give it a “dedicated and futuristic treatment”. The dedicated law essentially requires a consideration of “public interest” as against interest of few influential segments. Further, the futuristic aspect requires an additional exercise and pain of deciding the trend that may be faced in future. This exercise is not needed while legislating for traditional laws but the nature of cyber space is such that we have to take additional precautions. Since the Internet is boundary less, any person sitting in an alien territory can do havoc with the computer system of India. For instance, the Information Technology is much more advanced in other countries. If India does not shed its traditional core that it will be vulnerable to numerous cyber threats in the future. The need of the hour is not only to consider the “contemporary standards” of the countries having developed Information Technology standards but to “anticipate” future threats as well in advance. Thus, a “futuristic aspect’ of the current law has to be considered. Now the big question is whether India is following this approach? Unfortunately, the answer is in NEGATIVE. Firstly, the IT Act was deficient in certain aspects, though that was bound to happen. However, instead of bringing the suitable amendments, the Proposed IT Act, 2000 amendments have further “diluted” the criminal provisions of the Act. The “national interest” was ignored for the sake of “commercial expediencies”. The proposed amendments have made the IT Act a “tiger without teeth” and a “remedy worst than malady”.

(2) A Sound Enforcement Machinery: A law might have been properly enacted and may be theoretically effective too but it is useless unless enforced in its true letter and spirit. The law enforcement machinery in India is not well equipped to deal with cyber law offences and contraventions. They must be trained appropriately and should be provided with suitable technological support.

(3) A Sound Judicial System: A sound judicial system is the backbone for preserving the law and order in a society. It is commonly misunderstood that it is the “sole” responsibility of the “Bench” alone to maintain law and order. That is a misleading notion and the “Bar” is equally responsible for maintaining it. This essentially means a rigorous training of the members of both the Bar and the Bench. The fact is that the cyber law is in its infancy stage in India hence not much Judges and Lawyers are aware of it. Thus, a sound cyber law training of the Judges and Lawyers is the need of the hour. In short, the dream for an “Ideal Cyber Law in India” requires a “considerable” amount of time, money and resources. In the present state of things, it may take five more years to appreciate its application. The good news is that Government has sanctioned a considerable amount as a grant to bring e-governance within the judicial functioning. The need of the hour is to appreciate the difference between mere “computerisation” and “cyber law literacy”. The judges and lawyers must be trained in the contemporary legal issues like cyber law so that their enforcement in India is effective. With all the challenges that India is facing in education and training, e-learning has a lot of answers and needs to be addressed seriously by the countries planners and private industry alike. E-learning can provide education to a large population not having access to it.

II. Critical Evaluation Of The Proposed IT Act, 2000 Amendments

The proposed IT Act, 2000 amendments are neither desirable nor conducive for the growth of ICT in India. They are suffering from numerous drawbacks and grey areas and they must not be transformed into the law of the land. These amendments must be seen in the light of contemporary standards and requirements. Some of the more pressing and genuine requirements in this regard are:

(a) There are no security concerns for e-governance in India
 (b) The concept of due diligence for companies and its officers is not clear to the concerned segments
(c) The use of ICT for justice administration must be enhanced and improved
(d) The offence of cyber extortions must be added to the IT Act, 2000 along with Cyber Terrorism and other contemporary cyber crimes
(e) The increasing nuisance of e-mail hijacking and hacking must also be addressed
(f) The use of ICT for day to day procedural matters must be considered
(g) The legal risks of e-commerce in India must be kept in mind
(h) The concepts of private defence and aggressive defence are missing from the IT Act, 2000
(i) Internet banking and its legal challenges in India must be considered
 (j) Adequate and reasonable provisions must me made in the IT Act, 2000 regarding “Internet censorship”
(k) The use of private defence for cyber terrorism must be introduced in the IT Act, 2000
 (l) The legality of sting operations must be adjudged
(m) The deficiencies of Indian ICT strategies must be removed as soon as possible
(n) A sound BPO platform must be established in India, etc.

The concerns are too many to be discussed in this short article. The Government must seriously take the “genuine concerns” and should avoid the cosmetic changes that may shake the base of already weak cyber law in India.

III. Conclusion

The Government has mistakenly relied too much upon “self governance” by private sectors and in that zeal kept aside the “welfare State role”. The concept of self governance may be appropriate for matters having civil consequences but a catastrophic blunder for matter pertaining to crimes, offences, contraventions and cyber crimes. Further, the Government must also draw a line between “privatisation’ and “abdication of duties” as imposed by the Supreme Constitution of India. The concepts of “Public-Private Partnerships’ must be reformulated keeping in mind the welfare State role of India. The “collective expertise” must be used rather than choosing a segment that is not representing the “silent majority”. It would be appropriate if the Government puts the approved draft by the Cabinet before the public for their inputs before finally placing them before the Parliament.

Saturday, November 3, 2012

Indian Critical Infrastructure And Cyber Security Challenges And Issues

The reliance of consumers and businesses on the cyberspace and interconnected networks would continue to increase. Critical industries like electric, water, oil and natural gas, transportation, automotive, and aerospace are increasingly dependent upon industrial control systems like supervisory control and data acquisition (SCADA).

In fact, SCADA has become the new cyber attacks battlefield against India. An attack upon SCADA is essentially an attack upon the critical infrastructure of a nation. The SCADA systems may involve a human machine interface (HMI), a supervisory system managing the processes, remote terminal units (RTUs) interacting with the supervisory systems, programmable logic controller (PLCs) usable as field devices, etc.

Initially, running on proprietary control these have evolved with the availability of low-cost Internet Protocol (IP) devices, thus increasing the possibility of cyber security vulnerabilities and incidents. Therefore, critical infrastructure protection in India must be an integral part of national cyber security policy of India.

The policy must address critical infrastructure protection requirements of India. Further, besides energy, defense, transportation and telecommunication, the financial sector which includes banks and stock exchanges must be suitably protected in India.

Cyber security of banks in India is still not effective. Further, cyber security due diligence for banks in India is still missing despite some stern guidelines by Reserve Bank of India (RBI). Indian Banks are not complying with RBI’s cyber due diligence requirements.  Even the RBI warned Indian banks for inadequate cyber security in the past.

This is a serious issue as more than 80% of banking transactions today takes place online. Similarly, the majority of the investor trade through online systems thus making the financial sector one of the most critical sectors.

Mobile banking cyber security in India is still missing. In these circumstances, mobile banking in India has become really risky as it puts the customers at grave risks. Mobile banking cyber security is required in India on a priority basis before any mobile banking scheme is launched in India. Although Internet banking guidelines in India by RBI have been issued yet no such guidelines have been issued by RBI regarding mobile banking so far.

These cyber security issues in India must be resolved as soon as possible as the cyber security challenges of India remains unredressed till date.

Thursday, November 1, 2012

The Glaring Cyber Security Challenges And Indian Response

It is very difficult to predict the future cyber security issues in India or in other nations. Even it is very difficult to analyse all the cyber security issues, challenges and problems of India and other jurisdictions.

However, one thing is for sure. Cyber security challenges in India are going to increase with the advent of sophisticated malware like Stuxnet, Duqu, Flame, Shamoon, etc. These customised malware are targeting the critical infrastructures around the world. To tackle these malware, cyber security capabilities in India must be strengthened.

If we analyse the cyber security reflections of India the position is really worrisome. The cyber law, cyber crimes and cyber security trends by Perry4Law and Perry4Law’s Techno Legal Base (PTLB) have marked many shortcomings of Indian cyber security capabilities.

Critical infrastructure protection in India is not in a very good shape. We have no critical ICT infrastructure protection policy of India as well. The critical infrastructures around the world like power grids, nuclear facilities, satellites, defense networks, governmental informatics infrastructures, etc are vulnerable to known and unknown malware.

According to cyber security experts cyber attacks are affecting Indian critical infrastructure and we are not even aware of the same. Critical infrastructure protection in India is needed as soon as possible.

India must develop both offensive and defensive cyber security capabilities that must be robust enough to detect and nullify cyber warfare against India, cyber terrorism against India, cyber attacks against India, cyber espionage against India, etc.

The national imperatives of securing operational technologies like smart grids, oil and gas, public utilities, etc are too essential to be ignored by Indian government. Today protecting key economic assets like securing financial backbone and stock exchange, payment infrastructures and financial switches is need of the hour. This includes architecting security for new age banking to make them cyber secure. Cyber security of banks in India is still deficient.

The business community must also keep in mind the cyber law due diligence requirements in India. Cyber due diligence for Indian companies is now a statutory obligation and failure to observe cyber due diligence can bring serious legal ramifications. Ensuring business models, technology transformations and channel revolutions in the midst of organised, focused, advanced and persistent cyber threats is not an easy task.

With the growth of enterprise mobility, mobile applications and cloud enablement data driven businesses, techno legal issues have become more prominent. Social networking platforms have further complicated the scenario. 

The Internet is truly global in nature and regional and national regulations and efforts cannot bring the desired results. Cyber law and cyber security issues are global in nature. Indian response to international cyber law treaty is not pro active. International cyber law treaty is required to be formulated as soon as possible.

Similarly, cyber security framework must ensure both national responsibility and global accountability. Any cyber diplomacy must congregate both national and international interests to be effective and enforceable. Thus, an international cyber security treaty is required to be formulated as well.

With a growing focus upon electronic delivery (e-delivery) of services in India additional responsibilities of securing technology transformation of governance must be ensured. The e-governance projects of India would bring cyber security challenges for which we need readymade solutions.
           
Similarly, cyber security enablement of growing electronic and mobile commerce would also be required. With the projected increase in volume and growth of commerce and e-commerce in India, cyber security as enabler must be ensured.


The management of consumer rights and business responsibilities in the information age is not an easy task. For instance, the present telemarketing policy of India is anti consumer. Similarly, the telecom dispute resolution process in India is also anti consumer.

The future of cyber security in India is tough to manage. The sooner we start working in this direction on ground level and actual basis the better it would be for the larger interest of India.

Source: Cyber Security Issues In India

Cyber Law Firms In New Delhi India

Cyber law is a complicated subject that requires tremendous expertise to manage. There are very few cyber law firms in New Delhi India and Perry4Law is proud to be one of them. Further, Perry4Law is the exclusive techno legal ICT law firm of India and is the exclusive techno legal cyber law firm of India.

The cyber law expertise of Perry4Law is supported by Perry4Law’s Techno Legal Base (PTLB) that is the leading techno legal platform of the world. PTLB is also managing the exclusive techno legal cyber crime investigation centre of India (CCICI) that is assisting in investigation and solving of cyber crimes in India.

PTLB is also resolving India’s glaring cyber security challenges and strengthening the cyber security environment of India through it exclusive techno legal cyber security research and development centre of India (CSRDCI). Further, the national cyber security database of India (NCSDI) is also a cyber security initiative of PTLB.


As a techno legal ICT law firm we are trying to give cyber law of India a new shape. Further, one area that has recently interested the legal community pertains to cyber security. Although cyber security as a legal field has started gaining attention of foreign lawyers and law firms yet cyber security law firms in India or cyber security lawyers in India are still missing.

If you are interested in our cyber law, cyber security, cyber forensics, e-discovery, e-commerce, intellectual property rights (IPRs), corporate laws, LPO and KPO, e-courts, online dispute resolution (ODR), cyber skills development, cyber law trainings and other techno legal services, you may contact us in this regard.

India’s Glaring Cyber Security Challenges

Indian cyber security problems, issues and challenges management is a major cause of concern these days. India, like all other countries, is facing shortage of skilled cyber security professionals. Even there are very few cyber law firms in India who can manage legal issues of information technology abuse and cyber crimes.

Cyber security problems and challenges in India are complicated in nature. They cannot be resolved though mere conferences and lip services. A very pertinent question in this regard was recently asked by one of my friend and it asks will the third (3rd) worldwide cyber security summit of Delhi succeed?

This is a natural question to ask in these circumstances as the third (3rd) worldwide cyber security summit of Delhi, India 2012 has just concluded. Will summit like these bring any change in the cyber security environment of India? The answer is in negative as we need ground level and actual cyber security efforts in India.
                                                 
For instance, initiatives like cyber security research and development centre of India (CSRDCI) and national cyber security database of India (NCSDI) can prove useful for strengthening of cyber security of India. We need more such initiatives in India.

The cyber security issues in India must be given a top priority. The glaring cyber security problems of India cannot be ignored by Indian government anymore. Further, we must also develop cyber crime investigation capabilities in India as well. The cyber crimes investigation centre of India (CCICI) by Perry4Law’s Techno Legal Base (PTLB) can be really handy in this regard.

The sooner these issues are resolved by Indian government the better it would be for the larger interest of India.

Source: Cyber Laws In India