Showing posts with label CYBER LAW OF INDIA. Show all posts
Showing posts with label CYBER LAW OF INDIA. Show all posts

Saturday, February 4, 2012

Internet Intermediary Liability In India

Information Technology Act 2000 (IT Act 2000) is the sole cyber law of India. IT Act 2000 is also regulating the functioning of Internet intermediaries in India. Internet intermediaries’ law and liability in India has become very stringent after the passing of the Information Technology (Intermediaries Guidelines) Rules, 2011 of India.

These Internet intermediaries liability Rules of India demarcates the rights and responsibilities of internet intermediaries in India. If the Internet intermediaries follow these Rules and exercise proper cyber due diligence, they are entitled to a “safe harbour protection”. Otherwise, they are liable for various acts or omission occurring at their respective platforms once the matter has been brought to their notice.

Social media due diligence in India has also emerged out of IT Act 2000 and the corresponding Rules. Now legal actions against foreign websites can be taken in India. Further, cyber litigations against such foreign websites would increase in India in the near future.

Privacy violations and data breach investigations would also be required to be undertaken by these companies in India. Data protection requirements would also add further obligations upon these companies and websites in India. It is of utmost importance for these foreign companies and websites to follow Indian laws in true letter and spirit.

The cyber laws due diligence requirements for companies in India are strenuous in nature and Internet intermediaries in India need to take care of the same to avoid legal troubles. Companies like Google, Facebook, etc must appoint nodal officers in India that can be served with notices and communication pertaining to Internet intermediary obligations in India.

Cyber law due diligence in India is also required to escape liability for online violations of intellectual property rights in India. Liability of Internet intermediaries for copyright violation in India is well known and even foreign companies recognise this fact. The Online Copyright Infringement Liability Limitation Act (OCILLA) of United States has been enacted as part of the Digital Millennium Copyright Act (DMCA) 1998. Foreign companies like Google, Facebook, etc are complying with the DMCA requirements while taking down intellectual property violating contents.

However, these foreign companies and websites are still not aware of the requirements of India laws. Further, even if they are aware, they are not complying with the same in the appropriate manner. Time has come for these foreign companies to take Indian laws, especially intellectual property and cyber law, more seriously.

Thursday, February 2, 2012

Are Google, Facebook, Microsoft, Heading For A Trouble?

Companies like Google, Facebook, Yahoo, Microsoft, etc facing a cyber battle in New Delhi, India. A criminal complaint against these companies is pending before a Trial Court of New Delhi. Obviously, these companies did what was best in their interest. They petitioned the Delhi High Court for quashing of criminal complaint against them.

Before the Delhi High Court, the respondent has placed it final arguments on 02-02-2012 and the petitioner would put its final arguments on 14-02-2012. Meanwhile, the Delhi High Court has dismissed a plea of a business man to hear him in this case for violation of his right to speech and expression. The Delhi High Court observed that till date neither the Trial Court nor the Delhi High Court has passed any order which curtailed the citizens' fundamental rights of freedom of speech and expression.

The Delhi High Court also observed that Google and Facebook do have the right to freedom of speech and expression but they are not above the law. There is no second opinion about this proposition as companies like Google, Facebook, Microsoft, Yahoo, etc must comply with Indian laws. Further, legal actions against foreign websites in India can be taken if they fail to comply with Indian laws. In fact, cyber litigations against foreign websites would increase a lot in India.

In fact companies like Twitter and Google have already taken steps to ensure compliance with Indian laws. Twitter has put in place a country specific mechanism to censor/remove offending tweets. Google has also started redirecting Indian bloggers to *** domains instead of *** domain. This method would allow Google to remove offending contents pertaining to *** alone once a valid legal request is made from a particular country or residents of that country.

Yahoo has separately approached Delhi High Court and requested for a separate trial as its case falls in a different category. The Delhi High Court has accepted the request of Yahoo and issued necessary notices in this regard.

Now the companies in question have two options. Either they declare that these laws are not binding upon them or they comply with the same. It seems companies are deliberately avoiding observance of Indian laws. This is an unacceptable behaviour that Indian government cannot afford to allow. It is not a case that only Indian government is feeling offended by non observance of Indian laws. Even private individuals and companies face problems when requests for removal of offending and intellectual property violating contents are made.

Another problem that Indian government must take care of pertains to conflict of laws. When laws of India are clearly violated, there is no sense in complying with laws of foreign jurisdictions, especially when the companies involved in such process also have sound business and commercial presence in India. India must develop an alternative mechanism to DMCA complaints to such India based subsidiary companies as well as their parent companies based in foreign jurisdictions.

These companies are openly violating the requirements of Information Technology (Intermediaries Guidelines) Rules, 2011 without any legal justifications. These companies cannot use the subsidiary argument for long as Indian government would formulate more stringent norms for Indian subsidiaries dealing in information and communication technology (ICT) related matters.

This proposition is also reflected in the recent hearing of the Delhi High Court. Justice Suresh Kait observed that these companies are not above the law and their rights are to be determined under the laws of the land. He further observed that nobody is against the freedom of speech and expression. In fact, despite the summoning order against the websites, neither the Trial Court nor Delhi High Court has asked the websites to shut or restrain from functioning. They have only been summoned in accordance with the law as nobody is above it.

The next date of hearing before the Delhi High court would be on 14-02-2012 where these companies would put forward their final arguments. Let us hope that the Delhi High Court would deliver cyber justice to India.

Saturday, January 28, 2012

India Must Invent Alternatives Of DMCA Complaint To Google And Others

Of late foreign companies and websites like Google, Facebook, etc are increasingly finding themselves in the legal net of India. In fact, a criminal case is already pending against Google, Facebook, etc for failure to exercise cyber law due diligence.

If websites like Google, Facebook, etc fail to exercise cyber law due diligence as per the requirements of Indian information technology act, 2000 (IT Act 2000), the Internet intermediary protection is lost. All that is required to make Internet intermediaries like Google, Facebook, etc liable under Indian laws is to notify them about the objectionable contents.

The objectionable contents may take the form of defamatory contents, cyber stalking, pornography, religious riots incitement materials, intellectual property violating contents, etc. Indian cyber law allows 36 hours to such Internet intermediaries to remove the offending contents from their platforms.

While there is no problem in applying Indian laws to foreign companies and websites operating in India yet these companies and websites use the fa├žade of parent company by declaring themselves as mere subsidiaries of such parent companies. And when these parent companies are called to comply with Indian laws, they openly deny the same by saying that they are governed by foreign laws.

Naturally, Indians also cannot be forced to follow foreign laws like Digital Millennium Copyright Act (DMCA) 1998 and Online Copyright Infringement Liability Limitation Act (OCILLA).

As many of you may be aware that we are currently pursuing a copyright violation, trademark infringement and impersonation matter with Google Incorporation and Google India. Further, Perry4Law and Perry4Law Techno Legal Base (PTLB) have also provided their suggestions to US Copyright office regarding remedies for small copyright claims in United States so that interests of small copyright holders can be protected.

We have also filed a DMCA complaint to Google Incorporation (US) and a notice under IT Act 2000 to Google India on 22-01-2012 for copyright violation, trademark infringement and impersonation.

From the responses we received so far, it seems Google Incorporation is not willing to respect and comply with Indian laws and Indian legal requests even if DMCA procedure is duly complied with. We are still waiting for the response of Google India and would proceed further once the time limit of 36 hours is expired.

However, this has forced us to think in a very different direction. We believe that India must take urgent steps so that companies and websites like Google, Facebook, etc comply with legal demands as per Indian laws as well. We suggest the following in this regard:

(1) All subsidiary/Joint ventures companies in India, especially those dealing in information technology and online environment, must mandatorily establish a server in India. Otherwise, such companies and their websites should not be allowed to operate in India.

(2) A stringent liability for Indian subsidiaries dealing in information technology and online environment must be established by laws of India.

(3) More stringent online advertisement and e-commerce provisions must be formulated for Indian subsidiary companies and their websites.

Further, US government needs to change its policies towards foreign IP infringements and enforcements. Incidences like not following laws of other jurisdictions are responsible for enacting harsh laws like SOPA and PIPA. These incidences are also responsible for filing of civil and criminal complaints against companies like Google in India.

Indian government and Indian courts need to consider these aspects while deciding various cases against foreign websites and social media platforms. If Indian intellectual property and cyber laws are not respected, there is no other option but to choose a harsh stand of foreign websites blocking in India.

The matter would come for hearing before the Delhi High Court on 02-02-2012 and we hope the Delhi High Court would take judicial note of these facts also while adjudicating upon that matter.

Thursday, January 26, 2012

Video Conferencing Laws In India

Video conferencing is increasingly being used for the purposes of digital evidencing in India. Video conferencing would also be an important part of e-courts of India once they would be established. Presently, video conferencing is used for many computerised courts in India.

The information technology act 2000 (IT Act 2000) is the cyber law of India that has provided a legal framework for electronic governance, electronic commerce and many other aspects of online dealing. By implications, the IT Act 2000 also allows use of video conferencing for various purposes.

Despite these provisions and active use of video conferencing in India, video conferencing in India is a troubled technology. The recent episode of Rajasthan government and Rajasthan police not allowing the video conferencing of Salman Rushdie shows Indian anxiety with use information technology.

This controversy happened because we have no dedicated video conferencing laws and regulations in India. Obviously, we have no dedicated video conferencing blocking laws in India as well. In the absence of a clear cut law, Indian government is still applying traditional methods to regulate video conferencing in India. However, if at all any law applies to video conferencing in India the same must be the IT Act 2000 and not any Police Act or local law.

Surprisingly, few of our posts pertaining to video conferencing disappeared from Google India’s SERPs and Blogs search results and appeared again only after reporting of the same. It seems controversial posts that are well within the constitutional right to speech and expressions are screened in India once they are posted. But who is doing so is still a big question that must be answered to properly analyse the role of Internet intermediaries in India in this regard.

While Internet intermediaries have declined to pre screen users generated contents yet post screening is happening in many cases. If this post screening is happening due to Internet intermediary law of India then such post screening and removal may be fine if legally and constitutionally done. This is so because if the companies and Internet intermediaries fail to observe cyber law due diligence in India they may face civil and criminal trials in India.

It would be a good idea to clarify the position of use of video conferencing in India by Indian government so that its uses, abuses and regulation can be legally managed.

Tuesday, January 24, 2012

Video Conferencing Blocking Laws In India

Video conferencing has revolutionized the way our say to day affairs are managed. Video conferencing facilitates many important commercial and personal communications in a cost effective and efficient manner.

Obviously, video conferencing is regulated by laws of various nations. However, we have no dedicated video conferencing law in India. Of course, some shades of video conferencing regulations are governed by the cyber law of India incorporated in the form of information technology act 2000 (IT Act 2000).

However, there is no express provision that talks about blocking of video conferencing in India except to the extent permitted by the IT Act 2000. Video conferencing, just like other electronic communications, should be allowed unless it can be blocked as per the provisions of IT Act 2000 or other applicable laws. Even for such blocking of video conferencing in India, the norms established by the IT Act 2000 or any other similar law must be followed.

It seems the norms laid down by the IT Act 2000 have not been followed by the Rajasthan government and Rajasthan police and by not allowing the video conferencing of Salman Rushdie, without complying with the requirements of IT Act 2000, they have clearly transgressed the constitutional limitations that they are constitutionally bound to observe.

The fundamental right to speech and expression cannot be defeated through arbitrary and extraneous methods. Right to speech and expression can be curtailed only as per the well established constitutional procedure.

Although the intentions of Rajasthan government may be legal and justified yet the manner of executing those intentions is clearly unconstitutional. The legality and constitutionality of the Rajasthan government’s action is still doubtful and appropriate action must be taken in this regard.

Video Conferencing Laws And Regulations In India

Use of vide conferencing in business community of India is not new and it is in use for long. Even use of vide conferencing for legal and judicial purposes is not new in India. Courts in India have been using video conferencing for litigation purposes especially for receiving evidence from witness.

Even Indian laws like Information Technology Act, 2000 (IT Act 2000), Code of Criminal Procedure, 1973, Indian Evidence Act, 1872, etc allows use of video conferencing for various legal and judicial purposes. The cyber law of India even confers recognition to electronic documents, e-governance and e-commerce.

Use of information technology for legal and judicial purposes is well known. For instance, IT can be use for establishment of e-courts in India. Similarly, IT can also be used for establishing online dispute resolution (ODR) mechanism in India. Even electronic bail granting and communication system in India may be a possibility in near future.

However, use of video conferencing in India is not free from trouble. Recently a man who filed his divorce petition through a video conference from Canada was directed to make a personal appearance in the court. Now personal appearance is a concept that strikes at the very concept of e-courts and video conferencing.

Similarly, the recent cancellation of the Salman Rushdie’s video conferencing in India is another example of troubled use of the same in India. It seems the permission to broadcast such video conferencing was not given by the police.

Crucial speech and expression and law and order maintenance issues are involved in such cases. There is an urgent need to formulate clear and constitutional norms and regulations regarding video conferencing in India.

Saturday, January 21, 2012

Legal Actions Against Offending Foreign Websites In India

Websites based in foreign jurisdictions are engaging in various forms of illegal activities that are offences under Indian laws. For instance, they are openly violating intellectual property rights (IPRs) like copyright of Indian nationals. When these foreign websites are contacted to remove the offending contents, they simply ask you to follow foreign law procedures that are neither practical nor effective for an Indian national.

Take another example. A foreign website is openly hosting defamatory remarks as per Indian laws against you. You request the website to remove the same and the same are still not removed.

Another common example is hosting and publication of pornographic and obscene contents upon a platform or website. Even worst is the case when a morphed photograph of a female member of your family is posted on such platform. You contact the website to remove the same but they never listen to you.

Even worst case is the illegal sales of drugs and medicines online without a prescription slip. Many prohibited medicines are sold in countries through websites in clear disregard of local laws.

Another example may be of offering illegal sex determination tests through websites. Many countries of the world prohibit such testing and India is one of them.

These are some of the examples where day to day lives are affected by culpable conducts in an online environment. Many believe that no effective actions can be taken against such foreign websites in India. However, this is not true.

Under the cyber law of India, appropriate legal actions can be taken against such foreign websites if they have sufficient connection or nexus with Indian jurisdiction. Although an international cyber law treaty is required to being uniformity in legal frameworks yet till such time local laws of India and foreign laws can be invoked to get appropriate remedy.

Further, if nothing works, blocking of such offending websites in India can be undertaken. It would be wrong to suggest that such websites cannot be blocked in India by a court order or through an order of department of information technology, India.

India must formulate appropriate laws or regulations to make such offending foreign websites liable under Indian laws. Further, special regulations for their subsidiaries operating in India must be made so that they cannot do more business than as mentioned in such regulations. A sound tax framework for such subsidiaries must be formulated so that there cannot be any case of tax evasion and tax manipulations by such subsidiaries.

Monday, January 16, 2012

US Companies, India, Conflict Of Laws And Criminal Liabilities

Companies like Google, Microsoft, Yahoo, etc and social media websites like Facebook, etc are currently facing criminal trail in India for not removing objectionable contents from their respective websites.

According to cyber law of India and laws of other jurisdiction, the safe harbour protection of Internet intermediaries is lost the moment they are notified of the offending act or omission. However, till they are notified regarding offending contents, they are not liable for violations committed by their users.

However, US companies are not following Indian laws and they are insisting upon following of US laws even if Indian laws are clearly violated. For instance, websites located in US are openly violating the copyright of Indian websites and when they are contacted in this regard to remove the copyright violating posts they ask Indians to use US laws like Digital Millennium Copyright Act (DMCA) 1998.

Surprisingly, even if these US companies are informed in writing and with relevant information like weblinks of copyright violating posts and copyright subsisting posts, they still insist upon following of DMCA procedure. What is more frustrating is that a majority of these US websites and companies are themselves not following the requirements of DMCA and hence are not entitled to its safe harbour protection.

Even in the case of cyber laws, US companies are applying US standards and are not following Indian standards. This is a classic situation that is occurring due to conflict of laws. This is also the reason why an international cyber law treaty is required to being harmonious application of cyber law principles.

US need to change its policy regarding enforcement of foreign IP rights and cyber laws. By not respecting the laws of other countries, US websites and companies are imposing laws like SOPA and PIPA upon themselves. Further, companies like Google must pay special attention as they are deriving revenue out of online advertisements placed upon such copyright violating posts. This makes them not only a beneficiary but also liable for damages in appropriate cases.

Companies like Microsoft, Yahoo, Google and Facebook are facing prosecution under the Indian cyber law. Further, if we analyse the cyber law trends in India of 2012 and cyber security trends of India 2012, such prosecutions are going to increase further in future. Insisting upon following of US laws to take action against offenders and websites located in US would not serve any purpose if branches or subsidiaries of such companies are located in India. Further, if such websites and companies fail to comply with Indian laws, Indian government can block such foreign websites in India.

The present litigation before Indian courts is just a beginning and US companies and websites must start respecting Indian laws. If cyber crimes are committed with great disregard to Indian laws and the copyright and other IP rights are openly violated by such companies and websites, their prosecution in India is inevitable. Perry4Law and Perry4Law Techno Legal Base (PTLB) strongly recommend that such foreign companies and websites must ensure cyber due diligence in India to escape various civil, criminal and financial obligations.

Why Vinay Rai Did Not Contact The Concerned Websites?

Vinay Rai, the person behind criminal complaint against social media websites and companies like Facebook and Google, has become instrumental in testing the internet intermediary law of India. Presently, Google and Facebook are gripped in the Indian cyber law tangle.

To make the matter worst, not only the executives of parent companies have been personally summoned by the trial court but it has also been proved that Google and Facebook are beneficiaries of the revenue arising out of offending contents. This may make even the subsidiary companies of Google and Facebook liable for violation of Indian laws.

It is not the case that these companies have not protested in the past against the provisions of the Indian laws. For instance, Yahoo had filed a petition raising the questions regarding the right to privacy of a company that stores sensitive data of its customers and users and to what extent Indian authorities can coerce it to part with the information considered necessary to either track terror perpetrators or thwart future attacks.

The Google’s outcry for lack of Internet intermediary law in India is another example of growing dissatisfaction towards Indian cyber laws, especially Internet intermediary laws and social media laws of India. But the same has come too late and is too insignificant at this stage.

However, in this entire episode one thing is simply not understandable. Why Vinay Rai did not contact the concerned websites and brought to their knowledge about the offending contents? As per Vinay he did not deem it appropriate to approach foreign companies himself. Rather he thought it fit to invoke the governmental machinery to get appropriate remedy.

Surprisingly, he has been pursuing this matter with the information technology ministry for over a year now. The ministry took no action despite constant reminders and follow ups from his end. It was only two to three months ago that the ministry held an internal meeting on the issue and ordered enquiry.

It seems both Vinay Rai and our IT ministry are guilty of not taking appropriate steps in this regard. Clearly, Vinay Rai did not approach these companies and informed them about the offending contents. Now the only question that remains to be seen is whether the IT ministry has also not contacted these companies in this regard?

If even the IT ministry has not intimated these companies “appropriately”, then this may be as serious lapse on the part of Indian government. In such a situation companies like Google, Facebook, etc cannot be held liable for offensive contents posted by the users. Only time would tell what was communicated and what was not and who is responsible and who is not.

Sunday, January 8, 2012

Mobile Banking Cyber Security In India

Mobile Banking is the buzz word these days. While the idea of mobile banking is promising yet it requires certain prerequisites to be successful in India. The chief among these requirements is the requirement to have a robust cyber security for mobile banking in India.

Cyber security in India in general and cyber security for online banking transactions in particular is not in good shape. The Cyber security trends in India 2011 also reflected this position. Mobile banking in India is still not popular due to various factors. For instance, e-banking in India is not safe, Internet banking cyber security in India is missing and online banking in India is not safe. In these circumstances, mobile banking in India is risky due to absence of mobile cyber security in India.

Even the Reserve Bank of India (RBI) is aware of this situation. RBI constituted a working group on information security to ensure cyber security among Indian banks. As per RBI’s recommendations, all banks should create a position of chief information officers (CIOs) as well as steering committees on information security at the board level at the earliest.

However, banks of India have shown no willingness to incorporate cyber security into their day to day functions. Till now the directions of RBI to appoint CIOs and steering committee has not been followed by banks of India. The recommendations of the RBI have still not been implemented.

Naturally, Indian banks are poor at developing cyber security policies and implementing the same. Banks of India are also not providing positive confirmation to the originator of NEFT transactions. When basic level aspects are missing, incorporating cyber security in the day to day transactions of banks in India is really difficult. In these circumstances, the decision of RBI to remove financial limits from mobile banking transaction in India can be a trouble than facility. Hopefully, the proposed integrated banking law of India would address all these issues.

However, Indian banks cannot afford to ignore one aspect. The cyber law in India has prescribed cyber law due diligence for various stakeholders. Cyber due diligence for banks in India is just a part of the same. Cyber due diligence for Indian companies including banks operating in India is very stringent. If these due diligence requirements are not followed by Indian banks, civil, criminal and financial penalties can occur.

Cyber security for banking and financial sectors of India is urgently required as they perform very crucial functions. RBI must ensure the same by getting its directions strictly enforced as soon as possible.

Friday, January 6, 2012

Critical Infrastructure Protection (CIP) And Homeland Security (HS) In India

World over critical infrastructure protection (CIP) and homeland security (HS) are considered as top priority areas. This is logical as well since both CIP and HS are important parts of national security of any nation.

With the growing use and dependence upon information and communication technology (ICT), nations are focusing upon ensuring robust cyber security. The international cyber security policy framework and Indian response to the same are proof of the same. In fact, India is considering use of public private partnership (PPP) for internal security of India. Although India is also considering working in the direction of cyber security yet its speed and efforts in this direction are slower as compared to international cyber security standards and efforts.

Cyber security in India is not what is required. As per the cyber security trends in India 2011 by Perry4Law Techno Legal Base (PTLB), cyber security expertise and practices adopted in India are neither adequate nor qualitative. There is an urgent need to strengthen the cyber security mechanisms of various stakeholders in India.

Homeland security in India needs to be strengthened. In fact, India US homeland security dialogue has already been initiated. Homeland security and cyber security market in India is growing. In fact, Microsoft and Symantec are exploring the cyber security market of India. European Union (EU) has also invited India to participate in a mega cyber security and cyber crime project.

Critical national infrastructure security in India needs to be strengthened. Highly sophisticated malware like Duqu, Stuxnet, etc targeted India in the year 2011 and India is still investigating the Duqu malware. Indian nuclear facilities, automated power grids, satellites, defense networks, governmental informatics infrastructures, etc are vulnerable to sophisticated cyber attacks. It is still not clear whether Indian satellites are safe from cyber attacks.

Supervisory control and data acquisition (SCADA) is another area of concern. Cyber protection of SCADA systems in India must also be ensured. Similarly, Indian defense and security against cyber warfare needs to be developed so that cyber attacks against India can be thwarted. A good cyber security policy in India must be formulated that must include a critical ICT infrastructure protection policy of India as well. Similarly, effective legal and policy framework for cyber security must also be created in India.

Although there are numerous aspects of Cyber Security Policy of India yet Critical Infrastructure Protection in India and Critical ICT Infrastructure Protection in India are the most important aspects of the same. Similarly, cyber law of India must also be strengthened to effectuate cyber security in India. Hopefully Indian government would consider these aspects this year.

Wednesday, January 4, 2012

Social Media Websites Investigation In India

Social media websites have become ubiquitous these days. Ask any Internet using person or organisations and he/it would tell you about usage of some form of social media websites. Social media is not only helpful in projecting own policies, thoughts and ideas but is also helpful in exploring new ventures and partnerships.

However, abuses of social media are also rampant. Social media is occasionally used for committing various cyber crimes and cyber contraventions. Although we have no dedicated social media laws in India yet the information technology act, 2000 (IT Act 2000), the cyber law of India, carries some provisions in this regard. These provisions have mandated social media due diligence in India for these platforms.

Further the cyber law of India has also prescribed an Internet intermediary liability in India. According to this liability social media websites in India are required to observe due diligence in order to escape civil and criminal sanctions.

The cyber law due diligence in India has now become well established and companies, social media websites and Internet intermediaries cannot take it lightly. However, this has not restrained the cyber criminals to use social media websites for criminal purposes. Even in many cases these social media websites fail to observe due diligence especially when they have actual knowledge of the offending act. This has resulted in an increased prosecution of social media websites in India.

The prosecution of social media websites in India is going to increase tremendously if they keep on ignoring the cyber law of India. Presently, the cyber crimes investigation in India is not upto the mark and this in many cases result in non prosecution of the offenders. With the growth of e-discovery in India and cyber forensics in India more prosecution of social media websites would be witnessed. E-discovery for social media in India is going to increase as the social networking laws in India are pointing towards this direction.

In short, cyber due diligence for Indian companies is increasingly being enforced and social media websites are no exception to this rule. Social media websites investigation in India is going to increase in future and these platforms must be well prepared to deal with this same.

In their own interest, social media websites must not only meet the cyber due diligence requirements but must also ensure e-discovery compliances so that social media websites investigation can be facilitated and they can defend themselves more appropriately in various court cases and quasi judicial forums.

Saturday, December 17, 2011

Cyber Law On Social Media And Networking Sites In India

Social media and networking sites have a crucial role to play. Now even governments across the world acknowledge this importance of social media websites. India is one such country that is currently trying to deal with social media sites. However, we have no dedicated social media laws in India. It has even been reported that guidelines for social media contents monitoring in India would be issued very soon.

However, till now we have no social media policy in India. Even we do not have dedicated social networking laws in India that can take care of the misuses of social platforms. However, the framework and guidelines for use of social media for government organisations has been recently suggested by department of information technology. Theses guidelines provide an Indian social media framework for governmental departments and organisations that employees of these organisations must follow.

Social media is considered to be an Internet intermediary as per Indian cyber law. The recent controversy of Internet censorship in India has once again reiterated the importance of effective social media laws in India.

Cyber law due diligence in India has become very stringent. This applies to various fields and to multiple stakeholders. For instance, cyber due diligence for banks in India is now a well known requirement for banks in India. However, Internet intermediaries are the most widely covered stakeholders in this regard. Intermediaries liability for cyber law due diligence in India is really tough.

Indian government is very keen in regulating the contents of social media in a constructive manner. This occasionally results in censorship of Internet in India. Further, Indian government is now openly acknowledging surveillance of Internet traffic in India.

Recently Internet intermediaries in India have been asked to pre screen contents before they are posted on their websites. India wants companies like Google and Facebook to censor users’ contents before they are posted.

In a related incidence, Yahoo has filed a petition raising the questions regarding the right to privacy of a company that stores sensitive data of its customers and users and to what extent authorities can coerce it to part with the information considered necessary to either track terror perpetrators or thwart future attacks. The Google’s outcry for lack of Internet intermediary law in India is another example of growing dissatisfaction towards Indian cyber laws, especially Internet intermediary laws of India.

However, social media sites have certain techno legal obligations and liabilities as per Indian laws. For instance, social networking sites are liable for online IPRs violations, including online copyright violations in India. Although we have no law on the lines of online copyright infringement liability limitation Act (OCILLA) of United States yet the “safe harbour” provisions protecting intermediaries are not available under certain conditions as per Indian laws. Social networking sites must be aware of these limitations while operating in India. However, if social media sites are working within the framework of Indian laws, unreasonable e-surveillance, Internet censorship and websites blocking should not be by Indian government.

The corporate environment of India is changing rapidly as per global; requirements. Corporate laws in India are proposed to be streamlined with the introduction of the proposed Companies Bill 2011. The foreign direct investment (FDI) in India has been liberalised in many sectors. Even FDI in pharmaceuticals sector in India has been liberalised. Securities and Exchange Control Board (SEBI) has also proposed an electronic Initial public offer in India (E-IPO in India). These steps are pointing towards and open and transparent governmental functioning and not e-surveillance and Internet censorship oriented model.

Internet censorship in India can create problems for not only FDI in India but also for the growth of various sectors including banking sector of India. An integrated modern banking law for India is already in pipeline and an e-surveillance model of India would not be beneficial for the same.

Perry4Law and Perry4Law Techno Legal Base (PTLB) strongly recommend that Indian government must enact strong and effective social media laws, e-governance laws and e-commerce laws in India. Social networking laws in India must be so drafted as would benefit all the stakeholders.

Friday, July 1, 2011

Microsoft And Skype Are Playing Lawful Interception Card

World over Lawful Interception Laws are cited as the reason for E-Surveillance and Eavesdropping. However, almost all of these so called Lawful Interception Laws are themselves “Unconstitutional”.

Take the example of Indian Cyber Law the Information Technology Act 2000 (IT Act 2000) that carries many draconian E-Surveillance provisions without any “Procedural Safeguards”. These provisions and laws are pressed to further the causes of e-surveillance and eavesdropping.

Research in Motion’s (RIM) Blackberry has already allowed a backdoor entry to Indian Intelligence Agencies for its cloud based Messenger Services. Now it has been reported that Skype and Microsoft have build a backdoor into the VOIP application. It is called Lawful Interception and is part of a new patent which Microsoft filed back in 2009, but is now preparing to unleash itself into our world due to its recent approval.

The US law set by CALEA (Communications Assistance for Law Enforcement Act) states that all telecommunications operators must enable their hardware and software for surveillance tracking. What is hard to understand is why Microsoft is so willing to open up its software for backdoor exploits. This creates a situation which welcomes exploits and willingly turns your computer into a revolving door for hackers.

While following a Law is not per se wrong but following an “Unconstitutional Law” is definitely wrong. Similarly following a Constitutional Law is the “Duty” of all people but following draconian, Unconstitutional and Inhumane Laws is definitely not required.

Let see who would win the battle between E-Surveillance and Human Rights Protection in Cyberspace. However, with the growing e-surveillance and eavesdropping, Self Defence Measures in Cyberspace would definitely increase in future.

Digital Preservation Mandates Of Public Records Act 1993

Digital Preservation in India and Digitilisation of traditional records are in the infancy stage. This is so because we have no Legal Framework for E-Governance in India. We have no law that mandatorily requires creation of Electronic Records. Of course, very soon such law may be required due to International pressure and National requirements.

Information Technology Act, 2000 (IT Act, 2000) is the sole Cyber Law of India. It deals with E-Commerce, E-Governance, Cyber Crimes, etc. It also provides a “Digital Framework” for ensuring Digitilisation, Electronic Documents Creation and their use in Government Departments. This “Research Report” of Perry4Law and Perry4Law Techno Legal Base (PTLB) is briefly analysing the relationship between IT Act, 2000 and Public Records Act, 1993 (PRA 1993).

Section 2 of IT Act, 200 deals with definitions that are relevant for PRA 1993 purposes. Section 2(1) provides that in this Act, unless the context otherwise requires:

(i) "Access" with its grammatical variations and cognate expressions means gaining entry into, instructing or communicating with the logical, arithmetical, or memory function resources of a computer, computer system or computer network.

(ii) "Affixing Electronic Signature" with its grammatical variations and cognate expressions means adoption of any methodology or procedure by a person for the purpose of authenticating an electronic record by means of Electronic Signature.

If documents are issued by NIA in electronic form, they have to be authenticated by using electronic signatures. Unauthenticated electronic documents would not create any right or liability either under the IT Act, 2000 or under the PRA 1993.

(iii) "Asymmetric Crypto System" means a system of a secure key pair consisting of a private key for creating a digital signature and a public key to verify the digital signature.

Digital Signatures are based upon Asymmetric Crypto System and they can be used for “Authentication Purposes” by NAI.

(iv) "Computer" means any electronic, magnetic, optical or other high-speed data processing device or system which performs logical, arithmetic, and memory functions by manipulations of electronic, magnetic or optical impulses, and includes all input, output, processing, storage, computer software, or communication facilities which are connected or related to the computer in a computer system or computer network.

(v) "Cyber Security" means protecting information, equipment, devices, computer, computer resource, communication device and information stored therein from unauthorised access, use, disclosure, disruption, modification or destruction.

Cyber Security is an issue that is of “Paramount Importance” for the NAI. When Digitilisation and Digital Preservation would be adopted by NAI, Electronic Documents and Digital Resources would be required to be protected from Cyber Attacks. A Techno Legal Strategy must be formulated by NAI in this regard.

(vi) "Data" means a representation of information, knowledge, facts, concepts or instructions which are being prepared or have been prepared in a formalised manner, and is intended to be processed, is being processed or has been processed in a computer system or computer network, and may be in any form (including computer printouts magnetic or optical storage media, punched cards, punched tapes) or stored internally in the memory of the computer.

(vii) "Digital Signature" means authentication of any electronic record by a subscriber by means of an electronic method or procedure in accordance with the provisions of section 3.

(viii) "Electronic Form" with reference to information means any information generated, sent, received or stored in media, magnetic, optical, computer memory, micro film, computer generated micro fiche or similar device.

(ix) "Electronic Record" means data, record or data generated, image or sound stored, received or sent in an electronic form or micro film or computer generated micro fiche.

(x) "Electronic signature" means authentication of any electronic record by a subscriber by means of the electronic technique specified in the second schedule and includes digital signature.

(xi) "Information" includes data, message, text, images, sound, voice, codes, computer programmes, software and databases or micro film or computer generated micro fiche.

(xii) "Intermediary" with respect to any particular electronic records, means any person who on behalf of another person receives, stores or transmits that record or provides any service with respect to that record and includes telecom service providers, network service providers, internet service providers, web hosting service providers, search engines, online payment sites, online-auction sites, online market places and cyber cafes.

(xiii) "Key Pair", in an asymmetric crypto system, means a private key and its mathematically related public key, which are so related that the public key can verify a digital signature created by the private key.

(xiv) "Private Key" means the key of a key pair used to create a digital signature.

(xv) "Public Key" means the key of a key pair used to verify a digital signature and listed in the Digital Signature Certificate.

(xvi) "Secure System" means computer hardware, software, and procedure that-

(a) Are reasonably secure from unauthorised access and misuse;

(b) Provide a reasonable level of reliability and correct operation;

(c) Are reasonably suited to performing the intended functions; and

(d) Adhere to generally accepted security procedures.

(xvii) "Security Procedure" means the security procedure prescribed under section 16 by the Central Government.

(xviii) "Verify" in relation to a digital signature, electronic record or public key, with its grammatical variations and cognate expressions means to determine whether:

(a) The initial electronic record was affixed with the digital signature by the use of private key corresponding to the public key of the subscriber;

(b) The initial electronic record is retained intact or has been altered since such electronic record was so affixed with the digital signature.

Section 2 (2) of the IT Act, 2000 provides that any reference in this Act to any enactment or any provision thereof shall, in relation to an area in which such enactment or such provision is not in force, be construed as a reference to the corresponding law or the relevant provision of the corresponding law, if any, in force in that area.

Section 4 of the IT Act, 2000 provides Legal Recognition to Electronic Records. It says that where any law provides that information or any other matter shall be in writing or in the typewritten or printed form, then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied if such information or matter is

(a) Rendered or made available in an electronic form; and

(b) Accessible so as to be usable for a subsequent reference

Section 5 of the IT Act, 2000 provides legal recognition to Electronic Signature. It says that where any law provides that information or any other matter shall be authenticated by affixing the signature or any document should be signed or bear the signature of any person then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied, if such information or matter is authenticated by means of digital signature affixed in such manner as may be prescribed by the Central Government.

Explanation to section 5 provides that for the purposes of this section, "Signed", with its grammatical variations and cognate expressions, shall, with reference to a person, mean affixing of his hand written signature or any mark on any document and the expression "Signature" shall be construed accordingly.

Section 6 of the IT Act, 2000 deals with use of Electronic Records and Electronic Signature in Government and its agencies. Section 6(1) of the Act provides that where any law provides for

(a) The filing of any form, application or any other document with any office, authority, body or agency owned or controlled by the appropriate Government in a particular manner;

(b) The issue or grant of any licence, permit, sanction or approval by whatever name called in a particular manner;

(c) The receipt or payment of money in a particular manner, then, notwithstanding anything contained in any other law for the time being in force, such requirement shall be deemed to have been satisfied if such filing, issue, grant, receipt or payment, as the case may be, is effected by means of such electronic form as may be prescribed by the appropriate Government.

Section 6(2) of the Act provides that the appropriate Government may, for the purposes of sub-section (1), by rules, prescribe -

(a) The manner and format in which such electronic records shall be filed, created or issued;

(b) The manner or method of payment of any fee or charges for filing, creation or issue any electronic record under clause (a).

Section 6A (1) of the IT Act, 2000 provides that the appropriate Government may, for the purposes of this Chapter and for efficient delivery of services to the public through electronic means authorise, by order, any service provider to set up, maintain and upgrade the computerised facilities and perform such other services as it may specify, by notification in the Official Gazette.

The Explanation to Section 6A (1) of the IT Act, 2000 provides that for the purposes of this section, service provider so authorised includes any individual, private agency, private company, partnership firm, sole proprietor form or any such other body or agency which has been granted permission by the appropriate Government to offer services through electronic means in accordance with the policy governing such service sector.

Section 6A of the IT Act, 2000 reflects the intention of Indian Government to provide Electronic Services Delivery in India. In fact, Electronic Services Delivery Bill, 2011 has already been proposed and if implemented would ensure many Electronic Services to Indians.

NAI must start working in the direction of providing its Service Online, if not already done. Even the non-service related matters and matters pertaining to the NAI are already required to be provided online in an Electronic Form as per the requirements of Section 4(1) of the RTI Act, 2005.

Section 7 of the IT Act, 2000 deals with retention of electronic records. Section 7(1) of the Act provides that where any law provides that documents, records or information shall be retained for any specific period, then, that requirement shall be deemed to have been satisfied if such documents, records or information are retained in the electronic form, if-

(a) The information contained therein remains accessible so as to be usable for a subsequent reference;

(b) The electronic record is retained in the format in which it was originally generated, sent or received or in a format which can be demonstrated to represent accurately the information originally generated, sent or received;

(c) The details which will facilitate the identification of the origin, destination, date and time of dispatch or receipt of such electronic record are available in the electronic record.

The Proviso to Section 7 (1) provides that this clause does not apply to any information which is automatically generated solely for the purpose of enabling an electronic record to be dispatched or received.

NAI can convert its Records and Public Records into Electronic Form. Digital Preservation of Records or Public Records can also be done by NAI. While current records can be digitilised non current records can be digitilised and made available to public and researchers as the Electronic Services by NAI.

Section 7(2) of the Act provides that nothing in this section shall apply to any law that expressly provides for the retention of documents, records or information in the form of electronic records.

For instance, the RTI Act, 2005 provides for creating of many records in digital form and available to the public in an online environment. Similarly, the proposed Electronic Services Delivery Bill 2011 also requires providing of Services in online environment. This would also require digitilisation of Records and Public Records by NAI.

Section 7A of the IT Act, 2000 provides that where in any law for the time being in force, there is a provision for audit of documents, records or information, that provision shall also be applicable for audit of documents, records or information processed and maintained in electronic form.

Audit of Electronic Documents would also be undertaken in future. Just like NAI has to maintain proper paper based documents, it would be required to main proper Electronic Records as well.

Section 8 of the IT Act, 2000 provides that where any law provides that any rule, regulation, order, bye-law, notification or any other matter shall be published in the Official Gazette, then, such requirement shall be deemed to have been satisfied if such rule, regulation, order, bye-law, notification or any other matter is published in the Official Gazette or Electronic Gazette.
The proviso to section 8 provides that where any rule, regulation, order, bye-law, notification or any other matters published in the Official Gazette or Electronic Gazette, the date of publication shall be deemed to be the date of the Gazette which was first published in any form.

NAI can publish its Rules, Regulations, etc in Electronic Gazette.

Section 9 of the IT Act, 2000 provides that Sections 6, 7 and 8 would not to confer right to insist document should be accepted in electronic form. Section 9 says that nothing contained in sections 6, 7 and 8 shall confer a right upon any person to insist that any Ministry or Department of the Central Government or the State Government or any authority or body established by or under any law or controlled or funded by the Central or State Government should accept, issue, create, retain and preserve any document in the form of electronic records or effect any monetary transaction in the electronic form.

This is a real “Disabling Provision” that is preventing the actual accomplishment of Electronic Services Delivery in India. By making it “Discretionary” India Government has kept at bay for long the Electronic Delivery of Services to Indians. The latest proposed Electronic Services Delivery Bill 2011 addresses a very small and insignificant portion of the Electronic Delivery of Services in India and till now Electronic Services cannot be claimed as a “Matter of Right”.

However, by virtue of RTI Act, 2005 “Providing Information” about Governmental Departments in Electronic Form has been made “Compulsory”. But till now there is no Law or Provision that makes Delivery of Electronic Services Mandatory in India. This is a “Serious Issue” that must be resolved as soon as possible.

Section 11 of the IT Act, 2000 deals with attribution of Electronic Records. Section 11 says that an electronic record shall be attributed to the originator

(a) If it was sent by the originator himself;

(b) By a person who had the authority to act on behalf of the originator in respect of that electronic record; or

(c) By an information system programmed by or on behalf of the originator to operate automatically.

There may be other provisions of IT Act, 2000 that may be relevant for NAI and PRA 1993 purposes. But for the time being, they are not mandatory in nature. We hope this “Research Report” by Perry4Law and PTLB would be useful for Government Departments in general and national archives of India in particular.

Thursday, June 9, 2011

Cyber Crisis Management Plan Of India

Crisis Management is an important aspect of planning and management of any project or eventuality. If we have a proper Crisis Management Plan, losses of lives and property is minimised to a great extent. We have Crisis Management Plans in India against floods, earthquakes and other natural calamities. However, are we prepared for Cyber Crises in Indian Cyberspace?

India has formulated a Crisis Management Plan for its Cyberspace. However, like other Policies and Strategies in India, it has not been implemented in true letter and spirit. Even the basic level Cyber Security Preparedness in India is not up to the mark.

There are many aspects of a Cyber Crisis Management Plan. For instance, Cyber Security, Cyber Law, Cyber Forensics, Anti Cyber Terrorism Plans, Anti Cyber Espionage Plans, Anti Cyber Warfare Plans, Human Rights Protection in Cyberspace, Critical ICT Infrastructure Protection, etc are some of the “Components” of a Cyber Crisis Management Plan.

Theoretically, India has a Cyber Law in the form of Information Technology Act 2000 (IT Act 2000), Cyber Security in the form of Government Guidelines, Cyber Forensics Practices in Governmental Laboratories alone and so on.

However, practically we have no Cyber Crimes Laws in India as the Cyber Law of India has made almost all the Cyber Crimes “Bailable”. We may have a Cyber Law but India has no Cyber Crimes Law. So Legal Framework for preventing Cyber Crimes is “practically missing” in India.

As far as Cyber Security is concerned, we have no Cyber Security Laws in India and no Cyber Security Policy in India. The Governmental Guidelines are meant for Government Departments alone and even these Government Departments do not follow the same. Government Websites are the most frequently defaced websites in India. Similarly, Government Computers are the “most successfully breached” Computers in India. Computers of Defense Forces, Prime Minister’s Office (PMO), Ministry of External Affairs (MEA), Ministry of Home affairs, etc have been successfully breached without even notice by these Ministries/Offices.

As far as other components of Cyber Crisis Management Plan of India are concerned, even they do not exist in India. We have no Cyber Forensics Laws in India, no Cyber Terrorism Policy in India, no Cyber Warfare Policy in India, no Critical ICT Infrastructure Protection Policy in India and no Human Rights Protection in Cyberspace in India.

In fact, Projects like Aadhar, NATGRID, CCTNS, Central Monitoring System (CMS) of India, etc are openly violating the Human Rights of Indians. These Projects are operating without any Legal Framework, Parliamentary Oversight and Judicial Scrutiny.

Even the basic Privacy Rights in India are missing. It is only now the Law Ministry of India has proposed the Right to Privacy Bill 2011 of India. Further, Data Protection Law in India is urgently required. We also need a Data Security Policy of India so that sensitive information and data of projects like Aadhar, NATGRID, CMS, etc is not “misused” once it falls in the wrong hands.

India cannot have a robust and effective Cyber Crisis Management Plan till it considers these aspects and actually starts working in the direction of achieving these components.

Tuesday, November 24, 2009


Cyber terrorism is a controversial term. Some authors choose a very narrow definition, relating to deployments, by known terrorist organizations, of disruption attacks against information systems for the primary purpose of creating alarm and panic. By this narrow definition, it is difficult to identify any instances of cyber terrorism. Cyber terrorism can also be defined much more generally, for example, as “The premeditated use of disruptive activities, or the threat thereof, against computers and/or networks, with the intention to cause harm or further social, ideological, religious, political or similar objectives or to intimidate any person in furtherance of such objectives.” This broad definition was created by Kevin G. Coleman of the Technolytics Institute.[1]

The National Conference of State Legislatures (NCSL), a bipartisan organization of legislators and their staff created to help policymakers of all 50 states address vital issues such as those affecting the economy or homeland security by providing them with a forum for exchanging ideas, sharing research and obtaining technical assistance defines cyber terrorism as follows:

“The use of information technology by terrorist groups and individuals to further their agenda. This can include use of information technology to organize and execute attacks against networks, computer systems and telecommunications infrastructures, or for exchanging information or making threats electronically. Examples are hacking into computer systems, introducing viruses to vulnerable networks, web site defacing, Denial-of-service attacks, or terroristic threats made via electronic communication.[2]

In May 2007 Estonia was subjected to a mass cyber-attack in the wake of the removal of a Russian World War II war memorial from downtown Talinn. The attack was a distributed denial-of-service attack in which selected sites were bombarded with traffic in order to force them offline; nearly all Estonian government ministry networks as well as two major Estonian bank networks were knocked offline.

The traditional concepts and methods of terrorism have taken new dimensions, which are more destructive and deadly in nature. In the age of Information and Communication Technology (ICT) terrorists have acquired an expertise to produce the most deadly combination of weapons and technology, which if not properly safeguarded in due course of time, will take its own toll. The damage so produced would be almost irreversible and most catastrophic in nature. In short, we are facing the worst form of terrorism popularly known as "Cyber Terrorism".

The definition of "cyber terrorism" cannot be made exhaustive as the nature of crime is such that it must be left to be inclusive in nature. The nature of "cyberspace " is such that new methods and technologies are invented regularly; hence it is not advisable to put the definition in a straightjacket formula or pigeons hole. In fact, the first effort of the Courts should be to interpret the definition as liberally as possible so that the menace of cyber terrorism can be tackled stringently and with a punitive hand. The law dealing with cyber terrorism in India is, however, not adequate to meet the precarious intentions of these cyber terrorists and requires a rejuvenation in the light and context of the latest developments all over the world.

The laws of India have to take care of the problems originating at the international level because the Internet, through which these terrorist activities are carried out, recognises no boundaries. Thus, a cyber terrorist can collapse the economic structure of a country from a place with which India may not have any reciprocal arrangements, including an "extradition treaty". The only safeguard in such a situation is to use the latest technology to counter these problems. Thus, a good techno-legal combination of the latest security technology and a law dealing with cyber terrorism is the need of the hour.

The most common method for cyber terrorism is the use of distributed denial of services attacks (DDOS) to overburden the Government and its agencies electronic bases. This is made possible by first infecting several unprotected computers by way of virus attacks and then taking control of them. Once control is obtained, they can be manipulated from any locality by the terrorists. These infected computers are then made to send information or demand in such a large number that the server of the victim collapses. Further, due to this unnecessary Internet traffic the legitimate traffic is prohibited from reaching the Government or its agencies computers. This results in immense pecuniary and strategic loss to the government and its agencies. It must be noted that thousands of compromised computers can be used to simultaneously attack a single host, thus making its electronic existence invisible to the genuine and legitimate netizens and end users.
The main aim of cyber terrorist activities is to cause networks damage and their disruptions. This activity may divert the attention of the security agencies for the time being thus giving the terrorists extra time and makes their task comparatively easier. This process may involve a combination of computer tampering, virus attacks, hacking, etc.

The menace of cyber terrorism in India can be effectively curbed, if not completely eliminated, if the three sovereign organs of the Constitution work collectively and in harmony with each other. Further, a vigilant citizenry can supplement the commitment of elimination of cyber terrorism.

The judiciary can play its role by adopting a stringent approach towards the menace of cyber terrorism. It must, however, first tackle the jurisdiction problem because before invoking its judicial powers the courts are required to satisfy themselves that they possess the requisite jurisdiction to deal with the situation. Since the Internet "is a cooperative venture not owned by a single entity or government, there are no centralized rules or laws governing its use. The absence of geographical boundaries may give rise to a situation where the act legal in one country where it is done may violate the laws of another country. This process further made complicated due to the absence of a uniform and harmonised law governing the jurisdictional aspects of disputes arising by the use of Internet.

Generally, the scholars point towards the following "theories" under which a country may claim prescriptive jurisdiction:

(a) a country may claim jurisdiction based on "objective territoriality" when an activity takes place within the country,

(b) a "subjective territoriality" may attach when an activity takes place outside a nation's borders but the "primary effect" of the action is within the nation's borders,

(c) a country may assert jurisdiction based on the nationality of either the actor or the victim,

(d) in exceptional circumstances, providing the right to protect the nation's sovereignty when faced with threats recognised as particularly serious in the international community.

In addition to establishing a connecting nexus, traditional international doctrine also calls for a "reasonable" connection between the offender and the forum. Depending on the factual context, courts look to such factors, as whether the activity of individual has a "substantial and foreseeable effect" on the territory, whether a "genuine link" exists between the actor and the forum, the character of the activity and the importance of the regulation giving rise to the controversy, the extent to which exceptions are harmed by the regulation, and the importance of the regulation in the international community. The traditional jurisdictional paradigms may provide a framework to guide analysis for cases arising in cyberspace.[3] It must be noted that by virtue of section 1(2) read with section 75 of the Information Technology Act, 2000 the courts in India have “long arm jurisdiction” to deal with cyber terrorism.

The menace of cyber terrorism is not the sole responsibility of State and its instrumentalities. The citizens as well as the netizens are equally under a solemn obligation to fight against the cyber terrorism. In fact, they are the most important and effective cyber terrorism eradication and elimination mechanism. The only requirement is to encourage them to come forward for the support of fighting against cyber terrorism.

The government can give suitable incentives to them in the form of monetary awards. It must, however, be noted that their anonymity and security must be ensured before seeking their help. The courts are also empowered to maintain their anonymity if they provide any information and evidence to fight against cyber terrorism.

The problem of cyber terrorism is multilateral having varied facets and dimensions. Its solution requires rigorous application of energy and resources. It must be noted that law is always seven steps behind the technology. This is so because we have a tendency to make laws when the problem reaches at its zenith. We do not appreciate the need of the hour till the problem takes a precarious dimension. At that stage it is always very difficult, if not impossible, to deal with that problem. This is more so in case of offences and violations involving information technology. A timely and appropriate legislation is always a good step forward to fight cyber terrorism. India has to cover a long gap before it can secure its traditional boundaries and cyber space.


[2] Id.

[3] Dawson Cherie; “Creating Borders on the Internet- Free Speech, the United States and International Jurisdiction”, Virginia Journal of International Law, V-44, No-2 (Winter, 2004).