Electronic Authentication Policy Of India

Electronic authentication (e-authentication) is a very useful service provided it is safe, secure and reliable. Similarly, e-authentication must also be supported by a sound legal framework that governs its uses and abuses.

We have no e-authentication policy in India. Even we have no legal framework for e-authentication in India. Although some efforts in this regard were made through the Aadhar project of India yet the very constitution and functioning of Aadhar project is unconstitutional. For some strange reasons, the unique identification authority of India (UIDAI), which is managing the Aadhar project, thinks that it is above constitution of India. This attitude of Aadhar and UIDAI has brought it to a stage where it is about to be scrapped.

So as on date we have no legal framework for e-authentication in India, no authority that can deal with e-authentication in India and no policy framework for e-authentication in India that has been implemented at the national level. If this is not enough, we have no encryption usage policy of India that can ensure cyber security of e-authentication in India.

If both cyber security in India and use of encryption in India are missing, the credibility of any e-authentication system is in great doubt. Possibility of data breaches and cyber attacks cannot be ruled out. Securing of critical national infrastructure of India from cyber attacks has still not achieved and introducing an e-authentication system without robust cyber security is not a wise move.

The cyber security trends in India 2011 by Perry4Law Techno Legal Base (PTLB) indicate that cyber security in India is still ignored by various stakeholders. Whether it is banks or strategic computers of Indian government, all of them have proved to be vulnerable to cyber attacks.

E-authentication is also useful for providing mobile banking services in India. Cyber security of Internet banking in India is still poor and e-banking risks in India are abundant. Mobile banking cyber security in India is still to be established before it can be explored in India.

E-authentication cannot succeed in India till we take care of various techno legal policy issues. Without removing various obstacle of e-authentication, using the same in India would create more problem than solutions providing.

Mobile Banking Cyber Security In India

Mobile Banking is the buzz word these days. While the idea of mobile banking is promising yet it requires certain prerequisites to be successful in India. The chief among these requirements is the requirement to have a robust cyber security for mobile banking in India.

Cyber security in India in general and cyber security for online banking transactions in particular is not in good shape. The Cyber security trends in India 2011 also reflected this position. Mobile banking in India is still not popular due to various factors. For instance, e-banking in India is not safe, Internet banking cyber security in India is missing and online banking in India is not safe. In these circumstances, mobile banking in India is risky due to absence of mobile cyber security in India.

Even the Reserve Bank of India (RBI) is aware of this situation. RBI constituted a working group on information security to ensure cyber security among Indian banks. As per RBI’s recommendations, all banks should create a position of chief information officers (CIOs) as well as steering committees on information security at the board level at the earliest.

However, banks of India have shown no willingness to incorporate cyber security into their day to day functions. Till now the directions of RBI to appoint CIOs and steering committee has not been followed by banks of India. The recommendations of the RBI have still not been implemented.

Naturally, Indian banks are poor at developing cyber security policies and implementing the same. Banks of India are also not providing positive confirmation to the originator of NEFT transactions. When basic level aspects are missing, incorporating cyber security in the day to day transactions of banks in India is really difficult. In these circumstances, the decision of RBI to remove financial limits from mobile banking transaction in India can be a trouble than facility. Hopefully, the proposed integrated banking law of India would address all these issues.

However, Indian banks cannot afford to ignore one aspect. The cyber law in India has prescribed cyber law due diligence for various stakeholders. Cyber due diligence for banks in India is just a part of the same. Cyber due diligence for Indian companies including banks operating in India is very stringent. If these due diligence requirements are not followed by Indian banks, civil, criminal and financial penalties can occur.

Cyber security for banking and financial sectors of India is urgently required as they perform very crucial functions. RBI must ensure the same by getting its directions strictly enforced as soon as possible.

Cyber Law Of India Should Be Reformed

Technological issues when collaborated with legal framework bring complex situations. It is very difficult to provide a legal framework for technological issues. India is also trying to grapple with this problem. Although cyber law in India has been enacted in the form of information technology act 2000 (IT Act 2000) yet it has remained archaic and non performer. The cyber law trends in India 2011 proved this point.

Cyber law of India needs to be rejuvenated. The emphasis must be to develop and protect Indian cyberspace rather than considering as a threat to be tackled through Internet censorship, websites blocking, e-surveillance, phone tapping and similar anti civil liberties protection in cyberspace.

Similarly stress should be given to cyber security of India through cyber security due diligence and mandatory obligations. The cyber security trends in India 2011 have proved that various stakeholders in India are not paying enough attention to cyber security. This is more so regarding banks in India that are not following the cyber security guidelines of Reserve Bank of India (RBI).

Perry4Law and Perry4Law Techno Legal Base (PTLB) believe that a major reason for poor performance on Indian cyber law and cyber security is that we have mixed all the aspects in a single law. For instance, although IT Act 2000 covers issues like cyber law, cyber security, cyber forensics, encryption, e-governance, e-commerce, cyber terrorism, etc yet the same are covered by a single section or more. This way none of them are individually effective.

We must have a separate and dedicated law for each of these issues that seem to have been dumped into a single law making it ineffective and useless for those issues. Further, the information technology amendment act 2008 (IT Act 2008 amendments) have further complicated the issue. By making almost all the cyber crimes “bailable”, Indian government has created a big nuisance for itself.

Perry4Law and PTLB hope that the year 2012 would bring major relief in this regard. Law making is a lengthy and tedious process and the sooner it is started the better it would be for the larger interest of India.