Internet Intermediary Liability In India

Information Technology Act 2000 (IT Act 2000) is the sole cyber law of India. IT Act 2000 is also regulating the functioning of Internet intermediaries in India. Internet intermediaries’ law and liability in India has become very stringent after the passing of the Information Technology (Intermediaries Guidelines) Rules, 2011 of India.

These Internet intermediaries liability Rules of India demarcates the rights and responsibilities of internet intermediaries in India. If the Internet intermediaries follow these Rules and exercise proper cyber due diligence, they are entitled to a “safe harbour protection”. Otherwise, they are liable for various acts or omission occurring at their respective platforms once the matter has been brought to their notice.

Social media due diligence in India has also emerged out of IT Act 2000 and the corresponding Rules. Now legal actions against foreign websites can be taken in India. Further, cyber litigations against such foreign websites would increase in India in the near future.

Privacy violations and data breach investigations would also be required to be undertaken by these companies in India. Data protection requirements would also add further obligations upon these companies and websites in India. It is of utmost importance for these foreign companies and websites to follow Indian laws in true letter and spirit.

The cyber laws due diligence requirements for companies in India are strenuous in nature and Internet intermediaries in India need to take care of the same to avoid legal troubles. Companies like Google, Facebook, etc must appoint nodal officers in India that can be served with notices and communication pertaining to Internet intermediary obligations in India.

Cyber law due diligence in India is also required to escape liability for online violations of intellectual property rights in India. Liability of Internet intermediaries for copyright violation in India is well known and even foreign companies recognise this fact. The Online Copyright Infringement Liability Limitation Act (OCILLA) of United States has been enacted as part of the Digital Millennium Copyright Act (DMCA) 1998. Foreign companies like Google, Facebook, etc are complying with the DMCA requirements while taking down intellectual property violating contents.

However, these foreign companies and websites are still not aware of the requirements of India laws. Further, even if they are aware, they are not complying with the same in the appropriate manner. Time has come for these foreign companies to take Indian laws, especially intellectual property and cyber law, more seriously.

Video Conferencing Laws In India

Video conferencing is increasingly being used for the purposes of digital evidencing in India. Video conferencing would also be an important part of e-courts of India once they would be established. Presently, video conferencing is used for many computerised courts in India.

The information technology act 2000 (IT Act 2000) is the cyber law of India that has provided a legal framework for electronic governance, electronic commerce and many other aspects of online dealing. By implications, the IT Act 2000 also allows use of video conferencing for various purposes.

Despite these provisions and active use of video conferencing in India, video conferencing in India is a troubled technology. The recent episode of Rajasthan government and Rajasthan police not allowing the video conferencing of Salman Rushdie shows Indian anxiety with use information technology.

This controversy happened because we have no dedicated video conferencing laws and regulations in India. Obviously, we have no dedicated video conferencing blocking laws in India as well. In the absence of a clear cut law, Indian government is still applying traditional methods to regulate video conferencing in India. However, if at all any law applies to video conferencing in India the same must be the IT Act 2000 and not any Police Act or local law.

Surprisingly, few of our posts pertaining to video conferencing disappeared from Google India’s SERPs and Blogs search results and appeared again only after reporting of the same. It seems controversial posts that are well within the constitutional right to speech and expressions are screened in India once they are posted. But who is doing so is still a big question that must be answered to properly analyse the role of Internet intermediaries in India in this regard.

While Internet intermediaries have declined to pre screen users generated contents yet post screening is happening in many cases. If this post screening is happening due to Internet intermediary law of India then such post screening and removal may be fine if legally and constitutionally done. This is so because if the companies and Internet intermediaries fail to observe cyber law due diligence in India they may face civil and criminal trials in India.

It would be a good idea to clarify the position of use of video conferencing in India by Indian government so that its uses, abuses and regulation can be legally managed.

Video Conferencing Blocking Laws In India

Video conferencing has revolutionized the way our say to day affairs are managed. Video conferencing facilitates many important commercial and personal communications in a cost effective and efficient manner.

Obviously, video conferencing is regulated by laws of various nations. However, we have no dedicated video conferencing law in India. Of course, some shades of video conferencing regulations are governed by the cyber law of India incorporated in the form of information technology act 2000 (IT Act 2000).

However, there is no express provision that talks about blocking of video conferencing in India except to the extent permitted by the IT Act 2000. Video conferencing, just like other electronic communications, should be allowed unless it can be blocked as per the provisions of IT Act 2000 or other applicable laws. Even for such blocking of video conferencing in India, the norms established by the IT Act 2000 or any other similar law must be followed.

It seems the norms laid down by the IT Act 2000 have not been followed by the Rajasthan government and Rajasthan police and by not allowing the video conferencing of Salman Rushdie, without complying with the requirements of IT Act 2000, they have clearly transgressed the constitutional limitations that they are constitutionally bound to observe.

The fundamental right to speech and expression cannot be defeated through arbitrary and extraneous methods. Right to speech and expression can be curtailed only as per the well established constitutional procedure.

Although the intentions of Rajasthan government may be legal and justified yet the manner of executing those intentions is clearly unconstitutional. The legality and constitutionality of the Rajasthan government’s action is still doubtful and appropriate action must be taken in this regard.

Video Conferencing Laws And Regulations In India

Use of vide conferencing in business community of India is not new and it is in use for long. Even use of vide conferencing for legal and judicial purposes is not new in India. Courts in India have been using video conferencing for litigation purposes especially for receiving evidence from witness.

Even Indian laws like Information Technology Act, 2000 (IT Act 2000), Code of Criminal Procedure, 1973, Indian Evidence Act, 1872, etc allows use of video conferencing for various legal and judicial purposes. The cyber law of India even confers recognition to electronic documents, e-governance and e-commerce.

Use of information technology for legal and judicial purposes is well known. For instance, IT can be use for establishment of e-courts in India. Similarly, IT can also be used for establishing online dispute resolution (ODR) mechanism in India. Even electronic bail granting and communication system in India may be a possibility in near future.

However, use of video conferencing in India is not free from trouble. Recently a man who filed his divorce petition through a video conference from Canada was directed to make a personal appearance in the court. Now personal appearance is a concept that strikes at the very concept of e-courts and video conferencing.

Similarly, the recent cancellation of the Salman Rushdie’s video conferencing in India is another example of troubled use of the same in India. It seems the permission to broadcast such video conferencing was not given by the police.

Crucial speech and expression and law and order maintenance issues are involved in such cases. There is an urgent need to formulate clear and constitutional norms and regulations regarding video conferencing in India.

Yahoo Took Indian Government To Court Over E-Surveillance

E-surveillance in India has become a big nuisance for intermediaries like internet service providers (ISPs), e-commerce sites, search engines, e-mail providers, etc. The liability of Internet intermediaries for copyright violations is also well known that has further increased the troubles of intermediaries in India.

Intermediaries liability for cyber law due diligence in India has become very stringent after the information technology amendment act 2008 has been notified. Information technology act 2000 (IT Act 2000) now carries many e-surveillance, websites blocking and Internet censorship provisions.

The problem is that there are “no procedural safeguards” subject to which these wide and sweeping powers can be exercised. This is also the reason why these provisions are unconstitutional and illegal as they are violating the provisions of Indian constitution.

However, in the larger interests of their commercial activites in India, these intermediaries not only accepted the draconian amendments in the cyber law of India but they are also complying with the legal as well as illegal orders of Indian government and its agencies. However, this approach would be counter productive for them in the long run and they must come forward against such laws and draconian provisions.

Yahoo has taken a very significant step in this regard. Yahoo has approached the Delhi High Court against the Union home ministry's attempts to obtain information about nearly a dozen Yahoo IDs/IP addresses it suspects are used by Islamic terrorists and Maoists.

Yahoo has challenged the legality of the government's decision to penalise it by slapping it with a fine of Rs 11 lakh because Yahoo refused to share profile details of the users of these email ID's that are under the scanner of the agencies. Recently, the HC stayed the imposition of the fine, and sought a response from the Centre.

In its petition, Yahoo has raised questions on the right to privacy of a company that stores such sensitive data and to what extent authorities can coerce it to part with the information considered necessary to either track terror perpetrators or thwart future attacks. "The government cannot under the cloak of national security implications bypass legal procedures," the petitioner has argued, claiming the section and clauses invoked by the Union ministry to demand information from Yahoo doesn't empower the government to do so.

Yahoo has taken a bold step that even companies like Google have not been able to do so. The matter is pending before the Delhi high court that has a good chance to bring some order in the otherwise chaosed e-surveillance world of India. The issue of phone tapping and privacy violations in India is also pending before the Supreme Court of India.

The matter must also be looked from another angle. Human rights protections in cyberspace in India are not safeguarded at all. Even at the international level United Nations has not shown much interest in protecting civil liberties in cyberspace. The data privacy laws in India are also missing. In short, there is complete negation of human rights in cyberspace in the Indian context.

Yahoo’s case may bring to the knowledge of Indian courts this situation and we may expect some respect for the constitutional rights and freedoms that are seldom respected in India these days.

Mobile Governance Policy Of India

Mobile governance (m-governance) is an innovative method of using mobile technologies for effective governance and public services delivery. M-governance facilitates many public services in almost real time and without hassles. However, along with the benefits of m-governance it has many drawbacks as well.

Firstly, we have no implementable m-governance policy in India. In the absence of proper planning and a sound m-governance policy it is not a wise option to utilise m-governance services in India.

Secondly, we have no dedicated legal framework for m-governance in India. This may create problems in cases of mobile banking, m-governance, m-commerce, etc. Of course, we have information technology act 2000 (IT Act 2000) as the cyber law of India yet it is far from perfect for even e-governance purposes and it is not at all applicable to m-governance environment.

Another issue pertains to the exercises of e-surveillance and phone tapping by Indian government and its agencies. Till now we have no lawful interception law in India. Phone tapping is done under the colonial and outdated Indian telegraph act 1885 and e-surveillance is done under the IT Act 2000. Both these acts are violating the letter and spirit of Indian constitution and have incorporated many unconstitutional provisions that are well beyond the parliamentary and judicial scrutiny.

Recently, the ministry of communication and information technology (MCIT) has launched the central monitoring system project of India. It has the capabilities to monitor all sorts of telecommunication and electronic communications. However, it is a pure executive exercise with no legal framework, civil liberty safeguards and parliamentary and judicial scrutiny.

At the international level some development for safeguarding the human rights in cyberspace has been taking place. United Nations has declared that access to Internet is a human right. This shows that human rights protection in cyberspace cannot be ignored by nations in future.

Finally, m-governance cannot succeed till we ensure cyber security for m-governance in India. Till now even the basic level cyber security is missing in India and we have no cyber security policy in India. Further, the IT Act 2000 need to be suitably amended or a dedicated legislation for m-governance must be enacted in India.

All these issues are integral part of the m-governance policy of India. Before jumping upon the fancy idea of m-governance we must ensure that it can operate and flourish in India.

Microsoft And Skype Are Playing Lawful Interception Card

World over Lawful Interception Laws are cited as the reason for E-Surveillance and Eavesdropping. However, almost all of these so called Lawful Interception Laws are themselves “Unconstitutional”.

Take the example of Indian Cyber Law the Information Technology Act 2000 (IT Act 2000) that carries many draconian E-Surveillance provisions without any “Procedural Safeguards”. These provisions and laws are pressed to further the causes of e-surveillance and eavesdropping.

Research in Motion’s (RIM) Blackberry has already allowed a backdoor entry to Indian Intelligence Agencies for its cloud based Messenger Services. Now it has been reported that Skype and Microsoft have build a backdoor into the VOIP application. It is called Lawful Interception and is part of a new patent which Microsoft filed back in 2009, but is now preparing to unleash itself into our world due to its recent approval.

The US law set by CALEA (Communications Assistance for Law Enforcement Act) states that all telecommunications operators must enable their hardware and software for surveillance tracking. What is hard to understand is why Microsoft is so willing to open up its software for backdoor exploits. This creates a situation which welcomes exploits and willingly turns your computer into a revolving door for hackers.

While following a Law is not per se wrong but following an “Unconstitutional Law” is definitely wrong. Similarly following a Constitutional Law is the “Duty” of all people but following draconian, Unconstitutional and Inhumane Laws is definitely not required.

Let see who would win the battle between E-Surveillance and Human Rights Protection in Cyberspace. However, with the growing e-surveillance and eavesdropping, Self Defence Measures in Cyberspace would definitely increase in future.

Digital Preservation Mandates Of Public Records Act 1993

Digital Preservation in India and Digitilisation of traditional records are in the infancy stage. This is so because we have no Legal Framework for E-Governance in India. We have no law that mandatorily requires creation of Electronic Records. Of course, very soon such law may be required due to International pressure and National requirements.

Information Technology Act, 2000 (IT Act, 2000) is the sole Cyber Law of India. It deals with E-Commerce, E-Governance, Cyber Crimes, etc. It also provides a “Digital Framework” for ensuring Digitilisation, Electronic Documents Creation and their use in Government Departments. This “Research Report” of Perry4Law and Perry4Law Techno Legal Base (PTLB) is briefly analysing the relationship between IT Act, 2000 and Public Records Act, 1993 (PRA 1993).

Section 2 of IT Act, 200 deals with definitions that are relevant for PRA 1993 purposes. Section 2(1) provides that in this Act, unless the context otherwise requires:

(i) "Access" with its grammatical variations and cognate expressions means gaining entry into, instructing or communicating with the logical, arithmetical, or memory function resources of a computer, computer system or computer network.

(ii) "Affixing Electronic Signature" with its grammatical variations and cognate expressions means adoption of any methodology or procedure by a person for the purpose of authenticating an electronic record by means of Electronic Signature.

If documents are issued by NIA in electronic form, they have to be authenticated by using electronic signatures. Unauthenticated electronic documents would not create any right or liability either under the IT Act, 2000 or under the PRA 1993.

(iii) "Asymmetric Crypto System" means a system of a secure key pair consisting of a private key for creating a digital signature and a public key to verify the digital signature.

Digital Signatures are based upon Asymmetric Crypto System and they can be used for “Authentication Purposes” by NAI.

(iv) "Computer" means any electronic, magnetic, optical or other high-speed data processing device or system which performs logical, arithmetic, and memory functions by manipulations of electronic, magnetic or optical impulses, and includes all input, output, processing, storage, computer software, or communication facilities which are connected or related to the computer in a computer system or computer network.

(v) "Cyber Security" means protecting information, equipment, devices, computer, computer resource, communication device and information stored therein from unauthorised access, use, disclosure, disruption, modification or destruction.

Cyber Security is an issue that is of “Paramount Importance” for the NAI. When Digitilisation and Digital Preservation would be adopted by NAI, Electronic Documents and Digital Resources would be required to be protected from Cyber Attacks. A Techno Legal Strategy must be formulated by NAI in this regard.

(vi) "Data" means a representation of information, knowledge, facts, concepts or instructions which are being prepared or have been prepared in a formalised manner, and is intended to be processed, is being processed or has been processed in a computer system or computer network, and may be in any form (including computer printouts magnetic or optical storage media, punched cards, punched tapes) or stored internally in the memory of the computer.

(vii) "Digital Signature" means authentication of any electronic record by a subscriber by means of an electronic method or procedure in accordance with the provisions of section 3.

(viii) "Electronic Form" with reference to information means any information generated, sent, received or stored in media, magnetic, optical, computer memory, micro film, computer generated micro fiche or similar device.

(ix) "Electronic Record" means data, record or data generated, image or sound stored, received or sent in an electronic form or micro film or computer generated micro fiche.

(x) "Electronic signature" means authentication of any electronic record by a subscriber by means of the electronic technique specified in the second schedule and includes digital signature.

(xi) "Information" includes data, message, text, images, sound, voice, codes, computer programmes, software and databases or micro film or computer generated micro fiche.

(xii) "Intermediary" with respect to any particular electronic records, means any person who on behalf of another person receives, stores or transmits that record or provides any service with respect to that record and includes telecom service providers, network service providers, internet service providers, web hosting service providers, search engines, online payment sites, online-auction sites, online market places and cyber cafes.

(xiii) "Key Pair", in an asymmetric crypto system, means a private key and its mathematically related public key, which are so related that the public key can verify a digital signature created by the private key.

(xiv) "Private Key" means the key of a key pair used to create a digital signature.

(xv) "Public Key" means the key of a key pair used to verify a digital signature and listed in the Digital Signature Certificate.

(xvi) "Secure System" means computer hardware, software, and procedure that-

(a) Are reasonably secure from unauthorised access and misuse;

(b) Provide a reasonable level of reliability and correct operation;

(c) Are reasonably suited to performing the intended functions; and

(d) Adhere to generally accepted security procedures.

(xvii) "Security Procedure" means the security procedure prescribed under section 16 by the Central Government.

(xviii) "Verify" in relation to a digital signature, electronic record or public key, with its grammatical variations and cognate expressions means to determine whether:

(a) The initial electronic record was affixed with the digital signature by the use of private key corresponding to the public key of the subscriber;

(b) The initial electronic record is retained intact or has been altered since such electronic record was so affixed with the digital signature.

Section 2 (2) of the IT Act, 2000 provides that any reference in this Act to any enactment or any provision thereof shall, in relation to an area in which such enactment or such provision is not in force, be construed as a reference to the corresponding law or the relevant provision of the corresponding law, if any, in force in that area.

Section 4 of the IT Act, 2000 provides Legal Recognition to Electronic Records. It says that where any law provides that information or any other matter shall be in writing or in the typewritten or printed form, then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied if such information or matter is

(a) Rendered or made available in an electronic form; and

(b) Accessible so as to be usable for a subsequent reference

Section 5 of the IT Act, 2000 provides legal recognition to Electronic Signature. It says that where any law provides that information or any other matter shall be authenticated by affixing the signature or any document should be signed or bear the signature of any person then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied, if such information or matter is authenticated by means of digital signature affixed in such manner as may be prescribed by the Central Government.

Explanation to section 5 provides that for the purposes of this section, "Signed", with its grammatical variations and cognate expressions, shall, with reference to a person, mean affixing of his hand written signature or any mark on any document and the expression "Signature" shall be construed accordingly.

Section 6 of the IT Act, 2000 deals with use of Electronic Records and Electronic Signature in Government and its agencies. Section 6(1) of the Act provides that where any law provides for

(a) The filing of any form, application or any other document with any office, authority, body or agency owned or controlled by the appropriate Government in a particular manner;

(b) The issue or grant of any licence, permit, sanction or approval by whatever name called in a particular manner;

(c) The receipt or payment of money in a particular manner, then, notwithstanding anything contained in any other law for the time being in force, such requirement shall be deemed to have been satisfied if such filing, issue, grant, receipt or payment, as the case may be, is effected by means of such electronic form as may be prescribed by the appropriate Government.

Section 6(2) of the Act provides that the appropriate Government may, for the purposes of sub-section (1), by rules, prescribe -

(a) The manner and format in which such electronic records shall be filed, created or issued;

(b) The manner or method of payment of any fee or charges for filing, creation or issue any electronic record under clause (a).

Section 6A (1) of the IT Act, 2000 provides that the appropriate Government may, for the purposes of this Chapter and for efficient delivery of services to the public through electronic means authorise, by order, any service provider to set up, maintain and upgrade the computerised facilities and perform such other services as it may specify, by notification in the Official Gazette.

The Explanation to Section 6A (1) of the IT Act, 2000 provides that for the purposes of this section, service provider so authorised includes any individual, private agency, private company, partnership firm, sole proprietor form or any such other body or agency which has been granted permission by the appropriate Government to offer services through electronic means in accordance with the policy governing such service sector.

Section 6A of the IT Act, 2000 reflects the intention of Indian Government to provide Electronic Services Delivery in India. In fact, Electronic Services Delivery Bill, 2011 has already been proposed and if implemented would ensure many Electronic Services to Indians.

NAI must start working in the direction of providing its Service Online, if not already done. Even the non-service related matters and matters pertaining to the NAI are already required to be provided online in an Electronic Form as per the requirements of Section 4(1) of the RTI Act, 2005.

Section 7 of the IT Act, 2000 deals with retention of electronic records. Section 7(1) of the Act provides that where any law provides that documents, records or information shall be retained for any specific period, then, that requirement shall be deemed to have been satisfied if such documents, records or information are retained in the electronic form, if-

(a) The information contained therein remains accessible so as to be usable for a subsequent reference;

(b) The electronic record is retained in the format in which it was originally generated, sent or received or in a format which can be demonstrated to represent accurately the information originally generated, sent or received;

(c) The details which will facilitate the identification of the origin, destination, date and time of dispatch or receipt of such electronic record are available in the electronic record.

The Proviso to Section 7 (1) provides that this clause does not apply to any information which is automatically generated solely for the purpose of enabling an electronic record to be dispatched or received.

NAI can convert its Records and Public Records into Electronic Form. Digital Preservation of Records or Public Records can also be done by NAI. While current records can be digitilised non current records can be digitilised and made available to public and researchers as the Electronic Services by NAI.

Section 7(2) of the Act provides that nothing in this section shall apply to any law that expressly provides for the retention of documents, records or information in the form of electronic records.

For instance, the RTI Act, 2005 provides for creating of many records in digital form and available to the public in an online environment. Similarly, the proposed Electronic Services Delivery Bill 2011 also requires providing of Services in online environment. This would also require digitilisation of Records and Public Records by NAI.

Section 7A of the IT Act, 2000 provides that where in any law for the time being in force, there is a provision for audit of documents, records or information, that provision shall also be applicable for audit of documents, records or information processed and maintained in electronic form.

Audit of Electronic Documents would also be undertaken in future. Just like NAI has to maintain proper paper based documents, it would be required to main proper Electronic Records as well.

Section 8 of the IT Act, 2000 provides that where any law provides that any rule, regulation, order, bye-law, notification or any other matter shall be published in the Official Gazette, then, such requirement shall be deemed to have been satisfied if such rule, regulation, order, bye-law, notification or any other matter is published in the Official Gazette or Electronic Gazette.
The proviso to section 8 provides that where any rule, regulation, order, bye-law, notification or any other matters published in the Official Gazette or Electronic Gazette, the date of publication shall be deemed to be the date of the Gazette which was first published in any form.

NAI can publish its Rules, Regulations, etc in Electronic Gazette.

Section 9 of the IT Act, 2000 provides that Sections 6, 7 and 8 would not to confer right to insist document should be accepted in electronic form. Section 9 says that nothing contained in sections 6, 7 and 8 shall confer a right upon any person to insist that any Ministry or Department of the Central Government or the State Government or any authority or body established by or under any law or controlled or funded by the Central or State Government should accept, issue, create, retain and preserve any document in the form of electronic records or effect any monetary transaction in the electronic form.

This is a real “Disabling Provision” that is preventing the actual accomplishment of Electronic Services Delivery in India. By making it “Discretionary” India Government has kept at bay for long the Electronic Delivery of Services to Indians. The latest proposed Electronic Services Delivery Bill 2011 addresses a very small and insignificant portion of the Electronic Delivery of Services in India and till now Electronic Services cannot be claimed as a “Matter of Right”.

However, by virtue of RTI Act, 2005 “Providing Information” about Governmental Departments in Electronic Form has been made “Compulsory”. But till now there is no Law or Provision that makes Delivery of Electronic Services Mandatory in India. This is a “Serious Issue” that must be resolved as soon as possible.

Section 11 of the IT Act, 2000 deals with attribution of Electronic Records. Section 11 says that an electronic record shall be attributed to the originator

(a) If it was sent by the originator himself;

(b) By a person who had the authority to act on behalf of the originator in respect of that electronic record; or

(c) By an information system programmed by or on behalf of the originator to operate automatically.

There may be other provisions of IT Act, 2000 that may be relevant for NAI and PRA 1993 purposes. But for the time being, they are not mandatory in nature. We hope this “Research Report” by Perry4Law and PTLB would be useful for Government Departments in general and national archives of India in particular.

Legal Framework For E-Governance In India

Electronic governance in India (e-governance in India) is still at its infancy stage. Most of the e-governance projects of India under the national e-governance plan (NEGP) are still in the pipeline despite the deadline being passed long before. This is despite the fact that thousand of crores of public money has already been utilised for e-governance projects of India but without any constructive and practical results.

Meanwhile, the World Bank has once again issued $ 150 million loan to India. It has been issued under the category of e-delivery of public services development policy loan of India. The purpose of the loan is to ensure e-services delivery policy in India that is presently missing.

However, what is more alarming is the fact that in India we have no Indian legal framework for e-governance that can ensure mandatory e-governance services in India. Although the information technology act 2000 carries provisions pertaining to e-governance services in India yet they are “non mandatory and retrograde” in nature. This has resulted in a poor e-governance services delivery in India. Till now we have no legal framework that mandates that citizens and organisations can claim e-governance as a matter of right.

Further, the scope of NEGP is very wide covering almost all aspects of governance - right from delivery of services and provision of information to business process re-engineering within the different levels of government and its institutions. It is essential that NGP is implemented, monitored and regulated through a legal framework so that it is no more just a plan but reality.

In fact, while implementing the NEGP, various structural and institutional issues have already arisen which clearly call for a statutory mandate for their resolution. The purpose would be to give statutory mandate to the institutional entities, setting up of a separate fund, defining responsibilities and providing for time frames and oversight mechanisms. Thus, this legislation may, inter alia, contain provisions regarding the following:

(a) Definition of e-governance in the Indian context, its objectives and role,

(b) Coordination and oversight mechanisms, support structures at various levels, their functions and responsibilities,

(c) Role, functions and responsibilities of government organisations at various levels,

(d) Mechanism for financial arrangements including public-private partnership,

(e) Specifying the requirements of a strategic control framework for e-government projects dealing with statutory and sovereign functions of the government,

(f) Responsibility for selection and adoption of standards and inter-operability framework,

(g) Framework for cyber security, privacy protection, data security and data protection etc.
(h) Parliamentary oversight mechanism, and

(i) Mechanism for co-ordination between government organisations at Union and State levels.