Showing posts with label NATGRID. Show all posts
Showing posts with label NATGRID. Show all posts

Monday, May 7, 2012

Lawful Interception In India Missing


Lawful interception of Internet, mobile and other technology related communications is a big challenge for Indian government. Indian government is trying to do the same that can best serve its interests. However, in its zest to ensure technology communication interceptions in India, Indian government is landing up in doing “unlawful interceptions”.

The lawful interception law is needed in India and the same is still missing despite contrary governmental claims. Till now, phone tapping in India is not constitutionally performed. The truth is that big brother in India is violating Indian constitution and even courts are silent on this aspect.

Indian government has been taking many steps that are strengthening its e-surveillance and censorship capabilities without meeting the constitutional requirements. For instance, the central monitoring system project of India,  national cyber coordination centre (NCCC) of India, national intelligence grid (Natgrid), national counter terrorism centre (NCTC) of India, Aadhar project of India, etc are all proposed without any legal framework supervising and justifying their functioning.


Civil liberties in India and technological revolution are considered mutually exhaustive in India. Initiatives like surveillance of Internet traffic in India are executed without any procedural safeguards and constitutional rights. E-surveillance in India is presently done with virtually no legal framework. Whatever rules that have been framed in this regard by Indian government, they are clearly violating the constitutional freedoms and rights.

As a matter of fact, civil liberties protection in cyberspace in India have been totally ignored and false claims of national security are raised to suppress civil liberties in India. ICT policies and strategies of India are grossly defective and clearly violating human rights in cyberspace. In fact, there is a dedicated resource titled websites, blogs and news censorship by Google and Indian government that is making a database of various censorship and results manipulation activities in India.

Indian government must ensure civil liberties protection in Indian cyberspace as that is its constitutional as well as human right obligation. Further, parliamentary oversight of intelligence agencies of India is needed. Till now there is no parliamentary scrutiny of the intelligence agencies in India. The sooner these initiatives would be taken the better it would be for the larger interest of India.

Saturday, October 8, 2011

Privacy Laws In India

We have no dedicated privacy laws in India and data protection laws in India. Naturally, this is a troublesome and undesirable situation. The supreme court of India has interpreted Article 21 as empowering Indian citizens with right to privacy in India.

However, despite this constitutional protection, various governmental projects in India are opening ignoring Article 21 and are clearly violating the same. This is happening because we have no national privacy policy in India.

Further, we have no privacy laws in India as well. Although some privacy guidelines have been issued by one or two departments of Indian government yet they are far from satisfactory and cannot replace a well structured privacy law of India.

Privacy rights in the information era require a totally different outlook. In fact, privacy rights form an essential part of civil liberties protection in cyberspace that India is presently ignoring.

For instance, consider the projects like Aadhar, National Intelligence Grid (NATGRID), Crime and Criminal Tracking Network and Systems (CCTNS), National Counter Terrorism Centre (NCTC), Central Monitoring System (CMS), Centre for Communication Security Research and Monitoring (CCSRM), etc.

They must be supported by a techno legal framework and must be civil liberty complaint. Presently, none of them are governed by any Legal Framework and none of them are under Parliamentary Scrutiny. These projects are openly violating various human rights/civil liberties, including right to privacy.

It is high time to formulate privacy laws in India so that constitutional freedoms and rights are not considered to be just legal jargon we no actual implementation.

Sunday, June 19, 2011

Techno Legal Decryption Solutions By PTLB

A Government Panel has recently given its opinion that Encrypted Services in India would not be banned even if the Intelligence agencies cannot “Intercept” these Encrypted Communications. This would not be pleasant news for Home Ministry of India and Intelligence Agencies of India who now have to acquire Techno Legal Intelligence Gathering Skills to deal with Encrypted Communications.

Home Ministry of India and Intelligence Agencies never understood the point that E-Surveillance can never be a “Substitute” for Intelligence Gathering Skill and Cyber Skills. Now the message has been delivered, they must start working in the direction of acquiring good Techno Legal Intelligence Gathering Skills.

The Intelligence Infrastructure of India is in bad shape. The same needs an “Urgent Rejuvenation”. Projects like National Intelligence Grid (NATGRID), Crime and Criminal Tracking Network and System (CCTNS), Central Monitoring System (CMS), Centre for Communication Security Research and Monitoring (CCSRM), National Counter Terrorism Centre (NCTC), etc cannot be “Outsourced” to Private Companies as far as their “Core Functions” are concerned. Otherwise, the whole purpose of such Projects would be defeated. In order to perform the Core Functions of these projects, Intelligence Agencies and Law Enforcement Agencies of India must develop necessary Skills in this regard.

To start with we must formulate the Encryption Policy of India. Till now we have neither an Encryption Policy of India nor do we have Encryption Laws and Regulations in India. The second step must be to enter into Public Private Partnerships (PPP) with IT Experts who can help the Home Ministry in successfully completing its various Projects. The next step must to provide Techno Legal Trainings to Intelligence Agencies and Law Enforcement Agencies of India.

Indian Government must develop solutions “Independent of E-Surveillance” so that Intelligence Agencies can decrypt secure and highly encrypted data and voice and written communication transferred across secure networks via Internet.

At Perry4Law Techno Legal Base (PTLB) we can assist the Indian Government and its agencies to establish Techno Legal Intelligence Infrastructure of India. The same would include using both Technical as well as Legal Mechanisms to deal with Encryption and Decryption issues.

Our Techno Legal Solutions are “Specifically Designed” to cater the needs of Human Rights Protection in Cyberspace. Since access to Internet is now a Human Right as per United Nations, Indian Government must implement all its Projects keeping in mind Human Rights and Fundamental Rights as enshrined in the Constitution of India.

Thursday, June 9, 2011

Cyber Crisis Management Plan Of India

Crisis Management is an important aspect of planning and management of any project or eventuality. If we have a proper Crisis Management Plan, losses of lives and property is minimised to a great extent. We have Crisis Management Plans in India against floods, earthquakes and other natural calamities. However, are we prepared for Cyber Crises in Indian Cyberspace?

India has formulated a Crisis Management Plan for its Cyberspace. However, like other Policies and Strategies in India, it has not been implemented in true letter and spirit. Even the basic level Cyber Security Preparedness in India is not up to the mark.

There are many aspects of a Cyber Crisis Management Plan. For instance, Cyber Security, Cyber Law, Cyber Forensics, Anti Cyber Terrorism Plans, Anti Cyber Espionage Plans, Anti Cyber Warfare Plans, Human Rights Protection in Cyberspace, Critical ICT Infrastructure Protection, etc are some of the “Components” of a Cyber Crisis Management Plan.

Theoretically, India has a Cyber Law in the form of Information Technology Act 2000 (IT Act 2000), Cyber Security in the form of Government Guidelines, Cyber Forensics Practices in Governmental Laboratories alone and so on.

However, practically we have no Cyber Crimes Laws in India as the Cyber Law of India has made almost all the Cyber Crimes “Bailable”. We may have a Cyber Law but India has no Cyber Crimes Law. So Legal Framework for preventing Cyber Crimes is “practically missing” in India.

As far as Cyber Security is concerned, we have no Cyber Security Laws in India and no Cyber Security Policy in India. The Governmental Guidelines are meant for Government Departments alone and even these Government Departments do not follow the same. Government Websites are the most frequently defaced websites in India. Similarly, Government Computers are the “most successfully breached” Computers in India. Computers of Defense Forces, Prime Minister’s Office (PMO), Ministry of External Affairs (MEA), Ministry of Home affairs, etc have been successfully breached without even notice by these Ministries/Offices.

As far as other components of Cyber Crisis Management Plan of India are concerned, even they do not exist in India. We have no Cyber Forensics Laws in India, no Cyber Terrorism Policy in India, no Cyber Warfare Policy in India, no Critical ICT Infrastructure Protection Policy in India and no Human Rights Protection in Cyberspace in India.

In fact, Projects like Aadhar, NATGRID, CCTNS, Central Monitoring System (CMS) of India, etc are openly violating the Human Rights of Indians. These Projects are operating without any Legal Framework, Parliamentary Oversight and Judicial Scrutiny.

Even the basic Privacy Rights in India are missing. It is only now the Law Ministry of India has proposed the Right to Privacy Bill 2011 of India. Further, Data Protection Law in India is urgently required. We also need a Data Security Policy of India so that sensitive information and data of projects like Aadhar, NATGRID, CMS, etc is not “misused” once it falls in the wrong hands.

India cannot have a robust and effective Cyber Crisis Management Plan till it considers these aspects and actually starts working in the direction of achieving these components.