India Must Stress Upon International Cyber Law Treaty

United States (US) has been working in the direction of making laws that are primarily targeted towards foreign websites. This means that foreign websites that are indulging in unethical behaviours like cyber crimes, intellectual property rights (IPRs) violations, etc can be forced to be taken down or blocked in US by US government.

While this is a policy decision of US that has been widely criticised yet very few have raised points regarding violations of IPRs by US companies of foreign nationals. For instance, if an Indian has to inform a US website of copyright violation, he has to essentially follow the provisions of Digital Millennium Copyright Act (DMCA) 1998. In fact, even those US websites that are themselves not following DMCA and are not entitled to “safe harbour” provisions are insisting upon DMCA notices.

Clearly, US policy towards IP violations of foreign nationals needs to be revised. On the contrary laws like Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act of 2011 (PIPA) and the "Stop Online Piracy Act (SOPA) has also been proposed. They target foreign nationals and websites with almost no additional liabilities for US websites and citizens. Clearly, US websites and companies are forcing US and other nations to enact laws like SOPA and PIPA by not taking down IPRs violating materials.

If the attitude of US websites and companies is not changed other countries may also consider enacting draconian laws like SOPA and PIPA. In the absence of reciprocal arrangement between US and India, the least India can do to prevent cyber crimes against and IPRs violation of Indian citizens is to block websites that engage in such activities. This is more so for those websites and Internet intermediaries that deliberately ignore compliances of Indian laws.

While laws like SOPA and PIPA are targeting foreign websites including Indian websites yet the foreign websites, including US websites, are not complying with Indian cyber law and copyright law. The Indian Copyright Act, 1957 and Indian Information technology Act, 2000 prescribes various civil, criminal and administrative penalties that are presently not implantable against such foreign websites. India must seriously discuss this issue with US as this also amounts to non compliance of the provisions of Trade-Related Aspects of Intellectual Property Rights Agreement (TRIPS Agreement).

The real problem in this regard seems to be that there is no International cyber law treaty that is universally followed. Different countries have different cyber laws and this result in confusion and non enforcement. Even there is no international cyber security treaty that can be followed globally. International cyber law treaty and Indian role cannot be underestimated in this regard.

India must stress upon formulation of an international cyber law treaty to safeguard the interests of its own citizens as countries like US are doing in the absence of mutual cooperation.

Electronic Authentication Policy Of India

Electronic authentication (e-authentication) is a very useful service provided it is safe, secure and reliable. Similarly, e-authentication must also be supported by a sound legal framework that governs its uses and abuses.

We have no e-authentication policy in India. Even we have no legal framework for e-authentication in India. Although some efforts in this regard were made through the Aadhar project of India yet the very constitution and functioning of Aadhar project is unconstitutional. For some strange reasons, the unique identification authority of India (UIDAI), which is managing the Aadhar project, thinks that it is above constitution of India. This attitude of Aadhar and UIDAI has brought it to a stage where it is about to be scrapped.

So as on date we have no legal framework for e-authentication in India, no authority that can deal with e-authentication in India and no policy framework for e-authentication in India that has been implemented at the national level. If this is not enough, we have no encryption usage policy of India that can ensure cyber security of e-authentication in India.

If both cyber security in India and use of encryption in India are missing, the credibility of any e-authentication system is in great doubt. Possibility of data breaches and cyber attacks cannot be ruled out. Securing of critical national infrastructure of India from cyber attacks has still not achieved and introducing an e-authentication system without robust cyber security is not a wise move.

The cyber security trends in India 2011 by Perry4Law Techno Legal Base (PTLB) indicate that cyber security in India is still ignored by various stakeholders. Whether it is banks or strategic computers of Indian government, all of them have proved to be vulnerable to cyber attacks.

E-authentication is also useful for providing mobile banking services in India. Cyber security of Internet banking in India is still poor and e-banking risks in India are abundant. Mobile banking cyber security in India is still to be established before it can be explored in India.

E-authentication cannot succeed in India till we take care of various techno legal policy issues. Without removing various obstacle of e-authentication, using the same in India would create more problem than solutions providing.

Mobile Banking Cyber Security In India

Mobile Banking is the buzz word these days. While the idea of mobile banking is promising yet it requires certain prerequisites to be successful in India. The chief among these requirements is the requirement to have a robust cyber security for mobile banking in India.

Cyber security in India in general and cyber security for online banking transactions in particular is not in good shape. The Cyber security trends in India 2011 also reflected this position. Mobile banking in India is still not popular due to various factors. For instance, e-banking in India is not safe, Internet banking cyber security in India is missing and online banking in India is not safe. In these circumstances, mobile banking in India is risky due to absence of mobile cyber security in India.

Even the Reserve Bank of India (RBI) is aware of this situation. RBI constituted a working group on information security to ensure cyber security among Indian banks. As per RBI’s recommendations, all banks should create a position of chief information officers (CIOs) as well as steering committees on information security at the board level at the earliest.

However, banks of India have shown no willingness to incorporate cyber security into their day to day functions. Till now the directions of RBI to appoint CIOs and steering committee has not been followed by banks of India. The recommendations of the RBI have still not been implemented.

Naturally, Indian banks are poor at developing cyber security policies and implementing the same. Banks of India are also not providing positive confirmation to the originator of NEFT transactions. When basic level aspects are missing, incorporating cyber security in the day to day transactions of banks in India is really difficult. In these circumstances, the decision of RBI to remove financial limits from mobile banking transaction in India can be a trouble than facility. Hopefully, the proposed integrated banking law of India would address all these issues.

However, Indian banks cannot afford to ignore one aspect. The cyber law in India has prescribed cyber law due diligence for various stakeholders. Cyber due diligence for banks in India is just a part of the same. Cyber due diligence for Indian companies including banks operating in India is very stringent. If these due diligence requirements are not followed by Indian banks, civil, criminal and financial penalties can occur.

Cyber security for banking and financial sectors of India is urgently required as they perform very crucial functions. RBI must ensure the same by getting its directions strictly enforced as soon as possible.

Electronic Filing Of Consumer Complaints In India

The use of information and communication technology (ICT) for justice delivery system is well known. Even use of ICT for judicial and legal reforms in India is well understood. The role of ICT for effective judicial system in India is though well known yet very few efforts in this regard have been undertaken in India.

One can understand this position from the fact that till now we are still waiting for the establishment of first e-court in India. Even we have a single techno legal e-courts training and consultancy centre in India. Similarly, online dispute resolution in India is still a distant dream.

However, India cannot remain aloof for long in this regard. The information technology act, 2000 (IT Act 2000) already carries non enforceable e-governance provisions and with the proposed electronic delivery of services bill 2011 of India this e-governance mandate is going to be little bit more enforceable.

In fact, positive developments in this regard have already taking a shape in India. For instance, the financial limits of mobile banking transactions in India have been removed to give better options of banking in India. Similarly, SEBI is contemplating electronic initial public offer (EIPO) in India. Even Indian judiciary is exploring the possibility of using an electronic bail communication system in India. Through the proposed Cable TV Networks (Regulation) Second Amendment Bill 2011 of India, digital television services would be offered to consumers at affordable prices and with superior quality.

In a latest development in this direction, electronic filing of consumer complaints would be allowed if the proposed consumer protection (amendment) bill 2011 is made an enforceable law. The proposed amendment has made provision for making of a complaint by electronic form also to the District Forum.

This is a positive development and it would help in expanding consumer protection in India. However, there are many techno legal issues that must also be adhered to before e-filing of consumer complaints in India is made fully operational. But these issues would be sorted out with the passage of time.

Critical Infrastructure Protection (CIP) And Homeland Security (HS) In India

World over critical infrastructure protection (CIP) and homeland security (HS) are considered as top priority areas. This is logical as well since both CIP and HS are important parts of national security of any nation.

With the growing use and dependence upon information and communication technology (ICT), nations are focusing upon ensuring robust cyber security. The international cyber security policy framework and Indian response to the same are proof of the same. In fact, India is considering use of public private partnership (PPP) for internal security of India. Although India is also considering working in the direction of cyber security yet its speed and efforts in this direction are slower as compared to international cyber security standards and efforts.

Cyber security in India is not what is required. As per the cyber security trends in India 2011 by Perry4Law Techno Legal Base (PTLB), cyber security expertise and practices adopted in India are neither adequate nor qualitative. There is an urgent need to strengthen the cyber security mechanisms of various stakeholders in India.

Homeland security in India needs to be strengthened. In fact, India US homeland security dialogue has already been initiated. Homeland security and cyber security market in India is growing. In fact, Microsoft and Symantec are exploring the cyber security market of India. European Union (EU) has also invited India to participate in a mega cyber security and cyber crime project.

Critical national infrastructure security in India needs to be strengthened. Highly sophisticated malware like Duqu, Stuxnet, etc targeted India in the year 2011 and India is still investigating the Duqu malware. Indian nuclear facilities, automated power grids, satellites, defense networks, governmental informatics infrastructures, etc are vulnerable to sophisticated cyber attacks. It is still not clear whether Indian satellites are safe from cyber attacks.

Supervisory control and data acquisition (SCADA) is another area of concern. Cyber protection of SCADA systems in India must also be ensured. Similarly, Indian defense and security against cyber warfare needs to be developed so that cyber attacks against India can be thwarted. A good cyber security policy in India must be formulated that must include a critical ICT infrastructure protection policy of India as well. Similarly, effective legal and policy framework for cyber security must also be created in India.

Although there are numerous aspects of Cyber Security Policy of India yet Critical Infrastructure Protection in India and Critical ICT Infrastructure Protection in India are the most important aspects of the same. Similarly, cyber law of India must also be strengthened to effectuate cyber security in India. Hopefully Indian government would consider these aspects this year.

Social Media Websites Investigation In India

Social media websites have become ubiquitous these days. Ask any Internet using person or organisations and he/it would tell you about usage of some form of social media websites. Social media is not only helpful in projecting own policies, thoughts and ideas but is also helpful in exploring new ventures and partnerships.

However, abuses of social media are also rampant. Social media is occasionally used for committing various cyber crimes and cyber contraventions. Although we have no dedicated social media laws in India yet the information technology act, 2000 (IT Act 2000), the cyber law of India, carries some provisions in this regard. These provisions have mandated social media due diligence in India for these platforms.

Further the cyber law of India has also prescribed an Internet intermediary liability in India. According to this liability social media websites in India are required to observe due diligence in order to escape civil and criminal sanctions.

The cyber law due diligence in India has now become well established and companies, social media websites and Internet intermediaries cannot take it lightly. However, this has not restrained the cyber criminals to use social media websites for criminal purposes. Even in many cases these social media websites fail to observe due diligence especially when they have actual knowledge of the offending act. This has resulted in an increased prosecution of social media websites in India.

The prosecution of social media websites in India is going to increase tremendously if they keep on ignoring the cyber law of India. Presently, the cyber crimes investigation in India is not upto the mark and this in many cases result in non prosecution of the offenders. With the growth of e-discovery in India and cyber forensics in India more prosecution of social media websites would be witnessed. E-discovery for social media in India is going to increase as the social networking laws in India are pointing towards this direction.

In short, cyber due diligence for Indian companies is increasingly being enforced and social media websites are no exception to this rule. Social media websites investigation in India is going to increase in future and these platforms must be well prepared to deal with this same.

In their own interest, social media websites must not only meet the cyber due diligence requirements but must also ensure e-discovery compliances so that social media websites investigation can be facilitated and they can defend themselves more appropriately in various court cases and quasi judicial forums.

Internet Access Is A Human Right But Is It Useful?

Civil liberties are essential for the sustainable growth of human beings. A country that does not respect civil liberties cannot be a democratic and civilised nation. This is the reason why we have human rights that are protected by United Nations and respective country.

However, civil liberties protections in cyberspace are still ignored for unknown reasons. It may be due to lack of knowledge and expertise regarding cyberspace or because nations do not wish to extend the human rights protection to the same.

Fortunately some good steps in this regard have been taken by international community especially the European Council. The European Council is stressing upon protecting human rights in cyberspace and civil liberties protection in cyberspace. The European Council has also issued a resolution in this regard that deals with prohibition of abuse of state secrecy and national security for violating civil liberties. It has also expressed concerns regarding cyber attacks and political pressures upon cyber dissidents.

The United Nations must also work in the direction of defending human rights in cyberspace. Recently, UN declared that access to Internet is a basic human right. This is a good step in right direction. However, the efforts of United Nations regarding cyber laws and human rights in cyberspace need to be further expedited as they are slow in nature. An international cyber law treaty must be formulated by UN that must address the issues like freedom of speech and expression, Internet censorship, websites blocking, Internet kill switch, access to Internet, etc.

At the national level, India is desperate to control information technology. It has been forcing Internet intermediaries like Google and Facebook to pre screen and censor users contents. Blogs are manipulated in India to suppress critical issues that have been reported by few. The mainstream media is already not covering sensitive and controversial topics and even if some bold bloggers dare to do so they face censorship and penalties by various social media platforms like Google and Facebook. Manual action censorship by Google is very common regarding controversial posts and blogs that disappear instantly. Similarly, blocking of accounts by Facebook is also very common.

If access to Internet has been declared a human right by UN there is no sense in limiting it to mere access. What is the purpose of such Internet access if Internet censorship and websites blocking are deployed by states? If a citizen has access to Internet but her posts are deleted or censored the whole purpose is defeated. It seems UN has failed to consider this aspect of Internet access that has defeated the protection it has extended.

Civil Liberties Protection In Cyberspace

Protection of civil liberties in cyberspace is an area that has been ignored for long. Even international organisations like United Nations have not taken many steps in this crucial direction. This has also resulted in a limited growth of human rights protection in cyberspace in both public international law as well as private international law.

When totalitarian and orwellian states started blocking access to Internet altogether through mechanisms like Internet kill switch (IKS), Internet censorship, websites blocking, blocking of social media websites, etc, United Nations decided to step in. UN declared that access to Internet is basic human right.

Through a UN’s May 2011 report on freedom of expression on the internet, UN reminded parties to the International Covenant on Civil and Political Rights that they must uphold their obligation under Article 19 of that Covenant. Article 19 mandates that any limitation on the right to freedom of expression has to pass a three-part cumulative test that is designed to ensure the limitations are done in the least restrictive way and reflect a clear national security threat. Although existing principles of international law apply online, just as they do offline, yet states are not following this norm in reality.

Thus, this declaration of UN has provided only a very limited standing to individuals and organisations to challenge actions of states that violate civil liberties protection in cyberspace. Further, although this declaration of UN may bring some respite in the regime of public international law yet private international law is still untouched and protected from this declaration.

States are still engaging in endemic e-surveillance activities world over. Even worst is the fact that they are actively enacting laws that goes against the very concept of civil liberties protection in cyberspace. Civil liberties like privacy rights, data security, data protection, speech and expression, etc are at grave risks in such circumstances. Till UN comes up with an international legal framework in this regard that can harmonise laws across the world not much can be expected from individual states.

An international cyber law treaty must be formulated of which the states should become parties and signatories. Civil liberties protection in cyberspace cannot be achieved till rights and obligations of various nations are demarcated in such treaty. Till then nations would keep on indulging in civil liberties violations in cyberspace.

Electronic Legal Due Diligence In India

Legal due diligence in India is not a new concept. Legal due diligence involves assessing the suitability, efficiency and viability of a company or organisation. Legal due diligence may be required to meet statutory and regulatory requirements or it may be necessary when a company wishes to invest in another company.

A contemporary form of legal due diligence, especially for companies and individuals engaged in information and communication technology (ICT) related services, is known as cyber due diligence. Cyber law due diligence in India has become mandatory due to the stringent nature of cyber law of India. In fact, cyber due diligence for companies in India and cyber due diligence for banks in India has already been prescribed. Similarly, cyber security due diligence in India is also becoming a must to have requirement.

Securities and Exchange Board of India (SEBI) is planning to use electronic initial public offer (IPO) in India. Foreign investments in pharmaceutical in India has been liberalised by Reserve Bank of India. Similarly, foreign direct investment (FDI) in India has also been liberalised in many crucial areas. Naturally, lots of investments, IPOs, private equity funds exchange and many more collaborative and cooperative activities would take place in India in the year 2012.

These developments would also make legal due diligence necessary. However, the traditional legal due diligence procedure relies heavily upon paper based documents and transaction. A better option is to engage in electronic legal due diligence in India (e-legal due diligence in India). The e-legal due diligence in India is cost effective, timely and efficient. It also can provide the best possible results for legal due diligence purposes.

Even legal frameworks are in the process of being established to accommodate these contemporary changes. For instance, the electronic delivery of services bill 2011 (EDS Bill 2011) has been proposed by Indian government that would make electronic delivery of services in India an acceptable norm.

Similarly, existing legal frameworks also facilitates digital preservation in India, e-governance, e-commerce, etc that would also require e-legal due diligence in India. The public records keeping framework of India requires keeping of public records that very few organisations in India are doing. Of course, public records keeping framework of RBI is an exception in this regard. Public records are also required to be maintained by the information technology act 2000 and right to information act 2005 of India.

All these requirements of public records keeping and e-legal due diligence in India can be managed by establishing virtual data rooms (VDRs). Many leading companies are already using VDRs to ensure legal due diligence in a smooth and efficient manner. With VDRs thousands of pages of content can be made available in just 24hrs or less. VDRs provide a secure and highly efficient method for sharing critical business information for electronic due diligence in merger and acquisition (M&A) advisory, IPO and secondary offerings, asset purchases, venture capital due diligence, bio tech licensing, commercial and corporate real estate ventures, financial restructuring, preparing for exit strategies, and many other transactions that require large amounts of document sharing.

Further, e-legal due diligence in India would also ensure that electronic discovery (e-discovery) requirements in India are duly met whenever needed. E-discovery services in India would be required in near future in India and e-legal due diligence can greatly facilitate the same. Individuals and companies must start exploring using e-legal due diligence as soon as possible for greater benefits of their own.

Internet Access Is A Fundamental Human Right In Cyberspace

Civil liberties protection in cyberspace has taken a centre stage these days. International community is getting serious in protecting valuable civil liberties that are openly violated by various nations. For instance, the Council of Europe issues a resolution that prohibits abuse of state secrecy and national security for violating civil liberties. Similarly, United Nations has also declared that access to Internet is a basic human right that cannot be taken away by national governments.

A few years back talking about human rights in cyberspace generated skeptic reactions. Things have not changed much even today but at least now we know that human rights can be extended to cyberspace. For instance, blanket e-surveillance, Internet censorship and websites blocking cannot be adopted lest human rights are absolutely ignored. The cyber law trends in India 2011 have shown that India has performed poorly on all these front. In fact, India is acting desperately to control technology.

At Perry4Law Techno Legal Base (PTLB) we have been supporting the efforts that can ensure recognition of human rights in cyberspace at both national and international level. At the national level, India is still not ready and willing to recognise human rights in cyberspace. At the international level, part of human rights in cyberspace has started gaining importance.

For instance, the United Nations (UN) has declared that right to access to Internet is a human right. Similarly, Organisation for Security and Cooperation in Europe (OSCE) has also supported this stand of UN through a recently released report.

The report has analysed the first ever of state regulations on Internet access within the 56-member OSCE. Finland and Estonia have already declared access to Internet as a human right and this is a good step in right direction. PTLB welcomes these reformative actions of Finland and Estonia.

Countries around the world are restricting human rights in cyberspace by citing national security, sovereignty, law and order and many such grounds. While none can doubt that national security is an important function of a sovereign state yet there must be a harmony between national security and human rights.

Giving a blind and absolute primacy to national security even if clearly means violating basic human rights is not a wise approach for a welfare state like India. We hope Indian government would consider empowering Indian netizens by recognising and strengthening their human rights in cyberspace.