Monday, January 16, 2012

Cyber Law Trends Of India 2012

The cyber law trends of India 2011 were provided by Perry4Law and Perry4Law Techno Legal Base (PTLB). This trend covered many techno legal issues that are of tremendous importance to various stakeholders. However, it seems various stakeholders have still not taken issues like cyber law, cyber security, cyber due diligence, e-discovery, social media due diligence, etc seriously.

The year 2012 would be even more challenging for various stakeholders in India and world wide. This is more so for US based companies and websites that are increasingly involved in various conflict of laws issues with India. Some of the issues that may be challenging of various stakeholders in 2012 include legal issues of cyber security, privacy and data protection requirements, cloud computing security and privacy issues, e-surveillance and Internet censorship issues, cyber due diligence requirements, social media due diligence, data privacy laws, online IP violations including copyright violations issues, etc.

The cyber law due diligence in India struck the first blow in the year 2012. Companies like Google, Yahoo, Microsoft, Facebook, etc are already facing criminal prosecution under the cyber law of India and other criminal laws. So serious is the situation that the executives of parent companies of these companies have been summoned to personally appear before Indian court.

Further, online copyright violations by US websites are also testing the effectiveness of US laws vis-à-vis foreign IP rights enforcement. Many websites in US are talking advantage of the conflict of laws and hide behind US laws to escape copyright violation liabilities. In fact, the US copyright office is trying to streamline the Digital Millennium Copyright Act (DMCA) 1998 requirements pertaining to DMCA agents so that safe harbour protection cannot be misused by US based websites.

Perry4Law and PTLB believe that the year 2012 would bring many techno legal challenges in the fields like cyber law, cyber security, e-discovery, cyber law due diligence, online IP enforcements, etc. Further, new fields like e-legal due diligence and technological legal due diligence in India would also assume significance. It would be a good idea to formulate suitable policies in this regard by various stakeholders.

US Companies, India, Conflict Of Laws And Criminal Liabilities

Companies like Google, Microsoft, Yahoo, etc and social media websites like Facebook, etc are currently facing criminal trail in India for not removing objectionable contents from their respective websites.

According to cyber law of India and laws of other jurisdiction, the safe harbour protection of Internet intermediaries is lost the moment they are notified of the offending act or omission. However, till they are notified regarding offending contents, they are not liable for violations committed by their users.

However, US companies are not following Indian laws and they are insisting upon following of US laws even if Indian laws are clearly violated. For instance, websites located in US are openly violating the copyright of Indian websites and when they are contacted in this regard to remove the copyright violating posts they ask Indians to use US laws like Digital Millennium Copyright Act (DMCA) 1998.

Surprisingly, even if these US companies are informed in writing and with relevant information like weblinks of copyright violating posts and copyright subsisting posts, they still insist upon following of DMCA procedure. What is more frustrating is that a majority of these US websites and companies are themselves not following the requirements of DMCA and hence are not entitled to its safe harbour protection.

Even in the case of cyber laws, US companies are applying US standards and are not following Indian standards. This is a classic situation that is occurring due to conflict of laws. This is also the reason why an international cyber law treaty is required to being harmonious application of cyber law principles.

US need to change its policy regarding enforcement of foreign IP rights and cyber laws. By not respecting the laws of other countries, US websites and companies are imposing laws like SOPA and PIPA upon themselves. Further, companies like Google must pay special attention as they are deriving revenue out of online advertisements placed upon such copyright violating posts. This makes them not only a beneficiary but also liable for damages in appropriate cases.

Companies like Microsoft, Yahoo, Google and Facebook are facing prosecution under the Indian cyber law. Further, if we analyse the cyber law trends in India of 2012 and cyber security trends of India 2012, such prosecutions are going to increase further in future. Insisting upon following of US laws to take action against offenders and websites located in US would not serve any purpose if branches or subsidiaries of such companies are located in India. Further, if such websites and companies fail to comply with Indian laws, Indian government can block such foreign websites in India.

The present litigation before Indian courts is just a beginning and US companies and websites must start respecting Indian laws. If cyber crimes are committed with great disregard to Indian laws and the copyright and other IP rights are openly violated by such companies and websites, their prosecution in India is inevitable. Perry4Law and Perry4Law Techno Legal Base (PTLB) strongly recommend that such foreign companies and websites must ensure cyber due diligence in India to escape various civil, criminal and financial obligations.

Why Vinay Rai Did Not Contact The Concerned Websites?

Vinay Rai, the person behind criminal complaint against social media websites and companies like Facebook and Google, has become instrumental in testing the internet intermediary law of India. Presently, Google and Facebook are gripped in the Indian cyber law tangle.

To make the matter worst, not only the executives of parent companies have been personally summoned by the trial court but it has also been proved that Google and Facebook are beneficiaries of the revenue arising out of offending contents. This may make even the subsidiary companies of Google and Facebook liable for violation of Indian laws.

It is not the case that these companies have not protested in the past against the provisions of the Indian laws. For instance, Yahoo had filed a petition raising the questions regarding the right to privacy of a company that stores sensitive data of its customers and users and to what extent Indian authorities can coerce it to part with the information considered necessary to either track terror perpetrators or thwart future attacks.

The Google’s outcry for lack of Internet intermediary law in India is another example of growing dissatisfaction towards Indian cyber laws, especially Internet intermediary laws and social media laws of India. But the same has come too late and is too insignificant at this stage.

However, in this entire episode one thing is simply not understandable. Why Vinay Rai did not contact the concerned websites and brought to their knowledge about the offending contents? As per Vinay he did not deem it appropriate to approach foreign companies himself. Rather he thought it fit to invoke the governmental machinery to get appropriate remedy.

Surprisingly, he has been pursuing this matter with the information technology ministry for over a year now. The ministry took no action despite constant reminders and follow ups from his end. It was only two to three months ago that the ministry held an internal meeting on the issue and ordered enquiry.

It seems both Vinay Rai and our IT ministry are guilty of not taking appropriate steps in this regard. Clearly, Vinay Rai did not approach these companies and informed them about the offending contents. Now the only question that remains to be seen is whether the IT ministry has also not contacted these companies in this regard?

If even the IT ministry has not intimated these companies “appropriately”, then this may be as serious lapse on the part of Indian government. In such a situation companies like Google, Facebook, etc cannot be held liable for offensive contents posted by the users. Only time would tell what was communicated and what was not and who is responsible and who is not.

Corruption And Technology Related Due Diligences In India

The recent spate of corruption related disclosures in India has sent a strong message to Indian and foreign companies to ensure that their business are strictly in compliance with Indian and foreign laws. Naturally, companies that have entered into merger and acquisitions (M&A) in the past are now looking forward to ensure that nothing fishy happened during such M & A transactions.

These Indian and foreign companies are worried about the potential legal and tax liabilities arising out of various scams and corporate frauds and they are engaging law firms to do a due diligence analysis on the M&As or foreign direct investments (FDIs) they’ve made in India. Law firms are carrying out legal due diligence exercises to detect any loopholes that could result in liabilities on behalf of their clients to avoid litigation possibilities arising out of deals done in the past.

Some multinational companies are also doing legal due diligence to ensure that the Indian subsidiaries and companies they are about to invest or have already invested in are complying with the foreign laws like Foreign Corrupt Practices Act (FCPA) 1977 of the US and the UK Bribery Act 2010.

Even companies that are now exploring the possibility of M&A are taking precautions before entering into such partnerships. While there is no particular department for dealing with all the aspects of corporate business at a single place (Ministry of Corporate Affairs deals with corporate matters) yet department of information technology (DIT) is the chief department that deals with technology related issues. These include cyber law, cyber security, e-commerce, e-governance, spectrum allocation, telecom licensing, etc.

However, till now companies were not very cautious in their dealings in cyberspace and technology related fields. The information technology act 2000 (IT Act 2000) is the cyber law of India that prescribes various cyber law due diligence in India for areas like e-commerce, e-governance, Internet intermediary liability in India, social media due diligence in India, etc.

However, companies are in controversy these days in India. For instance, doubts have been raised regarding the manner in which Reliance and Airtel blocked websites in India. Similarly, some have even suggested that DIT must investigate the case of blocking of websites in India by Reliance, Airtel and other Internet service providers (ISPs).

Similarly, companies like Google, Facebook, etc are already in cyber law legal tangle in India. Indian government is claiming that these companies failed to comply with Indian laws, including cyber law of India. While the guilt or innocence of these companies is still to be established yet this episode has shown the importance of cyber due diligence for Indian companies.

Cyber crimes at social media websites in India are increasing and these social media platforms cannot ignore the same especially once they are made aware of the same. The social media websites investigation in India is going to increase and more and more e-discovery for social media in India would be conducted. Even cyber law due diligence for banks in India is going to increase.

Another area that requires a special mention is the contemporary practice known as e-legal due diligence in India. This requires domain specific techno legal expertise and a sound knowledge of both technical and legal aspects. It is an advanced and improved form of traditional legal due diligence in India that is done in an offline environment. With companies now shifting their data and information to data centers and virtual data rooms (VDRs), e-legal due diligence in India and abroad would be the norm.

Perry4Law and Perry4Law Techno Legal Base (PTLB) strongly recommend that Indian and foreign companies must conduct a thorough corruption and technology related due diligence analysis in India as soon as possible.

Thursday, January 12, 2012

India Must Stress Upon International Cyber Law Treaty

United States (US) has been working in the direction of making laws that are primarily targeted towards foreign websites. This means that foreign websites that are indulging in unethical behaviours like cyber crimes, intellectual property rights (IPRs) violations, etc can be forced to be taken down or blocked in US by US government.

While this is a policy decision of US that has been widely criticised yet very few have raised points regarding violations of IPRs by US companies of foreign nationals. For instance, if an Indian has to inform a US website of copyright violation, he has to essentially follow the provisions of Digital Millennium Copyright Act (DMCA) 1998. In fact, even those US websites that are themselves not following DMCA and are not entitled to “safe harbour” provisions are insisting upon DMCA notices.

Clearly, US policy towards IP violations of foreign nationals needs to be revised. On the contrary laws like Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act of 2011 (PIPA) and the "Stop Online Piracy Act (SOPA) has also been proposed. They target foreign nationals and websites with almost no additional liabilities for US websites and citizens. Clearly, US websites and companies are forcing US and other nations to enact laws like SOPA and PIPA by not taking down IPRs violating materials.

If the attitude of US websites and companies is not changed other countries may also consider enacting draconian laws like SOPA and PIPA. In the absence of reciprocal arrangement between US and India, the least India can do to prevent cyber crimes against and IPRs violation of Indian citizens is to block websites that engage in such activities. This is more so for those websites and Internet intermediaries that deliberately ignore compliances of Indian laws.

While laws like SOPA and PIPA are targeting foreign websites including Indian websites yet the foreign websites, including US websites, are not complying with Indian cyber law and copyright law. The Indian Copyright Act, 1957 and Indian Information technology Act, 2000 prescribes various civil, criminal and administrative penalties that are presently not implantable against such foreign websites. India must seriously discuss this issue with US as this also amounts to non compliance of the provisions of Trade-Related Aspects of Intellectual Property Rights Agreement (TRIPS Agreement).

The real problem in this regard seems to be that there is no International cyber law treaty that is universally followed. Different countries have different cyber laws and this result in confusion and non enforcement. Even there is no international cyber security treaty that can be followed globally. International cyber law treaty and Indian role cannot be underestimated in this regard.

India must stress upon formulation of an international cyber law treaty to safeguard the interests of its own citizens as countries like US are doing in the absence of mutual cooperation.

Wednesday, January 11, 2012

Electronic Authentication Policy Of India

Electronic authentication (e-authentication) is a very useful service provided it is safe, secure and reliable. Similarly, e-authentication must also be supported by a sound legal framework that governs its uses and abuses.

We have no e-authentication policy in India. Even we have no legal framework for e-authentication in India. Although some efforts in this regard were made through the Aadhar project of India yet the very constitution and functioning of Aadhar project is unconstitutional. For some strange reasons, the unique identification authority of India (UIDAI), which is managing the Aadhar project, thinks that it is above constitution of India. This attitude of Aadhar and UIDAI has brought it to a stage where it is about to be scrapped.

So as on date we have no legal framework for e-authentication in India, no authority that can deal with e-authentication in India and no policy framework for e-authentication in India that has been implemented at the national level. If this is not enough, we have no encryption usage policy of India that can ensure cyber security of e-authentication in India.

If both cyber security in India and use of encryption in India are missing, the credibility of any e-authentication system is in great doubt. Possibility of data breaches and cyber attacks cannot be ruled out. Securing of critical national infrastructure of India from cyber attacks has still not achieved and introducing an e-authentication system without robust cyber security is not a wise move.

The cyber security trends in India 2011 by Perry4Law Techno Legal Base (PTLB) indicate that cyber security in India is still ignored by various stakeholders. Whether it is banks or strategic computers of Indian government, all of them have proved to be vulnerable to cyber attacks.

E-authentication is also useful for providing mobile banking services in India. Cyber security of Internet banking in India is still poor and e-banking risks in India are abundant. Mobile banking cyber security in India is still to be established before it can be explored in India.

E-authentication cannot succeed in India till we take care of various techno legal policy issues. Without removing various obstacle of e-authentication, using the same in India would create more problem than solutions providing.

Sunday, January 8, 2012

Mobile Banking Cyber Security In India

Mobile Banking is the buzz word these days. While the idea of mobile banking is promising yet it requires certain prerequisites to be successful in India. The chief among these requirements is the requirement to have a robust cyber security for mobile banking in India.

Cyber security in India in general and cyber security for online banking transactions in particular is not in good shape. The Cyber security trends in India 2011 also reflected this position. Mobile banking in India is still not popular due to various factors. For instance, e-banking in India is not safe, Internet banking cyber security in India is missing and online banking in India is not safe. In these circumstances, mobile banking in India is risky due to absence of mobile cyber security in India.

Even the Reserve Bank of India (RBI) is aware of this situation. RBI constituted a working group on information security to ensure cyber security among Indian banks. As per RBI’s recommendations, all banks should create a position of chief information officers (CIOs) as well as steering committees on information security at the board level at the earliest.

However, banks of India have shown no willingness to incorporate cyber security into their day to day functions. Till now the directions of RBI to appoint CIOs and steering committee has not been followed by banks of India. The recommendations of the RBI have still not been implemented.

Naturally, Indian banks are poor at developing cyber security policies and implementing the same. Banks of India are also not providing positive confirmation to the originator of NEFT transactions. When basic level aspects are missing, incorporating cyber security in the day to day transactions of banks in India is really difficult. In these circumstances, the decision of RBI to remove financial limits from mobile banking transaction in India can be a trouble than facility. Hopefully, the proposed integrated banking law of India would address all these issues.

However, Indian banks cannot afford to ignore one aspect. The cyber law in India has prescribed cyber law due diligence for various stakeholders. Cyber due diligence for banks in India is just a part of the same. Cyber due diligence for Indian companies including banks operating in India is very stringent. If these due diligence requirements are not followed by Indian banks, civil, criminal and financial penalties can occur.

Cyber security for banking and financial sectors of India is urgently required as they perform very crucial functions. RBI must ensure the same by getting its directions strictly enforced as soon as possible.

Electronic Filing Of Consumer Complaints In India

The use of information and communication technology (ICT) for justice delivery system is well known. Even use of ICT for judicial and legal reforms in India is well understood. The role of ICT for effective judicial system in India is though well known yet very few efforts in this regard have been undertaken in India.

One can understand this position from the fact that till now we are still waiting for the establishment of first e-court in India. Even we have a single techno legal e-courts training and consultancy centre in India. Similarly, online dispute resolution in India is still a distant dream.

However, India cannot remain aloof for long in this regard. The information technology act, 2000 (IT Act 2000) already carries non enforceable e-governance provisions and with the proposed electronic delivery of services bill 2011 of India this e-governance mandate is going to be little bit more enforceable.

In fact, positive developments in this regard have already taking a shape in India. For instance, the financial limits of mobile banking transactions in India have been removed to give better options of banking in India. Similarly, SEBI is contemplating electronic initial public offer (EIPO) in India. Even Indian judiciary is exploring the possibility of using an electronic bail communication system in India. Through the proposed Cable TV Networks (Regulation) Second Amendment Bill 2011 of India, digital television services would be offered to consumers at affordable prices and with superior quality.

In a latest development in this direction, electronic filing of consumer complaints would be allowed if the proposed consumer protection (amendment) bill 2011 is made an enforceable law. The proposed amendment has made provision for making of a complaint by electronic form also to the District Forum.

This is a positive development and it would help in expanding consumer protection in India. However, there are many techno legal issues that must also be adhered to before e-filing of consumer complaints in India is made fully operational. But these issues would be sorted out with the passage of time.

Friday, January 6, 2012

Critical Infrastructure Protection (CIP) And Homeland Security (HS) In India

World over critical infrastructure protection (CIP) and homeland security (HS) are considered as top priority areas. This is logical as well since both CIP and HS are important parts of national security of any nation.

With the growing use and dependence upon information and communication technology (ICT), nations are focusing upon ensuring robust cyber security. The international cyber security policy framework and Indian response to the same are proof of the same. In fact, India is considering use of public private partnership (PPP) for internal security of India. Although India is also considering working in the direction of cyber security yet its speed and efforts in this direction are slower as compared to international cyber security standards and efforts.

Cyber security in India is not what is required. As per the cyber security trends in India 2011 by Perry4Law Techno Legal Base (PTLB), cyber security expertise and practices adopted in India are neither adequate nor qualitative. There is an urgent need to strengthen the cyber security mechanisms of various stakeholders in India.

Homeland security in India needs to be strengthened. In fact, India US homeland security dialogue has already been initiated. Homeland security and cyber security market in India is growing. In fact, Microsoft and Symantec are exploring the cyber security market of India. European Union (EU) has also invited India to participate in a mega cyber security and cyber crime project.

Critical national infrastructure security in India needs to be strengthened. Highly sophisticated malware like Duqu, Stuxnet, etc targeted India in the year 2011 and India is still investigating the Duqu malware. Indian nuclear facilities, automated power grids, satellites, defense networks, governmental informatics infrastructures, etc are vulnerable to sophisticated cyber attacks. It is still not clear whether Indian satellites are safe from cyber attacks.

Supervisory control and data acquisition (SCADA) is another area of concern. Cyber protection of SCADA systems in India must also be ensured. Similarly, Indian defense and security against cyber warfare needs to be developed so that cyber attacks against India can be thwarted. A good cyber security policy in India must be formulated that must include a critical ICT infrastructure protection policy of India as well. Similarly, effective legal and policy framework for cyber security must also be created in India.

Although there are numerous aspects of Cyber Security Policy of India yet Critical Infrastructure Protection in India and Critical ICT Infrastructure Protection in India are the most important aspects of the same. Similarly, cyber law of India must also be strengthened to effectuate cyber security in India. Hopefully Indian government would consider these aspects this year.

Wednesday, January 4, 2012

Social Media Websites Investigation In India

Social media websites have become ubiquitous these days. Ask any Internet using person or organisations and he/it would tell you about usage of some form of social media websites. Social media is not only helpful in projecting own policies, thoughts and ideas but is also helpful in exploring new ventures and partnerships.

However, abuses of social media are also rampant. Social media is occasionally used for committing various cyber crimes and cyber contraventions. Although we have no dedicated social media laws in India yet the information technology act, 2000 (IT Act 2000), the cyber law of India, carries some provisions in this regard. These provisions have mandated social media due diligence in India for these platforms.

Further the cyber law of India has also prescribed an Internet intermediary liability in India. According to this liability social media websites in India are required to observe due diligence in order to escape civil and criminal sanctions.

The cyber law due diligence in India has now become well established and companies, social media websites and Internet intermediaries cannot take it lightly. However, this has not restrained the cyber criminals to use social media websites for criminal purposes. Even in many cases these social media websites fail to observe due diligence especially when they have actual knowledge of the offending act. This has resulted in an increased prosecution of social media websites in India.

The prosecution of social media websites in India is going to increase tremendously if they keep on ignoring the cyber law of India. Presently, the cyber crimes investigation in India is not upto the mark and this in many cases result in non prosecution of the offenders. With the growth of e-discovery in India and cyber forensics in India more prosecution of social media websites would be witnessed. E-discovery for social media in India is going to increase as the social networking laws in India are pointing towards this direction.

In short, cyber due diligence for Indian companies is increasingly being enforced and social media websites are no exception to this rule. Social media websites investigation in India is going to increase in future and these platforms must be well prepared to deal with this same.

In their own interest, social media websites must not only meet the cyber due diligence requirements but must also ensure e-discovery compliances so that social media websites investigation can be facilitated and they can defend themselves more appropriately in various court cases and quasi judicial forums.