Thursday, February 9, 2012

Cyber Security Laws In India

With the growing incidences of cyber attacks against India, cyber security in India has got the attention of Indian government. Cyber security in India is not satisfactory. Whether it is legal framework or practical implementation, cyber security of India is still lagging far behind that other nations.

We have no dedicated cyber security laws in India and we urgently need a dedicated cyber security legal framework in India. Further, cyber security capabilities of India must be strengthened so that cyber attacks against India’s critical infrastructures can be prevented.

The cyber laws and cyber security trends of India 2011 by Perry4Law and Perry4Law Techno Legal Base (PTLB) has clearly showed the cyber security vulnerabilities of India. Cyber terrorism against India, cyber warfare against India, cyber espionage against India and cyber attacks against India have already increased a lot. Even the cyber law trends of India 2012 by PTLB have also projected an increased rate of cyber crimes in India and cyber attacks against India in the year 2012.

Cyber security laws in India have not been formulated because there is very low cyber law and cyber security awareness in India. As a result we have very few cyber law firms in India and cyber security law firms in India.

Further, cyber security research, training and education in India are also not fully developed. PTLB is managing the exclusive techno legal cyber security centre of India. In the absence of qualitative educational institutes in India, cyber security courses in India are still maturing. Further, cyber security skills development in India is greatly affected in the absence of practical techno legal trainings in this crucial field.

Indian government has now shown some positive response for strengthening cyber security in India. A national critical information infrastructure protection centre (NCIPC) of India has also been proposed by Indian government. This is appositive development and Perry4Law and PTLB welcome this effort of Indian government.

Saturday, February 4, 2012

Internet Intermediary Liability In India

Information Technology Act 2000 (IT Act 2000) is the sole cyber law of India. IT Act 2000 is also regulating the functioning of Internet intermediaries in India. Internet intermediaries’ law and liability in India has become very stringent after the passing of the Information Technology (Intermediaries Guidelines) Rules, 2011 of India.

These Internet intermediaries liability Rules of India demarcates the rights and responsibilities of internet intermediaries in India. If the Internet intermediaries follow these Rules and exercise proper cyber due diligence, they are entitled to a “safe harbour protection”. Otherwise, they are liable for various acts or omission occurring at their respective platforms once the matter has been brought to their notice.

Social media due diligence in India has also emerged out of IT Act 2000 and the corresponding Rules. Now legal actions against foreign websites can be taken in India. Further, cyber litigations against such foreign websites would increase in India in the near future.

Privacy violations and data breach investigations would also be required to be undertaken by these companies in India. Data protection requirements would also add further obligations upon these companies and websites in India. It is of utmost importance for these foreign companies and websites to follow Indian laws in true letter and spirit.

The cyber laws due diligence requirements for companies in India are strenuous in nature and Internet intermediaries in India need to take care of the same to avoid legal troubles. Companies like Google, Facebook, etc must appoint nodal officers in India that can be served with notices and communication pertaining to Internet intermediary obligations in India.

Cyber law due diligence in India is also required to escape liability for online violations of intellectual property rights in India. Liability of Internet intermediaries for copyright violation in India is well known and even foreign companies recognise this fact. The Online Copyright Infringement Liability Limitation Act (OCILLA) of United States has been enacted as part of the Digital Millennium Copyright Act (DMCA) 1998. Foreign companies like Google, Facebook, etc are complying with the DMCA requirements while taking down intellectual property violating contents.

However, these foreign companies and websites are still not aware of the requirements of India laws. Further, even if they are aware, they are not complying with the same in the appropriate manner. Time has come for these foreign companies to take Indian laws, especially intellectual property and cyber law, more seriously.

Privacy Rights, Privacy Laws and Data Protection Laws In India

Privacy rights and data protection rights are essential part of civil liberties protection in cyberspace. With the growing use of information and communication technology (ICT), privacy rights have acquired a very different meaning. It would not be wrong to assume privacy and data protection rights as integral part of human rights protection in cyberspace.

We have no dedicated privacy laws in India and data protection laws in India. The privacy rights in India in the information era are unique in nature that requires a techno legal orientation. The growing use of e-surveillance in India has also necessitated enactment of data privacy laws in India, privacy rights and laws in India and data protection law in India.

At the policy level as well privacy rights and data protection rights have been ignored in India. In fact, an Indian national privacy policy is missing till now. Even legislative efforts in this regard are not adequate in India. A national privacy policy of India is urgently required.

A right to privacy bill of India 2011 has been suggested in the year 2011 yet till now we do not have any conclusive draft in this regard that can be introduced in that parliament of India. In fact, we are still waiting for a public disclosure of final and conclusive proposed draft right to privacy bill 2011 of India that can be discussed in the parliament.

The Supreme Court of India must expand privacy rights in India as that is the need of hour. Fortunately, the issue is already pending before it and there would not be much trouble in formulating a privacy framework for India.

However, the call is for the Indian parliament to take and it must enact sound and effective privacy and data protection laws for India.

Friday, February 3, 2012

Modernisation of Postal Department Of India In Pipeline

The postal department of India is performing many crucial functions. With the passage of time, the postal department of India also needs technological upgradation and modernisation initiatives. This is not a difficult task to achieve as the department of post is attached with the union ministry of communication and information technology (MCIT).

Realising the potential of a modern postal department, the union minister of MCIT Mr. Kapil Sibal has started the modernisation and upgradation process of postal department of India. We at Perry4Law and Perry4Law Techno Legal Base (PTLB) believe that there are many aspects of e-commerce, e-governance and banking that can be combined with the postal department of India.

In fact, the postal department of India has already applied to the Reserve Bank of India (RBI) for a banking licence. Mr. Kapil Sibal had written to the Finance Minister, Mr. Pranab Mukherjee, to expedite the granting of the banking licence.

Further, a national postal policy targeting expansion and modernisation of the postal network would be announced during this year. Although the India government does not intend to issue licences to courier service companies yet it would make it mandatory for them to register.

The national postal policy of India aims at modernising postal services in India. The policy is expected to make the department of post adopt a more financially viable revenue model. It would also provide affordable services at all points in the country as part of its Universal Service Obligations of India.

There is a good scope of public private partnership (PPP) in this modernisation drive. For instance, various value added services can be provided through the PPP model. Similarly, PPP can also help the department of post in expanding its products and services range beyond the current core functions.

India currently has 1.55 lakh post offices, 95 per cent of which are situated in rural areas. With the use of information technology, urban areas can be provided better postal services. This is a good step in right direction and Perry4Law and PTLB welcomes the same.

Thursday, February 2, 2012

Are Google, Facebook, Microsoft, Heading For A Trouble?

Companies like Google, Facebook, Yahoo, Microsoft, etc facing a cyber battle in New Delhi, India. A criminal complaint against these companies is pending before a Trial Court of New Delhi. Obviously, these companies did what was best in their interest. They petitioned the Delhi High Court for quashing of criminal complaint against them.

Before the Delhi High Court, the respondent has placed it final arguments on 02-02-2012 and the petitioner would put its final arguments on 14-02-2012. Meanwhile, the Delhi High Court has dismissed a plea of a business man to hear him in this case for violation of his right to speech and expression. The Delhi High Court observed that till date neither the Trial Court nor the Delhi High Court has passed any order which curtailed the citizens' fundamental rights of freedom of speech and expression.

The Delhi High Court also observed that Google and Facebook do have the right to freedom of speech and expression but they are not above the law. There is no second opinion about this proposition as companies like Google, Facebook, Microsoft, Yahoo, etc must comply with Indian laws. Further, legal actions against foreign websites in India can be taken if they fail to comply with Indian laws. In fact, cyber litigations against foreign websites would increase a lot in India.

In fact companies like Twitter and Google have already taken steps to ensure compliance with Indian laws. Twitter has put in place a country specific mechanism to censor/remove offending tweets. Google has also started redirecting Indian bloggers to ***.blogspot.in domains instead of ***.blogspot.com domain. This method would allow Google to remove offending contents pertaining to ***.blogspot.in alone once a valid legal request is made from a particular country or residents of that country.

Yahoo has separately approached Delhi High Court and requested for a separate trial as its case falls in a different category. The Delhi High Court has accepted the request of Yahoo and issued necessary notices in this regard.

Now the companies in question have two options. Either they declare that these laws are not binding upon them or they comply with the same. It seems companies are deliberately avoiding observance of Indian laws. This is an unacceptable behaviour that Indian government cannot afford to allow. It is not a case that only Indian government is feeling offended by non observance of Indian laws. Even private individuals and companies face problems when requests for removal of offending and intellectual property violating contents are made.

Another problem that Indian government must take care of pertains to conflict of laws. When laws of India are clearly violated, there is no sense in complying with laws of foreign jurisdictions, especially when the companies involved in such process also have sound business and commercial presence in India. India must develop an alternative mechanism to DMCA complaints to such India based subsidiary companies as well as their parent companies based in foreign jurisdictions.

These companies are openly violating the requirements of Information Technology (Intermediaries Guidelines) Rules, 2011 without any legal justifications. These companies cannot use the subsidiary argument for long as Indian government would formulate more stringent norms for Indian subsidiaries dealing in information and communication technology (ICT) related matters.

This proposition is also reflected in the recent hearing of the Delhi High Court. Justice Suresh Kait observed that these companies are not above the law and their rights are to be determined under the laws of the land. He further observed that nobody is against the freedom of speech and expression. In fact, despite the summoning order against the websites, neither the Trial Court nor Delhi High Court has asked the websites to shut or restrain from functioning. They have only been summoned in accordance with the law as nobody is above it.

The next date of hearing before the Delhi High court would be on 14-02-2012 where these companies would put forward their final arguments. Let us hope that the Delhi High Court would deliver cyber justice to India.

New National Telecom Network Security Policy Of India

Recently a body named National Telecom Network Security Coordination Board (NTNSCB) of India has been proposed to be constituted by Indian government. The aim of establishment of NTNSCB is to ensure cyber security and telecom network security in India in a centralised manner.

The establishment of proposed NTNSCB would require formulation of telecom security policy in India and telecom equipments security framework in India at the first instance. There is no local or indigenous mechanism in India through which telecom hardware and software can be analysed for backdoors and malware.

However, Indian government has declared in the past that telecom equipments must be certified by TEC before use in India. A proposal to store call data records has also been given. The norms for import of telecom equipments in India would also be formulated very soon. Similarly, a telecom security policy of India may also be drafted.

Now as per recent media reports, telecom operators, equipment vendors, enterprise communication network users will all be made responsible for securing telecom networks under a new telecom network security policy of India. It has been reported that the policy would be drafted by the Department of Telecom (DoT) and it also intends to make network robust so that they can deal with disasters and crisis situations.

Under the proposed telecom network security policy, all telecom network equipments will have to get a “safe to connect certification” before they can be used in India. The certification will have to be done through a testing laboratory. Periodic test of the telecom networks will be carried out to ensure that no threat has crept into the network.

The proposed telecom network security also wants corporates using global enterprise communication networks to ensure that the network within the country complies with the security requirements. It is possible that network of these enterprises are subjected to laws of different countries, which may not be the same. Therefore, enterprises would have to adopt a little flexible approach in building their network security policies in such a way that part of the network in the geographical boundary of the country follows the security requirements mandated by this policy.

The policy also suggests setting up a centralised institution to address network and cyber security issues. Presently, the central monitoring system (CMS) project of India is one such centralised mechanism that DoT is planning to launch. A national cyber security policy of India may strengthen this initiative of DoT.

Sunday, January 29, 2012

Google And Facebook Must Comply With Indian Laws

Companies like Google, Facebook, etc are facing criminal trial in India. With the passage of time, more and more legal arsenal is now becoming available for Indian courts to hold these companies liable for violation of Indian laws. In fact, hints are now given that these companies are deliberately ignoring and violating Indian laws like copyright law, trademarks law and cyber law of India of which United States must take a serious and urgent notice.

Even laws of United States like Digital Millennium Copyright Act (DMCA) 1998 (DMCA) and Online Copyright Infringement Liability Limitation Act (OCILLA) are not complied with by many US companies and websites. A recent DMCA complaint filed with Google Incorporation and notice to Google India are still to be complied with as per US and Indian laws.

In fact, Perry4Law and Perry4Law Techno Legal Base (PTLB) have also provided their suggestion for the strengthening of remedies for small copyright claims in US that covers acts or omissions of companies like Google as well. These suggestions also cover the practical difficulties that Indian nationals, companies and Indian government face while getting the offending contents removed from companies like Google, WordPress, etc.

The new privacy policy and terms of service of Google have been recently announced and the same would become applicable from 01-03-2012. It has many far reaching legal consequences that are applicable to Indian cyberspace as well. India must develop alternatives of DMCA complaint to Google, WordPress and other companies and websites. Wherever applicable, legal blocking of foreign websites in India as per Indian laws must also be performed.

We believe that India must take urgent steps so that companies and websites like Google, Facebook, etc comply with legal demands as per Indian laws as well. We suggest the following in this regard:

(1) All subsidiary/Joint ventures companies operating in India that deal in information technology and online environment, must mandatorily establish a server in India. Otherwise, such companies and their websites should not be allowed to operate in India.

(2) A stringent liability for Indian subsidiaries dealing in information technology and online environment must be established by laws of India.

(3) More stringent online advertisement and e-commerce provisions must be formulated for Indian subsidiary companies and their websites.

We at Perry4Law and PTLB believe that any attempt by Internet intermediaries to pre screen contents uploaded by users in India is not practical and feasible. However, we believe that cyber law due diligence by Internet intermediaries operating in India cannot be taken casually and with great disregard to India laws as is presently happening in India. If companies are not willing to follow either foreign laws like DMCA or Indian laws, they clearly lack the intention to comply with various legal frameworks.

In any case, companies and websites that have Indian existence and are deriving financial gains from India must adhere to India’s laws that they are currently flouting. We hope the lower court and Delhi High Court would consider these aspects as well while deciding the fate of these companies.

Saturday, January 28, 2012

India Must Invent Alternatives Of DMCA Complaint To Google And Others

Of late foreign companies and websites like Google, Facebook, etc are increasingly finding themselves in the legal net of India. In fact, a criminal case is already pending against Google, Facebook, etc for failure to exercise cyber law due diligence.

If websites like Google, Facebook, etc fail to exercise cyber law due diligence as per the requirements of Indian information technology act, 2000 (IT Act 2000), the Internet intermediary protection is lost. All that is required to make Internet intermediaries like Google, Facebook, etc liable under Indian laws is to notify them about the objectionable contents.

The objectionable contents may take the form of defamatory contents, cyber stalking, pornography, religious riots incitement materials, intellectual property violating contents, etc. Indian cyber law allows 36 hours to such Internet intermediaries to remove the offending contents from their platforms.

While there is no problem in applying Indian laws to foreign companies and websites operating in India yet these companies and websites use the façade of parent company by declaring themselves as mere subsidiaries of such parent companies. And when these parent companies are called to comply with Indian laws, they openly deny the same by saying that they are governed by foreign laws.

Naturally, Indians also cannot be forced to follow foreign laws like Digital Millennium Copyright Act (DMCA) 1998 and Online Copyright Infringement Liability Limitation Act (OCILLA).

As many of you may be aware that we are currently pursuing a copyright violation, trademark infringement and impersonation matter with Google Incorporation and Google India. Further, Perry4Law and Perry4Law Techno Legal Base (PTLB) have also provided their suggestions to US Copyright office regarding remedies for small copyright claims in United States so that interests of small copyright holders can be protected.

We have also filed a DMCA complaint to Google Incorporation (US) and a notice under IT Act 2000 to Google India on 22-01-2012 for copyright violation, trademark infringement and impersonation.

From the responses we received so far, it seems Google Incorporation is not willing to respect and comply with Indian laws and Indian legal requests even if DMCA procedure is duly complied with. We are still waiting for the response of Google India and would proceed further once the time limit of 36 hours is expired.

However, this has forced us to think in a very different direction. We believe that India must take urgent steps so that companies and websites like Google, Facebook, etc comply with legal demands as per Indian laws as well. We suggest the following in this regard:

(1) All subsidiary/Joint ventures companies in India, especially those dealing in information technology and online environment, must mandatorily establish a server in India. Otherwise, such companies and their websites should not be allowed to operate in India.

(2) A stringent liability for Indian subsidiaries dealing in information technology and online environment must be established by laws of India.

(3) More stringent online advertisement and e-commerce provisions must be formulated for Indian subsidiary companies and their websites.

Further, US government needs to change its policies towards foreign IP infringements and enforcements. Incidences like not following laws of other jurisdictions are responsible for enacting harsh laws like SOPA and PIPA. These incidences are also responsible for filing of civil and criminal complaints against companies like Google in India.

Indian government and Indian courts need to consider these aspects while deciding various cases against foreign websites and social media platforms. If Indian intellectual property and cyber laws are not respected, there is no other option but to choose a harsh stand of foreign websites blocking in India.

The matter would come for hearing before the Delhi High Court on 02-02-2012 and we hope the Delhi High Court would take judicial note of these facts also while adjudicating upon that matter.

Thursday, January 26, 2012

Google’s New Privacy Policy And Terms Of Service As On March 2012

Google is presently managing 60 different privacy policies across multiple products and services of Google and is in the process of replacing them with a single privacy policy that’s a lot shorter and easier to read. The updated Google Privacy Policy and Terms of Service are available online to read and analyse. These changes will take effect on March 1, 2012.

Google new privacy policy would allow sharing of personal information for many reasons including for legal reasons. Google will share personal information with companies, organizations or individuals outside of Google if it has a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:

(a) Meet any applicable law, regulation, legal process or enforceable governmental request.
(b) Enforce applicable Terms of Service, including investigation of potential violations.
(c) Detect, prevent, or otherwise address fraud, security or technical issues.
(d) Protect against harm to the rights, property or safety of Google, our users or the public as required or permitted by law.

Google’s enforcement aspects have also been explained by the new privacy policy. Google regularly reviews its compliance with the Privacy Policy. Google also adheres to several self regulatory frameworks. When Google receives formal written complaints, Google will contact the person who made the complaint to follow up. Google works with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of personal data that Google cannot resolve with our users directly.

Google’s Terms of Services (TOS) also carry many interesting aspects. These TOS provide that the user must follow any policies made available to him within the Services. Google does not allow misusing its Services. For example, a user must not interfere with Google’s Services or try to access them using a method other than the interface and the instructions that Google provides. A user may use Google’s Services only as permitted by law, including applicable export and re-export control laws and regulations. Google may suspend or stop providing its Services to the user if he does not comply with Google’s terms or policies or if Google is investigating suspected misconduct.

Google’s Services display some content that is not Google’s. This content is the sole responsibility of the entity that makes it available. Google may review content to determine whether it is illegal or violates its policies, and Google may remove or refuse to display content that Google reasonably believe violates its policies or the law. But that does not necessarily mean that Google reviews content.

Google responds to notices of alleged copyright infringement and terminate accounts of repeat infringers according to the process set out in the U.S. Digital Millennium Copyright Act.

Google provides information to help copyright holders manage their intellectual property online. If you think somebody is violating your copyrights and want to notify Google, you can find information about submitting notices and Google’s policy about responding to notices in its Help Center.

The laws of California, U.S.A., excluding California’s conflict of laws rules, will apply to any disputes arising out of or relating to these terms or the Services. All claims arising out of or relating to these terms or the Services will be litigated exclusively in the federal or state courts of Santa Clara County, California, USA, and you and Google consent to personal jurisdiction in those courts.

Video Conferencing Laws In India

Video conferencing is increasingly being used for the purposes of digital evidencing in India. Video conferencing would also be an important part of e-courts of India once they would be established. Presently, video conferencing is used for many computerised courts in India.

The information technology act 2000 (IT Act 2000) is the cyber law of India that has provided a legal framework for electronic governance, electronic commerce and many other aspects of online dealing. By implications, the IT Act 2000 also allows use of video conferencing for various purposes.

Despite these provisions and active use of video conferencing in India, video conferencing in India is a troubled technology. The recent episode of Rajasthan government and Rajasthan police not allowing the video conferencing of Salman Rushdie shows Indian anxiety with use information technology.

This controversy happened because we have no dedicated video conferencing laws and regulations in India. Obviously, we have no dedicated video conferencing blocking laws in India as well. In the absence of a clear cut law, Indian government is still applying traditional methods to regulate video conferencing in India. However, if at all any law applies to video conferencing in India the same must be the IT Act 2000 and not any Police Act or local law.

Surprisingly, few of our posts pertaining to video conferencing disappeared from Google India’s SERPs and Blogs search results and appeared again only after reporting of the same. It seems controversial posts that are well within the constitutional right to speech and expressions are screened in India once they are posted. But who is doing so is still a big question that must be answered to properly analyse the role of Internet intermediaries in India in this regard.

While Internet intermediaries have declined to pre screen users generated contents yet post screening is happening in many cases. If this post screening is happening due to Internet intermediary law of India then such post screening and removal may be fine if legally and constitutionally done. This is so because if the companies and Internet intermediaries fail to observe cyber law due diligence in India they may face civil and criminal trials in India.

It would be a good idea to clarify the position of use of video conferencing in India by Indian government so that its uses, abuses and regulation can be legally managed.