Tuesday, September 4, 2012

Electronic Delivery Of Services In India

Electronic Delivery of Services in India has been in news for years but its actual implementation is still to happen. Despite many rounds of legislative drafting and governmental discussions, the Indian electronic delivery of services bill 2011 could not see the light of the day. The natural result is that e-delivery of services in India is missing.

While rejecting the latest draft of the EDS bill, the parliamentary standing committee on information and technology gave few reasons like lack of resources, amendments must be made to the information technology act, 2000 to accommodate electronic delivery of services, inadequate time to ensure electronic delivery of services by states, etc. All these apprehensions have no merit and they deserve to be ignored.

However, the rejection of the EDS bill by the committee is also blessing in disguise as the proposed bill was highly deficient on many counts. Even the committee has given some very good suggestions that can strengthen the new EDS bill that can be passed by the Indian parliament.

It would be a good idea to involve techno legal experts while formulating the next EDS bill so that various deficiencies can be taken care of. A holistic EDS bill must be formulated that takes care of all the aspects pertaining to electronic delivery of services in India.

E-Delivery Of Services In India Missing

Electronic delivery of services in India (e-delivery of services in India) is in really bad shape thanks to the myopic attitude of our Indian government and its committees. As on date we have no mandatory framework for e-governance services in India.

This is a clear case of denial of digital empowerment of Indian citizens by the Indian government. The information technology act 2000 (IT Act 2000), which is the sole cyber law of India, carries few provisions pertaining to e-governance in India. However, the IT Act 2000 expressly put an embargo upon mandatory e-governance services in India.

It is really surprising that after more than 12 years of enactment of IT Act, 2000 the parliamentary standing committee on information and technology still believes that states would not be able to meet the e-governance needs of India. If a country cannot put in place e-governance services for 12 years and is still insisting upon more years, it puts a question mark upon the capabilities of that nation.

No doubt India is really poor at e-readiness and e-governance in India is dying. Indian government is presently facing a “technology bankruptcy” and “ICT emergency” vis-à-vis cyber crimes, cyber attacks, cyber security and other related issues.

There is nothing wrong in enacting a good law in this regard but there is everything wrong when we make excuses for not enactment of such law at all. We need time bound enactment exercises and by allowing unlimited time to enact such laws, we are doing no good to India. It is high time for us to ensure e-delivery of services in India.

Sunday, August 19, 2012

Skills Development In India And The Vocational Education And Training System Of India

We are facing a very serious situation in the fields of employment and education in India. A vast majority of our educated youths are still unemployed. The primary reason for this is the defective education system of India that is primarily academic in nature.

We do not pay much attention to professional, vocational and training based education in India. All we do is teaching of age old academic concepts which have no significance in real life. The natural result is that the already strained employment sector is further constrained to employ the ill trained and ill equipped young generation.

This is a serious issue as unemployed young generation is not producing any productive results for our economy and they are also engaging in illegal and unsocial methods to survive. If the situation continues for long, we may face a serious law and order problem in India.

Indian government has also realised the perils of this situation. The Indian government is planning to sanction around Rs 40,000 crore in over five years to provide skill to around 3 crore people during the period. The government will also partner with private sector to implement the ambitious scheme. This is a good step in the right direction and Perry4Law and Perry4Law Techno Legal Base (PTLB) welcome this move of Indian government.

As a matter of fact, skills development in India is urgently needed to manage these issues. A special emphasis must be given techno legal skills development in India that is presently missing. Till our educational systems are able to cope up with these qualitative demands, we must stress upon use of distance learning for skills development in India.

Further, virtual campuses in India can also fill the skill gaps that we are currently facing. PTLB e-learning platform is providing techno legal courses and trainings in India that aims at inculcating skills among the masses.

Some of the areas where PTLB is providing techno legal trainings and courses include cyber law, cyber security, cyber forensics, ethical hacking, clod computing, malware analysis, etc.

We hope that Indian government would do the best to strengthen the professional, vocational and training based education in India as soon as possible.  

Friday, August 17, 2012

BackTrack 5 R3 Released For Download

Backtrack is one of the highest rated and acclaimed Linux security distribution of the world. It is used by numerous security professionals and companies to perform various security and penetration testing related tasks.

The best part about Backtrack is that you can install it on a DVD, USB drive or any other media of your choice that supports Backtrack installation. Once installed, backtrack can be booted from the media and there is no requirement to install it on the hard disk of your computer. Of course, you can also install it on the hard drive of your computer if you wish to do so.

If you are using a Backtrack 5R2 version you can also upgrade it to Backtrack 5R3 as BackTrack 5 R3 has been released on 13th of August, 2012 for download.

Perry4Law Techno Legal Base (PTLB) strongly recommend you to download a copy of backtrack 5R3 for your pen testing and cyber security arsenal.

Backtrack versions are also part of techno legal software repositories of Perry4Law and PTLB that are used to provide various techno legal trainings in India and abroad. These include skills development in India in the fields of cyber law, cyber security, cyber forensics, penetration testing, malware analysis, etc.

We thank the Backtrack community in general and Linux community and open source community in particular for their hard work and commitment to strengthen cyber security, cyber forensics, pen testing, malware analysis and such similar capabilities.

Saturday, August 11, 2012

Establishment Of E-Courts In India And Their Implementation

Indian judicial and legal systems are very slow to adopt information and communication technology (ICT). Although some steps have been taken to computerise the Indian courts yet by and large they are insufficient and not relevant.

Electronic delivery of justice in India is urgently needed. E-courts and ODR in India are essential part of electronic delivery of justice in India. Despite the pressing need for establishment of e-courts in India we are still waiting for the establishment of first e-court of India. Till august 2012 we do not have even a single e-court in India.

The e-courts project of India has failed to materialise in India and establishment of e-courts in India is still a distant dream. We need to expedite the constitution and opening of e-courts in India as soon as possible.  

There are many reasons for failure of e-courts in India but the chief among them is lack of expertise and judicial will to implement the e-court project. There is no dearth of funds for this project but its implementation is very poor. The e-court committee has so far failed to implement the e-court project effectively.

We at Perry4Law and PTLB have now taken very significant steps in this crucial direction. We have launched dedicated portals pertaining to electronic courts, e-judiciary, ODR India, online arbitration, etc. Further, Perry4Law and PTLB are also managing the exclusive techno legal e-courts training and consultancy centre of India.

To strengthen the initiatives and projects of Perry4Law and PTLB and to take these projects and initiatives to the next level of development, Perry4Law and PTLB are in the process of launching four crucial projects. These are:

(1) Electronic Courts: This initiative would provide e-courts services to national and international organisations, governments, companies, individuals, etc. At this platform you would be able to resolve your disputes through use of techno legal methods and procedures.

(2) E-Judiciary: This initiative would provide research, policy formulations, training, consultancy, project execution support, etc to various national and international stakeholders. It would cover areas like e-courts, e-judiciary, legal enablement of ICT in courts and judiciary, etc.

(3) ODR India: This is an India specific platform that would resolve various inter party disputes in an online environment. Techno legal methods and procedures would be used to resolve various disputes through Arbitration, Conciliation, Mediation and other similar methods.

(4) Online Arbitration: This initiative would provide ODR services to world at large. Individuals, organisations, companies, etc may resolve their disputes through this platform by using our techno legal dispute resolution services.

Indian judiciary in general and e-court committee in particular has to play a more pro active role for the establishment of e-courts in India. In the absence of institutional expertise, e-court committee must also include other members that have actual expertise to manage the project.

Tuesday, August 7, 2012

Cyber Security Challenges For The Smart Grids In India

These days most of the public utilities are managed and coordinated by information and communication technology (ICT). In many cases, these utilities are managed through remote administration as well. This is also the stage and process that makes these utilities vulnerable to cyber attacks.

Keeping this fact in mind, critical infrastructure protection in India in general and cyber security of automated power grids of India in particular must be ensured with latest technology and international best practices.

Cyber security issues in India are emerging day by day. Similarly, the cyber security awareness in India is also increasing. However, cyber security capabilities of India are still not up to the mark. Cyber security skills developments in India are urgently required.

There would be many cyber security challenges for future smart grids of India. The evolution of SCADA system, deficiencies and shortcomings of existing power devices and vulnerabilities of software managing SCADA systems are areas of special concern for India.

These days power grids are centrally connected and integrated in nature from the stage of power generation to it transmission and distribution. A compromise of such power grids   can lead to power outages/blackout or even damage to power system devices and thereby huge loss to the utilities.

Further, renewable energy/distributed generation demands are the added feature of smart grid and due to networked control future power system will be much more vulnerable to cyber terrorism attacks, cyber warfare activities and cyber espionage attempts. Therefore, before switching to smart grids, India must consider cyber security challenges for them as well.

Perry4Law and Perry4Law Techno Legal Base (PTLB) are in the process of drafting of cyber security best practices for smart grids in India. We invite professional collaborations and cooperation in this regard from various smart grid stakeholders. If interested, kindly send your proposals while communicating with us so that we can consider collaborative aspects of such proposals.

Sunday, August 5, 2012

Mobile Banking Cyber Security In India

Cyber security in India is facing many challenges and problems. One of the major problems of cyber security in India is that various stakeholders are not at all interested in ensuring cyber security for their respective organisations. However, the worst part of Indian cyber security initiatives is that Indian government is pushing hard initiatives like mobile banking, mobile commerce, etc without effective and robust cyber security capabilities at place.

For instance, although the Reserve Bank of India (RBI) has mandated for strict cyber security requirements for banks of India yet most of the Indian banks have done nothing in this regard. RBI has also insisted upon ensuring of cyber security of banks in India. In fact, recently RBI warned Indian banks for inadequate cyber security as well. This is resulting in increased financial crimes and cyber crimes in India.

The cyber laws and cyber security trends in India 2011 by Perry4Law and Perry4Law Techno Legal Base (PTLB) also proved this point. Even the mobile cyber security in India is missing. In these circumstances, mobile banking in India has become really risky. In fact, mobile banking cyber security in India is almost missing and this has put the customers at grave risks. Mobile banking cyber security is required in India on a priority basis before any mobile banking scheme is launched in India.

Although Internet banking guidelines in India by RBI have been issued yet no such guidelines have been issued by RBI regarding mobile banking so far. Further, it is also not clear who would bear the loss arising out of a banking transaction that is a direct result of a financial or cyber crime. Banks are passing the buck to consumers even when they are at fault by not ensuring sufficient cyber security.

Banks of India are not realising that they are under a legal obligation to ensure cyber law due diligence for their banking transactions. In the absence of cyber law due diligence, it is the responsibility of banks of India to bear any loss arising out of any financial or cyber crime.

Perry4Law and PTLB recommend that banks in India must not only ensure cyber security for their transactions but also adhere to the cyber law due diligence requirements as are mandatory in India. 

Privacy Laws In India And Privacy Rights In India

We have no dedicated statutory or constitutional privacy laws In India. However, the Supreme Court of India has interpreted Article 21 of Indian Constitution as the source of constitutional right to privacy in India. For some strange reasons, privacy rights and laws in India have always been ignored by Indian government. Even the proposed draft right to privacy bill 2011 of India remained another assurance till now.

Similar is the case regarding data protection laws in India. Till now we have no dedicated data protection laws in India. Clearly, data protection laws in India and privacy rights in India are urgently required to be formulated. Indian government must pay urgent attention to privacy rights, privacy laws and data protection laws in India.

The Supreme Court of India in Kharak Singh v. State of U.P. (AIR 1963 SC 1295) recognised the Right to Privacy as an integral part of the Right to Life and Personal Liberty which is a fundamental right guaranteed to every individual.

In the case of R. Rajgopal v. State of Tamil Nadu (1994 (6) SCC 632) the Supreme Court laid down that personal information may not be published without consent whether truthful or otherwise and whether laudatory or critical, unless they are part of public records.

Similarly, Section 21 of the Juvenile Justice Act, 2000 Prohibits the publication of names and other particulars of children which may lead to identification of the child involved in proceedings under the Act.

The cyber law of India incorporated in the Information Technology Act, 2000 (IT Act 2000) provides few provisions regarding data protection and privacy aspects. The Act defines Data as any information, knowledge, facts, concepts or instructions being processed (or intended to be processed) in a computer system or network. The disclosure of personal data is prohibited and there are stringent provisions for protection of sensitive personal data.

The IT Act 2000 was amended by the Information Technology Amendment Act 2008 (IT Act 2008). The IT Act 2008 introduced Section 72A that confers protection against disclosure of personal information in breach of a lawful contract.

Section 72A mandates that if any person or intermediary has become privy to any personal information of another, while providing services under the terms of a lawful contract, any disclosure of such information to a third party, without the consent of the person concerned and with the intention to cause or with knowledge that he is likely to cause wrongful loss or wrongful gain, or in breach of the contract is punishable with upto three years imprisonment or fine upto five lakh rupees or both. The term “intermediary” means a person who on behalf of another person receives, stores or transmits that record or provides any service with respect to that record.

Further, section 43A of the IT Act 2000 provides for compensation by way of damages in case a body corporate handling any sensitive personal data or information in a computer resource is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person.

Reasonable security practices and procedures have been defined in the Section as those which are designed to protect such information from unauthorised access, damage, use, modification, disclosure or impairment to protect such information from unauthorized access, damage, use, modification, disclosure or impairment.

In April 2011, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011 were notified. These new rules regulate the collection, disclosure, transfer and storage of sensitive personal data and widen the scope of the regulation provided in Section 43A.

Sensitive personal data is defined under the Rules as information relating to a data subject’s:

(i) Password;
(ii) Financial information such as Bank account or credit card or debit card or other payment instrument details;
(iii) Physical, physiological and mental health condition;
(iv) Sexual orientation;
(v) Medical records and history;
(vi) Biometric information;
(vii) Any detail relating to the above clauses as provided to body corporate for providing service; and
(viii) Any of the information received under above clauses by body corporate for processing, stored or processed under lawful contract or otherwise

Information that is freely available or accessible in the public domain, or furnished under the Right to Information Act 2005 or any other law in force, is not regarded as sensitive personal data.

With regard to consent the said rules provide that the consent has to be obtained from the provider of sensitive personal data in writing through letter, fax or email regarding purpose of usage before collection of such data. The information is to be collected for a lawful purpose and only where it is necessary to do so.

Privacy related provisions are also incorporated in other Indian statutes as well. These include Indian Telegraph Act, 1885, Indian Contract Act, 1872, Specific Relief Act, 1963, Public Financial Institution Act, 1983, Consumer Protection Act, 1986, Credit Information Companies (Regulations) Act, 2005, etc. We would discuss this issue more in our subsequent posts.

Saturday, August 4, 2012

Critical Infrastructure Protection In India

Critical infrastructures like power utilities, transportation, banking systems, stock markets, medical institutions, etc are essential part of our day to day lives. There disruption for even few hours can cause great loss and discomfort. At times this may also result in casualties of human lives.

In these circumstances, critical infrastructure protection in India is needed. To achieve this we need a critical ICT infrastructure protection policy of India that must be formulated and implemented as soon as possible. Although a national critical information infrastructure protection centre (NCIPC) of India has been proposed by India yet no action has been taken in this regard so far.

It is high time that critical infrastructure protection (CIP) and homeland security (HS) in India must be taken seriously and effective steps in this direction must be taken.  The best way to achieve this is to formulate a suitable techno legal cyber security policy of India that must include CIP aspect as well.


Cyber security in India and its challenges and problems cannot be effectively managed till we have robust and techno legal cyber security capabilities in India. We need a skilled cyber security workforce in India that can tackle present as well as future cyber security challenges. Cyber security skills development in India must be ensured to meet this objective.

Perry4Law and Perry4Law Techno Legal Base (PTLB) recommend that Indian government must urgently formulate cyber security policy and critical infrastructure protection policy for India.

Monday, July 30, 2012

Importance Of Cyber Forensics For India

Cyber forensics in India is one of the most important fields for effective legal and judicial system of India. Indian Approach towards cyber forensics has been lukewarm so far. It is only now that India has started paying attention to cyber forensics.

There are very few cyber forensics firms and companies operating in India. Cyber forensics is a dynamic field that requires continuous updates and modifications. Thus, cyber forensics companies and firms in India must innovate.

Further, cyber forensics research centers in India must be established to meet the research and development needs of India in the field of cyber forensics. The distance learning courses for computer forensics in India must be encouraged to develop cyber forensics skills in India. The cyber forensic investigation solutions in India are needed to establish cyber forensics procedures and best practices in India.

World over stakeholders are planning to use technology to fight drugs, human trafficking and illicit networks. Cyber forensics can play a crucial role in order to achieve this objective.

Cyber forensics professionals must be aware of the basics of Internet protocol (IP) address system as that is the starting point for all cyber forensics and cyber security related exercises. IP address tracking methods and techniques for e-mails must also be well understood. A special care must be taken of IP address spoofing and its defenses.

There are certain challenges that cyber forensics professionals may face in their day to day affairs. For instance, cyber forensics of hidden Internet is a challenging and daunting task.  Cyber forensics professionals must be well prepared to tackle new and unexplored challenges from cyberspace.

Further, legal and judicial fraternity of India needs scientific knowledge. Police, lawyers and judges must be aware about the basic level knowledge of cyber forensics. Technology laws like cyber law must also be well known to legal and judicial fraternity in India.  While undertaking a trial, the judges in India must realise that IP address should not be the sole criteria for arrest and conviction.

Perry4Law and Perry4Law Techno Legal Base (PTLB) hope that India would consider these aspects and various stakeholders would work collectively in this crucial and much needed direction.