Sunday, January 20, 2013

Online Gambling Laws And Regulations In India

Online gambling in India has aroused great interest among many e-commerce entrepreneurs of India. This is because online gambling is a very remunerative and profit oriented business. However, online gambling is also a complicated business filed as many laws and technical issues have to be resolved at the same time.

We have a central law on gambling called the Public Gambling Act of 1867. Similarly, we have many state laws on gambling that are mostly based upon the central law. Further, almost all the state laws are regulating real world or offline gambling in India. The exception in this regard can be found in the laws applicable in places like Goa and Sikkim.

Recently Goa has made its casino laws very stringent keep in mind the money laundering, black money and tax evasion issues in mind. Similarly, Sikkim is also in the process of harmonising its laws with the central laws.

As far as judiciary is concerned, the Supreme Court of India has made a distinction between skills based and chance based gaming activities. Of course, each case depends upon its own facts and circumstances and the respective state law and we cannot apply one decision uniformly in all cases of gambling and online gambling. 

The e-commerce laws and regulations in India are still at the infancy stage. As a matter of fact, a majority of e-commerce portals and players in India are not following the laws of the land in true letter and spirit. Surprisingly, there is a general misconception among the e-commerce players of India that for running an e-commerce website in India they need not to follow much law. On the contrary, there are well recognised legal requirements to start an e-commerce website in India and the legal formalities required for starting e-commerce business in India.

The chief among these e-commerce players are online pharmacies, online gambling and gaming portals, electronics e-commerce websites, etc. They fail to understand that use of technology has brought additional legal issues that are primarily techno legal in nature. Their continued ignorance may bring civil, criminal and financial penalties. The recent spate of FDI crackdowns by India government proves this point.

At Perry4Law and Perry4Law’s Techno Legal Base (PTLB) we believe that cyber law due diligence, Internet intermediary liability and cyber due diligence for Indian companies must be kept in mind by various e-commerce websites and players. The skill and chance and state subject legal arguments are not sufficient to comply with complicated techno legal requirements of India as on date. So before launching an e-commerce portal, the concerned person or company must make it sure that techno legal requirements are duly complied with.

Source: E-Commerce Laws And Regulations In India.

Sunday, January 6, 2013

Optical Character Recognition (OCR) Legal Issues India

Optical character recognition (OCR) is one of the most important stages of e-discovery or cyber forensics process. OCR is the process where images of handwritten, typewritten or printed text are converted into machine-encoded text using the mechanical or electronic conversion.

The main purpose of OCR is to digitise printed texts so that they can be electronically searched, stored more compactly, displayed on-line through virtual data rooms, and used in machine processes such as machine translation, text-to-speech and text mining. OCR is also very important for presenting and defending claims and obligations in civil and criminal proceedings.

OCR, e-discovery and cyber forensics are sometimes combined while investigating financial frauds and crimes, serious frauds, forensics audit, white collor crimes, corporate frauds, fraud risk analysis, IT and cyber frauds, etc.

However, there are certain techno legal issues that must be taken care of while engaging in the OCR activities. If these techno legal issues are not followed properly, the end OCR product may not be admissible in a court of law or other investigation.

Further, only relevant material must be converted into legally admissible electronic records, including OCR. A proper chain of custody must be maintained at all stages of converting printed and other text documents into digital documents and OCR.

There is no sense in converting the entire paper based document s in to electronic format as not all electronic versions would be relevant to the case or investigation. Even lesser electronic records and OCR would be held admissible in a court of law.

According to Perry4Law and Perry4Law’s Techno Legal Base (PTLB) the most important attribute while engaging in the OCR exercise meant for litigation purposes is to first ascertain the relevant documents and then convert them into digital format keeping in mind the admissibility criteria while following proper chain of custody. 

If you are interested in our techno legal services, you may contact us in this regard. See our techno legal services, cyber forensics services, US, UK and EU laws compliances, etc in this regard.

Paper Evidence Scanning And E-Discovery Legal Issues In India

India is in the process of providing of electronic delivery of services to Indian citizens. Further, there is also a shift in electronic financial transactions in India whether it pertains to Internet banking or mobile banking. Additional challenges would also arise due to this digital revolution in India.

E-discovery services in India have become essential due to growing dependence upon electronic services in India. Further, white collor crimes, financial frauds, IT and cyber frauds, forensics accounting and auditing and risk management have further increased the scope of e-discovery services in India.


In e-discovery and OCR procedure, the role of a technology lawyers and ICT law firm is very important. No organisation or individual engaged in the e-discovery or ODR process can afford to engage in a limitless exercise. We at Perry4Law and PTLB believe that any e-discovery and OCR exercise must be primarily guided by relevancy, proper chain of custody and admissibility criteria in all circumstances. This is more so when litigation is an option.

In e-discovery and OCR procedure, data is identified as potentially relevant by lawyers/law firm and placed on legal hold. Evidence is then extracted and analysed using legally acceptable cyber forensic procedures. This includes the stages of identification, preservation, collection, processing, review and production.

These issue must be properly managed as per the techno legal requirements existing in India otherwise the adduced information, documents and evidence may not be relevant and admissible in the court of law.

Friday, January 4, 2013

Cyber Security Initiatives In India By PTLB

In this annual report 2012 we are summarising the techno legal initiatives and projects that have been freshly undertaken and continued by us. These include awareness projects, research and development projects, trainings and education projects and initiatives, skills development initiatives and projects, etc.

Let us start with some background information before we go into the details of our cyber security projects and initiatives and other techno legal initiatives for the year 2102. Perry4Law is the exclusive techno legal ICT, IP and corporate law firm of India and one of the few in the world. Perry4Law is the umbrella organisation and other techno legal segments are supporting it.

Perry4Law’s Techno Legal Base (PTLB) is the leading techno legal segment of Perry4Law and Perry4Law’s Techno Legal ICT Training Centre (PTLITC) is the highly specialised and domain specific techno legal training provider of Perry4Law.

Both PTLB and PTLITC are managing the techno legal lifelong learning centre of India established by Perry4Law. PTLB is also managing the exclusive portal for techno legal e-learning in India and virtual legal education campus in India and techno legal e-learning centre of India.

Besides education and trainings, PTLB is also engaged in techno legal skills development in India and world wide, online dispute resolution (ODR) in India, e-courts research and consultancy in India, etc. PTLB is managing the techno legal and cyber security aspects of skills development, ODR, e-courts, etc as well.

We at Perry4Law, PTLB and PTLITC have been spreading techno legal cyber security awareness in India for long. We are managing the exclusive techno legal national cyber security database of India (NCSDI). We are also managing the exclusive techno legal cyber security research and development centre of India (CSRDCI). To supplement these cyber security initiatives in India, we are also managing cyber forensics research and development centre of India and exclusive techno legal cyber crimes investigation centre of India (CCICI).


Our cyber security initiatives and projects in general and techno legal initiatives in particular are moving towards global level. If you think that your organisation or you in your individual capacity can be a valuable addition to our projects and initiatives, you may find the segment of MOU and tie up with PTLB useful. Send us your professional proposals and we may revert back to you for a suitable business collaboration opportunity.

Pharmaceuticals Trials, Experiments And Online Sales Must Be Regulated In India

Recently, the Supreme Court of India asked the Indian government to monitor and regulate all clinical trials of experimental drugs in India.  The Apex Court was anguished over the manner in which clinical trials of experimental drugs in India are handled by Indian government and its departments.

In particular, the Apex Court was angry with the Central Drugs Standard Control Organisation (CDSCO) that has failed to perform its duty properly. So much so that the Apex Court revoked the power of the CDSCO for its failure to monitor and regulate clinical trails of experimental pharmaceuticals in India.

Meanwhile, the government is considering the report of an expert committee set up to examine the issue of alleged approval of drugs without clinical trial by CDSCO. The Department related Parliamentary Standing Committee in its Report on the functioning of CDSCO has raised various issues pertaining to functioning of the organisation, including alleged approval of drugs without clinical trials.

In the proceeding before the Apex Court it came to the light that no laws were in place between 2005 and 2012 for new chemical entities and yet the government was approving trials very casually.

However, till now none have raised any objection regarding the illegal and unregulated online sales of prescribed medicines in India that is happening right under the nose of Indian Government. Such sale of prescribed medicines by e-commerce portals that also without following the laws of the land is really perilious for the end consumers. Online pharmacies in India are violating Indian laws and Indian government is least interested in curbing this practice.

The problem is aggravated in the absence of strong and effective health related laws in India, including those pertaining to online sales of prescribed medicines in India. We have no dedicated data protection laws in India and privacy laws in India. Even data exclusivity laws in India need to be formulated. A regulatory framework for data exclusivity In India can be really helpful in this regard.

The health ministry of India in general and the Indian government in particular must take immediate action regarding these situations otherwise serious ramifications may occur.

Saturday, December 22, 2012

HSI Seeks Public's Help Identifying 'Jane Doe' Producer Of Child Pornography

U.S. Immigration and Customs Enforcement's (ICE) Homeland Security Investigations (HSI) urgently needs the public's help to identify a suspected child pornography producer. The agency is seeking the arrest of an unidentified woman for producing child pornography and the rescue of a 4 to 5-year-old victim of sexual exploitation.

The "Jane Doe" criminal complaint and arrest warrant signed Tuesday in the U.S. District Court for the District of Columbia is the second obtained by HSI's Child Exploitation Investigations Unit this year. The first Jane Doe was arrested with her husband in Portland, Ore., in September, after the agency sought and received tips from the public to identifying her. http://www.ice.gov/news/releases/1209/120905portland.htm

Jane Doe, pictured here, is described by HSI special agents as a Caucasian female, 23 to 29 years old, with a medium build, brown hair with blond highlights and hazel/green eye color. She has a mole on her left thigh and a tongue piercing, with a white round stud with a pink dot. Although her whereabouts are unknown, special agents investigating this case believe she lives somewhere in the United States. She is believed to have produced at least one long-form child pornography video featuring herself engaging in explicit sexual conduct with a 4 to 5-year-old victim.

HSI special agents received an investigative referral from the Danish National Police, after the video was downloaded by law enforcement officers in Denmark. The material was submitted to the National Center for Missing & Exploited Children, the national clearinghouse for child sexual exploitation material. The center determined that the victim had not yet been identified or rescued.

Jane Doe's information and photos are also being distributed through law enforcement channels by the HSI Victim Identification Unit in an effort to find the perpetrator and rescue the victim.

HSI is requesting that anyone with information about this person contact the agency immediately, in one of two ways:

Call the ICE Tip Line: 866-347-2423, which is staffed 24-hours a day; or

Complete an online tip form at www.ice.gov/tips/.

All tips will remain anonymous. Individuals should not attempt to apprehend the suspect personally.

HSI's Victim Identification Program seeks to rescue child victims of sexual abuse and exploitation and bring the perpetrators to justice.

Wednesday, November 14, 2012

Legal Issues Of Internet Banking In India

Internet banking is a popular and convenient method of doing online banking transactions. We have no dedicated Internet banking laws in India but the Reserve Bank of India (RBI) has issued some guidelines in this regard. However, Internet banking guidelines in India by RBI are not sufficient to make the banks follow robust and required cyber security procedures.

This means that Internet banking risks in India are high and even RBI acknowledged risks of e-banking in India.  Despite this position, banks in India are ignoring the cyber security due diligence requirements prescribed by RBI. The online banking risks in India have increased tremendously due to this position.

RBI has also released a report of the RBI working group on securing card present transaction in order to provide preventive measures for ATM frauds in India. Sill Internet banking frauds in India and ATM Frauds are increasing. Banks in India are not serious about cyber security and they are not following the recommendations of RBI.

RBI has also insisted upon ensuring of cyber security of banks in India. In fact, recently RBI warned Indian banks for inadequate cyber security as well. This is resulting in increased financial crimes and cyber crimes in India. Mobile banking cyber security in India is also at risk.

The legal issues of Internet banking in India must be taken more seriously by all stakeholders especially the Indian banks. However, better results cannot be achieved till cyber security requirements made mandatory on the part of Indian banks.

Internet Banking Frauds In India

Cyber crimes in India are on rise thanks to the growing use of information technology. With limited numbers of cyber law firms in India, these cyber crimes are not reported properly. Even the cyber security of India is still catching up with the present requirements.

Cyber security of banks in India is also not upto the mark. The mobile banking cyber security in India is also missing. The preventive measures for ATM frauds in India are also missing. The truth is that Indian banks are poor at cyber security. The online banking risks in India are increasing due to this indifference towards cyber security.

RBI has recently issued a report titled Report on Trend and Progress of Banking in India 2011-12. RBI needs banks to build a robust mechanism to prevent incidents of fraud in areas of mobile/net banking and electronic fund transfer. RBI has already issued guidelines pertaining to national electronic funds transfer (NEFT) system of India but banks in India are not providing positive confirmations of NEFT transactions.  

Ensuring effectiveness of the banking sector by way of technology combination while minimising the incidences of fraudulent cases has become one of the major objectives of the RBI in recent years.

According to RBI, complaints related to unauthorised fund transfers, fraudulent withdrawals from ATMs using duplicate cards, phishing e-mails aimed at extracting personal information have registered significant increase in recent times. RBI’s ombudsman office is already flooded with ATM related complaints in India.  

RBI must take a hard stand against defaulting banks who have not adopted sound cyber security policies and strategies for Internet banking and other online financial transactions.

Monday, November 5, 2012

The Proposed IT Act 2000 Amendments: Boon Or Bane

The aim of this article, written in 2006, is to consider the far reaching consequences of the proposed IT Act, 2000 amendments as suggested by the Expert Committee appointed by the Government in this regard. These amendments were severely criticised in India because of their inherent weaknesses and retrograde approach. If these proposed amendments have been approved by the cabinet without considering the critical evaluations or without the necessary modification, India will surely be a “safe heaven” for various cyber crime and contraventions. Equally at risk are e-governance in India and e-commerce in India. In the present scenario, cyber law in India is going to be a remedy worse than the malady. We may have a cyber law without teeth. Rather, it may actively encourage and support the criminal tendencies and cyber crimes in India. It is ironical that though India is emerging as the leading country in the field of Information and Communication Technology (ICT) yet the law that is needed to make it a ground reality is itself removing the protection and safeguards necessary for the survival and continued existence of ICT in India.

I. Introduction

The cyber law, in any country of the World, cannot be effective unless the concerned legal system has the following three pre requisites:

(1) A sound Cyber Law regime,
(2) A sound enforcement machinery, and
(3) A sound judicial system.

Let us analyse the Indian Cyber law on the above parameters.

(1) Sound Cyber Law Regime: The Cyber law in India can be found in the form of IT Act, 2000. Now the IT Act, as originally enacted, was suffering from various loopholes and lacunas. These “Grey Areas” were excusable since India introduced the law recently and every law needs some time to mature and grow. It was understood that over a period of time it will grow and further amendments will be introduced to make it compatible with the International standards. It is important to realise that we need “qualitative law” and not “quantitative laws”. In other words, one single Act can fulfil the need of the hour provided we give it a “dedicated and futuristic treatment”. The dedicated law essentially requires a consideration of “public interest” as against interest of few influential segments. Further, the futuristic aspect requires an additional exercise and pain of deciding the trend that may be faced in future. This exercise is not needed while legislating for traditional laws but the nature of cyber space is such that we have to take additional precautions. Since the Internet is boundary less, any person sitting in an alien territory can do havoc with the computer system of India. For instance, the Information Technology is much more advanced in other countries. If India does not shed its traditional core that it will be vulnerable to numerous cyber threats in the future. The need of the hour is not only to consider the “contemporary standards” of the countries having developed Information Technology standards but to “anticipate” future threats as well in advance. Thus, a “futuristic aspect’ of the current law has to be considered. Now the big question is whether India is following this approach? Unfortunately, the answer is in NEGATIVE. Firstly, the IT Act was deficient in certain aspects, though that was bound to happen. However, instead of bringing the suitable amendments, the Proposed IT Act, 2000 amendments have further “diluted” the criminal provisions of the Act. The “national interest” was ignored for the sake of “commercial expediencies”. The proposed amendments have made the IT Act a “tiger without teeth” and a “remedy worst than malady”.

(2) A Sound Enforcement Machinery: A law might have been properly enacted and may be theoretically effective too but it is useless unless enforced in its true letter and spirit. The law enforcement machinery in India is not well equipped to deal with cyber law offences and contraventions. They must be trained appropriately and should be provided with suitable technological support.

(3) A Sound Judicial System: A sound judicial system is the backbone for preserving the law and order in a society. It is commonly misunderstood that it is the “sole” responsibility of the “Bench” alone to maintain law and order. That is a misleading notion and the “Bar” is equally responsible for maintaining it. This essentially means a rigorous training of the members of both the Bar and the Bench. The fact is that the cyber law is in its infancy stage in India hence not much Judges and Lawyers are aware of it. Thus, a sound cyber law training of the Judges and Lawyers is the need of the hour. In short, the dream for an “Ideal Cyber Law in India” requires a “considerable” amount of time, money and resources. In the present state of things, it may take five more years to appreciate its application. The good news is that Government has sanctioned a considerable amount as a grant to bring e-governance within the judicial functioning. The need of the hour is to appreciate the difference between mere “computerisation” and “cyber law literacy”. The judges and lawyers must be trained in the contemporary legal issues like cyber law so that their enforcement in India is effective. With all the challenges that India is facing in education and training, e-learning has a lot of answers and needs to be addressed seriously by the countries planners and private industry alike. E-learning can provide education to a large population not having access to it.

II. Critical Evaluation Of The Proposed IT Act, 2000 Amendments

The proposed IT Act, 2000 amendments are neither desirable nor conducive for the growth of ICT in India. They are suffering from numerous drawbacks and grey areas and they must not be transformed into the law of the land. These amendments must be seen in the light of contemporary standards and requirements. Some of the more pressing and genuine requirements in this regard are:

(a) There are no security concerns for e-governance in India
 (b) The concept of due diligence for companies and its officers is not clear to the concerned segments
(c) The use of ICT for justice administration must be enhanced and improved
(d) The offence of cyber extortions must be added to the IT Act, 2000 along with Cyber Terrorism and other contemporary cyber crimes
(e) The increasing nuisance of e-mail hijacking and hacking must also be addressed
(f) The use of ICT for day to day procedural matters must be considered
(g) The legal risks of e-commerce in India must be kept in mind
(h) The concepts of private defence and aggressive defence are missing from the IT Act, 2000
(i) Internet banking and its legal challenges in India must be considered
 (j) Adequate and reasonable provisions must me made in the IT Act, 2000 regarding “Internet censorship”
(k) The use of private defence for cyber terrorism must be introduced in the IT Act, 2000
 (l) The legality of sting operations must be adjudged
(m) The deficiencies of Indian ICT strategies must be removed as soon as possible
(n) A sound BPO platform must be established in India, etc.

The concerns are too many to be discussed in this short article. The Government must seriously take the “genuine concerns” and should avoid the cosmetic changes that may shake the base of already weak cyber law in India.

III. Conclusion

The Government has mistakenly relied too much upon “self governance” by private sectors and in that zeal kept aside the “welfare State role”. The concept of self governance may be appropriate for matters having civil consequences but a catastrophic blunder for matter pertaining to crimes, offences, contraventions and cyber crimes. Further, the Government must also draw a line between “privatisation’ and “abdication of duties” as imposed by the Supreme Constitution of India. The concepts of “Public-Private Partnerships’ must be reformulated keeping in mind the welfare State role of India. The “collective expertise” must be used rather than choosing a segment that is not representing the “silent majority”. It would be appropriate if the Government puts the approved draft by the Cabinet before the public for their inputs before finally placing them before the Parliament.

Saturday, November 3, 2012

Indian Critical Infrastructure And Cyber Security Challenges And Issues

The reliance of consumers and businesses on the cyberspace and interconnected networks would continue to increase. Critical industries like electric, water, oil and natural gas, transportation, automotive, and aerospace are increasingly dependent upon industrial control systems like supervisory control and data acquisition (SCADA).

In fact, SCADA has become the new cyber attacks battlefield against India. An attack upon SCADA is essentially an attack upon the critical infrastructure of a nation. The SCADA systems may involve a human machine interface (HMI), a supervisory system managing the processes, remote terminal units (RTUs) interacting with the supervisory systems, programmable logic controller (PLCs) usable as field devices, etc.

Initially, running on proprietary control these have evolved with the availability of low-cost Internet Protocol (IP) devices, thus increasing the possibility of cyber security vulnerabilities and incidents. Therefore, critical infrastructure protection in India must be an integral part of national cyber security policy of India.

The policy must address critical infrastructure protection requirements of India. Further, besides energy, defense, transportation and telecommunication, the financial sector which includes banks and stock exchanges must be suitably protected in India.

Cyber security of banks in India is still not effective. Further, cyber security due diligence for banks in India is still missing despite some stern guidelines by Reserve Bank of India (RBI). Indian Banks are not complying with RBI’s cyber due diligence requirements.  Even the RBI warned Indian banks for inadequate cyber security in the past.

This is a serious issue as more than 80% of banking transactions today takes place online. Similarly, the majority of the investor trade through online systems thus making the financial sector one of the most critical sectors.

Mobile banking cyber security in India is still missing. In these circumstances, mobile banking in India has become really risky as it puts the customers at grave risks. Mobile banking cyber security is required in India on a priority basis before any mobile banking scheme is launched in India. Although Internet banking guidelines in India by RBI have been issued yet no such guidelines have been issued by RBI regarding mobile banking so far.

These cyber security issues in India must be resolved as soon as possible as the cyber security challenges of India remains unredressed till date.