Monday, November 2, 2015

Cyber Crimes And Cyber Attacks Insurance In India: A Techno Legal Perspective

Insurance business is well structured and well established in India. Even the regulatory framework in the traditional insurance sector is well managed by Indian government. With the passage of time, new avenues are now available for the insurance business. One such avenue comes from the adoption of information and communication technology (ICT) in our daily lives and the misuse of the same by criminal elements.

Perry4Law has been advocating use of cyber insurance since 2004 and from that year onwards we have been keeping a close watch upon the developments in this field at both national and international levels. Cyber insurance was adopted by developed nations earlier than India as it is only now that Indian insurance companies and Indian companies and other individuals have realised the importance of cyber insurance.

Information Technology Act, 2000 (IT Act 2000) prescribes adoption of adequate cyber security practices and cyber law due diligence (PDF) by Indian companies and individuals. Even technology companies, financial institutions and e-commerce websites are required to observe cyber due diligence in India and this requirement cannot be ignored anymore. A special attention must be given to the Information Technology (Intermediaries Guidelines) Rules 2011 (PDF) and Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011 (PDF) by those engaged in technology related business in India.

Regulatory compliance requirements under the Indian Companies Act 2013 (PDF) have added many legal obligations on the part of Indian companies and their directors. These include the liability of directors for cyber law and cyber security breaches and a liability for not following cyber law and cyber security legal obligations while conducting the functions of their respective companies.

Foreign companies and e-commerce websites having a business presence in India would now be required to register in India. This would also make them amendable to Indian laws and to face legal obligations for their non compliances. For instance, the recent cyber breach at Target Corporation has exposed it to litigation in multiple jurisdictions around the world.

Cyber breaches in India would raise complicated cyber law issues in the near future. For instance, cyber security issues of e-commerce business in India need to be discussed and implemented by Indian government and insurance companies. Similarly, cyber due diligence must also be outlined and implemented for online payment makers. Maintenance and inspection of document in digital form under corporate laws of India would also raise privacy, data protection (PDF) and cyber security issues.

All these aspects need a dedicated techno legal framework that is presently missing in India. Similarly, corporate frauds investigations in India would need scientific technologies and methods like e-discovery, cyber forensics, etc. If cyber security (PDF) and cyber forensics (PDF) trends in India are considered, this is a big challenge for Indian government, insurance companies and other corporate stakeholders. If cyber insurance has to be considered to be a potential source of revenue by insurance companies and adequate protection by Indian company ies, they have to work hard in their respective fields.

Merely entering into an insurance agreement for cyber insurance purposes would create more trouble than solutions as complicated techno legal issues are involved in international cyber crime and cyber attack cases. For instance, insurance companies and affected companies may also face and have to tackle conflict of laws in cyberspace, authorship attribution for cyber crime and cyber attacks, refusal and non cooperation by foreign governments and companies in cyber crimes investigations, etc.

In these circumstances, not only the cyber insurance agreements must be properly drafted by insurance companies but techno legal investigation skills must also be used for investigating cyber crimes and cyber attacks cases by both the affected companies and insurance companies.

Sunday, November 1, 2015

Cyber Security Law Firms In India

About four years back, India's leading techno legal ICT law firm Perry4Law wrote about cyber security legal practice in India. The article was very clear in its message that techno legal fields like cyber law, cyber security, cyber forensics, cyber warfare, cyber terrorism, etc are not the preferred field of legal practice for law firms and lawyers in India and other countries. The main reason for avoiding cyber security legal practice was lack of expertise to manage complicated cyber security related issues. Only law firms like Perry4Law have been managing techno legal issues of cyber security, cyber law, cyber forensics, e-discovery, etc in India so far.

Then came the positive development and lawyers and law firms
started exploring the areas like cyber law, cyber security, cyber forensics, etc. Although the number of such lawyers/law firms is negligible yet the growing interest in the techno legal fields would increase such numbers in future. Further, techno legal issues would also change the way traditional businesses and transactions would be carried out in future. For instance concepts like cyber insurance, online dispute resolution, e-courts, digital evidencing and e-discovery, media forensics, cyber forensics, etc would be very much used in future.

However, technology laws have their own peculiar problems. Cyber laws are generally curative in nature as against the desirable preventive requirements. They are formulated keeping in mind the crimes/cyber crimes that have already taken place instead of what cyber crimes can possibly happen in future. In short, cyber laws must be “futuristic” in nature as against “historical” in their applicability. This brings novel legal challenges before lawyers and law firms as cyber security legal practice becomes very challenging and research oriented field.

Cyber crimes and cyber attacks have increased tremendously world over. No country is safe from cyber crimes and sophisticated cyber attacks. Despite this position there is no method or procedure to asertain international legal issues of cyber attacks. Perry4Law Organisation (P4LO) has been managing the exclusive techno legal blog on international legal issues of cyber attacks and the same can be accessed here. Further, to spread public awareness in the techno legal fields, P4LO has also been providing global techno legal news and views and the same can be accessed here. A virtual law campus (VLC) has also been launched by Perry4Law's Techno Legal Base (PTLB) so that skills developments in the fields like cyber law, cyber security, e-discovery, cyber forensics, etc can be ensured for various stakeholders including lawyers.

With issues like cyber espionage and cyber warfare, the traditional armed forces and legal fraternity are now collaborating upon a very unique platform where lawyers need to have a sound knowledge of both law and technology. It seems the techno legal community alone would be able to dare to explore issues like cyber law, cyber security, etc in future.

Friday, October 30, 2015

Blog On International Legal Issues Of Cyber Attacks


For instance, if a simple exercise of internet protocol tracking is undertaken, it takes months before any information is received from a foreign jurisdiction. Even in such cases, these are exceptional cases and not a general practice. In this process, the crucial digital evidence is lost forever and the cyber crimes investigation becomes a cold trail.

As there is a severe conflict of laws in cyberspace, it is very important to be aware of various technology related laws of various jurisdictions. However, it is not possible to be aware of all the laws of various jurisdictions. In order to spread public awareness in this regard, Perry4Law Organisation (P4LO) has been managing a dedicated blog on international legal issues of cyber attacks and cyber security. It is the exclusive techno legal blog on the topic not only in India but in entire world.

The blog has covered many techno legal aspects like use of cyber espionage malwares, need for the national security policy of India, legal immunity against cyber deterrent acts in India, open source intelligence through social media websites, protection of Indian cyberspace, national counter terrorism centre (NCTC) of India, cyber security challenges of India, cyber preparedness of India, the Wassenaar Arrangement and cyber security issues, intelligence agencies reforms in India, banking cyber security, techno legal analysis of Gameover Zeus, cyber crimes insurance in India, smart cities cyber security in India, etc.

As on date we have no dedicated cyber security laws in India. This is the reason why cyber security is more ignored than complied with in India. Even the blooming e-commerce industry of India is devoid of required cyber security practices and requirements. Cyber security of banks in India is also not upto the mark. This has forced the Reserve Bank of India to constitute a IT subsidiary that would consider, monitor and prescribe cyber security related rules, regulations and practices for banks in India. Even the Companies Act 2013 has prescribed cyber security obligations for the directors of companies. This is in addition to the cyber law obligations of banks and directors of Indian companies.

It is well understood that international legal issues of cyber attacks are not easy to handle. Nevertheless, Indian government cannot afford to ignore this situation and it must urgently work towards making Indian cyber security robust, resilient and effective. P4LO hopes that our readers would find our blog on international legal issues of cyber attacks, cyber law and cyber security useful.

Source: CSRDCI.

Tuesday, April 23, 2013

The Central Monitoring System (CMS) Project Of India

April 2013 is the month in which Indian government wishes to implement the controversial and ambitious central monitoring system (CMS) project of India. The year 2013 is also the year where the intelligence infrastructure of India may also see a boost.

Till now the national counter terrorism centre (NCTC) of India has failed to take off the ground. Similarly, the national intelligence grid (Natgrid) project of India, crime and criminal tracking network and system (CCTNS), etc are also facing a similar fate.

On the front of cyber security infrastructure of India as well, there is little progress. We have no cyber security best practices in India and law enforcement and intelligence agencies are actually working in an improper manner while dealing with sensitive information.


Even on the legislation front, India is deliberately postponing enactment of relevant and crucial techno legal laws. For instance, the cell site data location laws in India and privacy issues must be suitably regulated by a new law. Similarly, the cell site location based e-surveillance in India and surveillance of internet traffic in India must also be part and parcel of a new legislation.

Parliamentary oversight of intelligence agencies of India is need of the hour as intelligence work is not an excuse for non accountability. Unfortunately, the intelligence infrastructure of India has become synonymous for non accountability and lack of oversight.

Recently the Aadhaar project of India was challenged in various courts around the nation. There are serious techno legal security issues with projects like Aadhar and they must be resolved as soon as possible. Further, projects like Aadhaar, CCTNS, Natgrid, CMS, etc must also be backed by proper legislation and parliamentary oversight.

The government has to maintain a balance between civil liberties like right to privacy and law enforcement requirements. If a provision mandating compulsory cell phone location tracking for all the phones and others is formulated, it would fell afoul of the constitutional and statutory protections in India.

As on date, phone tapping can be done only through the procedure prescribe under the Indian Telegraph Act, 1885. All passive phone tapings that are not authorised under the Telegraph Act are illegal and punishable. It is immaterial whether a law enforcement agency or private person is indulging in such activity as it would remain illegal and punishable for both in such circumstances.

The real problem is that the law enforcement and intelligence agencies of India are not subject to any practical and effective parliamentary oversight. Indian government must not only make them accountable to the parliament but also formulate new laws keeping in mind the contemporary requirements. The Telegraph Act has long served its purpose and it deserves a complete rejuvenation.

We must also not forget that we have no dedicated privacy laws, data protection laws, data security laws and cyber security laws in India. In these circumstances implementing the central monitoring system project of India would raise serious constitutional challenges and Indian government must avoid the same at all costs.

Friday, March 8, 2013

Central Monitoring System (CMS) For Telephone Tapping In India

The Central Monitoring System (CMS) Project of India is a “centralised mechanism” where telecommunications and Internet communications can be analysed by the Indian Government and its Agencies.

The CMS project of India is a good and ambitious project that is required to manage national security and law and enforcement requirements of the country. However, adequate “procedural safeguards” must also be established in the system so that it is not abused for political and personal reasons.

The telephone tapping laws in India are already weak and violative of constitutional protections. We are still following the colonial telegraph act that requires an urgent repeal. Further, the information technology amendment act 2008 made e-surveillance in India a regular phenomenon. The big brother in India must not overstep the limits.

We at Perry4Law Organisation and Perry4Law’s Techno Legal Base (PTLB) believe that a holistic and comprehensive law on telephone tapping in India as well as governing related aspects must be formulated in India. For instance, the cell site data location laws in India and privacy issues must also be covered by the proposed law. Similarly, the cell site location based e-surveillance in India and surveillance of internet traffic in India must also be part and parcel of the new legislation.

A national e-surveillance policy of India must be formulated that should cover both policy and legislative issues pertaining to CMS project and telephone tapping relating issues. Call data record (CDRs) must also be regulated and protected by adequate and strong laws.

Indian government has already started working in the direction of making the CMS project operation in the month of April 2013. A new mechanism will be put in place by the Indian government to eliminate the loopholes in authorised phone tapping by intelligence and enforcement agencies.

Under the proposed framework, a centralised mechanism would be adopted where the need to approach individual telecom service providers would be obviated. This would exclude the interaction with these service providers and make the entire process of telephone tapping more secure and leak proof. However, this would also result in abusing the telephone tapping mechanisms in the absence of adequate procedural safeguards.

The CMS project would be brought under the Department of Telecom (DoT) and will be manned by the Intelligence Bureau (IB). Some procedural changes have also been introduced in this process. For instance, a clear electronic audit trail of the phones tapped would be maintained. This would eliminate the traditional paper based trail procedure that is cumbersome and prone to leak. The entire phone-tapping system will also move to an electronic platform from the current manual system.

The CMS project, based in New Delhi, would also have four hubs in major cities of India. Proposal to curtail the discretionary power of agencies to listen into phone calls may also be implemented. The telegraph act may be suitable amended to reflect these changes.

As per the present regulatory framework, in cases of urgency the agencies can tap phones for seven days without obtaining permission. With the migration to electronic platform and adoption of CMS project, the request for sanctions will also be sent electronically which will cut down the time to obtain permission.

At Perry4Law and PTLB we believe that it would be even better if we ensure parliamentary oversight of intelligence agencies of India as well. Further, we also believe that it is high time to formulate a comprehensive and holistic telephone tapping and related law for India. We also understand that this is a very difficult and delicate task and may face stiff resistance from various quarters but the tough call has to be taken by Indian government immediately.

Saturday, March 2, 2013

The Hacker News: Security In A Serious Way

If you are interested in reading serious cyber security and related news and views, the Hacker News is one of the best sources for the same. The security portal is also providing a magazine on this topic that is also of good quality.

The Hacker News (THN) is a privately owned Indian company based out of New Delhi, India and has been providing training and knowledge-based solutions since October 2011.

Originally founded in November 2010 by Mr. Mohit Kumar, The Hacker News has been internationally recognised as a leading news source dedicated to promoting awareness for security experts and hackers.

Supported and endorsed by administrators and members of various underground hacking groups and communities worldwide, The Hacker News (THN) has become a worldwide leader in information security.

Saturday, February 2, 2013

Courts Automation Systems In India, E-Courts And Online Dispute Resolution

Indian courts have been using information and communication technology (ICT) for effective judicial functioning. New features like online cause lists, filing of cases on digital mediums like CDs, providing of judgments online, use of video conferencing, etc. are already being used by courts of India.

However, automation of courts systems in India is still far from satisfactory. We are still waiting for the establishment of first e-court of India. Till now India has been able to computerise some courts alone and e-courts functionalities are still missing.

For instance, courts automation and functionalities like e-filing, submission of notices and evidence, online cross examination, online cyber forensics support, etc are still missing.

At Perry4Law and Perry4Law’s Techno Legal Base (PTLB) we are managing the exclusive techno legal e-courts training and consultancy centre of India. This e-courts centre is also managing software repositories in the fields like courts automation, cyber forensics, cyber security, online dispute resolution, etc.

Further, the e-courts centre of India is also imparting techno legal trainings in the fields like cyber law, cyber forensics, cyber security, e-courts management, courts automation, judicial and legal integration system, legal management systems, e-discovery, etc.

Skills development and trainings for lawyers, public prosecutors, law enforcement agencies, judges and court master and staff is also undertaken by PTLB.

ICT can be used to bring judicial reforms in India. At Perry4Law and PTLB we believe that establishment of e-courts in India and using online dispute resolution in India for effective and alternative dispute resolution can not only bring the pending cases down but also help in providing speedy and economic justice to the litigants. 

The sooner e-courts are established in India and ODR is used for alternative dispute resolution the better it would be for the legal and judicial system of India.

Source: Legal Enablement Blog Of PTLB.

Wednesday, January 30, 2013

USPTO Grants Apple Trademarks For Its Retail Outlets Designs And Layout

Apple has been vigorously protecting its brand and trademark around the world. In one such example, the US Patent and Trademark Office (USPTO) accepted Apple's request last week for trademarks on the minimalist design and layout of its retail outlets.

With a booming e-commerce in India, Apple must be planning to protect its brand and trademark in India as well. Apple has already showed its displeasure for the Asian region, especially in China. In 2011, authorities in the Chinese city of Kunming stopped 22 fake Apple stores from illegally using the company's trademarks after Apple lodged a complaint with authorities.

Since trademark is territorial in nature, Apple must also protect its interests in the Indian territory. Intellectual property rights (IPRs) in India are well known and India has a strong trademark law in the form of Trademarks Act, 1999.


Apple said in its application in May, 2010 that it was not claiming color as a feature of the mark. The mark consists of the distinctive design and layout of a retail store, it said.

Apple must be very careful while engaging in e-commerce activities in India. There are well recognised legal requirements to start an e-commerce website in India and the legal formalities required for starting e-commerce business in India. Similar regulatory requirements do exist in other countries as well.

For instance, Apple was recently fined in Beijing Court for unauthorised e-book sales. Similarly, there are many cyber laws due diligence requirements in India that companies like Apple must comply with in India in order to engage in legally sustainable e-commerce business activities.

There are many techno legal compliance requirements that e-commerce portals, including Apple, Amazon, E-Bay and others, must comply with. At Perry4Law and Perry4Law’s Techno Legal Base (PTLB) we believe that cyber law due diligence, Internet intermediary liability and cyber due diligence for Indian companies must be kept in mind by various e-commerce websites and players.

At the end of the day managing techno legal IP a requirement is of great importance to all concerned who are eying upon India as a market.

Renewal Of An Expired Trademark In India And United States

Trademark law of India is passing through an interesting and developmental phase. Recently Samsung has raised the issue of international exhaustion of a trademark under Indian trademark law. Similarly, trademarks registrations in India have also increased as India is becoming a favourite destination for commercial activities world over.

Trademark registration in India is regulated by the Trademarks Act 1999 of India. A registered trademark is valid for a period of 10 years that can be renewed for another 10 years at a time. Further, international registration of trademarks under Madrid Agreement and Madrid Protocol can also be explored by applicants. However, the Madrid Agreement and Madrid Protocol and its applicability and implementation in India are still in a flux.

There may be cases where a trademark holder fails to renew his/her/its trademark in time. Renewal of an expired trademark is the only option left in such cases. In India even if the mark has been expired, one can apply for its re-registration. If someone else applies for registration of expired trademark as per the prescribed procedure, owner of expired trademark can file objections at the registry, tribunal or appropriate forum.

In United States (US), to keep the registration alive or valid for all trademarks registrations, except for non Madrid Protocol based registrations, the registration owner must file specific documents and pay fees at regular intervals.  Failure to file these documents will result in the cancellation of his/her/its registration.

For Madrid Protocol Based Registration, after the protection is granted to the international registration and a U.S. registration issues, to keep protection in the U.S., the U.S. registration owner must file specific documents and pay fees at regular intervals. Failure to file these documents will result in the cancellation of his/her/its U.S. registration and the invalidation of protection of the international registration by the United States Patent and Trademark Office (USPTO).

Under Section 8 of the Trademark Act, 15 U.S.C. §1058, a §8 Declaration of Continued Use is required to be given by the trademark owner. The Declaration is a sworn statement, filed by the owner of a registration that the mark is in use in commerce. If the owner is claiming excusable nonuse of the mark, a §8 Declaration of Excusable Nonuse may be filed. The purpose of the §8 Declaration is to remove marks no longer in use from the register.

The USPTO will cancel any registration on either the Principal Register or the Supplemental Register if a timely §8 Declaration is not filed by the current owner of the registration during the prescribed time periods.  The USPTO has no authority to waive or extend the deadline for filing a proper §8 Declaration. Registrations finally cancelled after the expiry of permissible period due to the failure to file a §8 Declaration cannot be reinstated or revived.  A new application to pursue registration of the mark again must be filed.

Holders (owners) of registered extensions of protection to the U.S. (also called §66(a) registrations, registrations resulting from 79’ series applications, international registrations extended to the U.S.) who wish to maintain the protection granted their mark in the U.S. pursuant to the Madrid Protocol must file an affidavit or declaration of use in commerce or excusable nonuse to avoid cancellation of protection in U.S. Such affidavits are required pursuant to Section 71, 15 U.S.C. §1141k, of the Trademark Act.  The USPTO has no authority to waive or extend the deadline for filing a proper §71 Declaration.  Registrations finally cancelled after the expiry of permissible period due to the failure to file a §71 Declaration cannot be reinstated or revived.  A new application to pursue registration of the mark again must be filed.  

The holder of a registered extension of protection of an international registration to the U.S. must file an application for renewal of the international registration with the International Bureau (IB). Renewal of international registrations is governed by Article 7 of the Madrid Protocol and Rules 29 - 31 of the Common Regulations under the Madrid Agreement and Protocol.

A renewal can be filed during the six months before expiry of the period of protection or in the six months following the expiry of the current period of protection with the payment of a surcharge.

The term of an international registration is ten years, and it may be renewed for ten years upon payment of the renewal fee.

Perry4Law hope this information would be useful to all concerned stakeholders.

Source: IPR Services In India.

Sunday, January 20, 2013

Is Online Gambling And Betting Legal In India?

As a leading techno legal ICT law firm of India, Perry4Law is frequently approached for numerous techno legal issues. One of them pertains to e-commerce laws and regulations in India.

Recently many queries have been raised about the applicable online gambling laws and regulations in India.  We have also observed that e-commerce legal compliances in India are not followed in true letter and spirit. This may be due to lack of knowledge about applicable e-commerce laws but ignorance of laws is no excuse.

If e-commerce players do not follow the laws of the land, they may found themselves in uncomfortable situations. For instance, cyber law due diligence, Internet intermediary liability and cyber due diligence for Indian companies are some of the issues that have been ignored by almost all e-commerce players of India.

Coming back to the burning issue whether online gambling and online betting is legal in India or not? We have already covered the legality of online gambling and betting in India and other e-commerce compliance requirements in India but we would briefly cover the same once again.

The golden rule for deciding whether online gambling in India is legal or nor has to be judged by many factors that depends upon the facts and circumstances of each case and upon state to state. There are many states in India where gambling is legal and few where even online gambling and betting is legal. However, there are some states like Mumbai where online gambling is expressly prohibited and made a punishable offense. So it depends upon the state where you wish to carry the online gambling and betting business.

Then there is the rule of skills versus chance as laid down by the courts of India. As a general rule, where the game involves application of skill on the part of the player and the element of chance is minimal, the activity would be considered to be a game and not an act of gambling. However, the applicability of this test of skill versus chance may not be applicable to online or Internet games, betting and gambling as various judicial decisions pertaining to different sets of facts and circumstances and can be distinguished easily in subsequent litigations.

Finally, economic and taxation legislations like tax laws of India, anti money laundering laws, etc are also involved while operating online casinos, online gambling and betting and online gamming platforms.  The provisions of these economic legislations are very stringent in nature and can cause great detriment to the owner or operator of the online casino, gambling and betting website.

To be on a safer side, it is better to comply with various techno legal laws of India while opening an online gambling, gaming and betting platform rather than facing the punitive provisions of Indian laws.

Source: E-Commerce Laws and Regulations In India.