Monday, November 16, 2015

Social Networking Laws In India Need Clarity And Codification

Social networking websites have a very crucial role to play in fields like business and commerce, personal relationships, leisure activities, political usages, speech and expression, etc. This is the reason why social media websites like Facebook, Twitter, LinkedIn, etc are very popular world over.

India has also a significant population that is attached to various social media or social networking websites. This has given rise to unique law enforcement and regulatory challenges before the countries around the world. While the United States has the advantage in the sense that most of these social networking websites are located within the legal and territorial limits of US authorities yet law enforcement authorities of India and other countries find it really difficult to manage law enforcement related activities arising due to abuse of these social networking websites.

The conflict of laws in cyberspace has further widened the law enforcement access deficit that India is presently facing. Most of the law enforcement agencies of India openly admit that when the server of a website is located outside India it becomes next to impossible to prosecute a cyber criminal using such a website and committing an offence against Indian citizen.

For instance, Bangalore cyber police is facing investigation difficulties with Facebook and it is well known. Similarly, the Delhi Police was too late to get access to IP address of the accused who hacked the e-mail account of Amrita Rai. It is also well known that most of the social networking websites that are operating in India are not complying with the laws of India.

The Information Technology Act, 2000 (IT Act 2000) is the cyber law of India that governs legal issues pertaining to e-commerce, e-governance, cyber contravention and cyber crimes. However, the cyber law of India is a piecemeal legislation that covers multiple areas and in this attempt it is not covering even a single area effectively. India must either formulate a comprehensive and holistic techno legal framework or it must adopt specific and dedicated laws for various fields. There is no doubt that India needs a new and better cyber law and the old one must be repealed.

It has been suggested that foreign websites and social networking websites must establish servers in India. It has also been suggested that India’s own social networking websites must be established so that compliance with Indian laws can be ensured. As per the amended Indian Companies Act, 2013, the directors of India companies can be held liable for cyber law and cyber security related techno legal compliances. Individuals, companies and their directors are also required to observe cyber law due diligence (PDF) under the IT Act 2000.

India has been using mutual legal assistance treaty (MLAT) to mutually cooperate on law enforcement related issues. However, MLAT is not always successful as the country to whom such a request is issued may deny cooperation if the act committed by the accused is not an offence as per the laws of that country. For instance, in the past US has refused to issue summons upon companies like Facebook, Google, etc citing similar grounds. So the MLAT route is not full proof and it is full of surprises.

Some stakeholders have started using social networking websites for business purposes in such a manner that they violate Indian laws. However, as the servers of these social networking websites are located outside India and are governed by foreign laws, Indian law enforcement agencies are helpless to enforce Indian laws against such stakeholders.

For instance, online pharmacies related legal compliances are absolutely ignored in India by most of the online pharmacies operating from India. As a result Perry4Law has suggested that online pharmacies laws must be enacted by Indian government. Similarly, the online card games websites in India are also in a limbo and they are operating in a legally risky manner. This is more so when social networking websites are used for games like online rummy, online poker and other online card games.

India has no dedicated privacy and data protection (PDF) laws. Indian government is also very committed to violate the civil liberties of Indian citizens in cyberspace. This is the reason why we have no privacy rights in India that can protect the privacy of Indian in cyberspace. Further, e-surveillance tools like Aadhaar have been clubbed with projects like Digital India and this has made the digital India initiative the biggest digital panopticon of human history. The social networking websites provides further data and information to Indian government for data mining purposes and this result in violation of privacy of Indian citizens.

Nevertheless, business and other stakeholders are required to comply with applicable privacy, data protection, cyber law and other laws applicable to their respective fields. One of the requirements that is applicable to all stakeholders including e-commerce players pertain to observation of cyber law due diligence (PDF). Similarly, e-commerce laws in India are also required to be adhered to by various stakeholders. Since the stakeholders are also using the platform of foreign companies, they are also subject to the laws of foreign jurisdictions as well. Thus, there is no significant benefit of hosting a website on a foreign server if the law enforcement agencies of India are committed to punish an offender.

Perry4Law Organisation (P4LO) hopes that this article would help various stakeholders in sensibly using the social networking websites so that they remain on the right side of the law. At the same time P4LO also believes that very soon social networking related laws and regulations would be clearly enacted by the Indian government for the larger benefit of all stakeholders.

National Counter Terrorism Centre (NCTC) Of India Must Be Constituted Urgently

Establishment of the National Counter Terrorism Centre of India (NCTC) has been facing many problems and difficulties. These include administrative, political and technological problems that need to be addressed on a priority basis by the new Government. The obvious but unsolvable terrorism dilemma of India cannot be allowed to be continued any longer in the larger interest of India.

By its very nature and design any proposed NCTC shall be managed by intelligence and security agencies of India. India has plethora of intelligence agencies and security agencies. These include Research and Analysis Wing (RAW), Aviation Research Centre (ARC), Intelligence Bureau (IB), National Technical Research Organisation (NTRO) and Defence Intelligence Agency (DIA), etc.

However, the administrative and political structure governing these agencies is highly defective as they are operating in a decentralised manner. There is no centralised authority or Ministry that can coordinate or collaborate between different intelligence and security agencies. Further, there is no Parliamentary oversight of these intelligence agencies as well.

On top of it Civil Liberties and National Security requirements of India are not balanced at all. This would give rise to constitutional issues and create problems for such agencies in future. For instance, the immunity request of these agencies for engaging in cyber deterrent act cannot be accepted in these circumstances that would be an essential function of NCTC in future.

As Mr. Narendra Modi is committed to keep the internal security part of Home Ministry with himself, these issues can be easily managed. The proposed Prime Minister’s Office (PMO) would emerge as a “centralised national reforms point” of India. The approach regarding the proposed PMO is much required as that may be a game changer for India. It would also not be difficult to constitute the proposed NCTC in these circumstances as the centralised approach towards NCTC would eliminate interference of different Departments/Ministries. Mr. Modi can comfortably guide and supervise NCTC from the PMO.

However, NCTC must not be established in the manner proposed by the previous Government. The “safest and easiest method” to establish NCTC is to give a Parliamentary Scrutiny to intelligence agencies and their functioning. In the same legal framework, establishment and role of NCTC can be formulated.

The NCTC is very significant and essential for the National Security of India. Terrorist attacks against India are on increase and we need a “Specilaised Institution” like NCTC to provide and analyse valuable intelligence inputs and leads. The real problem seems to be “lack of coordination and harmonisation” between the Centre and States and the PMO must resolve this problem while establishing NCTC.

There are other related problems as well. For instance, the intelligence infrastructure of India is in big mess.  We need to develop intelligence gathering skills development in India so that effective intelligence can be generated, processed and used in real time. On the legislation front, a legal framework on the lines of Intelligence Services (Powers and Regulation) Bill, 2011 must be formulated and enacted by our Parliament. The National Intelligence Grid (Natgrid) Project of India has already been launched. However, a legal framework for Natgrid project of India is also needed as an unaccountable Natgrid is not a panacea for intelligence failures of India.

Surprisingly, the bureaucrats at Home Ministry have dropped the reference of NCTC altogether from their proposed report to Mr. Modi. They believe that NCTC is not a viable project and it need not to be part of the projects that have to be undertaken on a priority basis. It seems the bureaucrats are well aware of the previous dislike of Mr. Modi towards NCTC and they do not wish to offend him.

This is a highly unfortunate situation. No project should be dropped simply because Mr. Modi has disliked the same in the past. It is the constitutional duty of bureaucrats to suggest inclusion of projects of National Importance keeping aside their own biases, prejudices or fears. If they simply drop a worth project like NCTC on the basis that Mr. Modi disliked it in the past nothing is more embarrassing and unfortunate than such an approach. Even if Mr. Modi is averse to NCTC as on date, the bureaucrats must suggest the same. Of course, if there are some other issues, besides personal preferences or dislikes of Mr. Modi, they must be openly and frankly communicated to Mr. Modi and let him decide ultimately.

The things and circumstance have changed drastically and it is high time to analyse projects like NCTC as per contemporary standards and requirements. The present circumstances are in favour of constitution of NCTC and the same must be done as soon as possible.

Monday, November 2, 2015

Cyber Crimes And Cyber Attacks Insurance In India: A Techno Legal Perspective

Insurance business is well structured and well established in India. Even the regulatory framework in the traditional insurance sector is well managed by Indian government. With the passage of time, new avenues are now available for the insurance business. One such avenue comes from the adoption of information and communication technology (ICT) in our daily lives and the misuse of the same by criminal elements.

Perry4Law has been advocating use of cyber insurance since 2004 and from that year onwards we have been keeping a close watch upon the developments in this field at both national and international levels. Cyber insurance was adopted by developed nations earlier than India as it is only now that Indian insurance companies and Indian companies and other individuals have realised the importance of cyber insurance.

Information Technology Act, 2000 (IT Act 2000) prescribes adoption of adequate cyber security practices and cyber law due diligence (PDF) by Indian companies and individuals. Even technology companies, financial institutions and e-commerce websites are required to observe cyber due diligence in India and this requirement cannot be ignored anymore. A special attention must be given to the Information Technology (Intermediaries Guidelines) Rules 2011 (PDF) and Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011 (PDF) by those engaged in technology related business in India.

Regulatory compliance requirements under the Indian Companies Act 2013 (PDF) have added many legal obligations on the part of Indian companies and their directors. These include the liability of directors for cyber law and cyber security breaches and a liability for not following cyber law and cyber security legal obligations while conducting the functions of their respective companies.

Foreign companies and e-commerce websites having a business presence in India would now be required to register in India. This would also make them amendable to Indian laws and to face legal obligations for their non compliances. For instance, the recent cyber breach at Target Corporation has exposed it to litigation in multiple jurisdictions around the world.

Cyber breaches in India would raise complicated cyber law issues in the near future. For instance, cyber security issues of e-commerce business in India need to be discussed and implemented by Indian government and insurance companies. Similarly, cyber due diligence must also be outlined and implemented for online payment makers. Maintenance and inspection of document in digital form under corporate laws of India would also raise privacy, data protection (PDF) and cyber security issues.

All these aspects need a dedicated techno legal framework that is presently missing in India. Similarly, corporate frauds investigations in India would need scientific technologies and methods like e-discovery, cyber forensics, etc. If cyber security (PDF) and cyber forensics (PDF) trends in India are considered, this is a big challenge for Indian government, insurance companies and other corporate stakeholders. If cyber insurance has to be considered to be a potential source of revenue by insurance companies and adequate protection by Indian company ies, they have to work hard in their respective fields.

Merely entering into an insurance agreement for cyber insurance purposes would create more trouble than solutions as complicated techno legal issues are involved in international cyber crime and cyber attack cases. For instance, insurance companies and affected companies may also face and have to tackle conflict of laws in cyberspace, authorship attribution for cyber crime and cyber attacks, refusal and non cooperation by foreign governments and companies in cyber crimes investigations, etc.

In these circumstances, not only the cyber insurance agreements must be properly drafted by insurance companies but techno legal investigation skills must also be used for investigating cyber crimes and cyber attacks cases by both the affected companies and insurance companies.

Sunday, November 1, 2015

Cyber Security Law Firms In India

About four years back, India's leading techno legal ICT law firm Perry4Law wrote about cyber security legal practice in India. The article was very clear in its message that techno legal fields like cyber law, cyber security, cyber forensics, cyber warfare, cyber terrorism, etc are not the preferred field of legal practice for law firms and lawyers in India and other countries. The main reason for avoiding cyber security legal practice was lack of expertise to manage complicated cyber security related issues. Only law firms like Perry4Law have been managing techno legal issues of cyber security, cyber law, cyber forensics, e-discovery, etc in India so far.

Then came the positive development and lawyers and law firms
started exploring the areas like cyber law, cyber security, cyber forensics, etc. Although the number of such lawyers/law firms is negligible yet the growing interest in the techno legal fields would increase such numbers in future. Further, techno legal issues would also change the way traditional businesses and transactions would be carried out in future. For instance concepts like cyber insurance, online dispute resolution, e-courts, digital evidencing and e-discovery, media forensics, cyber forensics, etc would be very much used in future.

However, technology laws have their own peculiar problems. Cyber laws are generally curative in nature as against the desirable preventive requirements. They are formulated keeping in mind the crimes/cyber crimes that have already taken place instead of what cyber crimes can possibly happen in future. In short, cyber laws must be “futuristic” in nature as against “historical” in their applicability. This brings novel legal challenges before lawyers and law firms as cyber security legal practice becomes very challenging and research oriented field.

Cyber crimes and cyber attacks have increased tremendously world over. No country is safe from cyber crimes and sophisticated cyber attacks. Despite this position there is no method or procedure to asertain international legal issues of cyber attacks. Perry4Law Organisation (P4LO) has been managing the exclusive techno legal blog on international legal issues of cyber attacks and the same can be accessed here. Further, to spread public awareness in the techno legal fields, P4LO has also been providing global techno legal news and views and the same can be accessed here. A virtual law campus (VLC) has also been launched by Perry4Law's Techno Legal Base (PTLB) so that skills developments in the fields like cyber law, cyber security, e-discovery, cyber forensics, etc can be ensured for various stakeholders including lawyers.

With issues like cyber espionage and cyber warfare, the traditional armed forces and legal fraternity are now collaborating upon a very unique platform where lawyers need to have a sound knowledge of both law and technology. It seems the techno legal community alone would be able to dare to explore issues like cyber law, cyber security, etc in future.

Friday, October 30, 2015

Blog On International Legal Issues Of Cyber Attacks


For instance, if a simple exercise of internet protocol tracking is undertaken, it takes months before any information is received from a foreign jurisdiction. Even in such cases, these are exceptional cases and not a general practice. In this process, the crucial digital evidence is lost forever and the cyber crimes investigation becomes a cold trail.

As there is a severe conflict of laws in cyberspace, it is very important to be aware of various technology related laws of various jurisdictions. However, it is not possible to be aware of all the laws of various jurisdictions. In order to spread public awareness in this regard, Perry4Law Organisation (P4LO) has been managing a dedicated blog on international legal issues of cyber attacks and cyber security. It is the exclusive techno legal blog on the topic not only in India but in entire world.

The blog has covered many techno legal aspects like use of cyber espionage malwares, need for the national security policy of India, legal immunity against cyber deterrent acts in India, open source intelligence through social media websites, protection of Indian cyberspace, national counter terrorism centre (NCTC) of India, cyber security challenges of India, cyber preparedness of India, the Wassenaar Arrangement and cyber security issues, intelligence agencies reforms in India, banking cyber security, techno legal analysis of Gameover Zeus, cyber crimes insurance in India, smart cities cyber security in India, etc.

As on date we have no dedicated cyber security laws in India. This is the reason why cyber security is more ignored than complied with in India. Even the blooming e-commerce industry of India is devoid of required cyber security practices and requirements. Cyber security of banks in India is also not upto the mark. This has forced the Reserve Bank of India to constitute a IT subsidiary that would consider, monitor and prescribe cyber security related rules, regulations and practices for banks in India. Even the Companies Act 2013 has prescribed cyber security obligations for the directors of companies. This is in addition to the cyber law obligations of banks and directors of Indian companies.

It is well understood that international legal issues of cyber attacks are not easy to handle. Nevertheless, Indian government cannot afford to ignore this situation and it must urgently work towards making Indian cyber security robust, resilient and effective. P4LO hopes that our readers would find our blog on international legal issues of cyber attacks, cyber law and cyber security useful.

Source: CSRDCI.

Tuesday, April 23, 2013

The Central Monitoring System (CMS) Project Of India

April 2013 is the month in which Indian government wishes to implement the controversial and ambitious central monitoring system (CMS) project of India. The year 2013 is also the year where the intelligence infrastructure of India may also see a boost.

Till now the national counter terrorism centre (NCTC) of India has failed to take off the ground. Similarly, the national intelligence grid (Natgrid) project of India, crime and criminal tracking network and system (CCTNS), etc are also facing a similar fate.

On the front of cyber security infrastructure of India as well, there is little progress. We have no cyber security best practices in India and law enforcement and intelligence agencies are actually working in an improper manner while dealing with sensitive information.


Even on the legislation front, India is deliberately postponing enactment of relevant and crucial techno legal laws. For instance, the cell site data location laws in India and privacy issues must be suitably regulated by a new law. Similarly, the cell site location based e-surveillance in India and surveillance of internet traffic in India must also be part and parcel of a new legislation.

Parliamentary oversight of intelligence agencies of India is need of the hour as intelligence work is not an excuse for non accountability. Unfortunately, the intelligence infrastructure of India has become synonymous for non accountability and lack of oversight.

Recently the Aadhaar project of India was challenged in various courts around the nation. There are serious techno legal security issues with projects like Aadhar and they must be resolved as soon as possible. Further, projects like Aadhaar, CCTNS, Natgrid, CMS, etc must also be backed by proper legislation and parliamentary oversight.

The government has to maintain a balance between civil liberties like right to privacy and law enforcement requirements. If a provision mandating compulsory cell phone location tracking for all the phones and others is formulated, it would fell afoul of the constitutional and statutory protections in India.

As on date, phone tapping can be done only through the procedure prescribe under the Indian Telegraph Act, 1885. All passive phone tapings that are not authorised under the Telegraph Act are illegal and punishable. It is immaterial whether a law enforcement agency or private person is indulging in such activity as it would remain illegal and punishable for both in such circumstances.

The real problem is that the law enforcement and intelligence agencies of India are not subject to any practical and effective parliamentary oversight. Indian government must not only make them accountable to the parliament but also formulate new laws keeping in mind the contemporary requirements. The Telegraph Act has long served its purpose and it deserves a complete rejuvenation.

We must also not forget that we have no dedicated privacy laws, data protection laws, data security laws and cyber security laws in India. In these circumstances implementing the central monitoring system project of India would raise serious constitutional challenges and Indian government must avoid the same at all costs.

Friday, March 8, 2013

Central Monitoring System (CMS) For Telephone Tapping In India

The Central Monitoring System (CMS) Project of India is a “centralised mechanism” where telecommunications and Internet communications can be analysed by the Indian Government and its Agencies.

The CMS project of India is a good and ambitious project that is required to manage national security and law and enforcement requirements of the country. However, adequate “procedural safeguards” must also be established in the system so that it is not abused for political and personal reasons.

The telephone tapping laws in India are already weak and violative of constitutional protections. We are still following the colonial telegraph act that requires an urgent repeal. Further, the information technology amendment act 2008 made e-surveillance in India a regular phenomenon. The big brother in India must not overstep the limits.

We at Perry4Law Organisation and Perry4Law’s Techno Legal Base (PTLB) believe that a holistic and comprehensive law on telephone tapping in India as well as governing related aspects must be formulated in India. For instance, the cell site data location laws in India and privacy issues must also be covered by the proposed law. Similarly, the cell site location based e-surveillance in India and surveillance of internet traffic in India must also be part and parcel of the new legislation.

A national e-surveillance policy of India must be formulated that should cover both policy and legislative issues pertaining to CMS project and telephone tapping relating issues. Call data record (CDRs) must also be regulated and protected by adequate and strong laws.

Indian government has already started working in the direction of making the CMS project operation in the month of April 2013. A new mechanism will be put in place by the Indian government to eliminate the loopholes in authorised phone tapping by intelligence and enforcement agencies.

Under the proposed framework, a centralised mechanism would be adopted where the need to approach individual telecom service providers would be obviated. This would exclude the interaction with these service providers and make the entire process of telephone tapping more secure and leak proof. However, this would also result in abusing the telephone tapping mechanisms in the absence of adequate procedural safeguards.

The CMS project would be brought under the Department of Telecom (DoT) and will be manned by the Intelligence Bureau (IB). Some procedural changes have also been introduced in this process. For instance, a clear electronic audit trail of the phones tapped would be maintained. This would eliminate the traditional paper based trail procedure that is cumbersome and prone to leak. The entire phone-tapping system will also move to an electronic platform from the current manual system.

The CMS project, based in New Delhi, would also have four hubs in major cities of India. Proposal to curtail the discretionary power of agencies to listen into phone calls may also be implemented. The telegraph act may be suitable amended to reflect these changes.

As per the present regulatory framework, in cases of urgency the agencies can tap phones for seven days without obtaining permission. With the migration to electronic platform and adoption of CMS project, the request for sanctions will also be sent electronically which will cut down the time to obtain permission.

At Perry4Law and PTLB we believe that it would be even better if we ensure parliamentary oversight of intelligence agencies of India as well. Further, we also believe that it is high time to formulate a comprehensive and holistic telephone tapping and related law for India. We also understand that this is a very difficult and delicate task and may face stiff resistance from various quarters but the tough call has to be taken by Indian government immediately.

Saturday, March 2, 2013

The Hacker News: Security In A Serious Way

If you are interested in reading serious cyber security and related news and views, the Hacker News is one of the best sources for the same. The security portal is also providing a magazine on this topic that is also of good quality.

The Hacker News (THN) is a privately owned Indian company based out of New Delhi, India and has been providing training and knowledge-based solutions since October 2011.

Originally founded in November 2010 by Mr. Mohit Kumar, The Hacker News has been internationally recognised as a leading news source dedicated to promoting awareness for security experts and hackers.

Supported and endorsed by administrators and members of various underground hacking groups and communities worldwide, The Hacker News (THN) has become a worldwide leader in information security.

Saturday, February 2, 2013

Courts Automation Systems In India, E-Courts And Online Dispute Resolution

Indian courts have been using information and communication technology (ICT) for effective judicial functioning. New features like online cause lists, filing of cases on digital mediums like CDs, providing of judgments online, use of video conferencing, etc. are already being used by courts of India.

However, automation of courts systems in India is still far from satisfactory. We are still waiting for the establishment of first e-court of India. Till now India has been able to computerise some courts alone and e-courts functionalities are still missing.

For instance, courts automation and functionalities like e-filing, submission of notices and evidence, online cross examination, online cyber forensics support, etc are still missing.

At Perry4Law and Perry4Law’s Techno Legal Base (PTLB) we are managing the exclusive techno legal e-courts training and consultancy centre of India. This e-courts centre is also managing software repositories in the fields like courts automation, cyber forensics, cyber security, online dispute resolution, etc.

Further, the e-courts centre of India is also imparting techno legal trainings in the fields like cyber law, cyber forensics, cyber security, e-courts management, courts automation, judicial and legal integration system, legal management systems, e-discovery, etc.

Skills development and trainings for lawyers, public prosecutors, law enforcement agencies, judges and court master and staff is also undertaken by PTLB.

ICT can be used to bring judicial reforms in India. At Perry4Law and PTLB we believe that establishment of e-courts in India and using online dispute resolution in India for effective and alternative dispute resolution can not only bring the pending cases down but also help in providing speedy and economic justice to the litigants. 

The sooner e-courts are established in India and ODR is used for alternative dispute resolution the better it would be for the legal and judicial system of India.

Source: Legal Enablement Blog Of PTLB.

Wednesday, January 30, 2013

USPTO Grants Apple Trademarks For Its Retail Outlets Designs And Layout

Apple has been vigorously protecting its brand and trademark around the world. In one such example, the US Patent and Trademark Office (USPTO) accepted Apple's request last week for trademarks on the minimalist design and layout of its retail outlets.

With a booming e-commerce in India, Apple must be planning to protect its brand and trademark in India as well. Apple has already showed its displeasure for the Asian region, especially in China. In 2011, authorities in the Chinese city of Kunming stopped 22 fake Apple stores from illegally using the company's trademarks after Apple lodged a complaint with authorities.

Since trademark is territorial in nature, Apple must also protect its interests in the Indian territory. Intellectual property rights (IPRs) in India are well known and India has a strong trademark law in the form of Trademarks Act, 1999.


Apple said in its application in May, 2010 that it was not claiming color as a feature of the mark. The mark consists of the distinctive design and layout of a retail store, it said.

Apple must be very careful while engaging in e-commerce activities in India. There are well recognised legal requirements to start an e-commerce website in India and the legal formalities required for starting e-commerce business in India. Similar regulatory requirements do exist in other countries as well.

For instance, Apple was recently fined in Beijing Court for unauthorised e-book sales. Similarly, there are many cyber laws due diligence requirements in India that companies like Apple must comply with in India in order to engage in legally sustainable e-commerce business activities.

There are many techno legal compliance requirements that e-commerce portals, including Apple, Amazon, E-Bay and others, must comply with. At Perry4Law and Perry4Law’s Techno Legal Base (PTLB) we believe that cyber law due diligence, Internet intermediary liability and cyber due diligence for Indian companies must be kept in mind by various e-commerce websites and players.

At the end of the day managing techno legal IP a requirement is of great importance to all concerned who are eying upon India as a market.