Friday, December 16, 2016

Digital Payments And Cashless Economy Trends In India 2017

Indian Government is presently engaged in making Digital India a success. Many good initiatives have already been taken under Digital India and its predecessor National E-Governance Plan (NeGP). After the Demonetisation process, Indian Government is also stressing upon grand usage of digital payments in India. 
 
Perry4Law Organisation (P4LO) has published the Digital Payments and Cashless Economy Trends of India 2017 that has covered many crucial issues regarding use, adoption and safeguards for using digital payments in India. The year 2017 may see some significant steps in the direction of encouraging more and more use of digital payments. However, there would be many techno legal challenges that have to be tackled by Indian Government before this goal is achieved. 
 
For instance, cyber security, data security, data protection, privacy safeguards, etc are some of the issues that are still vexing Indian Government. Digital payments that are insecure would be more trouble than relief. It would only increase cyber crimes and customers’ disputes in the long run.
  
As on date, the mobile cyber security is a big challenge for Indian Government and various stakeholders. If mobile security is missing, there is little hope for secure mobile banking as well. Similarly, cyber security of banks in India is also not in a good shape. This is so even when the Reserve Bank of India (RBI) has prescribed a cyber security framework for banks of India
 
Digital payments in these circumstances would be really challenging for the Indian Government. The most troublematic part would be use of Aadhaar Enabled Payment System (AEPS) that is not only highly insecure but would also amount to use of an “Unconstitutional Technology”. Cyber security, data security and privacy aspects of Aadhaar have not yet been resolved. It is not a good idea to use AEPS for any purpose, including digital payments purposes. 
 
As we move towards a digital economy, we would face sophisticated and global cyber attacks and cyber crimes. Whether we like it or not, we are not prepared to deal with cyber attacks and cyber crimes. Cyber crimes investigation capabilities of Indian law enforcement agencies must be enhanced through techno legal trainings and skills development. As cyber attacks and cyber crimes are international in nature. It requires good techno legal training to trace, investigate and punish the cyber criminal. 
 
Digital payments infrastructure of India needs to be robust and resilient from cyber security and cyber crimes perspective. Similarly, liability of banks and customers for cyber frauds and cyber thefts must be clearly specified by Indian Government. An effective dispute resolution procedure must also be established by Indian Government to resolve disputes arising out of digital payments. 
 
A test platform named Online Dispute Resolution and Cyber Arbitration has been launched by Techno Legal Centre of Excellence for Online Dispute Resolution (ODR) in India (TLCEODRI) of Perry4Law Organisation (P4LO). The platform is resolving disputes pertaining to digital payments, cyber frauds, ATM frauds, credit card frauds, debit card frauds, online banking frauds, mobile banking frauds, etc. The entire process of dispute resolution is using ODR mechanism and parties can resolve their disputes without even leaving their homes.

Perry4Law Organisation (P4LO) hopes that digital payments would be safe, secure and civil liberties compliant in the year 2017. However, Indian Government must take pro active steps in this regard if it wishes digital payments to be successful in India.

Friday, May 13, 2016

Selling Of Online Lotteries From Other States In State Of Maharashtra Sought To Be Banned Through PIL

India has been struggling hard to deal with issues of online gambling, online gaming and online lotteries for long. Till now we have no dedicated online gambling and gaming laws in India. This position has become more complicated since the Supreme Court of India has refused to decide about legality of online poker, online rummy and online card games in India.

Recently the Indian government has clarified about the Foreign Direct Investment (FDI) in E-Commerce Sector of India. As per the “Consolidated FDI Policy Circular 2015” (pdf) (FDI Policy), FDI is prohibited in lottery business including Government/private lottery, online lotteries, etc and
gambling and betting including casinos etc. Recently the Crime Investigation Department (CID) of the Andhra Pradesh police had sought a ban on the website of “Playwin” which had allegedly been selling online lotteries banned in the state.

This episode has also proved that online gaming, online gambling and lotteries websites are not complying with the internet intermediary compliances and cyber law due diligence (pdf) requirements prescribed under the Information Technology Act 2000. Similarly, almost all of the online poker websites in India are violating one or other laws of India. Although online gaming market in India is booming yet regulatory compliances cannot be ignored. It seems online gaming and online gambling industry of India is not considering regulations while conducting their businesses in India.

A disturbing trend of "legal violations" is fast dominating the online gaming industry of India. For instance, the fine line and distinction between online gambling and online gaming in India is not appreciated and understood by online gambling and gaming enthusiastics of India. As a result they are frequently prosecuted in India for violating online gaming and online gambling laws of India. Even technical mechanisms are also used to curb such activities in restricted territories or zones so that activities of one state may not violate the laws of other state of India.

In the past, Kerala refused permission to Future Gaming Solutions India Private Ltd to sell Nagaland lotteries in the state. Now a social worker had knocked judiciary's doors praying for immediate ban on unauthorized and alluring online lotteries. Promoted by other states within Maharashtra, he contended that over 1,300 bogus online lotteries under various strange names are operating here and ruining lives of millions. A division bench comprising justice Bhushan Gavai and justice Swapna Joshi issued notices to central and state governments seeking their reply before court resumes after summer vacations.

Friday, April 15, 2016

Google Seems To Have Abandoned Page Rank And All Websites Now Show Zero Page Rank

Speculations about abandonment of Google's page rank was in abundance in recent days. However, there is no official declaration or news from which date Google would be dropping the page rank indication. It seems Google has finally dropped the page rank from today evening i.e. 15-04-2016.

As a result, the blogs, websites and other pages are now showing zero page rank. The search engine optimisation (SEO) industry has to now adopt new and innovative techniques to make their clients happy.

This is followed by a manual action penalty that Google has rolled recently against link farms and splogs. Google has been fighting against splogs for long but this is a continuous fight between negative or black hat SEO professionals and Google.

Now quality of contents, user friendly pages and relevance of the material would play more decisive roles. At the same time, reliance upon Alexa rank would further increase as that would become a more conclusive criteria to judge the reputation, goodwill and relevancy of a website or blog.

As online advertisement industry is going to grow tremendously in the near future, blogs and websites with high Alexa rank would be in great demand. Similarly, Google's  AdSense program may also need to be suitably modified keeping in mind these developments.

Despite this step, Google may use the page rank for its internal purposes and making its algorithms more effective. The internal ranking mechanism may also be used to fight against websites or blogs that engage in spam behaviour or adopt negative SEO techniques. Nevertheless, page rank is no more publicly available to SEO community and other stakeholders.

We would cover these aspects in more details once official statements and news are out.

Tuesday, March 22, 2016

Censorship And Surveillance Under Digital India And Aadhaar Projects

Censorship and surveillance are controversial topics that civil liberty groups love to discuss while oppressive regimes prefer to keep under the carpet. This article is discussing the controversial issues of censorship and e-surveilance in India under the projects like Aadhaar, Digital India, national intelligence grid (Natgrid), etc. Till now it is clear that surveillance and censorship under Digital India and Aadhaar is widely practiced in India.

Adoption of digital India project by Indian government has always been portrayed as a social and welfare oriented initiative. Digital India is treading exactly on similar lines as Aadhaar has worked so far. As Aadhaar has increasingly been tied up by Indian government with digital India, there is no escape from the conclusion that the combination of Aadhaar and digital India is a digital panopticon.

Further, it is also obvious that surveillance and censorship under digital India and Aadhaar regimes are omnipresent. The blog title Internet, Mobile And Social Media Censorship In India By Twitter, Facebook, Google, Etc has been cataloging the censorship and surveillance activities of Indian government and technology companies like Google, Microsoft, Facebook, Twitter, etc for long. A dedicated page titled censorship and surveillance under digital India has also been opened to report about surveillance and censorship activities of Indian government. Censorship and surveillance under Aadhaar project has also been covered by us.

Anyone who is active on social media websites like Twitter, Facebook, etc is well aware that critical tweets and sharing are oftenly censored in India. Twitter is on the forefront of this exercise where Aadhaar and digital India related critical tweets are censored in real time.

As far as e-surveillance is concerned, Indian government is infamous for its blatant e-surveillance with no regard to the constitutional norms. Aadhaar is the final nail in the coffin of civil liberties that are openly violated by Indian government. Civil liberties protection in cyberspace is absent in India. There is no e-surveillance policy of India (pdf) that can govern the illegal and unconstitutional e-surveillance and phone tapping activities of Indian government and its agencies.

Worst part of this situation is that parliamentary oversight of intelligence agencies of India is still missing till date. To give overreaching and illegal e-surveillance and phone tapping powers in the hands of such intelligence agencies is a death knell of civil liberties. India “must reconcile” the civil liberties and national security requirements but the same is presently missing. Clearly India has become a police state with unaccountable Orwellian powers.

Tuesday, December 8, 2015

Foreign Telecom Companies May Face Opposition And Lesser Market Share In India

The heat is growing against foreign telecom equipments makers. Those on the list include the Chinese companies like Huawei and ZTE that are increasingly seen as a potential national security and cyber security threat to India and other jurisdictions. Recently, the Indian Electrical and Electronic Manufacturers’ Association (IEEMA) suggested that Indian government should consider banning imports of equipment related to power generation and telecom from China. This has come after the intelligence agencies of India expressed similar opinion.

Similarly, the increasing targeting of foreign nationals by intelligence agencies like National Security Agency (NSA) of U.S. and Government Communications Headquarters (GCHQ) of United Kingdom has also badly shaken the trust upon telecom companies operating from these jurisdictions.

For instance, Cisco, IBM, Microsoft and Hewlett-Packard have reported declines in business in China since the NSA surveillance program was exposed. Similar treatment is expected in India as India has already justified its Preferential Market Access (PMA) Policy for domestic telecom equipments manufacturers. India is also considering formulating norms for import and testing of telecom equipments in India. The security agencies of India have even suggested use of indigenously made cyber security softwares.

Recently the Telecom Merger and Acquisitions (M&A) Guidelines 2014 of India were announced by Indian government. The FDI policy for telecom sector of India 2014 (PDF) has also been revised to espouse greater interest of foreign telecom stakeholders. However, various telecom policies of India are subject to clear cut exception of national and cyber security compliances on the part of foreign and domestic telecom companies. In the present circumstances, companies like Huawei, ZTE, Cisco, IBM, Microsoft, Hewlett-Packard, etc would be required to ensure techno legal telecom due diligence compliances in India before their offers and proposals are accepted in India.

To control the damage these companies have started exploring mechanisms to inculcate trust among users and governments of foreign nations. Some of them have even embraced the idea of developing surveillance free products to keep praying eyes and ears at minimum.  These include use of sophisticated encryption technology and development of self destruction products in case of possible breach of security. However, encryption laws of India and cloud computing legal risks in India are still not considered by these foreign companies.

We at Perry4Law believe that all Subsidiary/Joint Ventures of Foreign Companies in India, especially those dealing in Information Technology and Online Environment, must mandatorily establish a server in India. Otherwise, such Companies and their Websites should not be allowed to operate in India. The Ministry of Home Affairs, India and Intelligence Bureau (IB) are already exploring this possibility.

A “Stringent Liability” for such Indian Subsidiaries dealing in Information Technology and Online Environment must be established by Laws of India. More stringent online advertisement, e-commerce, telecom security and cyber security provisions must be formulated for such Indian Subsidiary Companies and their Websites.

Saturday, November 21, 2015

Indian Department Of Telecommunications Would Investigate Govt Snooping Allegations By Vodafone

It is no more a secret that Governments across the world are indulging in e-surveillance and eavesdropping using technology and telecom infrastructures. India is no exception to this practice. Rather India is one of the most endemic e-surveillance nations in the world. The draconian laws like Telegraph Law and Indian Cyber Law are helping Indian government and intelligence agencies to indulge in unreasonable and unfettered e-surveillance at anytime and at any place. There is also an urgent need to bring intelligence agencies reforms in India as the intelligence infrastructure of India is in big mess.

Recently, the telecom giant Vodafone revealed existence of secret wires to facilitate e-surveillance by various Governments. It has been reported that even India has been using this service to indulge in e-surveillance. We have no constitutionally sound e-surveillance laws in India (PDF) as on date. Even e-surveillance policy of India is missing and there is a complete chaos in this regard. We have no telecom security policy of India as well that can prevent unauthorised e-surveillance and security threats against telecom infrastructure of India.

India has become notoriously infamous for her e-surveillance exercises and India cannot afford to maintain this negative image any further. This is the reason why Narendra Modi Government may be analysing the e-surveillance projects like The Central Monitoring System (CMS) Project of India and Internet Spy System Network and Traffic Analysis System (NETRA) of India.

In line of this approach, the Communications and Information Technology Minister Ravi Shankar Prasad on Tuesday said the Department of Telecommunications (DoT) would look into allegations made by Vodafone regarding use of secret wires by India along with other countries.

The Congress led Government was well known for its “Anti Constitutional and Pro Surveillance” approach. Only time would tell whether Narendra Modi led Government would continue this approach or bring order in the chaos created by the Congress led Government.

Whatever the case may be, we need to ensure Civil Liberty Protection in Cyberspace for Indian Citizens “At All Costs and By All Means”. The digital life of Indian citizens is not at all safe and is open to various forms of e-surveillance and eavesdropping. In the absence of support form Indian Government, Self Defence is the only viable option left before Indian Citizens to safeguard their digital lives. The initiatives titled PRISM Break and Reset the Net are worth exploring in this regard as a “Starting Point”.

Telecom Commission Cellular Loop’s Proposal Would Strengthen Mobile Based Surveillance On National Security Grounds

Recently the National Cyber Security Policy of India 2013 (NCSP 2013) (PDF) was released by Department of Electronics and Information Technology (DeitY). However the same was not made part and parcel of the National Security Policy of India. Further, the cyber security policy of India itself was insufficient and weak on many counts including lack of privacy safeguards. The cyber security policy is also not at all framed to cover the telecom security aspects as well.

India has been planning to undergo technological upgrade of border broadcast infrastructure due to Chinese broadcasts. It would also be interesting to see what types of telecom security policies would be implemented for border regions of India. Telecom security in India is not in a good shape and Indian telecom infrastructures are vulnerable to numerous cyber attacks. Recently it was reported that Huawei was accused of breaching national security of India by hacking base station controller in AP.

We have no implementable cyber attacks crisis management plan of India. The critical ICT infrastructure of India (PDF) is in a poor shape.  The cyber security trends of India 2013 (PDF) proved that India has still to cover a long field before cyber security can be effectively implemented in India. Thus, telecom infrastructures and equipments located at borders of India would be more vulnerable to cyber attacks than general telecom infrastructures of India.

The Telecom Commission may clear an Rs 7,103-crore rollout of Greenfield 2G networks in regions close to the Chinese and Bangladesh borders. These regions are presently outside the mobile loop. There are 8621 villages in locations of strategic importance across the northeast that are proposed to be brought under the cellular loop for the first time to bolster mobile-based surveillance on national security grounds.

Universal Services Obligation Fund (USOF), which will fund the project, will shortly invite bids from telcos for rolling out nearly 6,700 base stations in these regions. The USOF is the Department of Telecommunication’s (DOT) rural network infrastructure financing arm.

But it remains to be seen whether USOF will tweak tender norms to ensure any future cost escalations triggered by India’s spectrum reframing policy are shouldered by telecom operators. It would also be relevant to observe how the telecom security and cyber security aspects would be managed by Indian government in the near future.

Vodafone Confirms Existence Of Secret Wires For Government E-Surveillance And Eavesdropping Worldwide

From time to time media has reported that intelligence agencies around the world are using backdoor access to computers, servers and telecom infrastructures. Special equipments and arrangements have been made to grant intelligence agencies direct access to various infrastructures so that they can indulge in e-surveillance at will.

The Central Monitoring System (CMS) Project of India and Internet Spy System Network and Traffic Analysis System (NETRA) of India are the Indian versions of this practice. This is possible as we have no dedicated privacy laws in India. There is also no need to get a court order or warrant to tap telephone in India as it is purely an “executive act”. This result in illegal phone tapping and e-surveillance activities at mass scale in India that cannot be reported or ascertained due to limitations placed under various Indian laws.

We need to repeal the laws like Information Technology Act, 2000 (IT Act 2000), Indian Telegraph Act, 1885, etc and come up with better laws so they remain Constitutional. These laws have become an instrumentality to violate Civil Liberties in Cyberspace of Indian Citizens by both our politicians and intelligence agencies of India. Further, there is an urgent need to maintain a “balance” between law enforcement requirements and civil liberties protection in India.

In United States (U.S.), James Clapper had confirmed that NSA has been targeting foreign citizens for surveillance. Radio waves and Malware have also been used by NSA for world wide e-surveillance. Malware like FinFisher are increasingly being used for global electronic spying, e-surveillance and eavesdropping. Further, GCHQ and NSA have intercepted and stored webcam images of millions of innocent Internet users.

While the White House has limited options in this regard yet courts in different States of U.S. have shown their sensitivity towards e-surveillance and privacy violation issues. In fact, U.S. government has been seeking an order from FISA court for extended storage of telephone metadata and call records.

Although this practice of intelligence agencies of various nations was well known yet no company or individual came forward for long to expose the same. Edward Snowden came forward with the largest disclosures about illegal e-surveillance by intelligence agencies around the world. Now Vodafone has made some disclosures about the dark side of e-surveillance by intelligence agencies.

Vodafone, one of the world’s largest mobile phone groups, has revealed the existence of secret wires that allow government agencies to listen to all conversations on its networks, saying they are widely used in some of the 29 countries in which it operates in Europe and beyond. The company has broken its silence on government surveillance in order to push back against the increasingly widespread use of phone and broadband networks to spy on citizens, and will publish its first Law Enforcement Disclosure Report on Friday. At 40,000 words, it is the most comprehensive survey yet of how governments monitor the conversations and whereabouts of their people. The company said wires had been connected directly to its network and those of other telecoms groups, allowing agencies to listen to or record live conversations and, in certain cases, track the whereabouts of a customer. Privacy campaigners said the revelations were a “nightmare scenario” that confirmed their worst fears on the extent of snooping.

Direct-access systems do not require warrants, and companies have no information about the identity or the number of customers targeted. Mass surveillance can happen on any telecoms network without agencies having to justify their intrusion to the companies involved. Industry sources say that in some cases, the direct-access wire, or pipe, is essentially equipment in a locked room in a network’s central data centre or in one of its local exchanges or “switches”. Government agencies can also intercept traffic on its way into a data centre, combing through conversations before routing them on to the operator.

Vodafone’s group privacy officer, Stephen Deadman, said: “These pipes exist, the direct access model exists. “We are making a call to end direct access as a means of government agencies obtaining people’s communication data. Without an official warrant, there is no external visibility. If we receive a demand we can push back against the agency. The fact that a government has to issue a piece of paper is an important constraint on how powers are used”.

Friday, November 20, 2015

CBSE Asks Schools To Tackle Sexual Abuses And Strictly Implement POCSO Act 2012

Recently the Central Board of Secondary Education (CBSE) issued CBSE Guidelines for Prevention of Bullying and Ragging in Schools 9th March 2015, Reg: (D.O. No. 12-19/2012-RMSA-I) (PDF). As per the guidelines, CBSE has directed all its affiliated schools to form an anti-bullying committee. Now it has been reported that CBSE has asked all affiliated schools to tackle sexual abuse instances in schools and ensure strict compliance of the Protection of Children from Sexual Offences Act (POCSO) 2012 (PDF).

Sexual incidences create a lifelong mental trauma for the victim of the same. Many times the victim is not being able to communicate effectively about the offence and this result in a continued exploitation and mental agony for the victim. To make this daunting task easier, from now onwards, teachers, management and all employees of CBSE affiliated institutions will be made aware of the provisions of the POCSO Act 2012.

As per the Act instances of child abuse would need to be promptly reported as the central board is aiming for an improved response system and an alert machinery to take immediate action on reported cases of misbehaviour with students. A circular in this regard has been issued to school managements.

School complaints committee consisting of principal/vice-principal, a male teacher, a lady teacher, one boy and girl from students and a non-teaching staff member, will be set up to serve as complaints redressal body.

Aadhaar Not Compulsory For Government Services Supreme Court

Aadhaar is the most controversial project of India as it violates human rights and civil liberties in cyberspace. In fact, if you speak against Aadhaar project at social media platforms like Twitter, your tweets would be censored with impunity. Since its inception, Aadhaar project is a heavily censored subject in India. At the time of writing this post, Twitter is still censoring dissenting tweets regarding Aadhaar.

The dissenting tweets regarding Digital India are also censored by Twitter in real time and almost all of them are censored to give a positive image of Digital India project. We have written an article titled “Digital India and Aadhaar Related Critical Policy Suggestions and Views of Praveen Dalal” where all the censored dissenting tweets about Aadhaar and Digital India projects have been catalogued for ready reference.

Aadhaar has also been clubbed with Digital India project and that had made the combination the biggest digital panopticon of human race. This digital panopticon of India must be urgently declared unconstitutional by Indian Supreme Court. Similarly, Aadhaar project of India must also be declared unconstitutional by Indian Supreme Court. Despite the clear directions (PDF) of Supreme Court, both Central and State Government have made Aadhaar compulsory for various services. This is not only contempt of court but also a clear violation of Constitutional provisions and safeguards. For instance, Digital Locker tied up with Aadhaar is illegal and would not serve Digital India.

The Central Government is lying before the Supreme Court by claiming that Aadhaar is not mandatory for government services. The reality is that Aadhaar has been made compulsory for all government services directly as well as indirectly. Supreme Court of India has taken a stringent view against this process of making Aadhaar compulsory. It has directed that Aadhaar cannot be made compulsory for government services and any authority violating this direction of Supreme Court would be taken to task.

Supreme Court on Monday reiterated its earlier order that Aadhaar card is not compulsory and added that officials who insist on them will be taken to task. A Bench of Justices J. Chelameswar, S.A. Bobde and C. Nagappan clarified that demands made by officials for Aadhaar card is in clear violation of the Supreme Court’s interim order of September 23, 2013. In the 2013 order, the apex court had directed that “no person should suffer for not getting the Aadhaar card, inspite of the fact that some authority had issued a circular making it mandatory”.

“It is a matter of great public importance. The issue has serious implication in terms of Constitution. Notwithstanding the court’s order, there is insistence for Aadhaar. There is complete apathy on the part of officials,” senior advocate Gopal Subramaniam, representing one of the petitioners and Bangalore-resident, Mathew Thomas, submitted.

As an example, he referred to NCT government’s notification on March 9, 2015, insisting that couples require Aadhaar cards to get their marriage registered under the Special Marriage Act. In fact, senior advocate Anil Divan pointed out that the Bombay High Court Registrar had recently received an official communication asking him to make Aadhaar mandatory for disbursal of salary to staff and even judges.

Mr. Subramanium argued that collection of personal data of residents of India under the Aadhaar scheme is not exactly a government activity, but outsourced to private contractors. “On the surface it (Aadhaar) is a simple document of identity, but it has linkages by means of iris scans and biometric details. God forbid if identities are exchanged or mistaken. The Executive’s scheme involves private partners. Who are these private partners?” Mr. Subramanium submitted.

Submitting how the ordinary man is now prone to the perils of identity fraud, Mr. Subramanium said the “Sovereign State also has the duty to protect its citizens, to protect his identity, his personal information against possible misuse”.

“You better advise the States, if the officials insist, it would have consequences. We will take them to task. This is absolutely not right,” Justice Chelameswar observed.