Tuesday, December 8, 2015

Foreign Telecom Companies May Face Opposition And Lesser Market Share In India

The heat is growing against foreign telecom equipments makers. Those on the list include the Chinese companies like Huawei and ZTE that are increasingly seen as a potential national security and cyber security threat to India and other jurisdictions. Recently, the Indian Electrical and Electronic Manufacturers’ Association (IEEMA) suggested that Indian government should consider banning imports of equipment related to power generation and telecom from China. This has come after the intelligence agencies of India expressed similar opinion.

Similarly, the increasing targeting of foreign nationals by intelligence agencies like National Security Agency (NSA) of U.S. and Government Communications Headquarters (GCHQ) of United Kingdom has also badly shaken the trust upon telecom companies operating from these jurisdictions.

For instance, Cisco, IBM, Microsoft and Hewlett-Packard have reported declines in business in China since the NSA surveillance program was exposed. Similar treatment is expected in India as India has already justified its Preferential Market Access (PMA) Policy for domestic telecom equipments manufacturers. India is also considering formulating norms for import and testing of telecom equipments in India. The security agencies of India have even suggested use of indigenously made cyber security softwares.

Recently the Telecom Merger and Acquisitions (M&A) Guidelines 2014 of India were announced by Indian government. The FDI policy for telecom sector of India 2014 (PDF) has also been revised to espouse greater interest of foreign telecom stakeholders. However, various telecom policies of India are subject to clear cut exception of national and cyber security compliances on the part of foreign and domestic telecom companies. In the present circumstances, companies like Huawei, ZTE, Cisco, IBM, Microsoft, Hewlett-Packard, etc would be required to ensure techno legal telecom due diligence compliances in India before their offers and proposals are accepted in India.

To control the damage these companies have started exploring mechanisms to inculcate trust among users and governments of foreign nations. Some of them have even embraced the idea of developing surveillance free products to keep praying eyes and ears at minimum.  These include use of sophisticated encryption technology and development of self destruction products in case of possible breach of security. However, encryption laws of India and cloud computing legal risks in India are still not considered by these foreign companies.

We at Perry4Law believe that all Subsidiary/Joint Ventures of Foreign Companies in India, especially those dealing in Information Technology and Online Environment, must mandatorily establish a server in India. Otherwise, such Companies and their Websites should not be allowed to operate in India. The Ministry of Home Affairs, India and Intelligence Bureau (IB) are already exploring this possibility.

A “Stringent Liability” for such Indian Subsidiaries dealing in Information Technology and Online Environment must be established by Laws of India. More stringent online advertisement, e-commerce, telecom security and cyber security provisions must be formulated for such Indian Subsidiary Companies and their Websites.

Saturday, November 21, 2015

Indian Department Of Telecommunications Would Investigate Govt Snooping Allegations By Vodafone

It is no more a secret that Governments across the world are indulging in e-surveillance and eavesdropping using technology and telecom infrastructures. India is no exception to this practice. Rather India is one of the most endemic e-surveillance nations in the world. The draconian laws like Telegraph Law and Indian Cyber Law are helping Indian government and intelligence agencies to indulge in unreasonable and unfettered e-surveillance at anytime and at any place. There is also an urgent need to bring intelligence agencies reforms in India as the intelligence infrastructure of India is in big mess.

Recently, the telecom giant Vodafone revealed existence of secret wires to facilitate e-surveillance by various Governments. It has been reported that even India has been using this service to indulge in e-surveillance. We have no constitutionally sound e-surveillance laws in India (PDF) as on date. Even e-surveillance policy of India is missing and there is a complete chaos in this regard. We have no telecom security policy of India as well that can prevent unauthorised e-surveillance and security threats against telecom infrastructure of India.

India has become notoriously infamous for her e-surveillance exercises and India cannot afford to maintain this negative image any further. This is the reason why Narendra Modi Government may be analysing the e-surveillance projects like The Central Monitoring System (CMS) Project of India and Internet Spy System Network and Traffic Analysis System (NETRA) of India.

In line of this approach, the Communications and Information Technology Minister Ravi Shankar Prasad on Tuesday said the Department of Telecommunications (DoT) would look into allegations made by Vodafone regarding use of secret wires by India along with other countries.

The Congress led Government was well known for its “Anti Constitutional and Pro Surveillance” approach. Only time would tell whether Narendra Modi led Government would continue this approach or bring order in the chaos created by the Congress led Government.

Whatever the case may be, we need to ensure Civil Liberty Protection in Cyberspace for Indian Citizens “At All Costs and By All Means”. The digital life of Indian citizens is not at all safe and is open to various forms of e-surveillance and eavesdropping. In the absence of support form Indian Government, Self Defence is the only viable option left before Indian Citizens to safeguard their digital lives. The initiatives titled PRISM Break and Reset the Net are worth exploring in this regard as a “Starting Point”.

Telecom Commission Cellular Loop’s Proposal Would Strengthen Mobile Based Surveillance On National Security Grounds

Recently the National Cyber Security Policy of India 2013 (NCSP 2013) (PDF) was released by Department of Electronics and Information Technology (DeitY). However the same was not made part and parcel of the National Security Policy of India. Further, the cyber security policy of India itself was insufficient and weak on many counts including lack of privacy safeguards. The cyber security policy is also not at all framed to cover the telecom security aspects as well.

India has been planning to undergo technological upgrade of border broadcast infrastructure due to Chinese broadcasts. It would also be interesting to see what types of telecom security policies would be implemented for border regions of India. Telecom security in India is not in a good shape and Indian telecom infrastructures are vulnerable to numerous cyber attacks. Recently it was reported that Huawei was accused of breaching national security of India by hacking base station controller in AP.

We have no implementable cyber attacks crisis management plan of India. The critical ICT infrastructure of India (PDF) is in a poor shape.  The cyber security trends of India 2013 (PDF) proved that India has still to cover a long field before cyber security can be effectively implemented in India. Thus, telecom infrastructures and equipments located at borders of India would be more vulnerable to cyber attacks than general telecom infrastructures of India.

The Telecom Commission may clear an Rs 7,103-crore rollout of Greenfield 2G networks in regions close to the Chinese and Bangladesh borders. These regions are presently outside the mobile loop. There are 8621 villages in locations of strategic importance across the northeast that are proposed to be brought under the cellular loop for the first time to bolster mobile-based surveillance on national security grounds.

Universal Services Obligation Fund (USOF), which will fund the project, will shortly invite bids from telcos for rolling out nearly 6,700 base stations in these regions. The USOF is the Department of Telecommunication’s (DOT) rural network infrastructure financing arm.

But it remains to be seen whether USOF will tweak tender norms to ensure any future cost escalations triggered by India’s spectrum reframing policy are shouldered by telecom operators. It would also be relevant to observe how the telecom security and cyber security aspects would be managed by Indian government in the near future.

Vodafone Confirms Existence Of Secret Wires For Government E-Surveillance And Eavesdropping Worldwide

From time to time media has reported that intelligence agencies around the world are using backdoor access to computers, servers and telecom infrastructures. Special equipments and arrangements have been made to grant intelligence agencies direct access to various infrastructures so that they can indulge in e-surveillance at will.

The Central Monitoring System (CMS) Project of India and Internet Spy System Network and Traffic Analysis System (NETRA) of India are the Indian versions of this practice. This is possible as we have no dedicated privacy laws in India. There is also no need to get a court order or warrant to tap telephone in India as it is purely an “executive act”. This result in illegal phone tapping and e-surveillance activities at mass scale in India that cannot be reported or ascertained due to limitations placed under various Indian laws.

We need to repeal the laws like Information Technology Act, 2000 (IT Act 2000), Indian Telegraph Act, 1885, etc and come up with better laws so they remain Constitutional. These laws have become an instrumentality to violate Civil Liberties in Cyberspace of Indian Citizens by both our politicians and intelligence agencies of India. Further, there is an urgent need to maintain a “balance” between law enforcement requirements and civil liberties protection in India.

In United States (U.S.), James Clapper had confirmed that NSA has been targeting foreign citizens for surveillance. Radio waves and Malware have also been used by NSA for world wide e-surveillance. Malware like FinFisher are increasingly being used for global electronic spying, e-surveillance and eavesdropping. Further, GCHQ and NSA have intercepted and stored webcam images of millions of innocent Internet users.

While the White House has limited options in this regard yet courts in different States of U.S. have shown their sensitivity towards e-surveillance and privacy violation issues. In fact, U.S. government has been seeking an order from FISA court for extended storage of telephone metadata and call records.

Although this practice of intelligence agencies of various nations was well known yet no company or individual came forward for long to expose the same. Edward Snowden came forward with the largest disclosures about illegal e-surveillance by intelligence agencies around the world. Now Vodafone has made some disclosures about the dark side of e-surveillance by intelligence agencies.

Vodafone, one of the world’s largest mobile phone groups, has revealed the existence of secret wires that allow government agencies to listen to all conversations on its networks, saying they are widely used in some of the 29 countries in which it operates in Europe and beyond. The company has broken its silence on government surveillance in order to push back against the increasingly widespread use of phone and broadband networks to spy on citizens, and will publish its first Law Enforcement Disclosure Report on Friday. At 40,000 words, it is the most comprehensive survey yet of how governments monitor the conversations and whereabouts of their people. The company said wires had been connected directly to its network and those of other telecoms groups, allowing agencies to listen to or record live conversations and, in certain cases, track the whereabouts of a customer. Privacy campaigners said the revelations were a “nightmare scenario” that confirmed their worst fears on the extent of snooping.

Direct-access systems do not require warrants, and companies have no information about the identity or the number of customers targeted. Mass surveillance can happen on any telecoms network without agencies having to justify their intrusion to the companies involved. Industry sources say that in some cases, the direct-access wire, or pipe, is essentially equipment in a locked room in a network’s central data centre or in one of its local exchanges or “switches”. Government agencies can also intercept traffic on its way into a data centre, combing through conversations before routing them on to the operator.

Vodafone’s group privacy officer, Stephen Deadman, said: “These pipes exist, the direct access model exists. “We are making a call to end direct access as a means of government agencies obtaining people’s communication data. Without an official warrant, there is no external visibility. If we receive a demand we can push back against the agency. The fact that a government has to issue a piece of paper is an important constraint on how powers are used”.

Friday, November 20, 2015

CBSE Asks Schools To Tackle Sexual Abuses And Strictly Implement POCSO Act 2012

Recently the Central Board of Secondary Education (CBSE) issued CBSE Guidelines for Prevention of Bullying and Ragging in Schools 9th March 2015, Reg: (D.O. No. 12-19/2012-RMSA-I) (PDF). As per the guidelines, CBSE has directed all its affiliated schools to form an anti-bullying committee. Now it has been reported that CBSE has asked all affiliated schools to tackle sexual abuse instances in schools and ensure strict compliance of the Protection of Children from Sexual Offences Act (POCSO) 2012 (PDF).

Sexual incidences create a lifelong mental trauma for the victim of the same. Many times the victim is not being able to communicate effectively about the offence and this result in a continued exploitation and mental agony for the victim. To make this daunting task easier, from now onwards, teachers, management and all employees of CBSE affiliated institutions will be made aware of the provisions of the POCSO Act 2012.

As per the Act instances of child abuse would need to be promptly reported as the central board is aiming for an improved response system and an alert machinery to take immediate action on reported cases of misbehaviour with students. A circular in this regard has been issued to school managements.

School complaints committee consisting of principal/vice-principal, a male teacher, a lady teacher, one boy and girl from students and a non-teaching staff member, will be set up to serve as complaints redressal body.

Aadhaar Not Compulsory For Government Services Supreme Court

Aadhaar is the most controversial project of India as it violates human rights and civil liberties in cyberspace. In fact, if you speak against Aadhaar project at social media platforms like Twitter, your tweets would be censored with impunity. Since its inception, Aadhaar project is a heavily censored subject in India. At the time of writing this post, Twitter is still censoring dissenting tweets regarding Aadhaar.

The dissenting tweets regarding Digital India are also censored by Twitter in real time and almost all of them are censored to give a positive image of Digital India project. We have written an article titled “Digital India and Aadhaar Related Critical Policy Suggestions and Views of Praveen Dalal” where all the censored dissenting tweets about Aadhaar and Digital India projects have been catalogued for ready reference.

Aadhaar has also been clubbed with Digital India project and that had made the combination the biggest digital panopticon of human race. This digital panopticon of India must be urgently declared unconstitutional by Indian Supreme Court. Similarly, Aadhaar project of India must also be declared unconstitutional by Indian Supreme Court. Despite the clear directions (PDF) of Supreme Court, both Central and State Government have made Aadhaar compulsory for various services. This is not only contempt of court but also a clear violation of Constitutional provisions and safeguards. For instance, Digital Locker tied up with Aadhaar is illegal and would not serve Digital India.

The Central Government is lying before the Supreme Court by claiming that Aadhaar is not mandatory for government services. The reality is that Aadhaar has been made compulsory for all government services directly as well as indirectly. Supreme Court of India has taken a stringent view against this process of making Aadhaar compulsory. It has directed that Aadhaar cannot be made compulsory for government services and any authority violating this direction of Supreme Court would be taken to task.

Supreme Court on Monday reiterated its earlier order that Aadhaar card is not compulsory and added that officials who insist on them will be taken to task. A Bench of Justices J. Chelameswar, S.A. Bobde and C. Nagappan clarified that demands made by officials for Aadhaar card is in clear violation of the Supreme Court’s interim order of September 23, 2013. In the 2013 order, the apex court had directed that “no person should suffer for not getting the Aadhaar card, inspite of the fact that some authority had issued a circular making it mandatory”.

“It is a matter of great public importance. The issue has serious implication in terms of Constitution. Notwithstanding the court’s order, there is insistence for Aadhaar. There is complete apathy on the part of officials,” senior advocate Gopal Subramaniam, representing one of the petitioners and Bangalore-resident, Mathew Thomas, submitted.

As an example, he referred to NCT government’s notification on March 9, 2015, insisting that couples require Aadhaar cards to get their marriage registered under the Special Marriage Act. In fact, senior advocate Anil Divan pointed out that the Bombay High Court Registrar had recently received an official communication asking him to make Aadhaar mandatory for disbursal of salary to staff and even judges.

Mr. Subramanium argued that collection of personal data of residents of India under the Aadhaar scheme is not exactly a government activity, but outsourced to private contractors. “On the surface it (Aadhaar) is a simple document of identity, but it has linkages by means of iris scans and biometric details. God forbid if identities are exchanged or mistaken. The Executive’s scheme involves private partners. Who are these private partners?” Mr. Subramanium submitted.

Submitting how the ordinary man is now prone to the perils of identity fraud, Mr. Subramanium said the “Sovereign State also has the duty to protect its citizens, to protect his identity, his personal information against possible misuse”.

“You better advise the States, if the officials insist, it would have consequences. We will take them to task. This is absolutely not right,” Justice Chelameswar observed.

SC Has Killed Cyber Law Due Diligence In India To A Great Extent

Cyber law due diligence in India (PDF) for Internet Intermediaries is incorporated in the Information Technology Act 2000 (IT Act 2000). Section 79 read with Information Technology (Intermediaries Guidelines) Rules, 2011 (PDF) deals with cyber law due diligence obligations of Internet Intermediaries of India.

There has been lots of confusion and protests against the Internet Intermediary liability applicable to the Intermediaries. Although internet intermediary liability in India has been clarified yet doubts and problems persisted in this regard. As a result cyber law due diligence requirements in India is neglected with impunity.

According to the cyber law developments of India 2014 provided by Perry4Law Organisation (P4LO) and Cyber Crimes Investigation Centre of India (CCICI), some serious cyber law related issues deserve immediate attention of Indian government. We were waiting for a positive response from Indian government but meanwhile the judgment of Shreya Singhal v. Union of India (24th March 2015), Writ Petition (Criminal) No.167 Of 2012 (PDF) was delivered by Indian Supreme Court.

This judgement has come as a big blow to the cyber law due diligence obligations of Intermediaries in India. The main problem seems to be reading down of Section 79(3) (b) and Rule 3(4) By Supreme Court in a manner that would be counter productive in the long run. In fact, reading down of Section 79(3) (b) and Rule 3(4) is more problem than solution as the Supreme Court erred in adopting this approach.

Now it has become necessary for Modi government to urgently bring suitable amendments in the IT Act 2000. Unfortunately, Indian Parliament and Indian government are not capable of enacting effective techno legal legislations. This is the reason why even the most draconian and unconstitutional rules are simply approved by Indian Parliament without any analysis, debate and application of mind. Once approved, such rules become part of the parent Act and this creates serious law and order enforcement problems.

Even worst is constitution of authorities and projects by mere Executive orders. For instance, Aadhaar project is an unconstitutional project that has been created by an Executive order. Indian Parliament has not deemed it fit to dissolve the same and come up with a robust law in this regard. Supreme Court if India has directed on multiple occasions that Aadhaar is not compulsory for government services but Indian government is not paying any heed towards those directions. Aadhaar has been made compulsory by direct and indirect means and very soon even the Aadhaar project would be declared to be unconstitutional by Indian Supreme Court.

Even Modi government is following the steps of Congress government and is very indifferent towards ensuring Parliamentary oversight of various projects and initiatives. For instance, promising projects like Digital India and Internet of Things (IoT) (PDF) are still not governed by any legislative process. Naturally, there is no accountability and transparency for these projects as on date. In fact, Digital India project of India is heading for rough waters in these circumstances.

Indian cyber law has not been appropriate since its inception. Too much stress is given to suppress civil liberties and enhance e-surveillance. However, it has now reached a stage where immediate steps must be taken to protect civil liberties in cyberspace on the one hand and projects like Digital India on the other. This is also the high time to leave politics and do positive things for Indian masses.

E-Police Station In Delhi Would Register Online FIR For Motor Vehicle Theft Cases

Projects like Digital India and Internet of Things (PDF) are very crucial to ensure e-delivery of services in India. Fields like healthcare, Judiciary, dispute resolution, etc can be greatly benefited by the Digital India project. It is equally true that implementation of these projects is not an easy task as they are facing numerous techno legal challenges as well. The paced of India is also very slow in this regard. This has not deterred Indian government to launch ambitious initiatives like National E-Health Authority (NeHA) of India that would strengthen healthcare facilities in India.

It is also necessary that the cyber security of digital India project must also be ensured in such a manner that a balance between civil liberties protection and national security requirements is maintained. Recently the Supreme Court of India struck down (PDF) Section 66A of Information Technology Act, 2000 as it violated freedom to speech and expression. This was a case of enactment of bad law implemented in even worst manner. Due to the indifference and vested interests of Indian government, now even genuine victims of cyber bullying, cyber crimes and sexual offences are left with almost nil remedies. We at Perry4Law’s Techno Legal Base (PTLB) believe that this judgment of Supreme Court must be immediately reviewed in public interest.

In another good initiative undertaken by Indian government, the Delhi Police on Thursday launched their first e-police station to deal exclusively with cases of motor vehicle theft. The pilot project of the “Motor Vehicle Theft (MVT) Application” is now accessible on mobiles and computers. Presently this facility is available only for police stations in South Delhi and the same will be extended to entire Delhi after sorting out technical glitches and other problems. The formal inauguration of the e-police station and the MVT App will be done next month by Prime Minister Narendra Modi, after which the e-police station and MVT app will be made available for public use, a senior crime branch officer said.

The best part about the application is that this will enable the complainant to register a First Information Report (FIR) online and instantly receive a copy of the same without going to the police station. The application will also provide an “untraced report” of the stolen vehicle to the complainant within 21 to 30 days of the FIR, helping the complainant seek an insurance claim. This has greatly reduced the mental trauma and inconvenience that victims of vehicles theft used to face till now. We at PTLB welcome this initiative of Delhi Police and are committed to extent all possible assistance to it in this regard.

The other features of the application include electronic matching of stolen and unclaimed vehicles from the centralised databases and timely disposal of vehicle theft cases to reduce pendency at police stations and courts. The MVT application will ensure electronic transmission of digitally signed FIR to the complainant as well as the area SHO, designated Court, insurance company, etc. It will automatically send mobile text messages or emails to the police control room (PCR), all SHOs in Delhi police, district DCPs, state transport authority, all senior superintendents of police (SSPs) across the country, states crime records bureau (SCRB) and national crime records bureau (NCRB) simultaneously. This is the best part about the MVT application as a timely and coordinated action is must to successfully trace stolen vehicles.

Five FIRs related to thefts of vehicles were lodged with the e-police station through online registration. The first online registered FIR was related to theft of a Maruti Omni van falling under the Neb Sarai police station. We at PTLB believe that it would be a good idea to replicate this system for other crimes as well with necessary modifications, if required.


Monday, November 16, 2015

Indian Supreme Court Asks Central Government To Clarify Upon Privacy Invasive Software And Mobile Applications

Privacy is essential part of civil liberties and it has assumed more importance in the present connected world. We have computers, smartphones and many more mediums that capture, store and analyse personal and sensitive information on daily basis. It is natural that such information and data must be properly secured and adequately safeguarded. This is the reason why we need strong privacy and data protection laws on the one hand and effective and robust cyber security on the other.

Indian Supreme Court is already hearing few cases pertaining to privacy rights and their applicability in India. However, privacy rights in the information era are totally different from the traditional privacy rights. India has no dedicated laws on privacy and data protection (PDF) so far. We at Perry4Law Organisation (P4LO) strongly recommend that dedicated privacy and data protections laws must be urgently formulated by Indian Government. We also recommend that a techno legal framework must also be formulated by Indian Government as soon as possible.

Meanwhile the Supreme Court has taken up the cause against the privacy violating software and mobile applications. As per a media report, Supreme Court of India has taken a serious note of the software and mobile applications that can be used to extract private information from smartphones. The Court has asked the Central Government to clarify its stand in this regard and also to explain how such systems exist even though it’s clear that they are violating the law. A notice has also been issued to the Central Government, CBI as well as an IT firm: Spundan-The IT Pulse. The firm is known to sell such software, which according to the court can be used in anti-national activities.

The order was passed by a Three Judges bench comprising of Justice J S Khehar, Madan B Lokur and Kurian Joseph. This was on the basis of a plea which was filed by Prashant Pandey, known as the whistleblower in the Vyapan scam in Madhya Pradesh. He had alleged that personal records of anyone, be it judges could be acquired using this software. He has pleaded for a CBI probe into the activities of companies such as these. The petition reads, “The illegal interception of calls, generation of call detail records etc are not only violative of Indian Telegraph Act and Indian Wireless Telegraphy Act but are also fuelling various criminal activities like extortion and has a direct bearing on national security”.

Senior advocate Indira Jaising said, “The gravity of the situation can be ascertained by the fact that today subscriber details including complete name and address along with the date of birth, alternative mobile/ land line number, call detail records, location of a mobile of any person can be availed through this online software, be it of the chief minister of a state, judges of higher courts, head of various armed forces, senior scientists etc by anyone who has installed this software on personal computer after purchasing it from IT Company”.

Guidelines On Protection Of Good Samaritan While Saving Lives Of Road Accident Victims (2015)

Protection of lives of road accident victims is possible to the maximum possible extent only if good people come forward to take them to hospitals. A timely first aid and early access to medical facilities is sine quo non for lesser mortality rates.

Supreme Court of India addressed this issue and other related ones in Savelife Foundation & Anr v. Union of India & Anr, Writ Petition (Civil) No(s). 235 Of 2012 (SC) (PDF). A Committee was constituted by the Supreme Court and one of the points of reference was incorporated into clause (x) which reads as follows:
(x) Deliberate and develop a set of guidelines for protecting Good Samaritans from police harassment and legal hassles. The guidelines will aim to address the root causes for fear of harassment and legal hassles in general public regarding helping injured victims. These guidelines will also serve as a foundation for further legislative work in the area of protecting Good Samaritans.

In a welcome move, the Narendra Modi led Government has issued Guidelines on Protection of Good Samaritan While Saving Lives of Road Accident Victims (2015) (PDF). This shows the sensitivity of Indian Government towards the precious lives that can be saved if road accident victims can be taken to hospitals as soon as possible.

Although there is no dearth of good people to take accident victims to the hospitals yet legal formalities and legal hassles have forced many not to take the much needed actions. Now with these guidelines it can be hoped that more precious lives would be saved.

Perry4Law organisation (P4LO) welcomes this move of Indian Government and hopes that more such constructive and pro active initiatives would be taken by the Indian Government in near future.