India Is Blind Towards Cyber Law, Cyber Security And Cyber Forensics

Information Technology Act 2000 (IT Act 2000) of India deals with E-governance, E-commerce, Cyber Contraventions and Cyber Crimes. However, it is a poorly drafted law and badly implemented legislation. It is weak and ineffective in dealing with growing Cyber Crimes in India as it is the most “Soft and Cyber Criminal Friendly Legislation” of the World.

Indian Cyber Law is the exclusive cyber law that has made cyber crimes “Bailable”. This means that if a person commits the offence of Cracking, he must be released on bail as a “Matter of Right”.

Department of Information Technology (DIT) India is the main department that was responsible for the enactment of IT Act 2000. However, its upgradation and amendment is the responsibility of Ministry of Law. Law Minister Veerappa Moily has not played a pro active role in the use of Information Technology for Legal and Judicial purposes.

Whether it is E-courts, Online Dispute Resolution (ODR), Cyber Law or Cyber Forensics, Law Minister has not paid enough attention to incorporate the same in Legal and Judicial System of India.

Similarly, the Home Ministry of India is also responsible for some of the aspects of Legal System of India. For instance Home Minister P. Chidambaram has not paid any attention towards Cyber Security and Cyber Forensics. The same is not only relevant for the Legal System of India but also for the National Security of India. Issues like Cyber War and Cyber Terrorism have also skipped the attention of Home Minister.

Instead of improving the situation, DIT India, Law Ministry and Home Ministry are stressing too much upon E-surveillance and illegal snooping powers that have no “Procedural Safeguards and Guidelines” under the IT Act 2000.

With so many Government Departments responsible for various aspects of Cyber Law, Cyber Security and Cyber Forensics, India is heading nowhere. It would be better if a “Single Department” is entrusted with the responsibilities of Cyber Law, Cyber Security and Cyber Forensics so that India can have “Guided and Committed” actions in these crucial directions.

Reverse Engineer Malware Through REMnux

Dennis Fisher has written a story on a tool known as REMnux. According to the story malware reverse engineering expert Lenny Zeltser has released a stripped-down Ubuntu distribution in the form of REMnux so that malware can be analysed by reverse engineering process. The tool carries many popular malware-analysis, network monitoring and memory forensics tools for analysing the malware and reaching to the malicious code.

The traditional approach of malware analysis is limited in nature and unless we engage in memory analysis many crucial details would go unreported. It is claimed that REMnux is designed to remove this limitation. It can be booted via several VMware products, or through X-Windows.

REMNux has three separate tools for analysing Flash-specific malware, including SWFtools, Flasm and Flare, as well as several applications for analysing malicious PDFs, including Didier Stevens' analysis tools.

REMNux also has a number of tools for de-obfuscating JavaScript, including Rhino debugger, a version of Firefox with NoScript, JavaScript Deobfuscator and Firebug installed, and Windows Script Decoder.

In addition to the JavaScript and Adobe analysis tools, Zeltser also included a small Web server, and IRC server and a pseudo-DNS server. He also included Honeyd, the virtual honeypot server. There also is a customised shellcode analyser that will take malicious shellcode, create a Windows executable from it and then run it so you can observe its behavior.

In short, REMnux is designed for running services that are useful to emulate within an isolated laboratory environment when performing behavioral malware analysis. It is also useful for analysing web-based malware, such as malicious JavaScript, Java programs, and Flash files. It also has tool for analysing malicious documents, such as Microsoft Office and Adobe PDF files, and utilities for reversing malware through memory forensics.

At the moment, REMnux is only available as a virtual machine. Nothing is better than converting it into an ISO image of a Live CD/DVD. We will wait for its ISO version.

Law Enforcement Intelligence In India

Law enforcement intelligence is an area largely unexplored in India. Till not the law enforcement agencies of India are predominantly relying upon traditional methods of intelligence gathering and investigations. There is no doubt that these traditional methods would always remain useful; and nothing can substitute them. However, information and communication technology (ICT) can further strengthen these traditional methods and can fine tune them to achieve greater results.

Although many ambitious projects have been proposed in India regarding use of ICT for law enforcement purposes, yet they have to take a good start in order to bring them into mainstream. There are many blockages that are hindering their actual use and implementation. The biggest obstacle seems to be lack of safeguards to prevent abuse of civil liberties of Indians.

India has neither a dedicated privacy law nor any data protection legislation. Even the basic legal framework for law enforcement machinery is missing and India is managing it through colonial and outdates laws that date backs even before the Constitution of India came into force.

In this background, we have to plan the launch and implementation of Crime and Criminal Tracking Network and Systems (CCTNS) Project of India (CCTNS Project). Presently, the CCTNS Project of India has not been properly planned and implemented.

At Perry4Law Techno-Legal Base (PTLB) we are in the process of developing a techno-legal strategy that can accommodate both technological as well as legal mandates. On the technology side, we are building a software database that has almost all the necessary software and utilities necessary for the successful implementation of the CCTNS project and similar projects.

On the legal side we have already suggested a 10 point legal framework for law enforcement and intelligence agencies of India. We are in the process of detailed analysis of these points as well as incorporating new and contemporary ideas and suggestion in the same.

The law enforcement intelligence in India cannot succeed till it is techno-legal in nature. The real problem is that the police is not much aware about the technological issues. Similarly, the technology providers are not aware about the police work. So we have to make partial and piece meal efforts to make a larger picture.

At PTLB we are trying to provide both technological as well as legal solutions at a single place. This would avoid unnecessary wastage of time, energy and money as the most effective solution can be proceeded with immediately. Any person, institution, agency, organisation, etc wishing to work in association with us, may contact us with his/its proposal and we would be happy to extend out techno-legal expertise for the same.

Crime And Criminal Tracking Network and Systems (CCTNS) Project Of India

Crime and Criminal Tracking Network and Systems (CCTNS) Project Of India (CCTNS Project) is a very ambitious project of Indian government. It is the most comprehensive modernisation and reformative initiative of government of India to streamline law enforcement in India till date. The project is in its initial stage and it may face both technical as well as legal challenges and civil liberties issues.

CCTNS is a plan scheme conceived in the light of experience of a non-plan scheme namely - Common Integrated Police Application (CIPA). CCTNS is a Mission Mode Project under the National e-Governance Pan of Govt of India. CCTNS aims at creating a comprehensive and integrated system for enhancing the efficiency and effectiveness of policing through adopting of principle of e-Governance and creation of a nationwide networking infrastructure for evolution of IT-enabled-state-of-the-art tracking system around 'Investigation of crime and detection of criminals'.

The objectives of the Scheme can broadly be listed as follows:

1. Make the Police functioning citizen friendly and more transparent by automating the functioning of Police Stations.

2. Improve delivery of citizen-centric services through effective usage of ICT.

3. Provide the Investigating Officers of the Civil Police with tools, technology and information to facilitate investigation of crime and detection of criminals.

4. Improve Police functioning in various other areas such as Law and Order, Traffic Management etc.

5. Facilitate Interaction and sharing of Information among Police Stations, Districts, State/UT headquarters and other Police Agencies.

6. Assist senior Police Officers in better management of Police Force.

7. Keep track of the progress of Cases, including in Courts

8. Reduce manual and redundant Records keeping

Under the CCTNS Project, approx. 14,000 Police Stations throughout the country has been proposed to be automated.

The modernisation of police force in India cannot be successfully achieved till India acquires a techno-legal expertise. However, at least a good beginning has been made by Indian government and it would go a long way in modernisation of law enforcement in India. The government must, however, enact a suitable legal framework that can protect civil liberties of Indians from excessive police acts.

Law Enforcement In India Needs Techno-Legal Solutions

Modernisation of police force and establishing the supporting infrastructure for better policing and quicker responses to crimes, cyber crimes and national crises like terror attacks requires a techno-legal approach. Neither technology nor legal framework alone is sufficient to tackle these issues. However, absence of either law or technology would also fail any initiative that intends to modernise law enforcement in India. Take the example of National Intelligence Grid (NATGRID) that has been stalled due to absence of adequate safeguards and legal framework. None can doubt about the utility of NATGRID still it is in doldrums as it is not a techno-legal initiative but merely a technological initiative. This shows the importance of a techno-legal solution.

Perry4Law Techno-Legal Base (PTLB) is the premier, rather exclusive, institution of India that is providing techno-legal solutions for law enforcement and intelligence agencies of India. It is also providing techno-legal solutions for protecting national security of India. Some of the areas that it covers include cyber security, cyber terrorism, cyber forensics, cyber law, telecom security issues, etc.

Since any technological measure used for law enforcement and intelligence agencies purposes essentially involves civil liberties violations potential, we have also launched a Human Rights Centre of India (HRPCI). The Centre serves a “dual purpose”. On the one hand it provides techno-legal solutions to nations and organisations regarding cyber security threats, cyber terrorism, threats to the critical ICT infrastructure, cyber war, cyber espionage, crisis management plan, etc. On the other hand, it keeps a close watch over human rights violations by an overzealous and over cautious e-police State. In short, we provide techno-legal solutions that are not only technically sound but also constitutionally and legally valid.

At PTLB we believe that we cannot superimpose foreign models to Indian conditions. We have to “localise” our solutions so that they may suit Indian requirements. That is why we endorse a techno-legal training of police force as per Indian requirements. To meet this objective we have a techno-legal training centre for police forces of India at place.

Presently, PTLB is preparing a techno-legal strategy for modernisation of police force in India and world wide. Its world renowned techno-legal expertise would cater the law enforcement, legal and judicial and technological needs of crime fighting in India. We hope our initiative would prove useful for all concerned.

Use Of ICT For Legal And Judicial Reforms In India

By
Praveen Dalal

The Bar Council of India (BCI) and Law Minister Mr. Veerappa Moily are all set to bring legal and judicial reforms in India. Although the steps taken by both BCI and Moily are great yet they are clearly shying away from use of information and communication technology (ICT) for legal and judicial purposes.

The BCI failed to provide an online platform where legal education and exams can be conducted. Similarly, Moily failed to bring even a single e-court in India. After almost seven years of deliberation, e-courts project of India seems to have been scrapped. Realising that both online legal education and e-courts require expertise (especially the e-court) it would be prudent to expect one more year before any action is taken by BCI and Moily in this regard.

Meanwhile, both BCI and Moily must concentrate upon another crucial project that is relevant for both Bar and Bench. It pertains to use of online dispute resolution (ODR) for legal and judicial purposes. Even the alternative dispute resolution (ADR) regime in India needs an upgradation as it has failed to provide the desired results. Since the arbitration law of India is in the process of reformulation, it is high time for Moily to incorporate necessary provisions regarding ODR in it as well. Even suitable provisions regarding e-courts can be incorporated in the same.

Techno-Legal expertise and assistance of Perry4Law Techno Legal Base (PTLB) can be taken in this regard as it is managing all the above mentioned areas of legal and judicial reforms.

PTLB is managing an online platform that caters the techno-legal training, education, coaching and skill development requirements regarding bar examinations in India, Indian legal services exams, training of lawyers in India, cyber law courses, cyber law trainings for lawyers and judges, etc. The main purpose of this platform is not to provide empty academic education but to develop skill of lawyers, judges, professionals, law students, etc.

PTLB is also managing e-courts training and consultancy centre of India. This is the exclusive centre in the World that provides valuable training and consultancy regarding e-courts, digital evidencing, cyber law training to judges, ODR, etc. This is one of the most important projects that can bring long term and robust legal and judicial reforms in India. Both BCI and Moily must consider replicating this model as soon as possible.

PTLB is also managing the exclusive techno-legal ODR Center of the World. It manages both technical as well as legal issues of dispute resolution. This can be a valuable addition in the legal and judicial reforms arsenal of BCI and Moily.

Above all PTLB is willing to replicate and establish these models for BCI and Law Ministry if they deem it necessary for India.