Law Enforcement In India Needs Techno-Legal Solutions

Modernisation of police force and establishing the supporting infrastructure for better policing and quicker responses to crimes, cyber crimes and national crises like terror attacks requires a techno-legal approach. Neither technology nor legal framework alone is sufficient to tackle these issues. However, absence of either law or technology would also fail any initiative that intends to modernise law enforcement in India. Take the example of National Intelligence Grid (NATGRID) that has been stalled due to absence of adequate safeguards and legal framework. None can doubt about the utility of NATGRID still it is in doldrums as it is not a techno-legal initiative but merely a technological initiative. This shows the importance of a techno-legal solution.

Perry4Law Techno-Legal Base (PTLB) is the premier, rather exclusive, institution of India that is providing techno-legal solutions for law enforcement and intelligence agencies of India. It is also providing techno-legal solutions for protecting national security of India. Some of the areas that it covers include cyber security, cyber terrorism, cyber forensics, cyber law, telecom security issues, etc.

Since any technological measure used for law enforcement and intelligence agencies purposes essentially involves civil liberties violations potential, we have also launched a Human Rights Centre of India (HRPCI). The Centre serves a “dual purpose”. On the one hand it provides techno-legal solutions to nations and organisations regarding cyber security threats, cyber terrorism, threats to the critical ICT infrastructure, cyber war, cyber espionage, crisis management plan, etc. On the other hand, it keeps a close watch over human rights violations by an overzealous and over cautious e-police State. In short, we provide techno-legal solutions that are not only technically sound but also constitutionally and legally valid.

At PTLB we believe that we cannot superimpose foreign models to Indian conditions. We have to “localise” our solutions so that they may suit Indian requirements. That is why we endorse a techno-legal training of police force as per Indian requirements. To meet this objective we have a techno-legal training centre for police forces of India at place.

Presently, PTLB is preparing a techno-legal strategy for modernisation of police force in India and world wide. Its world renowned techno-legal expertise would cater the law enforcement, legal and judicial and technological needs of crime fighting in India. We hope our initiative would prove useful for all concerned.

Use Of ICT For Legal And Judicial Reforms In India

By
Praveen Dalal

The Bar Council of India (BCI) and Law Minister Mr. Veerappa Moily are all set to bring legal and judicial reforms in India. Although the steps taken by both BCI and Moily are great yet they are clearly shying away from use of information and communication technology (ICT) for legal and judicial purposes.

The BCI failed to provide an online platform where legal education and exams can be conducted. Similarly, Moily failed to bring even a single e-court in India. After almost seven years of deliberation, e-courts project of India seems to have been scrapped. Realising that both online legal education and e-courts require expertise (especially the e-court) it would be prudent to expect one more year before any action is taken by BCI and Moily in this regard.

Meanwhile, both BCI and Moily must concentrate upon another crucial project that is relevant for both Bar and Bench. It pertains to use of online dispute resolution (ODR) for legal and judicial purposes. Even the alternative dispute resolution (ADR) regime in India needs an upgradation as it has failed to provide the desired results. Since the arbitration law of India is in the process of reformulation, it is high time for Moily to incorporate necessary provisions regarding ODR in it as well. Even suitable provisions regarding e-courts can be incorporated in the same.

Techno-Legal expertise and assistance of Perry4Law Techno Legal Base (PTLB) can be taken in this regard as it is managing all the above mentioned areas of legal and judicial reforms.

PTLB is managing an online platform that caters the techno-legal training, education, coaching and skill development requirements regarding bar examinations in India, Indian legal services exams, training of lawyers in India, cyber law courses, cyber law trainings for lawyers and judges, etc. The main purpose of this platform is not to provide empty academic education but to develop skill of lawyers, judges, professionals, law students, etc.

PTLB is also managing e-courts training and consultancy centre of India. This is the exclusive centre in the World that provides valuable training and consultancy regarding e-courts, digital evidencing, cyber law training to judges, ODR, etc. This is one of the most important projects that can bring long term and robust legal and judicial reforms in India. Both BCI and Moily must consider replicating this model as soon as possible.

PTLB is also managing the exclusive techno-legal ODR Center of the World. It manages both technical as well as legal issues of dispute resolution. This can be a valuable addition in the legal and judicial reforms arsenal of BCI and Moily.

Above all PTLB is willing to replicate and establish these models for BCI and Law Ministry if they deem it necessary for India.

India Should Not Use SaaS For Crucial Governmental Functions

Software as a Service (SaaS) is in media reports for long. SaaS is a web-based version of proprietary software that performs computing on its servers on behalf of the client. Cloud computing is one of the most famous forms of SaaS. It is projected as a panacea for many infrastructure related problems and cost saving. While cloud computing has considerable cost benefits but it has drawbacks as well.

Richard Stallman, the founder of Free Software Foundation, says that on the Internet, proprietary software isn't the only way to lose your freedom. SaaS is another way to let someone else has power over your computing. He totally rejects the idea of cloud computing and opines that the real meaning of “cloud computing” is to suggest a devil-may-care approach towards your computing. It says, “Don't ask questions, just trust every business without hesitation. Don't worry about who controls your computing or who holds your data. Don't check for a hook hidden inside our service before you swallow it.” In other words, cloud computing means think like a moron.

There are many security and regulatory factors that must be complied with by SaaS and cloud computing before their deployment in India. Out of these I would presently like to stress upon three aspects alone. These are Security and Privacy, Compliance, and Legal or Contractual Issues.

As far as Security and Privacy is concerned, India has a very weak cyber security and no dedicated privacy law. Even there is no dedicated data protection law in India. The data of end users and governmental agencies is not safe in the absence of these essential regulations that the government of India is willingly not interested in enacting.

As far as Compliance aspect is concerned, that is an alien concept in India. For instance, the Aadhar project of India/UID project, National Intelligence Grid (NATGRID) project of India, etc all are running in India even in the absence of any legislation ensuring proper safeguards. When there is no legislation even for the most basic projects like Aadhar and Natgrid, there is no question of compliance in India. Outsourcers and foreign clients, keep this in mind while sending your crucial details and data to India.

Finally, the Legal and Contractual issues also cannot provide much protection against illegal and negligent data sharing and data thefts in India. The sole cyber law of India is enacted in the form of Information Technology Act, 2000 (IT Act 2000). Cyber crimes like cracking, data theft, privacy violation, etc are all bailable leaving much room for commission of these crimes.

India should not use SaaS and Cloud Computing for governmental purposes in the absence of strong cyber law and cyber security. As Stallman says, in the meantime, if a company invites you to use its server to do your own computing tasks, don't yield; don't use SaaS. Use a real computer and keep your data there. Do your work with your own copy of a free program, for your freedom's sake.

The Extra Steps That TOR Users Must Take

By
Praveen Dalal

The “Decloaking Engine” invented by HD Moore was one of the most effective ways of showing how exit nodes of TOR system can sniff the unencrypted, plain text and insecure information and data passing through it. A malicious or e-surveillance capable exit node is the weakest link of the privacy and security chain of a TOR user. However, the problem is not with the TOR’s system as this is the way TOR works. The real problem lies with the end user’s perception regarding TOR’s use in general and anonymity and privacy in particular.

There are various media reports that suggest that Wikileaks acquired its whistle blowing ammunition by sniffing or intercepting the traffic flowing through TOR networks. Whether this is true or not is not the real question here. The real question is what TOR is actually offering to the end users?

Interestingly, TOR is very clearly and openly explaining the scope of anonymity and privacy offered by it to the end users. Actually TOR is great for anonymity but average at privacy protection and poor at data security. This is because although the entry node encrypts the data and forwards it to the next node, the exit node sees it in clear text and unencrypted form. This means that although the ultimate site that you wish to access would see the IP address of the exit node and not your original IP address yet the exit node itself is very sure about the data you are sending to the website.

Think about a malicious exit node as a man-in-the middle attacker (MITM).that can sniff your traffic that you are sending to the ultimate website. It may include confidential information like bank accounts, passwords, governmental secret documents, etc. All of these travel in a plain text form and can be sniffed easily by the exit node. To some extent a malicious exit node is also a form of “Extended MITM” attack as the normal MITM attack occurs either at the local network or local wireless network/access point. But in case of MITM attack occurring at the exit node of TOR system, this is happening at a place far beyond your network(s) and jurisdiction. This scary fact must be kept in mind while sending unencrypted and unprotected data across TOR network.

The real problem is that an averageTOR user cannot differentiate between a trusted and untrusted exit node. This differentiation is not within his direct control. But he has something great that can reduce his risks of exit node attacks. The TOR users must use great services like OpenSSH or PuTTY while sending confidential information. They may also use their own preferred end to end encryption software and systems but the main idea remains the same. TOR provides the anonymity and a secured connection provides additional privacy and security.

Using Firefox after disabling Add-ons, Active X Controls, Java Scripts, Cookies, etc can also bring additional anonymity and privacy. If you need all these functionalities, you can use two different browsers with different setting i.e. Firefox for TOR and other browser for your other tasks. These steps may not make you absolutely anonymous but would definitely solve the problem of malicious exit nodes sniffing to a great extent.

Linux On The Top

By
Praveen Dalal

Linux is synonymous with open source and free software movement. The name "Linux" comes from the Linux kernel, originally written in 1991 by Linus Torvalds. Linux being technical in nature, users were shying away from using the same. The proprietary software also played a major role in the limited growth of Linux as these proprietary software are more easy to use than command based Linux environments.

Realising this hurdle many committed Linux enthusiastic dedicated their time and energy to simplify the usage of Linux distributions. Today Linux is available for a wide range of products. Linux has become increasingly popular in recent years, partly owing to the popular Mandriva Linux, Fedora, Debian or Ubuntu distributions. In fact these distributions now come with user friendly GUI that gives a look and feeling of other proprietary operating systems that user are currently using.

The user friendly GUI coupled with command based options gives a user the ultimate control over a machine. Realising this aspect many hardware and other information technology service providers are not only switching to Linux but are also pre installing it in their hardware and products. Even the smart phones are using many Linux features and distributions.

However, with the numerous benefits of Linux we also have some cyber security issues as well. It would be wrong to presume that Linux, in itself and without further efforts, is a safe option from cyber security perspective. This is a myth as now the crackers would start exploring the vulnerabilities of Linux instead of other operating systems. The cyber security community of Linux must make some additional efforts to make Linux safer from the increased and unexpected vulnerabilities and cyber attacks.

The cyber security problem is common to both open source and proprietary software and this should not bother the potential and future Linux users from switching from traditional operating systems to the Linux environment.

Ubuntu Live CD As A Forensics Tool

Ubuntu is one of the best open source computer operating system based on the Debian GNU/Linux distribution. Ubuntu provides an up-to-date, stable operating system for the average user, with a strong focus on usability and ease of installation. The Ubiquity installer allows Ubuntu to be installed to the hard disk directly from the Live CD, without requiring the computer to be restarted prior to installation.

Among many benefits and functions of Ubuntu one function has not received much publicity and exposure. This pertains to data recovery using an Ubuntu Live CD. In this great tutorial Lifehacker has shown how to recover deleted files and partitions by using the Live CD.

According to the article the examined four tools can recover data from the most messed up hard drives, regardless of whether they were formatted for a Windows, Linux, or Mac computer, or even if the partition table is wiped out entirely.

Even otherwise Ubuntu is worth trying especially when it is open source and free of cost.

Metasploit Version 3.4.0 Released

The penetration testing professionals must rejoice the latest Metasploit Version 3.4.0 release. This is a wonderful tool that can be downloaded from here. It has many crucial improvements from its predecessor.

Metasploit now has 551 exploit modules and 261 auxiliary modules. It has got a brute force support and the release includes several major improvements, especially to Meterpreter, which is one of the available shellcode modules.

Meterpreter is now claimed to be capable of switching seamlessly between 32-bit and 64-bit processes on compromised systems. The Meterpreter is a critical component of Metasploit in that it provides the ability to perform advanced post-exploit automation on a target system. The release has also added new Java and exploit automation technologies.

The version is still freely available though its professional and paid version is also available. Metasploit is used world wide for security and pen testing purposes. It is also part of many security distros like Backtrack ( may be in modified form).

Techno-Legal Online Cyber Security Research, Training And Educational Centre of India

Cyber security management is a tough task especially if it is techno-legal in nature. In that case one has to manage not only the technical aspects but also the legal aspects. Perry4Law is the leading Techno-legal ICT law firm of World. It has many techno-legal segments like Perry4Law Techno-Legal Base (PTLB), Perry4Law Techno-Legal ICT Training Centre (PTLITC), etc. Perry4Law is also running various online techno-legal research, training and educational centre in India. Techno-Legal Cyber Security Research, Training and Educational Centre is one of them.

Cyber security in India is not in a good shape. India is on the verge of a technology revolution and the driving force behind the same is the acceptance and adoption of Information and Communication Technology (ICT) and its benefits. This technology revolution may, however, fail to bring the desired and much needed result if we do not adopt a sound and country oriented e-governance policy. A sound e-governance policy presupposes the existence of a sound and secure e-governance base as well. The security and safety of various ICT platforms and projects in India must be considered on a priority basis before any e-governance base is made fully functional. This presupposes the adoption and use of security measures more particularly empowering judiciary and law enforcement manpower with the knowledge and use of cyber forensics and digital evidencing, says India’s leading techno-legal expert Praveen Dalal.

India cannot achieve a good cyber security till it takes care of both technical as well as legal aspects of cyber security. There is no doubt about the proposition that Indian Parliament is not technology sound and we need to empower it through ICT. At the same time we must also train the governmental officials holding key positions in crucial ministries and departments about basic technology, cyber law and cyber security. These individuals must be trained suitably so that cyber security of crucial systems may not be compromised.

Cyber security is very important to protect businesses, governments and general public at large. The same must be a part of the national policy of a nation. Another crucial aspect related to a secure and strong cyber security in India pertains to critical ICT infrastructure protection in India. Critical infrastructure is becoming increasingly dependent upon ICT these days. If we are unable to secure an ICT system we are also risking critical ICT infrastructure as well.

On the one hand India has a weak and criminal friendly cyber law whereas on the other hand it does not possess tech-savvy law enforcement machinery. Even lawyers and judges are not that much aware about the nitty-gritty of cyber laws. It is high time for India to take some serious steps towards not only making the cyber law of India stronger but also to streamline cyber security of India.

AUTHOR: RAM K KAUSHIK

SOURCE: GROUND REPORT

Online Dispute Resolution In India Strengthened

India is not using ICT for dispute resolution whether it pertains to e-courts or contemporary out of court dispute resolution in the form of online dispute resolution. Fortunately, the first ever Techno-Legal Online Dispute Resolution Centre of India has been launched by Perry4Law that would cater the dispute resolution, training, educational and many more such crucial requirements in India.

Online dispute resolution (ODR) in India is in its infancy stage and it is gaining prominence day by day. With the enactment of Information Technology Act, 2000 (IT Act 2000) in India, e-commerce and e-governance have been given a formal and legal recognition. Even the traditional arbitration law of India has been reformulated and now India has Arbitration and Conciliation Act, 1996 in place that is satisfying the harmonised standards of UNCITRAL Model. Even the Code of Civil Procedure, 1908 has been amended and section 89 has been introduced to provide methods of alternative dispute resolution (ADR) in India.

However, the fact is that the increasing backlog of cases is posing a big threat to the judicial system of India. The same was even more in the early 90 but due to the computerisation process in the Supreme Court and other courts that was reduced to a great extent. However, the backlog is still alarming. This is because mere computerisation of courts or other constitutional offices will not make much difference. What we need is a will and desire to use the same for speedy disposal of various assignments.

There is a lack of training among police, lawyers, judges, etc regarding use of information and communication technology (ICT) for legal, judicial and ADR /ODR purposes. Judges in India need cyber law training, e-courts training, ADR/ODR training, etc that allow them to effectively understand and use ICT for judicial and ADR/ODR purposes.

India has to cover a long gap before the benefits of ICT can be used for effective day to day functioning of its courts. The easy task of computerisation has already been achieved to some extent but the real task is still yet to be achieved. For instance, although computerisation efforts are satisfactory regarding courts in India yet till now India does not have even a single e-court. This is because the difficult part of establishment of e-courts in India is yet to be achieved.

ODR and e-courts may hold the key to growing heaps of backlog of cases in India but the political will is essential to achieve the same. In the absence of political will, we have to be satisfied by half hearted, half baked and failed e-governance projects alone.

SOURCE: OPEDNEWS

First E-Judiciary Training And Consultancy Centre Launched In India

India is at the initial stages of establishment of electronic courts (e-courts). Though India has done a good job by computerising the courts at various levels yet it is still far from the establishment of even the first e-court of India. It seems the e-courts project of India needs a techno-legal training boost.

Perry4Law and PTLB have launched the first ever e-courts training and consultancy centre of India and perhaps first of its kind in the World. A “prototype” of the same is available to the public and stakeholders till the final website is out.

Efforts in the direction of establishment of e-courts in India have been in process since 2003 and significant development in the sphere of computerisation has already been achieved. It is at this stage that there seems to be stagnation of e-court project of India and this initiative by Perry4Law would facilitate in the smooth and hassle free migration of e-court project to the next level.

India must understand that E-courts are much more that mere connectivity and computerisation of traditional courts. The moment e-filing, presentation, contest and adjudication of the cases in an online environment would start, India would surely be capable of establishing e-courts.

Techno-Legal Education In India Got A Boost

Legal education in India is in the process of transformation. However, there are urgent educational and legal reforms that must be undertaken by India as soon as possible. One such area that requires urgent attention is the amalgamation of legal education with information and communication technology (ICT). For instance, cyber law is an important facet of such an interaction of technology and law.

Indian educational system is more academic than professional. As a result although India has good population that is academically sound yet when it comes to practical and real life experience and work, they do not perform reasonably well. Various studies and research in India have suggested that out of the educated masses only 15 to 25% are fit for being absorbed at job places.

In short, India is running short of institutions that can impart good techno-legal skill development education, training and coaching. Perry4Law and PTLB have launched the first ever “Techno-Legal Online Coaching, Training and Education Centre” in India that aims at developing the skill and talent of the students and professionals seeking a good career in cyber law and allied fields.

Interested students, teachers and partners wishing to be part of the project as well as future projects and initiatives of Perry4Law must contact it as soon as possible. The contemporary skill requirements are multi disciplinary in nature where a computer science student or professional must also have basic level of legal knowledge. The proposed initiative keeps this in mind and students and professionals from all the educational streams are encourage getting themselves enrolled.

The government of India must also come up with a good educational policy as well as sound legal reforms so that legal sector may meet the contemporary international standards and requirements.

SOURCE: GROUND REPORT

Cyber Law Training And Coaching In India Rejuvenated

Cyber law is a subject that is less appreciated and even lesser applied in India. Whether it is the law making in this regard or its execution and enforcement, by and large cyber law scenario in India needs rejuvenation.

The position in this regard cannot be improved till we inculcate appropriate knowledge and skills at the initial stages of education. Cyber law education in India is at its infancy stage and is maturing towards a qualitative one. However, there is a growing need for good “Techno-Legal Institutions” that can manage the growing demand for cyber law coaching, education and training in India.

Fortunately, one such initiative has already been undertaken by Perry4Law and its Techno-Legal Segment known as Perry4Law Techno-Legal Base (PTLB). Perry4Law is the First and Exclusive Techno-Legal ICT Law Firm of India and is World renowned in techno-legal fields like cyber law, cyber forensics, cyber security, etc.

To cater the growing demands for qualitative techno-legal education in India and abroad, the coaching, training and education segment of PTLB has been launched. Presently, it would be providing “Online Cyber Law Coaching and Internship” to law graduates, law students, graduates and professionals of various disciplines and streams, etc. This is a golden opportunity for those who wish to make a mark in the field of cyber law. Since the seats are “limited” an early enrollment would be beneficial for the serious students.

To facilitate an effective two mode communications between students and teachers on the one hand and Perry4Law on the other, an online “Information Centre” has been established. This information platform would announce and publish all the relevant information regarding the proposed initiative from time to time. Students, teachers and other interested persons are advised to regularly visit this platform. This platform also contains many crucial and important information that must be read before finally applying.

For those who are looking forward for “Domain Specific” and “Highly Skilled Training”, a separate initiative has been launched by another segment of Perry4Law. The same would also be functional very soon.

SOURCE: MYNEWS

BACKTRACK 4 FINAL RELEASE: AN ESSENTIAL TOOL IN YOUR CYBER SECURITY AND CYBER FORENSICS ARSENAL

The final and stable version of Backtrack 4 series is a wonderful penetration testing, cyber security and cyber forensics tool. It is not only a powerful utility but is also useful for multiple purposes. The best part is that it is available to the security and forensics community free of cost.

Although Backtrack has always been a good tool but its team(s) must be congratulated for not only providing it free of cost but also for keeping pace with the contemporary cyberspace challenges. The latest stable and final release has also added the cyber forensics functionality. The best part about this feature is that it is claimed to be safe from making changes to the system under inspection. Although Perry4Law and Perry4Law Techno-Legal Base (PTLBTM/SM) have yet to test the tool but the claimed features are very promising.

A successful cyber forensics examination must essentially gather both volatile as well as non-volatile data and information. Also during the live analysis of a system, files and data should not be overwritten. Similarly, there should not be any change in the integrity of the information residing on the suspected computer or device. Backtrack 4 meets many of these requirements but it still has to enhance the cyber forensics features further. It is very difficult to provide security and forensics functionalities at the same time yet Backtrack 4 is proceeding in the right direction.

All interested person must give it a try and the same can be downloaded from the website of Backtrack. Perry4Law and PTLB are in the process of analysis and use of Backtrack 4 and would come up with their observations and suggestions. For the time being it would be a good idea to start gaining the basic knowledge of Linux.

We are also analysing other freely available cyber security and cyber forensics distributions. There are many freely available and dedicated cyber forensics distributions that are worth trying. Similarly, there are dedicated cyber security softwares that are freely available. We would be covering them one by one.

Cyber Laws All Over The World Are Becoming Unreasonable And Oppressive

Cyber Laws all over the World are intentionally designed to violate civil rights like privacy, speech and expression, etc. They are also intentionally formulated to facilitate “Internet Censorship” and “E-Surveillance” beyond the legitimate limits of “National Security”. This approach is more dangerous and is detrimental to the national security in the long run.

The Google’s episode regarding China’s censorship shows the growing hunger of various nations for Internet censorship and e-surveillance. India is no different from China when it comes to “Internet Censorship” and “E-Surveillance”, though the extent and degree may be somewhat lesser. The Information Technology Act 2000 (IT Act 2000) is the sole cyber law of India that was amended by the Information Technology Act 2008 (IT Act 2008). From here starts the real problem.

According to Praveen Dalal, Managing Partner of Perry4Law and the leading Techno-Legal Expert of India, “The IT Act 2008 made India a “Safe Heaven” for cyber criminals on the one hand and an “Endemic E-Surveillance Society” and “Internet Censorship State” on the other hand. It seems the main aim of the proposed IT Act 2008 was to strengthen the “Internet Censorship” and “E-Surveillance Capabilities” of India.

With the passage of IT Act 2008 India has now officially become an endemic e-surveillance society. The amendments have provided unregulated, unconstitutional and arbitrary e-surveillance and Internet censorship powers to Government of India and its agencies and instrumentalities, says Praveen Dalal. The fact is that India has become an E-Police State, states the ICT Trends of India 2009.

Surprisingly, Minister of State for Communication Sachin Pilot believes that Indian cyber law is strong enough to meet the challenges posed by technology-assisted terrorism and cyber-terrorism. It seems he has not gone through the present IT Act 2000 after its 2008 amendments.

Some observers in India have rejoiced the exit of Google from China believing that it may be a good opportunity for India. However, they fail to understand the “ground reality” that India is no different from China when it comes to Internet Censorship and E-Surveillance. If India does not abdicate its alliance to Internet censorship and e-surveillance similar incidence may happen in India as well.

SOURCE: ITVOIR

National Security And Internal Security Infrastructure Of India

National security of India has recently received a rejuvenation attempt by the Government of India (GOI). This is good news at a time where the national security issues are grossly ignored in India. The national security of India and internal security of India are suffering not only on the count of lack of political will but also due to absence of suitable policies and strategies.

The ICT Trends of India 2009 have also proved that India has failed on the fronts of Cyber law of India, Cyber Terrorism in India, E-Courts in India, E-Learning in India, Unique Identification Project of India, Serious Frauds and White Collar Crimes, National Security Issues, Crime Reporting by Media, Internet Banking Frauds, Cyber Security of Defense Forces, Cyber War in India, E-Surveillance in India, etc.

According to Praveen Dalal, Managing Partner of Perry4Law and the leading Techno-Legal Expert of India, “Indian approach in this regard is not sensible at all. We should not invest thousands of crores of Indian rupees into security projects that can be manipulated and sabotaged in minutes. Rather we should first analyse the weaknesses and security holes of the same before buying and installing it.

After all security of a Nation is proper application of “common sense” rather than wasting unlimited amount of money. Crime and Criminal Tracking Network & Systems (CCTNS) of India, Unique Identification Authority of India (UIAI), Rs 800 crores centralised facility to control phone tapping activities in India, etc are some of the projects that require common sense application before their implementation. They have to be tested in a “limited environment” before using them in a full fledged manner, says Praveen Dalal.

It seems Indian security initiatives have to be holistically analysed and suitably applied. The Indian security infrastructure and workforces are not in good shape and require rejuvenation. We need a techno-legal security workforce and not personnel who do not have even the basic facilities and technological means and knowledge. The terrorist attacks have really shattered the deep pervasive false sense of security present in the Indian government mentality. We have to think and act against such internal and external threats by going beyond a "political debate". We can fool ourselves by bragging about India’s capabilities and victories against terrorism and cyber terrorism and keep on facing future attacks and bear the traumatic casualties. Alternatively, we must accept our weaknesses against such attacks and take constructive steps to anticipate, prevent and counter such future terrorist and cyber terrorism activities, warns Praveen Dalal.

With a new ray of hope shown by the recent stress upon national security of India we can expect some good results in this direction. However, India is famous for mere assurances and proposals without actually implementing them. Similarly, due to faulty management and policies even the implemented projects have failed in the past. Let us hope that this time India would do the proper homework before starting an initiative that it cannot implement and run.

SOURCE: MYNEWS

NATIONAL MISSION FOR DELIVERY OF JUSTICE AND LEGAL REFORMS OF INDIA

A blue print of the National Mission for Delivery of Justice and Legal Reforms (NMDJLR) has been recently released by the Law Minister M Veerappa Moily. The NMDJLR Plan is a very ambitious plan and if implemented properly may go a long way in reducing the backlog of cases in India on the one hand and effective Judicial Reforms on the other.

However, keeping in mind the prior experience of the Government of India (GOI) this Plan is too ambitious to be accomplished. The Plan cannot be accomplished till we honestly and dedicatedly work in this direction. In the absence of accountability and transparency and omnipresent corruption and red tappism in India, this Plan is not going to meet its benign objective.

What should be done to make the NMDJLR Plan effective and workable? I think the same requires “Committed Services” the day this Plan has been declared. After all mere declaration is worst that the “chaos” with which the current Judicial System of India is badly suffering. We make false and exaggerated statements and press releases that raise the hope of India citizens. When those hopes are not met, this brings not only a bad name to the Indian institutions like Judiciary but also declines the faith and trust in the same.

Take a perfect example in this regard. India has been claiming establishment and opening of E-Courts since 2003. However, there is not even a single e-court in India despite contrary claims. It seems Indian Government/Judiciary is repeating the history once again. The Delhi High Court has declared that it would open an e-court at its premises on 8th December, 2009. However, if we see the website of Delhi High Court even on 6th December, 2009 (15.10 PM) there are no “signs” of the same. It seems India is once again opening another e-court on “Papers Alone”.

Interestingly, the NMDJLR Plan has appreciated the “basic requirements” of establishment of e-courts in India. However, there is a dichotomy between the NMDJLR Plan and the other e-courts initiatives that are presently undergoing. These initiatives are wasting hundred Crores of hard earned public money upon “computerisation” of traditional judicial function with no actual e-courts capabilities.

The worst aspect of this e-court fiasco and other judicial reforms is that there is neither accountability nor any transparency in these initiatives. The GOI is “blindly” allowing “Yearly Extensions” without asking for performance and accomplishments. Why the GOI allows an extension for even a single year when there is no development and performance in this direction is a big question?

Perhaps, some “miracle” would happen on 8th December, 2009 that would establish the first e-court of India. But the chances of the same are next to impossible and we are heading for “another extension” in the month of February 2010.

TECHNO-LEGAL E-LEARNING, HIGHER EDUCATION AND LIFELONG LEARNING CONSORTIUMS AND PARTNERSHIPS

Perry4Law is the First and Exclusive Techno-Legal ICT Law Firm in India and one of the best in the World. Perry4Law Techno-Legal Base (PTLBTM/SM) is managing various Techno-Legal Consultancy, Litigation, Research, E-Learning, Higher Education and many more such “Highly Specialised” and “Domain Specific Services”.

Some areas where Perry4Law can collaborate and provide its Specialised Techno-Legal Services in the E-Learning, Higher Education, Life Long Education Fields are:

(1) Educational Consortiums, Partnerships, Research Partnerships, etc

(2) Lifelong Learning, Adult Education, Continuing Education,

(3) E-Learning Collaborations and Partnerships,

(4) Certified Courses awarding Diploma(s) and Certificate(s),

(5) Techno-Legal Knowledge and Skill Development,

(6) Faculty Development Programs (FDPs),

(7) Contents Development and Upgradation,

(8) Techno-Legal Partnerships after signing Memorandum Of Understandings (MOUs), etc.

For availing the Techno-Legal Professional Services of Perry4Law in the abovementioned fields, visit its “Contact Point” and fulfill the prerequisites mentioned therein.

TECHNO-LEGAL SUPPORT AND TRAINING FOR CRIME AND CRIMINAL TRACKING NETWORK AND SYSTEMS (CCTNS) PROJECT OF INDIA

Crime and Criminal Tracking Network & Systems (CCTNS) Project (CCTNS Project) has been approved by the Cabinet Committee on Economic Affairs. It has a financial cushion of Rs.2000 Crores as per the 11th Five Year Plan. The Project would be initiated by the Ministry of Home Affairs and implemented by the National Crime Records Bureau. The CCTNS project is to be implemented in a manner where the major role would lie with the State Governments in order to bring in the requisite stakes, ownership and commitment, and only certain core components would be in the hands of the Central Government, apart from the required review and monitoring of project implementation on a continuing basis.

The broad objectives of the CCTNS project are streamlining investigation and prosecution processes, strengthening of intelligence gathering machinery, improved public delivery system and citizen-friendly interface, nationwide sharing of information across on crime and criminals and improving efficiency and effectiveness of police functioning. The Project aims to fulfill various specified objectives over a period of three years. An indicative list of e-services expected from CCTNS to citizens would be filing of complaints / information to concerned Police Station; obtaining status of complaints / cases registered at Police Stations; obtaining copies of FIRs, post-mortem reports and other permissible documents etc.

CCTNS Project is a complicated and time consuming initiative. It must be preceded by suitable “Policy Framework” as well as by “Adequate Techno-Legal Training” of the persons going to manage the same. A similar initiative undertaken by the US Government to modernise the FBI’s crime tracking system known as the “Virtual Case File” failed miserably due to lack of planning and effective strategies. There is no sense in wasting Rs.2000 Crores and then realising that grave mistakes failed the much needed imitative. We must “Eliminate all the possible and anticipated causes of failures” one by one to achieve the best results. We must enhance a “Techno-Legal Training Infrastructure” before jumping upon this unexplored arena.

Perry4Law is one such “Techno-Legal Training Providers” which can manage the Policy, Training, Education, Implementation, Enforcement and Other Aspects of the CCTNS Project and similar projects. Perry4Law is the First and Exclusive Techno-Legal ICT Law Firm of India and one of the Best in the World. It is providing Techno-Legal Services regarding Cyber Law In India, Cyber Security in India, Cyber Forensics In India, Due Diligence And Cyber Law Compliances In India, ADR And ODR In India, etc. Perry4Law is the only Firm that is providing Services regarding E-Courts In India, E-Judiciary In India, Digital Evidencing In India, Legal Enablement Of ICT Systems In India, Techno-Legal And Cyber Law Expert Witness Services In India, Critical Infrastructure Protection In India, Critical ICT Infrastructure Protection In India, Legal Framework For Information Society In India, etc.

PTLBTM/SM is one of its Premier and Highly Specialised Techno-Legal Initiatives that is providing Consulting, Litigation, Training, Education and Skill Development Services regarding Cyber Law In India, Cyber Security In India, Cyber Forensics In India, Cyber Terrorism in India, Cyber War in India, Ethical Hacking in India, etc.

Perry4Law and PTLBTM/SM also possess Techno-Legal Expertise to provide “International Best Practices” and implementation of “Models and Functionality” in the areas of “Policing, Public Security, National Security, Internal Security, etc regarding CCTNS Project and similar Projects. Perry4Law has also provided a “10 Point Legal Framework for Law Enforcement and Intelligence Agencies in India” to the Government of India. Further, Perry4Law has also provided a techno-legal Framework for E-Surveillance in India and its limits, legalities, constitutionality, etc.

For availing the Cyber Law, Cyber Security, Cyber Forensics and other Techno-Legal Professional Services of Perry4Law, visit its “Contact Point” and fulfill the prerequisites mentioned therein.

TECHNO-LEGAL JUDICIAL TRAINING IN INDIA

The merit and competency of Indian Judiciary is well known all over the World. There is virtually nothing that Indian Judiciary is not capable of resolving. However, there is always scope for the improvement. One such improvement that is urgently required to be adopted, implemented and inculcated by the Judges of District Courts, High Courts and Supreme Court of India pertains to Techno-Legal acumen and knowledge.


Techno-Legal acumen is difficult to acquire as it requires a sound working and practical knowledge of both technical as well as legal aspect of the Information and Communication Technology (ICT) related aspects. Issues like Cyber Law, International Telecommunications Laws, Cyber Forensics, Digital Evidencing, Cyber Security, etc pose difficult and sometimes non-understandable legal issues before the Courts. The Judges in India must fill in this much needed and unnoticed legal gap that has not yet been explored by them.


Since the Techno-Legal issues are difficult to understand and more importantly scant to provide in the absence of adequate Techno-Legal Experts and Specialists in India, there is an emergent need to start Techno-Legal Judicial Training of Judges of India. Perry4Law is the First and Exclusive Techno-Legal ICT Law Firm of India and one of the Best in the World. It provides Techno-Legal Services and Training in the field of Cyber Law, Cyber Forensics, Cyber Security, E-Courts, E-Governance, E-Commerce, Telecommunication Laws, Technology Laws, etc.


Perry4Law also provides Cyber Law Training In India, Cyber Security Training In India, Cyber Forensics Training In India, Computer Forensics Training In India, E-Courts Training In India, Digital Evidencing Training In India, Digital Investigation Training in India, Techno-Legal Judicial Training in India, Training for Judges In India, Techno-Legal Training for Lawyers in India, Techno-Legal Training for Corporate Executives in India, etc.

Any person or institution interested in seeking the Professional Techno-Legal Services and Techno-Legal Judicial and Legal Training of Perry4Law must visit the “Contact Point” of Perry4Law and follow the requirements mentioned therein. Telephone conversation facility and a meeting after the appointment is fixed are also available subject to advance payment of the “Hourly Rates” of the respective Partner(s).

CYBER TERRORISM IN INDIA AND ITS SOLUTIONS

Cyber terrorism is a controversial term. Some authors choose a very narrow definition, relating to deployments, by known terrorist organizations, of disruption attacks against information systems for the primary purpose of creating alarm and panic. By this narrow definition, it is difficult to identify any instances of cyber terrorism. Cyber terrorism can also be defined much more generally, for example, as “The premeditated use of disruptive activities, or the threat thereof, against computers and/or networks, with the intention to cause harm or further social, ideological, religious, political or similar objectives or to intimidate any person in furtherance of such objectives.” This broad definition was created by Kevin G. Coleman of the Technolytics Institute.[1]

The National Conference of State Legislatures (NCSL), a bipartisan organization of legislators and their staff created to help policymakers of all 50 states address vital issues such as those affecting the economy or homeland security by providing them with a forum for exchanging ideas, sharing research and obtaining technical assistance defines cyber terrorism as follows:

“The use of information technology by terrorist groups and individuals to further their agenda. This can include use of information technology to organize and execute attacks against networks, computer systems and telecommunications infrastructures, or for exchanging information or making threats electronically. Examples are hacking into computer systems, introducing viruses to vulnerable networks, web site defacing, Denial-of-service attacks, or terroristic threats made via electronic communication.[2]

In May 2007 Estonia was subjected to a mass cyber-attack in the wake of the removal of a Russian World War II war memorial from downtown Talinn. The attack was a distributed denial-of-service attack in which selected sites were bombarded with traffic in order to force them offline; nearly all Estonian government ministry networks as well as two major Estonian bank networks were knocked offline.

The traditional concepts and methods of terrorism have taken new dimensions, which are more destructive and deadly in nature. In the age of Information and Communication Technology (ICT) terrorists have acquired an expertise to produce the most deadly combination of weapons and technology, which if not properly safeguarded in due course of time, will take its own toll. The damage so produced would be almost irreversible and most catastrophic in nature. In short, we are facing the worst form of terrorism popularly known as "Cyber Terrorism".

The definition of "cyber terrorism" cannot be made exhaustive as the nature of crime is such that it must be left to be inclusive in nature. The nature of "cyberspace " is such that new methods and technologies are invented regularly; hence it is not advisable to put the definition in a straightjacket formula or pigeons hole. In fact, the first effort of the Courts should be to interpret the definition as liberally as possible so that the menace of cyber terrorism can be tackled stringently and with a punitive hand. The law dealing with cyber terrorism in India is, however, not adequate to meet the precarious intentions of these cyber terrorists and requires a rejuvenation in the light and context of the latest developments all over the world.

The laws of India have to take care of the problems originating at the international level because the Internet, through which these terrorist activities are carried out, recognises no boundaries. Thus, a cyber terrorist can collapse the economic structure of a country from a place with which India may not have any reciprocal arrangements, including an "extradition treaty". The only safeguard in such a situation is to use the latest technology to counter these problems. Thus, a good techno-legal combination of the latest security technology and a law dealing with cyber terrorism is the need of the hour.

The most common method for cyber terrorism is the use of distributed denial of services attacks (DDOS) to overburden the Government and its agencies electronic bases. This is made possible by first infecting several unprotected computers by way of virus attacks and then taking control of them. Once control is obtained, they can be manipulated from any locality by the terrorists. These infected computers are then made to send information or demand in such a large number that the server of the victim collapses. Further, due to this unnecessary Internet traffic the legitimate traffic is prohibited from reaching the Government or its agencies computers. This results in immense pecuniary and strategic loss to the government and its agencies. It must be noted that thousands of compromised computers can be used to simultaneously attack a single host, thus making its electronic existence invisible to the genuine and legitimate netizens and end users.
The main aim of cyber terrorist activities is to cause networks damage and their disruptions. This activity may divert the attention of the security agencies for the time being thus giving the terrorists extra time and makes their task comparatively easier. This process may involve a combination of computer tampering, virus attacks, hacking, etc.

The menace of cyber terrorism in India can be effectively curbed, if not completely eliminated, if the three sovereign organs of the Constitution work collectively and in harmony with each other. Further, a vigilant citizenry can supplement the commitment of elimination of cyber terrorism.

The judiciary can play its role by adopting a stringent approach towards the menace of cyber terrorism. It must, however, first tackle the jurisdiction problem because before invoking its judicial powers the courts are required to satisfy themselves that they possess the requisite jurisdiction to deal with the situation. Since the Internet "is a cooperative venture not owned by a single entity or government, there are no centralized rules or laws governing its use. The absence of geographical boundaries may give rise to a situation where the act legal in one country where it is done may violate the laws of another country. This process further made complicated due to the absence of a uniform and harmonised law governing the jurisdictional aspects of disputes arising by the use of Internet.

Generally, the scholars point towards the following "theories" under which a country may claim prescriptive jurisdiction:

(a) a country may claim jurisdiction based on "objective territoriality" when an activity takes place within the country,

(b) a "subjective territoriality" may attach when an activity takes place outside a nation's borders but the "primary effect" of the action is within the nation's borders,

(c) a country may assert jurisdiction based on the nationality of either the actor or the victim,

(d) in exceptional circumstances, providing the right to protect the nation's sovereignty when faced with threats recognised as particularly serious in the international community.

In addition to establishing a connecting nexus, traditional international doctrine also calls for a "reasonable" connection between the offender and the forum. Depending on the factual context, courts look to such factors, as whether the activity of individual has a "substantial and foreseeable effect" on the territory, whether a "genuine link" exists between the actor and the forum, the character of the activity and the importance of the regulation giving rise to the controversy, the extent to which exceptions are harmed by the regulation, and the importance of the regulation in the international community. The traditional jurisdictional paradigms may provide a framework to guide analysis for cases arising in cyberspace.[3] It must be noted that by virtue of section 1(2) read with section 75 of the Information Technology Act, 2000 the courts in India have “long arm jurisdiction” to deal with cyber terrorism.

The menace of cyber terrorism is not the sole responsibility of State and its instrumentalities. The citizens as well as the netizens are equally under a solemn obligation to fight against the cyber terrorism. In fact, they are the most important and effective cyber terrorism eradication and elimination mechanism. The only requirement is to encourage them to come forward for the support of fighting against cyber terrorism.

The government can give suitable incentives to them in the form of monetary awards. It must, however, be noted that their anonymity and security must be ensured before seeking their help. The courts are also empowered to maintain their anonymity if they provide any information and evidence to fight against cyber terrorism.

The problem of cyber terrorism is multilateral having varied facets and dimensions. Its solution requires rigorous application of energy and resources. It must be noted that law is always seven steps behind the technology. This is so because we have a tendency to make laws when the problem reaches at its zenith. We do not appreciate the need of the hour till the problem takes a precarious dimension. At that stage it is always very difficult, if not impossible, to deal with that problem. This is more so in case of offences and violations involving information technology. A timely and appropriate legislation is always a good step forward to fight cyber terrorism. India has to cover a long gap before it can secure its traditional boundaries and cyber space.

[1] http://en.wikipedia.org/wiki/Cyberterrorism

[2] Id.

[3] Dawson Cherie; “Creating Borders on the Internet- Free Speech, the United States and International Jurisdiction”, Virginia Journal of International Law, V-44, No-2 (Winter, 2004).

© ALL RIGHTS RESERVED. COPYRIGHT PRAVEEN DALAL.

CRITICAL ICT INFRASTRUCTURE PROTECTION IN INDIA: NEED OF THE HOUR

In recent years, the frequency and sophistication of cyber security attacks on global Critical Information and Communication Technology (ICT) Infrastructure (Critical ICT Infrastructure) has greatly increased. Cyber-security experts have been warning of the vulnerability of Critical Infrastructure like Power, Energy, Transportation, Water Systems, etc to malicious hackers. Recently hackers have penetrated power systems in several regions outside the U.S. and in one case caused a power blackout affecting multiple cities. This shows the importance of a “Robust Cyber Security Mechanism” for Critical ICT Infrastructure. The Cyber Security Trends in India are not very encouraging.[1] To worsen the situation we have a weak Cyber Law in India.[2] Critical Infrastructure Protection in India must be taken seriously in the larger interest of Indian Citizens/Persons. Crisis and Risk Management by improving security systems integration, interconnectivity and interoperability would help India a lot.[3] The Power and Energy Sector of India must also take the cyber security risks seriously as their ignorance may bring disastrous results. The Government of India has still not shown its “E-Readiness” to accept this reality despite the suggestions and recommendations of Perry4Law and PTLB TM/SM in this regard. India also performed poorly as per the norms and standards of “UN E-Government Survey-2008”. This work is also an appeal to the Government of India to take “Cyber Security Seriously” in India. Cyber Security is witnessing many important phases and trends. From the perspective of mere “fun game” cyber crimes and contraventions have emerged as “professional activities” and have been transformed into a “profession” itself. No country of the world is safe from various cyber crimes and contraventions and all are struggling hard to tackle them. But the fact remains that law and its enforcement are lagging far behind than the standards and practices needed to effectively curb them. The Cyber Security in India is missing and we have a weak Cyber Law in India. We have to develop technologies and capabilities to protect Indian Citizens/Persons in areas such as transport, civil protection, energy, environment, health, etc. Additionally we have to increase the Security of infrastructures and utilities supporting areas such as ICT, transport, energy and services in the financial and administrative domain, etc. Critical Infrastructure Protection in India must be taken seriously in the larger interest of Indian Citizens/Persons. Crisis Management by improving security systems integration, interconnectivity and interoperability would help people of India a lot. The first step towards establishment of a safe and secure cyber space is enactment of a stringent cyber law. The cyber security initiatives are of no use in the absence of a strong, safe and effective law. Similarly, a strong law unsupported by ICT Security and Cyber Security would be impotent in effect. Thus, we need a “Good Combination” of cyber law and cyber security initiatives. Cyber Law in India is witnessing ups and downs of important dimensions. The journey from its origin to its development is not very smooth and conducive for the ICT oriented Indian society. Perry4Law and PTLB TM/SM have been raising these issues from considerable period of time. Though most of the recommendations given by them have been accepted by the Government of India, yet India has to cover a long distance. India must concentrate upon:

(a) Technology building blocks for creating, monitoring and managing secure, resilient and always available information infrastructures that link critical infrastructures,

(b) Risk assessment and contingency planning for interconnected transport or energy networks,

(c) Modelling and simulation for training of concerned officials and manpower,

(d) Optimised situational awareness through intelligent surveillance of interconnected transport or energy infrastructures,

(e) ICT support meeting crises occurring in critical infrastructures,

(f) Security issues with regard to the interaction of individuals with the digital world, etc.
In today’s electronic era, citizens and businesses expect and demand access to reliable, transparent and uninterrupted e-government services. The State must address the challenges associated with protecting confidential information on its systems while providing these groups with the required information. A reliable and uninterrupted e-governance base requires periodic vulnerability assessments. Perry4Law and PTLB TM/SM believe that if commercial and government organisations reevaluate their security, safety, and financial obligations to customers, shareholders, employees, and citizens, the importance of a properly implemented security vulnerability assessment is apparent. The duty of the State in this regard is not only absolute but is also unavoidable unless we ignore the important lesson that Estonia has learnt recently. Let us hope for the best in this regard in the Indian context.

© Praveen Dalal. All rights reserved with the author.
*Techno-Legal ICT, IPR and Cyber Security Specialist at PTLB TM/SM
Managing Partner-Perry4Law (First Techno-Legal and ICT Law Firm, New Delhi, India).
LL.M, Ph.D (Cyber Forensics in India: A Techno-Legal Perspective).
Contact at: perry4law@yahoo.com , pd37@rediffmail.com

[1] Praveen Dalal, “ Cyber Security Trends by PTLB”, http://reclaiming-india.blogspot.com/2007/12/cyber-security-trends-by-ptlb-2007.html

[2] Praveen Dalal, “ Cyber Security Trends by PTLB: Cyber Law in India”, http://reclaiming-india.blogspot.com/2007/10/cyber-security-trends-by-ptlb-cyber-law.html

[3] Praveen Dalal, “ Cyber Security Trends by PTLB: Cyber Terrorism and Risk Management”, http://www.bloggernews.net/111624