Huawei And ZTE In Telecom Security Tangle Of India

With the proposal to establish National Telecom Network Security Coordination Board (NTNSCB) of India, the issues of cyber security and telecom security in India have arisen once again. Even the national telecom policy of India 2011 reflects these concerns.

The issues pertaining to telecom security policy in India and telecom equipments security framework in India are not new. The home ministry of India and ministry of information and communication technology have been raising security concerns regarding telecom hardware manufactured by foreign dealers. Concerns regarding possible existence of backdoors in such hardware are frequently raised in India.

There is no mechanism in India through which telecom hardware and software can be analysed for backdoors and malware. Indian government has declared that telecom equipments must be certified by TEC before use in India. A proposal to store call data records has also been given. The norms for import of telecom equipments in India would also be formulated very soon (may be already formulated).

At present, India has two separate policy guidelines for import of telecom gear. Chinese vendors such as Huawei and ZTE follow the July 2010 guidelines while Western telecom equipment manufacturers were given the option of following the policy issued in late 2009, after they refused to operate in India under the July rules.

According to latest news, in an internal report, the security unit of the department of telecommunication (DoT) has raised fresh concerns about Chinese equipment vendors - Huawei and ZTE. The report adds that India must also be on the guard against equipment from the West, including US and Europe. It has been reported that the new security norms had brought all these vendors under a common security framework.

To counter the possible threats from foreign hardware vendors, India is encouraging to develop indigenous hardware manufacturing capabilities. In fact, India has announced to give preferences, including tax cuts, to indigenously manufactured telecoms equipment, despite concerns raised by the United States and the European Union, which had said that such concessions would violate WTO commitments.

There is an urgent need to provide reasonable and sufficient regulatory norms regarding telecom security in India. The sooner they are formulated the better it would be for all the telecom stakeholders in India.

National Telecom Network Security Coordination Board (NTNSCB) Of India

Announcement pertaining to telecom security and cyber security in India have been made from time to time. Even a new national telecom policy of India 2011/2012 has also been suggested by Department of Telecommunication (DoT), India.

DoT has also suggested the creation of the Telecoms Security Council of India (TSCI) that would look into security related aspects of hardware and network equipments. In the past proposals for the establishment of Telecom Security Regulatory Authority of India (TSRAI) were also mooted.

However, till now we have no telecom security policy in India and telecom equipments security framework in India. There is no mechanism in India through which telecom hardware and software can be analysed for backdoors and malware. Now Indian government has declared that telecom equipments must be certified by TEC before use in India. A proposal to store call data records has also been given. The norms for import of telecom equipments in India would also be formulated very soon. Similarly, a telecom security policy of India may also be drafted.

In the past news regarding establishment of various authorities to safeguard telecom security in India have also surfaced. These proposed authorities include Authority for Telecom Security in India, Telecom Security Council of India, etc. Further legal framework to streamline telecom related issues in India have also bee suggested. The National Spectrum Act of India is also in pipeline.

Now as per the latest news, Indian government is planning to form a new body to supervise telecom and cyber security in India. This may be a good step in right direction or just another declaration with no actual implementation, just like the past declarations.

The proposed body plans to oversee telecom and cyber security to avoid overlap between various ministries and intelligence agencies that are currently handling this issue. The proposed body has been given the name National Telecom Network Security Coordination Board (NTNSCB) of India.

It has been proposed to establish the same at Department of Information technology (DIT) and it may be headed by the telecom secretary. The NTNSCB will have representatives from the defence and home ministries, intelligence agencies, IT department, intelligence bureau, National Security Advisor and NTRO, among others reports Economic Times.

In addition to suggesting measures to address network security related issues, NTNSCB will also set up objectives and targets to the various departments and agencies handling telecom and cyber security related issues. The NTNSCB may also facilitate the Central Monitoring system (CMS) Project of India. This is a good step and its implementation is urgently required.

Legal Actions Against Offending Foreign Websites In India

Websites based in foreign jurisdictions are engaging in various forms of illegal activities that are offences under Indian laws. For instance, they are openly violating intellectual property rights (IPRs) like copyright of Indian nationals. When these foreign websites are contacted to remove the offending contents, they simply ask you to follow foreign law procedures that are neither practical nor effective for an Indian national.

Take another example. A foreign website is openly hosting defamatory remarks as per Indian laws against you. You request the website to remove the same and the same are still not removed.

Another common example is hosting and publication of pornographic and obscene contents upon a platform or website. Even worst is the case when a morphed photograph of a female member of your family is posted on such platform. You contact the website to remove the same but they never listen to you.

Even worst case is the illegal sales of drugs and medicines online without a prescription slip. Many prohibited medicines are sold in countries through websites in clear disregard of local laws.

Another example may be of offering illegal sex determination tests through websites. Many countries of the world prohibit such testing and India is one of them.

These are some of the examples where day to day lives are affected by culpable conducts in an online environment. Many believe that no effective actions can be taken against such foreign websites in India. However, this is not true.

Under the cyber law of India, appropriate legal actions can be taken against such foreign websites if they have sufficient connection or nexus with Indian jurisdiction. Although an international cyber law treaty is required to being uniformity in legal frameworks yet till such time local laws of India and foreign laws can be invoked to get appropriate remedy.

Further, if nothing works, blocking of such offending websites in India can be undertaken. It would be wrong to suggest that such websites cannot be blocked in India by a court order or through an order of department of information technology, India.

India must formulate appropriate laws or regulations to make such offending foreign websites liable under Indian laws. Further, special regulations for their subsidiaries operating in India must be made so that they cannot do more business than as mentioned in such regulations. A sound tax framework for such subsidiaries must be formulated so that there cannot be any case of tax evasion and tax manipulations by such subsidiaries.

Cyber Law Trends Of India 2012

The cyber law trends of India 2011 were provided by Perry4Law and Perry4Law Techno Legal Base (PTLB). This trend covered many techno legal issues that are of tremendous importance to various stakeholders. However, it seems various stakeholders have still not taken issues like cyber law, cyber security, cyber due diligence, e-discovery, social media due diligence, etc seriously.

The year 2012 would be even more challenging for various stakeholders in India and world wide. This is more so for US based companies and websites that are increasingly involved in various conflict of laws issues with India. Some of the issues that may be challenging of various stakeholders in 2012 include legal issues of cyber security, privacy and data protection requirements, cloud computing security and privacy issues, e-surveillance and Internet censorship issues, cyber due diligence requirements, social media due diligence, data privacy laws, online IP violations including copyright violations issues, etc.

The cyber law due diligence in India struck the first blow in the year 2012. Companies like Google, Yahoo, Microsoft, Facebook, etc are already facing criminal prosecution under the cyber law of India and other criminal laws. So serious is the situation that the executives of parent companies of these companies have been summoned to personally appear before Indian court.

Further, online copyright violations by US websites are also testing the effectiveness of US laws vis-à-vis foreign IP rights enforcement. Many websites in US are talking advantage of the conflict of laws and hide behind US laws to escape copyright violation liabilities. In fact, the US copyright office is trying to streamline the Digital Millennium Copyright Act (DMCA) 1998 requirements pertaining to DMCA agents so that safe harbour protection cannot be misused by US based websites.

Perry4Law and PTLB believe that the year 2012 would bring many techno legal challenges in the fields like cyber law, cyber security, e-discovery, cyber law due diligence, online IP enforcements, etc. Further, new fields like e-legal due diligence and technological legal due diligence in India would also assume significance. It would be a good idea to formulate suitable policies in this regard by various stakeholders.

US Companies, India, Conflict Of Laws And Criminal Liabilities

Companies like Google, Microsoft, Yahoo, etc and social media websites like Facebook, etc are currently facing criminal trail in India for not removing objectionable contents from their respective websites.

According to cyber law of India and laws of other jurisdiction, the safe harbour protection of Internet intermediaries is lost the moment they are notified of the offending act or omission. However, till they are notified regarding offending contents, they are not liable for violations committed by their users.

However, US companies are not following Indian laws and they are insisting upon following of US laws even if Indian laws are clearly violated. For instance, websites located in US are openly violating the copyright of Indian websites and when they are contacted in this regard to remove the copyright violating posts they ask Indians to use US laws like Digital Millennium Copyright Act (DMCA) 1998.

Surprisingly, even if these US companies are informed in writing and with relevant information like weblinks of copyright violating posts and copyright subsisting posts, they still insist upon following of DMCA procedure. What is more frustrating is that a majority of these US websites and companies are themselves not following the requirements of DMCA and hence are not entitled to its safe harbour protection.

Even in the case of cyber laws, US companies are applying US standards and are not following Indian standards. This is a classic situation that is occurring due to conflict of laws. This is also the reason why an international cyber law treaty is required to being harmonious application of cyber law principles.

US need to change its policy regarding enforcement of foreign IP rights and cyber laws. By not respecting the laws of other countries, US websites and companies are imposing laws like SOPA and PIPA upon themselves. Further, companies like Google must pay special attention as they are deriving revenue out of online advertisements placed upon such copyright violating posts. This makes them not only a beneficiary but also liable for damages in appropriate cases.

Companies like Microsoft, Yahoo, Google and Facebook are facing prosecution under the Indian cyber law. Further, if we analyse the cyber law trends in India of 2012 and cyber security trends of India 2012, such prosecutions are going to increase further in future. Insisting upon following of US laws to take action against offenders and websites located in US would not serve any purpose if branches or subsidiaries of such companies are located in India. Further, if such websites and companies fail to comply with Indian laws, Indian government can block such foreign websites in India.

The present litigation before Indian courts is just a beginning and US companies and websites must start respecting Indian laws. If cyber crimes are committed with great disregard to Indian laws and the copyright and other IP rights are openly violated by such companies and websites, their prosecution in India is inevitable. Perry4Law and Perry4Law Techno Legal Base (PTLB) strongly recommend that such foreign companies and websites must ensure cyber due diligence in India to escape various civil, criminal and financial obligations.