Cyber Due Diligence For Indian Companies

Cyber due diligence in India has finally arrived in India. The information technology act, 2000 (IT Act 2000) is the sole cyber law of India. IT Act 2000 prescribes cyber due diligence requirements on the part of various stakeholders like banks, companies, individuals, Internet intermediaries, e-commerce sites, etc.

However, till now cyber due diligence in India has not been taken seriously. This is so because cyber law awareness is not very good among various stakeholders. Similarly, civil and criminal prosecutions for lack of cyber due diligence in India is a rare phenomenon. Since ignorance of law if no excuse, in future cases for lack of cyber due diligence would increase in India.

IT and cyber frauds in Indian companies is increasing these days. However, a majority of Indian companies are not performing cyber due diligence in India. The companies in India are required to follow cyber law due diligence in India and cyber security due diligence in India. In the absence of proper due diligence these companies may find themselves in trouble.

Social media laws in India and social networking laws in India would bring their own share of cyber due diligence. Cyber law on social media and networking sites in India is pretty stringent and employees of a company may violate the same intentionally or unintentionally. Internet intermediary law in India and cyber due diligence cannot be taken lightly in India anymore.

Another sector that is urgently demanding cyber due diligence is banking industry of India. Cyber due diligence for banks in India is long due. Banks and companies in India are facing growing threats from malware attacks, phishing attacks, ATM frauds, online banking threats, trading fraud, etc. If a bank cannot show that it performed cyber due diligence and such cyber frauds and cyber crimes occurred without its negligence, it may be required to bear the financial loss. Presently Indian banks are not complying with cyber law due diligence requirements in India.

Finally, the scope and use of e-discovery in India is also increasing. Whether it is a corporate investigation, civil suit or criminal proceedings, e-discovery is playing a decisive role world over. Further, e-discovery laws and practices in India are developing as well. Even e-discovery related litigation, LPO and KPO services in India are growing.

Perry4Law and Perry4Law Techno Legal Base (PTLB) strongly recommend that cyber due diligence training in India needs to be developed so that cyber due diligence compliances by various stakeholders is possible. This training should be a regular and integral part of the corporate strategy of each company. There is no escape from cyber due diligence in India and companies must accept this reality as soon as possible.

IT And Cyber Frauds In Indian Companies Is Increasing

White collar crimes and financial frauds are increasing in India. By its very nature these high profile crimes affect corporate sector. Indian companies are also facing increased corporate frauds, financial frauds, white color crimes and technological frauds.

With growing dependence upon information and communication technology (ICT) for various corporate functions, corporate systems and corporate assets are exposed to diverse forms of cyber attacks. Further, data privacy laws in India, data protection laws in India, privacy laws in India, etc have further added responsibilities for corporate sector of India.

Further, companies in India are also required to follow cyber law due diligence in India and cyber security due diligence in India. However, absence of techno legal cyber skills and cyber crimes investigation trainings in India, technology related crimes and cyber crimes have increased in India. Companies in India are facing growing threats from malware attacks, phishing attacks, ATM frauds, online banking threats, trading fraud, etc.

Clearly, Indian companies are not prepared to deal with these sophisticated technology crimes and organised crimes. Recently the companies bill 2011 has been tabled in lok sabha that carries few reformatory provisions in this regard. It was planned to give more powers to serious frauds investigation office (SFIO) of India. Under the proposed companies bill 2011, SFIO has been given a statutory recognition. This is a good step as it would help in curbing corporate frauds in India.

Perry4Law and Perry4Law Techno Legal Base (PTLB) strongly recommend that it is high time for Indian companies to take care of the cyber due diligence and cyber security due diligence requirements under various laws of India. These due diligence requirements are essential part of overall audit strategy of each company. The sooner cyber law and cyber security are taken seriously by Indian companies the better it would be for the larger interest of all stakeholders.

Online Dispute Resolution (ODR) In India

Information and communication technology (ICT) is considered to be a good option for resolving disputes of modern days. Concepts like online dispute resolution (ODR) and e-courts are proof of the same.

Unfortunately, neither online dispute resolution in India nor e-courts in India has been accepted and implemented. In fact, we have a single techno legal e-courts training and consultancy centre of India and a single online dispute resolution (ODR) centre in India. Further, Perry4Law Techno Legal Base (PTLB) is the sole techno legal ADR and ODR services provider in India.

The scope for online dispute resolution (ODR) services in India in general and techno legal online dispute resolution (ODR) services in India in particular is really good. However, in order to capatilise the same, an early and proper start is necessary.

Online dispute resolution (ODR) and international response is still lukewarm but at least a beginning has been made there. While international online dispute resolution regime has started exploring use of ICT for disputes resolution, online dispute resolution in Asia is still growing. Online dispute resolution in Asian countries is largely confined to a single or two countries that also to a limited extent. Clearly online dispute resolution standards of practice for India and Asia need to be developed urgently.

In fact, techno legal ODR services have become necessary due to growing use of information technology for business and commercial purposes world over. For instance, ODR and cross border e-commerce transactions are also interrelated. Similar is the case regarding dispute resolution of cross border technology transactions.

Dispute resolution in technology transactions is the upcoming trend in the field of ODR. Dispute resolution of cross border technology transactions is a complicated process if we adopt traditional litigation methods to resolve them. Dispute resolution in technology transactions and dealings requires an effective, timely and cost effective mechanism. Traditional litigation is definitely not the place to achieve these objectives.

Obviously, we need an effective alternative to traditional litigation methods to resolve cross border technology transactions and dispute resolutions. Alternative dispute resolution (ADR) mechanisms like arbitration, conciliation, mediation, etc can be used effectively to resolve these technology transactions disputes. For instance, online dispute resolution (ODR) for cross border e-commerce transactions is already been used to resolved small value disputes.

Similarly, legal issues of media and entertainment industry of India have assumed tremendous importance. Entertainment and media industry dispute resolution in India can be resolved using online dispute resolution. Dispute prevention and resolution in the film and media industry in India is presently not exploring use of online dispute resolution.

However, nothing can strengthen ODR more than international efforts and international coordination activities. International legal standards for online dispute resolution (ODR) and international harmonisation of ODR is urgently required.

United Nations can play am important role in international development and international harmonisation of ODR. United Nations and online dispute resolution are closely related in this regard. In fact, UNCITRAL, ODR and India are interconnected and we need an international harmonisation of ODR legal framework as well as suitable policies at the national level. Efforts in this direction have already been undertaken at the international level and very soon we may see some development in this regard.

Alternative dispute resolution in India is well known in India and we need to make efforts in the direction of ODR as well. While doping so we must keep in mind the requirements of privacy laws in India, dispute resolution and ODR. Online commercial arbitration in India also needs to be developed. The sooner these issues are addressed the better it would be for the growth and development of ODR in India.

Terror Funding Template Of National Investigation Agency (NIA) Of India

National investigation agency (NIA) of India is the exclusive central agency that deals with terrorism related cases in India. It has been created under the National Investigation Agency Act, 2008. It intends to strengthen Indian capabilities to fight terrorism in India.

Terrorist activities heavily depend upon financial resources. Since legal channels of transfer of money are closely guarded, terrorists use illegal means and channels to transfer money. Even fake currency is used by them to support their nefarious activities.

Recently, in case numbered RC/07/2011/NIA/DLI DLI, NIA filed a criminal case under the provisions of Indian Penal Code and Unlawful Activities (Prevention) Act, 1967 against four accused persons. NIA claimed it is a case of circulation of high quality fake Indian currency notes (FICN) by some members of the banned terrorist organisation. Hizbul Mujahideen (HM), in association with the co-accused in the case, based at Malda (W.B.), located near Indo-Bangladesh border pursuant to a criminal conspiracy to fund terrorist activities in the State of Jammu and Kashmir. Investigation will be conducted further to locate the source of FICN.

Now NIA has prepared a Terror Funding Template (TFT), which will help its officials and investigators of states' anti-terror agencies to extract information on terror funding. The Template describes core sources and methods for terror funding and it can be utilised for getting relevant information from terrorists and terror suspects during their interrogation and probe. It can also be used to keep an eye on various other activities that directly or indirectly contribute to funding terrorist organisations in India and elsewhere.

Besides usual source of terror funding through hawala, narcotics trade and printing\circulation of fake Indian currency notes, the Template has taken into account misuse of zakat - giving alms to poor and needy as prescribed by the Quran - to fund terror activities. It has been “indianised” to cover issues and areas relevant for India.

These efforts have been further strengthened by the banking reforms in India. For instance, an integrated modern banking law of India has been recently suggested that can be really helpful in this case. Similarly, Reserve Bank of India (RBI) has prescribed enhanced due diligence measures by banks of India for higher risks customers that include terrorist outfits and organisations.

However, there are some very crucial issues that are posing constitutional problems for the intelligence and security agencies of India. For instance, intelligence gathering in India is unconstitutional. Similarly, counter terrorism capabilities of India are not sufficient and Indian counter terrorism capabilities needs rejuvenation. Finally, parliamentary oversight and constitutional safeguards are missing in the functions of these agencies. Time has come to approach these issues in a holistic manner.

Indian Research And Analysis Wing (RAW) Granted E-Surveillance Powers

Indian government is in controversies these days. Controversial functions like e-surveillance in India, websites blocking in India, Internet censorship in India, etc are performed by Indian government and its agencies without any procedural and constitutional safeguards and without any constitutionally sound legal framework supporting these functions.

India does not have a constitutionally sound lawful interception law. Phone tapping in India is still done in an unconstitutional manner and at times by private individuals as well. Further surveillance of Internet traffic in India is now openly acknowledged by Indian government.

Recently Internet intermediaries in India were asked to pre screen contents before they are posted on their platforms by the account holders. Before that Yahoo took Indian government to court over e-surveillance. In its petition, Yahoo has raised questions on the right to privacy of a company that stores such sensitive data and to what extent authorities can coerce it to part with the information considered necessary to either track terror perpetrators or thwart future attacks.

The intelligence infrastructure of India has become synonymous for non accountability and mess. There is neither any parliamentary oversight nor and transparency and accountability of the working of Intelligence Agencies of India. Intelligence infrastructure of India needs rejuvenation keeping in mind the constitutional obligations. As on date, intelligence gathering in India is performed unconstitutionally.

Among all these controversial issues, now the Ministry of Home Affairs has added and notified the intelligence agency, the Research and Analysis Wing (RAW) in the list of eight agencies to intercept phone calls, e-mails and data communications. This would give RAW a cover for intercepting phone calls, e-mails and voice and data communication domestically.

RAW would not be able to deploy its communication interception equipment at international gateways to snoop on all forms of data, be it international telephony emanating from India, or any form of electronic data including e-mails. However, this notification has failed to mention how such interceptions would be in conformity with civil liberties protection in Indian cyberspace.

Intelligence Gathering In India Is Unconstitutional

Intelligence gathering and fighting terrorism are essential national security and sovereign functions. They cannot be equated at par with other governmental functions. That is the reason why every country provides some extra protection and immunity from public scrutiny to such functions.

None can doubt that Indian counter terrorism capabilities need rejuvenation. We have an obvious but unresolvable terrorism dilemma in India. With the growing use of social media by cyber criminals and terrorists, the intelligence agencies world over are engaging in open source intelligence through these social media and platforms.

However, the real problem is that in India intelligence agencies and law enforcement agencies are practically governed by no law. Whether it is Central Bureau of Investigation (CBI) or Intelligence Agencies of India, none of them are presently “accountable” to Parliament of India.

Even the constitutional validity of national investigation agency act, 2008 is still doubtful. Further, India does not have a constitutionally sound lawful interception law. Phone tapping in India is still done in an unconstitutional manner and at times by private individuals as well.

E-surveillance in India, websites blocking in India, Internet censorship in India, etc are also not done a strictly constitutional manner. Till now Indian courts have not tested the acts of intelligence agencies of India on the touchstone of constitutional protections. There is no e-surveillance policy in India and protection of human rights in Indian cyberspace has still not been considered by Indian government.

In fact, intelligence infrastructure of India has become synonymous for non accountability and mess. There is neither any parliamentary oversight nor and transparency and accountability of the working of Intelligence Agencies of India. Intelligence infrastructure of India needs rejuvenation keeping in mind the constitutional obligations.

A private Bill titled Intelligence Services (Powers and Regulation) Bill, 2011 was circulated in the last session of the Parliament. However, instead of discussing the same in the current Monsoon Session (August 2011) and winter session (December 2011) of the Parliament, Indian Prime Minister Dr. Manmohan Singh has announced that Law on Intelligence Agencies would be formulated soon.

The national intelligence grid (Natgrid) project of India is also without any constitutional safeguards. The Cabinet Committee on Security (CCS) has also given only “Partial In Principle Approval” to NATGRID Project. Since NATGRID Project is not supported by any Legal Framework and Parliamentary Oversight, the “Crucial Stages” of NATGRID Project has not yet been approved by the CCS. Thus, NATGRID Project of India is still in troubled waters as lack of Privacy Laws and Data Protection Laws has put it in doldrums.

On top of it we have the proposed central monitoring system (CMS) project of India that has been proposed without any parliamentary oversight. Further, stress upon Internet kill switch is also given by India without realising that Internet kill switch is not a solution to cyber threats. Anti Internet kill switch measures are needed to prevent Indian government from taking recourse of any such unconstitutional and draconian action.

Finally, intelligence gathering skills developments in India are far from satisfactory. Intelligence agencies of India are insisting upon use of 40 bits encryption level in India. This has been suggested so that surveillance of Internet traffic in India is possible. However, e-surveillance is not a substitute for cyber skills. Encryption policy of India is urgently needed to resolve all these issues.

Presently, Indian government and intelligence agencies of India are engaging in many unconstitutional activities that are not subject to any parliamentary or judicial scrutiny. It is high time to bring some order in the chaos created by this situation unless it is too late.

E-Delivery Of Public Services Development Policy Loan (DPL) Project Of India

Electronic delivery of services is an effective method to introduce transparency in governmental dealings and to reduce corruption therein. Similarly, e-delivery of services can also bring efficiency that can reduce costs and unnecessary time taking by government departments.

For instance, Securities and Exchange Board of India (SEBI) is planning to use electronic initial public offer (E-IPO) in India. With this investors would be able to bid for shares electronically and without the need for signing any papers physically. This could also be used as a mean to provide an exit to companies which are listed exclusively on defunct exchanges.

Similarly, Indian judiciary is exploring the possibility of using an electronic bail communication system in India. This system would ensure sending of bail order in real time so that unreasonable detention in jail can be avoided.

Further, with the passing of the proposed Cable TV Networks (Regulation) Second Amendment Bill 2011 of India, digital television services would be offered to consumers at affordable prices and with superior quality.

Even on the front of social networking, Indian government is considering enacting a framework and guidelines for use of social media for government organisations. This would ensure an interaction between government departments and general public on crucial issues and public grievances. A good social media policy of India can be really helpful in this regard.

Even private outsourcing models have been developed where citizen to government LPO and KPO services in India would be extended in future. This would be an extension of e-delivery of services from private sector to the government in India as pioneered by Perry4Law and Perry4Law Techno Legal Base (PTLB).

Recently the World Bank and Indian government signed a loan agreement of $150 million for the e-delivery of public services in India. In order to get the benefits of such loan, electronic services delivery in India has been proposed in the past. E-delivery of public services in India would still take few years as we have no legal framework for mandatory e-governance in India.

With the proposed draft Electronic Delivery of Services Bill 2011 (EDS Bill 2011) Indian government has for the first time shown its willingness to provide e-governance services in India. However, the proposed Draft Electronic Services Delivery Bill 2011 “failed” to provide mandatory e-governance services in India. The real problem with Indian e-governance initiatives in general and proposed ESD Bill 2011 in particular is that legal framework for mandatory electronic services delivery in India is still missing from it.

Legal framework for mandatory e-governance services in India is long due. Till mandatory e-governance services in India are ensured, e-delivery services in India cannot succeed.

An electronic services delivery policy of India must be formulated as soon as possible that must mandate a compulsory e-delivery of services in India. Such e-delivery of services must be provided in a time bound manner to be successful. Till now there are no hints of these pre requisites and the e-delivery of public services DPL project of India cannot succeed in these circumstances.

The Cable TV Networks (Regulation) Second Amendment Bill 2011 Of India

Entertainment and media industry in India is witnessing an incredible growth rate. Indian government is also streamlining the legal frameworks that would help in the sustainable growth of media and entertainment industry in India.

Technological advances and the need to shift from analog spectrum to digital broadcasting by television broadcasters have put digital television (DTV) on a fast track. At the same time, development of digital television has necessitated balancing competing interests – those of content holders, and those of the consumer and technological industries.

Once the switch from analog to digital broadcasts is complete, analog TVs are incapable of receiving over-the-air broadcasts without the addition of a set-top converter box. Consequently, a digital-to-analog converter, an electronic device that connects to an analog television, must be used in order to allow the television to receive digital broadcasts.

However, this shift from analog to digital broadcasting in India is required to be done keeping in mind various techno legal aspects. Legal issues of entertainment and media industry of India are yet to be resolved especially the techno legal issues. This transition to digital television in India must be done in a systematic and techno legal manner.

Recently, Parliament of India gave its clearance for the initiating the digitisation step in the country. It passed the Cable TV Networks (Regulation) Second Amendment Bill 2011 in this regard. The Bill will now go to the President for her assent before it is notified as an Act.

The consumer will now be free to choose the channels he/she wanted instead of being forced to accept the bouquets offered by the direct-to-home operators or multi-system operators. The Telecom Regulatory Authority of India (TRAI) has been authorised under the Bill to fix the tariff for a-la-carte basis.

The drive will now allow multi-specialty operators and big DTH players to grab a larger pie of shares from local cable operators, who are reported to declare lower subscriber numbers and in turn revenues. Digitisation would also give a true assessment of the subscriber base of the broadcasters. Under the new regime, all satellite channels will be beamed to houses through set-top boxes. The government is also assuring cable operators that the proposed move would not harm them.

The measure is claimed to be a major step which would enable digitisation of the analog TV network and bring India on a par with other countries like US, Britain, Korea and Taiwan. The cable and satellite television industry is expected to be worth Rs.20,000 crore. Some contend that this legislation would end the fight for more TRPs among channels. The government would also stand to benefit as it would ensure proper tax collection. According to an estimate, carriage and placement fee contribute around 20 percent of the total cost of running a channel.

Indian media and entertainment industry may face the legal challenges of Intellectual Property Rights (IPRs) laws and cyber law of India. IPRs laws like copyright, trademark, etc may be frequently violated and occasionally invoked to redress IPRs violations of media and entertainment industry in India. Similarly, online IPRs issues like domain name disputes may also be agitated in the future. Similarly, media and entertainment industry must keep in mind the mandates like “cyber due diligence” and other provisions of Information Technology Act, 2000.

Media and entertainment industry will also face technological challenges in future. For instance, the issues pertaining to digital preservation of entertainment industry products may assume significance in future. All these issues require sound planning and actual implementation so that media and entertainment industry of India can grow.

Electronic Bail Granting And Communication System In India

Granting of bail in a criminal matter ensures the right to life and liberty of an individual. While granting a bail, it is ensured that the normal life off the grantee is not jeopardised due to the initiation of a criminal proceeding. In many cases, although the bail is granted yet its communication and final execution may take some time. This seems to be an unreasonable exercise and avoidable evil.

Information and communication technology (ICT) can easily, instantly and most effectively solve this problem that Indian judiciary has unnecessarily prolonged. Use of ICT for judicial and legal reforms in India is well recognised and establishment of e-courts in India could bring many far reaching legal and judicial reforms in India.

Although e-courts project of India has been launched since 2003 yet it has still not seen the light of the day. There are many reasons why e-courts in India failed to take a start. Lack of will and technical expertise seem to be the main reasons. We must concentrate upon “e-courts capacity development” aspect that is still missing. We have to ensure e-courts related skills development in India that is presently missing. Further, ICT training for judges in India is also long due.

Establishment of e-courts in India must be expedited. We have a single techno legal e-courts training and consultancy centre of India managed by Perry4Law Techno Legal Base (PTLB) that is working in this direction.

However, some positive developments are also taking place in India. Few judges in India are encouraging use of ICT for judicial purposes and to ensure a speedier justice. For instance, it has been recognised that bail orders through e-mail can be sent. Further validity of electronic legal notices in India is by and large confirmed and acknowledged.

Supreme Court of India recently decided to experiment with email notices to respondents to cut the delay in the traditional method of serving notices. The bench clarified that it is not making a new rule but providing for an additional mode for service of notices. The traditional method of notice sending is still kept intact.

The bench also realised that there may be some difficulties in implementing this initiative. It asked all the lawyers present in the court about putting in practice the serving of notice through emails, at least to start with in commercial matters.

Recently a petition in Bombay High Court challenged the detention of an accused that has been either acquitted or released on bail. It was contended that if the accused are acquitted or released on bail, the time taken to communicate the acquittal by the court to jail authorities resulted in illegal detention. In order to mitigate the hardships to such accused, it was suggested that the current practice of using snail mail for communication of acquittal and bail orders be replaced with a web-based service that links all district courts. The court inquired as to the cyber security efficacy of this proposal and asked the National Informatics Centre (NIC) to give its opinion in this regard. The NIC vouched for the feasibility and cyber security of such a proposal.

However, NIC opined that while a web-based portal would be safe as a temporary measure, using emails for communication would be vulnerable to fraud. NIC suggested two methods - delivery through web portals and emails, and highlighted security issues and procedures to ensure that no fraudulent orders are accessed for action. NIC also suggested that in future digital signatures can also be sued to further secure such electronic communications.

This is a good development in the right direction. It would be even better if granting of bail itself can be done in a cyber secure online environment. When e-courts are finally established in India, both application for bail as well as its granting and communication can be done through online mechanisms. Perry4Law and PTLB strongly recommend use of such methods in future.

E-Commerce Laws In India

Technology has brought many important changes the way we deal in our day to day lives. Whether it is e-governance or e-commerce, individuals and companies are equally benefited due to use of technology.

Realising that cyberspace can bring many commercial benefits; both individuals and companies are ensuring that they have strong online presence. More and more brand promotion and protection in India are done these days in an online environment. Companies and individuals are also ensuring domain name protection in India so that their reputation and goodwill is not misappropriated by others.

We have no dedicated e-commerce laws in India. However, the information technology act 2000 (IT Act 2000), which is the sole cyber law of India, is regulating the e-commerce business and transactions in India. Internet intermediaries liability in India under the IT Act 2000 is very stringent. Cyber law due diligence in India is one aspect that all e-commerce site owners must frequently engage in.

Electronic commerce in India (E-commerce in India) has slowly and steadily entered the Indian market. Toady from tickets booking to purchasing of good and services, everything happens in an online environment.

Of course, where commercial transactions occur, disputes and differences are bound to occur. To prevent and resolve these disputes we need norms, regulations and laws that are acceptable to all the stakeholders.

The e-commerce law of India is primarily incorporated in the information technology act, 2000 (IT Act 2000) that takes cares of legal obligations of both sellers and buyers of good and services in cyberspace.

The IT Act 2000 prescribes rules and norms for online contract formulation. The traditional concepts of offer, acceptance etc, as applicable under the contractual laws, have also been covered by the IT Act 2000. The only difference is that they have been customised as per the requirements of cyberspace.

However, e-commerce transactions and contracts also attract certain additional legal liabilities that e-commerce players in India are not very much aware. For instance, very few e-commerce players in India are aware that they are “intermediaries” within the meaning of IT Act 2000. Further, there are very few e-commerce lawyers and law firms in India that can provide expert services in this regard.

Further, other laws, including intellectual property laws, make these e-commerce players labile for civil and criminal actions. For instance, these e-commerce players can be held liable for online infringement of copyright in India of the copyright owners.

Similarly, if any person posts an offending material at the e-commerce site or otherwise deal with the e-commerce site in an illegal manner, the e-commerce site owner may find himself in trouble.

Cyber law due diligence in India is one aspect that all e-commerce site owners must frequently engage in. The present laws of India are stringent in nature and subsequently claiming ignorance of such laws would not make much difference.

Perry4Law and Perry4Law Techno Legal Base (PTLB) strongly recommend that before opening an e-commerce site or business, the owner of the same must consult a good techno legal law firm that can advice him upon all the possible and applicable aspect of e-commerce laws in India.

Cyber Law On Social Media And Networking Sites In India

Social media and networking sites have a crucial role to play. Now even governments across the world acknowledge this importance of social media websites. India is one such country that is currently trying to deal with social media sites. However, we have no dedicated social media laws in India. It has even been reported that guidelines for social media contents monitoring in India would be issued very soon.

However, till now we have no social media policy in India. Even we do not have dedicated social networking laws in India that can take care of the misuses of social platforms. However, the framework and guidelines for use of social media for government organisations has been recently suggested by department of information technology. Theses guidelines provide an Indian social media framework for governmental departments and organisations that employees of these organisations must follow.

Social media is considered to be an Internet intermediary as per Indian cyber law. The recent controversy of Internet censorship in India has once again reiterated the importance of effective social media laws in India.

Cyber law due diligence in India has become very stringent. This applies to various fields and to multiple stakeholders. For instance, cyber due diligence for banks in India is now a well known requirement for banks in India. However, Internet intermediaries are the most widely covered stakeholders in this regard. Intermediaries liability for cyber law due diligence in India is really tough.

Indian government is very keen in regulating the contents of social media in a constructive manner. This occasionally results in censorship of Internet in India. Further, Indian government is now openly acknowledging surveillance of Internet traffic in India.

Recently Internet intermediaries in India have been asked to pre screen contents before they are posted on their websites. India wants companies like Google and Facebook to censor users’ contents before they are posted.

In a related incidence, Yahoo has filed a petition raising the questions regarding the right to privacy of a company that stores sensitive data of its customers and users and to what extent authorities can coerce it to part with the information considered necessary to either track terror perpetrators or thwart future attacks. The Google’s outcry for lack of Internet intermediary law in India is another example of growing dissatisfaction towards Indian cyber laws, especially Internet intermediary laws of India.

However, social media sites have certain techno legal obligations and liabilities as per Indian laws. For instance, social networking sites are liable for online IPRs violations, including online copyright violations in India. Although we have no law on the lines of online copyright infringement liability limitation Act (OCILLA) of United States yet the “safe harbour” provisions protecting intermediaries are not available under certain conditions as per Indian laws. Social networking sites must be aware of these limitations while operating in India. However, if social media sites are working within the framework of Indian laws, unreasonable e-surveillance, Internet censorship and websites blocking should not be by Indian government.

The corporate environment of India is changing rapidly as per global; requirements. Corporate laws in India are proposed to be streamlined with the introduction of the proposed Companies Bill 2011. The foreign direct investment (FDI) in India has been liberalised in many sectors. Even FDI in pharmaceuticals sector in India has been liberalised. Securities and Exchange Control Board (SEBI) has also proposed an electronic Initial public offer in India (E-IPO in India). These steps are pointing towards and open and transparent governmental functioning and not e-surveillance and Internet censorship oriented model.

Internet censorship in India can create problems for not only FDI in India but also for the growth of various sectors including banking sector of India. An integrated modern banking law for India is already in pipeline and an e-surveillance model of India would not be beneficial for the same.

Perry4Law and Perry4Law Techno Legal Base (PTLB) strongly recommend that Indian government must enact strong and effective social media laws, e-governance laws and e-commerce laws in India. Social networking laws in India must be so drafted as would benefit all the stakeholders.

Social Networking Laws In India

With the fast growing social networking platforms in India it has become essential to enact effective social media laws in India. Presently social networking laws in India are not mature enough to take care of social media in the most appropriate manner. Social media is considered to be an Internet intermediary as per Indian cyber law. The recent controversy of Internet censorship in India has once again reiterated the importance of effective social media laws in India.

Social networking in India has increased tremendously. This has also given rise to many legal issues as well. Most of these legal issues are related to online acts or omissions that are resulting in giving rise to civil and criminal liabilities.

Laws ranging from intellectual property rights (IPRs) to information technology laws are applicable to social networking acts or omissions in India. The growing demands for cyber due diligence in India has further necessitated for adopting of a sound social networking policy in India by various stakeholders.

Social networking media is an “intermediary” within the meaning of Indian information technology act 2000 (IT Act 2000). Thus social networking sites in India are liable for various acts or omissions that are punishable under the laws of India. For instance, social networking sites are liable for online IPRs violations, including online copyright violations in India.

Although we have no law on the lines of online copyright infringement liability limitation Act (OCILLA) of United States yet the “safe harbour” provisions protecting intermediaries are not available under certain conditions as per Indian laws. Social networking sites must be aware of these limitations while operating in India.

At Perry4Law and Perry4Law Techno Legal Base (PTLB) we have been spreading public awareness about social networking issues in general and cyber laws in particular. We hope that social networking sites would be cautious while operating in India.

Social Media Laws In India

Social media laws in India are in limelight these days. Social media websites are very popular among technology savvy as well as ordinary Netizens. More and more Netizens are joining social platforms to share their opinions, views, data and details. However, social networking laws in India are not adequate and properly drafted.

Social media includes social networking sites, blogs, forums, wikis, etc. Social media is growingly seen as a medium to connect with millions of professionals, friends and like minded individuals and organisations.

India is also witnessing a growing revolution of information and communication technology (ICT) and social media usage. However, till now we have no social media policy in India. Even we do not have dedicated social networking laws in India that can take care of the misuses of social platforms.

However, the framework and guidelines for use of social media for government organisations has been recently suggested by department of information technology. Theses guidelines provide an Indian social media framework for governmental departments and organisations that employees of these organisations must follow.

Perry4Law and Perry4Law Techno Legal Base (PTLB) strongly recommend that Indian government must enact strong and effective social media laws, e-governance laws and e-commerce laws in India. These three fields are going to assume centre stage in the near future and their regulation by Indian government would be required.

Till now India has enacted a single technology law in the form of information technology act 2000 (IT Act 2000). It has tried to cover all the three issues but not with great success. This is so because these three fields are very vast and require a different treatment and separate law. Perry4Law and PTLB strongly recommend enacting suitable laws in this regard.

Internet Censorship In India

Internet in India is under potential threat of censorship and e-surveillance. Internet censorship in India has increased a lot. Similarly, e-surveillance in India has also increased to intolerable limits.

India has a draconian but cyber criminals’ friendly cyber law in the form of information technology act, 2000 (IT Act 2000). It was amended in 2008 to confer unregulated e-surveillance, Internet censorship and website blocking powers to Indian government and its agencies. The present cyber law of India is an unconstitutional one in the absence of procedural safeguards that can prevent these abusive draconian powers under the IT Act 2000. It requires an urgent repeal.

On top of it we have the proposed central monitoring system (CMS) project of India that has been proposed without any parliamentary oversight. Further, stress upon Internet kill switch is also given by India without realising that Internet kill switch is not a solution to cyber threats. Anti Internet kill switch measures are needed to prevent Indian government from taking recourse of any such unconstitutional and draconian action.

Website blocking and Internet censorship should be resisted as far as possible in India. This fight should be techno legal in nature where both technical and legal measures must be adopted to thwart surveillance and censorship activities of Indian government and its agencies. Proactive self defence in cyberspace is needed not only against alien enemies but also against our own Orwellian government.

Self defence in cyberspace is a concept whose time has come at both national and international level. At the national level of India self defence is required not only against cyber criminals but also against our own over zealous and e-surveillance oriented Indian government. Suggestions have been given in the past that United Nations (UN) must protect human rights in cyberspace as well. However, UN is not serious about protecting human rights in cyberspace.

At the national level, Indian government acquired itself unregulated, illegal and unconstitutional e-surveillance, Internet censorship and website blocking powers with no procedural safeguards. The information technology act, 2000 (IT Act 2000) was amended through the information technology amendment act 2008 (IT Act 2008) and this amendment gave unconstitutional and illegal powers to Indian government and its agencies. With the notification of the IT Act, 2008, the journey from welfare state to a police state was completed for India.

Instances of website blocking in India and Internet censorship in India have increased a lot. What is more worrisome is the fact that e-surveillance and Internet censorship in India have increased without any lawful interception law in India. Lawful interception law in India is missing and phone tapping in India is done in an unconstitutional manner.

Of all e-surveillance project, nothing is worst than the Aadhar project of India and its implementing unique identification authority of India (UIDAI) headed by Nandan Nilekani. Irrespective of what Nandan Nilekani and Indian government says, Aadhar project and UIDAI are serving a very vicious, evil and nefarious objective of e-surveillance without procedural safeguards. Surprisingly, even Google is censoring results pertaining to Aadhar project and UIDAI and is messing up with search placement results.

Now Internet intermediaries in India have been asked to pre screen contents before they are posted on their platforms by the account holders. India wants companies like Google and Facebook to censor users’ contents. In fact, Goggle web censorship has greatly increased in the past. Perhaps somebody at Google was already doing the pre screening of some web contents in India, with or without knowledge of Google.

Google has been in controversies from time to time. Whether it is illegal data gathering, censorship of Google news searches, manipulation of search results, etc, Google has been doing it all. In fact, it seems Google was actively helping Indian government and its agencies for messing up with Aadhar project, UIDAI, World Bank or any other similar post that questions the wrong practices of Indian government. During that period Google continued its censorship drive in India and many posts failed to appear in news, blogs and search segments.

What Internet intermediaries are facing now is a direct result of their succumbing to Indian government pressure and unconstitutional laws like IT Act 2008. They should have challenged the constitutional validity of IT Act 2008 that is the root cause of all these troubles. Fortunately Yahoo took Indian government to court over e-surveillance and more such litigations are expected in the near future. Let us see how cyber law of India would develop in this regard.

Online Dispute Resolution Services Are Growing

International online dispute resolution (international ODR) is no more a fiction. With growing disputes being resolved through an online mechanism, ODR has also assumed significance. ODR has significant advantages over not only traditional litigation methods but also against alternative dispute resolution (ADR) mechanisms.

International community is working really hard in the direction of recognising use of ODR as an effective dispute resolution mechanism. For instance, European Union has been considering use of ODR for cross border consumer disputes. Similarly, efforts of United Nations to streamline ODR are also well known. Similarly, use of ODR for cross border e-commerce transactions is also suggested. Similarly, WIPO is also using ODR for dispute resolution.

These international efforts must also be implemented at the national level. In other words, ODR needs international harmonisation to be effective. If we implement ODR at the international level alone, using ODR at national level would never be successful.

For instance, online dispute resolution in India is still evolving. ADR and ODR services in India are still in their infancy stages. Obviously, online dispute resolution services in India are still maturing. We have very few online dispute resolution centers in India. Further, Perry4Law Techno Legal Base (PTLB) is the sole techno legal ADR and ODR services provider in India.

Interest in ODR must be invoked among the stakeholders at both national and international level. ODR can be really effective where stakeholders are located at different jurisdiction. With the help of technology, disputes can be resolved without even leaving the residence of any party. Let us hope that ODR would be used at mass scale and at all levels to resolve disputes in the best possible manner.

Surveillance of Internet Traffic In India

E-surveillance in India is no more a secret as Indian government is openly engaging in e-surveillance activities. This is despite the fact that an unregulated and unguided e-surveillance is violating the civil liberties protection in cyberspace in India.

Now e-surveillance is proposed to be expanded to even mobile infrastructure. The cell site location based e-surveillance in India is also in contemplation. Cell site data location laws in India and privacy issues are once again bypassed for this proposal. Even the e-surveillance policy of India is missing that can provide some safeguards against illegal and unconstitutional e-surveillance in India.

Similarly projects like Aadhar project of India, central monitoring system project of India, etc are also intended to strengthen the e-surveillance capabilities of India without and constitutional safeguards.

On the top of India, India is trying every possible method to discourage the cyber security initiatives like encryption. Encryption policy of India is missing and so are encryption laws in India.

Now Indian government has forced the telecom service providers and internet service providers (ISPs) to deploy monitoring equipment for surveillance of internet traffic as per the conditions of the respective license agreements and as per the requirements of security agencies. At present, indigenous internet monitoring systems are being deployed in the network of ISPs.

Based on the feedback and traffic projections provided by the ISPs, the internet monitoring systems are upgraded and deployed continuously as per the requirement of security agencies.

India needs to upgrade its intelligence infrastructure that is in real mess. Intelligence agencies need to develop intelligence gathering and analysis skills so that situations like the present one can be taken care of. E-surveillance is not a substitute for cyber skills and Indian government and its agencies must realise this truth as soon as possible.

Even by forcing the telecom service providers and ISPs to filter internet traffic at large would not serve any purpose. Cyber criminals and terrorists are already well aware to use sophisticated technology to hide their tracks. This exercise would only violate the civil liberties of law abiding citizens.

Fortunately, Yahoo has dragged Indian government regarding e-surveillance to the Delhi High Court and a judicial scrutiny of e-surveillance in India may be possible. Time has come to consider all these aspects in detail and at the highest levels by the Indian government and parliament of India.

Yahoo Took Indian Government To Court Over E-Surveillance

E-surveillance in India has become a big nuisance for intermediaries like internet service providers (ISPs), e-commerce sites, search engines, e-mail providers, etc. The liability of Internet intermediaries for copyright violations is also well known that has further increased the troubles of intermediaries in India.

Intermediaries liability for cyber law due diligence in India has become very stringent after the information technology amendment act 2008 has been notified. Information technology act 2000 (IT Act 2000) now carries many e-surveillance, websites blocking and Internet censorship provisions.

The problem is that there are “no procedural safeguards” subject to which these wide and sweeping powers can be exercised. This is also the reason why these provisions are unconstitutional and illegal as they are violating the provisions of Indian constitution.

However, in the larger interests of their commercial activites in India, these intermediaries not only accepted the draconian amendments in the cyber law of India but they are also complying with the legal as well as illegal orders of Indian government and its agencies. However, this approach would be counter productive for them in the long run and they must come forward against such laws and draconian provisions.

Yahoo has taken a very significant step in this regard. Yahoo has approached the Delhi High Court against the Union home ministry's attempts to obtain information about nearly a dozen Yahoo IDs/IP addresses it suspects are used by Islamic terrorists and Maoists.

Yahoo has challenged the legality of the government's decision to penalise it by slapping it with a fine of Rs 11 lakh because Yahoo refused to share profile details of the users of these email ID's that are under the scanner of the agencies. Recently, the HC stayed the imposition of the fine, and sought a response from the Centre.

In its petition, Yahoo has raised questions on the right to privacy of a company that stores such sensitive data and to what extent authorities can coerce it to part with the information considered necessary to either track terror perpetrators or thwart future attacks. "The government cannot under the cloak of national security implications bypass legal procedures," the petitioner has argued, claiming the section and clauses invoked by the Union ministry to demand information from Yahoo doesn't empower the government to do so.

Yahoo has taken a bold step that even companies like Google have not been able to do so. The matter is pending before the Delhi high court that has a good chance to bring some order in the otherwise chaosed e-surveillance world of India. The issue of phone tapping and privacy violations in India is also pending before the Supreme Court of India.

The matter must also be looked from another angle. Human rights protections in cyberspace in India are not safeguarded at all. Even at the international level United Nations has not shown much interest in protecting civil liberties in cyberspace. The data privacy laws in India are also missing. In short, there is complete negation of human rights in cyberspace in the Indian context.

Yahoo’s case may bring to the knowledge of Indian courts this situation and we may expect some respect for the constitutional rights and freedoms that are seldom respected in India these days.

Data Privacy Laws In India

Privacy rights and data protection are essential for protecting civil liberties and commercial interests. We do not have a dedicated privacy law in India as well as data protection law in India. There is no second opinion that privacy laws in India and data protection law in India is needed.

Privacy rights and laws in India have been ignored for long. Privacy rights in India in the information era are seldom respected in India. Although right to privacy bill of India 2011 has been suggested many times in the year 2011 yet till now we do not have any conclusive draft in this regard that can be introduced in that parliament of India. In fact, we are still waiting for a public disclosure of final and conclusive proposed draft right to privacy bill 2011 of India that can be discussed in the parliament.

Fortunately, the issue of phone tapping and violation of privacy rights as a result of the same is pending before the Supreme Court of India. The unconstitutional phone tapping in India is wide prevalent and the Supreme Court of India must also address this issue.

The Supreme Court of India must expand privacy rights in India as that is the need of hour. Fortunately, the issue is already pending before it and there would not be much trouble in formulating a privacy framework for India.

However, the real solution can come from the parliament of India alone. The parliament of India must pass strong and effective privacy and data protection laws for India. Even there is a need to revisit the telephone tapping legal framework of India.

At the executive level, Indian government must formulate the national privacy policy of India that must address all these issues. Unfortunately, Indian government is deliberately avoiding these crucial issues on one pretext or other. In the larger interest of India and as a direct obligation under the constitution of India, executive, legislature and judiciary must protect the fundamental rights and civil liberties of Indian citizens.

Are Indian Satellites Safe From Cyber Attacks?

Cyber attacks and cyber espionage by one nation against another are very common these days. Though nations are attacking one another through cyber intrusions yet none of them come forward to accept the same. Whether we like it or not but cyber attacks and cyber espionage would continue to be used by various nations against each other.

This process is a part of traditional strategic information gathering by defence forces, intelligence agencies, etc. For instance, the systems and techniques capable of destroying an adversary’s satellites have been a major focus of arm race in outer space. With the active use of Internet, the same process has taken a shape of cyber espionage and cyber attacks.

Naturally, we must focus upon a robust and effective cyber security in India. For instance, Indian preventive and offensive capabilities against cyber warfare must be developed to ward off growing incidences of cyber espionage and cyber attacks against India.

Indian critical infrastructure if frequently targeted by cyber attacks. Malware like Stuxnet and Duqu are increasingly found in the computers managing the critical infrastructure of India. In fact some believe that Stuxnet was also responsible for the destruction of an Indian broadcasting satellite. Cyber security of Indian satellites is a natural choice in these circumstances.

The Indian government must deliberate upon cyber threats like cyber espionage and cyber warfare that are increasingly targeting strategic computers and facilities. With growing interest in cyber security, this may be achieved within few years in India.