Sunday, March 4, 2012

National Cyber Coordination Centre (NCCC) Of India

India has too many agencies and authorities and they are scattered all over India. For practical reasons, there are no centralised agency that can manage law and order and cyberspace related issues. This is resulting in increased cyber attacks and cyber crimes committed against India and Indian citizens.

Cyber law issues, cyber security and national security are on agenda of Indian government these days. However, till now cyber security in India is not upto the mark and cyber law of India requires an urgent repeal. This is because the entire approach and attitude of India government is defective.

Indian government has failed to understand that e-surveillance is not a substitute for cyber security capabilities. Instead of developing cyber security capabilities of India, the Indian government is stressing upon growing use of e-surveillance in India and Internet censorship in India.

All these exercises of India government have been done without any legal framework supporting these initiatives of Indian government. Phones are tapped in India without a constitutionally valid phone tapping laws in India. The central monitoring system project of India (CMS Project of India) is also not supported by any legal framework. Surveillance of Internet traffic in India is also another area that requires a sound legal framework. Various authorities with far reaching powers have been created without any legal backing.

Now the government has proposed setting up of National Cyber Coordination Centre (NCCC) of India. The NCCC would provide actionable alerts to government departments in cases of perceived security threats. It is hoped that this would help in fighting terrorists and other cyber criminals.

The NCCC will scan whole cyber traffic flowing at the point of entry and exit at India's international Internet gateways. The web scanning centre will provide actionable alerts for proactive actions to be taken by government departments. All government departments will now talk to the Internet Service Providers (ISPs) through NCCC for real time information and data on threats. Presently, the monitoring of web traffic is done by Centre for Development of Telematics (C-DoT) which has installed its equipments at the premises of ISPs and gateways.

All tweets, messages, emails, status updates and even email drafts will now pass through the new scanning centre. The centre may probe further into any email or social media account if it finds a perceived threat.

India's National Security Council Secretariat (NCSC) has asked various departments to assess their needs for officials, who will coordinate with the scanning agency. The National Security Council handles the political, nuclear, energy and strategic security concerns of the country.

This can be another agency without a legal framework. Creating agencies without legal framework is counter productive as it violates civil liberties and human rights. Parliamentary oversight of intelligence agencies of India and proposed NCCC is absolutely required. The Indian government must keep this in mind while creating NCCC.

Thursday, March 1, 2012

Cell Phone Laws In India

Legal enablement of ICT systems in India is posing big challenge before India. Cell phone laws in India are just one of the examples of such legal enablement. Although we have a cyber law for India yet we have no dedicated mobile phone law and mobile phone laws in India are needed. Similarly, efforts must also be made to strengthen the mobile cyber security in India.

With the launch of projects like central monitoring system (CMS), national cyber coordination centre (NCCC) of India, etc the requirements to have valid e-surveillance and cell phone laws are imminent.

Cell phone or mobile phone laws in India have still to evolve. Presently provisions pertaining to cell phones are scattered under various statues and governmental guidelines and rules. However, we have no dedicated cell phone laws in India.

Cell phones are playing important role in day to day activities of Indians. They are used for multiple purposes that cover both personal and commercial transactions. We cannot ignore the commercial, contractual and legal significance and consequences of cell phone transactions in India. This necessities enactment of dedicated cell phone laws in India.

However, positive developments in this direction are not happening in India. On the contrary, negative development infringing civil liberties in cyberspace are taking place in India. Human rights protection in cyberspace cannot be ignored the way Indian government is doing presently.

For instance, the proposal to allow department of telecommunication (DoT) to monitor cell phone locations in India is one such controversial issue. Big brother must not overstep its limits in India. Even proposed cell site based e-surveillance in India has crossed this limit well beyond those permitted by Indian Constitution.

We must have well defined procedure and cell site data location laws in India. As we have no dedicated privacy laws, data protection laws, data security laws, anti telemarketing laws, anti spam laws, etc, cell phones monitoring in India is not legally sustainable.

Even the proposed central monitoring system (CMS) project of India is not legitimate and legally sustainable as there is no legal framework that justifies its operation in India. Currently there is no phone tapping law in India that is constitutionally sound and we urgently need a lawful interception law in India. Similarly, the colonial phone tapping laws of India must be repealed and new and constitutionally sound phone tapping laws in India must be formulated.

DoT is excessively favouring e-surveillance in India and surveillance of Internet traffic in India. We need a legally valid e-surveillance policy of India to address these issues. Internet censorship in India has greatly increased and now the intelligence agencies of India want to ensure monitoring of cell phone usages in India as well. This is troublesome as parliamentary oversight of intelligence agencies of India is missing and this clearly violated the constitutional safeguards.

It is high time that Indian government must enact constitutionally sound cell phone laws in India so that civil liberties and law enforcement requirements can be reconciled.

Mobile Phone Laws In India Needed

In this column, Mr. B.S.Dalal, Partner of India’s exclusive techno legal ICT law firm Perry4Law, has shared his views about the requirements of enacting mobile phone laws in India.

We have no dedicated cell phone laws in India. Further, we do not have a robust mobile cyber security in India. In this background, absence of a dedicated mobile phone law in India is not a good sign.

Mobile phones are increasingly being used for multi purpose in India. However, legal framework for mobile phones in India is still missing. Some provisions can be made applicable to mobiles in India through the information technology act 2000 (IT Act 2000) but we still do not have a dedicated mobile phone laws in India.

The Department of Telecommunication (DoT) has proposed a new national telecom policy of India 2011 that would be operational very soon. The new telecom policies as well as other projects of Indian government and DoT are excessively favouring e-surveillance in India and surveillance of Internet traffic in India. We need a legally valid e-surveillance policy of India to address these issues. Otherwise, it would violate human rights protection in cyberspace.

The proposal to allow DoT to monitor cell phone locations in India is also a controversial issue. Big brother must not overstep its limits in India. The proposed cell site based e-surveillance in India has crossed this limit well beyond those permitted by Indian Constitution.

We must have well defined procedure and cell site data location laws in India. As we have no dedicated privacy laws, data protection laws, data security laws, anti telemarketing laws, anti spam laws, etc, mobile phones monitoring in India is not legally sustainable.

Even the proposed central monitoring system (CMS) project of India is not legitimate and legally sustainable as there is no legal framework that justifies its operation in India. Currently there is no phone tapping law in India that is constitutionally sound and we urgently need a lawful interception law in India. Similarly, the colonial phone tapping laws of India must be repealed and new and constitutionally sound phone tapping laws in India must be formulated.

The mobile phone laws of India must cover all these issues that are presently left unaddressed. In the absence of such laws, mobile phone data analysis, mobile phone location tracking, mobile phone tapping in India, etc are illegal and unconstitutional.

RBI Warned Indian Banks For Inadequate Cyber Security

The Reserve Bank of India (RBI) has been issuing various directions and recommendations from time to time to strengthen cyber security of banks operating in India. Further, RBI has also prescribed a cyber due diligence for Indian banks. However, Indian banks are not following the directions of RBI in this regard and a majority of banks in India still do not have a well defined cyber security policy.

RBI has also directed that all banks must create a position of chief information officer (CIO) as well as steering committee on information security at the board level at the earliest. Till now there are no publically available records that show that banks operating in India have appointed CIO and a steering committed as directed by RBI. In any case, these directions of RBI must be complied with latest by October 2012.

Realising that banks in India are not complying with the directions of RBI, it has issued a stern warning that RBI will act against banks that do not implement its guidelines on electronic security of their transactions and operations by October 2012. RBI observed that at present some banks do not have proper security policy and methods to monitor the service level agreements with third parties and have inadequate audit trail.

RBI has directed that the banks with a high technology usage will have to implement all the guidelines and those not having any major online transactions have to implement only some of its recommendations.

Perry4Law and Perry4Law Techno Legal Base (PTLB) believe that the future of banking segment in India is highly dependent upon technology and it would be beneficial if the directions of RBI are implemented by all banks as soon as possible. This would not only safeguard the interests of bank’s customers but would also save banks from many legal problems and cases. Further, inadequate cyber security would give rise to increased cyber crimes and financial frauds that would undermine the reputation of such banks.

ATM frauds, credit cards frauds and Internet banking frauds are on rise in India. Part of this is attributable to lack of public awareness but lack of cyber security adoption by banks in India is the main reason for such crimes and frauds.

Perry4Law and PTLB recommends that banks in India must start implementing the techno legal aspects of cyber security as soon as possible as deadline of October 2012 is fast approaching.

Monday, February 27, 2012

E-Courts And ODR In India

Electronic courts (e-courts) and online dispute resolution (ODR) are two most important uses of technology for dispute resolution and adjudicating of cases. However, India has been slow on both these fronts. For instance, till the end of February 2012, we are still waiting for the establishment of first e-court in India. This is so because India lacks techno legal expertise for establishment of e-courts.

Perry4Law Techno Legal Base (PTLB) is the exclusive techno legal segment of ICT law firm Perry4Law and it is managing the exclusive techno legal e-courts training and consultancy centre of India. It is clear that establishment of e-courts in India must be expedited.

Similarly, on the front of online dispute resolution (ODR) in India as well, we have performed not well. Although traditional alternative dispute resolution (ADR) services in India have witnessed some growth in India yet ODR is still waiting for a beginning in India. ADR and ODR in India need to be streamlined to give impetus to alternative dispute resolution mechanisms in India. Further, PTLB is the exclusive techno legal ODR services provider in India.
.
Online dispute resolution (ODR) and international response is still lukewarm but at least a beginning has been made there. While international online dispute resolution regime has started exploring use of ICT for disputes resolution, online dispute resolution in Asia is still growing. Online dispute resolution in Asian countries is largely confined to a single or two countries that also to a limited extent. Clearly online dispute resolution standards of practice for India and Asia need to be developed urgently.

Online commercial arbitration in India also needs to be developed. Similarly, legal issues of media and entertainment industry of India have assumed tremendous importance. Entertainment and media industry dispute resolution in India can be resolved using online dispute resolution. Dispute prevention and resolution in the film and media industry in India is presently not exploring use of online dispute resolution.

Similarly, ODR and cross border e-commerce transactions and dispute resolution of cross border technology transactions are also interrelated. Dispute resolution in technology transactions is the upcoming trend in the field of ODR. Dispute resolution of cross border technology transactions is a complicated process if we adopt traditional litigation methods to resolve them. Dispute resolution in technology transactions and dealings requires an effective, timely and cost effective mechanism. Traditional litigation is definitely not the place to achieve these objectives.

There is an urgent need to adequately use information technology for streamlining the judicial system of India. Presently, the efforts in this regard are not satisfactory at all. Let us hope that by the end of this year; at least the Indian government would start thinking in this direction.

Saturday, February 25, 2012

Phone Tapping Law In India

Phone tapping laws in India is in real bad shape. Rather, it cannot be properly termed as a valid and constitutional phone tapping law. The Indian telegraph act 1885 carries few provisions under which the Indian government and its agencies can tap phones in India.

However, these provisions and outdated law are clearly in violation of constitutional provisions and constitutional safeguards. As on date, we have no constitutionally sound lawful interception and phone tapping law in India. Even the proposed the central monitoring system project of India (CMS Project of India) is also not supported by any legal framework.

As on date, phone tapping in India is not performed constitutionally and this unconstitutional phone tapping in India is a “constitutional failure of India”. Constitutional phone tapping law in India is urgently needed to be formulated so that this illegality and unconstitutionality can be cured.

Instead of bringing suitable laws to curtail illegal and unconstitutional phone tapping and e-surveillance in India, Indian government is doing the exact opposite. Big brother in India is overstepping the constitutional limits. Not only the phone tapping has been increased in India by both governmental and private players but even surveillance of Internet traffic in India and Internet censorship in India has been increased.

Now it has been reported that very soon the Centre would have direct access to the telephone conversations of Indian citizens and organisations as the Department of Telecommunications (DoT) has developed capabilities to intercept phones without phone operator’s assistance. At present the central monitoring system (CMS) is at trial stage where Delhi and Haryana regions would be covered by establishing the main server in New Delhi. It would take another 12 months before the system is officially operational.

With this we may have two separate telephone tapping systems in India. The first is managed by the Home Ministry of India and now the DoT would have its own telephone tapping system at place. The DoT would be required to set up separate servers in each State, depending upon the requirements and the number of subscribers. While the facility in Delhi and adjoining States are likely to be ready by year-end, it might take at least another couple of years before servers are established across India.

An interesting functionality of the CMS is that irrespective of operators, lines would be tapped at one centralised location, which will be manned round-the-clock by officials of the government agencies.

While this may help in proper law and order enforcement yet the misuse of this facility is very much possible. This is more so when there is neither a legal framework nor constitutional safeguards to prevent abuse of CMS in India. It would be appropriate if a constitutional lawful interception law is formulated in India immediately.

Wednesday, February 22, 2012

Constitutionality Of NCTC Challenged Before Madras High Court

The constitutional validity of National Counter Terrorism Centre (Organisation, Functions, Powers and Duties) Order 2012 has been challenged before the Madras High Court. A public interest litigation petition (PIL) has been filed in the Madras High Court challenging the constitutional validity of the NCTC Order 2012.

This action is not only natural but was also very obvious. The constitutionality of the National Investigation Agency Act 2008 (NIAA 2008) has not been accepted by States and now NCTC has been launched through an NCTC Order 2012. This was too much for the States and they protested against this order before the Prime Minister of India.

Indian government is bypassing parliamentary oversight for almost all its projects and initiatives. For instance, the National Counter Terrorism Centre (NCTC) Project of India, National Intelligence Grid (Natgrid) Project of India, Aadhar Project of India, Crime and Criminal Tracking Network and System (CCTNS), etc are not governed by any legal framework and parliamentary oversight. Indian government must understand and accept that intelligence work is not an excuse for non accountability and violating constitutional safeguards and scheme.

The intelligence infrastructure of India has become synonymous for non accountability and mess. There is neither any parliamentary oversight nor and transparency and accountability of the working of intelligence agencies of India. The proposed law titled Intelligence Services (Powers and Regulation) Bill, 2011 for intelligence agencies was not made a law at all. Similarly, the Draft Central Bureau of Investigation Act, 2010 has also not seen the light of the say.

It is obvious that Indian government is not interested in bringing intelligence agencies and law enforcement agencies under the parliamentary scrutiny. Till date parliamentary oversight of parliamentary agencies of India is missing. Indian government cannot for long tag these projects and agencies with existing laws and agencies as that is a very bad policy decision.

If this is not enough, Google censored NCTC news and blog posts in India that pointed towards these constitutional infirmities and lacunas. This is not the first time Google has done so. Even in the past Google has censored critical posts against Indian government and its projects. Clearly there is a nexus between critical posts pertaining to NCTC, intelligence agencies and censorship by Google in India.

The ruling government cannot for long silence Indian citizens and political parties for long. This is now evident with the filing of PIL before the Madras High Court. The petitioner prayed the Court to call for the records and quash the impugned NCTC Order 2012 as ultra vires the Constitution. With the present attitude of ruling government, more such petitions can be expected in the near future, including the one that can challenge the constitutional validity of NIAA 2008.

Tuesday, February 21, 2012

Parliamentary Oversight Of Intelligence Agencies Of India Is Missing

This is an opinion piece that first appeared in Google news but was censored by Google within an hour of its publication. This act of Google is a gross violation of civil liberties in general and right to speech and expression in particular. We are not even sure whether Google would keep this article in search engine results pages (SERPs) and blog search.

In order to make available this article to the widest possible audience, we are publishing this piece of article at our blog. Though, originally it was intended to be an exclusive article for “
Cjnews India” but we are hereby forced to post it at our own blog keeping in mind the increasingly succumbing nature of Google before Indian government. We apologise for cross posting to our readers in general and “Cjnews India” in particular.

In this exclusive guest column, Praveen Dalal, leading techno legal expert of Asia and Managing Partner of India’s exclusive techno legal ICT Law Firm Perry4Law, has shared his viewpoints about the growing needs of parliamentary oversight of intelligence agencies and law enforcement agencies of India.

Indian Government is too reluctant to ensure Parliamentary Oversight for Intelligence Agencies and Law Enforcement Agencies of India. If this is not enough, Indian Government has been launching new Projects having serious “Constitutional Ramifications” and “Civil Liberties Violation” effects.

For instance, the National Counter Terrorism Centre (NCTC) Project of India, National Intelligence Grid (Natgrid) Project of India, Aadhar Project of India, Crime and Criminal Tracking Network and System (CCTNS), etc are not governed by any Legal Framework and Parliamentary Oversight. Indian Government is not willing to understand and accept that Intelligence Work is not an excuse for Non Accountability.

For some strange reasons Intelligence Infrastructure of India has become synonymous for Non Accountability and Mess. There is neither any Parliamentary Oversight nor and Transparency and Accountability of the working of Intelligence Agencies of India.

Even a basic level effort to enact a Legal Framework for Intelligence Agencies of India is missing in India. The first and foremost challenge to such Parliamentary Oversight mechanism comes from the Intelligence Agencies themselves that do not wish to be governed by any Rules and Norms at all.

Then we have “Bureaucratic Hurdles” in India that do not allow such a Legal Framework to be proceeded with. Finally, the Parliament of India itself is not interested in bringing these Intelligence Agencies within the fold of Parliamentary Oversight.

Take the example of the recent Private Bill titled Intelligence Services (Powers and Regulation) Bill, 2011. It was shelved out by none other than the Indian Prime Minister Dr. Manmohan Singh who announced that Law on Intelligence Agencies would be formulated soon. However, it proved nothing but a “Time Gaining Tactics” and so far Intelligence Agencies of India are not governed by any Legal Framework and Parliamentary Oversight.

Interestingly, even the Central Bureau of Investigation (CBI) is riding the same boat. The Draft Central Bureau of Investigation Act, 2010 is another example where the Indian Government is just interested in making “Declaration” with no actual “Intention” to implement the same.

In these circumstances, can the States trust the Centre regarding the establishment of National Counter Terrorism Centre (NCTC) of India? The answer is definitely negative even if States keep their “Political Interests” aside. This is also the reason why NCTC is facing stiff oppositions. Of course, there are “Practical Difficulties” and “Internal Turf War” among various Agencies and Ministries of Central Government a well. It seems the obvious but unsolvable Terrorism Dilemma in India would continue as National Interest of India and fighting Terrorism is not a “National Priority”.

Till now the constitutionality of the National Investigation Agency Act 2008 (NIAA 2008) has not been accepted by States and now NCTC has been launched through an “Executive Order”. The practice of clubbing new Projects, Agencies and Institutions with existing laws is a bad approach. So NCTC without a Legal Framework is definitely Unconstitutional and even tagging it with the Unlawful Activities (Prevention) Act, 1967 would not save it from the Patent and Apparent Unconstitutionality with which it is suffering.

Google Is Censoring NCTC And Intelligence Agencies Related Results In India

Censoring and filtering of search engine results pages (SERPs) by Google in India is neither new nor uncommon. Even blogs have been demoted and censored by Google. Posts offending Indian government sentiments and ideology are frequently censored by Google. Whether it is search results of Aadhar project, video conferencing, World Bank related issues, etc all of them have been censored by Google from time to time in India and world wide.

The latest to add to this list is search results pertaining to national counter terrorism centre (NCTC) and intelligence agencies of India. Google has crossed all the limits this time and it has done so in great disregard to the right to speech and expression in India and world wide. Opinions disclosing lacunas, limitations and inconsistencies of Indian government and its policies are simply removed to please Indian government and intelligence agencies of India.

While NCTC related SERPs results have been completely censored by Google yet intelligence agencies related news results have been deleted by Google altogether. Some of the results that first appeared in Google SERPs and Google news and then disappeared are:

(a) National Counter Terrorism Centre (NCTC) of India

(2) National Counter Terrorism Centre (NCTC) of India Is Required

(3) Parliamentary Oversight of Intelligence Agencies of India Is Needed- A news piece that disappeared within one hour of its publication.

Even if some of the posts have appeared in the SERPs and Google news, they have been dumped so deep that it is difficult to trace them. Further, SERPS and news results are showing great fluctuations.

It seems the civil and criminal cases filed against Google in India have shown their impact. Google is complying with the demands, even if illegal and unconstitutional, of Indian government and its agencies without even thinking twice. Clearly, Google has deviated from its motto of do not be evil and is doing exactly the opposite.

Monday, February 20, 2012

National Counter Terrorism Centre (NCTC) of India

National Counter Terrorism Centre (NCTC) of India is presently facing stiff oppositions. A majority of them are self created problems but some of them are also arising due to practical difficulties and internal turf war. The net result is that the obvious but unsolvable terrorism dilemma in India still continues.

NCTC, like other governmental projects, is not supported by any legal framework. This is the most inappropriate step taken by the Indian government in general and home ministry in particular. While the constitutionality of the National Investigation Agency Act 2008 (NIAA 2008) is still doubtful yet NCTC without a legal framework is definitely unconstitutional. By tagging it with the Unlawful Activities (Prevention) Act, 1967 this unconstitutionality is not cured.

Add to this the list of other projects of home ministry like National Intelligence Grid (Natgrid) and other similar projects by other ministries like Aadhar project. None of these projects are supported by a legal framework of any kind and they are just pure executive orders violating the constitutional provisions.

Fortunately, the NCTC of India got the Cabinet approval. NCTC would be supported by Natgrid project, Crime and Criminal Tracking Network and System (CCTNS), etc. There is no second opinion that intelligence work is not an excuse for non accountability. Similarly, there is also no second opinion that NCTC of India is also a much needed institution.

The NCTC Project of India is also “very significant” for the national security of India. Terrorist attacks against India are on increase and we need a “specilaised institution” like NCTC to provide and analyse valuable intelligence inputs and leads. However, the inadequacies and unconstitutionalities of NCTC project is proving costly and major hurdle for the successful implementation of the same.