Mobile Governance Policy Of India

Mobile governance (m-governance) is an innovative method of using mobile technologies for effective governance and public services delivery. M-governance facilitates many public services in almost real time and without hassles. However, along with the benefits of m-governance it has many drawbacks as well.

Firstly, we have no implementable m-governance policy in India. In the absence of proper planning and a sound m-governance policy it is not a wise option to utilise m-governance services in India.

Secondly, we have no dedicated legal framework for m-governance in India. This may create problems in cases of mobile banking, m-governance, m-commerce, etc. Of course, we have information technology act 2000 (IT Act 2000) as the cyber law of India yet it is far from perfect for even e-governance purposes and it is not at all applicable to m-governance environment.

Another issue pertains to the exercises of e-surveillance and phone tapping by Indian government and its agencies. Till now we have no lawful interception law in India. Phone tapping is done under the colonial and outdated Indian telegraph act 1885 and e-surveillance is done under the IT Act 2000. Both these acts are violating the letter and spirit of Indian constitution and have incorporated many unconstitutional provisions that are well beyond the parliamentary and judicial scrutiny.

Recently, the ministry of communication and information technology (MCIT) has launched the central monitoring system project of India. It has the capabilities to monitor all sorts of telecommunication and electronic communications. However, it is a pure executive exercise with no legal framework, civil liberty safeguards and parliamentary and judicial scrutiny.

At the international level some development for safeguarding the human rights in cyberspace has been taking place. United Nations has declared that access to Internet is a human right. This shows that human rights protection in cyberspace cannot be ignored by nations in future.

Finally, m-governance cannot succeed till we ensure cyber security for m-governance in India. Till now even the basic level cyber security is missing in India and we have no cyber security policy in India. Further, the IT Act 2000 need to be suitably amended or a dedicated legislation for m-governance must be enacted in India.

All these issues are integral part of the m-governance policy of India. Before jumping upon the fancy idea of m-governance we must ensure that it can operate and flourish in India.

International Cyber Security Policy Framework And Indian Response

International Organisations are not taking much interest in the field of Cyber Security and prevention of Cyber Crimes. Of course, at the National level countries like US have laid down their International Strategy for Cyberspace.

The Government Departments in US have also shown an increased Cooperation in the field of Cyber Security. Now US Department of Defense (DOD) and Department of Homeland Security (DHS) would share their respective Cyber Security Expertise.

Further, US has also started strengthening its Cyber Security ties with other Nations and India US Homeland Security Dialogue was a part of the same. In fact, India and US have also signed a Cyber Security Cooperation Agreement. Meanwhile International Organisations have also shown their seriousness towards Cyber Crimes and they have started working in this direction.

However, Cyber Security in India is not upto the mark. We have no Cyber Security Strategy in India. Despite the importance of this issue, we have no “Effective and Implementable” Cyber Security Policy in India.

Further, we have no Cyber Warfare Policy of India, Critical ICT Infrastructure protection Policy in India, Data Protection Laws in India, Cloud Computing Policy in India, Cyber Security Laws in India, etc. Important issues like Cyber Crisis Management Plan of India, Cyber Forensics Laws in India, Legal Enablement of ICT Systems in India, etc are still not part of National Policies and Strategies of India.

At the International level we have no International Cyber Law Treaty and International Cyber Security Treaty that are “Universally Acceptable”. Further, the United Nations and other countries have still to Protect Human Rights in Cyberspace that are blatantly violated World over.

Cyber Security is essentially an International Issue and regional efforts are not conducive for the long term security of Cyberspace. For instance, EU has set up a Cyber Crimes Fighter Team, Seoul has formulated its Cyber Security Plan, Scotland Yard established its own Cyber Flying Squad, EU formed CERT Group to fight Cyber Attacks, etc. While these initiatives are timely and praiseworthy yet they are “Regional” in nature and Cyberspace and Cyber Security are International in nature.

Recent Cyber Attacks on Multinational Firms and Institutions ranging from Google and Citigroup to the International Monetary Fund, have raised fears that Governments and the Private Sector are not well equipped to deal with Cyber Attacks. It is high time that we must ensure not only an “International Harmonised Legal Framework” but also a Robust and Effective International Cyber Security Cooperation that is presently missing. India must also prepare itself for the bigger and unforeseen challenges that are waiting for it.

Microsoft And Skype Are Playing Lawful Interception Card

World over Lawful Interception Laws are cited as the reason for E-Surveillance and Eavesdropping. However, almost all of these so called Lawful Interception Laws are themselves “Unconstitutional”.

Take the example of Indian Cyber Law the Information Technology Act 2000 (IT Act 2000) that carries many draconian E-Surveillance provisions without any “Procedural Safeguards”. These provisions and laws are pressed to further the causes of e-surveillance and eavesdropping.

Research in Motion’s (RIM) Blackberry has already allowed a backdoor entry to Indian Intelligence Agencies for its cloud based Messenger Services. Now it has been reported that Skype and Microsoft have build a backdoor into the VOIP application. It is called Lawful Interception and is part of a new patent which Microsoft filed back in 2009, but is now preparing to unleash itself into our world due to its recent approval.

The US law set by CALEA (Communications Assistance for Law Enforcement Act) states that all telecommunications operators must enable their hardware and software for surveillance tracking. What is hard to understand is why Microsoft is so willing to open up its software for backdoor exploits. This creates a situation which welcomes exploits and willingly turns your computer into a revolving door for hackers.

While following a Law is not per se wrong but following an “Unconstitutional Law” is definitely wrong. Similarly following a Constitutional Law is the “Duty” of all people but following draconian, Unconstitutional and Inhumane Laws is definitely not required.

Let see who would win the battle between E-Surveillance and Human Rights Protection in Cyberspace. However, with the growing e-surveillance and eavesdropping, Self Defence Measures in Cyberspace would definitely increase in future.

Online Cyber Law Education In India

Online education is in its infancy stage in India. This is more so for techno legal courses like cyber law, cyber forensics, cyber security, professional techno legal courses, etc where neither the traditional education and training institutions nor the contemporary education and training institutions are well versed.

Here comes the importance of online cyber law education in India. Cyber law is a complicated field that requires good knowledge of both technical and legal aspects. Further, cyber law is an area that requires good skills not only to learn it but also to apply it in real life.

Presently, whatever limited cyber law education that exists in India, it is devoid of this skill development and training aspect. For instance, most of the education institutions, both traditional as well as online one, are providing basic level cyber law courses and trainings. However, in the name of courses and trainings mere diplomas or degrees are offered and granted. This does not ensure that such diploma or degree holders do have necessary skills and training to excel in real life and in a professional environment.

We at Perry4Law Techno Legal Base (PTLB) do not endorse this approach and we have taken a very radical stand. We have deviated from the academic nature of cyber law education and are offering techno legal training and skill developments for cyber law. To make it more effective, PTLB has been providing online cyber law education and training in India.

The stakes are high and so are the quality standards for the cyber law education and training courses of PTLB. Further, we also understand that not everybody can come to a physical location hence we have also been providing online cyber law education and trainings in India, Asia and other places.

Interested institutions and organisations may contact us with their proposals if they wish to engage in this initiative of PTLB. Further, professionals desiring of having good and qualitative techno legal cyber law education and training may also contact us. We hope this initiative of ours would prove beneficial to all concerned.

Online Legal Training In India Rejuvenated

Legal training is not an easy task to achieve. This is more so in the contemporary era where information technology (IT) has changed the entire landscape of legal education and training.

For instance, few years back law colleges and universities were not aware about the concept of cyber law. Now law colleges and universities have started offering courses in cyber law and similar topics. Although they are still of basic level yet a beginning has taken place.

However, legal training is not an easy task. As law is increasingly being used in conjunction with other streams, especially computer science, it has become imperative to take care of both technical and legal aspects at the same time.

Many computer science institutions have started teaching law along with computer science and many law colleges are teaching computer science with law. Of course, this is happening at the basic level and highly specialised legal education and training is still missing.

The fact is that we do not have techno legal training institutions in India or elsewhere. At Perry4Law Techno Legal Base (PTLB) we provide highly specialised techno legal research, education and training in India, Asia and other places.

PTLB is also the exclusive techno legal training provider of the world that is providing research, education and training through e-learning and online education platform. PTLB is also providing techno legal skills development education and courses for stakeholders like lawyers, judges, police officers, public prosecutors, law graduates, corporate executives, law professors, faculty teachers, etc.

PTLB is committed to bring legal education reforms in India through use of cutting edge technology and providing education and training for the most contemporary techno legal fields like cyber law, cyber security, e-discovery, digital evidencing, etc. Governmental and non governmental institutions and individuals desiring to have a collaboration or partnership with us may contact us with their proposals.

Best Legal Training Providers In India And Asia

Legal education and legal training are two different things. While the former is on the side of acquiring academic qualification the latter is more important as it provides workable skills to the manpower. In other words, legal training helps in the development of necessary skills that help in the growth of a person’s career and profession.

Legal training and skill development has not received much attention of Indian government in general and law ministry in particular. Of course, recently some good initiatives have been started by law minister Veerappa Moily but they are in their infancy stage and would take some time to materialise.

Information technology (IT) related legal research, education and training is still missing from India. Further, benefits of innovative methods like e-learning and online education are not utilised by law ministry. Traditional education and training methods must be supplemented by e-learning and online education methods.

At Perry4Law Techno Legal Base (PTLB) we recommend an active use of IT for providing legal education and training in India. We have been managing techno legal online legal research, education and training institutions that are providing techno legal trainings to lawyers, law graduates, judges, police officers, public prosecutors, etc.

Further, PTLB is also providing techno legal skill development education and trainings to various stakeholders.

Legal education of India needs urgent reforms as it is not producing qualitative lawyers and professionals. PTLB recommends that law ministry must pay more attention to education and training in the fields like cyber law, cyber forensics, e-courts, intellectual property rights (IPRs), international trade law, international treaties and conventions, etc.

Further, lawyers and judges must also consider using continuing legal education in India (CLE in India) and legal lifelong learning in India. Education and training is a continuous process and it must not be considered to be a one time phase.

We hope Indian government in general and law ministry in particular would consider these suggestions of PTLB and ensure that we have enough number of legal training providers in India.

Similarly, legal training providers of India also need to change their focus from traditional to contemporary topics and technology. The sooner they shift to the new paradigm, the better it would for all concerned.

Online Lawyers Professional Trainings In India And Asia

Indian government has been taking information and communication technology (ICT) seriously these days and the same applies to law ministry as well. Law ministry has been planning to use ICT for multiple legal and judicial purposes. From legal education and training to establishment of e-courts in India, law ministry of India has plans for all.

Lawyers play the central role in all legal and judicial reforms. However, legal fraternity is also the one that is most neglected and most indifferent towards ICT and professional education and trainings. Once the basic law degree is acquired, the quest for education and training of lawyers ends. They cannot be blamed for this due to their hectic schedule. However, continuous legal education and professional trainings are too important to be ignored.

At Perry4Law and Perry4Law Techno Legal Base (PTLB) we understand the importance of good professional education and training for lawyers. We also appreciate that lawyers do not have a free schedule to attend regular classes. That is why we have devised the medium of e-learning and online education and learning in India, Asia and other parts of the world.

While basic level courses of are managed by PTLB, highly specialised courses are undertaken by Perry4Law Techno Legal ICT Training Centre (PTLITC). Further, techno legal skills development initiatives are also undertaken by PTLB. Further, crucial areas like continuing legal education in India (CLE in India) and legal lifelong learning in India are also taken care of by PTLB.

If you are a lawyer, whether a litigation lawyer or a corporate one, consider enrolling with PTLB to enhance your skills and expertise.

Digital Preservation Mandates Of Public Records Act 1993

Digital Preservation in India and Digitilisation of traditional records are in the infancy stage. This is so because we have no Legal Framework for E-Governance in India. We have no law that mandatorily requires creation of Electronic Records. Of course, very soon such law may be required due to International pressure and National requirements.

Information Technology Act, 2000 (IT Act, 2000) is the sole Cyber Law of India. It deals with E-Commerce, E-Governance, Cyber Crimes, etc. It also provides a “Digital Framework” for ensuring Digitilisation, Electronic Documents Creation and their use in Government Departments. This “Research Report” of Perry4Law and Perry4Law Techno Legal Base (PTLB) is briefly analysing the relationship between IT Act, 2000 and Public Records Act, 1993 (PRA 1993).

Section 2 of IT Act, 200 deals with definitions that are relevant for PRA 1993 purposes. Section 2(1) provides that in this Act, unless the context otherwise requires:

(i) "Access" with its grammatical variations and cognate expressions means gaining entry into, instructing or communicating with the logical, arithmetical, or memory function resources of a computer, computer system or computer network.

(ii) "Affixing Electronic Signature" with its grammatical variations and cognate expressions means adoption of any methodology or procedure by a person for the purpose of authenticating an electronic record by means of Electronic Signature.

If documents are issued by NIA in electronic form, they have to be authenticated by using electronic signatures. Unauthenticated electronic documents would not create any right or liability either under the IT Act, 2000 or under the PRA 1993.

(iii) "Asymmetric Crypto System" means a system of a secure key pair consisting of a private key for creating a digital signature and a public key to verify the digital signature.

Digital Signatures are based upon Asymmetric Crypto System and they can be used for “Authentication Purposes” by NAI.

(iv) "Computer" means any electronic, magnetic, optical or other high-speed data processing device or system which performs logical, arithmetic, and memory functions by manipulations of electronic, magnetic or optical impulses, and includes all input, output, processing, storage, computer software, or communication facilities which are connected or related to the computer in a computer system or computer network.

(v) "Cyber Security" means protecting information, equipment, devices, computer, computer resource, communication device and information stored therein from unauthorised access, use, disclosure, disruption, modification or destruction.

Cyber Security is an issue that is of “Paramount Importance” for the NAI. When Digitilisation and Digital Preservation would be adopted by NAI, Electronic Documents and Digital Resources would be required to be protected from Cyber Attacks. A Techno Legal Strategy must be formulated by NAI in this regard.

(vi) "Data" means a representation of information, knowledge, facts, concepts or instructions which are being prepared or have been prepared in a formalised manner, and is intended to be processed, is being processed or has been processed in a computer system or computer network, and may be in any form (including computer printouts magnetic or optical storage media, punched cards, punched tapes) or stored internally in the memory of the computer.

(vii) "Digital Signature" means authentication of any electronic record by a subscriber by means of an electronic method or procedure in accordance with the provisions of section 3.

(viii) "Electronic Form" with reference to information means any information generated, sent, received or stored in media, magnetic, optical, computer memory, micro film, computer generated micro fiche or similar device.

(ix) "Electronic Record" means data, record or data generated, image or sound stored, received or sent in an electronic form or micro film or computer generated micro fiche.

(x) "Electronic signature" means authentication of any electronic record by a subscriber by means of the electronic technique specified in the second schedule and includes digital signature.

(xi) "Information" includes data, message, text, images, sound, voice, codes, computer programmes, software and databases or micro film or computer generated micro fiche.

(xii) "Intermediary" with respect to any particular electronic records, means any person who on behalf of another person receives, stores or transmits that record or provides any service with respect to that record and includes telecom service providers, network service providers, internet service providers, web hosting service providers, search engines, online payment sites, online-auction sites, online market places and cyber cafes.

(xiii) "Key Pair", in an asymmetric crypto system, means a private key and its mathematically related public key, which are so related that the public key can verify a digital signature created by the private key.

(xiv) "Private Key" means the key of a key pair used to create a digital signature.

(xv) "Public Key" means the key of a key pair used to verify a digital signature and listed in the Digital Signature Certificate.

(xvi) "Secure System" means computer hardware, software, and procedure that-

(a) Are reasonably secure from unauthorised access and misuse;

(b) Provide a reasonable level of reliability and correct operation;

(c) Are reasonably suited to performing the intended functions; and

(d) Adhere to generally accepted security procedures.

(xvii) "Security Procedure" means the security procedure prescribed under section 16 by the Central Government.

(xviii) "Verify" in relation to a digital signature, electronic record or public key, with its grammatical variations and cognate expressions means to determine whether:

(a) The initial electronic record was affixed with the digital signature by the use of private key corresponding to the public key of the subscriber;

(b) The initial electronic record is retained intact or has been altered since such electronic record was so affixed with the digital signature.

Section 2 (2) of the IT Act, 2000 provides that any reference in this Act to any enactment or any provision thereof shall, in relation to an area in which such enactment or such provision is not in force, be construed as a reference to the corresponding law or the relevant provision of the corresponding law, if any, in force in that area.

Section 4 of the IT Act, 2000 provides Legal Recognition to Electronic Records. It says that where any law provides that information or any other matter shall be in writing or in the typewritten or printed form, then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied if such information or matter is

(a) Rendered or made available in an electronic form; and

(b) Accessible so as to be usable for a subsequent reference

Section 5 of the IT Act, 2000 provides legal recognition to Electronic Signature. It says that where any law provides that information or any other matter shall be authenticated by affixing the signature or any document should be signed or bear the signature of any person then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied, if such information or matter is authenticated by means of digital signature affixed in such manner as may be prescribed by the Central Government.

Explanation to section 5 provides that for the purposes of this section, "Signed", with its grammatical variations and cognate expressions, shall, with reference to a person, mean affixing of his hand written signature or any mark on any document and the expression "Signature" shall be construed accordingly.

Section 6 of the IT Act, 2000 deals with use of Electronic Records and Electronic Signature in Government and its agencies. Section 6(1) of the Act provides that where any law provides for

(a) The filing of any form, application or any other document with any office, authority, body or agency owned or controlled by the appropriate Government in a particular manner;

(b) The issue or grant of any licence, permit, sanction or approval by whatever name called in a particular manner;

(c) The receipt or payment of money in a particular manner, then, notwithstanding anything contained in any other law for the time being in force, such requirement shall be deemed to have been satisfied if such filing, issue, grant, receipt or payment, as the case may be, is effected by means of such electronic form as may be prescribed by the appropriate Government.

Section 6(2) of the Act provides that the appropriate Government may, for the purposes of sub-section (1), by rules, prescribe -

(a) The manner and format in which such electronic records shall be filed, created or issued;

(b) The manner or method of payment of any fee or charges for filing, creation or issue any electronic record under clause (a).

Section 6A (1) of the IT Act, 2000 provides that the appropriate Government may, for the purposes of this Chapter and for efficient delivery of services to the public through electronic means authorise, by order, any service provider to set up, maintain and upgrade the computerised facilities and perform such other services as it may specify, by notification in the Official Gazette.

The Explanation to Section 6A (1) of the IT Act, 2000 provides that for the purposes of this section, service provider so authorised includes any individual, private agency, private company, partnership firm, sole proprietor form or any such other body or agency which has been granted permission by the appropriate Government to offer services through electronic means in accordance with the policy governing such service sector.

Section 6A of the IT Act, 2000 reflects the intention of Indian Government to provide Electronic Services Delivery in India. In fact, Electronic Services Delivery Bill, 2011 has already been proposed and if implemented would ensure many Electronic Services to Indians.

NAI must start working in the direction of providing its Service Online, if not already done. Even the non-service related matters and matters pertaining to the NAI are already required to be provided online in an Electronic Form as per the requirements of Section 4(1) of the RTI Act, 2005.

Section 7 of the IT Act, 2000 deals with retention of electronic records. Section 7(1) of the Act provides that where any law provides that documents, records or information shall be retained for any specific period, then, that requirement shall be deemed to have been satisfied if such documents, records or information are retained in the electronic form, if-

(a) The information contained therein remains accessible so as to be usable for a subsequent reference;

(b) The electronic record is retained in the format in which it was originally generated, sent or received or in a format which can be demonstrated to represent accurately the information originally generated, sent or received;

(c) The details which will facilitate the identification of the origin, destination, date and time of dispatch or receipt of such electronic record are available in the electronic record.

The Proviso to Section 7 (1) provides that this clause does not apply to any information which is automatically generated solely for the purpose of enabling an electronic record to be dispatched or received.

NAI can convert its Records and Public Records into Electronic Form. Digital Preservation of Records or Public Records can also be done by NAI. While current records can be digitilised non current records can be digitilised and made available to public and researchers as the Electronic Services by NAI.

Section 7(2) of the Act provides that nothing in this section shall apply to any law that expressly provides for the retention of documents, records or information in the form of electronic records.

For instance, the RTI Act, 2005 provides for creating of many records in digital form and available to the public in an online environment. Similarly, the proposed Electronic Services Delivery Bill 2011 also requires providing of Services in online environment. This would also require digitilisation of Records and Public Records by NAI.

Section 7A of the IT Act, 2000 provides that where in any law for the time being in force, there is a provision for audit of documents, records or information, that provision shall also be applicable for audit of documents, records or information processed and maintained in electronic form.

Audit of Electronic Documents would also be undertaken in future. Just like NAI has to maintain proper paper based documents, it would be required to main proper Electronic Records as well.

Section 8 of the IT Act, 2000 provides that where any law provides that any rule, regulation, order, bye-law, notification or any other matter shall be published in the Official Gazette, then, such requirement shall be deemed to have been satisfied if such rule, regulation, order, bye-law, notification or any other matter is published in the Official Gazette or Electronic Gazette.
The proviso to section 8 provides that where any rule, regulation, order, bye-law, notification or any other matters published in the Official Gazette or Electronic Gazette, the date of publication shall be deemed to be the date of the Gazette which was first published in any form.

NAI can publish its Rules, Regulations, etc in Electronic Gazette.

Section 9 of the IT Act, 2000 provides that Sections 6, 7 and 8 would not to confer right to insist document should be accepted in electronic form. Section 9 says that nothing contained in sections 6, 7 and 8 shall confer a right upon any person to insist that any Ministry or Department of the Central Government or the State Government or any authority or body established by or under any law or controlled or funded by the Central or State Government should accept, issue, create, retain and preserve any document in the form of electronic records or effect any monetary transaction in the electronic form.

This is a real “Disabling Provision” that is preventing the actual accomplishment of Electronic Services Delivery in India. By making it “Discretionary” India Government has kept at bay for long the Electronic Delivery of Services to Indians. The latest proposed Electronic Services Delivery Bill 2011 addresses a very small and insignificant portion of the Electronic Delivery of Services in India and till now Electronic Services cannot be claimed as a “Matter of Right”.

However, by virtue of RTI Act, 2005 “Providing Information” about Governmental Departments in Electronic Form has been made “Compulsory”. But till now there is no Law or Provision that makes Delivery of Electronic Services Mandatory in India. This is a “Serious Issue” that must be resolved as soon as possible.

Section 11 of the IT Act, 2000 deals with attribution of Electronic Records. Section 11 says that an electronic record shall be attributed to the originator

(a) If it was sent by the originator himself;

(b) By a person who had the authority to act on behalf of the originator in respect of that electronic record; or

(c) By an information system programmed by or on behalf of the originator to operate automatically.

There may be other provisions of IT Act, 2000 that may be relevant for NAI and PRA 1993 purposes. But for the time being, they are not mandatory in nature. We hope this “Research Report” by Perry4Law and PTLB would be useful for Government Departments in general and national archives of India in particular.

E-Discovery Outsourcing, LPO And KPO Services In India

Outsourcing industry is witnessing many ups and downs in India. This is natural in a dynamic environment in which we live today. However, information and communication technology (ICT) related outsourcing issues are posing the biggest challenge before the outsourcing industry of India.

Indian outsourcing industry carries on business process outsourcing (BPO), legal process outsourcing (LPO), knowledge process outsourcing (KPO), etc. However, technology related LPO and KPO service providers in India are just handful. At Perry4Law Techno Legal Base (PTLB) we are managing the leading techno legal LPO and KPO services in the world.

A techno legal LPO and KPO platform is different from a simple LPO and KPO firm in the sense that it caters the requirements of both law and technology. Techno legal LPO and KPO services are in much demand for ICT related industries, ICT litigations and consultancies, etc.

A typical techno legal LPO or KPO would provide services in the fields of cyber law, cyber forensics, e-discovery, digital evidencing, techno legal dispute resolutions, cyber due diligence, etc.

As far as e-discovery related litigation, LPO and KPO services in India are concerned, they are managed by just one or two LPO and KPO providers. This is so because we have no e-discovery laws and regulations in India. In the absence of such legislations and public awareness there is very less demand for e-discovery related LPO and KPO works from India. A dominant majority of e-discovery related work comes from foreign jurisdictions where technology related laws are well placed.

Similarly, techno legal e-discovery LPO and KPO also requires domain specific expertise that is not easy to acquire. This is another reason why most of the LPO and KPO providers in India do not provide e-discovery related services.

However, India is paying attention to regulatory issues of ICT and more demand for e-discovery related LPO and KPO services would arise in future. It would be better idea if LPO and KPO providers in India develop good e-discovery related expertise till then.

E-Discovery Laws And Practices In India

Electronic discovery or e-discovery is a crucial component of corporate management, litigation services, response management, cyber security and so on. E-discovery is used for multiple purposes and by varied organisations and individuals these days.

E-discovery has many purposes to achieve. It can be used as an effective measure to prevent frauds from being committed by timely detection of suspicious activities. It can also be used for detection of these frauds and crimes after their commission. Thus, e-discovery is both preventive and curative in nature. However, despite the significance of this field, e-discovery in India has yet to get attention of Indian companies, individuals and law firms of India.

Even on the front of legal framework we have no e-discovery laws in India as well as e-discovery regulations in India. This is despite the fact that e-discovery is an important part of outsourcing industry of India. This has lead to a limited growth of e-discovery related legal process outsourcing (LPO) and knowledge process outsourcing (KPO) firms and organisations in India. There are very few firms in India that are providing e-discovery related LPO and KPO services in India.

At Perry4Law and Perry4Law Techno Legal Base (PTLB) we understand the importance of e-discovery solutions and litigation services to various organisations and individuals. In fact, PTLB is the exclusive institution that is providing techno legal e-discovery related solutions and litigation services. We consider both technical as well as legal aspects of e-discovery and digital evidencing in depth so that acquired information has “probative and evidentiary value”.

E-discovery should never be a simple discovery but it must be undertaken in such a manner that it meets the requirements of “admissibility” in a court of law. Many times e-discovery is not done properly and this results in the evidence acquired being held inadmissible by the courts.

Before hiring the services of a law firm, be sure to ensure that it has techno legal expertise to manage your e-discovery related assignment.

Legal Framework For E-Governance In India

Electronic governance in India (e-governance in India) is still at its infancy stage. Most of the e-governance projects of India under the national e-governance plan (NEGP) are still in the pipeline despite the deadline being passed long before. This is despite the fact that thousand of crores of public money has already been utilised for e-governance projects of India but without any constructive and practical results.

Meanwhile, the World Bank has once again issued $ 150 million loan to India. It has been issued under the category of e-delivery of public services development policy loan of India. The purpose of the loan is to ensure e-services delivery policy in India that is presently missing.

However, what is more alarming is the fact that in India we have no Indian legal framework for e-governance that can ensure mandatory e-governance services in India. Although the information technology act 2000 carries provisions pertaining to e-governance services in India yet they are “non mandatory and retrograde” in nature. This has resulted in a poor e-governance services delivery in India. Till now we have no legal framework that mandates that citizens and organisations can claim e-governance as a matter of right.

Further, the scope of NEGP is very wide covering almost all aspects of governance - right from delivery of services and provision of information to business process re-engineering within the different levels of government and its institutions. It is essential that NGP is implemented, monitored and regulated through a legal framework so that it is no more just a plan but reality.

In fact, while implementing the NEGP, various structural and institutional issues have already arisen which clearly call for a statutory mandate for their resolution. The purpose would be to give statutory mandate to the institutional entities, setting up of a separate fund, defining responsibilities and providing for time frames and oversight mechanisms. Thus, this legislation may, inter alia, contain provisions regarding the following:

(a) Definition of e-governance in the Indian context, its objectives and role,

(b) Coordination and oversight mechanisms, support structures at various levels, their functions and responsibilities,

(c) Role, functions and responsibilities of government organisations at various levels,

(d) Mechanism for financial arrangements including public-private partnership,

(e) Specifying the requirements of a strategic control framework for e-government projects dealing with statutory and sovereign functions of the government,

(f) Responsibility for selection and adoption of standards and inter-operability framework,

(g) Framework for cyber security, privacy protection, data security and data protection etc.
(h) Parliamentary oversight mechanism, and

(i) Mechanism for co-ordination between government organisations at Union and State levels.

E-Delivery Of Public Services Development Policy Loan Of India

E-Delivery of Public Services is the testing bed for any successful E-Governance Project. If essential Public Services cannot be delivered through use of Information and Communication Technology (ICT), there is no successful E-Governance implementation.

In India as well essential Public Services are still not successfully integrated with ICT and E-Governance has to cover a long distance before it becomes successful in India. India’s ranking in E-Readiness and E-Governance is declining year after year and India is still not bothered about this fact.

This situation does not “Justify” the usage of crores of public money on E-Governance Projects in India when there are no “Results” of such huge spending. The Government of India (GOI) and the World Bank recently signed another Loan Agreement of $150 million for the E-Delivery of Public Services Development Policy Loan under the National E-Governance Plan (NEGP) of India.

However, even this loan would not change the position in India till we have a “Mandatory E-Governance Legal Framework” in India. The Information Technology Act 2000 is the sole Cyber Law of India that carries few provisions pertaining to E-Governance as well. However, The IT Act 2000 has made E-Governance in India “Non Mandatory” and here lies the whole problem as this is a truly “Disabling Provision”.

If we do not make E-Governance Mandatory and we do not lay down “Deadlines” till which E-Governance Infrastructure must be established in India, public money would be wasted for ever. It is high time for India to ensure Mandatory E-Governance Services in India through a Legal Framework.

The Government and Indian Bureaucrats need to change their mindset and stress more upon “Outcomes and Services” rather than mere ICT procurement. India needs a “Services-Based Approach” that is not only Transparent, Accountable and Legal but also backed by a more efficient and willing Government. Presently the Bureaucrats and Government of India are in a “Resistance Mode” towards novel and effective E-Governance Policies and Strategies and they are merely “Computerising” traditional official functions only. This is benefiting neither the Government nor the citizens and is resulting in wastage of thousands of crores of public money and loans amount of United Nations Development Programme (UNDP) and World Bank.

The Governmental will and leadership is missing in India. To worsen the situation the Government of India is concentrating more upon the image rather than upon the end results. The grassroots level action is missing and the benefits of ICT are not reaching to the under privileged and deserving masses due to defective ICT Strategies and Policies of Indian Government. India is suffering from the “Vicious Circle” of defective E-Governance, as the basic input .i.e. governance itself is poor. India needs a “Virtuous Circle” of E-Governance through “Good Governance” that would have multiplication and amplification effect upon E-Governance efforts of Indian Government.

Some have even alleged that E-Delivery of Public Services in India is missing and World Bank is not at all interested in establishing Transparency and Accountability in Indian NEGP. World Bank must ensure accountability of Indian NEGP in order to show that its Loans are actually meant for growth and development of Indian masses rather than benefiting few Politicians and Bureaucrats as is happening right now.

Meanwhile, we must seriously consider formulating a Mandatory E-Governance Legal Framework for India that is not only Transparent but also Accountable. Further, if time limits are not set to achieve Mandatory E-Governance Services in India, all other efforts would fail. Let us see how “Serious” our Indian Government is regarding providing Mandatory E-Governance Services in India.

Techno Legal Decryption Solutions By PTLB

A Government Panel has recently given its opinion that Encrypted Services in India would not be banned even if the Intelligence agencies cannot “Intercept” these Encrypted Communications. This would not be pleasant news for Home Ministry of India and Intelligence Agencies of India who now have to acquire Techno Legal Intelligence Gathering Skills to deal with Encrypted Communications.

Home Ministry of India and Intelligence Agencies never understood the point that E-Surveillance can never be a “Substitute” for Intelligence Gathering Skill and Cyber Skills. Now the message has been delivered, they must start working in the direction of acquiring good Techno Legal Intelligence Gathering Skills.

The Intelligence Infrastructure of India is in bad shape. The same needs an “Urgent Rejuvenation”. Projects like National Intelligence Grid (NATGRID), Crime and Criminal Tracking Network and System (CCTNS), Central Monitoring System (CMS), Centre for Communication Security Research and Monitoring (CCSRM), National Counter Terrorism Centre (NCTC), etc cannot be “Outsourced” to Private Companies as far as their “Core Functions” are concerned. Otherwise, the whole purpose of such Projects would be defeated. In order to perform the Core Functions of these projects, Intelligence Agencies and Law Enforcement Agencies of India must develop necessary Skills in this regard.

To start with we must formulate the Encryption Policy of India. Till now we have neither an Encryption Policy of India nor do we have Encryption Laws and Regulations in India. The second step must be to enter into Public Private Partnerships (PPP) with IT Experts who can help the Home Ministry in successfully completing its various Projects. The next step must to provide Techno Legal Trainings to Intelligence Agencies and Law Enforcement Agencies of India.

Indian Government must develop solutions “Independent of E-Surveillance” so that Intelligence Agencies can decrypt secure and highly encrypted data and voice and written communication transferred across secure networks via Internet.

At Perry4Law Techno Legal Base (PTLB) we can assist the Indian Government and its agencies to establish Techno Legal Intelligence Infrastructure of India. The same would include using both Technical as well as Legal Mechanisms to deal with Encryption and Decryption issues.

Our Techno Legal Solutions are “Specifically Designed” to cater the needs of Human Rights Protection in Cyberspace. Since access to Internet is now a Human Right as per United Nations, Indian Government must implement all its Projects keeping in mind Human Rights and Fundamental Rights as enshrined in the Constitution of India.

Cyber Forensics Laws In India

Cyber Forensics in India is still to be approved as an important part of Legal and Judicial System of India. Till now we do not have a specific and dedicated Cyber Forensics Law in India. Cyber Forensics is an amalgamation of Legal and Computer Science principles. Thus, it is essentially Techno Legal in nature.

This Techno Legal nature of Cyber Forensics has raised certain problems before the Law Enforcement Agencies of India, Legal Fraternity, Judicial Fraternity and the Governmental Departments dealing with the Cyber Forensics issues.

While the Police, Lawyers and Judges are still struggling to deal with Cyber Crimes and Cyber Forensics issues yet Government Departments are facing a shortage of Skilled Cyber Forensics Professionals. Suitable Techno Legal Cyber Forensics Courses in India and Cyber Forensics Education in India can reduce the shortage of Skilled Cyber Forensics Professionals in India.

India has been facing these problems because till now Cyber Forensics Policy of India has not been formulated. An ideal Cyber Forensics Policy of India must concentrate upon issues like Legal Framework for Cyber Forensics, Skills Development of Cyber Forensics, Trainings of Law Enforcement Officials, Lawyers, Judges, etc.

Cyber Forensics Policy of India cannot be implemented by a single stroke. It has to be formulated step by step and in a systematic and planned manner. Indian Government must pay attention to the Cyber Forensics Laws of India in general and Cyber Forensics Policy of India in particular.

Cyber Crisis Management Plan Of India

Crisis Management is an important aspect of planning and management of any project or eventuality. If we have a proper Crisis Management Plan, losses of lives and property is minimised to a great extent. We have Crisis Management Plans in India against floods, earthquakes and other natural calamities. However, are we prepared for Cyber Crises in Indian Cyberspace?

India has formulated a Crisis Management Plan for its Cyberspace. However, like other Policies and Strategies in India, it has not been implemented in true letter and spirit. Even the basic level Cyber Security Preparedness in India is not up to the mark.

There are many aspects of a Cyber Crisis Management Plan. For instance, Cyber Security, Cyber Law, Cyber Forensics, Anti Cyber Terrorism Plans, Anti Cyber Espionage Plans, Anti Cyber Warfare Plans, Human Rights Protection in Cyberspace, Critical ICT Infrastructure Protection, etc are some of the “Components” of a Cyber Crisis Management Plan.

Theoretically, India has a Cyber Law in the form of Information Technology Act 2000 (IT Act 2000), Cyber Security in the form of Government Guidelines, Cyber Forensics Practices in Governmental Laboratories alone and so on.

However, practically we have no Cyber Crimes Laws in India as the Cyber Law of India has made almost all the Cyber Crimes “Bailable”. We may have a Cyber Law but India has no Cyber Crimes Law. So Legal Framework for preventing Cyber Crimes is “practically missing” in India.

As far as Cyber Security is concerned, we have no Cyber Security Laws in India and no Cyber Security Policy in India. The Governmental Guidelines are meant for Government Departments alone and even these Government Departments do not follow the same. Government Websites are the most frequently defaced websites in India. Similarly, Government Computers are the “most successfully breached” Computers in India. Computers of Defense Forces, Prime Minister’s Office (PMO), Ministry of External Affairs (MEA), Ministry of Home affairs, etc have been successfully breached without even notice by these Ministries/Offices.

As far as other components of Cyber Crisis Management Plan of India are concerned, even they do not exist in India. We have no Cyber Forensics Laws in India, no Cyber Terrorism Policy in India, no Cyber Warfare Policy in India, no Critical ICT Infrastructure Protection Policy in India and no Human Rights Protection in Cyberspace in India.

In fact, Projects like Aadhar, NATGRID, CCTNS, Central Monitoring System (CMS) of India, etc are openly violating the Human Rights of Indians. These Projects are operating without any Legal Framework, Parliamentary Oversight and Judicial Scrutiny.

Even the basic Privacy Rights in India are missing. It is only now the Law Ministry of India has proposed the Right to Privacy Bill 2011 of India. Further, Data Protection Law in India is urgently required. We also need a Data Security Policy of India so that sensitive information and data of projects like Aadhar, NATGRID, CMS, etc is not “misused” once it falls in the wrong hands.

India cannot have a robust and effective Cyber Crisis Management Plan till it considers these aspects and actually starts working in the direction of achieving these components.

The Draft Intelligence Services (Powers and Regulation) Bill, 2011

A Draft Bill titled the Intelligence Services (Powers and Regulation) Bill, 2011 has been recently circulated in the Lok Sabha. The Bill has been circulated by Manish Tewari, Member of Parliament. The bill though circulated but could not be introduced as the Lok Sabha was adjourned sine die on Friday. It is likely to be introduced in the next session of Parliament.

The Bill intends to establish a Legal Framework for Intelligence Agencies of India. Presently, Intelligence Agencies of India are not governed by any Legal Framework and they are not under Parliamentary Scrutiny.

This is a serious “Constitutional Issue” as exercise of Law Enforcement and Intelligence Powers without any “Constitutionally Valid Law” is serious violations of Constitutional provisions. Finally, some sort of law making has been sought that would also bring Transparency and Accountability among the Intelligence Operations in India. The present Intelligence Infrastructure of India is in big mess and the Bill if made an enforceable law would bring some respite.

However, there are many “Techno Legal and Constitutional Issues” that are “still missing” from the Bill. I/We would discuss the same subsequently. In this post I wish to discuss some of the provisions of the Draft Intelligence Services (Powers and Regulation) Bill, 2011.

The Bill seeks to give statutory status to:

(i) Research and Analysis Wing
(ii) Intelligence Bureau and
(ii) National Technical Research Organisation.

with a view to regulate the manner of the functioning and exercise of powers by the Intelligence Agencies within and beyond the territory of India and to provide for the coordination, control and oversight of such agencies.

The Statement of Objects and Reasons of the proposed Bill says that Intelligence agencies are responsible for maintaining internal security and combating external threats to the sovereignty and integrity of the nation. These responsibilities range from counter-terrorism measures tackling separatist movements to critical infrastructure protection. These agencies are operating without an appropriate statutory basis delineating their functioning and operations. This tends to, among other things, compromise operational efficiency and weakens the professional fabric of these agencies. It also results in intelligence officers not having due protection when performing their duties.

Assessments and gathering of information by intelligence agencies are catalysts for law enforcement units to act, necessitating that these be reliable, accurate and in accordance with law. This kind of efficiency has been hindered by obscured responsibilities that have plagued the functioning of the agencies.

Article 21 of the Constitution provides that no person shall be deprived of his life and personal liberty except according to the procedure established by law. The Supreme Court of India has carved a right to privacy from the right to life and personal liberty. Such rights to privacy are compromised when agencies undertake surveillance operations.

In Re: Peoples Union of Civil Liberties v. Union of India, the Supreme Court issued detailed guidelines regarding telephone tapping. A proper legal framework is required to regulate surveillance of other forms, using different technologies, as well. There is an urgent need to balance the demands of security and privacy of individuals, by ensuring safeguards against the misuse of surveillance powers of intelligence agencies. Therefore, legislation is imperative to regulate the possible infringement of privacy of citizens, while giving credence to security concerns.

In view of the reasons stated, the Bill seeks to enact a legislation pursuant to Entry 8 of List I of the Seventh Schedule of the Constitution of India to provide: -

(a) A legislative and regulatory framework for the Intelligence Bureau, the Research and Analysis Wing and the National Technical Research Organisation;
(b) Designated Authority regarding authorisation procedure and system of warrants for operations by these agencies;
(c) A National Intelligence Tribunal for the investigation of complaints against these agencies.
(d) A National Intelligence and Security Oversight Committee for an effective oversight mechanism of these agencies; and
(e) An Intelligence Ombudsman for efficient functioning of the agencies and for matters connected therewith.

The Bill is a very good beginning though it requires many “improvements” before it is finally passed by both the Houses of Parliament. I hope and wish the Modified and Improved Bill would become an applicable law very soon.

First Techno Legal Cyber Crimes Investigation Manual Of India

Cyber law is a technical subject and this is the reason why law enforcement officials, lawyers and judges find it difficult to understand and apply. This is also the reason that we have a very bad conviction ratio for cyber criminals in India.

The task of police, lawyers and judges would become easier if there is a ready reference that they can refer and rely upon in cases of cyber crimes. Perry4Law Techno Legal Base (PTLB) and Perry4Law are in the process of writing the first and exclusive techno legal cyber crimes investigation manual of India.

The proposed manual would briefly cover areas like cyber law, cyber crimes, cyber forensics, incidence response, authorship attribution, anonymity, traceability, privacy issues, etc. It would also cover national and international best practices in this regard. The manual is in the final phase of preparation and it may be available to governmental departments and general public after few months.

In fact, an exclusive, extensive and techno legal cyber forensics investigation manual/book has already been written by Praveen Dalal, Managing Partner of Perry4Law and CEO of PTLB. These two manuals/books would cover almost the entire gamut of cyber law, cyber crimes and cyber forensics jurisprudence of India.

Perry4Law and PTLB are also in the process of writing manuals and books in other fields as well. So keep a close watch for the same at this platform and other sites of Perry4Law and PTLB.

We hope Indian government and other stakeholders would find these books/manuals useful and would actively utilise them for effective cyber law and cyber crimes investigations.

E-Discovery In India And Its Uses

By
Baljeet Singh

Electronic discovery has many purposes to achieve. It can be used as an effective measure to prevent frauds from being committed by timely detection of suspicious activities. It can also be used for detection of these frauds and crimes after their commission. Thus, e-discovery is both preventive and curative in nature.

E-discovery must be regulated by a legal framework to give it legitimacy. E-discovery law in India has still to be enacted. Although India has the cyber law of India incorporated in the form of information technology act 2000 (IT Act 2000) yet it is far from being sufficient for cyber forensics and e-discovery purposes. Suitable legislation in this regard is urgently needed in India.

E-discovery is also relevant for law enforcement, lawyers and judiciary. Legal and judicial fraternity of India needs a temperament for scientific knowledge. This includes knowledge about cyber law, cyber forensics, digital evidencing and e-discovery.

E-discovery requirements for banks in India have also significantly increased due to the recent guidelines by Reserve Bank of India that requires banks in India to exercise cyber due diligence and adopt sound cyber security practices.

E-discovery can also supplement due diligence, incidence response and periodic inspection of computers and other technology related systems. This helps in timely detection of frauds and other crimes.

We have a single techno legal e-courts training and consultancy centre of India. It is managed by Perry4Law Techno Legal Base (PTLB). It provides techno legal research, training and education in the fields like digital evidencing in India, e-discovery in India, e-courts training in India, judges training, etc.

Cyber Due Diligence Could Have Prevented Citibank Fraud

By

Praveen Dalal

The Gurgaon based Branch of Citibank was in controversies recently due to the fraud committed by one of its employees. Many depositors and high networth individuals (HNIs) of Citibank were defrauded upto the tune of Rs 460.91 crore in that fraud.

The modus operandi of the crime was very simple. The accused committed the fraud by mobilising funds to the tune of Rs 460.91 crore without authorisation from HNIs customers and certain corporate for the purpose of investing in stock market, assuring them high returns. The accused fabricated a circular of the Securities and Exchange Board of India (SEBI) to lure people into investing into accounts held by his accomplices.

However, Banks and Financial institutions must also be conscious of these fraudulent possibilities and they must be well prepared to prevent and tackle the same. For instance, Banks and Financial Institutions must regularly engage in “Forensics Audit” and “Incidence response”. Presently, Banks and Financial Institutions engage in these “Essential Exercises” when something fraudulent or wrong has already taken place.

Incidence Response and Forensics Audits are essential part of the overall “Due Diligence Strategy” of a Bank or Financial Institution. Recently, the Reserve Bank of India (RBI) executive director G Gopalakrishna said that all banks would have to create a position of Chief Information Officers (CIOs) as well as Steering Committees on Information Security at the Board Level at the earliest. This also means that Banks and Financial Institutions now have to engage in “Cyber Due Diligence” on a “Mandatory Basis”.

Similarly, Amendments have been proposed in the Banking Regulations Act 1949 (BRA 1949) by the Finance Ministry of India. Under the proposed Amendments, RBI would get more “Regulatory Powers” to regulate the affairs of Banks. RBI has also made it clear that it would consider issuing fresh licences for private banks only after getting more regulatory powers, including “Supersession” of bank Boards.

RBI must also constitute a “Core Working Group” consisting of Techno Legal Experts from all fields. This Group can analyse Frauds and Regulatory Aberrations committed by Banks and Financial Institutions or their employees.

The Banking Reforms in India are already in progress and these suggestions can also be a part of the same so that confidence and trust of Bank Customers and Investors is retained.

Banking Regulation Act Amendments Approved By Cabinet

By

Praveen Dalal

Finance Ministry of India and Reserve Bank of India (RBI) have been working in the direction of bringing many good Financial and Banking Sector Reforms in India. In this direction RBI has already issued two good policy documents that would streamline use of Information Technology to enhance core banking practices in India.

The first document is a report of its Working Group on information security, electronic banking, technology risk management, and cyber frauds. In this report, the RBI mandated cyber due diligence for banks in India.

The second document is known as Information Technology Vision Document for 2011-17 (IT Vision 2011-17). The vision document has recommended many good suggestions including requiring that all banks in India now would have to create a position of CIOs as well as steering committees on information security. These requirements must be fulfilled at the highest level of Board of Directors.

Further, RBI has shown its willingness to allow big industrial houses to set up banks in India. However, it would not allow them to open the banks unless RBI gets the “Power to Supersede” Boards of banks that are not being run properly. RBI also wants the right to oversee the operations of the promoting company and any affiliates that will have business relationships with the bank. RBI has been suggesting bringing suitable Amendments in the Banking Regulation Act, 1949 (BRA 1949) in this regard.

Reacting immediately the Cabinet approved the long-pending amendment to the BRA 1949. The proposed amendments align voting rights of shareholders in proportion to the equity held and provide more regulatory teeth to the RBI. These powers now include the power to supersede bank boards.

Finance Minister Pranab Mukherjee would bring the proposed amendments in the BRA 1949 in current session of Parliament (March 2011) to carry forward the proposals made by RBI in this regard. Mukherjee said RBI proposes to issue guidelines for new private bank licences by the end of March. RBI has also made it clear that it would consider issuing fresh licences for private banks only after getting more regulatory powers, including supersession of bank Boards.

These are the much needed Banking and Financial Sector Reforms that were long pending. By including the contemporary issues of Information and Communication Technology, RBI has also covered a wide area. Hopefully Parliament of India would approve the amendments as soon as possible.

Chief Information Officers (CIOs) Made Mandatory For All Banks In India

Reserve Bank of India (RBI) executive director G Gopalakrishna recently said that all banks would have to create a position of chief information officers (CIOs) as well as steering committees on information security at the board level at the earliest. G Gopalakrishna further said the banks will have to implement the facility of "second factor verification" at merchant establishments and ATMs shortly.

The requirements are arising out of the two recently released documents by RBI. The first document is a report of its working group on information security, electronic banking, technology risk management, and cyber frauds. In this report, the RBI mandated cyber due diligence for banks in India.

The second document is known as information technology vision document for 2011-17 (IT Vision 2011-17). The vision document envisages that all banks in India now would have to create a position of CIOs as well as steering committees on information security. These requirements must be fulfilled at the highest level of board of directors. The vision document also requires that while following the above, legal aspects relating to the provisions of the Acts such as Payments and Settlement Act, 2007 and IT Act, 2000 may be strictly adhered to.

This requirement of CIO/CTO is arising because many small banks do not have a designated CTO and also do not have a clear framework on information sharing. RBI is interested in gradual shift to an online system where it can access all the information from the main server of the bank once the RBI's IT Vision is implemented. Those banks having no CIO/CTOs and a steering committee are now required to have these requirements fulfilled as soon as possible.

The objectives of vision document are to ensure the use of information technology beyond core banking and into newer areas like management of information systems (MIS) and better regulatory reporting.

The vision document has been prepared by a high-level committee chaired by deputy governor K.C. Chakrabarty. The vision document also recognises the growing operational risks arising out of adopting technology in the banking sector like use of Internet banking, which could affect financial stability.

If the vision document is fully implemented, it will ensure that the RBI gets access to the servers of all banks, including foreign banks so that it has access to all the banking transactions. Further, the vision document also emphasises on the need for internal controls, risk mitigation systems, fraud detection/prevention and business continuity plans. These are good banking reforms and they must be implemented by banks in India as soon as possible.

Intelligence Infrastructure Of India Is in Big Mess

By

Praveen Dalal

Intelligence Gathering and its timely Analysis and Utilisation are the bench mark of any good and effective Intelligence Infrastructure. When the terrorists attacked Mumbai recently, lack of Intelligence Sharing proved fatal.

Although Intelligence Inputs were available, they were not shared and made available in a timely manner. In other words, although Intelligence Agencies did no fail yet Intelligence Infrastructure failed to act in a timely manner. This happened for a simple reason that we have good Intelligence Agencies but we have a very bad Intelligence Infrastructure.

Intelligence Infrastructure of India needs streamlining. There are numerous Intelligence Agencies operating in India. However, there is no “Centralised Command” for the same. This results in an anomaly as there is no single authority to whom all of them can report and share their intelligence and other inputs.

The worst part is that the acts and omissions of these Intelligence Agencies are not governed by any Legal Framework. Parliamentary Scrutiny of Intelligence Agencies in general and Intelligence Infrastructure in particular are absolutely missing.

The example of the former is lack of Legal Framework for Intelligence Agencies and Law Enforcement Agencies of India. The example of the latter is absence of Legal Framework for Projects like Crime and Criminal Tracking Network System (CCTNS), National Intelligence Grid (NATGRID), Central Monitoring System (CMS), Aadhar/UID Project, etc.

CCTNS links up all of India's Police Stations and NATGRID would connect 21 sets of available databases for instant analysis and results. The “Biometric Details” obtained by Aadhar Project would be added to this list.

In short, the Intelligence Agencies and Intelligence Infrastructure of India have no clear cut direction, guidance and control. Time has come to create a good and effective “Intelligence Infrastructure” in India. We have already recommended that a “Centralised ICT Control System” (CICS) must be established by the Home Ministry of India under the guidance of Mr. P.Chidambaram.

If there are numerous Intelligence Agencies working for different Government Ministries/Departments, there is a possibility of “Lack of Coordination” and “Inadequate and Inappropriate Information Sharing”. Nothing can be more beneficial than a “Centralised ICT Control Centre” for the Indian National and Internal Security.

In fact, Mr. P.Chidambaram has already expressed his desire to establish a National Counter Terrorism Centre (NCTC) that would act as an “Umbrella Organisation” for all Intelligence Agencies. It may also be considered as a “Centralised ICT Control System” and Home Minister must work really hard to establish NCTC as soon as possible.