Monday, April 25, 2016

Mobile Application Developers In India Are Not Complying With Privacy, Data Protection And Cyber Law Requirements

Growing e-commerce in India has resulted in an increase in websites and mobile applications among Indian masses. Some business models depend upon websites whereas others are exclusive application based models. Further, many entrepreneurs have decided to explore mobile application based business models alone.

Surprisingly, there is a tendency among the application developers as well as its users to ignore the applicable legal requirements of India. For instance, privacy, data security, data protection and cyber law compliances are mandatory in India. Yet neither the application developers nor the entrepreneurs using the same are complying with these legal compliances.

Many mobile based application and software providers are exploring the areas like m-health, telemedicine, e-commerce, mobile payment, online payment, cyber security, cloud computing, online gaming including poker, online pharmacies, Bitcoins exchanges, etc. For instance, Apple is planning to launch mobile payment service through Touch ID. In order to ensure that Apple complies with laws of different jurisdictions, Apple has also removed the blockchain application from its store. Similarly, Twitter is also planning to use its platform to enter e-commerce market world over.

These ventures have made the websites and application developers liable under the laws of different jurisdictions simultaneously. The conflict of laws in cyberspace has also complicated the penal liability of these application providers in different jurisdictions. If the application developers are based in India and they wish to raise funds from foreign investors, these application providers must also take care of cyber law due diligence requirements (PDF) as prescribed by Indian laws. Besides, the foreign investors investing in Indian applications would also conduct their own cyber law due diligence to ensure that Indian applications are in compliance with Indian laws.

Presently India and foreign application developers are in direct violation of various Indian laws and corresponding regulations. These include cyber law due diligence, internet intermediary liabilities, encryption related violations, cloud related violations, data protection and privacy regulations (PDF), etc. Most of them are not even aware about the encryption laws of India that have to be complied with.

There are mobile applications that accesses and uses mobile phone owner’s data, information, SMS, contact details, phone books, etc without owner’s permission. Further, there are many application providers that store such information and data outside India on foreign servers. Many time these data and information includes private, sensitive and crucial information that are not authorised to be viewed and used by such application providers.

The cyber litigations against foreign websites and application providers would increase in India in the near future. It is in the long term interest of Indian and foreign application providers to ensure techno legal compliances so that they are not prosecuted in India.

Saturday, November 21, 2015

Digital India Project Of India Is Heading For Rough Waters

In this article, Praveen Dalal, Managing Partner and CEO of Perry4Law Organisation (P4LO) and PTLB, is discussing shortcomings of Digital India project of Indian government. Digital India and cyber security issues in India have been ignored by Indian government so far and this article is addressing that aspect as well.

The success or failure of any project depends upon it due research and analysis. Without a proper homework and due diligence, a project may face many shortcomings, lacuna and limitations. One such project is known as Digital India. As on date, the Digital India project of India government is heading towards rough waters and problems. This is because Digital India project is suffering from many shortcomings and limitations that Indian government has failed to remove.

For instance, the cyber security infrastructure of India is not in a good shape. Take the example of smart grids cyber security in India. India is contemplating using of smart meters but the same has become a headache for the power companies. Even a Grid Security Expert System (GSES) of India was suggested by Indian government in the past but the same has not been implemented till now.

The Digital India Project of India Government is the classic example of use of Information and Communication Technology (ICT) for delivery of public services. Like any great project, Digital India is also suffering from some “Shortcomings”. The chief among them are lack of Cyber Security, ineffective Civil Liberties Protection, absence of Data Protection (PDF) and Privacy Protection, unregulated E-Surveillance in India, absence of Intelligence Agencies Reforms in India, etc.

Unfortunately, the initial objective of public delivery of services through use of ICT seems to be fading away day by day. Instead of public services the focus has now been shifted towards e-surveillance and data mining. To make this work, Indian Government has been using e-surveillance projects like Aadhaar, Central Monitoring System, Network and Traffic Analysis System (NETRA), National Intelligence Grid (NATGRID), National Cyber Coordination Centre (NCCC), etc. None of them is supported by any “Legal Framework” and “Parliamentary Oversight”.

In fact, Vodafone has confirmed that India has been using “Secret Wires” in the Telecom Infrastructure to indulge in e-surveillance. Indian Department of Telecommunications suppressed the whole incidence with a mere assurance of “Investigation” that never took place. As per my personal information, no “Public Report” was made available in this regard by Indian Government so far.

In a latest twist, the Indian Government clubbed its latest Project named Digital Locker with Aadhaar. Essentially it means that Digital Locker is a legal project based upon illegal technology named Aadhaar. I have serious doubts that Digital Locker would serve its or Digital India’s purpose in these circumstances. The matter does not end here. Indian Government has claimed before the Supreme Court that Aadhaar is not mandatory for availing public services. However, this stand of Indian Government is not correct as Aadhaar has already been made compulsory for many public services and many more are added on regular basis.

Surprisingly, Supreme Court has not invoked either the Contempt or the Perjury proceedings against Central Government and States for making false claims and giving incorrect statements. Is not it the duty of Supreme Court to protect the Fundamental and Human Rights of Indian Citizens and residents? It is difficult to believe that Supreme Court is not aware of the ground situation that is actually happening in India. How can the Supreme Court simply rely upon false and misleading statements and allow the Central Government and States to operate in a manner that is clearly prejudicial to the Constitutional Protections and Principles?

It would be really unfortunate if Digital India Project is made the biggest Panopticon of Human History and an endemic E-Surveillance Instrumentality for the Indian Government where every bit of “Digital Information” can be accessed and manipulated by Indian Government. If this is the intention of Indian Government then Digital India Project is heading for rough waters.

Friday, August 29, 2014

Social Media Websites Would Be Required To Establish Servers In India

Social media has always been a challenge for Indian government. From time to time regulation of social media in India was advocated. However, till now Indian government has not been able to deal with this issue effectively.

This is a tricky issue as well. On the one hand India has to manage conflict of laws in cyberspace whereas on the other hand civil liberties protection in cyberspace must be respected. Above all, India must maintain a balance between civil liberties and national security as well.

It has been reported that home ministry of India intends to take legal action against person posting misleading news at Facebook regarding Rajnath Singh’s son. Further, it has also been reported that Indian government would ask social media websites to locate their servers in India so that legal compliances of Indian laws would be easier.  

We at Perry4Law believe that sooner or later foreign websites would be required to establish their servers in India. However, this is not possible till Indian government formulate techno legal framework to regulate Indian cyberspace.

Merely asking the social media websites to locate their servers in India would not help. A tough stand has to be taken by Indian government in this regard and the exercise to formulate a techno legal framework must be started as soon as possible.

Monday, March 25, 2013

Social Media Regulation In India is Needed: Salman Khurshid

Cyber crimes and social media websites in India share a unique relationship. Social media platforms are frequently used to commit various forms of cyber crimes. Hence it is important to regulate these social media platforms in some manner and to some extent. Of course, we cannot regulate social media platforms in absolute sense and under all circumstance and neither should we do so.

Recently the idea of formulating guidelines for social media contents regulations in India was mooted. Before that the idea of pre screening of contents at social media websites was out rightly rejected by both social media platforms and those using them. Even Indian regulators and politicians are now well aware of the realities of social media platforms and they do not talk about regulations of social media in absolute terms.  

For instance, the Union External Affairs Minister Salman Khurshid has lauded the effectiveness of social media and reminded that the freedom that comes out of using it needs to be regulated. Thus, social media laws in India are needed to regulate use of social media in India.

Social media regulation requirements also originate as technology has the capability to put every citizen on equal footing to the Indian government. People can raise their voices and give their opinion on even the most politically sensitive issues that was not possible in the case of traditional media.

At Perry4Law Organisation and Perry4Law’s Techno Legal Base (PTLB) we believe that social media websites cannot be used to incite crimes or defame others. They also cannot be used to propagate pornography or stalking the victims. In other words, social media websites are legal so long they comply with the laws of the land.

Perry4Law and PTLB also believe that a balance between freedom and regulation of social media must be maintained by Indian government. Giving priority to one over another would not be a sound strategy.

Dedicated social networking laws in India may be needed in the near future. While framework and guidelines for use of social media for government organisations is in place there is no such framework for citizens of India.

Wednesday, December 19, 2012

Will E-Books Kill The Bookstores In India?

Electronic books or e-books are fast acquiring the market share of book readers. With innovative and affordable e-book readers, it has now become very easy to purchase and read books in electronic form.

India being one of the most favourite destinations for launching e-books related e-commerce activities, the e-books segment is increasing in India. The e-books publication in India and e-commerce industry is also flourishing when even the non traditional book publishers and sellers are using e-commerce platforms to sell e-books in India. 

The natural question that arises is would this shift towards e-book kill the bookstores in India just like it did in US and UK? There is no second opinion about the fact that e-books would be the norm in future. We cannot postpone the e-books revolution for very long in India. Perhaps within next few years e-books would dominate Indian markets and e-commerce segment.

This has necessitated a strategy making on the part of traditional print based books publishers and distributors. They cannot close their eyes towards this apparent and significant change. In fact, they must already start taking interest in the concept of e-books.

The books publishers and distributors of India must also keep in mind the e-commerce laws and regulations of India. The legal formalities required for starting e-commerce business in India are now well established. However, legal issues in e-commerce in India are still not clear to many national and international e-commerce business houses and entrepreneurs.

For instance, the legal requirements to start an e-commerce website In India are covered by many legislations including information technology act, 2000 (IT Act 2000). However, both national and international e-commerce players are not complying with legal issues of online shopping in India.

Whether e-books would kill traditional print based books/bookstores or not is a question that can be postponed for few years. But what cannot be postponed is formulation of an effective strategy in this regard that is in compliance with Indian laws.

Saturday, November 24, 2012

Cyber Security Capabilities Of India Must Be Strengthened

 
This Article was originally published on 9th February 2012. However, due to DELIBERATE NEGATIVE TACTICS ADOPTED BY GOOGLE, this article was removed by Google despite clear indications that we are the copyright holders and source of original contribution.

Google is engaging in unethical and illegal behavior simply to favour few and working in derogation of others. For complete list of Google’s censorship and negative tactics, kindly visit Websites, Blogs And News Censorship By Google And India.  

Maintaining cyber security at the international level is a tedious task. This is so because cyberspace does not recognises any boundary and cyber attacks can be launched from any part of the world. While cyber attacks upon various computer systems and computer resources are cause of concern yet cyber attacks upon critical infrastructures is of grave concern.

Cyber security in India is at initial stage. Even the information technology act, 2000 (IT Act 2000), which is the sole cyber law of India, does not address the cyber crimes and cyber security issues effectively. We have no dedicated cyber security laws in India and we urgently need a dedicated cyber security legal framework in India.

Meanwhile, India is increasingly facing cyber attacks and cyber threats from foreign nationals. In fact, the cyber laws and cyber security trends of India 2011 by Perry4Law and Perry4Law Techno Legal Base (PTLB) has clearly showed the cyber security vulnerabilities of India. Cyber terrorism against India, cyber warfare against India, cyber espionage against India and cyber attacks against India have already increased a lot. Even the cyber law trends of India 2012 by PTLB have also projected an increased rate of cyber crimes in India and cyber attacks against India in the year 2012.

The biggest cyber threat against India is originating in the form of cyber attacks upon Indian critical infrastructures. Critical infrastructure protection in India requires a well formulated policy. Presently we have no critical infrastructure protection policy of India. Further, critical ICT infrastructure protection in India is one area that requires special attention of Indian government.

Fortunately, Indian government has decided to streamline cyber security of India. The Indian government is in the process of finalising an elaborate plan to strengthen India's cyber security capabilities. A national critical information infrastructure protection centre (NCIPC) of India has also been proposed by Indian government. It intends to ensure critical infrastructure protection and critical ICT infrastructure protection in India.

There are few prerequisites that can make the NCIPC of India successful. Firstly, there must be a centralised ICT command centre of India that can coordinate various cyber security issues. Secondly, specialised agencies and authorities must be constituted for critical infrastructure areas like power, telecom, defense, aviation, etc. These agencies and authorities must coordinate with the centralised command centre for cyber security related issues.

Ministry of communication and information technology (MCIT) has already taken certain initiatives in this regard. For instance, a central monitoring system (CMS) project of India has been launched by MCIT to monitor and intercept electronic communications, messages and information. Further, a national telecom network security coordination board (NTNSCB) of India has also been proposed to strengthen the national telecom security of India.

Now Indian government is planning to step up cyber security protection levels, putting in place real time command-and-control centers and delineating responsibilities among various agencies.

Among the proposals are establishment of dedicated command-and-control centers in India to monitor critical infrastructure in real time, constituting computer emergency response teams (CERTs) for key sectors such as power, aviations, etc and formulation of elaborate protocols for all stakeholders involved in the process of ensuring cyber security in India.

The Cabinet Committee on Security (CS) may approve in a few weeks the multi-layered security plans to protect India's critical infrastructure. The national security advisor (NSA) and the cabinet secretary are working on the final plan.

There would be a clear demarcation of responsibilities between Computer Emergency Response Team-India (CERT-In), National Technical Research Organisation (NTRO), Intelligence Bureau (IB), Military Intelligence (MI) and other agencies that have a role in fighting cyber intrusions. Protocols would be formulated to ensure that there is no overlap between the functions and obligations of various agencies fighting cyber attacks against India. The proposed protocol will also cover department of telecom, department of information technology, National Informatics Centre etc.

Under the proposal, the government will also regularly and proactively monitor and scan critical networks. Not just that, the levels of security for these networks will also be stepped up. CERT-In may also be creating its own real time monitoring centre to strengthen it cyber security initiatives. The responsibility for monitoring critical infrastructure will be divided between NCIPC and CERT-In. The government will also set up dedicated CERT for critical sectors such as power, aviation etc where no such national monitoring mechanism exists.

This is a good step in the right direction and Perry4law and PTLB welcome this move. We also hope that with this the cyber security capabilities of India would be upgraded to the required levels.

Tuesday, November 6, 2012

Cloud Computing Due Diligence In India

Cloud computing around the world is thriving in recognition, but the legal control of this technology is still catching up to its requirements. Nowhere is that more true than in India, where the legal framework for regulation of the cloud computing business needs urgent formulation.

Any business that wants to explore cloud computing must know exactly what is legal and what is not. That’s where we play the decisive role. At Perry4Law, we have been managing cloud computing due diligence and make sure that you are in full compliance with the law before you offer cloud computing to your clients.

The Information Technology Act of 2000 laid the groundwork for due diligence requirements for businesses and stakeholders in the IT industry.  Many of the provisions of the act are relatively stringent, and companies that jump too quickly into cloud computing can find themselves in a jungle of legal issues if they do not perform careful due diligence.

Thus, cyber law due diligence in India cannot be ignored by cloud computing services providers of India. At Perry4Law we have been managing the cyber due diligence for Indian companies on multiple aspects.

One area in particular that has caused headaches for IT companies is privacy. More and more frequent civil proceedings are being initiated as individuals and businesses believe that their privacy rights have been violated, and as cloud computing grows, the potential for even more lawsuits has increased.

We can help your enterprise to navigate the legal framework that currently regulates cloud computing, and also assist you in establishing a best practices model that ensures a rock-solid cloud computing policy for all of your stakeholders.

At Perry4Law, we have our feet on the ground and our head in the clouds–the new practice of cloud computing that is. We can help you to successfully enter this rapidly growing area of technology and make large profits while staying on the right side of the law if you make a request in this regard.

We have also been helping various clients with dispute resolution, competitive intelligence, and recovery of assets to corporations, governments and to private clients, due diligence for Indian companies, providing unrivaled services in India market entry, corporate legal services, intellectual property protection, disputes resolutions, mergers, acquisitions and recovery actions, cyber forensics, cyber security, e-discovery services, etc.