Monday, August 29, 2011

Jan Lokpal Authority Of India

Till now it is absolutely clear that the proposed Jan Lokpal Law of India must be Techno Legal in nature. The existing Bills are suffering from many “Deficiencies” and absence of “Techno Legal Aspect” is one of them.

For instance, Technology is the Best Whistleblower and a Jan Lokpal Authority or Law that does not believe in this “Technological Use” is bound to be another Authority with practically little benefits and uses. That is why a Strong and Effective Whistleblowers Protection Law in India is urgently required.

However, I wish to cover another related aspect of the proposed Jan Lokpal Law of India. The “Real Strength” of the proposed Jan Lokpal Law of India would be the “Jan Lokpal Authority of India”. If we have a Weak or Ineffective Jan Lokpal Authority in India, the proposed Law cannot serve its purpose.

The first aspect that must be resolved is what should be the “Composition” of the proposed Jan Lokpal Authority of India. I believe that the composition of the proposed Jan Lokpal Authority of India must essentially involve Experts representing fields like Judicial, Legal, Technological, Social Justice, etc.

No matter how many Experts from each field are made part of the Authority, the Authority must be Techno Legal in nature. Preference must be given to Experts who have knowledge of both Technical and Legal aspects.

Another aspect that needs to be considered is the “Nature” of such Authority. Should such authority be a “Constitutional Authority” or can it be a “Statutory Body” under the proposed Jan Lokpal Law of India? If it is a Constitutional Body, what additional efforts we need to make to make it “Functional” immediately? If it is a Statutory Body, it can be Constituted along with the passing of the Jan Lokpal Law of India.

These issues require immediate deliberations before the Parliamentary Standing Committee and they must be resolved while passing the Jan Lokpal Law of India by the Parliament.

Indian Jan Lokpal Should Be Technology Driven

One of the major problems with the proposed Jan Lokpal Bill of India 2011 is that all the stakeholders are considering it to be another “Traditional Authority”. They are not willing to accept that the Jan Lokpal Authority of India can be Technology Literate and can handle the challenges of present Information and Communication Technology (ICT).

I believe that in today’s era, Technology is the Best Whistleblower and a Jan Lokpal Authority or Law that does not believe in this “Technological Use” is bound to be another Authority with practically little benefits and uses. That is why a Strong and Effective Whistleblowers Protection Law in India is urgently required.

In the past, I have been maintaining that the present Jan Lokpal Bill of India 2011 is not Strong and Effective as it failed to cover many crucial issues. I still maintain that viewpoint, though People may differ. But I think, this viewpoint of mine must be elaborated further.

But before doing so I wish to express my joy with the “Satisfactory Managing” of the Jan Lokpal Fiasco by our Parliamentarians who have showed great Courage and Respect for Indian Constitution by referring the matter to Parliamentary Standing Committee (PSC).

Since the issues of Legal Framework for Whistleblowers Protection and Judges Accountability have already been referred to the PSC, I would not discuss those issues here. Sufficient is to say that both Laws are “Absolutely Essential” for the successful applicability of proposed Jan Lokpal Law of India.

However, I would like to discuss the Information and Communication Technology (ICT) related issues of Jan Lokpal Law that has been received with much Skepticism and Doubt. To start with, I firmly believe that proposed Jan Lokpal Bill and the corresponding Jan Lokpal Authority must be Techno Legal in nature. Both the Law and Authority must be capable of dealing with both Technical and Legal Issues Simultaneously and on its own.

The “Onus and Responsibilities” of the Jan Lokpal Law and Authority would be enormous so the Jan Lokpal Authority to be constituted must have a “Techno Legal Composition”. Experts from both Technical and Legal Fields must be part of this Authority, with preference to Techno Legal Experts who can do justice to this position.

Surprisingly, as I said before, a majority of People believe that Lokpal has nothing to do with Technology. This is a wrong conception as Lokpal must be Tech Savvy and Technology Driven.

A Lokpal Authority would be better equipped if it can understand Techno Legal issues. For instance, if a Scam or Corrupt Practice has occurred in the field of E-Procurement, E-Banking, Electronic Services Delivery, etc, the Jan Lokpal Authority would not be able to solve it unless it receives help of “External” Techno Legal Experts. So the composition of the proposed Jan Lokpal Authority must be Techno Legal in nature.

Further, if we confine the Applicability and Scope of Jan Lokpal Law to “Non Technical” and “Traditional Issues alone”, Frauds, Scams and Corrupt Practices in the fields like E-Procurement, E-Banking, Electronic Services Delivery, etc, would remain “Untouched” and beyond the Scrutiny of Jan Lokpal Law. This is a serious “Lacuna” especially when India is adopting E-Governance for Public Services Delivery.

So all those who believe that Techno Legal Aspects must be keep out of the ambit of proposed Jan Lokpal Law, they need to rethink again as their approach is limiting the Scope and Applicability of the proposed Jan Lokpal Law.

Saturday, August 27, 2011

Technology Is The Best Whistleblower In India

This is the updated version of my previous Article in this regard that was written by me in 2004/05.[1] The Article was originally written to suggest Indian Government to ensure the “Protectional Requirements” of Whistleblowers in India. However, it has been more than 6 years since that Article was written and even till now we have no Whistleblower Protection Laws in India.

None can doubt that a Strong and Effective Whistleblowers Protection Law in India is urgently required. Whistleblowing is capable of gifting a free, transparent and just social order and it can eliminate the arbitrariness, officialdom and corruption from a society. This is more so when the system of E-Governance is used for Public-Governmental interactions. The Accountability can be established with the use of E-Governance in the Governmental and Non-Governmental functioning.

I. Introduction

The concept of E-Governance can do many wonders and one of them is to play the role of Whistleblowing. The expression “Whistleblowing” is very wide in scope and it refers to a situation where the factum of arbitrariness, illegality or a wrongful act by the “Dominant Personality” is brought to the notice of general public and Courts. The dominant personality may be the all-powerful State, its instrumentalities or even the private employers, who by virtue of their position and resources are capable of suppressing the wrongful conduct. Such a conduct is required to be brought before the scrutiny of the general public and the courts, so that the culprit may be punished. The concept of Whistleblowing is claimed to be the gift of foreign countries, particularly the USA. That is, however, not correct. It was always present in India in the form of “investigative journalism” and “Public Interest Litigation” (PIL). Thus, the “Nomenclature” and not the “Concept” is alien to India. The public-spirited citizens always participated in bringing and establishing a transparent, just, fair and reasonable Governmental dealing. This takes us to the “modes” of Whistleblowing as used in India from time to time.

II. Modes of Whistleblowing

The modes of Whistleblowing can be grouped under the following categories:

(A) The Traditional Modes, and
(B) The Contemporary Modes.

(A) The Traditional Modes

The traditional methods of Whistleblowing can be grouped under the following categories:

(i) The Constitution of India, and
(ii) The Statutory Enactments.

(i) The Constitution of India: The Constitution of India provides means of Whistleblowing in the form of PIL and enforcement of “Public Law Remedy” for the violation of Fundamental Rights. The difference between these two remedies is very crucial. In the former case the process of Whistleblowing safeguards the interest of public at large whereas in the latter case invoking various Constitutional Remedies redresses personal violation of Fundamental Rights. The Constitution of India is not intended to be the arena of legal quibbling for men with long purses. It is made for the common people. It should generally be so construed as that they can understand and appreciate it. The more they understand it the more they love it and the more they prize it. It is really the poor, starved and mindless millions who need the court’s protection for securing to themselves the enjoyment of Human Rights.[2]

The Constitution precedents cannot be permitted to be transformed into weapons for defeating the hopes and aspirations of our teaming millions, half-clad, half-starved, half-educated. These hopes and aspirations representing the will of the people can only become articulate through the voice of their elected representatives. If they fail the people, the nation must face the death and destruction. Then, neither the court nor the Constitution will save the country.[3]

This line of thinking has been now recognised and adopted by various social reformers, lawyers, judges and social workers. Even, general public now knows that the court has constitutional power of intervention, which can be invoked to ameliorate their miseries arising from repression, governmental lawlessness and administrative deviance.[4] The Socio-Justice tool through which these aspirations of the Constitution and people of India are achieved is known as “Public Interest Litigation” (PIL). Lexically the expression PIL means a legal action initiated in a court of law for the enforcement of public interest or general interest in which the public or a class of the community have pecuniary interest or some interest by which their legal rights and liabilities are affected.[5] The evolution of PIL in India has an interesting background. In the famous case of Kesavananda Bharati v State of Kerala[6] the Supreme Court ultimately put a brake on the arbitrary and unreasonable power of Legislature to destroy the “Basic Features” of the Constitution. Thus, the seeds of PIL could never have been planted had the Supreme Court not brought justness and fairness in the “Indian Legal System” in the year1973, by formulating the “Doctrine of Basic Structure”. Justice Krishna Iyer sowed the seeds of the new dispensation in Mumbai Kamgar Sabha v Abdulbhai Faizullabhai[7] and used the expression PIL and “Epistolary Jurisdiction” in Fertilizer Corporation Kamgar Union v U.O.I.[8] In between, the Supreme Court interpreted the expression “Procedure Established by Law” as a procedure which must be “Just, Fair and Reasonable” in the year 1978.[9] This led to the testing of any “Law” on the touchstone of Articles 14, 19 and 21 “Collectively” and thus brought Justness and Fairness in the State’s dealing with the general public. The Supreme Court in the year 1993 declared “Independence of Judiciary” a “Basic Feature” and acquired autonomy in the selection and appointment of judges.[10] This made the interference of “Executive” in the appointment of judges a forgotten practice and made the judges more free and impartial to render justice. In the year 1993 the Supreme Court held that judicial review U/A 32 and 226 is a Basic Feature of the Constitution, which is beyond the pale of “Amendability”.[11] Thus, the discretion to entertain a dispute or petition was reserved exclusively with the Judiciary. This was a landmark judgment since all the PILs are either filed U/A 226 or U/A 32. This means that the discretion to entertain a PIL itself can be considered to be a part of Basic Feature and the only limitation could be the self-imposed restriction by the court itself. To supplement all this, the collective powers of Articles 32, 136, 141 and 142 made the Indian Supreme Court one of the most powerful court of the World. The court treated even a simple letter as a PIL. Since the coffers of the State were not burdened by this practice, the “Executive” did not object to the growth of PIL as a measure for emancipation of the poor and the weaker sections. Even the public at large supported the PIL drive. Thus, volunteer social activists are allowed standing; a simple letter can be accepted as a writ petition, the court itself will shoulder much of the burden of establishing the facts through the commissions, and whenever possible the case will move swiftly to the issue of remedy, by-passing the time-consuming and costly process.[12]

The substantial accomplishments of Indian PIL surely prove that it is a development worthy of the most serious consideration by jurists, lawyers and judges from all societies, and particularly from the United States where the parallel and contrasts are so striking.[13] The instrument of PIL has been used in India as the most frequent and effective mode of Whistleblowing. The same is accompanied with the enforcement of “Public Law Remedies” for the enforcement of Fundamental Rights. For instance, in Chairman, Railway Board v Chandrima Das[14] the Supreme Court observed: “When rape was committed by railway employees on a woman in a building belonging to railways, a writ petition filled by the victim against Government for compensation would be maintainable and it cannot be said that she should have approached a civil court for damages and the matter should not have been considered in a writ petition U/A 226 of the Constitution. Where public functionaries are involved and the matter relates to the violation of the Fundamental Rights or the enforcement of public duties, the remedy would still be available under the “Public Law” notwithstanding that a suit could be filed for damages under the “Private Law”. It was more so when it was not a mere matter of violation of an ordinary right of a person but the violation of Fundamental Rights which was involved as the petitioner was a victim of rape which is violative of the Fundamental Right of a person as guaranteed U/A 21 of the Constitution”. Thus, the collective force of PIL and “Public Law Remedies” provides us the medium of “Constitutional Whistleblowing”. (ii) The statutory enactments: The statutory enactments like Indian Penal Code, 1860, the Prevention of Terrorism Act, the Code of Civil Procedure, 1908, etc also provided means for fighting against civil and criminal wrongs and the same also proved effective deterrent for the commission of further wrongs. The same are, however, incomplete without the means of “information technology” that can provide the safest, secure and strongest form of Whistleblowing. This takes us to the contemporary modes of Whistleblowing.

(B) The Contemporary Modes

The instrument of Whistleblowing can be invoked most effectively by combining it with the Information and Communication Technology (ICT). This is because the medium of ICT is not only speedier and economical but equally the safest and strongest. It must be appreciated that the evils of corruption, delinquencies, scams, etc are intangible in nature and they breeds due to lack of transparency and accountability. The use of ICT in the form of E-Governance will eliminate these evils by bringing transparency and accountability. With the enactment of the Information Technology Act, 2000, more and more transparency is expected in governmental functioning by keeping people aware of the state’s plan, policies, objectives and achievements. The Act facilitates e-governance by accepting electronic records and digital signatures in the government offices and its agencies. These techniques are intended to involve the use of alternatives to paper-based methods of communication and storage of information, and to facilitate electronic filing of documents with the government agencies. This will make the government offices hassle free and transparent. The aim of chapter III of the Information Technology Act, 2000, which deals with E-Governance is to shift the focus of governance from being government centric to citizen centric. It further aims at providing quality services to the citizens. The goal is to provide services to the citizens anytime and anywhere through a number of channels at a reasonable cost and in an efficient manner. With the help of ICT, the daily matters can be effectively taken care of irrespective of the field covered by it.

The beneficial concept of e-governance can be utilized for the following purposes:

(1) To have access to public documents.
(2) For making online payments of various bills and dues.
(3) To file statutory documents online.
(4) To file the complaints, grievances and suggestions of citizens online.
(5) The online facility can be used to enter into a partnership the appropriate government in cases of government contracts.
(6) The citizens can use the online facility to file their income tax returns.
(7) The citizens will enjoy the facility of online services.
(8) The various departments of the government can be computerized and centralized and the responsibility for its proper maintenance can be fixed on an agency like National Informatics Centre.

This sort of arrangement will definitely help in establishing a better state-citizen relationship. It will, further, result in bringing transparency in governmental functioning and reduction of corruption.[15] The threats to life and limbs that is generally associated with real space disclosures are also missing. The informants and witnesses are better protected and this result in smooth and hassle free disclosures of social evils. In fact, the mere use of e-governance results in automatic scrutiny of various social evils as the medium of information technology recognises no pressures and approaches. Further, any manipulation in the same can be directly attributable to the persons having control over the information technology.

III. Justification for Whistleblowing

The strongest justification for allowing the use of Whistleblowing is that the people of India have the right to impart and receive information. The right to impart and receive information is a species of the right to freedom of speech and expression guaranteed by Article 19(1)(a) of the constitution of India. A citizen has a Fundamental Right to use the best means of imparting and receiving information. The State is not only under an obligation to respect the Fundamental Rights of the citizens, but also equally under an obligation to ensure conditions under which the Right can be meaningfully and effectively be enjoyed by one and all. Freedom of speech and expression is basic to and indivisible from a democratic polity. The right U/A 19(1)(a) is, however, available only to the citizens of India and non-citizens can claim only right to know U/A 21 of the Constitution of India.

Thus, the Whistleblowing gets its legitimacy under the following:

(i) Freedom of information under Article 19(1)(a), and

(ii) Right to know under Article 21.

(1) Freedom of information under Article 19(1)(a): Article 19(1)(a) of the constitution guarantees to all citizens freedom of speech and expression. At the same time, Article 19(2) permits the State to make any law in so far as such law imposes reasonable restrictions on the exercise of the rights conferred by Article 19(1)(a) of the constitution in the interest of sovereignty and integrity of India, the security of the State, friendly relations with foreign States, public order, decency, morality, contempt of court, defamation and incitement of offence. Thus, a citizen has a right to receive information and that right is derived from the concept of freedom of speech and expression comprised in Article 19(1)(a).[16] It must, however, be noted that freedoms under Article 19, including Article 19(1)(a), are available only to citizens of India. An alien or foreigner has no rights under this Article because he is not a citizen of India. Thus to confer protection upon non-citizens one has to depend upon and apply Article 21 which is available to all persons, whether citizen or non-citizen.

(2) Right to know under Article 21: Article 21 enshrines right to life and personal liberty. The expressions “right to life and personal liberty” are compendious terms, which include within themselves variety of rights and attributes. Some of them are also found in Article 19 and thus have two sources at the same time.[17] In R.P.Limited v Indian Express Newspapers[18] the Supreme Court read into Article 21 the right to know. The Supreme Court held that right to know is a necessary ingredient of participatory democracy. In view of transnational developments when distances are shrinking, international communities are coming together for cooperation in various spheres and they are moving towards global perspective in various fields including Human Rights, the expression “liberty” must receive an expanded meaning. The expression cannot be limited to mere absence of bodily restraint. It is wide enough to expand to full range of rights including right to hold a particular opinion and right to sustain and nurture that opinion. For sustaining and nurturing that opinion it becomes necessary to receive information. Article 21 confers on all persons a right to know which include a right to receive information. The ambit and scope of Article 21 is much wider as compared to Article 19(1)(a). Thus, the courts are required to expand its scope by way of judicial activism. In P.U.C.L v U.O.I[19] the Supreme Court observed that Fundamental Rights themselves have no fixed contents, most of them are empty vessels into which each generation must pour its contents in the light of its experience. The attempt of the court should be to expand the reach and ambit of the Fundamental Rights by process of judicial interpretation. There cannot be any distinction between the Fundamental Rights mentioned in Chapter-III of the constitution and the declaration of such rights on the basis of the judgments rendered by the Supreme Court.

Further, it is well settled that while interpreting the constitutional provisions dealing with Fundamental Rights the courts must not forget the principles embodied in the international conventions and instruments and as far as possible the courts must give effect to the principles contained in those instruments. The courts are under an obligation to give due regard to the international conventions and norms while construing the domestic laws, more so when there is no inconsistency or conflict between them and the domestic law.[20] The courts in India can take clue from various foreign laws concerning Whistleblowing by moulding the same as per the requirements of Indian conditions. The courts can also recognise the rights of the government to restrict the flow of information to general public. For instance, in P.U.C.L. v U.O.I[21] the Supreme Court specified the grounds on which the government can withhold information relating to various matters. The Supreme Court observed: “Every right- legal or moral- carries with it a corresponding objection. It is subject to several exemptions/ exceptions indicated in broad terms. Generally, the exemptions/ exceptions under those laws entitle the government to with hold information relating to the following matters:

(1) International relations;
(2) National security (including defiance) and public safety;
(3) Investigation, detection and prevention of crime;
(4) Internal deliberations of the Govt;
(5) Information received in confidence from a source outside the Govt;
(6) Information, which, if disclosed, would violate the privacy of the individual;
(7) Information of an economic nature (including Trade Secrets) which, if disclosed, would confer an unfair advantage on some person or concern, or, subject some person or Govt, to an unfair disadvantage;
(8) Information, which is subject to a claim of legal professional privilege, e.g. communication between a legal adviser and the client; between a physician and the patient;
(9) Information about scientific discoveries”.

Thus, if a given case does not fall within the restrictions contained U/A 19(2) or abovementioned restrictions, the same cannot be withheld from the public scrutiny.

IV. Safeguards to Whistleblowers

The existing laws contain various provisions that restrict the access to the whistleblowers and thereby prevent their disclosure. For instance, under section 173 (6) of Cr.P.C the police officer can form an opinion that any part of the statement recorded under section 161 of the Code of a person, the prosecution proposes to examine as its witness, need not be disclosed to the accused if it is not essential in the interests of justice or is inexpedient in the public interest.
Similarly, though section 273 of the Code requires the evidence to be taken in the presence of the accused, section 299 indicates that in certain exceptional circumstances an accused may be denied his right to cross-examine a prosecution witness in open court. The concerned person or witness may be the whistleblower, whose identity can be concealed by the courts in the interest of justice. Further, the Law Commission of India and other Commissions have also contributed significantly for the protection of whistleblowers. The 14th Report of the Law Commission (1958) examined, inter alia, the question of providing adequate facilities to witnesses attending cases in courts. The 4th Report of the National Police Commission (1980) acknowledged the troubles undergone by witnesses attending proceedings in courts. The 154th Report of the Law Commission (1996) particularly noted: “Necessary confidence has to be created in the minds of the witnesses that they would be protected from the wrath of the accused in any eventuality.” In its 178th Report (2001), the Law Commission recommended the insertion of section 164A in the Cr.P.C to provide for recording of the statement of material witnesses in the presence of Magistrates where the offences were punishable with imprisonment of 10 years and more. On the basis of this recommendation, the Criminal Law (Amendment) Bill, 2003 was introduced in the Rajya Sabha and is pending enactment. The Law Commission’s 179th Report on Public Interest Disclosures and the Protection of Informers, states thus: “Good-faith whistleblowers represent the highest ideals of public service and challenge abuses of power. They test loyalty with the highest moral principles but place the country above loyalties to persons, parties or Governments”.[22] The same also seems to be stress of the “consultation paper on witness identity protection and witness protection programmes” issued by the Law Commission.[23] These provisions must be construed in a liberal manner by the courts to protect the whistleblowers.

V. Judicial Response

The response of the Supreme Court for providing protection to witnesses and whistleblowers is positive and justice oriented. The Supreme Court, in Gurbachan Singh v State of Bombay[24] upheld a provision of the Bombay Police Act, 1951 that denied permission to a detenue to cross-examine the witnesses who had deposed against him. It was held that the law was only to deal with exceptional cases where witnesses, for fear of violence to their person or property, were unwilling to depose publicly against bad character. In Naresh Mirajkar v State of Maharashtra[25] the Supreme Court recognised the validity of the procedure of holding an in-camera trial. The Supreme Court was of the opinion that in certain circumstances, the identity of the witness can be kept secret and concealed by holding an in-camera trial. The decision of Maneka Sanjay Gandhi v. Rani Jethmalani[26] stressed the need for a congenial atmosphere for the conduct of a fair trial and this included the protection of witnesses. Similarly, in A.K. Roy v Union of India[27], stressing on the need to protect the identity of the informant, the Supreme Court held that the disclosure of the identity of the informant may abort the very process of preventive detention because, no one will be willing to come forward to give information of any prejudicial activity if his identity is going to be disclosed, which may have to be done under the stress of cross-examination. In Kartar Singh v. State of Punjab[28] the Supreme Court upheld the validity of ss.16 (2) and (3) of the Terrorist and Disruptive Activities (Prevention) Act, 1987 (TADA) which gave the discretion to the Designated Court to keep the identity and address of a witness secret upon certain contingencies; to hold the proceedings at a place to be decided by the court and to withhold the names and addresses of witnesses in its orders. The court held that the right of the accused to cross-examine the prosecution witnesses was not absolute but was subject to exceptions. The same reasoning was applied to uphold the validity of Sec. 30 of the Prevention of Terrorism Act, 2002 (POTA) in People’s Union of Civil Liberties v. Union of India.[29] In State of Maharashtra v Dr.Praful.B.Desai[30] the Supreme Court observed: “The evidence can be both oral and documentary and electronic records can be produced as evidence. This means that evidence, even in criminal matters, can also be by way of electronic records. This would include video conferencing. Video conferencing is an advancement in science and technology which permits one to see, hear and talk with someone far away, with the same facility and ease as if he is present before you i.e. in your presence. Thus, it is clear that so long as the accused and/or his pleader are present when evidence is recorded by video conferencing that evidence is recorded in the “presence” of the accused and would thus fully meet the requirements of section 273, Criminal Procedure Code. Recording of such evidence would be as per “procedure established by law”. This judgment of the Supreme Court is a landmark judgment as it has the potential to seek help of those witnesses who are crucial for rendering the complete justice but who cannot come due to “territorial distances” or even due to fear, expenses, old age, etc. The Courts in India have the power to maintain anonymity of the witnesses to protect them from threats and harm and the use of information technology is the safest bet for the same. The testimony of a witness can be recorded electronically the access to which can be legitimately and lawfully denied by the Courts to meet the ends of justice. In Zahaira Sheikh v State of Gujarat[31] (the Best Bakery Case), in the context of the collapse of the trial on account of witnesses turning hostile as a result of intimidation, the Supreme Court reiterated that “legislative measures to emphasise prohibition against tampering with witness, victim or informant, have become the imminent and inevitable need of the day. In Sakshi v U.O.I[32] the Supreme Court referred to the 172nd Report of the Law Commission and laid down that certain procedural safeguards had to be followed to protect the victim of child sexual abuse during the conduct of the trial.

VI. Conclusion

The role model for governance and decision taken thereon should manifest equity, fair play and justice. The cardinal principle of governance in a civilized society based on rule of law not only has to base on transparency but also must create an impression that the decision-making was motivated on the consideration of probity. The government has to rise above the nexus of vested interests and nepotism and eschew window-dressing. The act of governance has to withstand the test of judiciousness and impartiality and avoid arbitrary or capricious actions. Therefore, the principle of governance has to be tested on the touchstone of justice, equity and fair play. Though on the face of it the decision may look legitimate but as a matter of fact the reasons may not be based on values but to achieve popular accolade, that decision cannot be allowed to operate.[33] The primary responsibility for bringing such affairs before the courts lie with the whistleblowers. This process, however, has its own perils and deleterious effects. Thus, the life and limb of these whistleblowers should be duly protected. The traditional methods of protection of these whistleblowers though are effective but are not free from risks and lacunas. The use of information technology, particularly a sound e-governance base, can safeguard the interest of justice in the most benign manner. The whistleblowers are protected, as they are not exposed to the retaliatory tactics of the persons exposed by them. At the same time valuable evidences are also made available to the courts to do complete justice. The use of video- conferencing and web-meetings can solve most of the problems associated with the evidence giving. The whistleblowers can be testified by using these technological devices that are readily available at the disposal of the courts. It is no bravery to expose the crucial witnesses and whistleblowers to the risks of retaliatory tactics adopted by hard-core criminals. The prudent judicial system should maintain a balance between the interest of justice on the one hand and the interest of the whistleblowers on the other. A crucial witness or a whistleblower need not to be taken to the court premises if a sound e-governance base are in vogue. The time, money, efforts and resources consumed in bringing the whistleblowers is on a much higher footing as compared to the use of e-governance for the same. The evidence of these whistleblowers can be recorded and its recorded version can be transmitted to the court along with a copy of the same. The evidence so recorded is of durable nature and can prevent the miscarriage of justice. Thus, the maintaining of e-record is also important in maintaining an apposite judicial system and for meeting the ends of justice. For instance, if the records of the proceedings are destroyed due to natural calamities and their reconstruction is not possible, then the court has no other option but to acquit the accused.[34] An electronic record is not only durable but can be easily stored as well. It must be noted that in majority of cases the witnesses do not come forward to give evidence and many important pieces of evidences are lost forever. This results in acquittal of the accused and a miscarriage of justice. If the identity of the witnesses is concealed and their evidence has been obtained by the use of e-governance, then justice can be administered in its most judicious manner. A sound judicial system requires proper evidencing and the same is a risky affair on all counts. This is not a case of dissatisfaction with either the justice administration system or the law enforcement system but the natural and human tendency that must be recognised and accepted. The courts must stress on obtaining as much evidence as possible. The same can be done by primarily relying upon a sound e-governance base, though traditional methods of evidencing can be also be used to supplement it. A court of law cannot render justice unless the ultimate decision is based on the contemporary law as prevailing in the society. A decision based on an old law, which does not satisfy the requirements of the present situation, and environment should be avoided. In such a situation the efforts of the courts should be to give the law a "purposive, updating and an ongoing interpretation". This position makes the interface of justice delivery system with the information technology inevitable and unavoidable, which the Indian Judiciary is capable of tackling effectively and efficiently. Thus, the future of Whistleblowing is very bright in India, as the “electronic justice delivery system” has already found a place in the Indian legal system.

[1] © Praveen Dalal, Managing Partner, Perry4Law, New Delhi, India. All Rights Reserved. Contact at pd37@rediffmail.com, perry4law@yahoo.com .
[2] Justice Dwivedi in Kesavananda Bharati v State of Kerala, (1973) 4 SCC 225.
[3] Justice Chandrachud in Kesavananda Bharati v State of Kerala, (1973) 4 SCC 225.
[4] Upendra Bakshi; “Taking suffering seriously: Social Action Litigation in the Supreme Court of India” Law and Poverty (ed) Upendra Bakshi, pages 387-415 (1988).
[5] S.R.Pandian. J in Janta Dal v H.S.Chowdhary, AIR 1993 SC 892.
[6] (1973) 4 SCC 225.
[7] (1976) 3 SCC 832.
[8] AIR 1982 SC 344.
[9] Maneka Gandhi v U.O.I, AIR 1978 SC 597.
[10] Supreme Court Advocate on Record v U.O.I, (1993) 4 SCC 441.
[11] Kihoto v Zachilhu, AIR 1993 SC 412.
[12] Praveen Dalal, “Sociology Of PIL In India”, http://praveen-dalal.blogspot.com/2005/04/sociology-of-pil-in-india.html
[13] Clark D. Cunningham; “Public Interest Litigation in Indian Supreme Court: A study in the light of American Experience”, J.I.L.I, V-29: 4. P-494 (1987).
[14] AIR 2000 SC 988.
[15] Praveen Dalal and Shruti Gupta, “Bringing transparency through e-governance”, (2003) 3 ACE (J) p-15.
[16] State of U.P v Raj Narayan AIR 1975 SC 865; P.V.Narsimha Rao v State AIR 1998.
[17] Kharak Singh v State of U.P AIR 1963 SC 1295.
[18] AIR 1989 SC 190.
[19] JT 2003 (2) 528.
[20] Praveen Dalal and Shruti Gupta, “The new horizons of right to information”, (2004) 1 ACE (J) p-1.
[21] AIR 2004 SC 1442.
[22] DO No. 6(3)(72)/2001-LC(LS), December 2001, at p. 32.
[23] Released on 13th August 2004.
[24] AIR 1952 SC 221.
[25] AIR 1967 SC 1.
[26] (1979) 4 SCC 167.
[27] (1982) 1 SCC 271.
[28] (1994) 3 SCC 569.
[29] (2003) 10 SCALE 967.
[30] 2003 (3) SCALE 554.
[31] (2004) 4 SCALE 375
[32] (2004) 5 SCC 519.
[33] Onkarlal Bajaj v U.O.I, AIR 2003 SC 2562.
[34] State of U.P v Abhai Raj Singh, (2004) 4 SCC 6.

Friday, August 26, 2011

Cyber Police Reforms In India Are Needed

Police reforms in India are long overdue. Whether it is on the front of legal framework, prison conditions, police accountability and transparency or any other similar aspect, police reforms in India have been stagnant.

Some of these reforms pertain to infrastructure while others pertain to policy formulation and still others regarding brand and image making of police in India. While these reforms can be managed through political will yet one reform area that cannot be achieved through mere political will pertains to training of police force in technology related issues.

For instance, we do not have enough cyber crime investigation capabilities in India till now. Cyber crime investigation in India is still far from satisfactory and there are selective police officials who are aware of technological issues and technological laws like information technology act 2000 (IT Act 2000).

At Perry4Law and Perry4Law Techno Legal Base (PTLB) we have been working in the direction of removing these obstacles for the law enforcement officials of India. PTLB has been managing a techno legal ICT training centre for police force that intends to fill this void and make our police force techno legal in nature.

Perry4Law and PTLB suggest that police force of India must be well versed in areas like cyber law, cyber security attacks, cyber forensics, digital evidencing and e-discovery, video conferencing evidence, e-courts, etc.

Presently, these issues are not considered by police force of India. To start with police force must be made aware of the cyber law of India and its applicable provisions. Further, police in India also needs to learn how to investigate a cyber crime. Simple issues of cyber forensics like internet protocol address tracking and data recovery must also be learned by police force of India.

Indian government in general and ministry of home affairs in particular must pay special attention to these issues as ambitious projects like national intelligence grid (Natgrid), crime and criminal tracking network and systems (CCTNS), etc cannot be run successfully through an untrained police and intelligence force.

Cyber skill and intelligence gathering skills need to be developed in India as soon as possible. Perry4Law and PTLB hope that our suggestions would be considered by Indian government for the larger interest of all concerned.

Tuesday, August 23, 2011

Indian Encryption Policy Must Be Formulated

Encryption policy of India is long overdue but India has been slow in formulating this much needed policy. At the same time encryption is also a controversial issue in India that requires a balancing of conflicting interests of law enforcement requirements and personal privacy and security.

Provisions pertaining to encryption usage in India are scattered in various laws, rules and regulations of India. We do not have a centralised or dedicated legal framework for encryption related matters and this is hindering proper usage and innovation in the field of encryption in India.

The cyber law of India, as applicable through information technology act 2000 (IT Act 2000) has a single provisions in this regard. Section 84A of IT Act 2000 says that the Central Government may prescribe the modes or methods of encryption. Till now the Central Government has not prescribed any “modes or methods” of encryption usage in India.

We are compromising the cyber security of India, mobile security of India and mobile governance in India by insisting upon a weak encryption infrastructure. Mobile cyber security in India is not up to the mark and unencrypted communication would further increase the risks.

There are many service providers that use encryption for private and secure communications. The ministry of home affairs has been insisting upon surrendering of encryption keys of such services and in the absence of same banning such encrypted services. However, the ministry of communication and information technology has made it clear that it is not possible to do so.

India has taken too much time to resolve encryption issues and the same must be resolved as soon as possible. Encrypted services would bring both benefits and problems for India. On the benefit side, it would bring secure, private and confidential services. The problem with encryption, like any other technological service, is that it can be abused by criminals.

However, the possibility of abuse should not deter Indian government from using encryption in India. Further, Indian government must develop core cyber skills to deal with encryption related crimes rather than downsising the same and making Indian cyber and mobile security vulnerable to threats.

India needs to upgrade its intelligence infrastructure that is in real mess. Intelligence agencies need to develop intelligence gathering and analysis skills so that situations like the present one can be taken care of. E-surveillance is not a substitute for cyber skills and Indian government and its agencies must realise this truth as soon as possible. However, the call is for the Indian government to take that is shying away from taking a well informed decision in this regard.

Memory Forensics In India And Its Admissibility

Memory Forensics is a very important part of Cyber Forensics/Digital Forensics. In Memory Forensics we do not analyse the entire Hard Disk for Malware. Rather we analyse the Physical or Virtual Memory of a Computer System for Malware already running on the System.

This not only saves lots of time, energy and costs but also takes care of those Malware that run in “Memory Alone”. Modern Malware are written keeping in mind the Digital Forensics Practices that can detect them.

Traditionally, Forensics was mainly confined to Dead/Offline Forensic Analysis of the image of a Hard Disk or Media. However, Malware writers used more sophisticated Codes and Tools to circumvent Forensics Methods. One such method was to use and run the Malware in Memory alone. This has the advantage for Malware users as the moment a Computer System is shut off, the evidence of Malware abuse is almost gone.

The only viable option seems to be to analyse the Malware when the Computer System is still on and running as at that time the Malware are still present in the Memory. There are many Open Source Software to do this job and Individuals/Firms/Companies are investing their time and resources to get Memory Forensics Expertise.

Perry4Law and Perry4Law Techno Legal Base (PTLB) recommend adoption and use of Memory Forensics along with other forms of Digital Forensics. Further, Perry4Law and PTLB also recommend maintaining a “Chain of Custody” and “Standard Operating Procedure” while engaging in all forms of Digital Forensics.

This is important to make the Evidence extracted through Digital Forensics “Admissible” in a Court of Law. Many times Evidence acquired through Digital Forensics is challenged in Courts and is declared “Inadmissible” by the Court.

Perry4Law and PTLB believe that the “Best Practice” in this regard is to engage in Digital Forensics, including Memory Forensics, by considering it as a part of a Court Proceedings. Once the concerned Digital Forensics/Memory Forensics has been undertaken, it must be shown to and discussed with a good Techno Legal Lawyer/Law Firm who can understand the intricacies of Digital Forensics and suggest the “Best Method” to get it “Admissible” in the Courts.

If the acquired “Digital Evidence” is ultimately declared “Inadmissible” by the Court, there is no use of engaging in such Digital Forensics/Memory Forensics.

Monday, August 22, 2011

Electronic Passports Are Vulnerable To Security Threats

Electronic passports are used in many developed nations and India is also considering using the same. While e-passports have many benefits they are also vulnerable to cyber security threats as well.

Similarly, these threats have also revealed the weaknesses of having a blind trust over biometric technologies. In fact, biometric technologies without proper security safeguards would prove a nightmare for India.

Lukas Grunwald, a radio frequency ID (RFID) expert and a German security researcher, demonstrated last year that he could clone the computer chip in an e-passport. Now he has revealed additional vulnerabilities in the design of the new documents and the inspection systems used to read them.

Grunwald, who has also served as an e-passport consultant to the German parliament, says the security flaws allow someone to seize and clone the fingerprint image stored on the biometric e-passport, and to create a specially coded chip that attacks e-passport readers that attempt to scan it.

Grunwald says he has succeeded in sabotaging two passport readers made by different vendors by cloning a passport chip, then modifying the JPEG2000 image file containing the passport photo. Reading the modified image crashed the readers, which suggests they could be vulnerable to a code-injection exploit that might, for example, reprogram a reader to approve expired or forged passports.

"If you're able to crash something you are most likely able to exploit it," says Grunwald. E-passports contain RFID chips that are supposed to help thwart document forgery and speed processing of travelers at U.S. entry points. The United States led the charge for global e-passports because authorities said the chip, which is digitally signed by each issuing country, would help distinguish official documents from forged ones.

But Grunwald demonstrated last year how he could extract the data on a passport chip, which is read-only, and clone it to a read-write chip that appears the same to an e-passport reader.

Now Grunwald says he was able to add data to the cloned chip that would allow someone to attack the passport reader. He conducted the attack by embedding a buffer-overrun exploit inside the JPEG2000 file on the cloned chip that contains the passport photo.

Buffer-overrun vulnerabilities occur when coding errors in software allow an attacker to overflow a section of memory dedicated to storing a fixed amount of data. Carefully exploited, they often permit the hacker to execute his own instructions on the vulnerable computer, essentially taking over the device -- though Grunwald has not attempted that level of compromise on e-passport readers.

He won't name the vendors that make the readers he crashed, but says the readers are currently in use at some airport entry points. He says there's no reason to believe that readers made by other vendors would be any more secure.

The International Civil Aviation Organisation, the United Nations body that developed the standards for e-passports, opted to store travelers' fingerprints as a digital photo. As a result, it's possible to seize the image and use it to impersonate a passport holder by essentially hijacking their fingerprints. Japanese researchers several years ago demonstrated the ability to make false fingerprints using gelatin material that could be placed over a finger.

To access any data on the passport, the attacker would need to unlock it using a machine-readable code printed on the passport's face. Additionally, the International Civil Aviation Organisation recommends that issuing countries protect biometric data on the e-passport with an optional feature known as Extended Access Control, which protects the biometric data on the chip by making readers obtain a digital certificate from the country that issued the passport before the equipment can access the information.

That certificate is only valid for a short period of time, but the chips contain no onboard clock to handle the digital certificate's expiration, which makes them vulnerable as well, says Grunwald. "It's a basic mistake," he says.

Indian Strategic Departments Are Targeted By Cyber Espionage

The cases of cyber attacks and cyber espionage are not new to India. In the past computers located at crucial departments/ministries of India have been successfully targeted and compromised.

Even the computers at prime minister’s office (PMO) have been compromised for months without any knowledge of the same. Similarly, computers at ministry of external affairs (MEA), home ministry, defense computers, etc have been targeted and compromised in the past. Even the website of central bureau of investigation (CBI) was defaced and compromised in the past.

Now it has been reported that some of the top officials in the PMO, including principal secretary to the PM TKA Nair and national security advisor Shiv Shankar Menon, received warning calls from India’s technical intelligence agency, the National Technical Research Organisation (NTRO).

NTRO required all computer systems to be shut down and all computers were to be unplugged until its officials arrive at the PMO. Similarly, other key ministries were also asked to shut down the computer systems.

This was one of the most strategically targeted cyber attacks on India’s key ministries, as officials from the ministries of home affairs, defence, external affairs and the armed forces began to receive similar calls asking them to shut down their computer systems.

On July 12, 2011 NTRO officials noticed bulk emails from one address with an attached Word document titled “cms,ntro:dailyelec.mediareport (2011)” being sent to inboxes of key officials of India’s vast security architecture.

Other officials who received the email were joint secretaries and directors in the PMO, the special secretary (internal security) UK Bansal in the ministry of home affairs, seven key joint secretaries in the ministry of external affairs dealing with the US and Pakistan, and a host of other officials in BSF and CISF.

For several hours, the computer systems remained infected and compromised as NTRO officials struggled to make them Malware free. Luckily for them, a lot of good work had already been done to prepare for such an eventuality. In April and May this year, the agency observed a mass attack on India’s key security-related ministries. The NTRO contacted several key officials whose systems had been compromised for months.

Two of them were joint secretaries in the PMO and the national council secretariat that collates all the intelligence generated by agencies like RAW, IB and NTRO. The third target to be detected was the rear admiral who was posted in the “Perspective Plans” directorate of the Integrated Defence Headquarters, a joint armed forces setup.

NTRO officials were horrified that these official systems were targeted and infected with Malware. These were well-planned attacks meant to launch selective commands on the system that would be saved on a virtual drive created secretly by the Malware.

As the officials began to decode the systems, they approached the service provider MTNL to get access to their key communication nodes. Here, NTRO’s sensors picked up an additional 500 email addresses that had already been compromised by a similarly coded Malware. The report concluded that this was “a deliberate attempt to gain access to email addresses of key officials” through which major systems could be breached and compromised.

By July 20, Dr Nirmaljeet Singh Kalsi, a joint secretary in the ministry of home affairs sent out a detailed note spelling out the nature of the attack so as to prevent a future breach. It noted that “reports of cyber espionage attack” on various government installations had been received, and advised key ministries to lay down strict security protocol. The attack was being initiated by trusted email addressees that had actually been compromised as early as 2007.

Racing against time, NTRO officials analysed and reversed the Malware in a bid to detect the origin and nature of the attack. By July 8, a detailed three-page report was issued to all the key ministries to remain alert to a much more targeted attack. This effort minimised the damage of the July 12 attack and the breach was sealed in a matter of hours.

Sunday, August 21, 2011

Circumventing Web Malware Detection Through IP Cloaking

When you surf the Internet through search engines, you must have noted that Google labels certain sites as dangerous as they are infected with Malware. This has alerted many users and they refrain from clicking upon such sites.

Now Malware writers have developed a new technique where they are feeding security systems of intermediaries like Google with clean pages and targeting the users with pages that are Malware infected.

Since Google is seeing and analysing clean pages, there is no question of labeling such Malware ridden sites as dangerous and users are not cautioned by any warning by Google or other security vendors.

This technique and modus operendi is known as Internet protocol cloaking (IP cloaking) that has been successful so far. This fact came to the knowledge of Google and it released a report in this regard titled Trends in Circumventing Web-Malware Detection (PDF).

Google defines IP cloaking as being able to serve benign content to detection systems, but serve malicious content to normal web page visitors. Like many security companies, Google monitors compromised web sites. In 2008 it discovered that those sites had stopped returning malicious results to its monitoring systems, but still served Malware to other site visitors.

The Malware authors had learned the IP addresses hosting the monitoring software, and so excluded them from their Malware dissemination practice, thereby making their sites appear clean. IP cloaking contributes significantly to the overall number of malicious web sites found by security systems.

The research also found that cyber criminals generally spend little time on any individual exploit, quickly switching focus to new vulnerabilities in order to stay ahead of detection by law enforcement and security specialists.

Friday, August 19, 2011

Privacy Laws, Lawyers And Law Firms In India

Cyber security laws, lawyers and law firms in India and abroad are scanty to find. This is because fields like cyber security need expertise that legal fraternity is currently not possessing. However, if we see the global cyber security legal practice trend, legal community has started exploring techno legal fields.

Just like cyber law and cyber security legal practices, privacy protection, data protection and data security lawyers and law firms are also limited in nature. As far as India is concerned, we have no dedicated privacy, data protection and data security law. This is a serious limitation that is resulting in poor privacy, data protection and data security legal practice in India.

On the other hand the cyber law of India, incorporated in the information technology act 2000, imposes many cyber laws due diligence obligations upon various stakeholders like banks, companies, internet intermediaries, website owners, etc. This is a serious issue whose seriousness has not been properly appreciated by stakeholders in India.

With the recent formulation of rules under the IT Act 2000 regarding privacy and data protection, the due diligence requirements regarding privacy protection and data protection in India have become very stringent.

It is in the own interest of various stakeholders operating in India to adopt techno legal privacy and data protection strategies so that they may not be violating the cyber law and other laws of India.

Needless to mention such techno legal policies and strategies must be formulated by techno legal law firms alone as it is a delicate issue that requires balancing of both technical and legal issues involved.

The outsourcing industry must pay a special attention to the techno legal requirements of privacy, data protection and data security issues. Perry4Law and Perry4Law Techno Legal Base (PTLB) strongly recommend formulating and adopting best practices by stakeholders in this regard.

Wednesday, August 17, 2011

Draft National Competition Law Policy Of India

Competition Law of India is incorporated in the Competition Act 2002. It intends to regulate unfair business and commercial transactions and bring order in the otherwise disordered and manipulated business environment. The law also deals with anti-competitive agreements, unfair practices and abuse of dominant position.

In order to further strengthen the competition regime in India, the Ministry of Corporate Affairs has decided to formulate the draft National Competition Policy of India. This is a good step in the right direction and we at Perry4Law and Perry4Law Techno Legal Base (PTLB) support this initiative of Indian Government.

The Policy is aimed at laying down an overarching policy framework for infusing competition principles in various policies, statutes and regulations and promoting a competitive market structure in the economy, thereby striving to achieve maximum economy efficiency in various spheres, and public welfare. This Policy also includes some suggestions on the methodology and parameters for undertaking Competition Impact Assessment of concerned policies, regulations and procedures.

Competition refers to a situation in a market place in which firms/ entities or sellers independently strive for the patronage of buyers in order to achieve a particular business objective, such as profits, sales, market share etc. By responding to demand for goods and services with lower prices and higher quality, competing businesses are pressured to reduce costs, innovate in processes and products, invest in technology and better managerial practices and increase productivity. This process leads to achievement of static, dynamic as also resource/allocative efficiencies, sustainable economic growth, development, and poverty alleviation.

Competition is not an end unto itself, rather a means to achieve economic efficiency and welfare objectives. Importantly, competition is not automatic, and requires to be promoted, protected and nurtured through appropriate regulatory frameworks, by minimising market restrictions and distortions, and provision of related productive inputs such as infrastructure services, finance, human capital etc. However, a Competition Policy has to be evolved to imbibe the principles of competition in various endeavours of the Government, of course in alignment with the national strategic objectives, along with social, environmental, public safety, and other considerations.

Competition Policy means government measures, policies, statutes, and regulations including a competition law, aimed at promoting competitive market structure and behavior of entities in an economy. Competition Law is but a sub-set of the Competition Policy. Thus, Competition Policy is a broader term which includes all government policies and laws whereas competition law is specific statute with a predefined mandate to adjudicate on violation(s) of the law. In India, the Competition Act, 2002 deals with anti-competitive agreements such as price fixing, bid rigging, joint boycotts, etc; abusive practices undertaken by dominant entities such as predatory pricing, abusive conditions of supply, etc, and regulation of combinations. It would be seen that a competition law is a regulatory instrument to check the prevalence of anti-competitive practices whereas a competition policy is a proactive and positive effort to build a competition culture in an economy.

The Constitution of India seeks to ensure for its citizens—social, economic and political justice. Article 19(1) (g) of the Indian Constitution provides “freedom to practice any profession, or to carry on any occupation, trade or business”. Articles 301-304 further elucidate the issues. In a judgment3 the Supreme Court held that Article 301 provides freedom not from all laws but freedom from such laws which restrict or affect activities of trade and commerce among and within the States; and that Article 301 refers to freedom from laws which go beyond regulations which burdens, restricts or prevents the trade movements between states and within states.

Competition Policy is widely recognised as a powerful tool to promote freedom of trade, efficient use of scarce resources, enhance productive efficiency, add to the static and dynamic efficiency of the economy, maximise economic growth and contribute to the welfare of the common man. The basic premise of the National Competition Policy (NCP) is to unlock fuller growth potential of Indian economy, which among other things could also help in tapping the opportunities arising from the demographic dividend in our country. It would seek to inculcate a competition culture across various sectors to induct greater efficiency and dynamism, bringing in innovation and technology, delivering goods and services which are competitive, thus contributing to accessibility for consumers and consumption and thereby accelerating economic development, global competitiveness, unleashing entrepreneurial energy, creating more jobs and opportunities to raise the living standards of people, thus ensuring inclusive growth.

National Competition Policy may also help to promote good governance by transparency, accountability through competing responses and avoidance of rent seeking. It would also have a positive co-relation with other strategic national objectives like employment, R&D efforts and environmental objectives. It also respects the sovereign functions of the State like defence and security etc, and would seek to encourage competition related measures only in matters having economic impact on the market.

In this background, the National Competition Policy will endeavour to:

(a) Preserve the competition process, to protect competition, and to encourage competition in the domestic market so as to optimise efficiency and maximise consumer welfare. This would also make domestic firms competitive globally,

(b) Promote, build and sustain a strong competition culture within the country through creating awareness, imparting training and consequently capacity building of stakeholders including public officials, business, trade associations, consumers associations, civil society etc.,

(c) Achieve harmonisation in policies, laws and procedures of the Central Government, State Government and sub-State Authorities in so far as the competition dimensions are concerned with focus on greater reliance on well-functioning markets,

(d) Ensure competition in regulated sectors and to ensure institutional mechanism for synergised relationship between and among the sectoral regulators and/or the CCI and prevent jurisdictional grid locks,

(e) Strive for single national market as fragmented markets are impediments to competition, and

(f) Ensure that consumers enjoy greater benefits in terms of wider choices and better quality of goods and services at competitive prices.

Taking into account the needs of and priorities for promoting a healthy competition culture the principles of the National Competition Policy are:

(a) Fair market process: Market regulation procedures should be rule bound, transparent, fair and non-discriminatory. Public interest tests are to be used to assess the desirability and proportionality of policies and regulations, and these would be subject to regular independent review.

(b) Institutional separation between policy making, operations and regulation i.e. operations in and regulation of a sector should be independent of the government branch which deals with policy formulation in the sector and is accountable to the Legislature.

(c) ‘Competitive neutrality’, such as adoption of policies which establish a ‘level playing field’ where government businesses compete with private sector and vice versa.

(d) Fair pricing and inclusionary behaviour, particularly of public utilities and intellectual property rights holders, which could be imbued with monopolistic characteristics and a large part of the consumers could be excluded.

(e) Third party access to ‘essential facilities’, i.e. requiring dominant infrastructure owners to grant to third parties access (e.g., electricity, communications, gas pipe lines, railway tracks etc) to their infrastructure on agreed terms and conditions and at regulated prices, aligned with competition principles. Such treatment can be given to intellectual property rights as well if the IPR concerned possesses essential infrastructure characteristics.

(f) Public Policies and programmes to work towards promotion of competition in the market place; and

(g) National, regional and international co-operation in the field of competition policy enforcement and advocacy.

The following initiatives are envisaged to effectively generate a culture of competition and to enhance competition in the domestic markets with the involvement of all the stakeholders:

(a) Several existing policies, statutes and regulations of the Government restrict or undermine competition. A review of such policies, statutes and regulations from the competition perspective will be undertaken with a view to removing or minimising their competition restricting effect.

(b) Proposed policies, statutes or regulations that affect competition should be subject to Competition Impact Assessment.

(c) Where a regulatory regime is justified, it should provide that the principles of competition would be taken into account in the regulation. Regulation needs to be diluted progressively as competition becomes effective in the regulated sector.

(d) The competition authorities need to be functionally autonomous and financially independent.

(e) In order to ensure effective competition, third party access to essential facilities in the infrastructure sector owned by dominant enterprise on reasonable and fair terms should be provided.

(f) Incorporate competition clauses in bilateral and regional trade agreements, which will go a long way in preventing anti-competitive behaviour and potential anti-competitive cross-border conduct.

Tuesday, August 16, 2011

Cyber Security Legal Practice: An Emerging Global Trend

Cyber security legal practice is in its infancy stage world over. There are many reasons for the slow espousal of cyber law and cyber security as a mainstream legal practice in various jurisdictions of the world.

I believe that there are many reasons that are forcing a slow growth of cyber security, digital forensics and other segments of cyber law. Stakeholders like business houses, lawyers, etc must play a more pro active role in this regard.

Businesses and information technology go hand in hand and businesses cannot afford to wait. Businesses need to evolve themselves. Same is equally true for the business attorneys / corporate law firms. A law firm advising its client on all legal aspects minus cyber law would not be protecting the commercial interest of its client completely, since for survival and success of every business today, proper understanding as well as implementation of IT is a must.

The proactive role of cyber law cannot be ignored. The principles of cyber law can equally be used by the lawyers to act proactively while developing new legal practices like cyber due diligence, IT audit, policy formulations etc. These are the requirements which must be followed by every business irrespective of level of immediate threat to them.

Last but not the least, the practice of looking at cyber law from individual’s perspective must end. Cyber security is not just about the precautionary measures of safe browsing or protecting / saving your children from the menace of online pornography or cyber bullying or identity theft. Even the government bodies and institutions need to take care of their cyber law and cyber security requirements. The impact of any cyber threat to them could even be more divesting than any other private player.

All these factors necessitate proper formulation of norms, guidelines and laws that can help in prevention of cyber crime and punishment of the same once they occur.

Cyber Security Laws, Lawyers And Law Firms

Techno legal fields like cyber law, cyber security, cyber forensics, cyber warfare, cyber terrorism, etc were never considered to be a cup of tea for lawyers and law firms. This may be due to many factors like lack of knowledge, absence of suitable cyber security laws, non remunerative nature of techno legal issues, etc.

One positive development that I have recently noted about these techno legal fields is that lawyers and law firms have started exploring the areas like cyber law, cyber security, cyber forensics, etc. Although the number of such lawyers/law firms is negligible yet the growing interest in the techno legal fields would increase such numbers in future.

Further, techno legal issues would also change the way traditional businesses and transactions would be carried out in future. For instance concepts like cyber insurance, online dispute resolution, e-courts, digital evidencing and e-discovery, media forensics, cyber forensics, etc would be very much used in future.

However, technology laws have their own peculiar problem. Cyber laws are generally curative in nature as against the desirable preventive requirements. They are formulated keeping in mind the crimes/cyber crimes that have already taken place instead of what cyber crimes can possibly happen in future. In short, cyber laws must be “futuristic” in nature as against “historical” in their applicability.

A very crucial factor that has resulted in limited growth of cyber law and cyber security practice world over is that we have no internationally acceptable cyber law treaty and international cyber security treaty. For instance, India is not a party to any international cyber law treaty and is thus free to formulate its cyber laws as per its own requirements.

However, the cyber laws due diligence requirements are already well laid down world over, including India. Business houses and companies cannot take these requirements of cyber due diligence casually. Even the Reserve Bank of India (RBI) has asked banks to ensure robust cyber security for their banking transactions. Despite these cyber due diligence and cyber security requirements, companies, banks and organisations are not coming forward to adopt them.

Naturally, with the increase of litigations and disputes only, these stakeholders would come forward to check the legal issues arising out of use of technology by them. Further with an active use of public private partnership (PPP) model by all countries of the world, governments and private players are combining their knowledge and resources to provide better results. Slowly and steadily lawyers and law firms would also joined this PPP model.

With issues like cyber espionage and cyber warfare, the traditional armed forces and legal fraternity are now collaborating upon a very unique platform where lawyers need to have a sound knowledge of both law and technology. It seems the techno legal community alone would be able to dare to explore issues like cyber law, cyber security, etc in future.

Monday, August 15, 2011

Media Forensics In India

Digital Forensics Solutions in India are assuming importance. Whether it is the Corporate World or Government Departments or Legal and Judicial Fraternity, the use of Digital Forensics is increasingly advocated for various purposes in India. However, India has still to cover a long gap before Digital Forensics can be effectively used for various purposes.

Today, Forensics field in the Information and Communication Technology (ICT) related issues has developed many “Specialised Segments” like Digital Forensics, Cyber Forensics, Computer Forensics, Networking Forensics, Media Forensics, etc. These independent and specilaised segments have yet to be incorporated into Indian Laws and Judicial and Legal Proceedings.

Traditionally, Indian courts have dealt with digital or mechanical Evidence in the form of Tape Recorded or Video Evidences. This field has now transformed as Audio/Video Forensics and Media Forensics in India. Now the issue is no more just proving the “Admissibility” of such Tape/Video Recorded Evidence but their proving as a “Scientific Evidence” that requires additional efforts and expertise. Expert Opinions are now sought for matters of Audio and Video Evidences through their “Forensics Analysis”.

Even the Law Firms are now considering issues pertaining to Cyber Law, Cyber Security, Cyber Forensics, etc as potential source of legal assignments. This has changed the very equation of these Techno Legal fields and Law Firms are now playing an active role in the Development of Techno Legal Field.

The process of Media Forensics generally involves the following steps:

(1) Establishing the Legality of Audio/Video Recorded Evidence as per the Law of a Nation,

(2) Authentication and Certification of the Digital Evidence acquired by such Media, and

(3) Admissibility of such Digital Evidence in Courts.

It is very important to maintain a “Chain of Custody” and “Proper Documentation” of the Acquisition of such Digital Evidence and a Media Forensics Professionals must ensure that the Evidence Acquired by him is “Admissible” in a Court of Law.

Sooner or later Media Forensics would become an indispensable part of the Judicial Proceeding in India and establishing “Best Practices” in this regard is a sensible option. Perry4Law Techno Legal Base (PTLB) would come up with the “Best Practices” in this regard very soon.