Wednesday, December 19, 2012

Will E-Books Kill The Bookstores In India?

Electronic books or e-books are fast acquiring the market share of book readers. With innovative and affordable e-book readers, it has now become very easy to purchase and read books in electronic form.

India being one of the most favourite destinations for launching e-books related e-commerce activities, the e-books segment is increasing in India. The e-books publication in India and e-commerce industry is also flourishing when even the non traditional book publishers and sellers are using e-commerce platforms to sell e-books in India. 

The natural question that arises is would this shift towards e-book kill the bookstores in India just like it did in US and UK? There is no second opinion about the fact that e-books would be the norm in future. We cannot postpone the e-books revolution for very long in India. Perhaps within next few years e-books would dominate Indian markets and e-commerce segment.

This has necessitated a strategy making on the part of traditional print based books publishers and distributors. They cannot close their eyes towards this apparent and significant change. In fact, they must already start taking interest in the concept of e-books.

The books publishers and distributors of India must also keep in mind the e-commerce laws and regulations of India. The legal formalities required for starting e-commerce business in India are now well established. However, legal issues in e-commerce in India are still not clear to many national and international e-commerce business houses and entrepreneurs.

For instance, the legal requirements to start an e-commerce website In India are covered by many legislations including information technology act, 2000 (IT Act 2000). However, both national and international e-commerce players are not complying with legal issues of online shopping in India.

Whether e-books would kill traditional print based books/bookstores or not is a question that can be postponed for few years. But what cannot be postponed is formulation of an effective strategy in this regard that is in compliance with Indian laws.

Saturday, November 24, 2012

Cyber Security Capabilities Of India Must Be Strengthened

 
This Article was originally published on 9th February 2012. However, due to DELIBERATE NEGATIVE TACTICS ADOPTED BY GOOGLE, this article was removed by Google despite clear indications that we are the copyright holders and source of original contribution.

Google is engaging in unethical and illegal behavior simply to favour few and working in derogation of others. For complete list of Google’s censorship and negative tactics, kindly visit Websites, Blogs And News Censorship By Google And India.  

Maintaining cyber security at the international level is a tedious task. This is so because cyberspace does not recognises any boundary and cyber attacks can be launched from any part of the world. While cyber attacks upon various computer systems and computer resources are cause of concern yet cyber attacks upon critical infrastructures is of grave concern.

Cyber security in India is at initial stage. Even the information technology act, 2000 (IT Act 2000), which is the sole cyber law of India, does not address the cyber crimes and cyber security issues effectively. We have no dedicated cyber security laws in India and we urgently need a dedicated cyber security legal framework in India.

Meanwhile, India is increasingly facing cyber attacks and cyber threats from foreign nationals. In fact, the cyber laws and cyber security trends of India 2011 by Perry4Law and Perry4Law Techno Legal Base (PTLB) has clearly showed the cyber security vulnerabilities of India. Cyber terrorism against India, cyber warfare against India, cyber espionage against India and cyber attacks against India have already increased a lot. Even the cyber law trends of India 2012 by PTLB have also projected an increased rate of cyber crimes in India and cyber attacks against India in the year 2012.

The biggest cyber threat against India is originating in the form of cyber attacks upon Indian critical infrastructures. Critical infrastructure protection in India requires a well formulated policy. Presently we have no critical infrastructure protection policy of India. Further, critical ICT infrastructure protection in India is one area that requires special attention of Indian government.

Fortunately, Indian government has decided to streamline cyber security of India. The Indian government is in the process of finalising an elaborate plan to strengthen India's cyber security capabilities. A national critical information infrastructure protection centre (NCIPC) of India has also been proposed by Indian government. It intends to ensure critical infrastructure protection and critical ICT infrastructure protection in India.

There are few prerequisites that can make the NCIPC of India successful. Firstly, there must be a centralised ICT command centre of India that can coordinate various cyber security issues. Secondly, specialised agencies and authorities must be constituted for critical infrastructure areas like power, telecom, defense, aviation, etc. These agencies and authorities must coordinate with the centralised command centre for cyber security related issues.

Ministry of communication and information technology (MCIT) has already taken certain initiatives in this regard. For instance, a central monitoring system (CMS) project of India has been launched by MCIT to monitor and intercept electronic communications, messages and information. Further, a national telecom network security coordination board (NTNSCB) of India has also been proposed to strengthen the national telecom security of India.

Now Indian government is planning to step up cyber security protection levels, putting in place real time command-and-control centers and delineating responsibilities among various agencies.

Among the proposals are establishment of dedicated command-and-control centers in India to monitor critical infrastructure in real time, constituting computer emergency response teams (CERTs) for key sectors such as power, aviations, etc and formulation of elaborate protocols for all stakeholders involved in the process of ensuring cyber security in India.

The Cabinet Committee on Security (CS) may approve in a few weeks the multi-layered security plans to protect India's critical infrastructure. The national security advisor (NSA) and the cabinet secretary are working on the final plan.

There would be a clear demarcation of responsibilities between Computer Emergency Response Team-India (CERT-In), National Technical Research Organisation (NTRO), Intelligence Bureau (IB), Military Intelligence (MI) and other agencies that have a role in fighting cyber intrusions. Protocols would be formulated to ensure that there is no overlap between the functions and obligations of various agencies fighting cyber attacks against India. The proposed protocol will also cover department of telecom, department of information technology, National Informatics Centre etc.

Under the proposal, the government will also regularly and proactively monitor and scan critical networks. Not just that, the levels of security for these networks will also be stepped up. CERT-In may also be creating its own real time monitoring centre to strengthen it cyber security initiatives. The responsibility for monitoring critical infrastructure will be divided between NCIPC and CERT-In. The government will also set up dedicated CERT for critical sectors such as power, aviation etc where no such national monitoring mechanism exists.

This is a good step in the right direction and Perry4law and PTLB welcome this move. We also hope that with this the cyber security capabilities of India would be upgraded to the required levels.

Tuesday, November 6, 2012

Cloud Computing Due Diligence In India

Cloud computing around the world is thriving in recognition, but the legal control of this technology is still catching up to its requirements. Nowhere is that more true than in India, where the legal framework for regulation of the cloud computing business needs urgent formulation.

Any business that wants to explore cloud computing must know exactly what is legal and what is not. That’s where we play the decisive role. At Perry4Law, we have been managing cloud computing due diligence and make sure that you are in full compliance with the law before you offer cloud computing to your clients.

The Information Technology Act of 2000 laid the groundwork for due diligence requirements for businesses and stakeholders in the IT industry.  Many of the provisions of the act are relatively stringent, and companies that jump too quickly into cloud computing can find themselves in a jungle of legal issues if they do not perform careful due diligence.

Thus, cyber law due diligence in India cannot be ignored by cloud computing services providers of India. At Perry4Law we have been managing the cyber due diligence for Indian companies on multiple aspects.

One area in particular that has caused headaches for IT companies is privacy. More and more frequent civil proceedings are being initiated as individuals and businesses believe that their privacy rights have been violated, and as cloud computing grows, the potential for even more lawsuits has increased.

We can help your enterprise to navigate the legal framework that currently regulates cloud computing, and also assist you in establishing a best practices model that ensures a rock-solid cloud computing policy for all of your stakeholders.

At Perry4Law, we have our feet on the ground and our head in the clouds–the new practice of cloud computing that is. We can help you to successfully enter this rapidly growing area of technology and make large profits while staying on the right side of the law if you make a request in this regard.

We have also been helping various clients with dispute resolution, competitive intelligence, and recovery of assets to corporations, governments and to private clients, due diligence for Indian companies, providing unrivaled services in India market entry, corporate legal services, intellectual property protection, disputes resolutions, mergers, acquisitions and recovery actions, cyber forensics, cyber security, e-discovery services, etc.

Friday, November 2, 2012

Cyber Security Challenges Of India

The glaring cyber security problems and challenges of India are no more hidden and ignored. Serious cyber security attacks are affecting the critical infrastructure of India. Banks, power infrastructures, satellites, etc are vulnerable to cyber attacks from around the globe.

The national imperatives of securing operational technologies like smart grids, oil and gas, public utilities, etc are too essential to be ignored by Indian government. Today protecting key economic assets like securing financial backbone and stock exchange, payment infrastructures and financial switches is need of the hour. This includes architecting security for new age banking to make them cyber secure. Cyber security of banks in India is still deficient.

The business community must also keep in mind the cyber law due diligence requirements in India. Cyber due diligence for Indian companies is now a statutory obligation and failure to observe cyber due diligence can bring serious legal ramifications. Ensuring business models, technology transformations and channel revolutions in the midst of organised, focused, advanced and persistent cyber threats is not an easy task.

With the growth of enterprise mobility, mobile applications and cloud enablement data driven businesses, techno legal issues have become more prominent. Social networking platforms have further complicated the scenario.
The Internet is truly global in nature and regional and national regulations and efforts cannot bring the desired results. Cyber law and cyber security issues are global in nature. Indian response to international cyber law treaty is not pro active. International cyber law treaty is required to be formulated as soon as possible.

Similarly, cyber security framework must ensure both national responsibility and global accountability. Any cyber diplomacy must congregate both national and international interests to be effective and enforceable. Thus, an international cyber security treaty is required to be formulated as well.

With a growing focus upon electronic delivery (e-delivery) of services in India additional responsibilities of securing technology transformation of governance must be ensured. The e-governance projects of India would bring cyber security challenges for which we need readymade solutions.
           
Similarly, cyber security enablement of growing electronic and mobile commerce would also be required. With the projected increase in volume and growth of commerce and e-commerce in India, cyber security as enabler must be ensured.

The management of consumer rights and business responsibilities in the information age is not an easy task. For instance, the present telemarketing policy of India is anti consumer. Similarly, the telecom dispute resolution process in India is also anti consumer.

The future of cyber security in India is tough to manage. The sooner we start working in this direction on ground level and actual basis the better it would be for the larger interest of India.

Thursday, November 1, 2012

Cyber Law Firms In India

Cyber law firms in New Delhi India are not easy to find. This is because there are only handfuls of cyber law firms in India. Cyber law is essentially a techno legal field that requires a thorough knowledge of both technical and legal aspects.

Cyber law is a complicated subject that requires tremendous expertise to manage. There are very few cyber law firms in New Delhi India and Perry4Law is proud to be one of them. Further, Perry4Law is the exclusive techno legal ICT law firm of India and is the exclusive techno legal cyber law firm of India.

The cyber law expertise of Perry4Law is supported by Perry4Law’s Techno Legal Base (PTLB) that is the leading techno legal platform of the world. PTLB is also managing the exclusive techno legal cyber crime investigation centre of India (CCICI) that is assisting in investigation and solving of cyber crimes in India.

PTLB is also resolving India’s glaring cyber security challenges and strengthening the cyber security environment of India through it exclusive techno legal cyber security research and development centre of India (CSRDCI). Further, the national cyber security database of India (NCSDI) is also a cyber security initiative of PTLB.


As a techno legal ICT law firm we are trying to give cyber law of India a new shape. Further, one area that has recently interested the legal community pertains to cyber security. Although cyber security as a legal field has started gaining attention of foreign lawyers and law firms yet cyber security law firms in India or cyber security lawyers in India are still missing.

If you are interested in our cyber law, cyber security, cyber forensics, e-discovery, e-commerce, intellectual property rights (IPRs), corporate laws, LPO and KPO, e-courts, online dispute resolution (ODR), cyber skills development, cyber law trainings and other techno legal services, you may contact us in this regard.

Monday, October 8, 2012

Techno Legal Initiatives Of Perry4Law And PTLB

Techno legal issues pose special challenges before all nations. This is so because these issues are complex combination of both technical and legal issues. At Perry4Law and Perry4Law Techno Legal Base (PTLB) we have been spearheading many world renowned techno legal initiatives.


Similarly, on the education, trainings and skills development front as well Perry4Law and PTLB have been managing many initiatives. For instance, the exclusive techno legal e-learning in India is managed by PTLB whereas highly specialised and domain specific trainings and education is managed by Perry4Law techno Legal ICT Training Centre (PTLITC).  


We are also discussing important issues pertaining to international ICT policies and strategies. Similarly, techno legal issues are specifically discussed at PTLB blog. We hope these initiatives would prove useful to all stakeholders.

Thursday, October 4, 2012

Cyber Security Research Centre Of India (CSRCI) By PTLB

Cyber security in India is one of the concepts whose time has arrived. India cannot afford to ignore the importance of cyber security for long. In fact, for long cyber security issues have been ignored by India.

At Perry4Law, Perry4Law Techno Legal Base (PTLB) and Perry4Law Techno Legal ICT Training Centre (PTLITC) we believe in the importance and utility of cyber security capabilities for India.

We have been spreading awareness about techno legal issues of cyber security in India for long. Now we have consolidated our initiatives and made them more effective and far reaching.


The CSRCI is also managing the exclusive techno legal cyber security software repository of India. The software repository contains the best and world renowned open source cyber security software.

Perry4Law, PTLB and PTLITC have been using these softwares for their clients, partners and various projects. Further, we are also managing the exclusive techno legal cyber forensics software repository of India on similar lines. 

We hope these rejuvenated and consolidated efforts of Perry4Law, PTLB and PTLITC would prove useful to all stakeholders.

Sunday, September 30, 2012

Cyber Security Skills And Capabilities Development In India

Cyber Security Issues and Challenges in India are now well known. In order to effectively deal with the growing cyber crimes and cyber attacks against India, a national cyber security policy of India is urgently needed.

India needs both offensive and defensive cyber security capabilities. In order to achieve that, we must ensure Cyber Security Skills Development in India. Cyber Security Courses in India must be suitably formulated accordingly and Online Cyber Security Courses must be given more importance.

PTLB provides good and qualitative techno legal cyber law, cyber security, cyber forensics and many more techno legal courses and trainings. Similarly, Perry4Law Techno Legal ICT Training Centre (PTLITC) provides domain specific and highly specilaised cyber law, cyber security, cyber forensics and many more techno legal courses, trainings and educations.

PTLB also provides Online Cyber Security Courses in India and abroad. PTLB e-learning platform is providing courses on cyber law, cyber forensics, cyber security and many more techno legal fields.

If you are interested in cyber security skills development, you may consider enrolling with PTLB. To enroll for any of these courses and trainings, fill in the “Application Form” and send the same to us at the address mentioned therein along with “Prescribe Fees”. See FAQs before applying for courses and trainings scope, nature, duration, fees, etc.

We are working in the direction of cyber security capabilities in India through education, trainings, capacity development, skills development, etc. See the techno legal skills development in India segment for more details.

Tuesday, September 4, 2012

Electronic Delivery (E-Delivery) Of Services In India Is Needed

None can doubt about the utility of Electronic Delivery of Services in India. However, for “Political Reasons”, this essential requirement has always been kept at bay for one reason or other.

Surprisingly lack of financial resources is not the real reason for non adoption of Electronic Delivery of Services in India but it is the absence of “Political Will” to empower the Citizens of India that is the real culprit.

For instance, recently the World Bank signed an Agreement with Indian Government according to which a loan of $150 million was granted to India for Electronic Delivery of Public Services in India. Naturally India cannot afford to loose this loan amount and as a condition precedent to get the benefits of such loan, Electronic Delivery of Public Services in India has to be ensured. Thus, the argument that India lacks financial resources to implement this ambitious initiative is nothing but a false claim.

The truth is that Indian Government does not wish to enact Electronic Delivery of Services Law for India. In these circumstances, E-Delivery of Public Services in India would still take few years as we have no Legal Framework for Mandatory E-Governance in India.

India has forgotten that the proposed E-Delivery of Public Services Development Policy Loan of India has to be utilised through a Policy and Legislative Framework that Indian Government must establish very soon. The E-Delivery of Public Services Development Policy Loan (DPL) Project of India would fail to take effect if either the Electronic Services Delivery Policy of India is not formulated or it is not implemented in a manner that confers Mandatory E-Governance Services in India upon Indian citizens.

In short, there should be a Legal Framework for Mandatory E-Governance in India that provides E-Governance Services to Indian citizens as a “Matter of Right”. If India fails to achieve this task, the World Bank is within its right to seek an explanation from India in this regard. Even the Loan can be Cancelled or Withdrawn by the World Bank in these circumstances.

To ensure E-Delivery of Services in India, Indian Government proposed a Draft Electronic Services Delivery Bill 2011 but it “Failed” to provide Mandatory E-Governance Services in India. If this was not enough, now the Standing Committee on Information and Technology has questioned the very need of such a Legal Framework. It seems the Committee has not been made aware of the “Mandates of Loan” provided by the World Bank.

The Committee is also wrong on at least two counts. The first apprehension of the Committee is that the proposed Law would not provide adequate time for implementation by the States. On the contrary, the proposed Law provided a “Non-Mandatory Mandate” for a very long period of time that can be easily achieved in the present environment and with the existing ICT Infrastructure. In fact, we need to provide “Mandatory E-Governance Services” in India that have been ignored by the proposed Law.

The second argument of the Committee that a separate Law is not required and suitable amendments in the Information Technology Act, 2000 (IT Act 2000), which is the Cyber Law of India, would be suffice is also without merits. By clubbing everything with a “Single Law” that is prone to “Constitutional Attacks” and “Litigations” is a really bad “Policy Decision”. On the contrary, the Cyber Law of India must be repealed and “Separate Laws” must be formulated regarding areas like E-Governance, E-Commerce, etc.

Whatever happened with the proposed Electronic Delivery of Services Bill is really unfortunate that only shows that our own Government is not at all interested in Digital Empowerment of Indian Citizens.

The only good thing about this entire episode is that another “Half Baked” and “Ineffective Law” has been prevented from being enacted that could have proved a remedy worst than the malady. I hope Indian Government would come up with a more Effective, Robust and Holistic Electronic Delivery of Services Legal Framework very soon keeping aside its “Political Interests” and “Inappropriate Apprehensions”.

Friday, August 17, 2012

Cyber Security For Power Energy And Utilities In India

Cyber security challenges for smart grids and utilities in India are not unknown these days. Recently, India's power minister Veerappa Moily constituted a three-member panel to investigate massive power failures in the country a few days before.

Keeping in mind the cyber attack angle, he also added four additional members, including a cyber-security expert in this panel making it a seven member’s panel. It is obvious that India is excluding any possible cyber intrusions and cyber attack upon the power grids that may have resulted in blackout.

Power grids and utilities cyber security in India and their challenges are not easy to manage. They require a systematic, dedicated and security oriented approach on the part of Indian government. In fact, smart meters are becoming headache for power companies world wide.

Cyber security in India is still in its infancy stage. Naturally, the critical infrastructure protection in India is still not upto the mark. In fact, we have no critical ICT infrastructure protection policy of India  as well.

Meanwhile, sophisticated and specially customised malware like Stuxnet and Duqu have already proved that critical infrastructures around the world like power grids, nuclear facilities, satellites, defense networks, governmental informatics infrastructures, etc are vulnerable to diverse range of cyber attacks.

Perry4Law Techno Legal Base (PTLB) strongly recommends that Indian government must ensure cyber security of energy and utilities in India as soon as possible. SCADA may be the new cyber attack priority for cyber criminals and rouge nations. We must ensure sufficient cyber protection of SCADA systems in India in general and critical infrastructure in particular.

Monday, August 13, 2012

India's Cyber Security Challenges

Cyber security issues of India require special attention of Indian government. Indian government has started paying attention to some aspects of cyber security requirements of India. However, we have still to cover a long gap in this direction.

Cyber security challenges in India come from diverse activities and so cyber security in India and its challenges and problems require dedicated efforts by our government. For instance, critical infrastructure protection in India is one of the areas that must be considered on a priority basis. We must also understand the cyber security challenges for the smart grids in India.


We have no critical ICT infrastructure protection policy of India  as well. Sophisticated malware like Stuxnet and Duqu have already proved that critical infrastructures around the world like power grids, nuclear facilities, satellites, defense networks, governmental informatics infrastructures, etc are vulnerable to diverse range of cyber attacks.

Related fields like mobile banking cyber security in India also need to be analysed in depth. As on date we have no implementable mobile governance in India and mobile governance policy in India. Even cyber security of banks in India is not satisfactory at all. Recently, RBI warned Indian banks for inadequate cyber security. Naturally, exploring the option of mobile banking in India is risky in these situations. This is so because mobile banking cyber security in India is missing and mobile banking cyber security is required in India.

The major problem with Indian cyber security initiatives is that India is launching various projects and initiatives without considering their cyber security aspects. This is a bad policy decision as we are launching projects that are affecting our lives that also without adequate cyber security safeguards.

We need a techno legal cyber security policy of India that can tackle the challenges of present cyber attacks and cyber crimes. Such a cyber security policy of India must consider all the abovementioned aspects in detail and ensure both offensive and defensive cyber security capabilities for India.

Thursday, August 9, 2012

Cyber Security Firms, Companies And Consultants In India Must Be Pro Active

Cyber security issues in India have been emerging in India these days. With the growing numbers of cyber crimes in India and cyber attacks against India, we need more cyber security firms, companies and consultants in India.

As on date, we have selective cyber security firms, companies and consultants in India. This is because cyber security is a domain specific field that requires techno legal expertise. As on date techno legal skills development in India are missing. This is so because our educational system in India is defective and there are very few techno legal institutions in India that are providing cyber security trainings in India.

This has also necessitated the growing use of online cyber security courses in India so that the skills development and trainings gap can be minimised in India. Perry4Law and Perry4Law Techno Legal Base (PTLB) have been managing the exclusive techno legal cyber security virtual campus of India that is providing cyber security courses and trainings in India through distance learning and e-learning mode. 

Cyber security in India and its challenges and problems are now well known and it would be in our own interest to develop cyber security capabilities in India. There are numerous cyber security challenges in India that India must be well prepared to tackle in the future.

Presently we do not have strong cyber law and effective cyber security capabilities in India. Further, if we analyse the cyber security reflections the trend is really troublesome. The cyber law, cyber crimes and cyber security trends by Perry4Law and PTLB have shown the loopholes of Indian cyber security capabilities.

Cyber security firms, companies and consultants in India must be pro active towards cyber security. They must develop both offensive and defensive cyber security capabilities so that they can serve India better.

Monday, August 6, 2012

Power Grids Cyber Security In India And Its Challenges

Cyber security issues in India are diverse in nature and they cover a wide variety of areas. Managing cyber security of different areas requires different outlook and extensive expertise. Some areas require tremendous cyber security expertise whereas others require basic level cyber security capabilities. In any case, cyber security capabilities of India must be strengthened so that it can tackle various forms of cyber attacks.

Critical infrastructure protection in India is one area that requires urgent attention of Indian government. Critical infrastructure includes power grids, satellites, defence installations, atomic plants, etc. Most of these critical infrastructures are managed by supervisory control and data acquisition (SCADA) systems.

SCADA generally refers to industrial control systems (ICS) like computer systems that monitor and control industrial, infrastructure, or facility-based processes. The SCADA systems may involve a human machine interface (HMI), a supervisory system managing the processes, remote terminal units (RTUs) interacting with the supervisory systems, programmable logic controller (PLCs) usable as field devices, etc.

SCADA may be the new cyber attack priority for cyber criminals and rouge nations. We must ensure sufficient cyber protection of SCADA systems in India in general and critical infrastructure in particular.

The recent power blackout in India was massive in nature. Although no hints of a cyber attack upon the critical infrastructure and SCADA system was reported yet this may be a possibility in the future. Further, till now we are not even aware that the recent power outrage was due to poor power infrastructure of India or due to any attack upon the SCADA systems managing the power grids, if any.

India's power minister Veerappa Moily has constituted a three-member panel to investigate last week's massive power failures in the country. Now he has added four additional members, including a cyber-security expert in this panel making it a seven member’s panel. It is obvious that India is also not excluding the cyber attack angle as well and is investigating the possibility of any cyber attacks against the power grids of India.

This is a good decision and Perry4Law and Perry4Law Techno Legal Base (PTLB) welcome the same. We also recommend that cyber security of automated power grids of India must be endured.  We hope for the best in this regard.

Cyber Security Issues In India

Of late cyber security in India has been considered essential part of India’s cyber capabilities.  However, India is still not prepared to tackle the menaces of cyber attacks and cyber crimes. This is so because we have neither a strong cyber law nor effective cyber security capabilities in India.

Further, if we analyse the cyber security reflections the trend is really troublesome. The cyber law, cyber crimes and cyber security trends by Perry4Law and Perry4Law Techno Legal Base (PTLB) have shown the loopholes of Indian cyber security capabilities.

Critical infrastructure protection in India is not in a very good shape. We have no critical ICT infrastructure protection policy of India  as well. Sophisticated malware like Stuxnet and Duqu have already proved that critical infrastructures around the world like power grids, nuclear facilities, satellites, defense networks, governmental informatics infrastructures, etc are vulnerable to diverse range of cyber attacks.

The truth is that cyber attacks are affecting Indian critical infrastructure and we are not even aware of the same. Critical infrastructure protection in India is needed as soon as possible.


Another area of lacuna is that we have no implementable mobile governance in India and mobile governance policy in India. Even cyber security of banks in India is not satisfactory at all. Recently, RBI warned Indian banks for inadequate cyber security. Naturally, exploring the option of mobile banking in India is risky in these situations. This is so because mobile banking cyber security in India is missing and mobile banking cyber security is required in India.

There are many cyber security issues in India that have remained unredressed so far. It would be a good option if Indian government starts strengthening various aspects of cyber security in India one by one.

Friday, August 3, 2012

Data Protection Laws In India And Privacy Rights In India

Data protection and privacy rights are two of the most important rights conferred by any civilized nation. Every individual and organisation has a right to protect and preserve her/its personal, sensitive and commercial data and information. This is more so regarding health information and details that is required to be kept secret by laws like Health Insurance Portability and Accountability Act of 1996 (HIPAA) in United States.

India does not have a dedicated law like HIPPA and presently HIPPA compliances in India are not followed. Similarly, we have no dedicated medical privacy law in India that can safeguard the sensitive health related information of the patients. In short, we have no dedicated data protection laws in India, data privacy laws in India and privacy rights and laws in India.  

Of course, we have general laws and some of the provisions of these laws can be applied to data security, data protection and privacy protection in India. However, that is a temporary solution and in the long run we need dedicated privacy rights, privacy laws and data protection laws in India.

Further, in this information technology era a special attention must be paid to the privacy rights in India in the information age. We believe that data protection requirements are essential part of civil liberties protection in cyberspace. With the growing use of information and communication technology (ICT), data protection requirement has become very important. It would not be wrong to assume privacy and data protection rights as integral part of human rights protection in cyberspace.

However, despite the importance of these fields, till now we lack legal frameworks in the fields of data security, data protection and privacy protection. We urgently need to formulate data protection law in India and privacy laws in India. 

At the policy level as well privacy rights and data protection rights have been ignored in India. In fact, an Indian national privacy policy is missing till now. Even legislative efforts in this regard are not adequate in India. A national privacy policy of India is urgently required.

A right to privacy bill of India 2011 has been suggested in the year 2011 yet till now we do not have any conclusive draft in this regard that can be introduced in that Parliament of India. In fact, we are still waiting for a public disclosure of final and conclusive proposed draft right to privacy bill 2011 of India that can be discussed in the Parliament.

The ball is again in the court of judiciary and it has to play a pro active role once again. The Supreme Court of India must expand privacy rights in India as that is the need of hour. Fortunately, the issue is already pending before it and there would not be much trouble in formulating a privacy framework for India.

However, in the ultimate analysis, it is the constitutional duty of Indian Parliament to do the needful in this direction. Indian Parliament must enact sound and effective privacy and data protection laws for India as soon as possible.

Tuesday, July 31, 2012

Natgrid Project Of India Needs Implementation

National Intelligence Grid (NATGRID) of India is a very ambitious Intelligence Gathering and Processing mechanism. NATGRID Project of India has gone through numerous stages and finally it is ready to be rolled out. However, from the very beginning NATGRID Project has not been implemented in a coherent and systematic manner due to internal turf wars and bureaucratic hurdles.

There is no doubt that NATGRID Project of India is of tremendous importance for the National Security of India on the one hand and Law Enforcement and Intelligence Requirements on the others. In fact, NATGRID is an essential part of the Law Enforcement Technologies in India.

NATGRID Project of India is not by itself “Intelligence Related Project” but a Project to facilitate Law Enforcement and Intelligence related inputs. Its purpose is to transform raw intelligence information and inputs in a more meaningful “Intelligence Lead”.

The present times is a time of do or die for NATGRID Project. This is more so when its counterpart Crime and Criminal Tracking Network and Systems (CCTNS) Project of India is performing much better.

Enough time has already been wasted for the implementation of NATGRID Project and it is high time to deliver results. Once this is successfully done, the way to constitute National Counter Terrorism Centre of India would also be clear. I hope and wish that NATGRID Project of India would be operational very soon.

Sunday, July 29, 2012

Cyber Forensics Research Centre In India (CFRCI)

Cyber forensics in India has started gaining momentum. In a similar development, electronic discovery in India (e-discovery in India) has also attracted the attention of Indian community. With the recent interim order of the Supreme Court of India, both litigation and non litigation related legal and para legal services in India can be now practiced by advocates enrolled under the advocate Act, 1961 alone.

This means that even cyber forensics services in India and e-discovery services in India cannot be practices by foreign law firms, non Indian advocates based LPO/KPOs, e-discovery and cyber forensics practitioners, chartered accountants firms, etc. Naturally, the demand for cyber forensics and e-discovery professionals would increase in India.

To meet the growing demands of e-discovery and cyber forensics in India, we need to ensure techno legal skills development in India. At Perry4Law and Perry4Law Techno Legal Base (PTLB) we are trying to fill this gap. PTLB provides basic level techno legal trainings and courses through its techno legal e-learning platform. Similarly, Perry4Law Techno Legal ICT Training Centre (PTLITC) provides domain specific and highly specialised techno legal courses and trainings.

Perry4Law, PTLB and PTLITC are also managing the exclusive techno legal cyber forensics research and training centre of India. More details of the trainings and courses of our platforms are available at PTLB Blog. We are also managing the exclusive techno legal online cyber forensics research centre of India (CFRCI).

We are also managing a repository for cyber forensics software in India that is primarily based upon open source culture. The cyber forensics software repository of Perry4Law, PTLB and PTLITC consists of world renowned cyber forensics tools and software. Further, software for cyber security, e-discovery, reverse malware analysis, anti root kits and malware, network security, wireless security, intrusion detection and prevention, etc are also available.

These software and tools are used for providing basic and domain specific trainings and courses of PTLB and PTLITC. For basic level cyber forensics research and training, we use simple and light weight tools and software. For highly specialised trainings and courses we use world renowned open source tools. We hope our initiative would be useful for all concerned.  

Thursday, July 19, 2012

Technology To Fight Drugs, Human Trafficking And Illicit Networks

Technology has become both a boon and bane. On the positive side technology can be used for efficient delivery of services. However, on the negative side, technology can be used for various sorts of crimes.

The growing cases of cyber attacks and cyber crimes have changed the way we perceived technology till now. Time has come that we must tackle the nuisances created by misuse of technology.

Since Internet is global in nature, it is imperative that all remedial collaborations and actions must also be taken at a global level. Realising this truth, Google and Interpol have decided to utilise technology to fight “illicit networks” around the world.

Using the technology Google and Interpol are planning to fight back against drug cartels, human traffickers, sex workers, child pornographers, etc. Recently Interpol even helped India in tracking child porn surfers. Similarly, the Interpol Global Register (IGR) initiative aims to track illicit goods by verifying products through security features, using the scanning application.

This is a good step taken by Google and Interpol and Perry4Law and PTLB welcome the same. We also believe that Hidden Internet would post tremendous challenges before Google and Interpol in their drive against white color crimes and transborder crimes. It would be a good idea to explore methods to take care of crimes originating at Hidden Internet as well.

Thursday, April 26, 2012

Indo US Cyber Security Relationship Needs Improvements

United States is presently engaged in serious cyber security initiatives at national and international levels. At the national level, the Cyber Intelligence Sharing and Protection Act (CISPA) has been proposed to be enacted. It is claimed that CISPA would boost the cyber security capabilities of US.

However, the US White House has issued a dissenting Statement of Administration Policy on Cyber Intelligence Sharing and Protection Act (CISPA). After reading various media reports and dissenting opinion, one may ponder whether CISPA really a remedy or a bad idea.

Meanwhile, India has its own share of problems. Unable to deal with the technology and foreign technology companies, Facebook, Google, etc may be forced to install servers in India. Even the foreign direct investment (FDI) issues have also been impacted by the national security concerns. FDI in telecom sector of India may be modified by the national security requirements of India.

In the recent past, the India US cyber security cooperation agreement was signed. It was a part of broader India US homeland security dialogue to boost counter terrorism and cyber security capabilities. Similarly, US has already made clear its international strategy for cyberspace. Even the White House is mulling federal cyber security law.

However, international organisations must play a more direct and pro active role to fight cyber crimes. This is more so when we have no universally acceptable international cyber law treaty and international cyber security treaty. This is resulting in conflict of laws in cyberspace and India is getting impatient in this regard.

If US India cyber security cooperation has to be successful, both India and US must sort out many crucial differences. The sooner it is done the better it would be for the interests of both countries.

Statement Of Administration Policy On Cyber Intelligence Sharing and Protection Act (CISPA)

This is the statement issued by the Obama Administration (PDF) regarding proposed Cyber Intelligence Sharing and Protection Act (CISPA). Perry4Law and Perry4Law Techno Legal Base (PTLB) wish to share the same with all the stakeholders.

The Administration is committed to increasing public-private sharing of information about cybersecurity threats as an essential part of comprehensive legislation to protect the Nation's vital information systems and critical infrastructure. The sharing of information must be conducted in a manner that preserves Americans' privacy, data confidentiality, and civil liberties and recognizes the civilian nature of cyberspace. Cybersecurity and privacy are not mutually exclusive. Moreover, information sharing, while an essential component of comprehensive legislation, is not alone enough to protect the Nation's core critical infrastructure from cyber threats. Accordingly, the Administration strongly opposes H.R. 3523, the Cyber Intelligence Sharing and Protection Act, in its current form.

H.R. 3523 fails to provide authorities to ensure that the Nation's core critical infrastructure is protected while repealing important provisions of electronic surveillance law without instituting corresponding privacy, confidentiality, and civil liberties safeguards. For example, the bill would allow broad sharing of information with governmental entities without establishing requirements for both industry and the Government to minimize and protect personally identifiable information. Moreover, such sharing should be accomplished in a way that permits appropriate sharing within the Government without undue restrictions imposed by private sector companies that share information.

The bill also lacks sufficient limitations on the sharing of personally identifiable information between private entities and does not contain adequate oversight or accountability measures necessary to ensure that the data is used only for appropriate purposes. Citizens have a right to know that corporations will be held legally accountable for failing to safeguard personal information adequately. The Government, rather than establishing a new antitrust exemption under this bill, should ensure that information is not shared for anti-competitive purposes.

In addition, H.R. 3523 would inappropriately shield companies from any suits where a company's actions are based on cyber threat information identified, obtained, or shared under this bill, regardless of whether that action otherwise violated Federal criminal law or results in damage or loss of life. This broad liability protection not only removes a strong incentive to improving cybersecurity, it also potentially undermines our Nation's economic, national security, and public safety interests.

H.R. 3523 effectively treats domestic cybersecurity as an intelligence activity and thus, significantly departs from longstanding efforts to treat the Internet and cyberspace as civilian spheres. The Administration believes that a civilian agency – the Department of Homeland Security – must have a central role in domestic cybersecurity, including for conducting and overseeing the exchange of cybersecurity information with the private sector and with sector-specific Federal agencies.

The American people expect their Government to enhance security without undermining their privacy and civil liberties. Without clear legal protections and independent oversight, information sharing legislation will undermine the public's trust in the Government as well as in the Internet by undermining fundamental privacy, confidentiality, civil liberties, and consumer protections. The Administration's draft legislation, submitted last May, provided for information sharing with clear privacy protections and strong oversight by the independent Privacy and Civil Liberties Oversight Board.

The Administration's proposal also provided authority for the Federal Government to ensure that the Nation's critical infrastructure operators are taking the steps necessary to protect the American people. The Congress must also include authorities to ensure our Nation's most vital critical infrastructure assets are properly protected by meeting minimum cybersecurity performance standards. Industry would develop these standards collaboratively with the Department of Homeland Security. Voluntary measures alone are insufficient responses to the growing danger of cyber threats.

Legislation should address core critical infrastructure vulnerabilities without sacrificing the fundamental values of privacy and civil liberties for our citizens, especially at a time our Nation is facing challenges to our economic well-being and national security. The Administration looks forward to continuing to engage with the Congress in a bipartisan, bicameral fashion to enact cybersecurity legislation to address these critical issues. However, for the reasons stated herein, if H.R. 3523 were presented to the President, his senior advisors would recommend that he veto the bill