Sunday, January 29, 2012

Cyber Litigations Against Foreign Websites Would Increase In India

Foreign companies and websites are increasingly facing civil and criminal litigations in India. The main problem seems to be application of foreign laws and standards to Indian conditions that is not desirable. These foreign companies and websites apply standards and norms that are well beyond Indian laws and norms.

There are mainly two reasons for this increase in civil and criminal litigations against such foreign companies and websites. Firstly, many individuals and companies in India are neither aware of foreign laws like Digital Millennium Copyright Act (DMCA) 1998 or/and Online Copyright Infringement Liability Limitation Act (OCILLA) nor they prefer to apply the same in derogation of Indian laws, though rightly.

Secondly, even if some individuals and companies invoke foreign laws procedures like DMCA notices and complaints, foreign websites may or may not comply with the same. We have filed a DMCA notice with Google Incorporation and a legal notice to Google India regarding copyright, trademark and impersonation issues. We are still waiting Google’s action in this regard and this shows that even DMCA compliances are not followed by foreign companies and websites.

These are the reasons why filing of civil and criminal cases in India against such foreign companies and websites is increasing. For instance, companies like Google, Facebook, etc are facing a criminal trial in India for not removing objectionable contents from their sites. In other cases, it appear that these companies are deliberately ignoring and violating Indian laws like copyright law, trademarks law and cyber law of India.

There is no doubt that companies like Google, Facebook, Wordpress, etc must comply with Indian laws. These companies cannot claim that they would keep on deriving financial and other benefits from India and would not respect India’s laws and legal procedures.

We believe that India must take urgent steps so that companies and websites like Google, Facebook, WordPress, etc comply with legal demands as per Indian laws as well. We suggest the following in this regard:

(1) All subsidiary/Joint ventures companies operating in India that deal in information technology and online environment, must mandatorily establish a server in India. Otherwise, such companies and their websites should not be allowed to operate in India.

(2) A stringent liability for Indian subsidiaries dealing in information technology and online environment must be established by laws of India.

(3) More stringent online advertisement and e-commerce provisions must be formulated for Indian subsidiary companies and their websites.

India must formulate alternatives to DMCA notices to Google, Facebook, WordPress, etc so that these companies and websites comply with Indian laws and legal procedures. These companies and websites should not be allowed to hide behind the façade of being subsidiary company and citing conflict of laws.

Legal action against offending foreign websites can be taken in India if they fail to exercise cyber due diligence. In fact, Google, Facebook, Microsoft, Yahoo, etc have already been summoned to personally appear before a criminal court in New Delhi on March 13, 2012. Further, as a measure of last resort, these foreign websites can be blocked in India for not complying with Indian laws.

We hope the Delhi High Court would consider these suggestions while deciding the fate of companies like Google, Facebook, etc on the forthcoming hearing.

Wednesday, January 11, 2012

Mobile Governance And E-Authentication In India

Recently World Bank granted a huge loan to India to ensure suitable policies for ensuring electronic delivery of services in India. The loan has been given under the title electronic delivery of public services development policy loan (DPL) project of India. Naturally, India has to start working in this direction to justify the loan.

For the time being we have no implementable electronic delivery of services policy of India though it may be in pipeline. Indian government is working in the direction of ensuring electronic delivery of services in India. In fact a legal framework titled electronic delivery of services bill 2011 (EDS Bill 2011) has also been proposed by Indian government.

While this is a good step taken by Indian government however the Bill has failed to achieve what was most importantly required from it. We have no legal framework for mandatory e-governance services in India and even the proposed EDS Bill 2011 failed to address this issue. As on date neither the information technology act 2000 (IT Act 2000) nor the EDS Bill 2011 provides a right in the hands of Indian citizens to claim e-governance as a matter of right. Thus, both IT Act 2000 and EDS Bill 2011 have little significance in the field of mandatory e-governance services in India.

As far as mobile governance policy in India the same is missing. We cannot rely much upon m-governance in India till we have a suitable m-governance policy of India. Further, authentication in an online environment plays a crucial role in fixing rights and liabilities through mobile transactions. There is no e-authentication policy of India that is operational at national level.

A good example of use of m-governance in India can be mobile banking. Recently Reserve Bank of India (RBI) removed the ceiling for mobile banking transactions in India. This is a good step but its efficacy is still debatable. When banks in India are not interested in maintaining mobile banking cyber security use of mobile banking may create many problems. Banks in India are not providing positive confirmations of NEFT transactions and expecting cyber security from them is unrealistic. Indian banks are also not following the guidelines of RBI prescribing mandatory cyber security requirements for banks of India.

Now the department of information technology (DIT) is formulating a policy that will enable citizens to authenticate their identities online to access various government services electronically, including through mobile phones. I hope DIT would keep all the abovementioned aspects in mind while formulating the proposed policy.

Wednesday, January 4, 2012

Mobile Banking Cyber Security Is Required In India

Mobile banking in India is moving towards an acceptance level. However, till now very few people and institutions are comfortable in using mobile banking in India. Mobile banking in India is still not popular according to RBI. There are certain shortcomings of mobile banking in India that are still left unaddressed.

For instance, mobile governance in India is still not well established. M-governance in India is essential before mobile banking can be successfully implemented in India. We have no regulatory framework for m-governance in India. Even the proposed electronic delivery of services bill 2011 of India has failed to provide a mandatory legal framework for electronic delivery of services in India, including for mobile banking. In short, India is still not ready for m-governance and cloud computing especially in the absence of dedicated e-commerce laws in India.

Mobile banking in India is risky due to absence of mobile cyber security in India. Further, online banking system of India is not secure. In the absence of adequate cyber security safeguards, e-banking in India is not safe. The cyber security trends in India 2011 have also proved that Internet banking cyber security in India is in poor shape and it needs to be strengthened. Even data security, privacy and cyber security in Indian banking industry is not satisfactory.

Online banking risks in India are increasing and this is also shaking the confidence of customers in the same. Even RBI has acknowledged risks of e-banking in India. ATM frauds in India are increasing. In fact, Reserve Bank of India (RBI) has recently released the report of its working group on securing card present transaction that covers ATM security and credit card security issues as well. Internet banking risks in India cannot be effectively tackled till we have dedicated Internet banking laws in India.

Although an integrated banking law of India has been proposed yet it may take some years before it is actually enacted. In an interesting development, the RBI removed limits from mobile banking transactions limits in India. This is good for the development of mobile banking in India but is bad for the interests of mobile banking customers who have almost no safeguards against cyber crimes and technology assisted financial frauds happening in the mobile banking field.

The cyber law in India has prescribed cyber law due diligence for various stakeholders. Cyber due diligence for banks in India is just a part of the same. Cyber due diligence for Indian companies including banks operating in India is very stringent. However, Indian banks are not following the guidelines of RBI prescribing mandatory cyber security requirements for banks of India. Further, banks are also liable

Even on the policy front, mobile banking has received a bad response form Indian government. For instance, absence of effective encryption laws in India and non use of robust encryption in India has made the mobile security very weak in India. Instead of making the encryption requirements redundant and weak, India must concentrate upon further strengthening the same for better and secure mobile communications. Governments of most developed countries allow the usage of strong encryption standards ranging from 128 bits to 256 bits or more to ensure the security of sensitive information exchanged via Internet and other networks. However, India is still clinging to 40 bits encryption standards for the simple reason that intelligence and security agencies of India are not capable enough to break strong encryptions.

A weak mobile banking infrastructure would also affect other projects and schemes as well. For instance, recently the Securities and Exchange Board of India (SEBI) has declared about its intentions to introduce electronic initial public offer (E-IPO) in India. This is a good step but E-IPO cannot succeed in the absence of strong mobile banking and Internet banking infrastructure. Online payments mechanisms in India must also be suitable strengthened to make such proposals workable.

India must give these considerations some serious thoughts if it wishes to encash the benefits of technology. Otherwise, concepts like Internet banking and mobile banking are more nuisance than luxury in India.

Sunday, January 1, 2012

Cyber Laws And Cyber Security Trends In India 2011

Cyber law in India and cyber security in India was all over the news in the year 2011. However, they were in the news for the wrong reasons. Incidences of increased cyber crimes and cyber attacks were reported from time to time in India. The cyber law trends in India 2011 and cyber security trends in India 2011 were not promising at all but we can expect better results in the year 2012.

Many crucial issues pertaining to cyber law, cyber security, Internet censorship, websites blocking, social media control, cyber law due diligence, social media due diligence, corporate cyber law due diligence, enhanced banking due diligence, Internet intermediaries liability, phone tapping, etc took place in India in 2011. Collectively they pointed towards a negative approach on the part of Indian government.

Similarly, initiative towards strengthening of information and communication technology (ICT) usages in India also proved lack of insight and proper management. For instance, the proposed electronic delivery of services bill 2011 (EDS Bill 2011) failed to address the crucial issues like mandatory e-governance services in India.

Crucial issues like electronic discovery (e-discovery) in India, use of cyber forensics in India, establishment of e-courts in India, use of online disputes resolution (ODR) in India, formulation of critical ICT infrastructure protection policy in India, formulating implementable cyberspace crisis management plan of India, formulating dedicated and suitable e-commerce laws in India, enacting whistleblowers protection laws in India, etc have still to be addressed by Indian government.

On the positive side, the Reserve Bank of India (RBI) tried to streamline the cyber security infrastructure of Indian banks. It made appointment of chief information officers (CIOs) mandatory in banks of India. But all such initiatives of RBI proved futile as cyber security in Indian banking sector is still missing. For instance, online banking systems in India are still insecure. Internet banking cyber security in India is still missing. ATM frauds in India are still in abundance.

An integrated modern banking law of India is in pipeline and that may establish the cyber law and cyber security due diligence for banks in India. In fact, mobile banking transactions in India have already been liberalised. However, mobile governance policy of India is still missing.

On the corporate front, financial frauds and cyber crimes in Indian companies are increasing. However, corporate IT frauds and cyber crimes investigations in India are still maturing. Although attempts to strengthen the corporate laws of India were made in the form of introduction of Indian companies bill 2011 in the Parliament yet the same could not see the light of the day. Also, the bill gave statutory recognition to the Serious Fraud Investigation Office (SFIO) that was expected to give wider powers to investigate corporate frauds and white color crimes. This proposal is also postponed for the time being.

Reports of violation of human rights in cyberspace by Internet intermediaries like Google, Facebook, etc were also made. Concerns regarding Facebook emerging as the worst e-surveillance serving platform also expressed. Reports of Facebook engaging in censorship of its users account were also surfaced.

Incidences of manipulation of Blogspot blogs by negative SEO and competitors were also reported. Similarly, apprehensions regarding manual action penalty and censorship by Google were also raised.

Research in motion’s (RIM) Blackberry messenger services in India have now become an e-surveillance tool. However, this arrangement does not extend to the enterprise Virtual Private Network (VPN) solution, provided through the Blackberry Enterprise Server (BES) product.

Overall the year 2010 saw the cyber law, cyber security and civil liberties protection in Indian cyberspace in bad light. Perry4Law and Perry4Law Techno Legal Base (PTLB) hope the year 2012 would bring positive and reformative changes in this regard.