Thursday, June 30, 2011

Legal Issues Of New GTLDs Applications And Registrations

Internet Corporation for Assigned Names and Numbers (ICANN) has recently approved allotment of new generic top level domain names (new gTLDs). With this brand and trademark owners can now register their brands and trademarks as the gTLDs.

However, this process would also witness many techno legal issues as well. Issues of cyber squatting and domain names violations, brands violations, trademark violations, ensuring security of new gTLDs, etc may arise. Further, many unforeseen challenges that cannot be anticipated and warned against may also arise in future.

If a person or organisation thinks that the filing of a gTLD application would be an easy task he/it would be greatly surprised. ICANN is in no mood of allowing “casual filing” and only the applicants “proving bonfide claims” would be granted the new gTLDs.

Firstly, the application form itself is very bulky that requires a techno legal analysis. Since the fees of US $ 1, 85,000 is a big one, no organisation or individual would like to go it waste. If the application for gTLDs is not properly filed after taking care of various technical and legal aspects, it may be rejected by ICANN. Further, an incomplete or weak application may also face “opposition proceedings” subsequently

In short, with an increase in new gTLDs registrations, issues like domain names protection, brands protection, trademarks protection, cybersquatting disputes resolution, cyber law compliances, cyber security requirements, cyber due diligence, etc would also arise. Brand owners and trademark owners must prepare their “strategy” in this regard well in advance.

The new gTLDs application process would start from 12 January 2012 to 12 April 2012. Brand owners and trademark owners need to ensure “due diligence” in this regard as soon as possible as that would give them additional time to ensure that their applications are accepted. ICANN is also planning a global outreach policy to raise awareness in this regard.

Perry4Law and Perry4Law Techno Legal Base (PTLB) believe that applying for and getting a new gTLDs requires well planned techno legal strategy. A company or individual desiring to apply for the same need to analyse all the possible strengths and weaknesses of his application well in advance. While the strengths must be further improved special work need to be done upon the weakness of such future application. Perry4Law and PTLB wish all the best to future gTLDs applicants.

Dr. Manmohan Singh Must Analyse Aadhar Project In Detail

Recently Prime Minister (PM) of India Dr. Manmohan Singh has taken a strong stand against the campaign that has labeled him as a soft target and weak PM. While reiterating that he is not a lame duck he clarified that all the bad things that this Government has done, he accepts full responsibility.

Of course, this statement and stand shows him as a man of Integrity, Honesty and Strength. He is also serious about the negative impression that has been created in the recent past. However, is it wise on his part to take responsibilities “subsequent to” the happening of wrong events and decisions?

For instance, take the Aadhar Project of India. According to Dr. Singh we need system reforms. Dr. Singh maintains that if the Project Nandan Nilekani has promised to design, if the UIDAI can give unique ID numbers to all our residents, we would have discovered a new pathway to eliminate the scope for corruption and leakages in the management and distribution of various subsidies to which our people are entitled. But it will take time. It cannot be done instantly.

Here lies the real problem. The Prime Minister’s Office (PMO) in general and Dr. Singh in particular are too optimistic about the Aadhar Project that they cannot see the troubles waiting for us due to this Project. Neither the Aadhar Project nor the UIDAI are supported by any “Legal Framework” and are well beyond the Parliamentary Oversight.

In fact, the recent events have clearly proved that Aadhar Project and UIDAI are portraying themselves as a part of Welfare Scheme but in reality they are Nefarious and Unconstitutional in nature.

Dr. Singh must have at least ensured “Constitutionally Sound Legal Framework” for Aadhar Project and UIDAI and inbuilt “Procedural Safeguards” so that Aadhar Project may not be misused as a Big Brother Project. However, he did not prefer to do so. On the contrary, he is actively supporting the Aadhar Project and UIDAI.

A “Strong” Prime Minister would never let this happen because sooner or later the Truth of Aadhar Project and UIDAI would be out and in such eventuality he may proved to be wrong one again. Even if apologises and takes full responsibility of such failed and Unconstitutional Project, it would not make much difference.

The true strength is to question the “Wrong Thing” in advance and apologising or taking responsibility of the same subsequently does not show the metal. I hope our “Learned, Honest and Strong PM Dr. Manmohan Singh” would consider this aspect as well.

Public Records Act 1993 And IT Act 2000 Mandates

Information Technology Act, 2000 (IT Act, 2000) is the sole Cyber Law of India. It deals with E-Commerce, E-Governance, Cyber Crimes, etc. It also provides a “Digital Framework” for ensuring Digitilisation, Electronic Documents Creation and their use in Government Departments. This “Research Report” of Perry4Law and Perry4Law Techno Legal Base (PTLB) is briefly analysing the relationship between IT Act, 2000 and Public Records Act, 1993 (PRA 1993).

Section 2 of IT Act, 200 deals with definitions that are relevant for PRA 1993 purposes. Section 2(1) provides that in this Act, unless the context otherwise requires:

(i) "Access" with its grammatical variations and cognate expressions means gaining entry into, instructing or communicating with the logical, arithmetical, or memory function resources of a computer, computer system or computer network.

(ii) "Affixing Electronic Signature" with its grammatical variations and cognate expressions means adoption of any methodology or procedure by a person for the purpose of authenticating an electronic record by means of Electronic Signature.

If documents are issued by NIA in electronic form, they have to be authenticated by using electronic signatures. Unauthenticated electronic documents would not create any right or liability either under the IT Act, 2000 or under the PRA 1993.

(iii) "Asymmetric Crypto System" means a system of a secure key pair consisting of a private key for creating a digital signature and a public key to verify the digital signature.

Digital Signatures are based upon Asymmetric Crypto System and they can be used for “Authentication Purposes” by NAI.

(iv) "Computer" means any electronic, magnetic, optical or other high-speed data processing device or system which performs logical, arithmetic, and memory functions by manipulations of electronic, magnetic or optical impulses, and includes all input, output, processing, storage, computer software, or communication facilities which are connected or related to the computer in a computer system or computer network.

(v) "Cyber Security" means protecting information, equipment, devices, computer, computer resource, communication device and information stored therein from unauthorised access, use, disclosure, disruption, modification or destruction.

Cyber Security is an issue that is of “Paramount Importance” for the NAI. When Digitilisation and Digital Preservation would be adopted by NAI, Electronic Documents and Digital Resources would be required to be protected from Cyber Attacks. A Techno Legal Strategy must be formulated by NAI in this regard.

(vi) "Data" means a representation of information, knowledge, facts, concepts or instructions which are being prepared or have been prepared in a formalised manner, and is intended to be processed, is being processed or has been processed in a computer system or computer network, and may be in any form (including computer printouts magnetic or optical storage media, punched cards, punched tapes) or stored internally in the memory of the computer.

(vii) "Digital Signature" means authentication of any electronic record by a subscriber by means of an electronic method or procedure in accordance with the provisions of section 3.

(viii) "Electronic Form" with reference to information means any information generated, sent, received or stored in media, magnetic, optical, computer memory, micro film, computer generated micro fiche or similar device.

(ix) "Electronic Record" means data, record or data generated, image or sound stored, received or sent in an electronic form or micro film or computer generated micro fiche.

(x) "Electronic signature" means authentication of any electronic record by a subscriber by means of the electronic technique specified in the second schedule and includes digital signature.

(xi) "Information" includes data, message, text, images, sound, voice, codes, computer programmes, software and databases or micro film or computer generated micro fiche.

(xii) "Intermediary" with respect to any particular electronic records, means any person who on behalf of another person receives, stores or transmits that record or provides any service with respect to that record and includes telecom service providers, network service providers, internet service providers, web hosting service providers, search engines, online payment sites, online-auction sites, online market places and cyber cafes.

(xiii) "Key Pair", in an asymmetric crypto system, means a private key and its mathematically related public key, which are so related that the public key can verify a digital signature created by the private key.

(xiv) "Private Key" means the key of a key pair used to create a digital signature.

(xv) "Public Key" means the key of a key pair used to verify a digital signature and listed in the Digital Signature Certificate.

(xvi) "Secure System" means computer hardware, software, and procedure that-

(a) Are reasonably secure from unauthorised access and misuse;

(b) Provide a reasonable level of reliability and correct operation;

(c) Are reasonably suited to performing the intended functions; and

(d) Adhere to generally accepted security procedures.

(xvii) "Security Procedure" means the security procedure prescribed under section 16 by the Central Government.

(xviii) "Verify" in relation to a digital signature, electronic record or public key, with its grammatical variations and cognate expressions means to determine whether:

(a) The initial electronic record was affixed with the digital signature by the use of private key corresponding to the public key of the subscriber;

(b) The initial electronic record is retained intact or has been altered since such electronic record was so affixed with the digital signature.

Section 2 (2) of the IT Act, 2000 provides that any reference in this Act to any enactment or any provision thereof shall, in relation to an area in which such enactment or such provision is not in force, be construed as a reference to the corresponding law or the relevant provision of the corresponding law, if any, in force in that area.

Section 4 of the IT Act, 2000 provides Legal Recognition to Electronic Records. It says that where any law provides that information or any other matter shall be in writing or in the typewritten or printed form, then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied if such information or matter is

(a) Rendered or made available in an electronic form; and

(b) Accessible so as to be usable for a subsequent reference

Section 5 of the IT Act, 2000 provides legal recognition to Electronic Signature. It says that where any law provides that information or any other matter shall be authenticated by affixing the signature or any document should be signed or bear the signature of any person then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied, if such information or matter is authenticated by means of digital signature affixed in such manner as may be prescribed by the Central Government.

Explanation to section 5 provides that for the purposes of this section, "Signed", with its grammatical variations and cognate expressions, shall, with reference to a person, mean affixing of his hand written signature or any mark on any document and the expression "Signature" shall be construed accordingly.

Section 6 of the IT Act, 2000 deals with use of Electronic Records and Electronic Signature in Government and its agencies. Section 6(1) of the Act provides that where any law provides for

(a) The filing of any form, application or any other document with any office, authority, body or agency owned or controlled by the appropriate Government in a particular manner;

(b) The issue or grant of any licence, permit, sanction or approval by whatever name called in a particular manner;

(c) The receipt or payment of money in a particular manner, then, notwithstanding anything contained in any other law for the time being in force, such requirement shall be deemed to have been satisfied if such filing, issue, grant, receipt or payment, as the case may be, is effected by means of such electronic form as may be prescribed by the appropriate Government.

Section 6(2) of the Act provides that the appropriate Government may, for the purposes of sub-section (1), by rules, prescribe -

(a) The manner and format in which such electronic records shall be filed, created or issued;

(b) The manner or method of payment of any fee or charges for filing, creation or issue any electronic record under clause (a).

Section 6A (1) of the IT Act, 2000 provides that the appropriate Government may, for the purposes of this Chapter and for efficient delivery of services to the public through electronic means authorise, by order, any service provider to set up, maintain and upgrade the computerised facilities and perform such other services as it may specify, by notification in the Official Gazette.

The Explanation to Section 6A (1) of the IT Act, 2000 provides that for the purposes of this section, service provider so authorised includes any individual, private agency, private company, partnership firm, sole proprietor form or any such other body or agency which has been granted permission by the appropriate Government to offer services through electronic means in accordance with the policy governing such service sector.

Section 6A of the IT Act, 2000 reflects the intention of Indian Government to provide Electronic Services Delivery in India. In fact, Electronic Services Delivery Bill, 2011 has already been proposed and if implemented would ensure many Electronic Services to Indians.

NAI must start working in the direction of providing its Service Online, if not already done. Even the non-service related matters and matters pertaining to the NAI are already required to be provided online in an Electronic Form as per the requirements of Section 4(1) of the RTI Act, 2005.

Section 7 of the IT Act, 2000 deals with retention of electronic records. Section 7(1) of the Act provides that where any law provides that documents, records or information shall be retained for any specific period, then, that requirement shall be deemed to have been satisfied if such documents, records or information are retained in the electronic form, if-

(a) The information contained therein remains accessible so as to be usable for a subsequent reference;

(b) The electronic record is retained in the format in which it was originally generated, sent or received or in a format which can be demonstrated to represent accurately the information originally generated, sent or received;

(c) The details which will facilitate the identification of the origin, destination, date and time of dispatch or receipt of such electronic record are available in the electronic record.

The Proviso to Section 7 (1) provides that this clause does not apply to any information which is automatically generated solely for the purpose of enabling an electronic record to be dispatched or received.

NAI can convert its Records and Public Records into Electronic Form. Digital Preservation of Records or Public Records can also be done by NAI. While current records can be digitilised non current records can be digitilised and made available to public and researchers as the Electronic Services by NAI.

Section 7(2) of the Act provides that nothing in this section shall apply to any law that expressly provides for the retention of documents, records or information in the form of electronic records.

For instance, the RTI Act, 2005 provides for creating of many records in digital form and available to the public in an online environment. Similarly, the proposed Electronic Services Delivery Bill 2011 also requires providing of Services in online environment. This would also require digitilisation of Records and Public Records by NAI.

Section 7A of the IT Act, 2000 provides that where in any law for the time being in force, there is a provision for audit of documents, records or information, that provision shall also be applicable for audit of documents, records or information processed and maintained in electronic form.

Audit of Electronic Documents would also be undertaken in future. Just like NAI has to maintain proper paper based documents, it would be required to main proper Electronic Records as well.

Section 8 of the IT Act, 2000 provides that where any law provides that any rule, regulation, order, bye-law, notification or any other matter shall be published in the Official Gazette, then, such requirement shall be deemed to have been satisfied if such rule, regulation, order, bye-law, notification or any other matter is published in the Official Gazette or Electronic Gazette.

The proviso to section 8 provides that where any rule, regulation, order, bye-law, notification or any other matters published in the Official Gazette or Electronic Gazette, the date of publication shall be deemed to be the date of the Gazette which was first published in any form.

NAI can publish its Rules, Regulations, etc in Electronic Gazette.

Section 9 of the IT Act, 2000 provides that Sections 6, 7 and 8 would not to confer right to insist document should be accepted in electronic form. Section 9 says that nothing contained in sections 6, 7 and 8 shall confer a right upon any person to insist that any Ministry or Department of the Central Government or the State Government or any authority or body established by or under any law or controlled or funded by the Central or State Government should accept, issue, create, retain and preserve any document in the form of electronic records or effect any monetary transaction in the electronic form.

This is a real “Disabling Provision” that is preventing the actual accomplishment of Electronic Services Delivery in India. By making it “Discretionary” India Government has kept at bay for long the Electronic Delivery of Services to Indians. The latest proposed Electronic Services Delivery Bill 2011 addresses a very small and insignificant portion of the Electronic Delivery of Services in India and till now Electronic Services cannot be claimed as a “Matter of Right”.

However, by virtue of RTI Act, 2005 “Providing Information” about Governmental Departments in Electronic Form has been made “Compulsory”. But till now there is no Law or Provision that makes Delivery of Electronic Services Mandatory in India. This is a “Serious Issue” that must be resolved as soon as possible.

Section 11 of the IT Act, 2000 deals with attribution of Electronic Records. Section 11 says that an electronic record shall be attributed to the originator

(a) If it was sent by the originator himself;

(b) By a person who had the authority to act on behalf of the originator in respect of that electronic record; or

(c) By an information system programmed by or on behalf of the originator to operate automatically.

There may be other provisions of IT Act, 2000 that may be relevant for NAI and PRA 1993 purposes. But for the time being, they are not mandatory in nature. We hope this “Research Report” by Perry4Law and PTLB would be useful for Government Departments in general and national archives of India in particular.

Wednesday, June 29, 2011

Regulatory Framework For Cloud Computing In India

The proposal to use of cloud computing in India has raised many regulatory and security concerns. Without meeting these regulatory and security concerns, software as a service (SaaS) and cloud computing should not be used in India. In fact, cloud computing in India must be techno legal in nature and till it meets the techno legal requirements, it should not be used in India.

Before using cloud computing in India we must ask few questions to ourselves. These include what are the regulatory frameworks required for successful cloud computing, how the security concerns need to be addressed, what are the legal frameworks for multi jurisdictional cooperation, and what are the quality of service (QoS) parameters for effective cloud service.

Besides regulatory framework for cloud computing in India we must also ensure high availability levels, appropriate data erasing mechanisms, data privacy at the service provider’s level, export restrictions upon data, data handling monitoring mechanisms, jurisdictional issues, cloud computing security issues, licensing issues for cloud computing, etc.

Till now we have no cloud computing policy of India. There is no cyber security in India and even cyber security policy of India is missing. There is no privacy law in India. There is no data protection law in India. And there is no data security law in and cyber security law in India. In short, there is no legal framework for cloud computing in India at all.

Fortunately, stakeholders have openly supported the need of regulatory framework for cloud computing in India. With an increasing pressure the Indian government may consider formulating a legal framework for cloud computing in India. The sooner it is done the better it would for all the stakeholders concerned.

Tuesday, June 28, 2011

Electronic Services Delivery And Public Records Act 1993

The Electronic Services Delivery Bill 2011(ESDB 2011) is a very recent Bill proposed by the Ministry of Communication and Information Technology (MCIT). The Bill has been revised twice and it may still not be the final Bill. However, sooner or later ESDB 2011 would be made an “Enforceable Law” and various “Stakeholders” would be required to comply with the same.

One such Stakeholder is the National Archives of India (NAI), a Department attached to the Ministry of Culture. Once the ESDB 2011 comes into force, NAI and similar Departments/Institutions would be required to adjust their functioning as per the mandates of the Bill. This is not an easy task and it would require great foresight and planning to shift to an Electronic Frontier and an early planning and execution is strongly recommended by Perry4Law and Perry4Law Techno Legal Base (PTLB).

Many National Archives and Public Records related Services would be required to be provided in an “Online Environment” and through “Electronic Means” in future. This is more so due to the applicability of Public Records Act, 1993 (PRA), Information Technology Act, 2000, Digital Preservation Requirements and Electronic Services Delivery by NAI.

For instance, Section 4 of the PRA 1993 prohibits taking out of India any public record without the prior approval of Central Government. Section 9 punishes the violations under section 4 with imprisonment upto 5 years or with fine upto Rs. ten thousand rupees or with both. When Public records would be converted into “Electronic Form”, they can be easily transferred from one nation to another. NAI needs to take care of this issue through Legal and Technical means, i.e., in a Techno Legal Manner.

Further, NAI may be required to make available Public records U/S 11(2) or any record creating agency may be required to provide access to the same U/S 12(2) of the PRA 1993. These services can be provided in “Electronic Form” for larger efficiency and meeting the requirements of any “Mandatory” Electronic Services Delivery.

NAI would also be required to ensure Digitilisation and Digital Preservation due to the requirements of this Bill. Till now, Section 9 of the IT Act, 2000 was preventing Citizens of India from demanding Electronic Services as a matter of Right. Now things would be changed and Electronic Services Delivery would be demanded by Indian citizens.

We recommend that NAI and other Government Departments must pay sufficient attention towards Digital Preservation and maintenance of Electronic Records in their respective Departments.

Monday, June 27, 2011

E-Discovery Laws And Practices In India

Electronic discovery or e-discovery is a crucial component of corporate management, litigation services, response management, cyber security and so on. E-discovery is used for multiple purposes and by varied organisations and individuals these days.

E-discovery has many purposes to achieve. It can be used as an effective measure to prevent frauds from being committed by timely detection of suspicious activities. It can also be used for detection of these frauds and crimes after their commission. Thus, e-discovery is both preventive and curative in nature. However, despite the significance of this field, e-discovery in India has yet to get attention of Indian companies, individuals and law firms of India.

Even on the front of legal framework we have no e-discovery laws in India as well as e-discovery regulations in India. This is despite the fact that e-discovery is an important part of outsourcing industry of India. This has lead to a limited growth of e-discovery related legal process outsourcing (LPO) and knowledge process outsourcing (KPO) firms and organisations in India. There are very few firms in India that are providing e-discovery related LPO and KPO services in India.

At Perry4Law and Perry4Law Techno Legal Base (PTLB) we understand the importance of e-discovery solutions and litigation services to various organisations and individuals. In fact, PTLB is the exclusive institution that is providing techno legal e-discovery related solutions and litigation services. We consider both technical as well as legal aspects of e-discovery and digital evidencing in depth so that acquired information has “probative and evidentiary value”.

E-discovery should never be a simple discovery but it must be undertaken in such a manner that it meets the requirements of “admissibility” in a court of law. Many times e-discovery is not done properly and this results in the evidence acquired being held inadmissible by the courts.

Before hiring the services of a law firm, be sure to ensure that it has techno legal expertise to manage your e-discovery related assignment.

Legal Framework For E-Governance In India

Electronic governance in India (e-governance in India) is still at its infancy stage. Most of the e-governance projects of India under the national e-governance plan (NEGP) are still in the pipeline despite the deadline being passed long before. This is despite the fact that thousand of crores of public money has already been utilised for e-governance projects of India but without any constructive and practical results.

Meanwhile, the World Bank has once again issued $ 150 million loan to India. It has been issued under the category of e-delivery of public services development policy loan of India. The purpose of the loan is to ensure e-services delivery policy in India that is presently missing.

However, what is more alarming is the fact that in India we have no legal framework for e-governance that can ensure mandatory e-governance services in India. Although the information technology act 2000 carries provisions pertaining to e-governance services in India yet they are “non mandatory” in nature. This has resulted in a poor e-governance services delivery in India. Till now we have no legal framework that mandates that citizens and organisations can claim e-governance as a matter of right.

Further, the scope of NEGP is very wide covering almost all aspects of governance - right from delivery of services and provision of information to business process re-engineering within the different levels of government and its institutions. It is essential that NGP is implemented, monitored and regulated through a legal framework so that it is no more just a plan but reality.

In fact, while implementing the NEGP, various structural and institutional issues have already arisen which clearly call for a statutory mandate for their resolution. The purpose would be to give statutory mandate to the institutional entities, setting up of a separate fund, defining responsibilities and providing for time frames and oversight mechanisms. Thus, this legislation may, inter alia, contain provisions regarding the following:

(a) Definition of e-governance in the Indian context, its objectives and role,

(b) Coordination and oversight mechanisms, support structures at various levels, their functions and responsibilities,

(c) Role, functions and responsibilities of government organisations at various levels,

(d) Mechanism for financial arrangements including public-private partnership,

(e) Specifying the requirements of a strategic control framework for e-government projects dealing with statutory and sovereign functions of the government,

(f) Responsibility for selection and adoption of standards and inter-operability framework,

(g) Framework for cyber security, privacy protection, data security and data protection etc,

(h) Parliamentary oversight mechanism, and

(i) Mechanism for co-ordination between government organisations at Union and State levels.

Sunday, June 26, 2011

E-Delivery Of Public Services Development Policy Loan Of India

E-Delivery of Public Services is the testing bed for any successful E-Governance Project. If essential Public Services cannot be delivered through use of Information and Communication Technology (ICT), there is no successful E-Governance implementation.

In India as well essential Public Services are still not successfully integrated with ICT and E-Governance has to cover a long distance before it becomes successful in India. India’s ranking in E-Readiness and E-Governance is declining year after year and India is still not bothered about this fact.

This situation does not “Justify” the usage of crores of public money on E-Governance Projects in India when there are no “Results” of such huge spending. The Government of India (GOI) and the World Bank recently signed another Loan Agreement of $150 million for the E-Delivery of Public Services Development Policy Loan under the National E-Governance Plan (NEGP) of India.

However, even this loan would not change the position in India till we have a “Mandatory E-Governance Legal Framework” in India. The Information Technology Act 2000 is the sole Cyber Law of India that carries few provisions pertaining to E-Governance as well. However, The IT Act 2000 has made E-Governance in India “Non Mandatory” and here lies the whole problem.

If we do not make E-Governance Mandatory and we do not lay down “Deadlines” till which E-Governance Infrastructure must be established in India, public money would be wasted for ever. It is high time for India to ensure Mandatory E-Governance Services in India through a Legal Framework.

The Government and Indian Bureaucrats need to change their mindset and stress more upon “Outcomes and Services” rather than mere ICT procurement. India needs a “Services-Based Approach” that is not only Transparent, Accountable and Legal but also backed by a more efficient and willing Government. Presently the Bureaucrats and Government of India are in a “Resistance Mode” towards novel and effective E-Governance Policies and Strategies and they are merely “Computerising” traditional official functions only. This is benefiting neither the Government nor the citizens and is resulting in wastage of thousands of crores of public money and loans amount of United Nations Development Programme (UNDP) and World Bank.

The Governmental will and leadership is missing in India. To worsen the situation the Government of India is concentrating more upon the image rather than upon the end results. The grassroots level action is missing and the benefits of ICT are not reaching to the under privileged and deserving masses due to defective ICT Strategies and Policies of Indian Government. India is suffering from the “Vicious Circle” of defective E-Governance, as the basic input .i.e. governance itself is poor. India needs a “Virtuous Circle” of E-Governance through “Good Governance” that would have multiplication and amplification effect upon E-Governance efforts of Indian Government.

Some have even alleged that E-Delivery of Public Services in India is missing and World Bank is not at all interested in establishing Transparency and Accountability in Indian NEGP. World Bank must ensure accountability of Indian NEGP in order to show that its Loans are actually meant for growth and development of Indian masses rather than benefiting few Politicians and Bureaucrats as is happening right now.

Meanwhile, India must seriously consider formulating a Mandatory E-Governance Legal Framework that is not only Transparent but also Accountable. Further, if time limits are not set to achieve Mandatory E-Governance Services in India, all other efforts would fail. Let us see how “Serious” our Indian Government is regarding providing Mandatory E-Governance Services in India.

Human Rights Protection In Indian Cyberspace

A few years back talking of human rights in cyberspace was seen with skepticism. Now people around the world are more concerned and aware of their human rights in cyberspace.

Surprisingly, United Nations has still not considered human rights issues of cyberspace though it has recently announced that access to Internet is a human right. United Nations must seriously consider protection of human rights in cyberspace as soon as possible as nations across the world are becoming more and more oppressive and endemic e-surveillance oriented.

While United Nations has declared that access to Internet is Human Rights yet Indian government is well committed to deny not only this human rights but also all other possible human rights in cyberspace.

For instance, projects like national intelligence grid (Natgrid), central monitoring system project of India (CMS), centre for communication security research and monitoring (CCSRM), Aadhar project of India, crime and criminal tracking network and systems (CCTNS), national counter terrorism centre (NCTC), etc have no “procedural safeguards” and they are violating human rights and fundamental rights in their “present form”.

These projects have been launched without any legal framework and parliamentary oversight. Further, even the most “basic laws” like data protection Laws, data security laws, privacy laws, etc are missing in India.

United Nations must urgently step in to formulate an international treaty on protection of human rights in cyberspace. If UN maintains its indifferent attitude, draconian laws like the cyber law of India keep on surfacing.

Saturday, June 25, 2011

The E-Waste (Management And Handling) Rule Of 2011 Of India

We have no e-waste laws and regulations in India. In fact, for long e-waste laws and regulations have been ignored in India. Tons of e-waste has been imported and dumped into India for the past decade. This has made India, especially, New Delhi, a dumping ground for e-waste disposal.

Finally, Indian government has woken up to the nuisance of e-waste in India. It has been reported that the E-waste (Management and Handling) Rule of 2011 has been enacted by the Ministry of Environment and Forest as part of the Environment Protection Act of India.

However, the e-waste rules are not applicable with immediate force. The rules would take effect with effect from 1st May, 2012. The rules will apply to every producer, consumer and bulk consumer involved in manufacture, sale, purchase and processing of electronic equipment or components.

The rule defines “environmentally sound management of e-waste” as “taking all steps required to ensure that e-waste are managed in a manner which shall protect health and environment against any adverse effects, which may result from hazardous substance contained in such wastes.”

The rule mandates government departments and producers of electrical and electronic equipment to take responsibility for the collection of e-waste produced while manufacturing or after use in the end-of-life. He rules also require concerned organisations to set up collection centres or take back systems through which consumers can return their products.

Since the required infrastructure cannot be established immediately, a grace period of one year has been given by the Ministry for collection centres to be to set up. Information dissemination on e-waste and the environmentally sound management of e-waste is also mandated from producers.

According to the Indo European E-Waste Initiative for Improved Technology and Skills for Indian E-Waste Management Group (IEeWASTE), about 330,000 metric tonnes of e-waste is produced in India annually.

This is a good step in the right direction and Perry4Law and Perry4Law Techno Legal Base (PTLB) welcome this effort of the Ministry. We would come up with a more detailed discussion on these rules very soon.

E-Waste Law And Regulatory Framework In India

The menace of electronic waste (e-waste) in India has been increasing. India does not have a dedicated e-waste law and we are taking care of this crucial issue through guidelines and directions.

E-waste issues cannot be taken lightly and casually as has been done in India. Although the environment law jurisprudence is very strong and mature yet e-waste related legislations in India are still missing.

We need to have a dedicated e-waste law in India that can stringently deal with the menace of e-waste in India. India should not be a dumping ground for e-waste and commercial entities must be saddled with both civil and criminal liabilities for spreading illegal e-waste in India.

E-waste is a popular, informal name for electronic products nearing the end of their "useful life." Computers, televisions, VCRs, stereos, copiers, and fax machines are common electronic products. Many of these products can be reused, refurbished, or recycled. Unfortunately, electronic discards is one of the fastest growing segments of our nation's waste stream. Rapid obsolescence of electronics goods, compounded by dumping from developed countries, has brought the e-waste problem in India to the brink of spilling over into an acute crisis. The communities that are affected by the toxics in e-waste need not necessarily be those that are creating the waste. The unethical export of e-waste by industrialised nations to developing countries is shifting the onus of development to communities ill-equipped to deal with such waste. A lot of these materials are being sent to developing nations under the guise of reuse—to bridge the digital divide.

The Basel Convention defines waste by its disposal destination or recovery processes. These various processes are listed in Annexure IV of the Convention. For example, virtually any material that will be recycled or processed in order to reclaim a metal, or to reclaim an organic or inorganic substance for further use, is deemed a waste. Electronic components that are used without further processing are not likely to be defined as a waste. The Convention has provided for two lists. List A, found in Annexure VII, is presumed to be hazardous and thus covered by the Basel Convention; and List B, found in Annexure IX, is presumed to be non-hazardous and thus not subject to the Basel Convention. The waste listed in List A is waste that poses serious threats to environment and human health. As a result of their adverse effects these substances require special handling and disposal processes. The Annexure VIII hazardous waste list has the following entries applicable to e-waste:

A1180: Waste electrical and electronic assemblies or scrap containing components such as accumulators and other batteries included in List A, mercury-switches, glass from cathode-ray tubes and other activated glass, and PCB-capacitors, or contaminated with Annex I constituents (for example, cadmium, mercury, lead, polychlorinated biphenyl) to an extent that they possess any of the characteristics contained in Annexure III.

From the above we can gather that at the very least, circuit boards, CRTs, and other electronic boards or components and assemblies containing lead based solders and copper beryllium alloys (which include most computer circuit boards and much other electronic equipment), are indeed hazardous wastes according to the Basel Convention. Likewise, whole, used, discarded computers, printers, and monitors that contain such circuit boards or CRTs that are not to be re-used directly are to be considered as hazardous waste and subject to the Basel Convention. To date, the United States is the only developed country in the world that has not ratified the Basel Convention. In fact, US officials have actively worked to defeat and weaken the Basel waste export ban. The US government policies appear to be designed to promote sweeping the e-waste problem out the Asian back door. Not only has the US refused to ratify the Basel Convention and Ban, but in fact, the United States government has intentionally exempted e-waste materials, within the Resource Conservation and Recovery Act, from the minimal laws that do exist (requiring prior notification of hazardous waste shipments) to protect importing countries.

The 160-State Basel Convention is the world's most comprehensive environmental agreement on hazardous and other wastes. Governments are expected to minimize the generation of hazardous wastes, treat and dispose of wastes as close as possible to their place of generation and reduce the quantities transported. The proper implementation of the Basel Convention ensures that hazardous e-waste be managed in an environmentally sound manner as it provides the tools for the transparency and traceability of e-wastes destined for recycling or recovery. The development of international resource recycling systems would have to be combined with a mechanism capable of monitoring such systems to ensure their accountability. That could not be achieved, however, without intensified international efforts to help developing countries strengthen their capacity to implement the Convention.

A programme of action in the Asia-Pacific region to dispose of electrical and electronic waste in an environmentally sound way and stop its illegal trafficking was also launched with the support of the United Nations Environmental Programme's (UNEP) Basel Convention Regional Centres in China, Indonesia and Samoa. Due to rapid industrialisation, several developing countries in the Asia-Pacific region need to access large quantities of secondary raw materials. As a result, large amounts of used and end-of-life electronic wastes are being sent to them for recycling, recovery and refurbishment of non-ferrous and precious metals at facilities which do not always meet high environmental standards.

To combat the ever growing e-waste problem, India needs to have strong rules and regulations in place. Over the years, the government has instituted a number of regulations for better management of hazardous waste in the country. Some of these regulations are given below:

(a) Hazardous Wastes (Management and Handling) Rules, 1989/2000/2003: These define hazardous waste as “any waste which by reason of any of its physical, chemical, reactive, toxic, flammable, explosive or corrosive characteristics causes danger or is likely to cause danger to health or environment, whether alone or when on contact with other wastes or substances.”

In Schedule 1, waste generated from the electronic industry is considered as hazardous waste. Schedule 3 lists waste of various kinds including electrical and electronic assemblies or scrap containing compounds such as accumulators and other batteries, mercury switches, glass from cathode ray tubes and other activated glass and PCB capacitors, or contaminated with constituents such as cadmium, mercury, lead, polychlorinated biphenyl or from which these have been removed, to an extent that they do not possess any of the constituents mentioned in Schedule 2.

(b) DGFT (Exim policy 2002-07): Second hand personal computers (PCs)/laptops are not permitted for import under EPCG scheme under the provisions of para 5.1 of the Exim Policy, even for service providers. Second-hand photocopier machines, air conditioners, diesel generating sets, etc, can also not be imported under EPCG Scheme under the provisions of Para 5.1 of EXIM Policy even if these are less than ten years old.

(c) MoEF Guidelines for Management and Handling of Hazardous Wastes, 1991.

(d) Guidelines for Safe Road Transport of Hazardous Chemicals, 1995.

(e) The Public Liability Act, 1991.

(f) Batteries (Management and Handling) Rules, 2001.

(g) The National Environmental Tribunal Act, 1995.

(h) Bio-Medical Wastes (Management and Handling) Rules, 1998.

(i) Municipal Solid Wastes (Management and Handling) Rules, 2000 and 2002.

Unfortunately, none of these regulations deal directly and specifically with e-waste. This situation requires the enactment of a special law dealing with the nuisance of e-waste. Even as the United States pushes India to relax its restrictions on importing used computers and parts, shiploads of illegally imported equipment from the US and other developed countries are swamping India, contributing to a growing "e-waste" problem. India and the United States are engaged in tough negotiations over import of second-hand computers and parts, with the US insisting that India allow more liberal importation of "pre-used" hardware, according to reports. India prefers to stick to its norm of importing hardware that has at least 80% residual life left. Unlike the developed countries, there are no set norms for handling of electronic waste, and secondly cheap labor not only makes disposal cost-effective and profitable for local traders but also encourages the developed countries to push electronic wastes to the countries like India. The two largest nations exporting their e-wastes are the United States and Britain. According to a recent British Environmental Protection Agency report, Britain shipped out 25,000 tons of e-waste to South Asia last year. The United States bought a staggering $125 billion worth of electronic goods in 2005, and reportedly for every PC the country bought, one was discarded. Industry sources say in 2005 the US recycled about $2 billion worth of electronic equipment, which may be just 20% of the e-waste it generated, much of which found its way to India, China, Southeast Asia and Africa. Electronic hardware discarded globally has skyrocketed, with 20 million to 50 million tons generated every year.

In partnership with various non-governmental organizations, independent bodies and governmental bodies -- including the Indian Ministry of Environment and Forests as well as the Central Pollution Control Board, The Energy and Resources Institute (TERI) is responsible for kick-starting a program that lays out organizational procedures for e-waste recycling. The goal, according to experts at TERI, is to make recycling of computers more efficient -- ensuring that while no part of the computer is wasted, standards will become more environmentally friendly.

An additional factor is geared toward protecting those workers exposed to the various radioactive fumes emitting from the e-waste they are handling. Beginning the project in December 2005, TERI has since brought in experts from Europe to begin training Indian institutions in efficient recycling practices. The project has also partnered with advisers from the University of Dresden in Germany and the University of Crete in Greece.

The adoption of an ambitious e-governance plan by India is a good sign and we can hope that the e-waste management will also find favour with the Government soon. The concept of “absolute liability” is deterrent enough for the Government and private entrepreneurs to take environmental issues seriously. This is more so since the defense of “sovereign immunity” is also not available to the Government for tortuous liability. In short, e-governance presupposes the handling of various hazards originating out of and associated with the use of ICT and there is no reason to exclude the same from national policies pertaining to ICT and e-governance.

E-Courts Project Of India

Electronic court in India (e-courts in India) is an attempt of Indian government to utilise information and communication technology (ICT) for effective justice administration in India. E-courts project of India is a part and parcel of the national e-governance plan of India (NEGP) and is implemented as a mission mode project of NEGP.

E-courts were first conceived in the year 2003 where it was declared that e-courts would be established in India till the end of year 2003. However, even after passing of 8 years of that deadline, we are still waiting for the establishment of first e-court in India. Till the writing of this article, India does not have even a single e-court.

An e-court is different from computerised court. In the case of e-court everything is done in an “online environment” through the use of Internet and other ICT technologies whereas a computerised court is nothing more than a court having computers and basic level hardware and software.

E-courts essentially involve use of ICT from the stage of dispute to its final adjudication. Everything pertaining to a dispute happens in cyberspace and the parties to the disputes, lawyers, judges, evidence production and analysis, etc all happens through use of ICT.

India has still not achieved this “capacity building” and all it has done in the name of e-courts is computerisation of some traditional clerical work. This is the reason why techno legal experts of India have expressed that we have no e-courts in India and this is also the truth.

India has to shift to the next stage of establishment of e-courts. The computerisation phase is long over and now we must concentrate upon “e-courts capacity development” aspect that is still missing. We have to ensure e-courts related skills development in India that is presently missing.

At Perry4Law Techno Legal Base (PTLB) we are managing the exclusive techno legal e-courts research, education and training centre. It has been providing its suggestions for long and we hope these suggestions would help India in achieving the next stage of e-courts project of India.

Legal Framework For Cloud Computing In India

Cloud computing is a commercial project that most of the IT vendors of the world would love to launch in India. This is so because India has a large market for cloud computing business. However, the crucial question is whether India is ready for cloud computing? In short, we have to check whether cloud computing is viable for India especially when techno legal experts of India have answered in negative.

There are many hurdles for the successful implementation of cloud computing framework in India. The biggest among them is absence of legal framework for cloud computing in India. Further, allied legal frameworks are also missing that makes use of cloud computing in India non feasible and prone to numerous legal challenges.

For instance we have no dedicated privacy laws in India, data security laws in India and data protection laws in India. Further, India is fast becoming an endemic e-surveillance society in the absence of proper laws and constitutional procedural safeguards.

For instance, the central monitoring system project of India (CMS project of India) would have absolute control over telecommunications and Internet communications that also without any legal framework and parliamentary oversight. Further, companies like Research in Motion (RIM) have openly declared their support for e-surveillance activities of Indian intelligence agencies by extending cloud computing based e-surveillance model for its Blackberry messenger services.

Further, India is also the only country of the world where phone tapping and e-surveillance is done without a court warrant and beyond the judicial scrutiny. The executive branch of Indian constitution is neither accountable to the parliament of India nor to the judiciary in this regard.

All a police officer or governmental officer has to do is to approach the concerned cloud computing service provider, and it would hand over all your sensitive data and information to him without your knowledge. Further, even if the data is not physically handed over, access to the same can be given to such officer without anybody knowing of such access.

Privacy violations would definitely arise in cases of use of cloud computing in India. The only fact is that you may not be aware that your privacy rights have been violated and your sensitive and personal data is no more a secret.

Indian government must not use software as a service (SAAS) or cloud computing for governmental and public services delivery till suitable procedural safeguards against violation of civil liberties in general and privacy rights in particular are at place. Even industrial players like Infosys and CII have endorsed this viewpoint. Time has come to enact a constitutionally sound legal framework for cloud computing in India.

Friday, June 24, 2011

Central Monitoring System Project Of India

Central Monitoring System Project of India (CMS Project of India) is a very crucial project to safeguard Information and Communication Technology (ICT) related security and e-surveillance issues in India. It is mooted by the Central Ministry of Communication and Information Technology (MCIT).

The aim of CMS Project of India is to have a “Centralised Mechanism” where Telecommunications and Internet Communications can be analysed by the MCIT, Indian Government and its Agencies. Some have called this mechanism as the Internet Kill Switch of India where Internet Communications all over India can be suspended through this mechanism.

Recently, the United Nations declared “Right to Access” to Internet as Human Right. This would have a positive impact upon many Human Rights in Cyberspace. For instance, Right to Speech and Expression, Right to Privacy, Right to Know, etc cannot be violated by the CMS Project of India. United Nations must expand Human Rights Protection to many more issues.

This is the real problem for the CMS Project of India. We have no dedicated Privacy Laws in India, Data Security Laws in India and Data Protection Laws in India. Further, the CMS Project of India is also beyond the “Parliamentary Scrutiny”. The Cyber Law of India, incorporated in the Information Technology Act 2000 (IT Act 2000), was drastically amended through the Information Technology Amendment Act 2008 (IT Act 2008).

The IT Act 2008 incorporated various “Unconstitutional Provisions” in the Cyber Law of India that clearly violates the Human Rights in Cyberspace. For instance, provisions regarding Internet Censorship, Website Blocking, Encryption and Decryption, etc have no inbuilt “Procedural Safeguards” as mandated by the Constitution of India. This is the reason why the Cyber Law of India needs to be repealed.

Further, we have no E-Surveillance Policy in India. Even Phone Tapping in India is done in an “Unconstitutional Manner” and even by private individuals with or without Governmental approval.

If CMS Project of India has to be “Legal and Constitutional” it must be subject to “Parliamentary Oversight”. Further, the IT Act 2000 must be repealed as soon as possible as it is clearly not in conformity with the Constitution of India and Civil Liberties Protection in Cyberspace.

Of course, if India Government persists in this “Unconstitutional Approach”, taking recourse of “Self Defence Measures” is not a bad option. Rather that remains the “Sole Option” when our Parliament, Executive and Judiciary fail to protect Fundamental Rights enshrined in the Constitution of India and the Human Rights Charter of United Nations.

ODR Services Providers In Asia

Online dispute resolution (ODR) is becoming a preferred mode of dispute resolution globally. However, Asian countries in general and India in particular have still not considered using ODR for dispute resolution.

Even otherwise there are very few ODR service providers in India. Further, when it comes to techno legal ODR services in Asia or India, there seems to be very few institutions dealing with the same.

At Perry4Law Techno Legal Base (PTLB) we provide techno legal ADR and ODR services. Our services include a wide variety of areas that practically covers all the techno legal ADR and ODR disputes

We believe in party autonomy and therefore are open to all national and international norms, regulations and rules. Whether it is the Uniform Domain-Name Dispute-Resolution Policy (UDRP) of Internet Corporation for Assigned Names and Numbers (ICANN) or any other rules or norms of similar international institutions like United Nations Commission on International Trade Law (UNCITRAL), World Intellectual Property Organisation (WIPO), we adopt and utilise the relevant norms as per the requirements of the case.

Although ODR in India is facing severe legal roadblocks yet at Perry4Law and PTLB we have been providing techno legal technology dispute resolution policies and strategies. We have suggested the technology dispute resolution policy of India and ODR policy of India in the hope that Indian government would consider utilising technology related projects like ODR and e-courts more often.

At the same time we also believe that without international harmonisation, ODR can never be a global reality. We also understand the importance of national and international cooperation and collaboration and are therefore open to all sorts of proposals from global ODR community.

ADR service providers of Asia must utilise concepts like ODR and e-courts as well. Like traditional ADR mechanisms, ODR and e-courts also provide effective dispute resolution. In fact, ODR and e-courts are better mechanisms to resolve disputes without any party moving from his place.

Sooner or later ODR and e-courts have to be established and used by all Asian countries. However, the sooner they are established and used the better it would be for the citizens of these countries.

Thursday, June 23, 2011

ICANN's Global Outreach And International Cooperation

The day Internet Corporation for Assigned Names and Numbers (ICANN) approved allotment of new Generic Top Level Domain Names (GTLDs), it was clear that it has to face many known and unknown “Challenges”. Further, “Cyber Security Issues” must also be on the “Priority List” of ICANN.

However, of all challenges, the one pertaining to manage “International Coordination” is the toughest one. Although ICANN has taken many far reaching decisions yet their actual implementation requires both National and International Cooperation. If this Coordination is missing, most of the initiatives of ICANN would fail.

Realising this truth, ICANN has started efforts in this direction in various parts of the World. ICANN has named Thomas Spiller to the newly created position of Vice President, Europe. The appointment was announced today at the organization's 41st public meeting in Singapore.

In his new position, Spiller who is a French national will be responsible for driving ICANN's strategic objectives in Europe. He will also manage the Brussels office and will be the focal point for regional issues.

"I look forward to reinforcing ICANN's outreach to all stakeholders and strengthening the ongoing inclusive dialogue with Europe's Internet users, national governments, EU institutions and business," said Spiller.

Naturally, ICANN would also establish similar posts at other crucial regions of the World and Asia is one of them. ICANN is also looking to appoint a vice president of Asia who is likely to be based in Singapore and will take charge of Asian strategic objectives.

The choice of Singapore is natural, logical and the best one. We are still not ready for Online Dispute Resolution in India and Singapore has definitely better “Technological and Legal Infrastructure” than India.

This does not mean that ICANN can ignore India all together. ICANN must enter into Memorandum of Understandings (MOU), Consortiums, Partnerships and Collaborations with other Asian Countries as well.

GTLDs, Cyber Security, DNSSEC And ICANN

Domain name has become an indispensable part of business environment these days. This is the reason that the approval of new generic top level domain names (new gTLDs) by Internet Corporation for Assigned Names and Numbers (ICANN) assumes significance. Besides, approving the allotment of new gTLDs, ICANN has also been discussing other crucial issues as well.

With this ICANN would also face many anticipated as well as unforeseen challenges and cyber security challenges would be one of such challenges. A company, individual or country desiring to apply for a new gTLD must be aware of the cyber security challenges associated with it. This must be a part and parcel of the “gTLD due diligence” of the concerned applicant.

It is not the case that ICANN is not aware of these concerns. In fact, ICANN has been considering use of Domain Name System Security Extensions (DNSSEC) for securing domain name system (DNS). DNSSEC is a set of extensions to DNS which provide to DNS clients (resolvers) origin authentication of DNS data, authenticated denial of existence, and data integrity, but not availability or confidentiality.

Although people browsing the Internet often take it for granted that the sites they visit are created and operated by their purported owners, it is possible for criminals with knowledge of the Internet’s addressing system to create counterfeit websites that look like the real thing but capture users’ private information. DNSSEC guards against this cyber threat.

Now it has been reported that ICANN and internet exchange firm Packet Clearing House (PCH) have joined forces with Infocomm Development Authority of Singapore (IDA) and the National University of Singapore (NUS) to launch the first of three facilities designed to boost the adoption of DNSSEC among country code Top-Level Domains (ccTLDs).

The three new facilities, located in Singapore; Zurich, Switzerland (still under construction) and San Jose, California, provide cryptographic security using the recently deployed DNSSEC protocol. Internet users in each country that adopts the new service will be assured of the authenticity of the websites they visit and the email addresses they use, says the recently released ICANN’s announcement (PDF).

PCH’s DNSSEC facilities will allow many additional countries to immediately gain the benefits of DNSSEC protection for their country code TLDs without needing to build and maintain their own million-dollar security facilities. During a recently held “key-signing” ceremony, cryptographic master keys were created for Tanzania, Uganda, Afghanistan, and ten other countries that have already chosen to use the system.

“One of ICANN’s core missions is to enhance the security and stability of the Internet’s Domain Name System. This new DNSSEC facility in Singapore helps us do just that,” said Rod Beckstrom, President and Chief Executive Officer of ICANN. “The bottom line is that this center and the two others like it will give billions of Internet users the confidence to know that they have ended up at the web site they intended to reach, reducing the risk that they have been misdirected to a different site by cyber criminals”, he said.

PCH’s DNSSEC service is unique in several ways: it employs the same degree of physical, network, and procedural security as ICANN uses to sign the root of the domain name system, meeting all of the same rigorous standards; all components were selected for low power consumption and the system as a whole will be both carbon and energy-neutral upon completion; it is entirely free of cost for country-code top level domains; and its goal is as much knowledge-transfer and regional self-sufficiency as immediate implementation: all of its procedures and software follow best practices and are published open-source, using a Creative Commons license that ensures that all can benefit from them equally.

Perry4Law and Perry4Law Techno Legal Base (PTLB) welcome this initiative of ICANN and its partners. Further, we also believe that with an increase in new gTLDs registrations, issues like domain names protection, brands protection, trademarks protection, cybersquatting disputes resolution, cyber law compliances, cyber security requirements, cyber due diligence, etc would also arise. Brand owners and trademark owners must prepare their “strategy” in this regard well in advance.

Online Dispute Resolution Services In India

Information and communication technology (ICT) has streamlined the way disputes are agitated and resolved. Legal proceedings are increasingly using online platforms and cyberspace for initiation of legal proceedings and their dispute resolution.

However, legal frameworks that can supplement and strengthen such disputes resolution are missing. For instance, the legal enablement of ICT systems in India is still missing. We have no legal framework for online dispute resolution in India (ODR in India) as well as for establishment and management of e-courts in India. Till now we are waiting for the establishment of first e-court of India and use of ODR in India.

At Perry4Law and Perry4Law Techno Legal Base (PTLB) we believe in the importance and use of ICT for dispute resolution. We understand the importance of ICT to the judicial system and important role of ICT in judicial reforms. Use of ICT in effective judicial system and dispute resolution is one area that deserves both national and international attention.

India is using alternative dispute resolution (ADR) mechanisms like arbitration, mediation, etc for long. However, there are very few ODR service providers in India. This is because in India we neither have awareness about ODR nor we have expertise to mange the same. Realising the same, Perry4Law and PTLB have provided the exclusive technology dispute resolution policy of India and ODR policy of India so that ODR may gain popularity and a wider acceptance in India.

At PTLB we provide the exclusive techno legal ODR services in India. These ODR services cover areas like cyber law, cyber security, cyber forensics, technology dispute resolution services, film and entertainment industry disputes resolution, etc.

Internet Corporation for Assigned Names and Numbers (ICANN) has been planning to expand the list of generic top level domain names (gTLDs) among several issues. The same was put as one of the items of the agenda to be voted and decided by ICANN at the second public meeting of the year on 20th June 2011 at Singapore.

Finally, after a long gestation period, ICANN has approved the idea of allotting new gTLDs. Of course, this allotment would not be simple process and filing of gTLD applications would need good techno legal expertise.

Further, these gTLDs allotment would also give rise to many unforeseen challenges and domain name, brands and trademarks disputes in the future. An improper representation of a case or domain dispute may result in loosing the same. Thus, before agitating a domain name dispute at national and international level, knowing of the Uniform Domain Name Dispute Resolution Policy of ICANN is a must.

We hope this note would help all the present and future domain name holders and ICANN’s new gTLDs applicants.

Wednesday, June 22, 2011

Intelligence Work Is Not An Excuse For Non Accountability

Indian Government has decided to “Exempt” Central Bureau of Investigation (CBI), National Investigation Agency (NIA) of India and National Intelligence Grid (NATGRID) from the applicability of Right to Information Act 2005 (RTI Act 2005). This is a “Policy Decision” and is well within the Powers of the Executive Branch of Indian Constitution.

Generally, Policy Decisions of Executive are not subjected to “Judicial Review”. However, if the Policy Decisions are Malafide, Unconstitutional or violates the Rule of Law, these decisions can be “Challenged” in a Court of Law.

Before we analyse the Policy Decision of Indian Government to exempt CBI, NIA and NATGRID, we must be aware of some background facts. The RTI Act 2005 is the sole “Transparency Law of India” that needs further amendments and strengthening. However, the proposed Right to Information Rules 2010 instead of strengthening the RTI Act, 2005 took steps that are Retrograde in nature.

The Constitutional Validity of National Investigation Agency Act, 2008 (NIA 2008) is still doubtful and CBI and NATGRID are not governed by any law at all. Even the proposed Central Monitoring System (CMS) of India is “Without any Parliamentary Oversight”.

In short, whether it is CBI or Intelligence Agencies of India, none of them are presently Accountable to Parliament of India. Human Rights in Cyberspace in India are regularly targeted by Indian Government and its Agencies without “Constitutional Laws”. Without Parliamentary Scrutiny and Judicial Review these Agencies cannot be considered to be “Constitutional”. If these Agencies are themselves “Unconstitutional” their functioning is also “Unconstitutional”.

Indian Government has already made these Agencies “Non Accountable” and now it is making them “Non Transparent” as well. In my personal opinion, this Policy decision of India Government is “Unconstitutional” and is well within the scope of Judicial Review.

This also casts a doubt about the “Impartiality and Transparency” of these Agencies. Exempting these Agencies without any parallel “Parliamentary Oversight” is against the provisions of Indian Constitution.

But then there seems to be no “Separation of Powers” in India any more and expecting Parliament of India to perform its “Constitutional Duties” can safely be considered to be “Over Ambitious Thinking”.

Tuesday, June 21, 2011

Public Records Keeping Framework In India

Public Records keeping is a very important aspect though it is often not considered to be very important by the National Policies of a nation. Public Records keeping may be a voluntary exercise or a requirement of one or more Laws.

Although there are many “Statutory Laws” in India that required Companies, Individuals and Government Departments to keep Public Records for public scrutiny or general use yet the Public Records Act 1993 (PRA 1993) of India is a “Specilaised Law” for keeping the “Non-Current Records” of Indian Government and its Departments and Agencies etc.

It is an Act to regulate the Management, Administration and Preservation of Public Records of the Central Government, Union Territory Administrations, Public Sector Undertakings (PSUs), Statutory Bodies and Corporations, Commissions and Committees constituted by the Central Government or a Union Territory Administration and matters connected therewith or incidental thereto.

Section 2(e) of the PRA 1993 says a “Public Record” includes (i) Any document, manuscript and file; (ii) Any microfilm, microfiche and facsimile copy of a document; (iii) Any reproduction of image or images embodied in such microfilm (whether enlarged or not); and (iv) Any other material produced by a computer or by any other device, of any records creating agency. The definition of “Public record” is very wide and it covers both traditional Paper based as well as contemporary Electronic Records.

Section 4 of the PRA 1993 provides that no person shall take or cause to be taken out of India any Public Records without the prior approval of the Central Government. However, such approval is not required if any Public Records are taken or sent out of India for any official purpose.

Section 8(1) of the PRA 1993 provides that save as otherwise provided in any law for the time being in force, no Public Record shall be destroyed or otherwise disposed of excepts in such manner and subject to such conditions as may be prescribed. Section 8(1) provides that no record created before the year 1892 shall be destroyed except where in the opinion of the Director General or, as the case may be, the head of the Archives, it is so defaced or is in such condition that it cannot be put to any archival use.

Section 9 of the Act provides that whoever contravenes any of the provisions of section 4 or section 8 shall be punishable with imprisonment for a term which may extend to five years or with fine which may extend to ten thousand rupees or with both.

The PRA 1993 must be applied keeping in mind the “contemporary technological advances”. For instance, Digital Preservation in India is an issue that has not yet been taken seriously by Government Departments. Of course, Public Records Keeping Framework of Reserve Bank of India (RBI) is an exception to this apathy. Let us hope the Techno Legal issues of Public Records would be taken care of by Indian Government in general and Ministry of Culture in particular.

Monday, June 20, 2011

Digital Preservation In India

Digital preservation is the process where traditional records and data as well as contemporary records are managed and preserved in a manner so that the information can be accessible by our future generations.

The importance of digital preservation cannot be underestimated as many valuable documents and archives of various societies have been lost forever in the absence of digital preservation. If those documents and archives could have been preserved in electronic form, they would have been available toady.

Digital preservation has also assumed significance due to the extensive adoption of Internet and networking technologies. Individuals and organisations are producing vast amount and diverse nature of digital information that if not preserved would be lost forever. Digital preservation is a trustworthy solution ensuring long-term access to the past and contemporary digital information form future references.

Digital preservation in India is in its infancy stage. Although some discussions in this regard have been undertaken by some departments of Indian government yet they are far from satisfactory. Even a national digital preservation programme (NDPP) of India has been launched but it has been lying dormant for many years. Of course, some institutions like Reserve Bank of India (RBI) have good public records keeping framework.

Presently, India has no well defined legal framework for digital preservation in India. Neither the technical nor the legal issues have been resolved by India in this regard so far. According to experts, digital preservation framework in India is missing as we do not have a “dedicated” techno legal digital preservation laws in India. However, laws like Public Records Act, 1993, Right to Information Act, 2005, proposed Electronic Services Delivery Bill 2011 (Bill), etc mandates digital preservation and digitilisation of records in “Electronic Form”.

Digital preservation issues in India are going to be more complicated with the enactment of laws like digital millennium copyright act (DMCA). Efforts are in the pipeline for adoption of an efficient digital rights management (DRM) system in India. Intellectual property rights (IPRs) are commonly found conflicting with digital preservation initiatives. Technological issues of IPRs would also pose great challenges before the digital preservation initiatives of India. We also need to change form of various IPRs protected works from one form to another. This sometimes results in IPRs violations.

Further, technological challenges have also to be managed by India in this regard. With the rapid advancement of technology day by day, old applications and methods are becoming obsolete. We need to upgrade them from time to time. Recent traditional knowledge digital library (TKDL) of India is one of the most innovative and much needed initiatives undertaken by Indian government. Being a digital library it must ensure digitalisation of contents as well as their digital preservation.

In short, digital preservation initiatives of India need urgent reforms. The task is really difficult unless good experts are involved in this much needed project. For the time being, digital preservation initiatives of India are falling well short of the desired actions. It would be a better strategy if the Indian government starts working in the direction of enacting a suitable techno legal framework for digital preservation in Indian as soon as possible.

Indian government in general and ministry of culture in particular must pay special attention to digital preservation requirements as in future the culture ministry would be the one that would require it most.