Author Archives: PTLB

MPPEB Scam Investigation Raises Interesting Cyber Forensics Issues

MPPEB Scam Investigation Raises Interesting Cyber Forensics IssuesThe MPPEB scam’s is a curious development of cyber forensics and related aspects in India. The Special Investigation Team (SIT) monitoring the probe has already informed the Madhya Pradesh High Court that documents used by Digvijaya Singh to target Shivraj Singh Chouhan are forged. However, this fact is vociferously contested by the whistleblower of the case known as “Mr X”.

Obviously, there was an urgent need on the part of SIT to examine the whistleblower and record his statements. This was not done so far and this was casting doubts upon the theory of SIT regarding use of forged documents by Digvijaya Singh. Now SIT has realised that examination of whistleblower is a must to the successful completion of the investigation.

As per a media report, Madhya Pradesh Special Task Force (STF) has on Saturday issued summons to the whistleblower for recording his statement. Previously SIT had submitted before the Madhya Pradesh High Court the contents of Mr X’s pen drive and contended that they appear to be forged and this has been done with the intent to mislead investigating agency.

STF officer D K Tiwari went to Mr X’s official residence and served him a notice asking to appear at agency’s office for statements in three days. He has been informed through the notice that AICC general secretary Digvijaya Singh has named him as his source behind documents that he submitted in the court and the same has to be testified. At Perry4Law Organisation (P4LO) we believe that this is the proper method to do investigation involving digital evidences and cyber forensics methodologies.

It is very important to maintain a “chain of custody” and “proper documentation” of the acquisition of such digital evidence and investigation authorities must ensure that the evidence acquired by them is “admissible” in a court of law. Till now, handling of digital evidence is a big challenge for the law enforcement agencies of India. We have already witnessed that cyber forensics issues have troubled our law enforcement agencies in Aarushi Talwar’s murder case, IPL Match Fixing case, Bitcoins websites investigation, Nokia’s tax violation case, Rajnath Singh Son’s case, Amrita Rai’s G-Mail account hacking case, etc. Indian government must seriously consider empowering law enforcement agencies of India with suitable trainings and technologies.

STF had already given an undertaking in writing to the Delhi High Court that investigation agencies do not have to question whistleblower and only needed original documents allegedly in his possession. Surprisingly, neither SIT nor STF questioned the whistleblower despite the fact that he was always available. Now STF has rectified that error and has asked the whistleblower to appear before the agency.

However, the crucial question is who is right regarding the contents of the excel sheet that seems to be the core document for investigation and punishing the culprits. Right now we have two conflicting opinions in this regard and we at Perry4Law Organisation believe that this issue must be resolved by the investigation agency on a priority basis. If needed the investigation agency or Indian government can also ask for a second opinion from another cyber forensics laboratory in this regard. The bottom line is who has undergone for the “forensically sound image” of the hard disk in question by using the bit by bit image method.

Cyber Crime Investigation Trainings In India Needed

Cyber Crimes Investigation Training In IndiaCyber crimes investigation is a tedious task that requires both technical and legal knowledge. Further, since cyberspace is boundary less, a single instance may invoke the laws of different countries. This creates a situation of conflict of laws in cyberspace that makes the cyber crime investigation exercise cumbersome and complicated.

Take the example of cracking of e-mail account of Amrita Rai. Although Delhi Police got the IP address logs of Amrita Rai’s G-Mail account from Google yet the cyber crimes investigation problem of police will continue due to conflict of laws in cyberspace. Similarly, the Home Ministry of India intends to take legal action against person posting misleading news at Facebook regarding Rajnath Singh’s son. However, this task would not be easy and the efforts in this regard may even not be successful as well at the end of the investigation.

The importance of cyber crimes investigation training in India cannot be undermined in these circumstances. However, there is a policy paralysis in this regard. Whether it is modernisation of police force of India or formulation of regulations and guidelines for effective investigation of cyber crimes in India, Indian government has to cover a long road. Indian government has yet to formulate a cyber crimes prevention strategy of India.

Similarly, India has also to initiate policy and legal initiatives in the fields of e-discovery, digital evidence, cyber forensics, cyber security, etc. India is also following outdated laws like cyber law and telegraph law and is not investing effectively in the field of intelligence agencies and law enforcement technology for India. In the absence of scientific approach towards digital evidence and cyber crime investigation, there are very few cyber crimes convictions in India.

On the other hand, cyber crimes have significantly increased in India. The trends in this regard are not very promising. For instance, the cyber law (PDF), cyber security (PDF) and cyber forensics (PDF) trends in the year 2013 have showed poor performance of Indian government in these fields. This position has not changed in 2014 as well. For instance, the cyber forensics trends of India 2014  still show inability of India to deal with cyber forensics related issues.

We at Perry4Law Organisation and Perry4Law’s Techno Legal Base (PTLB) believe that cyber crimes investigation requires sound techno legal expertise. Skills development through online training and skills development courses in urgently required for Indian law enforcement agencies. Cyber crimes investigation training in India is one such skills development activity that must be imparted to make law enforcement agencies of India modern and upto date. Other stakeholders must also have basic level cyber law and cyber security awareness so that cyber crimes can be minimised in India.

Cyber Forensics Trends And Developments In India 2014-Part 1

Cyber Forensics Trends And Developments In India 2014-Part 1Skills development is an area where India is lagging far behind than the required demand and market. There is no second opinion that skills development and entrepreneurship must be strengthened in India. This is more so regarding the techno legal skills development in India that is almost missing as on date. In India people prefer a degree or diploma over skill that is counterproductive in the long run. Cyber forensics is one such skill that is rarely found in the Indian environment. This is an interim cyber forensics trends and development analysis that is discussing the weaknesses and possible measures to strengthen cyber forensics in India.

Cyber forensics is an upcoming field in India and Indian legal and judicial system has to adapt itself according to the same. Till now cyber forensics is not widely and appropriately used by the law enforcement agencies, lawyers, judges, etc in India. As a result most of the cyber criminals are either not prosecuted at all or they are acquitted in the absence of adequate evidence.

Cyber forensics cannot be used in isolation and allied fields like cyber law, cyber security, e-discovery, digital evidence, cyber crime investigations, etc are also applicable in a majority of cases. Perry4Law and Perry4Law’s Techno Legal Base (PTLB) have already covered the Cyber Law Trends and Developments of India 2013 (PDF), Cyber Security Trends and Developments in India 2013 (PDF) Cyber Forensics Trends and Developments in India 2013 (PDF).

This is the interim cyber forensics trends of 2014 by Perry4Law and PTLB and we would come up with the complete and annual trend and development analysis subsequently. To start with there is urgent need to ensure cyber forensics skills development of police force, prosecution lawyers and judges in India.  Further, modernisation of police force of India urgently needed.

There have been incidences in India where the law enforcement agencies of India have not conducted proper e-discovery and cyber forensics exercises. This has made their cases weak and the accused may escape the punishment. Some of the present cases where effective cyber forensics could have been used are E-Bay’s cyber breach case, enforcement directorate’s Bitcoins investigation case, Aarushi’s murder case by CBI, IPL match fixing case, Nokia’s software download case, etc. The list is just expanding as cases of improper cyber forensics investigations are in abundance in India.

Clearly the Indian approach towards cyber forensics is not upto the mark and there is an urgent need to change this mentality. The concerned stakeholders must be well versed with techno legal concepts like basics of Internet protocol addresses, IP address spoofing and its defenses, IP address tracking methods and techniques for e-mails, hidden Internet cyber forensics, cloud computing cyber forensics, social media cyber forensics, audio, video and media forensics, etc.

We need to develop cyber forensics investigation solutions in India to encourage digital and scientific evidences in India. The cyber forensics best practices in India are also missing as on date and they must be formulated urgently. The regulations and guidelines for effective investigation of cyber crimes in India must also be drafted as soon as possible. While tracking the IP address in question is the first step in cyber crime investigation yet IP address should not be the sole criteria for arrest and conviction.

We at Perry4Law and PTLB believe that there is an urgent need to formulate an effective techno legal framework that can take care of techno legal issues of contemporary times. Further, colonial and constitutionally unsound laws like telegraph and cyber law must be repealed urgently and dedicated and suitable laws must be enacted for the fields of cyber law, cyber security, cyber forensics, e-discovery, etc. Presently, neither technological not legal issues pertaining to cyber forensics are taken care of by Indian government.

E-Bay Asks For Change Of Password After Breach Of Its Database Containing Account Information

E-Bay Asks For Change Of Password After Breach Of Its Database Containing Account InformationIt has become a common practice among cyber criminals to target big corporations and e-retail companies. Recently Target Corporation was targeted by cyber criminals and as a result of that Target Corporation faced litigation threats around the world.  The corporate compliances in India and e-commerce regulatory requirements have become very stringent.

The cyber breaches in India would raise serious cyber law issues for corporations and e-commerce business houses operating in India. E-commerce stakeholders must adhere to e-commerce due diligence and cyber law due diligence (PDF) requirements prescribed by Information Technology Act, 2000 (IT Act 2000) and other laws of India to stay on the right side of Indian laws.

As per media report, auction site eBay is asking all users to change their passwords following a “cyber attack” that compromised a database containing account information.  The company has claimed that no financial data was accessed and that credit card information is stored separately in an encrypted format. “Our customers are our highest priority; and to ensure they continue to have a safe, secure and trusted experience on eBay, we will be asking all eBay users to change their passwords,” the company told the Telegraph this afternoon.

The blog post of eBay says that it will be asking eBay users to change their passwords because of a cyber attack that compromised a database containing encrypted passwords and other non-financial data. After conducting extensive tests on its networks, the company said it has no evidence of the compromise resulting in unauthorized activity for eBay users, and no evidence of any unauthorized access to financial or credit card information, which is stored separately in encrypted formats. However, changing passwords is a best practice and will help enhance security for eBay users.

As per eBay the cyber attackers compromised a small number of employee log-in credentials, allowing unauthorized access to eBay’s corporate network. Working with law enforcement and leading security experts, the company is aggressively investigating the matter and applying the best forensics tools and practices to protect customers.

The database, which was compromised between late February and early March, included eBay customers’ name, encrypted password, email address, physical address, phone number and date of birth. However, the database did not contain financial information or other confidential personal information. The company said that the compromised employee log-in credentials were first detected about two weeks ago. Extensive forensics subsequently identified the compromised eBay database, resulting in the company’s announcement today.

The company said it has seen no indication of increased fraudulent account activity on eBay. The company also said it has no evidence of unauthorized access or compromises to personal or financial information for PayPal users. PayPal data is stored separately on a secure network, and all PayPal financial information is encrypted.

Beginning later today, eBay users will be notified via email, site communications and other marketing channels to change their password. In addition to asking users to change their eBay password, the company said it also is encouraging any eBay user who utilized the same password on other sites to change those passwords, too. The same password should never be used across multiple sites or accounts.

Cyber Forensics Trends And Developments In India 2013

Cyber Forensics Trends And Developments In India 2013The Cyber Law Trends and Developments of India 2013 (PDF) and Cyber Security Trends and Developments in India 2013 (PDF) have already been covered by Perry4Law and Perry4Law’s Techno Legal Base (PTLB). In this research work we are covering the Cyber Forensics Trends and Developments in India 2013 (PDF).

Our readers can read more about Cyber Forensics at the Computer Forensics Research Centre of India managed by PTLB and our Cyber Forensics Linkedin Group that is Open Group.

Some of the significant Trends and Development covered by this research paper include cyber forensics in India, cyber forensics skills development in India, cyber forensics education in India, cyber crimes in India, cyber crimes investigation in India, cyber forensics best practices in India, e-mail policy of India, compulsory filing of FIR in India, Bitcoins crimes investigation in India, money laundering investigations in India and serious frauds investigation in India.

It is a techno legal cyber forensics trend and development analysis by Perry4Law and PTLB and we hope that our viewers and readers would find it worth reading.

Enforcement Directorate (ED) Must Use E-Discovery And Cyber Forensics Methods To Detect Possible Legal Violations By Bitcoin Websites

Enforcement Directorate (ED) Must Use E-Discovery And Cyber Forensics Methods To Detect Possible Legal Violations By Bitcoin WebsitesCorporate frauds investigations in India are still trying to accommodate the use of information and communication technology (ICT) related investigation tools. Scientific and techno legal methodologies like e-discovery and cyber forensics practices are still not used in a full fledged manner in India. The growing importance and use of e-discovery for ascertaining corporate frauds cannot be ignored any more.

Law enforcement agencies of India have not used the cyber forensics best practices while engaging in techno legal investigations. Whether it is CBI’s investigation or IPL match fixing case or forensic analysis of Nokia’s computers, a lack of techno legal and scientific approach was very much apparent. In the absence of clear regulations and guidelines for effective investigation of cyber crimes in India this task has become even more difficult to achieve.

Recently the Reserve Bank of India (RBI) cautioned users of virtual currencies against various risks. Reacting immediately, the Enforcement Directorate (ED) immediately searched the office and website of Seven Digital Cash LLP. The ED officials raided the premises of Mahim Gupta in Ahmedabad, who provides a trading platform through his website buysellbit.co.in. During the preliminary investigation, the ED found that it is in clear violation of the Foreign Exchange Management Act (FEMA) rules of the country as central bank does not permit such transactions.

”We have found that through the website 400 persons have recorded 1,000 transactions worth a few crores of rupees. We are gathering the data of the transactions and name of the people who have transacted in the virtual currency from Gupta’s server that is hired in the US. At present, we believe that this is a violation of foreign exchange regulations of the country. If we are able to establish money laundering aspect then he can be arrested,” said a top ED official.

A separate raid was also conducted in Satellite area of the city. However, the person the investigation agency was looking for could not be found. ”When we reached his office, he was not there. We have sealed the premises,” the official added.

As per the sources, the owners of the both the Bitcoin trading firm would be booked under FEMA Act initially. However, after detail investigation of the data collected, if any hawala transaction or criminal nature transaction is detected then they would be booked under the appropriate Act. Even the provisions of Information Technology Act, 2000 can be invoked against these websites.

Bitcoin users in India are vulnerable to legal actions of diverse nature. Even other Bitcoin websites in India can be prosecuted in due course of time. Even Income Tax Overseas Units (ITOUs) of India have been established in foreign countries to curb black money. With the present corporate environment of India fast changing, taking Indian laws for granted by the Bitcoin websites is not a good strategy.

The Enforcement Directorate (ED) must also use e-discovery and cyber forensics methods to detect possible legal violations by Bitcoin websites so that only legitimate and law abiding websites can operate. It is high time for the ED to use e-discovery and cyber forensics methodologies to gather crucial evidence against the guilty website and successfully prosecute them for violating Indian laws.

CBI Committed The Cyber Forensics Blunder In Aarushi Talwar’s Murder Case

CBI Committed The Cyber Forensics Blunder In Aarushi Talwar’s Murder CaseCyber forensics and Indian approach has always been of indifference. There are very few cyber forensics institutions in India and they are heavily overburdened due to lack of manpower to manage the ever growing cases of cyber crimes, white collor crimes and corporate frauds.

At Perry4Law and Perry4Law’s Techno Legal Base (PTLB) we have been managing the exclusive techno legal cyber forensics research centre of India. We believe that Indian government must formulate cyber forensics best practices in India. We also believe that cyber forensic investigation solutions in India must be developed by Indian government in association with private industry.

In India the law enforcement agencies are still struggling to gain cyber forensics expertise. They need to be trained properly to manage cyber forensics issue in a more effective manner. Issues like IP address tracking and audio, video and media forensics in India are still not very much part of the investigation procedure of law enforcement agencies of India. For instance, lack of use of cyber forensics best practices in IPL match fixing case may jeoparadise it. Similarly, forensics analysis of Nokia’s computer used to download software in India has also not been undertaken properly.

The latest to add to this list is the defective cyber forensics approach of central bureau of investigation (CBI) in Aarushi Talwar’s murder case. As per IBNLive the defence counsel in the Aarushi Talwar’s murder case has challenged the prosecution version of CBI that Rajesh Talwar was awake on the night of the crime and had used Internet connection at regular intervals.

The defence counsel alleges that CBI did not provide technical details to the expert who was inconclusive about the use of router. The counsel also argued that to prove its Internet router theory, CBI never sent computer seized from Talwars’ home to experts to ascertain whether it was on or off with small gaps in the intervening night of May 15-16, 2008. Rajesh Talwar, during the recording of his statement, had said that he went to sleep after 11.30 pm and did not use Internet.

The defence counsel has also asked why has the probe agency so far not revealed which sites Talwar was using on Internet? He maintains that to confirm Internet router activity, whether it was switched on or off with small gaps, it is required to examine detailed ICP log, detailed computer log and router or modem log, but these details were never provided to experts by the CBI.

The defence counsel also alleges that although CBI seized computer from Talwars’ house, it did not seize router and modem logs from there. That is why CBI’s theory of internet router activity was repeatedly switched on or off gets demolished here.

CBI has yet to come up with its version of these accusations by the defence counsel. There may be possibilities where the evidence provided by CBI may be enough to vindicate its claims in the court of law.

Perry4Law Organisation believes that a cyber crime investigation manual must be drafted by CBI and all future investigations and prosecutions must be made in compliance with the same. Recently the rules pertaining to inspection, inquiry and investigation (PDF) have been released by Ministry of Corporate Affairs (MCA) and Perry4Law has provided its suggestion in this regard to the MCA.

The rules have rightly relied upon using the public private partnership (PPP) model to deal with sophisticated cyber crimes and corporate crimes in India. Indian government and serious fraud investigation office (SFIO) would also hire private experts on contractual basis. SFIO would also draft a manual of investigation to investigate various offences falling within its jurisdiction. CBI must also act in similar manner to get more effective results.

Lack Of Use Of Cyber Forensics Best Practices In IPL Match Fixing Case May Jeoparadise It

Lack Of Use Of Cyber Forensics Best Practices In IPL Match Fixing Case May Jeoparadise ItProper digital evidence acquisition and its analysis are of tremendous importance for the successful conviction of an offender. If the chain of evidence is not properly maintained, it may draw an adverse inference against the prosecution’s case.

The process starts with a sound e-discovery procedure where legally relevant digital evidence is put on hold. Once the digital evidence is put on hold, the relevant material is further analysed for evidence of commission of the crime. If the entire digital information is seized instead of selective digital evidence, the prosecution’s case is weakened.

Recently the New Zealand High court held that the procedure of seizing the entire digital evidence by the New Zealand’s police was illegal and the Court directed the police to return back the digital material that was not connected with the investigation. The Court also held that the accused Kim Dotcom is entitled to see the evidence seized by the investigation authorities to properly defend his case.

Digital evidence is also present in numerous forms. It may include a social media account like Facebook or in the form of a fraudulent banking transaction or in the form of paper evidence converted into an optical character recognition (OCR) or in cloud computing form, etc.

Unfortunately, India has no implementable e-discovery and cyber forensics best practices. Even guidelines for effective investigation of cyber crimes in India are missing. The forensics analysis of many cases is still pending due to overload of work in few governmental forensics laboratories. For instance, the forensics analysis of Nokia’s computer used to download software in India is yet to be made available.

We need to develop cyber forensics skills and investigation solutions in India. Take the example of the recent IPL match fixing case during which digital evidence has been collected. But, there are doubts whether police follow the cyber forensics best practices. An improper handling of digital evidence could result in it being held irrelevant and inadmissible in the court of law.

The audio, video and media forensics in India must follow well defined cyber forensics principles. It is very important to maintain a “chain of custody” and “proper documentation” of the acquisition of such digital evidence and media forensics professionals must ensure that the evidence acquired by them are “admissible” in a Court of law.

Of late cyber crimes, financial frauds and IT frauds have increase tremendously in India but till now the conviction ratio for these crimes is really poor. Indian government must provide adequate cyber forensics trainings to law enforcement officials so that they acquire and produce the relevant evidence in an admissible manner before the Courts and criminals can be successfully prosecuted and convicted.

Regulations And Guidelines For Effective Investigation Of Cyber Crimes In India

Regulations And Guidelines For Effective Investigation Of Cyber Crimes In IndiaCyber crimes are increasing at a rapid speed in India. However, cyber crimes investigation in India has still to be developed to tackle these cyber crimes effectively. As on date the cyber crime investigation capabilities of law enforcement agencies of India is still deficient and they need proper training in this regard.

The legal and judicial systems of India also need to adapt as per the contemporary information technology oriented society. However, a majority of cyber crimes in India are not reported at all. Even if some cyber crimes are reported, they are not properly investigated and very few such cyber crime cases reach to the court level.

In the absence of scientific evidence and knowledge and proper cyber crime investigation, there are very few cyber crimes convictions in India. In fact, the Supreme Court of India is hearing many Public Interest Litigations (PILs) in this regard.

In one such PIL the Supreme Court of India has issued notice to Centre to seek its views in this regard. The Supreme Court has sought response from the Centre on a PIL seeking its direction to the government to frame regulations and guidelines for effective investigation of cyber crimes in India.

The notice has been issued by a Three Judge Bench of Supreme Court headed by Chief Justice Altamas Kabir. The PIL alleges that the common people are being harassed by police due to lack of procedural safeguards in the prevalent system of cyber laws.

The PIL originated out of the allegations of Pune-based businessman Dilip Kumar Tulsidas Shah who claimed that he was harassed by the police in a cyber crime case in which he was not involved.

The petitioner seeks the remedy of issuing a writ of Mandamus, order or direction to the Centre to frame an appropriate regulatory framework of rules, regulations and guidelines for effective investigation of cyber crimes, keeping in mind the fundamental rights of citizens.

The Petitioner also contends that there is a near total lack of procedural safeguards in the prevalent system of cyber crime investigation. Police harassment of citizens, whether out of intention or ignorance, is rampant, says the Petitioner.

The Bench after hearing his arguments issued notice and clubbed his plea along with other similar PIL pending before it.

At Perry4Law Organisation and Perry4Law’s Techno Legal Base (PTLB) we have been working in the direction of spreading public awareness regarding cyber law on the one hand and cyber crimes investigation on the other. PTLB is managing the exclusive techno legal Centre of Excellence for Cyber Crimes Investigation in India.

PTLB is also managing the exclusive techno legal Cyber and Hi-Tech Crimes Investigation and Training Centre (CHCIT) of India. A special emphasis upon preventing and punishing cyber crimes against women in India has been undertaken by PTLB.

PTLB has also launched a techno legal initiative named Intelligence Agencies and Law Enforcement Technology in India. The aim of this initiative is to develop the techno legal capabilities of law enforcement and intelligence agencies of India.

Intelligence agencies and law enforcement agencies of India are actively looking towards adoption and use of information and communication technology (ICT) for their functioning.

Ambitious projects like Crime And Criminal Tracking Network and Systems (CCTNS) Project Of India, National Intelligence Grid (Natgrid) Project Of India, National Counter Terrorism Centre (NCTC) Of India, Central Monitoring System (CMS) Project of India, National Cyber Coordination Centre (NCCC) Of India, etc require techno legal expertise. Law enforcement agencies of India must be aware of both technical as well as legal requirements in order to derive maximum benefits out of these projects.

If either the Supreme Court or the Centre needs our assistance regarding formulating regulations and guidelines for effective investigation of cyber crimes in India, Perry4Law and PTLB would be glad to extend the same.

Source: CECSRDI.

Forensics Analysis Of Nokia’s Computer Used To Download Software In India

Forensics Analysis Of Nokia’s Computer Used To Download Software In IndiaNokia has been accused of violating income tax and transfer pricing laws of India. Nokia India has flatly denied these allegations and has been maintaining that it is complying with all the applicable laws of India.

In order to strengthen its allegations and prove its point, the income tax department officials paid a visit to Nokia India’s factory at Sriperumbudur, near Chennai, along with Central Forensic Science Laboratory (CFSL) officials from Hyderabad.

The idea was to verify and analyse Nokia India’s computers using cyber forensics methodologies that are suspected to be used for downloading software from parent company.

The verification started at 11:30 AM on Thursday and around 10-15 officials from the IT department along with two experts from the Central Forensic Science Labs were part of the verification, which lasted for almost seven hours.

The verification visit was triggered because during recording of statements in the last few weeks, Nokia officials gave different versions. The department sought a third party cyber expert to prove what Nokia did was wrong, and to strengthen the case, if it goes to a Court.

We at Perry4Law and Perry4Law’s Techno Legal Base (PTLB) believe that this is the right approach to gather digital evidence. The experience officials from the CFSL would consider all the aspects of cyber forensics, e-discovery, etc. Further, paper evidence scanning and e-discovery legal issues in Indiaand optical character recognition (OCR) legal issues India should also be kept in mind by the CFSL officials.

The department is expected to raise demand anytime with Nokia for Rs 3,000 crore tax deducted at source (TDS) and if they don’t compile with the law the department may consider freezing their bank accounts and their assets. The department is also alleging a transfer pricing violation of about Rs 10,000 crore.

According to the department, the Indian subsidiary of Finland-based handset manufacturer Nokia, has been downloading software from its parent company to manufacture mobile handsets at Sriperumbudur, near Chennai, but had not paid tax on royalty for downloading.