Indian government has always been very slow regarding ensuring robust cyber security in India. Most of the actions of India government are either knee jerk reactions or just ill suited super imposing of foreign models to Indian conditions. The National Cyber Security Policy of India 2013 (NCSP 2013) was formulated very late and till now it has been not implemented properly. Similarly, there is no dedicated cyber security law in India that can be pressed for punishing cyber attacks against Indian cyber space and critical infrastructures.
The conflict of laws in cyberspace has further complicated the Indian scenario. Foreign companies keep on operating from their home land and openly flout Indian laws. Law enforcement agencies of India are finding it really difficult to investigate cases relating to social media and foreign websites. The Supreme Court of India is presently hearing the Google’s online defamation case and this is a good opportunity for India to make these foreign companies and websites accountable to Indian laws.
We at Perry4Law have been suggesting for long that all Subsidiary/Joint Ventures Companies in India, especially those dealing in Information Technology and Online Environment, must mandatorily establish a server in India. Otherwise, such Companies and their Websites should not be allowed to operate in India. The Ministry of Home Affairs, India and Intelligence Bureau (IB) are already exploring this possibility.
We have also been suggesting that a “Stringent Liability” for Indian Subsidiaries dealing in information technology, online advertisement and online environment must be established by laws of India. More stringent online advertisement and e-commerce provisions must be formulated for Indian subsidiary companies of foreign companies and their websites.
Foreign e-mail service providers like Gmail are also working in active violating of Indian laws and they must be banned in India as they abet and encourage commission of cyber crimes in India. In fact, an advisory has already been issued by the Maharashtra government to use official e-mails, Indian cloud based services and routing of traffic through National Internet Exchange of India (NIXI). Further, the e-mail policy of India is already in pipeline.
It has now been reported that to protect data of Indian Internet users, the National Security Council (NSC) has proposed a three-pronged action plan. This includes asking all email providers to set up local servers, creating an Indian email service and making it mandatory for government officials to use the email provided by the National Informatics Centre (NIC). The NSC wants all data related to communication between two users in India to remain within the country. This is a logical move and is also the need of the hour.
“All email service providers may be mandated to host servers for their India operations in India. All data generated from within India should be hosted in these India-based servers and this would make them subject to Indian laws,” said an internal NSC note. The National Security Advisor has asked the Department of Telecom to look at the possibility of making it mandatory for all telecom and Internet companies to route local data through the NIXI.
For example, an e-mail sent from Delhi to Mumbai may now be routed through servers in the US for which the ISPs need to buy international bandwidth. If all ISPs connect to the National Internet Exchange, this data can be kept within the country.
However, foreign email service providers such as Google are not required to connect to exchange or keep data within India as they are governed by the laws of their respective home countries. It seems NSC failed to understand the requirement to regulate foreign e-mail service provides in India. This would also defeat the entire purpose of these suggestions. In the larger interest of India, foreign e-mail service providers like Gmail, Yahoo, Hotmail, etc must also be forced to establish servers in India. Alternatively, the Indian traffic of these foreign e-mail services must be mandatorily routed through NIXI or other infrastructure.
In addition to this, the NSC paper said that the Government must facilitate the establishment of an Indian email service that would compete in terms of quality and technical sophistication with foreign players. The objective is to wean users from companies that do not conform to the requirements of India’s security. This is a good suggestion and Perry4Law welcomes the same.