Category Archives: Uncategorized

Google App Vault And Legal Compliances And Regulatory Issues In India

Google App Vault And Legal Compliances And Regulatory Issues In IndiaCyber forensics and e-discovery are two fields that are still not paid much attention by the government, legal fraternity and judiciary of India. Cyber forensics is different from e-discovery in its scope and application. We have no legal framework for either cyber forensics or e-discovery in India and the same needs to be formulated as soon as possible. The cyber forensics trends in India also show lack of interest towards this crucial field by various stakeholders in India.

There are some crucial fields like media forensics, corporate frauds investigation, valid sting operations, cyber crime investigation capabilities, etc where India needs to pay special attention. Similarly, use of online dispute resolution (ODR) in India and e-courts in India would also give rise to additional techno legal challenges for India in the near future. The growing popularity of cyber liability insurance in India is recognition of the cyber risks that various stakeholders would face in the future.

As per media reports, Google is planning to grant access to its Google App Vault without imposing extra charges to its Apps for Education users by the end of the year. Google App Vault allows the user to retain, archive, search, and export their official mails for e-discovery and compliance purposes. However, if Google plans to extend this facility to its Indian users, this would raise serious techno legal issues as well.

For instance, the proposed e-mail policy of India may block the private e-mail services like G-mail, Yahoo, etc for official communications in the near future. This is a good step as these e-mail service providers seldom comply with Indian laws and always take a shelter behind the conflict of laws in cyberspace. We at Perry4Law believe that there must be a techno legal framework to address all these issues in India.

The starting point is to force the foreign technology companies and e-commerce websites to establish servers in India. Indian government is already contemplating forcing the Internet telephony and VOIP service providers, social media websites, etc to establish servers in India. Similarly, taxation issues pertaining to online gaming websites, technology companies like Google, e-commerce websites, etc are also required to be sorted out. Legal implications of Public Records Act, 1993 cannot be ignored while dealing in an online environment by these companies.

So far Google’s App Vault is complying with the laws of United States and Indian laws are still not been considered by it. In these circumstances, it would be a big challenge for Indian government to force Google to comply with Indian laws. This would also raise serious law enforcement and national security issues for India as data, information and other documents would be stored outside India’s territory and jurisdiction.

While this step of Google is a blessing for online skills development in India yet regulatory compliances cannot be ignored by Google and Indian government the way it has been done so far. Perry4Law hopes that Indian government would consider these aspects very seriously in the larger interests of India.

E-Discovery Legal Services In India

E-Discovery Legal Services In IndiaElectronic discovery (e-discovery) is an upcoming field for lawyers and professionals dealings with legal and techno legal due diligence issues. E-discovery is presently used for many aspects of our daily lives. For instance, e-discovery is used for social media platforms, cloud computing, etc these days.

Despite the significance of this issue, there are no e-discovery law blog in India as on date. Perry4Law and Perry4Law’s Techno Legal Base (PTLB) are managing two e-discovery blogs in India and the same can be accessed here 1 and here 2.

Some of the areas covered by the blogs include legal issues of e-discovery in India, use of e-discovery for cloud computing in India, e-discovery for social media, data rooms, legal compliances and merger and acquisitions, virtual data rooms and legal compliances, e-discovery and cyber law due diligence required for Indian companies, etc.

With very limited e-discovery related awareness in India, e-discovery legal issues are still ignored in India. The use of e-discovery in India is going to increase in future as more and more technological crimes are being committed in India. E-discovery and cyber law due diligence have become mandatory for Indian companies. Further, corporate frauds investigations in India need scientific technologies and methods to be more effective.

The regulatory compliances under the Indian Companies Act, 2013 have become techno legal in nature that cannot be ignored by Indian and foreign companies anymore. The new Companies Act mandates maintenance and inspection of document in electronic form.  The directors’ liability under the Indian Companies Act 2013 has also increased significantly. Even the cyber law and cyber security obligations of the directors of Companies operating in India have increased manifolds.

It is high time that all stakeholders give due attention to e-discovery requirements as applicable to their respective fields.

Corporate Frauds Investigations In India Need Scientific Technologies And Methods

Corporate Frauds Investigations In India Need Scientific Technologies And MethodsCorporate frauds and scientific evidence and investigations cannot be separated in the present times. Whether it is e-discovery or cyber forensics, the complicated corporate frauds of present times cannot be solved without using scientific investigative methodologies. There is no more pressing requirement than to strengthen the cyber forensics and cyber crimes investigation capabilities of India in the contemporary cyber world. The cyber forensics trends and developments in India 2013 by Perry4Law and Perry4Law’s Techno Legal Base (PTLB) have shown that Indian lacks drastically on these counts.

This does not mean that companies can relax in this regard. E-discovery and cyber law due diligence requirements for Indian companies are now well established. Perry4Law and PTLB have been maintaining for long that corporate fraud investigations in India need techno legal and holistic due diligence. E-discovery and cyber forensics investigation are two of the most important aspects of a corporate frauds investigations in India. Unfortunately, both cyber forensics and e-discovery legal issue are grossly ignored in India by Indian companies and the law enforcement agencies.

With the present techno legal framework and its non compliance by Indian and foreign companies, the cyber litigations against foreign websites would increase in India in the near future. Even the foreign investors in e-commerce and technology ventures of India are required to follow cyber law due diligence requirements (PDF). The legal mood is very clear and cyber due diligence cannot be ignored by Indian companies anymore. Very soon mandatory cyber security breach notifications would be enforced in India as well. Further, cyber security breaches in India would also raise complicated cyber security issues for the companies as most of them are not complying with techno legal requirements of Indian laws and regulations.

There is no escape from the reality that white collar crimes and financial frauds are increasing in India. Further, IT and cyber frauds in Indian companies are increasing. By their very nature these high profile crimes affect corporate sector. Indian companies are also facing increased corporate frauds, financial frauds, white color crimes and technological frauds. Indian government reacted immediately and it formulated the under Indian Companies Act, 2013 (PDF).

The Ministry of Corporate Affairs (MCA) has also issued some Rules under Chapter XIV of Indian Companies Act, 2013 pertaining to Inspection, Inquiry and Investigation by Indian Authorities and Serious Frauds Investigation Office (SFIO). The Suggestions Regarding Rules Pertaining to Inspection, Inquiry and Investigation (SFIO) by Perry4Law (PDF) has already been provided by us in this regard. Now even the Central Government permission is not required by Central Bureau of Investigation (CBI) to prosecute senior bureaucrats for corruption cases monitored by Supreme Court of India.

Corruption among corporate world has also necessitated use of e-discovery and cyber law due diligence by and against Indian companies. For instance, Indian and foreign corruption and technology related due diligences in India has gained importance. Corruption and the regulatory measures to prohibit corrupt practices have assumed new meaning with the passing of the Jan Lokpal and Lokayuktas Act, 2013 by the Parliament of India. Similarly, the Serious Frauds Investigation Office (SFIO) has also been given wide powers under Indian Companies Act, 2013.

The future corporate frauds investigations in India would rely upon scientific technology and methods. Our law enforcement officials must be well trained in e-discovery and cyber forensics methodologies. Similarly, companies must also think seriously in the direction of complying with the techno legal requirements of India laws.

E-Discovery And Cyber Law Due Diligence Required For Indian Companies

E-Discovery And Cyber Law Due Diligence Required For Indian CompaniesCorporate frauds in India are increasing and we need a sound techno legal strategy to handle the same. In fact, corporate fraud investigations in India need techno legal and holistic due diligence to be effective and successful. E-discovery and cyber forensics investigation are two of the most important aspects of a corporate frauds investigations in India.

E-discovery investigation includes areas like money laundering, corruption, financial frauds, cyber crimes, serious frauds and white collor crimes investigation, etc. Presently e-discovery services in India are in infancy stage and this is the reason why many cases of corporate frauds and cyber crimes remain unreported.

For instance, Airtel and Tata Teleservices Limited are violating Internet Intermediary rules of India as they have failed to observe cyber law due diligence in India. When such cyber crimes and cyber contraventions are committed by well established telecom companies like Tata and Airtel that means there is something seriously wrong with our telecom laws and policies. As a result corporate frauds and IT frauds have increased a lot in India.

To streamline he corporate environment, Indian government has enacted the Indian Companies Act, 2013 (PDF). The transfer pricing laws in India also need to be strengthened as many telecom companies have been avoiding payment of taxes due to inadequate transfer pricing laws of India.

The Ministry of Corporate Affairs (MCA) has also issued some Rules under Chapter XIV of Indian Companies Act, 2013 pertaining to Inspection, Inquiry and Investigation by Indian Authorities and Serious Frauds Investigation Office (SFIO). The Suggestions Regarding Rules Pertaining to Inspection, Inquiry and Investigation (SFIO) by Perry4Law (PDF) has already been provided by us in this regard. Now even the Central Government permission is not required by Central Bureau of Investigation (CBI) to prosecute senior bureaucrats for corruption cases monitored by Supreme Court of India.

Corruption among corporate world has also necessitated use of e-discovery and cyber law due diligence by and against Indian companies. For instance, Indian and foreign corruption and technology related due diligences in India has gained importance. Corruption and the regulatory measures to prohibit corrupt practices have assumed new meaning with the passing of the Jan Lokpal and Lokayuktas Act, 2013 by the Parliament of India. Similarly, the Serious Frauds Investigation Office (SFIO) has also been given wide powers under Indian Companies Act, 2013.

As corporate frauds may spread over multiple jurisdictions, it is of vital importance that coordination among various national and international law enforcement agencies must be there. This is more so where a cyber crime investigation is in progress as digital evidence is very fragile in nature and it may be lost in no time. Keeping this in mind an Indo-American alert, watch and warn network for real time information sharing in cyber crime cases has been established. At the national level as well there must be coordination among the law enforcement agencies of various states of India.

Perry4Law has been managing the techno legal due diligence and corporate frauds investigation for long. Our techno legal services also include cyber crime investigation, cyber forensics services, e-discovery services, cyber security due diligence services, e-commerce compliances, etc.

With a decade of techno legal experience that we have obtained, we firmly believe that corporate fraud investigations in India need techno legal and holistic due diligence. Indian government must make suitable arrangements so that techno legal due diligence becomes essential part of the corporate governance of India.

Kim Dotcom Allowed To See All Evidence Seized By Police By The New Zealand Court

Kim Dotcom Allowed To See All Evidence Seized By Police By The New Zealand CourtRecently a New Zealand Court asked the New Zealand law enforcement agencies investigating a case against Kim Dotcom to return back all the digital information that has been illegally obtained from him. The investigating authority committed the blunder of seizing each and every digital information and sending the copies of the same to U.S. law enforcement agencies.

Kim is presently facing an extradition case in New Zealand and this act of law enforcement agency is going to help him to defer the same. As was expected, the defense lawyers of Kim took the plea that lack of access to the seized evidence put them at a disadvantage in defending their clients.

Naturally, the court has to grant access to such evidence to Kim’s lawyers otherwise the case could not proceed further. The Court granted Kim/Lawyers access to all evidence seized by police in a 2012 raid. This would further delay the proceeding in this case.

The court also observed that police must provide copies of evidence considered relevant to the US investigation and any evidence seized in the raid, including computers, hard drives, files, and other materials deemed irrelevant must be returned to Kim.

Offended by the seizure and confiscation of the Megaupload website by U.S. government, Kim has even accused companies including Google, Facebook, and Twitter of infringing his intellectual property rights.

Kim says that initially he did not prefer to sue these companies as he believes in sharing knowledge and ideas for the good of society. But now he may sue these companies as the bitter experience of seizure/confiscation of his website by U.S. government is still fresh in his memories.

An extradition hearing of Kim is scheduled for August, but the same may be delayed due to separate cases linked to another court ruling that unlawful warrants were used in the police raid.

US Court Held That Digital Evidence Includes Facebook Account

US Court Held That Digital Evidence Includes Facebook AccountThe United States District Court for the District of New Jersey was recently dealing with the case named Frank Gatto v. United Air Lines, Inc, Civil Action No: 10-cv-1090-ES-SCM. The case involved request to impose spoliation sanctions upon Frank for deleting his Facebook account and thereby destroying the digital evidence necessary to the court proceedings.

The court agreed that an instruction be given at trial to the jury that it may draw an adverse inference against Frank for failing to preserve his Facebook account and intentional destruction of evidence.

Frank was sanctioned for evidence spoliation after he deactivated his Facebook account during litigation, resulting in its permanent deletion by Facebook after 14 days passed.  It is clear that social media accounts, being in electronic form, are also required to follow the evidence preservation requirements of U.S. laws. Parties who fail to preserve evidence contained in their social media accounts when litigation is pending or anticipated do so at their peril.

This is the golden rule of e-discovery procedure where potential evidence is put on hold by the attorneys and such evidence cannot be alter or destroyed. In fact, putting on hold is the main step to sort out relevant evidence and then preventing its deletion. If the entire electronic information, whether related to a case or not, is seized or acquired that would not serve any purpose.

Recently, the New Zealand High Court told investigation authorities to return back illegally obtained Megaupload digital material. This is so because e-discovery procedure cannot be extended to even personal and private information that has nothing to do with the case in hand.

During a recent money laundering accusation in India, the HDFC ban launched its own investigation. The Reserve Bank of India (RBI) audit report found many aberrations in the dealings of ICICI, HDFC and Axis banks. RBI also announced that it would take action against the defaulting banks.

However, none has realised that the internal and private investigation by these banks can destroy the crucial digital evidence. Neither the investigation authorities nor the RBI put on hold the relevant digital evidence and till now everything must have gone.

India does not follow the cyber forensics and e-discovery best practices. Even cyber security best practices in India are also missing. E-discovery for social media, cloud computing, etc is going to increase in the near future in India and we must be well prepared for the same.

In Frank Gatto’s case, for months, the defendants had sought information about the plaintiff’s (Frank) social networking activities because they might shed light on the effects of the personal injuries claimed by the plaintiff.  The plaintiff created a new Facebook password and provided it to defense counsel to permit access to the account.  After learning that a third party had accessed his Facebook account, the plaintiff deactivated the account.  Facebook automatically deleted the account 14 days later.

The plaintiff contended that he terminated the account because he was involved in contentious divorce proceedings and his account had been repeatedly “hacked into” before his personal injury lawsuit.

However, the court did not agree with the plaintiff. The court held that the Facebook account was clearly within plaintiff’s control, that it was relevant to the claims or defenses at issue, and that it was reasonably foreseeable that the evidence would be discoverable—particularly since the Facebook account had been requested in discovery five months before.

Court Told Investigation Authorities To Return Back Illegally Obtained Megaupload Digital Material

Justice Helen WinkelmannWhile obtaining digital evidences, law enforcement agencies are supposed to follow sound e-discovery practices. Under the garb of investigation, law enforcement agencies cannot take away each and every digital asset of an accused. Law enforcement agencies are required to only take away that material which is directly related to the investigation in question.

However, in reality law enforcement agencies take away all possible digital information and evidence howsoever irrelevant or unrelated such digital information may be. Even organisations fail to satisfy the requirement of following sound e-discovery practices.

In a recent case, a judge has ordered the police to analyse the seized digital information from Megaupload and return back all the information that has been taken illegally. This includes all digital information that has nothing to do with the investigation in hand. Such digital information must be returned back at own cost of the investigation agency. The court has also held that clones of hard-drives already sent to the United States must also be returned if they contain personal information, while any further copies must be destroyed.

The judgement was given by chief High Court justice Helen Winkelmann who held that the seizure of devices without sorting them first was unlawful, and that the police have no right to keep irrelevant material.

Earlier, a raid requested by FBI to be carried out by the New Zealand police Special Tactics Group, was deemed illegal by the High Court as the warrants authorising it were too general.

Now the learned Judge has held that the defects in the search warrants were such that the warrants were nullities and that a miscarriage of justice did result.

This is a very sensible judgement where the learned Judge has shown good working knowledge about the technology and applicable legal principles to e-discovery. We would update about this aspect subsequently.

HDFC Bank Must Follow Sound E-Discovery And Cyber Forensics Procedure To Avoid Legal Liability

PRAVEEN DALAL MANAGING PARTNER OF PERRY4LAW CEO PTLBMany of the readers of this Blog may be aware that ICICI, HDFC and Axis Banks have been accused of indulging in Money Laundering and Benami Transactions. While Finance Ministry and Reserve Bank of India (RBI) are Investigating Money Laundering Accusations against ICICI, HDFC and Axis Banksyet these Banks may also be conducting their own Private Investigations.

It has been reported by media reports that the HDFC Bank has hired services of private players for Forensics and Legal Audit of its affairs. At Perry4Law and Perry4Law’s Techno Legal Base (PTLB) we strongly believe that although this may be good intended yet it may bring “Unforeseen Legal Challenges”.

As the allegations against these Banks are serious and Criminal in nature, there is numerous Data of Evidence that must be “Kept Intact” by these Banks. If these Data, including Digital and Electronic Data, Changes, Access or Manipulated, it may “Draw an Adverse Inference” by the Investigating Authorities and Courts against these Banks. It may also amount to “Destruction of Evidence” by these Banks hence further Offence(s).

Although HDFC has declared that this Forensics and Legal Audit Process has been initiated without prejudice to the authentication of the video recordings or electronic data yet this is stand is difficult to prove in a Court of Law.

Actually it is the fault of the Investigating Agencies and Indian Government that have failed to take appropriate and immediate action in this regard. If the Investigation Agencies had acted “Expeditiously”, Crucial Digital Evidence would have already been placed “On Hold”.

It is also high time to spread Awareness about and ensure necessary Techno Legal Skills Development for Cyber Law of India, Digital Evidencing, E-Discovery Procedure in India and Cyber Forensics Application to various Civil and Criminal cases in India. Till now this Awareness is missing and Investigation Authorities and Courts are not insisting upon holding the Crucial Digital Evidence.

A Public Interest Litigation (PIL) has been pending before the Supreme Court of India to ask Indian Government to prescribe Regulations and Guidelines for Effective Investigation of Cyber Crimes in India. This is also a good opportunity for the Supreme Court and Indian Government to take care of Paper Evidence Scanning and E-Discovery Legal Issues in India and Optical Character Recognition (OCR) Legal Issues India.

We would come up with further report on this issue very soon.

Paper Evidence Scanning And E-Discovery Legal Issues In India

Paper Evidence Scanning And E-Discovery Legal Issues In IndiaIndia is in the process of providing of electronic delivery of services to Indian citizens. Further, there is also a shift in electronic financial transactions in India whether it pertains to Internet banking or mobile banking. Additional challenges would also arise due to this digital revolution in India.

E-discovery services in India have become essential due to growing dependence upon electronic services in India. Further, white collor crimes, financial frauds, IT and cyber frauds, forensics accounting and auditing and risk management have further increased the scope of e-discovery services in India.

E-discovery legal jurisprudence in India is still evolving. At Perry4Law and Perry4Law’s Techno Legal Base (PTLB) we have provided certain techno legal aspects of e-discovery laws and regulation in India. These include optical character recognition (OCR) legal issues India, e-discovery for social media in India, data rooms, legal compliances and merger and acquisitions in India, virtual data rooms and legal compliances in India, e-discovery for cloud computing in India, electronic discovery (e-discovery) challenges in India, etc.

In e-discovery and OCR procedure, the role of a technology lawyers and ICT law firm is very important. No organisation or individual engaged in the e-discovery or ODR process can afford to engage in a limitless exercise. We at Perry4Law and PTLB believe that any e-discovery and OCR exercise must be primarily guided by relevancy, proper chain of custody and admissibility criteria in all circumstances. This is more so when litigation is an option.

In e-discovery and OCR procedure, data is identified as potentially relevant by lawyers/law firm and placed on legal hold. Evidence is then extracted and analysed using legally acceptable cyber forensic procedures. This includes the stages of identification, preservation, collection, processing, review and production.

These issue must be properly managed as per the techno legal requirements existing in India otherwise the adduced information, documents and evidence may not be relevant and admissible in the court of law.

Optical Character Recognition (OCR) Legal Issues India

Optical Character Recognition (OCR) Legal Issues IndiaOptical character recognition (OCR) is one of the most important stages of e-discovery or cyber forensics process. OCR is the process where images of handwritten, typewritten or printed text are converted into machine-encoded text using the mechanical or electronic conversion.The main purpose of OCR is to digitise printed texts so that they can be electronically searched, stored more compactly, displayed on-line through virtual data rooms, and used in machine processes such as machine translation, text-to-speech and text mining. OCR is also very important for presenting and defending claims and obligations in civil and criminal proceedings.

OCR, e-discovery and cyber forensics are sometimes combined while investigating financial frauds and crimes, serious frauds, forensics audit, white collor crimes, corporate frauds, fraud risk analysis, IT and cyber frauds, etc.<

However, there are certain techno legal issues that must be taken care of while engaging in the OCR activities. If these techno legal issues are not followed properly, the end OCR product may not be admissible in a court of law or other investigation.

Further, only relevant material must be converted into legally admissible electronic records, including OCR. A proper chain of custody must be maintained at all stages of converting printed and other text documents into digital documents and OCR.

There is no sense in converting the entire paper based document s in to electronic format as not all electronic versions would be relevant to the case or investigation. Even lesser electronic records and OCR would be held admissible in a court of law.

According to Perry4Law and Perry4Law’s Techno Legal Base (PTLB) the most important attribute while engaging in the OCR exercise meant for litigation purposes is to first ascertain the relevant documents and then convert them into digital format keeping in mind the admissibility criteria while following proper chain of custody.

If you are interested in our techno legal services, you may contact us in this regard. See our techno legal services, cyber forensics services, US, UK and EU laws compliances, etc in this regard.