Author Archives: PTLB

National E-Health Authority (NeHA) Of India Proposed

National E-Health Authority (NeHA) Of India ProposedIndian government has started ambitious initiatives like Digital India and Internet of Things (PDF) that intend to bridge the digital divide in India on the one hand and enabling e-delivery of services in India on the other. There are many segments of Digital India projects and e-health is one of them. E-health initiatives of India government aim at providing timely, effective and economical healthcare services to Indian population. E-health is particularly relevant for masses that have little access to healthcare services in India.

While the objectives of Digital India are laudable and deserve full support yet we at Perry4Law Organisation (P4LO) also believe that the shortcomings of Digital India project of India cannot be ignored or bypassed by Indian government. Similarly insisting upon Aadhaar number for healthcare services in India would be a terrible idea especially when Aadhaar is not mandatory for government services in India.

A proposal to constitute an e-health authority of India was mooted in June 2014. Now the Ministry of Health and Family Welfare has released a concept note discussing establishment of the National eHealth Authority (NeHA) for India. Public inputs have also been invited on or before 20th April 2015.

According to the note, NeHA will be the nodal authority that will be responsible for development of an Integrated Health Information System (including Telemedicine and mHealth) in India, while collaborating with all the stakeholders, viz., healthcare providers, consumers, healthcare technology industries, and policymakers. It will also be responsible for enforcing the laws and regulations relating to the privacy and security of the patients health information and records.

We at Centre of Excellence for Cyber Security Research and Development in India (CECSRDI) believe that Modi government must take cyber security seriously. The cyber security challenges in India would increase further and India must be cyber prepared to protect its cyberspace. CECSRDI believes that the starting point is to draft the cyber security policy of India 2015 as the 2013 policy is highly defective and of little significance. CECSRDI strongly recommend that cyber security disclosure norms of India must also be formulated as soon as possible. Dedicated privacy law of India, data protection law of India (PDF), encryption laws in India, etc are also required.

As per the concept note, NeHA would be responsible:

(a) To guide the adoption of e-Health solutions at various levels and areas in the country in a manner that meaningful aggregation of health and governance data and storage/exchange of electronic health records happens at various levels in a cost-effective manner,

(b) To facilitate integration of multiple health IT systems through health information exchanges,

(c) To oversee orderly evolution of state-wide and nationwide Electronic Health Record Store/Exchange System that ensures that security, confidentiality and privacy of patient data is maintained and continuity of care is ensured.

In the light of the above, NeHA has been envisaged to support:

(a) Formulation of policies, strategies and implementation plan blueprint (National eHealth Policy / Strategy) for coordinated eHealth adoption in the country by all players; regulation and accelerated adoption of e-health in the country by public and private care providers and other players in the ecosystem; to establish a network of different institutions to promote eHealth and Tele-medicine/remote healthcare/virtual healthcare and such other measures;

(b) Formulation and management of all health informatics standards for India; Laying down data management, privacy & security policies, standards and guidelines in accordance with statutory provisions; and

(c) To promote setting up of state health records repositories and health information exchanges (HIEs);

(d) To deal with privacy and confidentiality aspects of Electronic Health Records (EHR).

Functions of National eHealth Authority

(1) Core Functions

(a) Policy and Promotion

(i) Working out vision, strategy and adoption plans, with timeframes, priorities and road-map in respect of eHealth adoption by all stakeholders, both Public and Private providers, formulate policies for eHealth adoption that are best suited to Indian context and enable accelerated health outcomes in terms of access, affordability, quality and reduction in disease mortality & morbidity

(ii) To engage with stakeholders through various means so that eHealth plans are adopted and other policy, regulatory and legal provisions are implemented by both the public and private sector stakeholders.

(iii) It shall provide thought leadership, in the areas of eHealth and mHealth.

(b) Standards Development

(i) Government of India, MoHFW has published EMR/EHR standards for India in 2013. Similarly, MoHFW has become a member of IHTSDO with a view of widespread adoption of SNOMED-CT in India; MoHFW has also nominated C-DAC (Pune) as interim NRC (iNRC). As such, initial focus of NeHA would be on addressing implementation issues and promoting mechanisms in support of the same.

(ii) Concurrently, NeHA will be nurtured to undertake the role of a standards development, maintenance and support agency in the area of Health Informatics

(c) Legal Aspects including Regulation

(i) NeHA will be setup through an appropriate legislation (Act of Parliament). It is also proposed to address the issues relating to privacy and confidentiality of Patients’ EHR in the legislation. NeHA may act as an enforcement agency with suitable mandate and powers.

(ii) NeHA will be responsible for enforcement of standards and ensuring security, confidentiality and privacy of patient’s health information and records.

(d) Setting up and Maintaining Health Repositories, Electronic Health Exchanges and National Health Information Network

NeHA, while avoiding the implementation role by itself, will prepare documents relating to architecture, standards, policies and guidelines for e-Health stores, HIEs and NHIN; it may also initiate or encourage PoCs, in close consultation with government – centre and states, industry, implementers and users. Later, it would lay down operational guidelines and protocols, policies for sharing and exchange of data, audit guidelines and the like; these shall be guided by experience in operation and use of PoC, global best practices and consultations with stakeholders (MoHFW, State governments and other public and private providers, academia, R&D labs, and others).

(e) Capacity Building

Spreading awareness on Health Informatics / eHealth to healthcare delivery professionals through various educational initiatives and flexible courses according to the background of the learners will form a component of NeHA activities, as it is seen as critical to acceleration of adoption of eHealth.

(f) Other functions may be assigned to NeHA as the situation warrants.

Health being a state subject in India and much depends on the ability /regulatory framework enacted by the State governments, NeHA shall be created through legislation (Act of Parliament) that empowers it to take leadership and strategic role for setting directions for public and private eHealth initiatives, including electronic health records storage and health information exchange capabilities and other related health information technology efforts and regulation of the same.

NeHA shall ensure ongoing interagency cooperation – while engaging with various stakeholders through the Standing Consultative Committee and also through other means, in a structured, open and transparent manner to support successful evolution of national integrated health information system. We at Perry4Law’s Techno Legal Base (PTLB) welcome this initiative of Indian government and wish all the best to it in this regard.

Digital India And Aadhaar Related Critical Policy Suggestions And Views Of Praveen Dalal

Praveen Dalal, Managing Partner Of Perry4law And Cyber Law ExpertDigital India is a promising initiative of Indian Government. However, like any new and good project, Digital India is also suffering from many shortcomings and weaknesses. It is imperative on the part of Indian Government to remove these limitations of Digital India project instead of suppressing the same. It is also important that any critical view or suggestion regarding Digital India project must not be either suppressed or censored by Indian Government or technology platforms like Google, Twitter, etc.

There are many critical opinions regarding Aadhaar and Digital India projects. It is believed that by clubbing the digital India project with Aadhaar, Indian Government has made Digital India the digital panopticon of India.

There are also many reported cases of censorship activities of Google and Twitter in India. The dissenting tweets and posts regarding Digital India were censored by both Google and Twitter repeatedly. It would be better if these companies would respect civil liberties in cyberspace in the future.

This post is sharing the critical and other views and recommendations of Praveen Dalal regarding Digital India and Aadhaar Projects that have been shared at Twitter for public at large but are not easy to find due to censorship activities. These are as follows:

(1) Use Of ICT For Women Empowerment In India Is A Belated But Good Step Under Digital India. My Opinion (2006). Source: UNPAN (PDF),

(2) Digital India Project Is Good But It Must Be Supplemented With Robust Cyber Security In Advance,

(3) Twitter Continues Censoring Digital India Related Dissenting Tweets. Source: Perry4Law News Centre,

(4) Google Is Manipulating Timestamp Of Digital India Related Dissenting News To Remove Them From Latest News Results. Source: Perry4Law News Centre,

(5) Exploring Digital India By Riding Upon M-Governance And Ignoring Shortcomings Of E-Governance And Aadhaar Is A Risky Step That Should Be Avoided,

(6) Now Google Is Flexing Its Censorship Muscles For Digital India Related Critical Tweets- Source: Perry4Law News Centre,

(7) It Is Good That Budget 2015 Has Given Importance To Digital India. Now The Govt Must Work In The Direction Of Making It Successful,

(8) The Biggest Problem Of Digital India Project Is That It Lacks A Clear Cut Policy And Implementation Plan,

(9) Twitter Is Censoring Dissenting Digital India Related Tweets In Real Time- Source: Cjnews India,

(10) E-Surveillance Projects Of India Need Parliamentary Oversight And Judicial Scrutiny- Source: CLPIC,

(11) Unconstitutional And Illegal Biometrics Collection Laws And Practices In India- Source: CEPHRC,

(12) Aadhaar Is Not A Welfare Project But An E-Surveillance Project Of Highest Nature- Source: Privacy Laws In India,

(13) Digital India Project Of India Is Heading For Rough Waters- Source: Perry4Law News Centre,

(14) Central Govt Lied To Supreme Court By Telling Aadhaar Not Mandatory For Its Services,

(15) Digital India Is Biggest Panopticon Of Human Race The Moment It Is Clubbed With E-Surveillance Tool Named Aadhaar, Source: Privacy Laws In India,

(16) Would You Like Your Children To Be Digitally Tagged Forever? If Not, Protest Against Aadhaar And Stop Its Use,

(17) Digital India By Making Aadhaar Compulsory And Illegally Clubbing It With E-Services Is Controlling Your Digital Life,

(18) Shortcomings Of Digital India Project Of India- Source: Perry4Law News Centre,

(19) Digital India Project Of India Is Heading For Rough Waters- Source: Perry4Law News Centre,

(20) Aadhaar Not Mandatory For Government Services: Central Government To SC- Source: Perry4Law News Centre,

(21) Modi Govt Should Not Risk Wonderful Concepts Like Digital India, Made In India And Digital Locker By Clubbing Them With Aadhaar. Bad Idea,

(22) Supreme Court Must Immediately Impose An Interim Stay On States/Centre That Are/Is Making Aadhaar Compulsory,

(23) Supreme Court Must Immediately Declare Aadhaar Project As Unconstitutional- Source: CLPIC,

(24) It Is Surprising How People Can Be So Docile About Aadhaar And How Central Govt Can Fool Supreme Court So Easily With False Statements,

(25) Digital Locker Is A Legal Project Based Upon Illegal Technology Named Aadhaar- What An Irony, etc.

This consolidate list would provide a readymade reference list of all Digital India and Aadhaar related critical views and opinions of Praveen Dalal at a single place. We hope our readers would find this post and these tweets useful and productive.

Digital Locker Tied Up With Aadhaar Is Illegal And Would Not Serve Digital India: Praveen Dalal

Praveen Dalal-Managing Partner Of Perry4Law And CEO Of PTLBThe digital locker project of Indian government has been launched with much fanfare. However, on a closer look it is apparent that digital locker tied up with Aadhaar is illegal and would not serve digital India project.

According to Praveen Dalal, digital locker is a legal project based upon illegal technology named Aadhaar. It was a real bad idea on the part of Indian government to rely exclusively upon Aadhaar to make digital locker facility operational.

The moment digital locker is made dependent upon Aadhaar; it becomes a “controversial and unconstitutional” project. This is more so when Aadhaar is the sole criteria to avail the service that is also in violation of the Supreme Court’s directions (PDF), opines Dalal.

Supreme Court of India must declare Aadhaar and projects based upon aadhaar illegal and unconstitutional. The truth is that Aadhaar project in its present form has no welfare element but is purely an e-surveillance project that needs to be declared unconstitutional immediately.

Commission On Global Security, Justice And Governance

Commission On Global Security, Justice And GovernanceThe Commission on Global Security, Justice and Governance (PDF) is a High Level Commission of the Hague Institute for Global Justice. Former U.S. Secretary of State Madeleine Albright and former Nigerian Foreign Minister Ibrahim Gambari will chair the Commission that would focus on conflict-affected states, the cyber economy, and climate change. We at Perry4Law Organisation and Perry4Law’s Techno Legal Base (PTLB) welcome this move of Hague Institute and wish all the best to the Commission.

As far as information and communication technology (ICT) and cyberspace is concerned, conflict of laws in cyberspace and civil liberties protection in cyberspace are two of the most prominent areas that have to be analysed by the Commission. Other similar areas would also be required to be analysed by the Commission in due course of time.

Take the example of cyber warfare as a conflict area in cyberspace. As on date there is no international cyber security treaty (PDF) than can govern the cyber warfare issues. International legal issues of cyber attacks have significantly increased but there is a policy and regulatory void to deal with the same.

We cannot rely upon the Tallinn Manual on the International Law Applicable to Cyber Warfare (Tallinn Manual) for dealing with cyber warfare issues as the manual is just an academic, non-binding study on how international law, in particular the jus ad bellum and international humanitarian law, apply to cyber conflicts and cyber warfare. The Commission can play a significant role in this regard.

The official websites of the Commission states that Humanity is facing unique and growing range of challenges like political violence, environmental decay, cyber insecurity and cross-border economic shocks. These issues have global security and justice implications that need urgent attention but far exceed state and global institutional capacities.

To overcome this capacity deficit, The Hague Institute for Global Justice and The Stimson Center have convened a Commission on Global Security, Justice, and Governance. The Commission also brings together a select group of eminent statespersons and public intellectuals to draft and recommend reforms in this regard that would be considered during the 70th Anniversary Summit of the United Nations in September 2015.

According to Abiodun Williams, President of The Hague Institute for Global Justice, “Finding better mechanisms to prevent and resolve armed conflicts, address the human security impacts of climate change, and prevent future cross-border economic shocks requires bold and innovative approaches to global leadership. Viewing these challenges through the lens of global security and justice lends greater urgency to governance reform and engages state and non-state actors worldwide in new and meaningful ways.”

Digital India Project Of Narendra Modi Government

Digital India Project Of Narendra Modi GovernmentDigital India Initiative of Indian Government intends to transform India into digital empowered society and knowledge economy. It is a very wide and ambitious project that has been launched by Narendra Modi Government. It has many components and may be supplemented with related initiatives like Draft Internet of Things (IoT) Policy of India.

Digital India will be implemented in multiple phases from the year 2014 till 2018.  The aim of Digital India is to ensure that Government services are available to citizens electronically and in an online environment.  It also intends to bring in public accountability through mandated delivery of government’s services electronically, a Unique ID and e-Pramaan based on authentic and standard based interoperable and integrated government applications and data basis. The existing/ ongoing e-governance projects of India would be revamped to align them with the principles of Digital India.

Digital India initiative is praiseworthy and deserves full support of all stakeholders. However, the initiative also lacks many crucial components including lack of legal framework, absence of privacy and data protection laws (PDF), civil liberties abuse possibilities, lack of parliamentary oversight for e-surveillance in India, lack of intelligence related reforms in India, insecure Indian cyberspace, etc. These issues have to be managed first before introducing Digital India project in India.

Digital India cannot be successful till mandatory e-governance services in India are introduced. This seems to be logical as well as when even the National e-Governance Plan of India has not been implemented properly, expecting successful implementation of Digital India is hoping too much. India has poor regulations in the field of privacy protection, data protection, cyber law, telegraph, e-governance, e-commerce, etc. Further, e-governance and Digital India without cyber security is useless (PDF). The cyber security trends in India (PDF) have exposed the vulnerability of Indian cyberspace. Even the National Cyber Security Policy 2013 has not been implemented till now. In these circumstances, critical infrastructure protection (PDF) would be a real challenge for Indian government.

Initiatives like Digital India and IoT would be required to comply with the civil liberties requirements in general and civil liberties protection in cyberspace in particular. India has not given any importance to Privacy and Privacy law so far. Indian government is also indulging into Mass surveillance in India and projects like Aadhaar, Central Monitoring System, Netra, NATGRID, etc. are operating without any law and parliamentary oversight. Even the intelligence agencies of India like Intelligence Bureau and law enforcement agencies like Central Bureau of Investigation are operating for decades without any law and parliamentary scrutiny. Digital India and IoT would further strengthen the mass surveillance activities of Indian government if proper procedural safeguards are not put at place.

If properly implemented, Digital India initiative can transform the way public services would be delivered in India in near future. Despite its shortcomings, Digital India project is worth exploring and implementation.

E-Books Project Of Indian Government Under Digital India Initiative

E-Books Project Of Indian Government Under Digital India InitiativeIndia has launched a very ambitious and promising initiative known as Digital India. It would ensure electronic delivery of services in India that has been missing so far. Some of the core areas that would be covered by Digital India include public Healthcare, Education, Judicial services etc. Every single are of Digital India would take decades of planning, hard work and actual implementation. For instance, the enabling Indian educational system through use of information and communication technology (ICT) would require not only policy changes at the apex level but also actual implementation of these policies by the education stakeholders.

According to Business Standard, Indian government has proposed digital e-book versions of school syllabus. Under the current proposal, the central government is planning a project to convert all books covered under school curricula into e-books. The Centre for Development of Advanced Computing (CDAC) is building the platform to host the e-books. The ministry of education would identify the curricula and the books which will be first available on the platform. The National Council of Educational Research and Training (NCERT) would also help in short listing of such books.

Traditional and print form books have dominated market share for long. However, there is a gradual shift towards e-books publication, distribution and e-commerce. Private companies are already exploring the e-books segment for NCERT curriculum. However, consolidation of e-books industry is yet to happen and Indian government’s e-books initiative may prove useful in this regard. At the same time, e-books publication laws in India must also be followed to avoid unnecessary litigations and copyright violation claims and to strengthen the national litigation policy of India.

We at Perry4Law and Perry4Law’s Techno Legal Base (PTLB) believe that the e-books publication, sales and distribution laws in India are still maturing and conflict of laws in cyberspace is a major hurdle before this branch of law. In the absence of a techno legal framework in India, e-books of publishers may face international copyright violations and breach of other rights of the owners/publishers. Legal remedies in India would not be effective in these circumstances.

Despite present techno legal challenges, the e-books project of Indian government is a landmark initiative. We at Perry4Law and PTLB welcome this move of Indian government and hoe that the e-books platform would be made operational by CDAC before the start of 2015.

Volkswagen Group Plans To Build Inhouse IT Skills And Capabilities In India To Meet Contemporary Techno Legal Requirements

Volkswagen Group Plans To Built Inhouse IT Skills And Capabilities In India To Meet Contemporary Techno Legal RequirementsOutsourcing of a company’s work to a service provider may be cost effective but is not free from risks. For instance, sensitive information and business secrets may leak out due to such outsourcing activities. India has created an anti outsourcing environment for herself be neglecting to enact dedicated privacy laws in India and data protection laws in India (PDF).

Even the LPO and KPO in India have not kept the pace with the contemporary requirements of business organisations. As a result many business organisations have started developing their own inhouse teams to deal with company’s critical and sensitive works instead of outsourcing the same to external entities. The only exception seems to be high end and highly specialised techno legal issues that are still managed by external experts.

We at Perry4Law have been managing many such high end and highly specilaised techno legal issues for both national and international clients. We provide a very conducive and comfortable environment for our clients by acting as an “extended wing” of the concerned organisation thereby giving them full autonomy and flexibility to manage their own works at their respective levels. Wherever required, we can also extend our techno legal skills development trainings and courses through both online and offline methods. While performing all these functions, we keep in mind the cyber security legal obligations as applicable to law firms in India and world wide.

In a latest move reflecting the trend of developing inhouse capabilities, the Volkswagen Group has decided to open an IT development centre in Pune next month as it takes steps to secure critical technical knowledge, quicken inhouse processes and cut down dependence on outsourcing. Earlier, Volkswagen India had launched a new mobile service application for its customers, which will provide direct access to information on its sales and service networks as well as the latest sales and after-sales offers.

Volkswagen is well aware of the potential of e-commerce in India on the one hand and is cautious of the growing theft of trade secrets through cyber crimes on the other hand. Brand protection and management in India is a tedious task and it is a good strategy to protect it in the best possible techno legal manner. Some individuals have been indulging into illegal activities to protect the brands of their clients in India that is counterproductive for their clients in the long run. Corporate espionage and intellectual property theft cases have been reported by Japanese company Kawasaki Heavy Industries (KHI), Mozilla, Toshiba, etc in the past. SanDisk and Toshiba have even sued Hynix over suspected flash memory technology leak. Similarly, anti piracy and copyright infringement protection to entertainment industry of India from online mediums and websites has become a big challenge. Overall tackling intellectual property violations and cyber crimes and cyber attacks has become a priority for companies around the world and Volkswagen may also follow the pursuit.

According to ET the regional competency centre of Volkswagen in India is expected to house over 1,000 engineers over the next three to four years. Milan Kumar will head the centre in India, which will provide IT support to all its companies across the world by leveraging the talent available in the country. Global companies such as General Motors, Fiat, and Hyundai Motor Company are increasingly investing on IT and R&D resources in India. German auto component major Bosch has a 4,000-strong IT workforce in Bangalore, which apart from working on systems and processes, handles critical development work for the group globally. Volkswagen’s Pune centre will start with the IT function and may eventually expand into a bigger development role.

With the growing IT needs of the Volkswagen Group, the focus will be on building highly competent IT Teams and developing inhouse knowledge as a foundation for continued innovation. The problem that Volkswagen Group is facing is that a lot of knowledge has gone out to vendors and sometimes it was becoming hard for it to understand its own systems. Now, the Group wants the knowledge of critical applications to be managed inhouse. And security is a key focus for the Group as it does not want data about key Volkswagen processes to be with a vendor.

The Companies Act, 2013 of India has also introduced cyber law, cyber security and other techno legal liability and obligations on the part of directors of Indian companies. Both the Indian companies and their directors are now required to comply with techno legal requirements of various Indian laws. There would be additional techno legal obligations that Volkswagen Group in general and Volkswagen India in particular would be required to comply with. We hope and wish that Volkswagen Group and Volkswagen India would meet these techno legal requirements in India in true letter and spirit.

Cyber Liability Insurance In India And Techno Legal Issues

Cyber Liability Insurance In India And Techno Legal IssuesAs India is marching towards the goal of being Digital India, it is imperative to consider related issues as well. These issues can be legal or technical or both. In other words, techno legal challenges are bound to occur when we would try to implement the noble goal of Digital India. The Companies Act, 2013 of India has also introduced cyber law, cyber security and other techno legal liability and obligations on the part of directors of Indian companies.

Some of the techno legal challenges would originate due to cyber crimes, cyber attacks, cyber espionage, cyber terrorism, etc. It is obvious that losses in the form of money and materials would be there. It is also clear that companies and individuals who would be victims of such cyber nuisance would be required to get themselves proper insurance covers.

Cyber crimes and cyber attacks insurance in India is still maturing. We have very few insurance companies in India that are providing cyber insurance policies in India. Further, we have few takers of cyber liability insurance in India. Even the legal issues of cyber liability insurance in India are not clear.

For instance it is still not clear for which categories cyber liability insurance is available and what the exempted categories are in this regard. Further, fine details of these cyber liability insurances are also not clear to both insurance companies and those seeking the insurance. This would raise disputes while redeeming these cyber liability insurances in future.

Many times cyber crimes and cyber attacks originate from outside the India. How would these cyber intrusions be investigated, traced back and prosecuted in India is a big challenge before the law enforcement agencies of India. It would require significant skills on the part of insurance companies as well to ascertain the origin of such cyber attacks and cyber crimes and meet the requirements of cyber liability insurance accordingly. In short, conflict of laws in cyberspace is a major challenge and hurdle before insurance companies providing cyber liability insurance in India.

We at Perry4Law believe that cyber liability insurance agreements must be thoroughly drafted keeping in mind the genuine interests of both insurance company and the insured subject. Cyber liability insurance involves high stakes and so the premium is also high. It would be a futile and frustrating exercise if after facing a cyber attack, the insured sum is also not released citing some clause or provision in the cyber liability insurance agreement.

In their own interest, those seeking cyber liability insurance must get the insurance agreement vetted by suitable techno legal professionals or law firms of their choices. While choosing the concerned legal expert or law firm, the companies and individuals must ensure that such legal experts or law firms are maintaining a proper cyber security mechanism to protect sensitive and crucial information pertaining to their clients.

The cyber security obligations of law firms in India are increasing and they cannot afford to take the data of their client causally. Law firms in India must also keep in mind the legal obligations arising out of privacy and data protection (PDF) norms as applicable in India from time to time. We wish all the best to both insurance companies and the insurance seekers regarding cyber liability insurance issues.

Indian Government Likely To Ban Use Of Gmail, Yahoo, Etc For Official Communications

Indian Government Likely To Ban Use Of Gmail, Yahoo, Etc For Official CommunicationsConflict of laws in cyberspace has slowly and steadily started showing its impact. Initially, it was Indian government’s inability to deal with foreign technology companies like Google, Yahoo, Microsoft, etc regarding the law enforcement requirements of India. Subsequently, it was realised that absence of a constructive control over these foreign companies is not good for national security and law enforcement requirements of India in the long run. Nothing short of a techno legal framework can solve these problems of India.

Meanwhile, one of the related case reached Delhi High Court that asked Indian government to formulate the e-mail policy of India. The Congress led government took a significant step in this direction and formulated an e-mail policy of India though it is yet to be implemented. Department of electronics and information technology (DeitY) issued documents like email services and usage policies of Government of India (PDF), NIC policy on format of e-mail address (PDF), password policy of Government of India (PDF), security policy for users by Government of India (PDF) and service level agreement by Government of India (PDF), etc for public comments. A final policy on this regard is yet to be issued.

We at Perry4Law have been stressing for long that India must ban Gmail and Yahoo e-mails for official communications. This is because the policies of these companies are such that they abet commission of cyber crimes in India. For instance, G-mail not only masks the Internet Protocol Address (IP Address) of a cyber criminals that makes it impossible to trace an IP Address without Google’s assistance but Google also insists upon following of non Indian laws for providing even basic level information. Till the time the entire legal process is over, the damage is already done.

Not only this, government officials are also violating the provisions of Public Records Act, 1993 wherever public records are involved. This is more troublesome when foreign intelligence agencies are targeting Indian citizens and foreign courts are allowing access to data and information of Indians at foreign locations against Indian laws.

In a much needed move, email services like G-mail, Yahoo, etc are likely to be banned for official use to safeguard critical and sensitive government data. DeitY has already moved a proposal in this regard for cabinet approval. We at Perry4Law welcome this move of BJP Government but what is more important is the decision of Narendra Modi government to allow ministries of defence and external affair to have their own e-mail infrastructures. Other ministries/departments would also be required to use the platform of the National Informatics Centre (NIC). We hope this decision would be implemented as soon as possible.

Karnataka Drugs Control Department Issues Seven Manufacturing Licences Through Online Mode

Karnataka Drugs Control Department Issues Seven Manufacturing Licences Through Online ModeE-governance can streamline the public delivery of services in India. However, e-governance in India has largely remained a major failure. The chief reason for this failure is that there is no legal compulsion to use e-governance in India. In the absence of any legal compulsion to adopt e-governance, India has ignored development through he-governance altogether.

We urgently need a mandatory legal framework for e-governance in India as e-governance in India is dying. Further, electronic delivery (e-delivery) of services in India must also be started as soon as possible. Essential public services and business transactions must be undertaken with the help of e-governance. This would help in bringing transparency and reducing corruption in India.

In one such welcome step, the Karnataka drugs control department has issued seven manufacturing licences online so far. However, the system of accepting applications and issuing manufacturing licences to the pharma companies online in the state has not taken off in full steam, leaving Maharashtra the first state in issuing drug licences online. Karnataka is recognised as the third state in the country to adopt the electronic mode for issue and renewal of licences after Gujarat and Maharashtra.

However, online pharmacies in India are still violating Indian laws and there are almost no efforts to curb the same. In fact, many online pharmacies websites in India are controlled by underworld and organised criminal networks. There is an urgent need to regulate online pharmacies in India as well.

Electronic Health Record (EHR) Standards In India: E-Health Authority In Pipeline

Electronic Health Record (EHR) Standards In India E-Health Authority In PipelineTechnology can help in spreading healthcare services to different parts of India. Whether it is telemedicine, e-health/m-health, online pharmacies, technology can increase the ambit of healthcare services in India. However, this is not possible till we have regulations that can guide and control the use of technology in a fair and legal manner. Unfortunately, we have no dedicated e-health laws that can take care of regulatory issues in India. A list of general medical and health related laws of India can be accessed here.

Areas of e-health, m-health, telemedicine, etc can be undertaken only subject to techno legal compliances. Presently the healthcare industry and healthcare entrepreneurs of India are acting more on the side of violation than compliances. Even the m-health service providers in India are violating Indian laws.

It must be understood well that the legal risks for developer and owners of healthcare websites cannot be ignored. Further, mobile medical devices and handsets and their respective applications must also be in strict conformity with Indian laws. Medical device makers, software providers and medical fraternity of India must also keep in mind the encryption laws of India and cloud computing related compliances of India.

Although we have no law on the lines of United State’s Health Insurance Portability and Accountability Act of 1996 yet there are numerous statutory provisions that must be complied with. These include privacy law compliances, data protection requirements (PDF), cloud computing compliances, encryption related compliances, cyber law due diligence (PDF), etc.

Some background work has already been undertaken by Indian Government in this direction. The Recommendations on Electronic Medical Records Standards in India (PDF) (April 2013) have been issued. Similarly, Electronic Health Record (EHR) Standards for India were also released in August 2013 and approved by the Ministry of Health and Family Welfare, Government of India.  However, their implementation is still missing and they are not full fledged legal frameworks. We need to formulate dedicated techno legal frameworks regarding areas like e-health, telemedicine, etc.

Recently the AIIMS Bhubaneswar decided to launch electronic health card. Some other hospitals are already using telemedicine facilities. However, whether they are complying with techno legal requirements is still to be seen. Further, there is no transparency and accountability of such hospitals and clinics in the absence of a regulatory authority and appropriate law in this regard.

Now it has been reported that the Ministry of Health and Family Welfare is mulling to set up a central authority or agency to check compliance of standards in EHR ecosystem after due consultation with various stakeholders across the spectrum. According to health and family welfare secretary, Mr. Lov Verma “Ministry intends to set up a mechanism to monitor and evaluate implementation of and adherence to EHR standards and guidelines by various healthcare practitioners and vendors, thus we need to have an e-health authority which will be the regulator and which will see that EHR standards are being adhered to”. The Health and Family Welfare Ministry is also in the process of standardizing codification for health procedures in India and framing metadata and data standards (MDDS) for health sector, informed the secretary.

“MDDS will facilitate interoperability of e-governance applications by providing a common data information model for various stakeholders in the health system – national and state, public and private, to begin sharing meaningful information with each other in a timely manner.”

He further informed that a detailed project report (DPR) of a mission mode project (MMP) for application of information and communication technology (ICT) in health sector is also being prepared and the same will be submitted very shortly.

Prevalence of paper based record keeping system, inaccessibility of healthcare information to citizens and patients, absence of effective and transparent grievance redressal system, absence of e-referral system, data duplication due to issues in data collection and reporting, shortage of doctors and other healthcare specialists, lack of timely and inaccurate information and analytics tools for decision making together with improper utilization of existing technology in healthcare are certain major challenges being faced in India vis-à-vis health and IT, further highlighted the secretary.

Facebook Alleged To Be Temporarily Blocked In Thailand To Curb Online Criticism Of The Military

Facebook Alleged To Be Temporarily Blocked In Thailand To Curb Online Criticism Of The MilitaryBlocking of social media websites has become a trend in few countries. Most of the time such blocking takes place to suppress public opinion and this violates the right to speech and expression of the netizens. The latest to add to the list of social media websites blocking nation is Thailand that recently blocked Facebook for a period of 30 minutes. Such blocking violates civil liberties protection in cyberspace as such blocking is not undertaken in compliance with a valid and constitutional law.

As per a media report, Thai Facebook users were shocked on Wednesday to find that the Information Communications Technology (ICT) Ministry blocked access to the site at the request of the military, but the junta blamed the brief shutdown on a technical problem. However, a senior ICT ministry official confirmed the site had been blocked to thwart the spread of online criticism of the military in the wake of a May 22 coup.

”We have blocked Facebook temporarily and tomorrow we will call a meeting with other social media, like Twitter and Instagram, to ask for cooperation from them”, Surachai Srisaracam, permanent secretary of the Information and Communications Technology Ministry, told Reuters. “Right now there’s a campaign to ask for people to stage protests against the army so we need to ask for cooperation from social media to help us stop the spread of critical messages about the coup”, he said.

Meanwhile the military council has denied any such blocking exercise and said that they have no policy to block Facebook and they have assigned the ICT ministry to set up a supervisory committee to follow social media and investigate and solve problems. Military spokesperson has attributed the non access to some technical problems with the internet gateway.

Google Is Creating A Cloud Based WiFi Network For Small And Medium Size Companies

Google Is Creating A Cloud Based WiFi Network For Small And Medium Size CompaniesGoogle is never afraid of exploring new avenues and experimenting with new products and services. For instance, products and services like Google glass, Google voice, etc are of great utility although they may create few regulatory issues as well. However, these minor hiccups never prevented Google form exploring new markets and introducing newer products and services.

The latest to add to this list of Google is the proposed cloud based WiFi network. This way Google would create its own Internet infrastructure that can have wide ranging ramifications for the global ICT and telecom industry. For a company like Google, which can grow only if users have access to easy, fast and cheap web connections, one of the biggest problems is the poor internet infrastructure across the world. If successful, Google can create nation-wide or even global Wi-Fi network.

Google has partnered with Ruckus Wireless to create a cloud-based WiFi network for small and medium size companies. The network can launch as early as “this summer”. Google and Ruckus are building a Wi-Fi infrastructure that will allow any small installation – like a pizza shop or a dentist’s office – to join the network and connect to hundreds or even hundreds of thousands other small businesses to offer people a universal Wi-Fi zone. The businesses will have to buy their own Wi-Fi gear – probably made by Ruckus – and bandwidth to connect to the Google’s network. But once they are connected, the Wi-Fi access on their network would be remotely controlled by Google’s cloud service.

While initially, the bandwidth for Google’s Wi-Fi network will be supplied by businesses, it is possible that in future Google may merge the network with a few technologies it is testing. Google is working on enabling internet access in remote areas through high-altitude balloons and drones. If successfully, the company may beam bandwidth for its Wi-Fi network through strategically placed balloons or drones.

As far as India is concerned, Google will face privacy issues and data protection compliance requirements (PDF). Further, regulatory issues of cloud computing, virtualisation, encryption, etc would also pose some trouble for Google in India.  However, nothing would be more challenging than tackling the tricky issues of conflict of laws in cyberspace that are vexing Google in India and other jurisdictions as on date.

Samsung’s Smartwatch Can Make And Receive Calls Without Being Tethered To A Smartphone

Samsung’s Smartwatch Can Make And Receive Calls Without Being Tethered To A SmartphoneSamsung is planning to introduce a smartwatch that can act as a stand-alone phone. This smartwatch will be able to make and receive calls without being tethered to a smartphone. It will also take photos, send email and come with GPS, Bluetooth and a heart monitor. Samsung’s new watch-phone, which will come with a SIM card, will be one of a handful of stand-alone devices on the market, and the only one yet from a major manufacturer.

Samsung is already in talks with telecom carriers in the U.S., South Korea and Europe about the watch-phone, and hopes to unveil the gadget between June and July. It will run on Samsung’s homegrown operating system, Tizen, which was co-developed with Intel Corp.

Although Samsung may find some success in this regard in the developed nations yet it may not be successful in developing countries like India due to regulatory and other concerns.

Further, the intelligence and security agencies would be quick to flash the national security and law and order card to defeat any such attempt of Samsung in Asian countries, especially India.

The cyber law due diligence (PDF) and cyber security due diligence issues would also surface in India in due course of time. If the recent prosecutions of companies like Google, Target Corporation, EBay, etc are considered, it is clear that Samsung would be required to comply with many techno legal compliances around the world that it has not contemplated till now.

Nevertheless this is a commendable effort on the part of Samsung and we at Perry4Law would be glad to see it explore Indian markets very soon.

ITU Hosts Second Advisory Board Meeting Of M-Powering Development Initiative

ITU Hosts Second Advisory Board Meeting Of M-Powering Development InitiativeThe Second Advisory Board Meeting of the m-Powering Development Initiative was recently opened aiming at using the reach of mobile tele-connectivity to achieve long-term sustainable development.

The m-Powering Development Initiative is an international, multi-stakeholder platform that seeks to leverage the ubiquity of mobile technology beyond basic communications. Its objective is to capitalize on the availability of mobile networks to strengthen economies and offer new opportunities to improve health, education, governance, banking, sport and commerce.

“The initiative is designed to leverage the potential of mobile technology across markets and countries worldwide, especially in remote areas of the world,” said ITU Secretary-General Hamadoun I. Touré.

Today’s meeting, which follows the First Advisory Board Meeting held in October 2013,  reviewed and assessed the progress made in the areas of m-Learning, m-Health, m-Commerce, m-Sports, Business Models and Advocacy and discussed the future work programme.

The Advisory Board was assisted by six working groups, which were established for each theme to bring in the expertise from various sectors. The working groups reviewed ongoing initiatives and activities in their respective fields, identified key stakeholders and elaborated real life examples and best practices that can be replicated and scaled up.

“Today we took further steps as we heard about concrete proposals on the way forward to m-Power development,” said Mr Brahima Sanou, Director of ITU’s Telecommunication Development Bureau. “I strongly believe that these early steps will pave the way to great things and positive change in people’s lives and I look forward to translating our words into actions.”

The Advisory Board, which meets twice a year, is chaired by Mr Sam Pitroda, Founder of C-SAM, Inc. and Adviser to the Prime Minister of India on Public Information Infrastructure and Innovation. It is composed of leaders in the telecom fraternity with a track record of making a real difference in the field of m-Powering development. This includes eminent personalities from diverse backgrounds with a range of interests and expertise in the mobile industry.

“Today you may find mobile phones being used even in the most remote areas,” Pitroda said. “We should really focus on using mobile connectivity for development. Development related to m-learning, m-health and m-commerce are some key areas for inclusive growth for all.”

The Advisory Board will meet again later this year to review progress and address other strategic issues.

China Would Investigate Foreign IT Products And Services To Protect National Security And Ensure Economic And Social Development

China Would Investigate Foreign IT Products And Services To Protect National Security And Ensure Economic And Social DevelopmentChina has been on the receiving end for long. Whether it is allegations of embedded backdoors in the telecom equipments and hardware of Chinese telecom companies or cyber warfare and cyber espionage allegations, China has always remained on the receiving end. The recent allegations by United States of cyber spying by China against U.S. companies have further added heat to the already strained relationships between China and U.S. China is already struggling to resolve territory related disputes with adjacent countries and these allegations of U.S. would further cause stress to China.

The effect of all these developments can already be seen in the policy decisions of China. For instance, China has decided that it would investigate providers of important IT products and services to protect “national security” and “economic and social development” of China. The companies that would be unable to satisfy Chinese concerns would not be allowed to operate in Chinese territories. In fact, products that do not meet security requirements will be banned.

China has already banned new central government computers from using Windows 8 and is working in the direction of making the use of existing Windows XP more secure. China may also explore the possibility of using indigenously made operating systems and cyber security softwares.

The proposed investigations would check product security and seek to prevent suppliers from illegally gathering, storing or processing user data. “For a long time, governments and enterprises of a few countries have gathered sensitive information on a large scale, taking advantage of their monopoly in the market and technological edge”, Jiang Jun, spokesman for the State Council Information Office says.

A small number of governments and businesses “take advantage of technological monopolies to collect sensitive data on a large scale” from the Chinese government, business and institutions, Xinhua added, saying there had been extensive wiretapping and security breaches. Xinhua did not give details of which governments or businesses it was referring to but U.S. security standards for information technology were not transparent or clear-cut, Xinhua added.

Right To Be Forgotten Needed Under Laws Of India

Right To Be Forgotten Under Laws Of IndiaIn a recent landmark decision the European Court of Justice (ECJ) has held that Google cannot deny the Right to Be Forgotten to its users. This decision would further strengthen the efforts of European Union to protect privacy rights and data protection amid global e-surveillance practices. The result of this decision is that the Right to Be Forgotten can now be enforced against Google in Europe. In fact, takedown requests have already been made to Google and companies like Yahoo, Microsoft, etc are also exploring various legal possibilities in this regard.

Google has termed this decision as amounting to censorship. However, Google itself has been engaging in censorship around the world and this stand of Google cannot be supported.

Google can already be approached for removal of objectionable contents as per the laws of United States. However, this is a problematic solution as Google refuses to obey laws of other countries, including India. While Indian government is taking Google lightly yet many individuals have dragged Google to Indian Courts on numerous occasions. Google is presently fighting an online defamation case at Supreme Court of India. Nevertheless the attitude of Google vis-à-vis compliance with Indian laws is more on the side of defiance than compliance.

Foreign companies and websites do so easily in India as Indian government has not taken “Techno Legal Steps” against them. As a result Companies like Google, Facebook, etc are openly Violating Indian Laws and “Blatantly Refusing” to entertain and respect Indian Legal Requests for Information.

Even the much hyped Mutual Legal Assistance Treaty (MLAT) has its own “Limitations” to make the offending People/Companies liable as per Indian Laws. For instance, recently U.S. blocked India’s MLAT attempt to make Google, Facebook, etc to comply with Indian Laws. So what would Indian Government do if these Companies and Websites do not comply with Indian Laws and if they cannot be “Compelled” to comply with Indian Laws through MLAT and other mechanisms as well?

Foreign companies and websites have been ignoring the cyber law due diligence (PDF) and internet intermediary liability as prescribed by Information technology Act, 2000 (IT Act 2000). It is common among these companies to deny compliance under the IT Act 2000 and ask for court orders for even those compliance requirements that have been prescribed by different laws of India. As a result, cyber litigations against foreign companies are going to increase in the near future.

Indian courts must ensure that Google complies with Indian laws. Indian legislature and Indian courts must also ensure that right to be forgotten must also be made part and parcel of the proposed privacy law of India.

RBI Postpones The Implementation Of Biometric Authentication For Credit Card Swipe Machines And ATMs

RBI Postpones The Implementation Of Biometric Authentication For Credit Card Swipe Machines And ATMsReserve Bank of India (RBI) has been stressing hard to introduce biometric based services and features for various banking related purposes. This is clearly a misguided and waste exercise as RBI is contemplating utilising the Aadhar number as a base for biometric authentication. There is no second opinion that Aadhar project is not only illegal and unconstitutional but it is also an unreliable and insecure methodology.

In fact, the Aadhar project has already been challenged in numerous courts and even the Supreme Court of India has held that Aadhar card cannot be made mandatory for availing public services. Even the banks in India have refused to obey the dictates of RBI to use Aadhar numbers for various purposes.

Surprisingly, RBI has suggested in the past to use Aadhaar number/card/data by all new ATMs and point of sale (POS) machines. Clearly this direction of RBI was illegal and in clear violation of the direction of Supreme Court of India. That is the reason why Banks in India are simply ignoring the same and they are well within their rights to do so as RBI cannot force them to invest in illegal and unlawful projects.

Now even the RBI seems to have understood this legal and technological position. In a move that will bring relief to banks and credit card issuing companies, the RBI has put on hold an order requiring all future credit card swipe machines and ATMs to be capable of biometric authentication. RBI has instead decided to launch a pilot project where issuers of prepaid cards are allowed cash withdrawals on the basis of biometric authentication. However, even this decision of RBI is not free from legal complications and this decision may also be revised by RBI in the near future.

The move comes in the wake of banks complaining that implementing biometric authentication across all point of sales terminals (credit card swipe machines) was proving to be a challenge. The first issue was that there were not many suppliers in the market. Secondly, their tests showed that the authorization using fingerprints took up to 20 seconds on a 3G connection as against less than five seconds earlier.

Regulatory Environment For Telecom Sector Of India Is Changing

Regulatory Environment For Telecom Sector Of India Is ChangingThe regulatory environment of telecom sector of India is changing and both national and international telecom companies must be aware of the same. Some of these regulatory requirements are striking at the very root of doing business in India and these must not be ignored at any cost by telecom companies targeting Indian markets.

Firstly, the electronic system design and manufacturing policy of India has been liberalised. The FDI Policy in Telecom Sector of India 2014 (PDF) has allowed 100% FDI subject to FIPB approval and other national security requirements. Similarly, approval to establish two semiconductor wafer fabrication manufacturing facilities in India (PDF) has also been granted by Indian Government.

Secondly, the telecom merger and acquisition guidelines of India 2014 have also been released. This would allow more telecom companies to compete against each other and provide better services to the consumers. This would also require compliance with various techno legal compliance requirements by both national and international telecom companies.

Thirdly, the traditional legal due diligence for telecom sector of India has become redundant these days. Now we need techno legal due diligence for telecom related M&As in India. In appropriate cases, e-discovery practices may also be required to be used regarding telecom M&As in India. In fact, the e-discovery and cyber law due diligence has become indispensable for Indian companies these days.

Fourthly, telecom companies like Huawei, ZTE, Cisco, IBM, Microsoft, Hewlett-Packard, etc may face restrictive regulatory conditions and a meager market share due to involvement of these companies in e-surveillance and eavesdropping related activities. These telecom companies may also fail to comply with Indian laws and various policies as announced by Indian government from time to time.

The present environment is a time of both joy and gloom for foreign telecom companies. Their presence in India would be absolutely dependent how much they comply with techno legal regulatory requirements of India.

Reserve Bank Of India (RBI) Trying To Streamline Mobile Banking Services In India

Reserve Bank Of India (RBI) Trying To Streamline Mobile Banking Services In IndiaThe online payment market of India is fast growing. Foreign investors have started investing in this remunerative field and we are seeing lot of investment opportunities in this field. Of course, most of online payment service providers are not complying with Indian laws and their projects and ventures are vulnerable to legal actions.

Even foreign investors in online payment industry of India are not conducting cyber law due diligences (PDF) while investing in Indian e-commerce and technology ventures. These investors are also not checking whether legal issues of e-commerce in India have been duly complied with or not by those dealing in e-commerce related activities.

Even foreign players are trying to enter into this field. For instance, Apple plans to launch mobile payment service through Touch ID. In order to ensure that Apple remains on the legal side, recently Apple removed Bitcoin application Blockchain from its application store. This is because virtual currencies like Bitcoins are full of legal and security risks. Most of the Bitcoins exchanges are not complying with Indian laws and they are vulnerable to legal actions of various sorts.

Efforts are in the process to spread the reach of mobile banking in India. For instance, RBI is exploring use of encrypted SMS based fund transfers in India. However, the encryption laws in India are not clear as on date. Similarly, mobile payment legal compliances are still not followed in India. Cloud computing legal risks are looming large upon cloud service providers and if mobile payment service providers would use cloud based services; this would raise additional techno legal issues.

Now it has been reported that a technical committee appointed by the RBI has recommended standardisation and simplification of procedures for registration / authentication of customers for mobile banking services. It has also suggested adoption of a common application platform (with necessary level of security through encryption) across all banks and putting in place a cohesive awareness programme.

The committee has identified the challenges faced by the banks in providing mobile banking to customers in general (customer enrolment and technical issues) and further highlighted the challenges faced in providing SMS / unstructured supplementary service data (USSD) / application-based mobile banking and recommended solutions for the same.

Considering the fact that non-PKI enabled payment systems, such as clearing (MICR / non-MICR), electronic credit system, credit card and debit cards contributed 75 per cent in volume terms but only 6.3 per cent in value terms in the year 2012-13, the group has suggested that in order to ensure a safe, secure payment system in the country and to ensure legal compliance, digital technology, such as, PKI may be used.

The report also highlights, among other things, security features in existing payment system applications and feasibility in implementing PKI in all payments system applications. The group has also recommended that banks may carry out in phases PKI implementation for authentication and transaction verification.

Perry4Law welcomes this move of RBI and at the same time would like to stress that these initiatives of RBI would not be fruitful till a techno legal compliance framework is prescribed by RBI and is actually implemented all across India.

Related Reports And Press Releases Of RBI

RBI Releases Report Of The Technical Committee On Mobile Banking (PDF)

RBI Releases Report On Enabling PKI In Payment System Applications (PDF)

Report Of Technical Committee Of RBI On Mobile Banking (PDF)

Report Of The RBI Working Group On Enabling PKI In Payment System Applications (PDF)