Monthly Archives: June 2011

Digital Preservation In India

Digital preservation is the process where traditional records and data as well as contemporary records are managed and preserved in a manner so that the information can be accessible by our future generations.

The importance of digital preservation cannot be underestimated as many valuable documents and archives of various societies have been lost forever in the absence of digital preservation. If those documents and archives could have been preserved in electronic form, they would have been available toady.

Digital preservation has also assumed significance due to the extensive adoption of Internet and networking technologies. Individuals and organisations are producing vast amount and diverse nature of digital information that if not preserved would be lost forever. Digital preservation is a trustworthy solution ensuring long-term access to the past and contemporary digital information form future references.

Digital preservation in India is in its infancy stage. Although some discussions in this regard have been undertaken by some departments of Indian government yet they are far from satisfactory. Even a national digital preservation programme (NDPP) of India has been launched but it has been lying dormant for many years. Of course, some institutions like Reserve Bank of India (RBI) have good public records keeping framework.

Presently, India has no well defined legal framework for digital preservation in India. Neither the technical nor the legal issues have been resolved by India in this regard so far. According to experts, digital preservation framework in India is missing as we do not have a “dedicated” techno legal digital preservation laws in India. However, laws like Public Records Act, 1993, Right to Information Act, 2005, proposed Electronic Services Delivery Bill 2011 (Bill), etc mandates digital preservation and digitilisation of records in “Electronic Form”.

Digital preservation issues in India are going to be more complicated with the enactment of laws like digital millennium copyright act (DMCA). Efforts are in the pipeline for adoption of an efficient digital rights management (DRM) system in India. Intellectual property rights (IPRs) are commonly found conflicting with digital preservation initiatives. Technological issues of IPRs would also pose great challenges before the digital preservation initiatives of India. We also need to change form of various IPRs protected works from one form to another. This sometimes results in IPRs violations.

Further, technological challenges have also to be managed by India in this regard. With the rapid advancement of technology day by day, old applications and methods are becoming obsolete. We need to upgrade them from time to time. Recent traditional knowledge digital library (TKDL) of India is one of the most innovative and much needed initiatives undertaken by Indian government. Being a digital library it must ensure digitalisation of contents as well as their digital preservation.

In short, digital preservation initiatives of India need urgent reforms. The task is really difficult unless good experts are involved in this much needed project. For the time being, digital preservation initiatives of India are falling well short of the desired actions. It would be a better strategy if the Indian government starts working in the direction of enacting a suitable techno legal framework for digital preservation in Indian as soon as possible.

Indian government in general and ministry of culture in particular must pay special attention to digital preservation requirements as in future the culture ministry would be the one that would require it most.

Indian Government Waking Up To Privacy Laws Requirements

Of late Fundamental Rights and Civil Liberties of Indian Citizens in Cyberspace have been totally neglected by the Executive and Legislative Branches of Indian Constitution. Unfortunately, even Judiciary failed to interfere and we have reached a “Precarious Situation” where the Constitution of India, especially Fundamental Rights, are about to be made “Redundant and Non Existent”.

While United Nations has declared that “Access to Internet” is Human Rights yet Indian Government is well committed to deny not only this Human Rights but also all other possible Human Rights in Cyberspace.

Naturally, there is a need to protect Human Rights in Cyberspace before we fully launch various E-Surveillance and Civil liberties Violating Projects in India. Security and E-Surveillance Projects have been launched by Indian Government without any “Procedural Safeguards” and in active “Violation” of Human Rights in Cyberspace. The only solace is that these Projects are in their infancy stage and they can still be made “Constitutional”.

For instance, Projects like National Intelligence Grid (NATGRID), Central Monitoring System of India (CMS), Centre for Communication Security Research and Monitoring (CCSRM), Aadhar Project of India, Crime and Criminal Tracking Network and Systems (CCTNS), National Counter Terrorism Centre (NCTC), etc have no “Procedural Safeguards” and they are violating Human Rights and Fundamental Rights in their “Present Form”. These Projects have been launched without any Legal Framework and Parliamentary Oversight. Further, even the most “Basic Laws” like Data Protection Laws, Data Security Laws, Privacy Laws, etc are missing in India.

Realising the “Gravity of the Situation”, the Planning Commission of India has now decided to call a high-level meeting of experts, civil society representatives and government officials to address these concerns. The Commission admits that initiatives like UID, NATGRID, DNA profiling, brain mapping and tapping communication, etc are “Genuine Concerns” and they need to be addressed properly. The Commission has also suggested using “Inbuilt Technological Safeguards” for all these Projects.

At Perry4Law and Perry4Law Techno Legal Base (PTLB) we have been constantly suggesting that privacy is a key concern in all these Projects as people’s personal information would be stored in a single database and the possibility of corruption and exploitation could not be ruled out.

The minister, incharge of IT in the plan panel, said it is necessary to have in-depth and threadbare discussion with experts, civil society representatives and government officials to ensure that the objective of national security and efficiency in public service delivery mechanism are effectively reconciled with the privacy concern of citizens.

This is a good step in the right direction and Perry4Law and PTLB welcome this step of Indian Government.

ICANN Approval Of New GTLD Names And Unforeseen Challenges

Internet Corporation for Assigned Names and Numbers (ICANN) has been planning to expand the list of generic top level domain names (gTLDs) among several issues. The same was put as one of the items of the agenda to be voted and decided by ICANN at the second public meeting of the year on 20th June 2011 at Singapore. Finally, after a long gestation period, ICANN has approved the idea of allotting new gTLDs.

ICANN’s Board of Directors has approved issuance of new gTLD. The Board vote was 13 approving, 1 opposed, and 2 abstaining. ICANN has opened the Internet’s naming system to unleash the global human imagination. Today’s decision respects the rights of groups to create new Top Level Domains in any language or script. We hope this allows the domain name system to better serve all of mankind,” said Rod Beckstrom, President and Chief Executive Officer of ICANN.

New gTLDs will change the way people find information on the Internet and how businesses plan and structure their online presence. Internet address names will be able to end with almost any word in any language, offering organisations around the world the opportunity to market their brand, products, community or cause in new and innovative ways.

“Today’s decision will usher in a new Internet age,” said Peter Dengate Thrush, Chairman of ICANN’s Board of Directors. “We have provided a platform for creativity and inspiration, and for the next big dot-thing.”

The Applicant Guidebook, a rulebook explaining how to apply for a new gTLD, went through seven significant revisions to incorporate more than 1,000 comments from the public. Strong efforts were made to address the concerns of all interested parties, and to ensure that the security, stability and resiliency of the Internet are not compromised.

ICANN will soon begin a global campaign to tell the world about this dramatic change in Internet names and to raise awareness of the opportunities afforded by new gTLDs. Applications for new gTLDs will be accepted from 12 January 2012 to 12 April 2012. This would also result in an increased domain names disputes in future and it would also bring unforeseen challenges for ICANN.

Since domain name disputes are going to increase in near future, Perry4Law Techno Legal Base (PTLB), the premier techno legal segment of India’s exclusive techno legal ICT and IP Law Firm Perry4Law, has shared the Uniform Domain-Name Dispute-Resolution Policy (UDRP) of ICANN with all interested person and institutions.

The UDRP is a process established by ICANN for the resolution of disputes regarding the registration of Domain Names. The UDRP currently applies to all .biz, .com, .info, .name, .net, and .org top-level domains, and some country code top-level domains. It is supplemented by Rules for Uniform Domain Name Dispute Resolution Policy (Rules).

At Perry4Law and PTLB we believe that, in future, ICANN’s Applicant Guidebook needs to consider and adopt many more crucial issues like upgradation of UDRP procedure, better and expeditious Dispute Resolution Mechanism, enhanced Cyber Security Initiatives for Domain Name and DNS, better National and International Cooperations with Governments, NGOs and Dispute Resolution Providers, considering interests of Developing Countries and NGOs, etc.

These issues have been, by and large, already covered by the Applicant Guidebook to a greater extent. However, there is always scope for the improvement. If ICANN wishes, we can provide “more detailed analysis” in this regard.

However, irrespective of ICANN’s stand on our proposition, new challenges and unforeseen events would confront it and ICANN must be well prepared in advance in this regard.

Encryption Policy Of India Is Needed

Use of Encryption in India has never been smooth. Intelligence Agencies in general and Central Home Ministry of India in particular are very much concerned about use of Encryption beyond 40 bits. However, what Home Ministry is not realising is that anything below 128 bits of encryption is definitely “Unsafe” and anything below 256 is “Potentially Unsafe”.

The Stakeholders that need “Higher Encryption Level Protection” includes Banks, Stock Exchanges, E-Mail Service Providers, Corporate Communications, Sensitive Government Communications, etc. It is “Not Feasible” to ask for Encryption Level below 256 bits.

Obviously, Indian Government has to take care of National Security and Law Enforcement needs as well. This does not mean we should have a “Weak Cyber Security Infrastructure” in India. On the contrary, we must ensure a Strong, Robust and Resilient Cyber Security Infrastructure for India.

At Perry4Law Techno Legal Base (PTLB) we believe that India should invest in establishing good Techno Legal Cyber Security Capabilities on the one hand and Cyber Skills and Intelligence Gathering Skills Development in India on the other hand. We believe that E-Surveillance can never be an “Alternative” for good and effective Cyber Security and Intelligence Gathering Capabilities. E-Surveillance must “Supplement” Intelligence Gathering Skills and “Not Supplant” the same.

This entire problem is happening because we have no Encryption Policy in India that clearly demarcates what level of Encryption can be used and what level cannot be. Further, we have no Legal Framework regarding Encryption usage in India.

We also have no Encryption Laws in India or Encryption Framework and Norms in India that have been “Prescribed” by the Parliament of India. All we have are “Encryption Guidelines” that are incorporated in various “Civil Contracts” with Telecom Companies and other such Companies. At most they are “Departmental Guidelines” but they do not have the “Force of Law”.

They are indirectly made applicable as “Forced Conditions” by the Telecom Companies and other Stakeholders. The “Legality” of this is very much doubtful as “End Users” have no “Autonomy” and “Free Choice” in such cases.

The Cyber Law of India, as applicable through Information Technology Act 2000 (IT Act 2000) has a single provisions in this regard. Section 84A of IT Act 2000 says that the Central Government may prescribe the modes or methods of Encryption. Till now the Central Government has not prescribed any “modes or methods” of Encryption usage in India. In fact, the IT Act 2000 is so “Badly Drafted” that many of its provisions are “Unconstitutional” and there is an urgent need to “Repeal” the Cyber Law of India.

It is high time for us to formulate a Techno Legal Encryption Policy for India as soon as possible. The Encryption Policy of India must keep in mind the Commercial, Cyber Security, Cyber Law, National Security, Intelligence Agencies and Law Enforcement requirements.

Further, the Indian Encryption Policy must also keep in mind the Civil Liberties in Cyberspace. Recently, the United Nations has declared that “Access to Internet” is a Human Right. Indian Government must “Balance” the National Security Requirements with Human Rights in Cyberspace as giving “Primacy” to one over another is not feasible.

Perry4Law and PTLB hope that Indian Government would take immediate steps to accommodate these “Suggestions” of ours.

European Union (EU) Forms CERT Group To Fight Cyber Attacks

European Union (EU) is preparing to boost its cyber security to effectively tackle the growing incidences of cyber crimes and cyber attacks. EU has also requested governments of various European countries to consider cyber security seriously.

Cyber security experts from across the Europe have joined hands to form the Computer Emergency Response pre-configuration Team (CERT) group. The group consists of cyber security experts working in various EU institutions and a time framework of 1 year has been given to it to share its expertise. Within this time framework, the group has to show if it can effectively and efficiently respond to cyber threats and incidents on a 24×7 basis.

Neelie Kroes, vice-president of the European Commission for the Digital Agenda said: “Cyber-attacks are a very real and ever-increasing threat. Whether against individual countries, companies or most recently against the European Commission, they can paralyse key infrastructure and cause huge long-term damage.”She said the CERT team is a demonstration of how seriously the EU Institutions take the cyber-security threat.

Kroes said she wants the UK government to establish its own CERTs, paving the way to an EU-wide network of national and governmental emergency response teams by 2012.

Britain is under constant cyber attack and last year 1,000 potentially harmful hacking attacks were blocked, according to defence secretary Liam Fox. In a speech last week to defence suppliers, Fox said that the cost to the UK economy of cyber crime is estimated to be £27bn a year and rising. “These are attacks against the whole fabric of our society,” he said.

The US Department of Commerce (DoC) is urging companies with an online presence to develop and adopt a code of contact to prevent cyber-attacks, in an indication the industry and government realise the importance of online security. The DoC is calling for the development and implementation of a code of conduct as part of a broader effort by Obama administration to fight cyber-crime.

Meanwhile, both EU and UK are working hard to ensure robust cyber security. For instance, Scotland Yard has established a cyber flying squad, EU has set up as team of cyber crime fighters, UK is looking forward for cyber crimes fighters and so on. Let us see whether India would also take its cyber law and cyber security seriously.

The Role Of ICT In Effective Judicial System

Information and communication technology (ICT) has a crucial role to play in the timely and effective justice dispensation. Online dispute resolution (ODR), e-courts, video conferencing, digital evidencing, sending bail orders and notices through e-mail, knowing online status of cases, online delivery of certified copies of judgments, etc are some of the examples of use of ICT for effective justice delivery.

Successful establishment of e-courts can take care of all the abovementioned aspects of use of technology for effective judicial system. E-courts can take care of issues ranging from filing of cases to the delivery of certified copy of the judgment.

In the Indian context, we are still waiting for the establishment of first e-court of India. Although media reports of establishment of e-courts in India have been surfacing from time to time since 2003 yet as on data we do not have a single e-court in India. Media reports have confused “computerisation” with e-courts as all that has happened in India is computerisation of some traditional aspects of litigation and nothing more.

E-courts require the capability and expertise to provide all litigation services in an online environment. To achieve that purpose we need to have e-courts skills development initiatives in India.

Law Ministry of India must urgently take initiative in this regard as sufficient funds have already been allocated for establishment of e-courts in India and for improving the judicial infrastructure of India.

It has been more than 8 years since it was first declared that e-courts would be established in India. However, lack of expertise has failed this much needed integrated mission mode e-governance project of India. Time has come to give it a dedicated try.

National Intelligence Grid (Natgrid) Project Of India

National Intelligence Grid (NATGRID) Project of India is one of the most ambitious Intelligence Gathering Project of India. It has been launched at a time when the Intelligence Infrastructure of India is in a bad shape.

The recent decision of a Government Panel rejecting the proposal to ban Encryption Service Providers like Blackberry, Gmail, Skype, etc has further made the task of Intelligence Agencies of India more tedious. Since the E-Surveillance option has gone now they have to acquire Techno Legal Intelligence Gathering Skills to deal with sophisticated and encrypted communications.

Meanwhile, the Cabinet Committee on Security (CCS) has also given only “Partial In Principle Approval” to NATGRID Project. Since NATGRID Project is not supported by any Legal Framework and Parliamentary Oversight, the “Crucial Stages” of NATGRID Project has not yet been approved by the CCS. Thus, NATGRID Project of India is still in troubled waters as lack of Privacy Laws and Data Protection Laws has put it in doldrums.

Meanwhile similar Security and E-Surveillance Projects have also been launched by Indian Government. These include Projects like Central Monitoring System of India (CMS), Centre for Communication Security Research and Monitoring (CCSRM), Aadhar Project of India, Crime and Criminal Tracking Network and Systems (CCTNS), National Counter Terrorism Centre (NCTC), etc. Once again, all these Projects are without any Legal Framework and Parliamentary Oversight.

To make the matter worst, the Law Enforcement Agencies and Intelligence Agencies of India are also practically not governed by any Legal Framework and Parliamentary Oversight. Whether it is Central Bureau of Investigation (CBI) or Intelligence Agencies of India, none of them are presently “Accountable” to Parliament of India.

It is only now that the Draft Central Bureau Of Investigation Act, 2010 and the Intelligence Services (Powers and Regulation) Bill, 2011 have been proposed. They have still to be made “Applicable Laws” in India by Parliament of India. In other words, there is no Legal Framework and Parliamentary Oversight for our Law Enforcement Agencies and Intelligence Agencies as on the date.

In this background, we have to “Proceed With” Projects like NATGRID, CCTNS, CMS, CCSRM, Aadhar Project of India, etc. As far as NATGRID Project is concerned, it is still not within the limits of “Constitutionality”.

NATGRID Project is an essential requirement for robust and effective Intelligence Agencies and Law Enforcement functions in India. The urgent requirement is to ensure that its “Abuses” can be anticipated, prevented and remedied. Further, Natgrid Project of India must also be supported by a Legal Framework and Parliamentary Oversight.

The aim of NATGRID is to ensure a readily available and real time information sharing platform between Intelligence Agencies, Law Enforcement Agencies, etc of India. Information gathering and its timely distribution is also an essential part of Cyber Crisis Management Plan of India. While the NATGRID system is a must for India, yet India has to make it sure that it is not abused for “Political Purposes” and in a manner that goes against the provisions of the Constitution of India.

The scope for misuse is tremendous as NATGRID is planning to link 21 categories of databases maintained by different public and private agencies for ready access by the country’s Intelligence Agencies. There must be “Mechanism” to ensure that this wonderful system may not be abused and nothing is better than Parliamentary Oversight.

New National Telecom Policy (NTP) 2011 Of India

Telecom Policy of India is one of the most important Policies of India. For some strange reason, the Telecom Policy of India was poorly drafted and badly implemented. Naturally, there were many “Loopholes” that gave rise to scams, bad policy decisions, financial losses to Governmental exchequer, poor consumer performances and so on.

That is a thing of past as Government of India is now planning to introduce the new National Telecom Policy (NTP) of India 2011. Although the intentions are good yet the actual execution and implementation of this intention is missing. Further, the efforts of Indian Government in general and Ministry of Communication and Information technology (MCIT) in particular are “Vague” and “Non Holistic”.

There are various “Crucial Components” of any sound, effective and robust Telecom Policy. These include, issues pertaining to Encryption, Telecom Security, wider Broadband Penetration, Telecom Equipment Security, E-Surveillance and Phone Tapping Policies, Lawful Interceptions and Eavesdropping Policies, Harmonisation of National Security and Civil liberties, etc.

I have labeled the present efforts of Indian Government and MCIT as vague and non holistic because these components must be an “Essential and Integral Part” of the proposed Indian National Telecom Policy (NTP) 2011. However, instead of being a “Composite Telecom Policy” the proposed Policy is not even considering these aspects “Singularly” and “Individually”. In short, these components are “Missing” from the proposed Telecom Policy of India.

This would again produce a Policy Document that would be “Open and Prone” to many sorts of Irregularities and Misuses. Consumer and Telecom Companies Disputes, Privacy Violations cases, Civil Liberties Violations, etc may also arise in future.

Fortunately, till now the new Telecom Policy of India 2011 has not been formulated and implemented. The concerns and suggestions mentioned above can still be incorporated in the same by MCIT Minister Kapil Sibal and Government of India.

Cell Site Location Based E-Surveillance In India

While it came as a respite for the encryption service providers in India when they received the news that their services may not be banned in India yet local telecom service providers in India may not be that lucky. The new telecom equipment policy of India mandates the telecom service providers of India have to ensure location based services accuracy (LBSA) upto 50 meters.

The constitutionality and feasibility of this directive is yet to be analysed. For instance we have no cell site data location laws in India. In fact, we have no privacy laws, data protection laws, data security laws, anti telemarketing laws, anti spam laws, etc. On the contrary, the cyber law of India, incorporated in the information technology act 2000 (IT Act 2000), facilitates e-surveillance, Internet censorship, etc that also without any sort of procedural safeguards. Thus, neither a constitutional nor a statutory legal framework is at place to justify this action on the part of Indian government.

Even if we do a cost analysis this directive may require a heavy investment that telecom operators of India may not be wiling to invest. Telecom industry of India is seriously concerned with the burden shifting practice of Indian government. They believe that governmental security requirements must be managed by government funds alone and should not be passed upon industry players. The new equipment security agreement of India is not addressing either the legal or cost issues.

Technical problems have also been cited as a reason for non feasibility of the terms of Indian equipment security agreement. Based on, the technical standards for accuracy levels as defined by the Indian government, the scale of implementation, the execution of the project and the complexities involved, there is no solution at present that meets the agreement’s mandate. The costs to implement such a system have been estimated at approximately $5 billion.

The Indian equipment security agreement is also weak on the front of privacy protection and data protection. There are no clear policy guidelines in this regard. This is because the new equipment security agreement of India requires telecom operators to maintain location information up to accuracy of 50 meters for customers specified by security agencies of India commencing 1st June 2012, and on all customers, irrespective of whether they are the subject of legal intercept or not from June 2014.

Of course, LBS have many benefits for mobile consumers as well but these befits are far lesser as compared to privacy losses, telemarketing vices, spam communications and information misuses. We need a good and effective national telecom policy of India 2011 that can incorporate all these issue.

New National Telecom Policy Of India 2011 By DOT

Telecom policy of India has been in controversies and government of India decided to change the same to clear it of its controversial nature. The government decided to adopt a new telecom policy of India 2011 that is in conformity with the contemporary standards. The first national telecom policy of India was written in 1994. It was subsequently reformulated as the new telecom policy in 1999 and was also amended in 2004. Now proposals have been given to formulate national telecom policy of India 2011.

The old telecom policy of India failed to consider issues like consumer friendly national telecom policy of India, telecom security of India, establishment of telecom security council of India, establishment of telecom security regulatory authority of India (TSRAI), etc. These issues must be considered by Indian government in general and ministry of communication and information technology (MCIT) in particular on a “priority basis”. Further, telecom security policy of India must also be formulated as soon as possible as India has already taken more than enough time in this regard.

The telecom policy of India 2011 must incorporate important matters like spectrum allocation, telecom security, maximum broadband penetration, encryption policy of India, central monitoring system of India, etc. Further, issues like lawful interception and maintaining a “balance” between security concerns and fundamental rights must also be a part of the same.

Indian government has also suggested formulation of a draft national frequency allocation plan 2011 of India (NFAP 2011). The NFAP 2011 must be legally effective and technologically sound. Presently, issues like encryption, VOIP, use of satellite phones, spectrum allocation, etc are not properly addressed by Indian government and the new telecom policy must adequately deal with them.

.Similarly, we have no telecom security policy in India and telecom equipments security framework in India. There is no mechanism in India through which telecom hardware and software can be analysed for backdoors and malware. Now Indian government has declared that telecom equipments must be certified by TEC before use in India. A proposal to store call data records has also been given. The norms for import of telecom equipments in India would also be formulated very soon.

Even the illegal telephone tapping in India requires legal scrutiny in India. Further, an e-surveillance policy of India must also be urgently formulated. India is the only country of the World where phone tapping is done without a court warrant and by executive branch of the Constitution of India. Phone tapping in India is “Unconstitutional” and the Parliament of India has not thought it fit to enact a “Constitutionally Sound Law” in this regard. Even the Supreme Court’s directions in PUCL case have proved futile and presently the Court is dealing with the issue once more.

Encryption is an unresolved enigma in India. We have no encryption laws in India and despite the suggestions of many experts’ encryption laws and regulations in India are still missing. Encryption has also become essential due to faulty electronic sniffing and e-surveillance approach of India. After many rounds of negotiations with encryption service providers like Blackberry, Skype, Gmail, etc, it has now been decided that these services should not be banned in India.

There are many more techno legal issues that must be part of the new telecom policy of India 2011. However, till now none of these issues have been redressed by any telecom policy of India. Perry4Law and Perry4Law Techno Legal Base (PTLB) hope that the proposed telecom policy of India 2011 would cover the abovementioned and many more techno legal issues discussed by us from time to time.

Cyber Law Due Diligence In India

Cyber Law Due Diligence and Cyber Security Diligence in India are two fields that are not taken seriously by Stakeholders and Intermediaries of India. Under the Information Technology Act 2000 (IT Act 2000) there are many “Due Diligence Requirements” that Banks, Internet Service Providers (ISPs), Search Engines, E-Commerce Portals, etc must fulfill. However, by and large these Due Diligence Requirements are seldom followed till some “Criminal Prosecution” takes place.

This “Mindset” needs to be changed in India. The Cyber Law of India has express provisions that provides for both Civil and Criminal Liabilities for “Non Observance of Due Diligence”. Once these provisions are attracted, the concerned Person or Institutions has to defend himself/itself in a Court of Law.

In India there is a lack of awareness about both Cyber Law of India as well Cyber Law Due Diligence Requirements in India. This is the main reason why Cyber Law Due Diligence has not been upto the requirements and expectations.

Of all stakeholders, Intermediaries must pay special attention to Cyber Law Due Diligence Requirements of India. Intermediaries like ISPs, Cyber Café owners, Web Hosting Service Providers, Blogging Platforms, etc have to take care of issues pertaining to Cyber Law, Cyber Security, Defamation Laws, Intellectual Property Rights (IPRs) Violations, etc.

A special care must be taken of the Online Copyright issues that are increasingly posing problems for Intermediaries. The liability of Internet Intermediaries for Copyright Violations is an issue that should be taken very seriously. With Laws like Digital Millennium Copyright Act (DMCA) and similar Laws, this liability has become very onerous.

“Take Down Notices” for Copyright Violations in the Cyberspace are very common these days. The moment a take Down Notice is communicated to the Intermediary, it becomes imperative on its behalf to take appropriate action. Further, the “Long Arm Jurisdiction” makes the applicability of National Law Extra Territorial. Even the Cyber Law of India has Extra Territorial Applicability.

Perry4Law and Perry4Law Techno Legal Base (PTLB) “Strongly Recommends” that all Stakeholders and Intermediaries must put in place Robust and Effective Due Diligence Mechanisms at their places. This would not only help them in preventing Crimes and Cyber Crimes but would also protect them from various Civil and Criminal Liabilities as well.

Cell Site Data Location Laws In India And Privacy Issues

Cell Site Data Location is not a very positive term. It has been in controversies for breaching Privacy Rights of the person whose Cell Site Data was acquired. Cell Site Data tells about the “Location” of a person who is carrying a cell phone, without his consent. This raises many “Privacy Issues” and “Legal issues” as it amounts to E-Surveillance and “Search without a Warrant”.

In the Indian context we have no Cell Site Data Laws. In fact, we have no Privacy Laws, Data Protection Laws, Data Security Laws, Anti Telemarketing Laws, Anti Spam Laws, etc. On the contrary, the Cyber Law of India, incorporated in the Information Technology Act 2000 (IT Act 2000), facilitates E-Surveillance, Internet Censorship, etc “Without any Procedural Safeguards”.

The Constitution of India provides that no Search or Warrant should be conducted without a “Procedure Established by Law”. The Supreme Court of India has given the expression Procedure Established by Law a wider meaning and this has made it a “Due Process of Law”. Now the Indian Government or its Agencies and Instrumentalities cannot “Infringe” upon any Fundamental Right of an Indian Citizen of Person without Due Process of Law.

The Due Process mandates that the Law in question must not be any Law made as a Façade or Formality but must be “Just, Reasonable and Fair”. If we analyse the IT Act 2000, especially after the Information Technology Amendment Act 2008 (IT Act 2008), its “Fails to Satisfy’ the Due Process Clause of Indian Constitution. In short, the Cyber Law of India carries many “Unconstitutional Provisions” and either the Law itself must be Repealed or those Unconstitutional Provisions must be Struck Down by Supreme Court of India.

India needs to formulate separate and dedicated laws for Cyber Law, Cyber Security, Cyber Forensics, Privacy Protection, Data Protection, Data Security, etc. Presently India has no such Laws as even the Cyber Law of India is not good, effective, strong and most importantly “Constitutional”.

As a matter of fact, with the active use of Technology by Indian Government and its Agencies and Instrumentalities, Constitutional Provisions are “Most Frequently Violated” in India. I hope the Supreme Court of India would take note of this “Downsizing” of Indian Constitution that has become a “Regular Feature” these days.

Encryption Service Providers Would Not Be Banned In India

Encryption related issues have always posed problem for our intelligence agencies and law enforcement agencies. Unable to deal with the encrypted services, the intelligence and law enforcement agencies of India tried to adopt the next possible approach. They decided to take the easier route of eavesdropping and e-surveillance instead of developing the cyber skills.

Naturally, the threats to ban encryption service providers like research in motion’s (RIM) Blackberry, Gmail, Skye, etc was the measure of last resort for our central home ministry. However, home ministry of India did not realise the effect of this decision and now this decision seems to be haste one.

A government panel set up to examine security threats regarding 15 forms of communications that cannot be tracked by law enforcement agencies here, has recommended that no service be banned purely on the grounds that it cannot be monitored.

It has recommended that in the short term, India should force operators who offer such services to either locate servers in the country or share encryption keys with security agencies and assist security agencies here in monitoring these services.

As a long-term solution, the committee has recommended that the upcoming Central Monitoring System (CMS) be made capable of intercepting any form of communication service offered within the country.

It has also endorsed the telecom ministry’s stance that the ultimate solution should involve intelligence agencies building up capabilities indigenously to monitor and intercept these technologies. The panel has also added that security agencies must avail the help of companies to build such capabilities.

The committee has said that security agencies must first check whether monitoring solutions are available in other counties before threatening to ban any specific communication service.

Before banning or blocking of encrypted communication impact on business and industry, e-commerce, e-governance, e-medicine, e-health, passport services etc should be taken into consideration. Further, banning or blocking services without providing an alternative may have international reactions and could affect other Indian industries such as BPO and IT outsourcing.

The government panel, with members from different ministries, including telecoms and IT, has also recommended that India raise its encryption levels from the present 40 bits to 256 bits, which is the standard in Europe and the US. Most western countries do not allow financial transactions on the internet through computers and mobile handsets, if the encryption level is less than 128 bits. India on the other hand does not legally allow encryptions beyond the 40-bit on the grounds that its security agencies lacked the technological capabilities to monitor data transfers on the internet when the coding is beyond this limit.

However, the Home Ministry and Intelligence Bureau (IB) whose members were part of the panel, have not signed these recommendations and have given their dissent note. The IB has said the recommendations by the panel shift the onus on encryption and decryption from mobile phone companies to the ‘designated agency’ (CMS) authorised by the home ministry, when ‘current experience was that government agencies were unable to track such services’. It has also pointed out that it may be impossible to persuade foreign players to locate servers in India or share encryption keys with security agencies here as recommended by the panel.

India needs to upgrade its intelligence infrastructure that is in real mess. Intelligence agencies need to develop intelligence gathering and analysis skills so that situations like the present one can be taken care of.

Finally, there are no legal frameworks for intelligence agencies, law enforcement agencies, data protection, privacy protection and data security. These legal frameworks must be at place so that legal and constitutional intelligence gathering can be taken place. India has to cover a long gap before all these requirements and capabilities are developed.

EU-India Joint ICT Research And Innovation Programmes

European Union (EU) and India have been engaged in many joint projects and Information and Communication Technology (ICT) related project is one of them. The project is named as Euro India Joint ICT Research and Innovation Programme. This Euro India ICT Cooperation is presently being implemented as the Seventh Framework Programme (FP7) under which both EU and India are jointly working.

As the name suggests, it is a Research and Innovation Programme. The Programme must cover within its fold Research and Innovation in the fields like ICT Legal Frameworks, Cyber Security, Cyber Forensics, E-governance, E-Commerce, Online Dispute Resolution (ODR), E-courts, E-Infrastructure and many more Techno Legal aspects of ICT.

Further, Intellectual Property Rights (IPRs) issues are also relevant for Euro India projects. IPRs issues pertaining to newly created IPRs, Technology Sharing and Transfer, Joint IPRs creations, etc also deserve to be clearly mentioned and regulated.

At the national level as well, the ICT Policy of India must be so formulated as to make the ICT Research and Innovation in India successful. Presently, there is no ICT Policy of India and we need a Techno Legal ICT Policy for India that can meet the requirements of contemporary times.

Even EU must look forward for a wide variety of Partners, Collaborations and Consortiums in this regard. The Euro India Joint ICT Research and Innovation Programmes must not be limiting in any manner and wide variety of Experts and Institutions must be taken within the fold of this Programme.

Euro India ICT Cooperation And Seventh Framework Programme (FP7)

The first Digital Agenda Assembly of European Union would be held on 16-17th June 2011. The Digital Agenda is one of the seven Flagship Initiatives of the Europe 2020 Strategy to make European economy’s Information and Communication Technology (ICT) Infrastructure robust, resilient and effective. The aim of European Union is to become the most dynamic competitive knowledge-based economy in the World.

The Digital Agenda Assembly would discuss many crucial and far reaching digital issues. These include open data and re-use of public sector information, e-identity and e-signatures, interoperability and standards, cyber security, financing and facilitating broadband projects, partnership-based ICT research and innovation, importance of social networks, mainstreaming e-learning in education and training, access and digital ability, smart mobility, ICT and management of creative content, IPv6 deployment in Europe, online safety of children, spectrum for wireless innovation in Europe, cloud computing strategy for Europe, digital literacy and e-inclusion, e-government driving innovation, etc

ICT has to play a key role if Europe wants to succeed in its ambitions Europe 2020 Strategy. Issues like E-Governance, E-Commerce, Online Dispute Resolution (ODR) and E-Courts, Technological issues of IPRs, etc must also be discussed in this or subsequent meetings.

These issues have a direct bearing upon Indian ICT environment as well. Euro India ICT Cooperation is presently jointly undertaking the Seventh Framework Programme (FP7) that bundles all research-related EU initiatives together under a common roof playing a crucial role in reaching the goals of growth, competitiveness and employment. FP7 is supplemented by the new Competitiveness and Innovation Framework Programme (CIP), Education and Training programmes, and Structural and Cohesion Funds for regional convergence and competitiveness.

The broad objectives of FP7 have been grouped into four categories: Cooperation, Ideas, People and Capacities. For each type of objective, there is a specific programme corresponding to the main areas of EU research policy. All specific programmes work together to promote and encourage the creation of European poles of scientific excellence.

The outcomes of the first Digital Agenda Assembly of European Union should be so applied that they may help in the growth objective of EU. India also needs to update its ICT Infrastructure as it is still lagging far behind. Rather than becoming a “Research Partner”, India must work in the direction of becoming an ICT Superpower.

White House Is Mulling Federal Cyber Security Law

United States (US) is a country that takes its cyber security very seriously. Recently US declared its international cyberspace strategy. US is also entering into bilateral cyber security agreements with various countries including India. Further, US is also advocating international cooperation for cyber security issues, though within the limits of existing international law framework and not through a dedicated international cyber security treaty.

Cyber attacks at the international level are getting worst and more sophisticated. Recently cyber attacks at Gmail, Citicorp, International Monetary Fund, etc have proved the point. Cyber security has become a necessity these days. Since cyber security is techno legal in nature, both laws and technology must be used to tackle cyber attacks.

India has a bad cyber law, missing cyber security and cyber warfare policy and absent cyber security laws. US on the other hand has good cyber laws and is now planning to have a federal cyber security law. The focus seems to be on developing both offensive and defensive cyber warfare capabilities. The department of homeland security may be entrusted with the job to secure US cyberspace.

In the Indian context, expecting cyber security law before a decade would be pre mature and over optimism. India must first make its cyber law potent and strong by repealing the existing one. But given the preference of e-surveillance over cyber security capabilities in India, the information technology act, 2000 may continue on the statute book despite it being a bad law having unconstitutional provisions.

Cyber security is an international concept and so must be the regulations governing the same. We need international harmonisation because a national approach in this regard would not be sufficed.

First Digital Agenda Assembly Of European Union

European Union (EU) has launched a very ambitious project titled Digital Agenda for Europe in the recent past. The European Commission launched in March 2010 the Europe 2020 Strategy to exit the crisis and prepare the EU economy for the challenges of the next decade. The Digital Agenda for Europe is one of the seven flagship initiatives of the Europe 2020 Strategy, set out to define the key enabling role that the use of Information and Communication Technologies (ICT) will have to play if Europe wants to succeed in its ambitions for 2020.

The overall aim of the Digital Agenda is to deliver sustainable economic and social benefits from a digital single market based on fast and ultra fast internet and interoperable applications. The Digital Agenda makes proposals for actions that need to be taken urgently to get Europe on track for smart, sustainable and inclusive growth. Its proposals will set the scene for the longer-term transformations that the increasingly digital economy and society will bring about.

To achieve these goals, the Commission will work closely with national governments, concerned organisations and companies. An annual Digital Assembly will bring stakeholders together to assess progress and emerging challenges. The first Digital Agenda Assembly would be held during 16th and 17th June, 2011.

The main objectives of the Assembly are to assess progress to date on delivery towards the Digital Agenda’s goals and actions and seek ways to improve delivery, identify challenges ahead for the implementation of the Digital Agenda and for the information society in general, mobilise stakeholders’ actions to make further progress and address challenges.

The European Commission has therefore invited a broad range of participants from industry, the research community and NGOs, as well as representatives from Member State governments, and the other EU institutions to assess progress in meeting the targets of the Digital Agenda.

Dispute Prevention And Resolution In The Film And Media Industry

Film and Media Industry of India is heading towards a great growth. At the same time Film and Media Industry is also facing issues of Piracy, Copyright Violations, etc. New Digital and Technological Measures have been adopted to prevent unauthorised and illegal use of works of Film and Media Industry.

In fact, India has been planning to formulate laws on the line of Digital Millennium Copyright Act (DMCA). However, Film and Media Industry of India cannot be protected unless we adopt Techno Legal Measures to prevent unauthorised use and distribution of their works.

Film and Media Industry of India is also frequently found in disputes with other for violation of its Legal and Intellectual Property Rights (IPRs). The traditional methods of Litigation in India are not very encouraging. We have to device methods like Alternative Dispute resolution (ADR) and Online Dispute Resolution (ODR).

At the International level, the World Intellectual Property Organisation (WIPO) has been providing world class Dispute Resolution Services for long. One such Service is known as WIPO Mediation and Expedited Arbitration for Film and Media. Surprisingly, Asian Film and Media Industry are not considering utilising the Services of WIPO in this regard. They are still taking their disputes before traditional Courts.

A great deal of ADR and ODR Disputes are “Referred” by Law Firms and Practicing Legal Professionals. They incorporate suitable “ADR and ODR Clauses” in the Technology Agreements, Film and entertainment related Agreements, etc. If these Firms and Professionals do not incorporate proper Arbitration Clause, a Dispute can never reach to International Organisations and would land up in a Court of Law.

At Perry4Law we are very particular of these considerations and we Draft various Film and Media Industry related Agreement accordingly. Of course, this is done only after duly informing the Parties to the Agreement and respecting the “Party Autonomy” concept.Further, while drafting and vetting Contractual Agreements involving Film and Media Industry, we specifically and consensually incorporate an ADR/ODR Clause mandating “Institutional Arbitration” through Institutions like WIPO Arbitration and Mediation Center or UNCITRAL based Arbitration Institutions, etc.

However, WIPO’s Mediation and Expedited Arbitration for Film and Media initiative cannot succeed till it is a part of “Holistic Effort” comprising of Law Firms and Professionals spread all over the globe.

Entertainment And Media Industry Growth And Challenges In India

Entertainment and media industries are growing at a fast rate. India’s media and entertainment industry is projected to grow by 18 per cent over the next five years and is expected to become a 1.157 trillion industry by 2012. With this growth there are also increasing cases of disputes as well. A majority of these disputes pertain to intellectual property rights (IPRs) issues.

Similarly, online entertainment is the next big thing for studios and broadcasters. The biggest changes are expected in the Internet, television distribution, video games and casinos sectors.

Although this growth and development is happening in many countries yet a majority of this growth is expected from “BRIC” countries, i.e. Brazil, Russia, India and China. Undoubtedly, the huge markets of China and India are leading that growth. However, we need to consider the legal challenges, especially IPRs issues, in order to fully benefit from this growth of entertainment and media industry.

Indian media and entertainment industry may face the legal challenges of IPRs laws and cyber law of India. IPRs laws like copyright, trademark, etc may be frequently violated and occasionally invoked to redress IPRs violations of media and entertainment industry in India. Similarly, online IPRs issues like domain name disputes may also be agitated in the future. Similarly, media and entertainment industry must keep in mind the mandates like “due diligence” and other provisions of Information Technology Act, 2000.

Media and entertainment industry will also face technological challenges in future. For instance, the issues pertaining to digital preservation of entertainment industry products may assume significance in future. This requires a domain specific and techno-legal expertise that India may not currently possess. This situation requires a shift in the academic and professional education in India that needs to be suitably adopted keeping in mind the contemporary needs.

Spear Phishing Is A Potential Threat To Financial Institutions

Cyber security of banking and financial institutions has become very important these days. Recently the Citicorp confirmed the occurrence of cyber attack upon its bank’s network. In India as well ATM frauds, credit card frauds, online banking frauds, etc have increased a lot.

However, of all these cyber crimes, phishing is the most dangerous one for banking customers. If it is a case of spear phishing, it becomes deadly as the targeted person is specifically targeted for this purpose. The attack tactics are also specifically designed for the attack purposes.

The spear phishing cases appear so genuine that even tech savvy people are fooled into divulging sensitive information. Recently Reserve Bank of India (RBI) constituted a working group on information security that gave many good cyber security recommendations. However, the implementation of these recommendations has still not been achieved.

This gives lots of space for cyber crimes like spear phishing. Recent break-ins at high-profile targets like the International Monetary Fund (IMF) demonstrate just how proficient hackers have become at spear phishing.

Today’s spear phishing is not only more prevalent but also much more technically proficient. They’re not going for a password, anymore, they’re getting people to install malware on their computers.

According to the reports the IMF suspected that a phishing attack against one of its workers planted malware on a machine, which was then presumably used to scout the network for data to steal. But the IMF incident was only the most recent in a series of specialized attacks this year aimed at targets from the Oak Ridge National Laboratory and the French foreign ministry to Google’s Gmail.

Recent cyber attacks on multinational firms and institutions, from Google and Citigroup to the International Monetary Fund, have raised fears that governments and the private sector are ill-prepared to beat off hackers. The latest high-profile target was the U.S. Senate’s website, which was hacked over the weekend.

However, as far as India is concerned, it has neither a good cyber security strategy nor a strong cyber law. Even cyber crisis management plan of India is practically missing. Indian banks must urgently revamp their cyber security so that interests of bank customers can be safeguarded.