Monthly Archives: March 2012

Motion For Annulment Of Intermediary Guidelines Moved In Rajya Sabha

Of late cases of excessive delegated legislations have increased a lot in India. So much so that even the main legislative function of Parliament of India has been overshadowed by this exercise and Parliament of India has become almost redundant.

Unfortunately, Parliament of India seldom considers these delegated legislations that are formulated in the form of Rules. This is also the main reason why many constitutional issues that are required to be discussed through a debate in Parliament never take place.

The Information Technology Act 2000 (IT Act 2000) is the cyber law of India. It is also the classic example where Parliament of India has abdicated its legislative duties in favour of Indian executive. Instead of making a full fledged and composite cyber law of India, the Parliament of India has left it incomplete and for the executive branch of Indian constitution to take care of.

The department of Information Technology (DIT) has drafted many rules under the IT Act 2000 and they have never been scrutinised by the Parliament of India in the manner they are required to be scrutinised. Perhaps the technical nature of the legislation is the main reason why no Member of Parliament is in a position to analyse and challenge the same.

Fortunately, a Rajya Sabha MP from Kerala, and a member of the Communist Part of India (Marxist), has moved a motion in the Rajya Sabha for the annulment of the Information Technology (Intermediary Guidelines) Rules 2011. It is not the case that these Rules are bad but the incident at least showed that Members of Rajya Sabha/Parliament take interest in the cyber law of India. As a matter of fact all Rules made under the IT Act 2000 must be seriously debated in the Parliament of India.

The Rajya Sabha did what it could have done the best. The Rajya Sabha recommended that this motion should also be recommended to the Lok Sabha. The Rajya Sabha resolved that the Information Technology (Intermediaries Guidelines) Rules, 2011 issued under clause (zg) of sub-section (2) of Section 87 read with sub-section (2) of Section 79 of the Information Technology Act, 2000 published in the Gazette of India dated the 13th April, 2011 vide Notification No. G.S.R 314(E) and laid on the Table of the House on the 12th August, 2011, be annulled. The Rajya Sabha also recommended to Lok Sabha that Lok Sabha do concur on this Motion.

On the similar matter, a Public Interest Litigation (PIL) has also been filed in the Kerala High Court, challenging the constitutional validity of these Rules. This entire exercise could have been avoided if the Parliament of India manages its legislative functions more properly. The bigger question is do we need Parliament of India at all in these circumstances.

US House Intelligence Committee Is Investigating Huawei Cyber Espionage Angle

Cyber espionage and cyber warfare are two issues that are taken very seriously by all nations. This is logical as well as a planned and targeted cyber espionage strategy and cyber warfare attack can provide sensitive, crucial and important information to the attacker adversary.

Recently the cyber security concerns excluded Huawei from Australian Broadband Project (ABP). Even ZTE has been accused of facilitating e-surveillance in Iran. Now it has been reported that the US House Intelligence Committee is investigating Huawei role amid concerns that it is an arm of Beijing’s cyber-espionage effort.

The recent episode of banning Huawei from bidding on Australia’s $37.5 billion national broadband (NBN) project reflects the growing distrust and discomfort of the Western security agencies over suspicions that these telecom companies work with Beijing to steal commercial or strategic information.

The investigation by the US House Intelligence Committee would focus on the threat posed by Chinese telecom equipment providers to critical infrastructure in the US. However, Huawei has been denying such allegations and possible security threats from its equipments.

China has been increasingly accused of engaging in cyber espionage and cyber warfare activities. Even India has been targeted through cyber espionage and cyber warfare attacks. Similarly, India has also raised concerns regarding using telecom equipments of Huawei and ZTE for cyber security reasons.

Although we have no applicable telecom equipments security framework of India yet Indian government has shown great concerns regarding telecom security. Indian government has also announced that telecom equipments must be certified by TEC in India before use. This is the reason why telecom equipment providers like Huawei and ZTE were trapped in telecom security tangle of India.

There is an urgent need to formulate a new national telecom network security policy of India. In fact, a national telecom network security coordination board (NTNCCB) of India has already been suggested to be constituted in India. Some significant provisions in this regard have also been suggested by the national telecom policy of India 2012. However, by and large, the telecom security infrastructure and telecom policy of India are still defective and insufficient.

Meanwhile Chinese telecom companies like Huawei and ZTE are performing really well in Pakistan, Nigeria, etc where they got good contracts to execute. However, sooner or later, the cyber security issues would be raised at such places as well. It is in the interest of Huawei and ZTE to clear the air of suspicion so that its business is not adversely effected.

Cyber Security Concerns Excluded Huawei From Australian Broadband Project

Chinese telecom companies like Huawei and ZTE are facing growing concerns of cyber security. Many nations have shown their concerns regarding possible attack upon their critical infrastructures that are dependent upon telecom infrastructure if they use telecom equipments of these Chinese companies.

A common cause of concern is the possibility of existence of embedded malware and backdoor in the Chinese telecom equipments. While Chinese telecom equipments makers are trying their level best to convince the governments of various nations about the safety of their equipments yet the Chinese telecom equipment makers are increasingly being excluded from national contracts.

In India, although we have no applicable telecom equipments security framework of India yet Indian government has shown great concerns regarding telecom security. Indian government has also announced that telecom equipments must be certified by TEC in India before use. This is the reason why telecom equipment providers like Huawei and ZTE were trapped in telecom security tangle of India.

ZTE has also been facing allegations of providing e-surveillance equipments to Iran. Now it has been reported that Huawei has been blocked from bidding on Australia’s $37.5 billion national broadband (NBN) project. Australian Prime Minister Julia Gillard cited cyber security concerns for taking such an action.

NBN plans to cater around 93 percent of Australian demand for Internet connections by 2017. Obviously, with such large percentage of connectivity, this broadband infrastructure would be the backbone of Australia’s Internet infrastructure. So Australia took a very cautious step by excluding the telecom equipments of Huawei.

Huawei has maintained a positive attitude in this situation and it is expecting a future partnership with Australia in this regard. At the same time, Huawei is also working hard to remain open and transparent so that its credibility remains unblemished.

Meanwhile, there is an urgent need to formulate a new national telecom network security policy of India. In fact, a national telecom network security coordination board (NTNCCB) of India has already been suggested to be constituted in India. Some significant provisions in this regard have also been suggested by the national telecom policy of India 2012. However, by and large, the telecom security infrastructure and telecom policy of India are still defective and insufficient.

Has ZTE Facilitated E-Surveillance In Iran?

Human rights protection in cyberspace is an area that requires urgent attention of United Nations and international community. The way national governments are engaging in illegal and unconstitutional e-surveillance, civil liberties in cyberspace are in great danger.

Further, cyber security concerns of telecom equipments have also put forward their own unique questions. Although we have no applicable telecom equipments security framework of India yet Indian government has shown great concerns regarding telecom security. Indian government has also announced that telecom equipments must be certified by TEC in India before use. This is the reason why telecom equipment providers like Huawei and ZTE were trapped in telecom security tangle of India.

Now ZTE has been facing accusations of selling powerful e-surveillance systems to Iran that are capable of monitoring telephone and Internet communications. Reacting sharply to these accusations, ZTE has announced that it will curtail its business in Iran. It has also been reported that despite a longtime U.S. sales ban on tech products to Iran, ZTE’s “Packing List” for the contract, dated July 24, 2011, included numerous American hardware and software products.

India is also planning to install a similar e-surveillance system known as central monitoring system of India that can achieve similar results. India has also announced to establish an Indian national cyber coordination centre (NCCC). However, while doing so the big brother in India must not exceed its limits. Such initiatives can strengthen national security only if civil liberties and procedural safeguards aspects are taken care of. India’s telecom security policy is needed to legally manage the human rights and civil liberty issues.

As far as foreign telecom equipment providers like Huawei and ZTE are concerned, they must keep their business very clean and far from suspicion. Issues like e-surveillance, backdoor allegations, etc must be avoided to retain a stake in Indian market.

National Counter Terrorism Centre Of India: The Problems and Solutions

This is the research analysis of Perry4Law and Perry4Law Techno Legal Base (PTLB) regarding the legality, constitutionality, requirements, etc of establishment of national counter terrorism centre of India. Perry4Law and PTLB have outlined all the legal constitutional and administrative issues at a single place so that parliament of India, home ministry and Indian government can consider the same. Perry4Law and PTLB hope that this analysis would be useful for all concerned.

National counter terrorism centre (NCTC) of India has been facing many ups and downs. This is despite the fact that national counter terrorism centre (NCTC) of India is required to meet the growing national security requirements of India.

However, there are many constitutional, legal and administrative challenges that NCTC is facing. In the past the NCTC of India was downsized in its nature, scope and functions. Now NCTC of India is facing stiff oppositions from various States that consider establishment of NCTC as an encroachment upon their law and enforcement powers and federalism features of Indian constitution.

However, these objections and oppositions are mostly politically motivated and are not truly striking at the real problem from which NCTC has been suffering. The real issue that must be demanded by political parties is that parliamentary oversight of intelligence agencies of India is needed. Till now there is no parliamentary scrutiny of the intelligence agencies in India.

Indian Government is too reluctant to ensure parliamentary oversight for intelligence agencies and law enforcement agencies of India. If this is not enough, Indian government has been launching new projects having serious “constitutional ramifications” and “civil liberties violation” effects.

For instance, the national counter terrorism centre (NCTC) project of India, national intelligence grid (Natgrid) project of India, Aadhar project of India, crime and criminal tracking network and system (CCTNS), etc are not governed by any legal framework and parliamentary oversight. Indian government is not willing to understand and accept that intelligence work is not an excuse for non accountability.

For some strange reasons intelligence infrastructure of India has become synonymous for non accountability and mess. There is neither any parliamentary oversight nor and transparency and accountability of the working of intelligence agencies of India.

Even a basic level effort to enact a legal framework for intelligence agencies of India is missing in India. The first and foremost challenge to such parliamentary oversight mechanism comes from the intelligence agencies themselves that do not wish to be governed by any rules and norms at all. Then we have “bureaucratic hurdles” in India that do not allow such a legal framework to be proceeded with. Finally, the parliament of India itself is not interested in bringing these intelligence agencies within the fold of parliamentary oversight.

Take the example of the recent private bill titled intelligence services (powers and regulation) bill, 2011. It was shelved out by none other than the Indian Prime Minister Dr. Manmohan Singh who announced that law on intelligence agencies would be formulated soon. However, it proved nothing but a “time gaining tactics” and so far intelligence agencies of India are not governed by any legal framework and parliamentary oversight. Interestingly, even the central bureau of investigation (CBI) is riding the same boat. The draft central bureau of investigation act, 2010 is another example where the Indian government is just interested in making “declaration” with no actual “intention” to implement the same.

In these circumstances, can the States trust the Centre regarding the establishment of National Counter Terrorism Centre (NCTC) of India? The answer is definitely negative even if States keep their “political interests” aside. Of course, there are “practical difficulties” and “internal turf war” among various agencies and ministries of Central government a well. It seems the obvious but unsolvable terrorism dilemma in India would continue as national interest of India and fighting terrorism is not a “national priority”.

Till now the constitutionality of the national investigation agency act 2008 (NIAA 2008) has not been accepted by States and now NCTC has been launched through an “executive order”. The practice of clubbing new projects, agencies and institutions with existing laws is a bad approach. So NCTC without a legal framework is definitely unconstitutional and even tagging it with the Unlawful Activities (Prevention) Act, 1967 would not save it from the patent and apparent unconstitutionality with which it is suffering.

The NCTC project of India is also “very significant” for the national security of India. Terrorist attacks against India are on increase and we need a “specilaised institution” like NCTC to provide and analyse valuable intelligence inputs and leads.

The real problem seems to be “lack of coordination and harmonisation” between the Centre and States. The Constitution of India has made a clear demarcation between the legislative, executive and judicial powers of Centre and State. The NIAA 2008 and NCTC are sitting at the “border line” of the legislative and executive powers of Centre that can be challenged by various States.

The intentions of Home Minister Mr. P.Chidambaram are good but the concerns of States are also of equal force. Further, the turf war between multiple intelligence agencies operating under different government ministries is also causing problem for the successful establishment of NCTC. Even there is a lack of proper planning and management on the part of Union Home Ministry that is causing delayed implementation of projects like Natgrid, NCTC, CCTNS, etc.

If Mr. P. Chidambaram really wants his projects to become successful, he has to think well beyond the present “parameters and objectives” set by Indian government in general his own ministry in particular. A good starting point can be formulation of a “constitutionally sound legal framework” that can confer legitimacy and constitutionality to projects like NATGRID, NCTC, CCTNS, etc. Obviously, States must be taken into confidence before starting any such legislative exercise.

This must be supplemented by sound planning and management. The projects of Home Ministry are neither simple nor easy to execute. They required dedicated efforts from all directions. Experts from diverse fields must be on panel of Home Ministry so that these Projects can be successfully implemented. We are sure Home Minister Mr. P. Chidambaram would have already considered these aspects and we wish all the best to him in this regard.

National Telecom Policy 2012 Of India

The national telecom policy of India 2012 is in pipeline. It is in continuation of its precursor i.e. the national telecom policy of India 2011. It has incorporated many far reaching reforms that if accepted can really streamline the telecom sector of India.

The Telecom Regulatory Authority of India (TRAI) has done a good job by combining the suggestions and recommendations of various stakeholders. In fact, the proposed national telecom policy 2012 of India is an improvement over the policy suggested in 2011.

Perry4Law and Perry4Law Techno Legal Base (PTLB) provided its techno legal public inputs in this regard and many of them have been endorsed by TRAI. TRAI has also accepted many suggestions of Perry4Law on telecom policy of India.

Some of the suggestions of Perry4Law and PTLB that have been accepted by TRAI pertain to issues like establishing servers in India, establishing cloud computing legal framework in India, establishment of telecom security in India, reconciling privacy rights and law enforcement requirements, reconciling privacy rights and national security requirements, adoption of lawful interception methods, telecom dispute resolution reforms in India, crisis management and emergency response services, delivery of e-services in a time bound manner, digitisation of governmental records, establishing cloud computing best practices in India, encryption and privacy issues of cloud computing, establishing a centralised monitoring system in India, etc.

However, these are very broad and important aspects that require suitable modification of the constitution and powers of TRAI so that TRAI can fulfill the commitments and policies that have been suggested in the 2012 policy.

Fortunately, the Telecom Commission has agreed to grant to TRAI the powers to penalise the defaulters. If finally approved by the appropriate authority, TRAI will be able to summon companies and individuals, call for evidence and even seek expert advice while conducting an enquiry, in order to ensure that telecom companies comply with rules, especially those concerning phone users in the country.

This is a much needed power that should be conferred upon TRAI so that it can perform its functions and duties more efficiently. Perry4Law and PTLB welcome this move and wishes TRAI all the best in this regard and hope that TRAI would emerge as a super regulator in the field it is managing.

Online Sale And Purchase Of Prescribed Drugs and Medicines In India

Online sales and purchase are governed by electronic commerce transactions. We have no dedicated e-commerce laws and regulations in India. However, a basic level legal e-commerce framework has been provided by the Information Technology Act, 2000 (IT Act 2000) that is the cyber law of India.

While we have basic level e-commerce legal framework in India yet e-health related legal framework is missing. For instance, e-health in India is facing legal roadblocks. Till now we do not have any dedicated e-health laws and regulations in India. The legal enablement of e-health in India is urgently required.

When technology is used for medical purposes, it gives rise to medico legal and techno legal issues. In United States, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Health Information Technology for Economic and Clinical Health Act (HITECH Act), etc are some of the laws that take care of medico legal and techno legal issues of e-health and telemedicine.

As far as India is concerned, we have no dedicated e-health and telemedicine laws in India. Even essential attributes of these laws like privacy protection, data protection, data security, cyber security, confidentiality maintenance, etc are not governed by much needed dedicated laws.

Ordinary commodities can be comfortably sold through e-commerce websites. However, health related commodities, especially prescribed medicines and drugs, are not easy to manage in an online environment. This is the reason why we have almost nil online sales of prescribed drugs and medicines in India as on date.

We need a dedicated law regarding e-health in general and online sale and purchase of prescription drugs in particular. The laws that deal with sales of prescribed medicines and drugs were enacted many decades ago when information and communication technology (ICT) driven innovative e-commerce methods were not within the contemplation of the legislature. Naturally, these laws are silent about their applicability to online sale and purchase of prescription drugs and their online trading.

Till now many e-health players are not aware whether the present laws allows or disallows the buying and selling of medicines through websites. Though over-the-counter products are no problem, online trade of prescription medicines is a sensitive issue. There are far too many issues involved regarding safety and authenticity of online drug stores.

Most western countries have allowed online sale of medicines. Even China has recently allowed opening of online medical stores for its pharmaceutical industry when about 20 companies were given licenses in this regard and they are doing well. In India, most players are afraid of engaging in online sales of prescribed medicines because of the uncertainty in the legal framework. Time has come to enact a dedicated law that allows online sales and purchase of prescribed drugs and medicines in India.

E-Delivery Of Justice In India Needed

Electronic delivery of justice in India has failed to achieve what was desired. From 2003 to 2012 we have failed to establish e-courts in India. Till March 2012 we are still waiting for the establishment of first e-court of India. So for all practical purposes establishment of e-courts in India is still a distant dream.

E-Courts in India are still in the first stage of computerisation in some of the aspects of the courts. Full fledged e-filing, submission of plaints and documents online, online evidence producing, etc. are still missing. Although the e-governance initiatives such as e-filing at Supreme Court, online case status, online judgments and online case lists have begun, yet the e-court initiative still has a long way to go.

The constitutional right to speedy trail is still a dream in India and speedy justice through e-courts is at most a fiction in India. Right to a speedy trial is contained in Article 21 of the Indian Constitution. It mandates a speedier and timely disposal of a case. Presently, India is facing a mammoth backlog of cases that can be reduced drastically by use of ICT and e-courts. The efforts for the establishment of e-courts in India are not sufficient and needs rejuvenation.

This is happening because the legislature and executive are not versed with the litigation and the legal fraternity is never consulted while making techno-legal laws. Even firms and individuals who can deal in e-courts related projects are limited in number. For instance, Perry4Law Techno Legal Base (PTLB) is managing the exclusive techno legal e-courts training and consultancy centre of India. There is no other e-courts training and consultancy centre in India and even abroad.

India has taken nine years and still e-courts have not been established. Time has come to take e-courts project of India seriously and start working in this direction.

Electronic Delivery Of Justice In India: Why It Failed?

Establishment of Electronic Courts in India is a tedious and complicated process. It requires tremendous Techno Legal Expertise without which Electronic Courts in India cannot be established.

The key advantages of establishment of Electronic Courts in India is achievement of Transparency and Efficiency, reduction in Corruption and Backlog of cases, Cost and Time Saving, Witness Protection, etc. Through E-Filing cases can be filed from any part of India and if we use E-Trials as well we would be allowing greater participation of Witnesses in Court Proceedings.

It must also be understood that there is a difference between a Computerised Court and Electronic Court (E-Court). Although we have many Computerised Courts in India, even in District Courts of Delhi and High Court of Delhi, yet we do not have a single E-Court in India till March 2012.

Till a Computerised Court is capable of Electronic Filing, Electronic Evidence Submission, etc through Internet it cannot be termed as an E-Court. Presently, physical presence at the Court’s premises is required to submit files and documents on Electronic Media like CDs and that negates the whole concept of E-Courts in India.

Lack of Techno Legal Expertise is the main reason for poor performance of E-Courts in India. Further, Governmental and Judicial Will to establish E-Courts in India are also missing. Establishment of E-Courts in India can help in reducing the backlog of cases in India. Although there are no exact figures that can be given in this regard yet I believe that establishment of E-Courts could help in reducing Backlog of cases upto 30%.

It is absolutely required to establish E-Courts in India as soon as possible. The first indication of establishment of E-Courts in India was given in the year 2003. However, till now not even a single E-Court has been established by any State or by Centre. India must establish few E-courts within the next Five years.

However, establishment of E-Courts in India in the next Five years depends upon how “Serious” we are regarding establishment of E-Courts in India. With the present “Speed” and “Commitment” we cannot establish even a single E-Court in India by 2017. However, if we start working in this direction right now, establishment of few “Experimental E-Courts” is possible till 2017. Time has come to seriously work in this regard as Electronic Delivery of Justice in India has failed to materialise so far.

Mobile Cyber Security In India

Mobile phones have become ubiquitous these days. They are used for multiple purposes ranging from personal use to mobile banking. Cyber criminals have also realised the importance of mobile phones for committing cyber crimes and financial frauds. This is also the reason why malware writers are also writing mobile phone specific malware to steal confidential and sensitive information.

Mobile cyber security in India has become a cause of concern these days. Mobile phones are now proposed to be used for mobile banking and mobile governance in India. Naturally, we must ensure robust mobile cyber security in India. An electronic authentication policy of India can help in more active and secure mobile usages in India. Mobile governance and e-authentication in India are also closely related and with the proposed electronic delivery of services in India this is also a must have requirement.

For the time being we have no implementable electronic delivery of services policy of India though it may be in pipeline. Indian government is working in the direction of ensuring electronic delivery of services in India. In fact a legal framework titled electronic delivery of services bill 2011 (EDS Bill 2011) has also been proposed by Indian government.

Once the EDS Bill 2011 becomes an applicable law, governments across the India would provide electronic services through various modes, including mobile phones. This requires putting a robust and reliable mobile security infrastructure in India.

However, using of mobile phones for commercial and personal transactions in India is also risky. For instance, the mobile banking in India is risky as the present banking and other technology related legal frameworks are not conducive for mobile banking in India. Similarly, we do not have a well developed e-governance infrastructure in India. As a result India is still not ready for m-governance.

We at Perry4Law and Perry4Law Techno Legal Base (PTLB) believe that the biggest hurdles before the mobile related uses in India pertain to use of weak encryption standards and non use of mobile cyber security mechanisms in India. Absence of encryption laws in India has further made the mobile security very weak in India.

The ever evolving mobile malware are further increasing the woes of mobile users’ world wide. Recently 50 applications within Google’s official Android Market were found to be contaminated with DroidDream malware. The malware stole sensitive information like phone’s International Mobile Equipment Identity (IMEI) Number and the SIM card’s International Mobile Subscriber Identity (IMSI) number. It then sent it to a command-and-control server. Similarly, other spyware and bugs are also infecting mobile phones worldwide.

It is high time for India to seriously work upon mobile cyber security aspects as soon as possible. The policy decisions in this regard must be taken urgently and must be implemented as soon as possible.