Monthly Archives: January 2014

M-Health Laws And Regulations In India Needed

M-Health Laws And Regulations In India NeededUse of information and communication technology (ICT) is increasingly being used to deliver health related services around the world. In the Indian context, health related services are not readily available. In remote areas and villages, patients have to travel all the way to big cities to get themselves treated. Some of these illnesses are of simple nature and they can be suitably treated with a simple consultation with the doctor. Such consultation can take place through the use of video conferencing and other technology instruments like mobiles.

This use of mobile devices to deliver health related services is popularly known as m-health. In India, m-health is still in infancy stage. The technological and legal issues of m-health are still evolving. As a result, most of the m-health service providers are not complying with either technological or legal requirements applicable in India. Cloud computing and virtualisation have introduced their own techno legal challenges to m-health related services.

In India, e-health related legal framework is missing. For instance, e-health in India is facing legal roadblocks. Till now we do not have any dedicated e-health laws and regulations in India. The legal enablement of e-health in India is urgently required. Naturally, dedicated m-health laws and regulations in India are also missing and different laws apply to m-health related issues in India. Telemedicine and online pharmacies laws in India and their legal implications and liabilities are also unknown to various m-health professionals.

The privacy rights in India in the information age have also posed many legal challenges before m-health companies and entrepreneurs in India. Although we have no dedicated  privacy laws in India and data protection laws in India (PDF) yet there  are certain legislations in India that govern both privacy and data protection aspects of m-health industry in India.

The cyber litigations against foreign websites would increase in India. M-health entrepreneurs must also keep in mind the requirements of Internet intermediary liability in India and cyber law due diligence in India (PDF). The new Indian Companies Act, 2013 (PDF) would further raise the incidences of corporate criminal liability in India.

When technology is used for medical purposes, it gives rise to medico legal and techno legal issues. In United States, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Health Information Technology for Economic and Clinical Health Act (HITECH Act), etc are some of the laws that take care of medico legal and techno legal issues of e-health and telemedicine. India also needs laws like HIPPA and other similar laws that can regulate m-health related issues in India.

Virtualisation, Cloud Computing Solutions And Encryption Usage In India: Legal Compliances Issues

Virtualisation, Cloud Computing Solutions And Encryption Usage In India Legal Compliances IssuesMany entrepreneurs have shown great interest in cloud computing and virtualisation services in India. However, a dedicated cloud computing legal framework is missing in India and it is governed by provisions scattered under numerous legislations. Another related problem that both cloud computing and virtualisation businesses must tackle pertains to respecting privacy rights in India in the information age. The dedicated privacy laws in India and data protection laws in India (PDF) are also missing. This has complicated the cloud computing and virtualisation business scenario in India.

Virtualisation, cloud solutions and encryption are three issues that are interrelated. These aspects are interrelated through various applicable laws in India that all virtualisation and cloud computing companies must follow to avoid legal liabilities. Cloud computing and virtualisation service providers in India are required to comply with Internet Intermediary liability prescribed under the Information Technology Act, 2000.

The present trend in India in this regard is not very encouraging. Virtualisation and cloud computing service providers are either not aware of applicable Indian laws or they are working in gross regard of the same. Even requirements of Indian laws pertaining to encryption usage in India are not followed in proper manner.

Virtualisation and cloud computing service providers in India must not only follow the encryption laws of India but they must also ensure cyber law due diligence in India (PDF). This is more so when the cyber law due diligence for companies in India has become very stringent and foreign companies and websites are frequently prosecuted in India for non exercise of cyber due diligence. The cyber litigations against foreign websites would increase in India. The Google’s Online Defamation Case is the contemporary example n this regard.

Perry4Law and Perry4Law Techno Legal Base (PTLB) have provided the Cyber Law Trends and Developments of India 2013 (PDF), Cyber Security Trends and Developments in India 2013 (PDF) and Cyber Forensics Trends and Developments in India 2013 (PDF). According to these trends cyber due diligence for cloud computing, social media, virtualisation services, etc would be required to be exercised frequently in India by various technology players.

Further, although we have no dedicated legal framework for cloud computing in India as on date yet legal and regulatory issues of cloud computing in India would arise in future. In fact, cloud computing in India is legally risky. Further, e-discovery for cloud computing in India would also bring its own share of techno legal issues. Companies dealing in virtualisation and cloud computing services must ensure that they are complying with various techno legal requirements in India.

BitInstant’s CEO Charlie Shrem Charged With Money Laundering Activities In United States

BitInstant’s CEO Charlie Shrem Charged With Money Laundering Activities In United StatesBitcoins recently witnessed an interest and craze of mass scale. Individuals and companies around the world started exploring Bitcoins as a potential and remunerative investment without considering its volatility and possible legal challenges. Naturally, governments around the world started targeting Bitcoins and their dealings in an illegal manner. Some countries totally banned Bitcoins whereas other shave issued warnings and precautions against their uses.

Meanwhile, businesses tried to make Bitcoins a part of their dealings. For instance, hotels, casinos, online gaming websites, salons, restaurants, etc have started accepting Bitcoins as a mode of payment for their services. However, this is a risky proposition and it may also bring civil and criminal charges against those accepting and giving Bitcoins. This is because the legality of Bitcoins is still not clear in many jurisdictions.  Even the Bitcoin exchanges and Bitcoins websites operating in India must comply with Indian laws to be legal.

It has been reported by Washington Post that Charlie Shrem, the CEO of Bitcoin exchange BitInstant, has been charged with money laundering. A press statement (PDF) from U.S. prosecutors in Manhattan said that Shrem knowingly facilitated illegal purchases on the now-shuttered underground drug marketplace Silk Road. According to the government, a man named Robert Faiella worked with Shrem to sell Bitcoins to Silk Road users. The two men allegedly sold more than $1 million worth, with Shrem giving Faiella a volume discount on BitInstant’s fees.

“Upon receiving orders for Bitcoins from Silk Road users,” the government said, Faiella filled the orders through BitInstant, which “was designed to enable customers to exchange cash for Bitcoins anonymously, that is, without providing any personal identifying information, and it charged a fee for its service.” According to the government, that runs afoul of U.S. money laundering laws, which require payment companies like BitInstant to collect information about their customers, monitor their transactions, and report “suspicious” transactions to the government. Shrem failed to do this, the government says. Faiella is also facing charges.

In India, the RBI cautioned users of virtual currencies against various risks. These include legal risks as well. Meanwhile, the Enforcement Directorate (ED) searched two Bitcoins websites and their offices. ED believes that Bitcoins can be used for Hawala transactions and funding terror operations. In the present non compliance environment and increasing Bitcoins frauds and crimes, more such searches and arrests are anticipated in India and other parts of the world.

Intelligence Bureau (IB) Expediting The Testing Of VOIP Interception System In India

Intelligence Bureau (IB) Expediting The Testing Of VOIP Interception System In IndiaE-surveillance and eavesdropping has tremendously increased in India. the Indian government is bringing systematic changes in the telecom policies and licences to enforce these e-surveillance oriented exercises. Even the Information Technology Act, 2000 was amended in the year 2008 to confer unlimited e-surveillance powers upon Indian government and its agencies. So bad is the situation that there have been suggestions regarding repealing of the Indian cyber law and Indian telegraph law.

Nevertheless till these unconstitutional laws are repealed, they would still govern the commercial relationships between telecom companies and Indian government. Recently, the Indian government introduced fresh set of do’s and don’ts for telecom companies for lawful interception bringing internet telephony VoIP, SMS and MMS under Indian Telegraph Act. Further, the IT Act, 2000 prescribes many cyber laws due diligence requirements (PDF) that Indian telecom companies are not at all following. For instance, the reports of violations of cyber law due diligence and Internet intermediary rules by Tata Teleservices Limited and Airtel are well known.

Now the Ministry of Home Affairs, India has decided to tighten the noose further. The ET has reported that Home Secretary Anil Goswami has sought Telecom Secretary MF Farooqui’s intervention to expedite clearance for the Intelligence Bureau (IB) to test an interception solution to monitor voice over internet protocol (VoIP) calls in India. If the trial is successful, it will be possible to screen VoIP services offered by the likes of Skype, Yahoo Messenger, GTalk, Fring and RediffBol, among others in India. This is in addition to the legal requirement that Internet telephony and VOIP service providers must establish servers in India now.

The IB plans to test the VoIP interception solution on Bharat Sanchar Nigam Ltd’s networks in consultation with the department of electronics and IT. “A team of DeiTY and Intelligence Bureau officers may be permitted access to BSNL’s networks to test a lawful interception solution on VoIP traffic,” Goswami wrote to Farooqui.

The home secretary’s letter also added that the IB would be the law enforcement agency under Section 5(2) of the Indian Telegraph Act, 1885, which “would be maintaining a full record of VoIP traffic intercepted on test basis and retain only transcripts required in the interest of national security”.

Apart from the IB, the home ministry also plans to instruct India’s Computer Emergency Response (Cert-IN) team to maintain a full record of the VoIP interception trails on BSNL’s network. Cert-IN has been mandated by the government to respond to computer security incidents, track system vulnerabilities and promote effective IT security practices.

The home ministry had recently urged the telecom department to block all VoIP services that cannot be monitored or intercepted in audible or viewable format by national law enforcement agencies. It had even suggested that the DoT tweak the licence norms to make it binding on service providers to allow interception of VoIP traffic. Learning from the interception pilot will be used by the government to fine tune the Centralised Monitoring System (CMS), the much-awaited national surveillance system that will equipped to track all forms of communications, including wireless, landline, satellite, internet and VoIP calls from next year. Further, the Internet Spy System Network and Traffic Analysis System (NETRA) of India, Aadhar, National Intelligence Grid (NATGRID), etc would also support intelligence agencies e-surveillance initiatives in India.

The life of telecom companies and companies engaged in telecom related business is going to be a tough one in the near future. They have to comply with the techno legal requirements where both technical and legal issues would be required to be complied with in true letter and spirit.

Indian Cyber Law And Telegraph Act Should Be Immediately Repealed And Reenacted By Parliament

PRAVEEN-DALAL-MANAGING-PARTNER-OF-PERRY4LAW-CEO-PTLB1What exactly is the role of Parliament? The most common answer would be to enact Laws from time to time. However, Parliament also has a role to not only weed out outdated Laws but also to repeal and reenact “Constitutionally Sound Laws”. If Parliament allows Outdated and Unconstitutional Laws to continue that would create Chaos and Anarchy and question the very concept of “Separation of Power in India”.

In the Indian context, we have thousands of Laws that were enacted during the British rule. Now they have well served their purpose and they should not be part of Indian Laws. However, they are still alive on the Indian Statute books only to be declared Unconstitutional in many decades of legal proceedings.

Surprisingly, Indian Parliament is not at all interested in passing “Dedicated and Constitutional Laws” in the fields of Privacy, Data Protection (PDF), Unique Identification Cards (Aadhaar), Central Monitoring System (CMS), Telephone Tapping And Surveillance Laws in India, Cyber Security, Cyber Forensics, E-Discovery, E-Governance, E-commerce, etc.

Instead, Parliament has “Abdicated its Duties” and has allowed the Indian Executive to take its role through issuing various “Executive Orders”. For instance, Authorities like Unique Identification Authority of India (UIDAI), National Intelligence Grid (NATGRID), etc are functioning in an “Unconstitutional Manner” simply on the basis of Executive Orders. What is worst is that the Indian Government has been “Luxuriously Spending” the hard earned “Public Money” on these “Unconstitutional Authorities and Projects”.

One such Outdated and Unconstitutional Law that deserves “Immediate Repeal” is the Information Technology Act, 2000.  Another similar Law is the Indian Telegraph Act, 1885 that is the “Biggest Hurdle” for “Judicial Review” of Illegal and Unconstitutional Phone Tapping Directions in India. Collectively Laws like the IT Act, 2000 and Indian Telegraph Act, 1885 and Projects and Authorities like UIDAI, NATGRID, Central Monitoring System (CMS), etc are openly violating the Civil Liberties Protection in Indian Cyberspace.

It is a good time for Indian Parliament to interfere and start functioning as per the “Constitutional Obligations” under the Constitution of India. Why we always need a Tragedy or Street Dharna to push Indian Parliament to pass Crucial Laws in India. Recently, the Lokpal and Lokayuktas Act, 2011 tested the Legitimacy of Indian Parliament. The Indian Parliament was “Force” to pass the Jan Lokpal Law due to present “Political Conditions” and Street Dharnas. This is really unfortunate that our Parliament works only “Under Pressure” and “Civil Disobedience Movements”. At least for a single time, the Parliament of India must act timely and “Repeal and Reenact” the IT Act, 2000 and Indian Telegraph Act.

Indian Banking Regulatory Environment Is Changing But Much Still Has To Be Achieved

Indian Banking Regulatory Environment Is Changing But Much Still Has To Be AchievedReserve Bank of India (RBI) is under great stress these days. Besides managing its own banking objectives and responsibilities, RBI has to analyse and tackle the growing challenges posed by technology to the banking segment of India.

Whether it is ATM frauds, Internet banking frauds, credit card frauds, RTGS frauds or any similar fraud, banks in India are exposed to numerous forms of technical and cyber security vulnerabilities.

Banks are passing the buck to the end customer and the end customer is at loss even if he is an innocent victim. This is the reason why the Code Of Bank’s Commitment to Customers by Banking Codes and Standards Board of India (BCSBI) has been formulated.

Some of the significant developments that have recently taken place in the banking sector of India and that intend to bring banking reforms in India are:

(1) Guidelines on Implementation of Basel III Capital Regulations in India (PDF)

(2) Report of the Working Group of Reserve Bank of India (RBI) on Securing Card Present Transaction (PDF)

(3) Guidelines on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds by Reserve Bank of India (RBI) (PDF)

(4) Report of Reserve Bank of India (RBI) Working Group on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds (PDF)

(5) Code of Bank’s Commitment to Customers by Banking Codes and Standards Board of India (BCSBI) (PDF).

However, the RBI has still not been able to manage the technological issues that keep on surfacing day by day. For instance, RBI has failed to regulate the free and unregulated use of Bitcoins in India. Despite the pressing requirements, RBI has maintained a silence on this crucial aspect. This is giving a negative impression about RBI and Bitcoin exchanges are openly dealing in Bitcoin without actually complying with Indian laws.

Further, the banks in India have also failed to comply with the Internet intermediaries requirements the cyber law due diligence requirements (PDF). Banks in India have also failed to comply with various directions and guidelines issued by RBI vis-à-vis cyber security requirements from time to time.

Privacy And Data Protection Aspects In Indian Cyberspace

PRAVEEN-DALAL-MANAGING-PARTNER-OF-PERRY4LAW-CEO-PTLB1Privacy Protection requirements are important for both Individuals and Organisations alike. There have been many attempts in India to formulate a dedicated Privacy Protection Law in India but all of them have failed so far. Thus, Data Protection Laws in India and Privacy Rights in India are still deriving their legal recognition from scattered provisions under different Indian Legislations.

One area where the Privacy and Data Protection are absolutely missing in India pertains to Cyberspace. Privacy Rights in India in the Information Age are absolutely missing in India. On the contrary there are “Fully Functional E-Surveillance Projects” that are “Actively Violating Privacy Rights” of Indian citizens.

For instance, India has launched Projects like Aadhar, National Intelligence Grid (NATGRID), Crime and Criminal Tracking Network and Systems (CCTNS), National Counter Terrorism Centre (NCTC), Central Monitoring System (CMS), Centre for Communication Security Research and Monitoring (CCSRM), Internet Spy System Network And Traffic Analysis System (NETRA) of India, etc. None of them are governed by any Legal Framework and none of them are under Parliamentary Scrutiny.

This position is not only in active violation of protections conferred under the Constitution of India but they are also violative of the recent United Nations (UN) Draft Resolution on the Right to Privacy in the Digital Age. Of course, a provision has been suggested in the proposed Privacy Law of India that Illegal Phone Tapping in India may attract Rs 2 Crore Penalty.

However, the same is just a proposal as till the Privacy Law is actually brought into force, everything remains on the “Governmental Dreamland”.  Further, the proposed Privacy Law of India is already facing Obstacles laid by the Intelligence Agencies of India. The study titled Lawful Interception- A Mounting Challenge for Service Providers and Government (PDF) provided by Frost and Sullivan has shown that Governments around the world are indulging in Unregulated and Unconstitutional E-Surveillance and Eavesdropping activities.

The status of poor Privacy and Data Protection Legal Environment in India has also been reflected in the Cyber Law Trends and Developments of India 2013 (PDF), Cyber Security Trends and Developments in India 2013 (PDF) and Cyber Forensics Trends and Developments in India 2013 (PDF) provided by Perry4Law and Perry4Law’s Techno Legal Base (PTLB).

India must not only enact dedicated Privacy and Data Protection Laws but it must also formulate E-Surveillance Policy of India and Indian Encryption Policy. As on date the Privacy and Data Protection Aspects in Indian Cyberspace are in really bad shape.

Data Protection Laws In India And Privacy Rights In India

Data Protection Laws In India And Privacy Rights In IndiaData protection and privacy rights are two of the most important rights conferred by any civilized nation. Every individual and organisation has a right to protect and preserve her/its personal, sensitive and commercial data and information. This is more so regarding health information and details that is required to be kept secret by laws like Health Insurance Portability And Accountability Act Of 1996 (PDF) (HIPAA) in United States.

India does not have a dedicated law like HIPPA and presently HIPPA compliances in India are not followed. Similarly, we have no dedicated medical privacy law in India that can safeguard the sensitive health related information of the patients. In short, we have no dedicated data protection laws in India, data privacy laws in India and privacy rights and laws in India.

Of course, we have general laws and some of the provisions of these laws can be applied to data security, data protection and privacy protection in India. However, that is a temporary solution and in the long run we need dedicated privacy rights, privacy laws and data protection laws in India.

Further, in this information technology era a special attention must be paid to the privacy rights in India in the information age. We believe that data protection requirements are essential part of civil liberties protection in cyberspace. With the growing use of information and communication technology (ICT), data protection requirement has become very important. It would not be wrong to assume privacy and data protection rights as integral part of human rights protection in cyberspace.

However, despite the importance of these fields, till now we lack legal frameworks in the fields of data security, data protection and privacy protection. We urgently need to formulate data protection law in India and privacy laws in India.

At the policy level as well privacy rights and data protection rights have been ignored in India. In fact, an Indian national privacy policy is missing till now. Even legislative efforts in this regard are not adequate in India. A national privacy policy of India is urgently required.

A right to privacy bill of India 2011 has been suggested in the year 2011 yet till January 2014 we do not have any conclusive draft in this regard that can be introduced in the Parliament of India. In fact, we are still waiting for a public disclosure of final and conclusive proposed draft right to privacy bill 2011 of India that can be discussed in the Parliament.

The ball is again in the court of judiciary and it has to play a pro active role once again. The Supreme Court of India must expand privacy rights in India as that is the need of hour. Fortunately, the issue is already pending before it and there would not be much trouble in formulating a privacy framework for India.

However, in the ultimate analysis, it is the constitutional duty of Indian Parliament to do the needful in this direction. Indian Parliament must enact sound and effective privacy and data protection laws for India as soon as possible.

Let us hope that the Data Protection Laws in India and Privacy Rights in India (PDF) would be drafted by Indian Parliament very soon.