Saturday, January 21, 2012

Legal Actions Against Offending Foreign Websites In India

Websites based in foreign jurisdictions are engaging in various forms of illegal activities that are offences under Indian laws. For instance, they are openly violating intellectual property rights (IPRs) like copyright of Indian nationals. When these foreign websites are contacted to remove the offending contents, they simply ask you to follow foreign law procedures that are neither practical nor effective for an Indian national.

Take another example. A foreign website is openly hosting defamatory remarks as per Indian laws against you. You request the website to remove the same and the same are still not removed.

Another common example is hosting and publication of pornographic and obscene contents upon a platform or website. Even worst is the case when a morphed photograph of a female member of your family is posted on such platform. You contact the website to remove the same but they never listen to you.

Even worst case is the illegal sales of drugs and medicines online without a prescription slip. Many prohibited medicines are sold in countries through websites in clear disregard of local laws.

Another example may be of offering illegal sex determination tests through websites. Many countries of the world prohibit such testing and India is one of them.

These are some of the examples where day to day lives are affected by culpable conducts in an online environment. Many believe that no effective actions can be taken against such foreign websites in India. However, this is not true.

Under the cyber law of India, appropriate legal actions can be taken against such foreign websites if they have sufficient connection or nexus with Indian jurisdiction. Although an international cyber law treaty is required to being uniformity in legal frameworks yet till such time local laws of India and foreign laws can be invoked to get appropriate remedy.

Further, if nothing works, blocking of such offending websites in India can be undertaken. It would be wrong to suggest that such websites cannot be blocked in India by a court order or through an order of department of information technology, India.

India must formulate appropriate laws or regulations to make such offending foreign websites liable under Indian laws. Further, special regulations for their subsidiaries operating in India must be made so that they cannot do more business than as mentioned in such regulations. A sound tax framework for such subsidiaries must be formulated so that there cannot be any case of tax evasion and tax manipulations by such subsidiaries.

Monday, January 16, 2012

Cyber Law Trends Of India 2012

The cyber law trends of India 2011 were provided by Perry4Law and Perry4Law Techno Legal Base (PTLB). This trend covered many techno legal issues that are of tremendous importance to various stakeholders. However, it seems various stakeholders have still not taken issues like cyber law, cyber security, cyber due diligence, e-discovery, social media due diligence, etc seriously.

The year 2012 would be even more challenging for various stakeholders in India and world wide. This is more so for US based companies and websites that are increasingly involved in various conflict of laws issues with India. Some of the issues that may be challenging of various stakeholders in 2012 include legal issues of cyber security, privacy and data protection requirements, cloud computing security and privacy issues, e-surveillance and Internet censorship issues, cyber due diligence requirements, social media due diligence, data privacy laws, online IP violations including copyright violations issues, etc.

The cyber law due diligence in India struck the first blow in the year 2012. Companies like Google, Yahoo, Microsoft, Facebook, etc are already facing criminal prosecution under the cyber law of India and other criminal laws. So serious is the situation that the executives of parent companies of these companies have been summoned to personally appear before Indian court.

Further, online copyright violations by US websites are also testing the effectiveness of US laws vis-à-vis foreign IP rights enforcement. Many websites in US are talking advantage of the conflict of laws and hide behind US laws to escape copyright violation liabilities. In fact, the US copyright office is trying to streamline the Digital Millennium Copyright Act (DMCA) 1998 requirements pertaining to DMCA agents so that safe harbour protection cannot be misused by US based websites.

Perry4Law and PTLB believe that the year 2012 would bring many techno legal challenges in the fields like cyber law, cyber security, e-discovery, cyber law due diligence, online IP enforcements, etc. Further, new fields like e-legal due diligence and technological legal due diligence in India would also assume significance. It would be a good idea to formulate suitable policies in this regard by various stakeholders.

US Companies, India, Conflict Of Laws And Criminal Liabilities

Companies like Google, Microsoft, Yahoo, etc and social media websites like Facebook, etc are currently facing criminal trail in India for not removing objectionable contents from their respective websites.

According to cyber law of India and laws of other jurisdiction, the safe harbour protection of Internet intermediaries is lost the moment they are notified of the offending act or omission. However, till they are notified regarding offending contents, they are not liable for violations committed by their users.

However, US companies are not following Indian laws and they are insisting upon following of US laws even if Indian laws are clearly violated. For instance, websites located in US are openly violating the copyright of Indian websites and when they are contacted in this regard to remove the copyright violating posts they ask Indians to use US laws like Digital Millennium Copyright Act (DMCA) 1998.

Surprisingly, even if these US companies are informed in writing and with relevant information like weblinks of copyright violating posts and copyright subsisting posts, they still insist upon following of DMCA procedure. What is more frustrating is that a majority of these US websites and companies are themselves not following the requirements of DMCA and hence are not entitled to its safe harbour protection.

Even in the case of cyber laws, US companies are applying US standards and are not following Indian standards. This is a classic situation that is occurring due to conflict of laws. This is also the reason why an international cyber law treaty is required to being harmonious application of cyber law principles.

US need to change its policy regarding enforcement of foreign IP rights and cyber laws. By not respecting the laws of other countries, US websites and companies are imposing laws like SOPA and PIPA upon themselves. Further, companies like Google must pay special attention as they are deriving revenue out of online advertisements placed upon such copyright violating posts. This makes them not only a beneficiary but also liable for damages in appropriate cases.

Companies like Microsoft, Yahoo, Google and Facebook are facing prosecution under the Indian cyber law. Further, if we analyse the cyber law trends in India of 2012 and cyber security trends of India 2012, such prosecutions are going to increase further in future. Insisting upon following of US laws to take action against offenders and websites located in US would not serve any purpose if branches or subsidiaries of such companies are located in India. Further, if such websites and companies fail to comply with Indian laws, Indian government can block such foreign websites in India.

The present litigation before Indian courts is just a beginning and US companies and websites must start respecting Indian laws. If cyber crimes are committed with great disregard to Indian laws and the copyright and other IP rights are openly violated by such companies and websites, their prosecution in India is inevitable. Perry4Law and Perry4Law Techno Legal Base (PTLB) strongly recommend that such foreign companies and websites must ensure cyber due diligence in India to escape various civil, criminal and financial obligations.

Why Vinay Rai Did Not Contact The Concerned Websites?

Vinay Rai, the person behind criminal complaint against social media websites and companies like Facebook and Google, has become instrumental in testing the internet intermediary law of India. Presently, Google and Facebook are gripped in the Indian cyber law tangle.

To make the matter worst, not only the executives of parent companies have been personally summoned by the trial court but it has also been proved that Google and Facebook are beneficiaries of the revenue arising out of offending contents. This may make even the subsidiary companies of Google and Facebook liable for violation of Indian laws.

It is not the case that these companies have not protested in the past against the provisions of the Indian laws. For instance, Yahoo had filed a petition raising the questions regarding the right to privacy of a company that stores sensitive data of its customers and users and to what extent Indian authorities can coerce it to part with the information considered necessary to either track terror perpetrators or thwart future attacks.

The Google’s outcry for lack of Internet intermediary law in India is another example of growing dissatisfaction towards Indian cyber laws, especially Internet intermediary laws and social media laws of India. But the same has come too late and is too insignificant at this stage.

However, in this entire episode one thing is simply not understandable. Why Vinay Rai did not contact the concerned websites and brought to their knowledge about the offending contents? As per Vinay he did not deem it appropriate to approach foreign companies himself. Rather he thought it fit to invoke the governmental machinery to get appropriate remedy.

Surprisingly, he has been pursuing this matter with the information technology ministry for over a year now. The ministry took no action despite constant reminders and follow ups from his end. It was only two to three months ago that the ministry held an internal meeting on the issue and ordered enquiry.

It seems both Vinay Rai and our IT ministry are guilty of not taking appropriate steps in this regard. Clearly, Vinay Rai did not approach these companies and informed them about the offending contents. Now the only question that remains to be seen is whether the IT ministry has also not contacted these companies in this regard?

If even the IT ministry has not intimated these companies “appropriately”, then this may be as serious lapse on the part of Indian government. In such a situation companies like Google, Facebook, etc cannot be held liable for offensive contents posted by the users. Only time would tell what was communicated and what was not and who is responsible and who is not.

Corruption And Technology Related Due Diligences In India

The recent spate of corruption related disclosures in India has sent a strong message to Indian and foreign companies to ensure that their business are strictly in compliance with Indian and foreign laws. Naturally, companies that have entered into merger and acquisitions (M&A) in the past are now looking forward to ensure that nothing fishy happened during such M & A transactions.

These Indian and foreign companies are worried about the potential legal and tax liabilities arising out of various scams and corporate frauds and they are engaging law firms to do a due diligence analysis on the M&As or foreign direct investments (FDIs) they’ve made in India. Law firms are carrying out legal due diligence exercises to detect any loopholes that could result in liabilities on behalf of their clients to avoid litigation possibilities arising out of deals done in the past.

Some multinational companies are also doing legal due diligence to ensure that the Indian subsidiaries and companies they are about to invest or have already invested in are complying with the foreign laws like Foreign Corrupt Practices Act (FCPA) 1977 of the US and the UK Bribery Act 2010.

Even companies that are now exploring the possibility of M&A are taking precautions before entering into such partnerships. While there is no particular department for dealing with all the aspects of corporate business at a single place (Ministry of Corporate Affairs deals with corporate matters) yet department of information technology (DIT) is the chief department that deals with technology related issues. These include cyber law, cyber security, e-commerce, e-governance, spectrum allocation, telecom licensing, etc.

However, till now companies were not very cautious in their dealings in cyberspace and technology related fields. The information technology act 2000 (IT Act 2000) is the cyber law of India that prescribes various cyber law due diligence in India for areas like e-commerce, e-governance, Internet intermediary liability in India, social media due diligence in India, etc.

However, companies are in controversy these days in India. For instance, doubts have been raised regarding the manner in which Reliance and Airtel blocked websites in India. Similarly, some have even suggested that DIT must investigate the case of blocking of websites in India by Reliance, Airtel and other Internet service providers (ISPs).

Similarly, companies like Google, Facebook, etc are already in cyber law legal tangle in India. Indian government is claiming that these companies failed to comply with Indian laws, including cyber law of India. While the guilt or innocence of these companies is still to be established yet this episode has shown the importance of cyber due diligence for Indian companies.

Cyber crimes at social media websites in India are increasing and these social media platforms cannot ignore the same especially once they are made aware of the same. The social media websites investigation in India is going to increase and more and more e-discovery for social media in India would be conducted. Even cyber law due diligence for banks in India is going to increase.

Another area that requires a special mention is the contemporary practice known as e-legal due diligence in India. This requires domain specific techno legal expertise and a sound knowledge of both technical and legal aspects. It is an advanced and improved form of traditional legal due diligence in India that is done in an offline environment. With companies now shifting their data and information to data centers and virtual data rooms (VDRs), e-legal due diligence in India and abroad would be the norm.

Perry4Law and Perry4Law Techno Legal Base (PTLB) strongly recommend that Indian and foreign companies must conduct a thorough corruption and technology related due diligence analysis in India as soon as possible.

Thursday, January 12, 2012

India Must Stress Upon International Cyber Law Treaty

United States (US) has been working in the direction of making laws that are primarily targeted towards foreign websites. This means that foreign websites that are indulging in unethical behaviours like cyber crimes, intellectual property rights (IPRs) violations, etc can be forced to be taken down or blocked in US by US government.

While this is a policy decision of US that has been widely criticised yet very few have raised points regarding violations of IPRs by US companies of foreign nationals. For instance, if an Indian has to inform a US website of copyright violation, he has to essentially follow the provisions of Digital Millennium Copyright Act (DMCA) 1998. In fact, even those US websites that are themselves not following DMCA and are not entitled to “safe harbour” provisions are insisting upon DMCA notices.

Clearly, US policy towards IP violations of foreign nationals needs to be revised. On the contrary laws like Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act of 2011 (PIPA) and the "Stop Online Piracy Act (SOPA) has also been proposed. They target foreign nationals and websites with almost no additional liabilities for US websites and citizens. Clearly, US websites and companies are forcing US and other nations to enact laws like SOPA and PIPA by not taking down IPRs violating materials.

If the attitude of US websites and companies is not changed other countries may also consider enacting draconian laws like SOPA and PIPA. In the absence of reciprocal arrangement between US and India, the least India can do to prevent cyber crimes against and IPRs violation of Indian citizens is to block websites that engage in such activities. This is more so for those websites and Internet intermediaries that deliberately ignore compliances of Indian laws.

While laws like SOPA and PIPA are targeting foreign websites including Indian websites yet the foreign websites, including US websites, are not complying with Indian cyber law and copyright law. The Indian Copyright Act, 1957 and Indian Information technology Act, 2000 prescribes various civil, criminal and administrative penalties that are presently not implantable against such foreign websites. India must seriously discuss this issue with US as this also amounts to non compliance of the provisions of Trade-Related Aspects of Intellectual Property Rights Agreement (TRIPS Agreement).

The real problem in this regard seems to be that there is no International cyber law treaty that is universally followed. Different countries have different cyber laws and this result in confusion and non enforcement. Even there is no international cyber security treaty that can be followed globally. International cyber law treaty and Indian role cannot be underestimated in this regard.

India must stress upon formulation of an international cyber law treaty to safeguard the interests of its own citizens as countries like US are doing in the absence of mutual cooperation.

Wednesday, January 11, 2012

Electronic Authentication Policy Of India

Electronic authentication (e-authentication) is a very useful service provided it is safe, secure and reliable. Similarly, e-authentication must also be supported by a sound legal framework that governs its uses and abuses.

We have no e-authentication policy in India. Even we have no legal framework for e-authentication in India. Although some efforts in this regard were made through the Aadhar project of India yet the very constitution and functioning of Aadhar project is unconstitutional. For some strange reasons, the unique identification authority of India (UIDAI), which is managing the Aadhar project, thinks that it is above constitution of India. This attitude of Aadhar and UIDAI has brought it to a stage where it is about to be scrapped.

So as on date we have no legal framework for e-authentication in India, no authority that can deal with e-authentication in India and no policy framework for e-authentication in India that has been implemented at the national level. If this is not enough, we have no encryption usage policy of India that can ensure cyber security of e-authentication in India.

If both cyber security in India and use of encryption in India are missing, the credibility of any e-authentication system is in great doubt. Possibility of data breaches and cyber attacks cannot be ruled out. Securing of critical national infrastructure of India from cyber attacks has still not achieved and introducing an e-authentication system without robust cyber security is not a wise move.

The cyber security trends in India 2011 by Perry4Law Techno Legal Base (PTLB) indicate that cyber security in India is still ignored by various stakeholders. Whether it is banks or strategic computers of Indian government, all of them have proved to be vulnerable to cyber attacks.

E-authentication is also useful for providing mobile banking services in India. Cyber security of Internet banking in India is still poor and e-banking risks in India are abundant. Mobile banking cyber security in India is still to be established before it can be explored in India.

E-authentication cannot succeed in India till we take care of various techno legal policy issues. Without removing various obstacle of e-authentication, using the same in India would create more problem than solutions providing.

Sunday, January 8, 2012

Mobile Banking Cyber Security In India

Mobile Banking is the buzz word these days. While the idea of mobile banking is promising yet it requires certain prerequisites to be successful in India. The chief among these requirements is the requirement to have a robust cyber security for mobile banking in India.

Cyber security in India in general and cyber security for online banking transactions in particular is not in good shape. The Cyber security trends in India 2011 also reflected this position. Mobile banking in India is still not popular due to various factors. For instance, e-banking in India is not safe, Internet banking cyber security in India is missing and online banking in India is not safe. In these circumstances, mobile banking in India is risky due to absence of mobile cyber security in India.

Even the Reserve Bank of India (RBI) is aware of this situation. RBI constituted a working group on information security to ensure cyber security among Indian banks. As per RBI’s recommendations, all banks should create a position of chief information officers (CIOs) as well as steering committees on information security at the board level at the earliest.

However, banks of India have shown no willingness to incorporate cyber security into their day to day functions. Till now the directions of RBI to appoint CIOs and steering committee has not been followed by banks of India. The recommendations of the RBI have still not been implemented.

Naturally, Indian banks are poor at developing cyber security policies and implementing the same. Banks of India are also not providing positive confirmation to the originator of NEFT transactions. When basic level aspects are missing, incorporating cyber security in the day to day transactions of banks in India is really difficult. In these circumstances, the decision of RBI to remove financial limits from mobile banking transaction in India can be a trouble than facility. Hopefully, the proposed integrated banking law of India would address all these issues.

However, Indian banks cannot afford to ignore one aspect. The cyber law in India has prescribed cyber law due diligence for various stakeholders. Cyber due diligence for banks in India is just a part of the same. Cyber due diligence for Indian companies including banks operating in India is very stringent. If these due diligence requirements are not followed by Indian banks, civil, criminal and financial penalties can occur.

Cyber security for banking and financial sectors of India is urgently required as they perform very crucial functions. RBI must ensure the same by getting its directions strictly enforced as soon as possible.

Electronic Filing Of Consumer Complaints In India

The use of information and communication technology (ICT) for justice delivery system is well known. Even use of ICT for judicial and legal reforms in India is well understood. The role of ICT for effective judicial system in India is though well known yet very few efforts in this regard have been undertaken in India.

One can understand this position from the fact that till now we are still waiting for the establishment of first e-court in India. Even we have a single techno legal e-courts training and consultancy centre in India. Similarly, online dispute resolution in India is still a distant dream.

However, India cannot remain aloof for long in this regard. The information technology act, 2000 (IT Act 2000) already carries non enforceable e-governance provisions and with the proposed electronic delivery of services bill 2011 of India this e-governance mandate is going to be little bit more enforceable.

In fact, positive developments in this regard have already taking a shape in India. For instance, the financial limits of mobile banking transactions in India have been removed to give better options of banking in India. Similarly, SEBI is contemplating electronic initial public offer (EIPO) in India. Even Indian judiciary is exploring the possibility of using an electronic bail communication system in India. Through the proposed Cable TV Networks (Regulation) Second Amendment Bill 2011 of India, digital television services would be offered to consumers at affordable prices and with superior quality.

In a latest development in this direction, electronic filing of consumer complaints would be allowed if the proposed consumer protection (amendment) bill 2011 is made an enforceable law. The proposed amendment has made provision for making of a complaint by electronic form also to the District Forum.

This is a positive development and it would help in expanding consumer protection in India. However, there are many techno legal issues that must also be adhered to before e-filing of consumer complaints in India is made fully operational. But these issues would be sorted out with the passage of time.

Friday, January 6, 2012

Critical Infrastructure Protection (CIP) And Homeland Security (HS) In India

World over critical infrastructure protection (CIP) and homeland security (HS) are considered as top priority areas. This is logical as well since both CIP and HS are important parts of national security of any nation.

With the growing use and dependence upon information and communication technology (ICT), nations are focusing upon ensuring robust cyber security. The international cyber security policy framework and Indian response to the same are proof of the same. In fact, India is considering use of public private partnership (PPP) for internal security of India. Although India is also considering working in the direction of cyber security yet its speed and efforts in this direction are slower as compared to international cyber security standards and efforts.

Cyber security in India is not what is required. As per the cyber security trends in India 2011 by Perry4Law Techno Legal Base (PTLB), cyber security expertise and practices adopted in India are neither adequate nor qualitative. There is an urgent need to strengthen the cyber security mechanisms of various stakeholders in India.

Homeland security in India needs to be strengthened. In fact, India US homeland security dialogue has already been initiated. Homeland security and cyber security market in India is growing. In fact, Microsoft and Symantec are exploring the cyber security market of India. European Union (EU) has also invited India to participate in a mega cyber security and cyber crime project.

Critical national infrastructure security in India needs to be strengthened. Highly sophisticated malware like Duqu, Stuxnet, etc targeted India in the year 2011 and India is still investigating the Duqu malware. Indian nuclear facilities, automated power grids, satellites, defense networks, governmental informatics infrastructures, etc are vulnerable to sophisticated cyber attacks. It is still not clear whether Indian satellites are safe from cyber attacks.

Supervisory control and data acquisition (SCADA) is another area of concern. Cyber protection of SCADA systems in India must also be ensured. Similarly, Indian defense and security against cyber warfare needs to be developed so that cyber attacks against India can be thwarted. A good cyber security policy in India must be formulated that must include a critical ICT infrastructure protection policy of India as well. Similarly, effective legal and policy framework for cyber security must also be created in India.

Although there are numerous aspects of Cyber Security Policy of India yet Critical Infrastructure Protection in India and Critical ICT Infrastructure Protection in India are the most important aspects of the same. Similarly, cyber law of India must also be strengthened to effectuate cyber security in India. Hopefully Indian government would consider these aspects this year.

Wednesday, January 4, 2012

Social Media Websites Investigation In India

Social media websites have become ubiquitous these days. Ask any Internet using person or organisations and he/it would tell you about usage of some form of social media websites. Social media is not only helpful in projecting own policies, thoughts and ideas but is also helpful in exploring new ventures and partnerships.

However, abuses of social media are also rampant. Social media is occasionally used for committing various cyber crimes and cyber contraventions. Although we have no dedicated social media laws in India yet the information technology act, 2000 (IT Act 2000), the cyber law of India, carries some provisions in this regard. These provisions have mandated social media due diligence in India for these platforms.

Further the cyber law of India has also prescribed an Internet intermediary liability in India. According to this liability social media websites in India are required to observe due diligence in order to escape civil and criminal sanctions.

The cyber law due diligence in India has now become well established and companies, social media websites and Internet intermediaries cannot take it lightly. However, this has not restrained the cyber criminals to use social media websites for criminal purposes. Even in many cases these social media websites fail to observe due diligence especially when they have actual knowledge of the offending act. This has resulted in an increased prosecution of social media websites in India.

The prosecution of social media websites in India is going to increase tremendously if they keep on ignoring the cyber law of India. Presently, the cyber crimes investigation in India is not upto the mark and this in many cases result in non prosecution of the offenders. With the growth of e-discovery in India and cyber forensics in India more prosecution of social media websites would be witnessed. E-discovery for social media in India is going to increase as the social networking laws in India are pointing towards this direction.

In short, cyber due diligence for Indian companies is increasingly being enforced and social media websites are no exception to this rule. Social media websites investigation in India is going to increase in future and these platforms must be well prepared to deal with this same.

In their own interest, social media websites must not only meet the cyber due diligence requirements but must also ensure e-discovery compliances so that social media websites investigation can be facilitated and they can defend themselves more appropriately in various court cases and quasi judicial forums.

Tuesday, January 3, 2012

Internet Access Is A Human Right But Is It Useful?

Civil liberties are essential for the sustainable growth of human beings. A country that does not respect civil liberties cannot be a democratic and civilised nation. This is the reason why we have human rights that are protected by United Nations and respective country.

However, civil liberties protections in cyberspace are still ignored for unknown reasons. It may be due to lack of knowledge and expertise regarding cyberspace or because nations do not wish to extend the human rights protection to the same.

Fortunately some good steps in this regard have been taken by international community especially the European Council. The European Council is stressing upon protecting human rights in cyberspace and civil liberties protection in cyberspace. The European Council has also issued a resolution in this regard that deals with prohibition of abuse of state secrecy and national security for violating civil liberties. It has also expressed concerns regarding cyber attacks and political pressures upon cyber dissidents.

The United Nations must also work in the direction of defending human rights in cyberspace. Recently, UN declared that access to Internet is a basic human right. This is a good step in right direction. However, the efforts of United Nations regarding cyber laws and human rights in cyberspace need to be further expedited as they are slow in nature. An international cyber law treaty must be formulated by UN that must address the issues like freedom of speech and expression, Internet censorship, websites blocking, Internet kill switch, access to Internet, etc.

At the national level, India is desperate to control information technology. It has been forcing Internet intermediaries like Google and Facebook to pre screen and censor users contents. Blogs are manipulated in India to suppress critical issues that have been reported by few. The mainstream media is already not covering sensitive and controversial topics and even if some bold bloggers dare to do so they face censorship and penalties by various social media platforms like Google and Facebook. Manual action censorship by Google is very common regarding controversial posts and blogs that disappear instantly. Similarly, blocking of accounts by Facebook is also very common.

If access to Internet has been declared a human right by UN there is no sense in limiting it to mere access. What is the purpose of such Internet access if Internet censorship and websites blocking are deployed by states? If a citizen has access to Internet but her posts are deleted or censored the whole purpose is defeated. It seems UN has failed to consider this aspect of Internet access that has defeated the protection it has extended.

Civil Liberties Protection In Cyberspace

Protection of civil liberties in cyberspace is an area that has been ignored for long. Even international organisations like United Nations have not taken many steps in this crucial direction. This has also resulted in a limited growth of human rights protection in cyberspace in both public international law as well as private international law.

When totalitarian and orwellian states started blocking access to Internet altogether through mechanisms like Internet kill switch (IKS), Internet censorship, websites blocking, blocking of social media websites, etc, United Nations decided to step in. UN declared that access to Internet is basic human right.

Through a UN’s May 2011 report on freedom of expression on the internet, UN reminded parties to the International Covenant on Civil and Political Rights that they must uphold their obligation under Article 19 of that Covenant. Article 19 mandates that any limitation on the right to freedom of expression has to pass a three-part cumulative test that is designed to ensure the limitations are done in the least restrictive way and reflect a clear national security threat. Although existing principles of international law apply online, just as they do offline, yet states are not following this norm in reality.

Thus, this declaration of UN has provided only a very limited standing to individuals and organisations to challenge actions of states that violate civil liberties protection in cyberspace. Further, although this declaration of UN may bring some respite in the regime of public international law yet private international law is still untouched and protected from this declaration.

States are still engaging in endemic e-surveillance activities world over. Even worst is the fact that they are actively enacting laws that goes against the very concept of civil liberties protection in cyberspace. Civil liberties like privacy rights, data security, data protection, speech and expression, etc are at grave risks in such circumstances. Till UN comes up with an international legal framework in this regard that can harmonise laws across the world not much can be expected from individual states.

An international cyber law treaty must be formulated of which the states should become parties and signatories. Civil liberties protection in cyberspace cannot be achieved till rights and obligations of various nations are demarcated in such treaty. Till then nations would keep on indulging in civil liberties violations in cyberspace.

Monday, January 2, 2012

Electronic Legal Due Diligence In India

Legal due diligence in India is not a new concept. Legal due diligence involves assessing the suitability, efficiency and viability of a company or organisation. Legal due diligence may be required to meet statutory and regulatory requirements or it may be necessary when a company wishes to invest in another company.

A contemporary form of legal due diligence, especially for companies and individuals engaged in information and communication technology (ICT) related services, is known as cyber due diligence. Cyber law due diligence in India has become mandatory due to the stringent nature of cyber law of India. In fact, cyber due diligence for companies in India and cyber due diligence for banks in India has already been prescribed. Similarly, cyber security due diligence in India is also becoming a must to have requirement.

Securities and Exchange Board of India (SEBI) is planning to use electronic initial public offer (IPO) in India. Foreign investments in pharmaceutical in India has been liberalised by Reserve Bank of India. Similarly, foreign direct investment (FDI) in India has also been liberalised in many crucial areas. Naturally, lots of investments, IPOs, private equity funds exchange and many more collaborative and cooperative activities would take place in India in the year 2012.

These developments would also make legal due diligence necessary. However, the traditional legal due diligence procedure relies heavily upon paper based documents and transaction. A better option is to engage in electronic legal due diligence in India (e-legal due diligence in India). The e-legal due diligence in India is cost effective, timely and efficient. It also can provide the best possible results for legal due diligence purposes.

Even legal frameworks are in the process of being established to accommodate these contemporary changes. For instance, the electronic delivery of services bill 2011 (EDS Bill 2011) has been proposed by Indian government that would make electronic delivery of services in India an acceptable norm.

Similarly, existing legal frameworks also facilitates digital preservation in India, e-governance, e-commerce, etc that would also require e-legal due diligence in India. The public records keeping framework of India requires keeping of public records that very few organisations in India are doing. Of course, public records keeping framework of RBI is an exception in this regard. Public records are also required to be maintained by the information technology act 2000 and right to information act 2005 of India.

All these requirements of public records keeping and e-legal due diligence in India can be managed by establishing virtual data rooms (VDRs). Many leading companies are already using VDRs to ensure legal due diligence in a smooth and efficient manner. With VDRs thousands of pages of content can be made available in just 24hrs or less. VDRs provide a secure and highly efficient method for sharing critical business information for electronic due diligence in merger and acquisition (M&A) advisory, IPO and secondary offerings, asset purchases, venture capital due diligence, bio tech licensing, commercial and corporate real estate ventures, financial restructuring, preparing for exit strategies, and many other transactions that require large amounts of document sharing.

Further, e-legal due diligence in India would also ensure that electronic discovery (e-discovery) requirements in India are duly met whenever needed. E-discovery services in India would be required in near future in India and e-legal due diligence can greatly facilitate the same. Individuals and companies must start exploring using e-legal due diligence as soon as possible for greater benefits of their own.

Internet Access Is A Fundamental Human Right In Cyberspace

Civil liberties protection in cyberspace has taken a centre stage these days. International community is getting serious in protecting valuable civil liberties that are openly violated by various nations. For instance, the Council of Europe issues a resolution that prohibits abuse of state secrecy and national security for violating civil liberties. Similarly, United Nations has also declared that access to Internet is a basic human right that cannot be taken away by national governments.

A few years back talking about human rights in cyberspace generated skeptic reactions. Things have not changed much even today but at least now we know that human rights can be extended to cyberspace. For instance, blanket e-surveillance, Internet censorship and websites blocking cannot be adopted lest human rights are absolutely ignored. The cyber law trends in India 2011 have shown that India has performed poorly on all these front. In fact, India is acting desperately to control technology.

At Perry4Law Techno Legal Base (PTLB) we have been supporting the efforts that can ensure recognition of human rights in cyberspace at both national and international level. At the national level, India is still not ready and willing to recognise human rights in cyberspace. At the international level, part of human rights in cyberspace has started gaining importance.

For instance, the United Nations (UN) has declared that right to access to Internet is a human right. Similarly, Organisation for Security and Cooperation in Europe (OSCE) has also supported this stand of UN through a recently released report.

The report has analysed the first ever of state regulations on Internet access within the 56-member OSCE. Finland and Estonia have already declared access to Internet as a human right and this is a good step in right direction. PTLB welcomes these reformative actions of Finland and Estonia.

Countries around the world are restricting human rights in cyberspace by citing national security, sovereignty, law and order and many such grounds. While none can doubt that national security is an important function of a sovereign state yet there must be a harmony between national security and human rights.

Giving a blind and absolute primacy to national security even if clearly means violating basic human rights is not a wise approach for a welfare state like India. We hope Indian government would consider empowering Indian netizens by recognising and strengthening their human rights in cyberspace.

Abuse Of State Secrecy And National Security: Obstacles To Parliamentary And Judicial Scrutiny Of Human Rights Violations

The Council of Europe has issued many important and far reaching resolutions and notifications in the year 2011. One such important resolution is titled as abuse of state secrecy and national security: obstacles to parliamentary and judicial scrutiny of human rights violations. This is in addition to the concerns shown by the European Council regarding cyber attacks and political pressures upon cyber dissidents. It seems European Council is stressing upon protecting human rights in cyberspace and civil liberties protection in cyberspace.

This also shows that the international community is getting serious about protection of civil liberties in cyberspace. For instance, the connection between United Nations and human rights in cyberspace is also well known where UN declared that access to Internet is a basic human right. However, the efforts of United Nations regarding cyber laws and human rights in cyberspace need to be further expedited as they are slow in nature.

As far as India is concerned the situation is really alarming. Law enforcement and intelligence agencies of India are practically working with no legal framework. Parliamentary scrutiny of law enforcement and intelligence agencies of India is still missing. Although draft bills for central bureau of investigation (CBI) and intelligence agencies of India were made, they were never considered by Indian parliament. Till now agencies like CBI, research and analysis wing (RAW), etc are working with no constitutionally sound law governing their operations.

Further, numerous e-surveillance oriented projects like Aadhar, national intelligence grid (Natgrid), central monitoring system (CMS), national counter terrorism centre (NCTC), crime and criminals tracking and networks system (CCTNS), etc have been launched without any legal framework and parliamentary scrutiny. Phone tapping in India is also not done in a constitutional manner. E-surveillance in India and Internet censorship in India has also increased a lot. Clearly, parliament has failed to address abuses of state secrecy and national security powers in India.

Even judicial scrutiny of e-surveillance and Internet censorship issues in India is not up to the mark. Fortunately, the Supreme Court of India is dealing with privacy violations through illegal phone tapping in India. While doing so the Supreme Court has observed that with the present state of technology used in India by law enforcement agencies and private individuals, privacy rights of Indians are at grave risk. The Supreme Court also recommended reformation of official secrets act of India keeping in mind the contemporary requirements and environment. This is a good sign but the Supreme Court of India must expedite these matters as they have been pending for long.

Parliamentary oversight and judicial scrutiny are the twin safeguards that can prevent excessive abuse of state secrecy and national security powers in India. Unfortunately, presently both of them are missing and this has resulted in an intelligence mess in India. Further, India is desperate to control technology rather utilising it.

We need dedicated and separate privacy laws, data privacy laws and data protection laws in India to tackle state abuse of its sovereign powers. The sooner these procedural and constitutional safeguards are adopted in India the better it would be for the larger interest of India.

Council of Europe’s Draft Resolution On Abuse Of State Secrecy And National Security

In this “Guest Column”, Praveen Dalal, Managing Partner of Perry4Law has examined one of the most important resolutions of Council of Europe. It is titled abuse of state secrecy and national security: obstacles to parliamentary and judicial scrutiny of human rights violations.

Recently European Council had also shown its concern regarding cyber attacks and political pressures upon cyber dissidents. It seems European Council is very serious in protecting human rights in cyberspace and civil liberties protection in cyberspace.

National Security and National Secrets are two of the most common “Excuses” given by the Nations to bypass Constitutional and Human Rights Protections. Civil Liberties are blatantly violated under the garb of exercising powers under these two issues.

India is no exception to this rule as Laws like Indian Telegraph Act, 1885, Official Secrets Act, 1923 etc are frequently used in clear contraventions of Constitution of India, Right to Information Act, 2005 and similar Laws.

Unconstitutional Phone Tapping is the example of former Law whereas Non Disclosure of relevant and essential information under an RTI Application is the example of latter. Even the Supreme Court of India has shown its “Displeasure” with both the Laws.

While “Guidelines” for prevention of “Unauthorised Phone Tapping” have been provided by Supreme Court to cover the deficiencies of the former Law, yet it has suggested “Repealing” of the latter. However, Indian Parliament is least bothered about formulating “Essential Laws” and the Executive has made India an “Endemic E-Surveillance Society”.

This E-Surveillance Model of Indian Government is just “Harassing” the law Abiding Citizens of India and Cyber Criminals and Terrorists are still successfully giving effect to their nefarious activities. It is high time for the Indian Supreme Court to take note of this “Constitutional Anomaly”.

The Council of Europe has released a Resolution titled “Abuse of State Secrecy and National Security: Obstacles to Parliamentary and Judicial Scrutiny of Human Rights Violations”. It reads as follows:

1. The Assembly considers that judicial and parliamentary scrutiny of government and its agents is of vital importance for the rule of law and democracy. This also applies especially to so-called special services whose activities are usually kept secret. Security and intelligence services, the need for which cannot be put into doubt, must nonetheless not become a “state within the state”, exempted from accountability for their actions. Such lack of accountability leads to a dangerous culture of impunity, which undermines the very foundations of democratic institutions.

2. In combating terrorism, governments are increasingly invoking “state secrecy” or “national security” in order to ward off parliamentary or judicial scrutiny of their actions.

3. In some countries, in particular the United States, the notion of state secrecy is used to shield agents of the executive from prosecution for serious criminal offences such as abduction and torture, or to stop victims from suing for compensation. The United States also refused to co-operate, in particular, with the judicial authorities of Germany, Lithuania and Poland in the criminal investigations launched in those countries in view of numerous elements of proof of abductions, secret detentions and illegal transfers of detainees (see Resolution 1507 and Recommendation 1754 (2006) and Resolution 1562 and Recommendation 1801 (2007) of the Assembly).

4. The Assembly recognises the need for states to ensure effective protection of secrets affecting national security. But it considers that information concerning the responsibility of state agents who have committed serious human rights violations, such as murder, enforced disappearance, torture or abduction, should not be subject to secrecy provisions. Such information should not be shielded from judicial or parliamentary scrutiny under the guise of “state secrecy”.

5. The Assembly believes that there is no reason why judicial and parliamentary institutions should be less trusted than state executive bodies and their agents where the protection of legitimate secrets is concerned. As Canada demonstrated in the Maher Arar case, it is possible to put in place special procedures for the supervision of the activities of the special services guaranteeing both the adequate protection of legitimate state secrets and the protection of fundamental rights and freedoms.

6. Parliamentary supervision of the security and intelligence services, both civilian and military, is either non-existent or grossly inadequate in many Council of Europe member states. The permanent or ad hoc parliamentary commissions set up in several countries to oversee the activities of the secret services are hampered by a lack of information, which is under the exclusive control of the executive itself, and most often of a very small circle within the latter.

7. The Assembly welcomes the growing co-operation between different countries’ secret services, which constitutes an indispensible tool to confront the worst forms of organised crime and terrorism. This international co-operation should, however, be accompanied by equivalent co-operation between oversight bodies. It is unacceptable that activities affecting several countries should escape scrutiny because the services concerned in each country invoke the need to protect future co-operation with their foreign partners to justify the refusal to inform their respective oversight bodies.

8. The media play a vital role in the functioning of democratic institutions, in particular by investigating and publicly denouncing unlawful acts committed by state agents, including members of the secret services. They rely heavily on the co-operation of “whistleblowers” within the services of the State. The Assembly reiterates its calls for adequate protection for journalists and their sources (Recommendation 1950 (2011) and for “whistleblowers” (Resolution 1729 and Recommendation 1916 (2010)).

9. The Assembly can only welcome the publication, in particular via the “Wikileaks” site, of numerous diplomatic reports confirming the truth of the allegations of secret detentions and illegal transfers of detainees published by the Assembly in 2006 and 2007. It is essential that such disclosures are made in such a way as to respect the personal safety of informers, human intelligence sources and secret service personnel. The appearances of such websites is also the consequence of insufficient information made available and a worrying lack of transparence of Governments.

10. In some circumstances, in particular in the framework of the fight against terrorism, measures restricting freedom and violating fundamental rights are taken against suspect individuals who are not even informed of the – “secret” – grounds for suspicion on which these measures are based and do not have the possibility to seize an independent complaints mechanism. The Assembly reiterates its appeal in Resolution 1597 (2008) to the competent United Nations and European Union bodies to reform the “blacklisting” procedures, putting an end to such arbitrary methods and putting into place mechanisms that are both effective and respectful of the rule of law in order to neutralise persons suspected of supporting terrorism.

11. With regard to judicial inquiries, the Assembly:

11.1. welcomes the inquiries conducted professionally by the competent German and Italian authorities, which have shed considerable light on the abductions of Khaled El-Masri and Abu Omar;

11.2. welcomes the friendly settlements reached by the British authorities with the alleged victims of abuses committed by the British services and urges all interested parties to agree immediately on a framework satisfying the requirements of the European Convention on Human Rights regarding the duty to investigate allegations of torture for the special inquiry under the aegis of Sir Peter Gibson announced by the Prime Minister in July 2010;

11.3. urges the Lithuanian, Polish, Portuguese and Spanish prosecuting authorities to persevere in seeking to establish the truth about the allegations of secret CIA detentions and urges the American authorities to cooperate with them;

11.4. calls on the Romanian judicial authorities and those of “the former Yugoslav Republic of Macedonia” to finally initiate serious investigations following the detailed allegations of abductions and secret detentions in respect of those two countries, and on the American authorities to provide without further delay the judicial assistance requested by the prosecuting authorities of the European countries concerned;

12. With regard to parliamentary inquiries, the Assembly:

12.1. welcomes the determination of many members of the commission of the German Bundestag responsible for investigating the alleged involvement of the German services in CIA actions, while regretting that the government persisted in withholding the information requested by the commission, to the point that the Federal Constitutional Court, following an application by the opposition representatives, was forced to censure the government’s behaviour; deplores, however, that the end of the legislature did not allow for the commission’s work to continue after the judgment, as it was dissolved and not reconstituted;
12.2. welcomes the inquiry by the national security and defence committee of the Lithuanian Seimas which established the existence of two CIA secret detention centres on Lithuanian territory, while noting that the inquiry was unable to establish whether people had actually been detained and illtreated in those places, and whether Lithuanian senior officials were aware of the CIA actions in collaboration with agents of the Lithuanian secret service (SSD);

12.3. welcomes the untiring efforts of the All Party Parliamentary Group to establish the truth about the involvement of the British authorities in cases of illegal transfers of detainees concerning the United Kingdom;

12.4. Deplores that the Polish and Romanian parliaments confined themselves to inquiries, whose main purpose seems to have been to defend the official position of the national authorities;

12.5. Is surprised that the parliament of “the former Yugoslav Republic of Macedonia” considered it unnecessary to launch an inquiry into the El-Masri case, in the light of the clear findings of the European and German inquiries on this subject.

13. With regard to procedures for monitoring the secret services in general, the Assembly calls on Council of Europe member and observer states still lacking equivalent bodies to set up:

13.1. A parliamentary mechanism for monitoring the secret services, while ensuring that it has sufficient access to all the information needed to discharge its functions whilst respecting a procedure which protects legitimate secrets;

13.2. Special procedures so that legitimately secret information can be handled without endangering state security in criminal or civil proceedings concerning the activities of special services;

13.3. An adversarial procedure before a body allowed unrestricted access to all information to decide, in the context of a judicial or parliamentary review procedure, on whether or not to publish information which the government wishes to remain confidential.

14. With regard to international co-operation between oversight bodies, the Assembly calls on parliaments participating in the development of the future “Network of European expertise relating to parliamentary oversight of security and intelligence services” to consider widening the terms of reference of the future network and the range of participants in order to make it an effective instrument of co-operation between the competent bodies of all Council of Europe member and observer states, making it possible to remedy the shortcomings in parliamentary oversight resulting from increased international co-operation between the services in question….. [See the Report (PDF) for all points]

50. Finally, the fundamental role played by whistleblowers must not be forgotten. Their importance of their contribution is in fact proportionate to the extent that secrecy is still imposed. It is not exaggerated that, still today – and in some cases even more so than in the past – we are confronted with a real cult of secrecy; secrecy as an instrument of power, as Hannah Arendt reminds us in the citation at the very beginning of this report. It is therefore justified to say that whistleblowers play a key role in a democratic society and that they contribute to making up the existing deficit of transparency. We said so before: the Assembly’s reports of 2006 and 2007 and, more recently, the revelations concerning “black sites” in Lithuania are due to a large extent to honest officials who, for ethical reasons and taking great risks, could not and would not take part any longer in illegal activities or cover them up by remaining silent. In this connection, we should also remember Bradley Manning, the young American soldier accused of providing Wikileaks with a large number of confidential documents. High-ranking American officials and numerous voices of international public opinion have expressed indignation at the inhuman and degrading treatment which Mr Manning is said to have undergone. It will be up to the courts to judge. But we cannot ignore that according to the very accusations made against him we are indebted to him for the publication both of a recording of a helicopter attack in Iraq, in which the crew seems to have intentionally targeted and killed civilians. The video recording seemingly indicates a deliberate criminal act which deserves at least an investigation, which, without this indiscretion, would have never been requested. This is a classic example of an illegitimate secret. In addition, the publication of a large number of embassy reports has allowed us to learn significant details of important recent events and which are obviously of general interest. We must not forget either that these publications have brought numerous confirmations of findings included in the Assembly’s reports of 2006 and 2007 on the CIA flights and secret prisons. All those who at the time called for “proof, proof!” have in any case been well served.

This is a good step in right direction and I hope India would also deal with the issues mentioned in this Resolution very soon.

Sunday, January 1, 2012

Cyber Law Of India Should Be Reformed

Technological issues when collaborated with legal framework bring complex situations. It is very difficult to provide a legal framework for technological issues. India is also trying to grapple with this problem. Although cyber law in India has been enacted in the form of information technology act 2000 (IT Act 2000) yet it has remained archaic and non performer. The cyber law trends in India 2011 proved this point.

Cyber law of India needs to be rejuvenated. The emphasis must be to develop and protect Indian cyberspace rather than considering as a threat to be tackled through Internet censorship, websites blocking, e-surveillance, phone tapping and similar anti civil liberties protection in cyberspace.

Similarly stress should be given to cyber security of India through cyber security due diligence and mandatory obligations. The cyber security trends in India 2011 have proved that various stakeholders in India are not paying enough attention to cyber security. This is more so regarding banks in India that are not following the cyber security guidelines of Reserve Bank of India (RBI).

Perry4Law and Perry4Law Techno Legal Base (PTLB) believe that a major reason for poor performance on Indian cyber law and cyber security is that we have mixed all the aspects in a single law. For instance, although IT Act 2000 covers issues like cyber law, cyber security, cyber forensics, encryption, e-governance, e-commerce, cyber terrorism, etc yet the same are covered by a single section or more. This way none of them are individually effective.

We must have a separate and dedicated law for each of these issues that seem to have been dumped into a single law making it ineffective and useless for those issues. Further, the information technology amendment act 2008 (IT Act 2008 amendments) have further complicated the issue. By making almost all the cyber crimes “bailable”, Indian government has created a big nuisance for itself.

Perry4Law and PTLB hope that the year 2012 would bring major relief in this regard. Law making is a lengthy and tedious process and the sooner it is started the better it would be for the larger interest of India.