Global Techno Legal News And Views By Perry4Law Organisation (P4LO)

Global Techno Legal News And Views By Perry4Law Organisation (P4LO)Merging of technology and law raises interesting techno legal issues that are not easy to handle. There are very few organisations or individuals that can manage techno legal issues in India and world wide. Perry4Law Organisation (P4LO) is one such organisation that handles unique and qualitative techno legal services in fields like cyber law, cyber security, cyber forensics, e-discovery, etc. One such initiative is known as Global Techno Legal News and Views.

Some of the interesting post of the blog are:

(1) Non Mandatory Aadhaar: The matter pertaining to legality and constitutionality of Aadhaar project is pending before the Supreme Court of India. The Central Government has been maintaining that Aadhaar is not mandatory but for all practical purposes it has been made mandatory by Indian Government.

(2) Digital India: Digital India project of India is an ambitious but troublesome initiative as it is suffering from numerous shortcomings. This is the reason that the Digital India project is heading towards rough waters. In fact, Digital India is the biggest digital panopticon of India so far. There is an urgent need to make it legal and constitutional.

(3) Carbanak Malware: The notorious malware Carbanak was instrumental in stealing about a Billion US Dollars from financial institutions worldwide. Vskimmer Trojan, capable of stealing credit card information from Windows systems, was already in circulation. Similarly, the Malware Dump Memory Grabber was also targeting POS systems and ATMs of major U.S. banks. These malware were creating havoc in India and international levels.

(4) Censorship By Twitter: In an unexpected move, Twitter has been censoring tweets relating to topics like Aadhaar, Digital India, etc. Till the time of writing of this post, Twitter is still censoring topics like Aadhaar, Digital India, etc.

(5) Hardware Spyware: Kaspersky has revealed that intelligence agencies have been using hardware based stealth spyware. These hard drives are manufactured by Western Digital, Seagate, Toshiba and other top manufacturers, thereby making their use a potential cyber hazard.

(6) FBI Search Warrants: Recently a proposal was made to expand the search warrant powers of FBI. Google opposed the same and openly conveyed its dissent for the proposed US Justice Department proposal to expand federal powers to search and seize digital data, warning that the changes would open the door to US “government hacking of any facility” in the world.

(7) Lenovo Adware: Lenovo has been accused of pre installing Adware in laptops thereby compromising their security. Users have complained that a programme called Superfish pre-installed by Lenovo on consumer laptops was “Adware”, or software that automatically displays adverts.

(8) Microsoft Cloud Computing: It has been reported that Microsoft has adopted a new standard for cloud privacy that commits the company to protect the privacy of customers’ data, not to use it for advertisement purposes, and to inform the customer of legal requests for personal data. Google along with other companies has been fighting against e-surveillance activities of U.S. agencies.

(9) Mobile Communications Security: Intercept has recently published an article describing that U.S. and British spies hacked into the internal network of Gemalto in 2010 that is one of the largest manufacturers of SIM cards in the world. They stole the encryption keys used to protect the privacy of mobile cellular communications across the globe. These spies mined the private communications of Gemalto engineers and employees in multiple countries, including India. However, the most interesting revelation comes in the form that GCHQ could not intercept keys used by mobile operators in Pakistan, even though Pakistan is a priority target for Western intelligence agencies. This is because Pakistanis used more secure methods to transfer the encryption keys between the SIM card manufacturers and Pakistani mobile operators.

(10) Lawyers Communications: Recently a British court ruled that the U.S. – U.K. surveillance regime was unlawful for seven years. This means that the regime has also failed to comply with the European convention on human rights. U.K. government is already facing a trial where it has been accused of unlawfully intercepted conversations between lawyers and their clients.

(11) Online Card Games: Some online gaming stakeholders in India have approached the Supreme Court of India to get clarity on the legality of online games like rummy, poker, etc. In response of the same, the Supreme Court asked the opinion of Central Government in this regard but the same has been informally denied by the Central Government. This means that till the time Supreme Court actually says that online rummy, online poker and online card games are legal in India, majority of these gaming stakeholders may be exposing themselves to legal risks and civil and criminal liabilities. Now that the Supreme Court of India has finally refused to decided legality of online poker and online rummy in India, online card games websites may be legally risky if not properly drafted and managed.

(12) Internet Safety Campaign: Indian government has announced that an Internet safety campaign would be started very soon in India. From the media reports it seems that the awareness drive would cover all stakeholders ranging from school level to government departments.

(13) Google Timestamps: In a bizzare manner, Google has manipulated the timestamp of the news titled Digital India, Aadhaar and digital panopticon of India and put the date 27-02-2015 instead of 02-03-2015. This means that news surfers looking for latest news would not get the same and after some time the news would be removed from the relevance search as well. We have also checked the date results and the news was lying on 4th page with other news of 27th February 2015 date. This is a strange behaviour on the part of Google and all such behavioursa of Google are catalogued at the blog titled “Unofficial Websites, News, Blogs And SERPs Censorship By Google“. A mirror of this blog is also available here.

(14) E-Mail Policy: Indian government has been struggling long to formulate and implement the e-mail policy of India. This is important for India as sensitive documents cannot be transferred out of India as per Indian laws like Public Records Act, 1993. Even Delhi High Court is analysing the e-mail policy of India and has shown its displeasure over slow action on the part of Indian government in this regard. It has now been reported that Indian government has decided to ban the use of Gmail or any other private email for official communication across all its organisations, and make it mandatory for them to migrate to email services provided by the National Informatics Centre (NIC).

(15) CISO Of India: In a significant move, the Prime Minister’s Office (PMO) has appointed Dr. Gulshan Rai as the first Chief Information Security Officer (CISO) of India. This would go a long way in ensuring critical infrastructure protection in India (PDF). We also strongly recommend that a revised Cyber Security Policy of India 2015 must be drafted by Modi Government that must address cyber security issues in a more comprehensive and holistic manner. Further, international legal issues of cyber attacks must also be considered well in advance by Indian Government. Perry4Law Organisation (P4LO) has released a research paper on international legal issues of cyber security and cyber attacks and the same can be considered by Indian Government while strengthening Indian cyber security capabilities.

(16) Anti Bullying Committee: Cyber bullying in India is a big nuisance with practically no remedies. However, things would be changed very soon with the issuance of CBSE Guidelines for Prevention of Bullying and Ragging in Schools 9th March 2015, Reg: (D.O. No. 12-19/2012-RMSA-I) (PDF). Due to increasing cases of physical and cyber-bullying of students, Central Board of Secondary Education (CBSE) has directed all its affiliated schools to form an anti-bullying committee. The committee should comprise of vice-principal, a senior teacher, school doctor, counsellor, parent-teacher representative, school management representative, legal representative and peer educators. CBSE also directed the schools to tackle sexual abuses and strictly implement POCSO Act 2012.

(17) Technology Companies Regulations: Dealing with technology and foreign companies is a big challenge for Indian government. Whether it is taxation aspects or applicability of Indian laws to such companies, India has not been able to achieve a success in this regard so far. There is also a lack of legal framework to govern such technology and foreign companies in India as on date. At Perry4Law Organisation (P4LO) and Perry4Law’s Techno Legal Base (PTLB) we have been suggesting techno legal frameworks in this regard from time to time. We at P4LO and PTLB welcome this support of Indian Government and various stakeholders to our suggestions and recommendations from time to time. However, we strongly recommend that we need a comprehensive techno legal framework in this regard especially if we have to make the “Made in India” and “Digital India” projects successful.

(18) Killer USB: A Russian hacker/researcher created a killer USB that can crash the victim system once the modified/hacked USB is plugged into it. The basic idea of the USB drive is quite simple. When we connect it up to the USB port, an inverting DC/DC converter runs and charges capacitors to -110V. When the voltage is reached, the DC/DC is switched off. At the same time, the filed transistor opens. It is used to apply the -110V to signal lines of the USB interface. When the voltage on capacitors increases to -7V, the transistor closes and the DC/DC starts. The loop runs till everything possible is broken down.

(19) Traffic Routing: Networks and systems need to trust each other to make the Internet function in a speedier manner. If one system or service provider falters, the services of other may be hampered. In one such incidence, users around the world were not able to access Google’s service for a short period of time due to a technical glitch. Users were cut off due to the routing leak from Indian broadband Internet provider Hathway. The leak is similar to a 2012 incident caused by an Indonesian ISP, which took Google offline for 30 minutes worldwide.

(20) Grid Security Expert System (GSES): A Grid Security Expert System (GSES) of India has been proposed to be developed by Powergrid. Cyber security of automated power grids of India is need of the hour. It is only after a massive power blackout in 2012 that Indian government has woken up to the dangers of cyber attacks against Indian power sector. GSES would involve installation of knowledge based Supervisory Control and Data Acquisition (SCADA) system, numerical relays and Remote Terminal units upto 132 kV stations and the reliable Optical fibre Ground wire (OPGW) communication system at an estimated cost of around Rupees 1200 crores. The objective of the GSES is implementation of the Automatic Defense mechanism to facilitate reliable and secure grid operation.

(21) Cyber Law Due Diligence: Cyber law due diligence received a major jolt when the Supreme Court of India read down the internet intermediary due diligence requirements. The main problem seems to be reading down of Section 79(3) (b) and Rule 3(4) By Supreme Court in a manner that would be counter productive in the long run. In fact, reading down of Section 79(3) (b) and Rule 3(4) is more problem than solution as the Supreme Court erred in adopting this approach.

(22) SEBI And Cyber Security: It has been reported that SEBI has expanded the ambit of its Technical Advisory Committee (TAC) to include cyber security of the markets. CECSRDI welcomes this move of SEBI and is committed to help it in every possible manner to achieve this benign cyber security objective.

(23) E-Police Station: An e-police station in Delhi would register online FIR for motor vehicle theft cases. The pilot project of the “Motor Vehicle Theft (MVT) Application” is now accessible on mobiles and computers. Presently this facility is available only for police stations in South Delhi and the same will be extended to entire Delhi after sorting out technical glitches and other problems.

(24) Social Media Compliances: Social media websites are not complying with laws of India. India’s struggle against social media websites to fall in line with Indian laws continues even in Narendra Modi’s regime. To make the matter worst we have no social media laws in India or any effective and implementable social media policy of India. Of course, a new framework for use of social media by governmental organisations has been suggested by Indian government in the past but that is of little help in solving the present problem at hand. The real solution, according to Praveen Dalal, is formulation of a techno legal framework that can address the diverse and complicated issues of cyberspace in India. In short, social networking laws in India need clarity and codification.

(25) MPPEB Scam: MPPEB scam has become an investigation nightmare for the law enforcement agencies of India. The credibility and reliability of evidence is in question on the one hand and unresolved cyber forensics issues are on the other hand. Scientific investigation methodology is still to be used in the investigation of MPPEB scam.

(26) IT Subsidiary Of RBI: The Reserve Bank of India (RBI) has showed its commitment to fight against cyber crimes and financial frauds by declaring that an information technology driven subsidiary would be established by it to deal with cyber nuisances. This IT subsidiary of RBI would also deal with cyber security and related issues with a special focus upon banking related technology issues. The IT subsidiary of RBI would also evaluate the technical capabilities of banks that is almost missing as on date.

(27) Privacy Invasive Software: The Supreme Court of India has asked the Indian Government to clarify upon privacy invasive software and mobile applications. Supreme Court of India has taken a serious note of the software and mobile applications that can be used to extract private information from smartphones.

(28) Smart Cities In India: Smart cities in India have been proposed to be established in near future. However, smart cities in India may face cyber security and civil liberties issues that are left unresolved by Indian Government.

(29) Protection Of Good Samaritan: In a welcome move, the Narendra Modi led Government has issued Guidelines on Protection of Good Samaritan While Saving Lives of Road Accident Victims (2015) (PDF). This shows the sensitivity of Indian Government towards the precious lives that can be saved if road accident victims can be taken to hospitals as soon as possible.

We hope our readers would find this post and blog useful.

Source: P4LO.

Posted in Uncategorized

International Legal Issues Of Cyber Attacks By Perry4Law Organisation (P4LO)

International Legal Issues Of Cyber Attacks By Perry4Law Organisation (P4LO)Anybody who has dealt with international cyber law and cyber security related issues must be aware that it is really tough to solve such cases. Being transnational in nature, cyber law and cyber security issues require international cooperation among various nations and law enforcement agencies.

For instance, if a simple exercise of internet protocol tracking is undertaken, it takes months before any information is received from a foreign jurisdiction. Even in such cases, these are exceptional cases and not a general practice. In this process, the crucial digital evidence is lost forever and the cyber crimes investigation becomes a cold trail.

As there is a severe conflict of laws in cybersapce, it is very important to be aware of various technology related laws of various jurisdictions. However, it is not possible to be aware of all the laws of various jurisdictions. In order to spread public awareness in this regard, Perry4Law Organisation (P4LO) has been managing a dedicated blog on international legal issues of cyber attacks and cyber security. It is the exclusive techno legal blog on the topic not only in India but in entire world.

The blog has covered many techno legal aspects like use of cyber espionage malwares, need for the national security policy of India, legal immunity against cyber deterrent acts in India, open source intelligence through social media websites, protection of Indian cyberspace, national counter terrorism centre (NCTC) of India, cyber security challenges of India, cyber preparedness of India, the Wassenaar Arrangement and cyber security issues, intelligence agencies reforms in India, banking cyber security, techno legal analysis of Gameover Zeus, cyber crimes insurance in India, smart cities cyber security in India, etc.

As on date we have no dedicated cyber security laws in India. This is the reason why cyber security is more ignored than complied with in India. Even the blooming e-commerce industry of India is devoid of required cyber security practices and requirements. Cyber security of banks in India is also not upto the mark. This has forced the Reserve Bank of India to constitute a IT subsidiary that would consider, monitor and prescribe cyber security related rules, regulations and practices for banks in India. Even the Companies Act 2013 has prescribed cyber security obligations for the directors of companies. This is in addition to the cyber law obligations of banks and directors of Indian companies.

It is well understood that international legal issues of cyber attacks are not easy to handle. Nevertheless, Indian government cannot afford to ignore this situation and it must urgently work towards making Indian cyber security robust, resilent and effective. P4LO hopes that our readers would find our blog on international legal issues of cyber attacks, cyber law and cyber security useful.

Source: CSRDCI.

Posted in Uncategorized

Online Petition And Survey By CCICI Regarding Cyber Law Due Diligence In India

Online Petition And Survey By CCICI Regarding Cyber Law Due Diligence In IndiaInterpretation and analysis of the judgment of Supreme Court of India in Shreya Singhal v. Union of India (24th March 2015), Writ Petition (Criminal) No.167 Of 2012 (PDF) has already been started by various cyber law stakeholders of India. Most of them have based their observations upon Section 66A alone leaving aside other sections like Section 69A and Section 79 of the Information Technology Act, 2000.

However, it seems while doing justice to freedom of speech and expression in India, the Supreme Court has erred in reading down Section 79 and Rule 3 of Information Technology (Intermediaries Guidelines) Rules, 2011 (PDF) that pertains to Internet Intermediary liability and observance of cyber law due diligence (PDF) by them. In fact, it has been claimed that Supreme Court has killed cyber law due diligence in India to a great extent.

Cyber Crimes Investigation Centre of India (CCICI), the premier cyber crime investigation centre of Perry4Law Organisation (P4LO), has been covering these issues from the very beginning. Now CCICI has taken this interpretation and effort to another level by starting an online petition and survey titled “Do We Need a Stronger Cyber Law Due Diligence in India?”

Unfortunately, most of the interpretations and observations regarding the judgment of Supreme Court were directed towards Section 66A alone and the issue of cyber law due diligence was totally ignored. This has serious ramifications for all cyber victims whose locus standi has been taken away by the Supreme Court to approach the Intermediary.

It is of utmost importance that this issue must be discussed in great detail and then taken up before the Supreme Court through a review petition. Similarly, the collective inputs can also be shared with Indian government and Parliament so that they can come up with a more potent and effective cyber law due diligence requirement in India.

If you are a cyber victim or you know a person who has been a cyber victim, please share your views through this petition and review. Your views would shape the cyber law of India and make it more meaningful. If you have ever suffered from harassment over e-mail, SMS, chatting, Social media, etc or you know a person who has been so harassed, then please share your views at the petition/survey page. Collectively let us make a responsible cyber society and culture in India.

Source: Cyber Law Blog.

Posted in Uncategorized

Supreme Court Erred In Reading Down Section 79(3)(b) And Rule 3(4): Praveen Dalal

praveen-dalal-managing-partner-of-perry4law-and-ceo-of-ptlb1The judgment of Shreya Singhal v. Union of India (24th March 2015), Writ Petition (Criminal) No.167 Of 2012 (PDF) is not just about Section 66A but many other sections and rules as well. For instance, Section 79 of IT Act 2000 and Rule 3 of Information Technology (Intermediaries Guidelines) Rules, 2011 have also been analysed by Supreme Court.

As the constitutionality of these provisions was challenged, Supreme Court had limited choices. Supreme Court preferred to narrow down these provisions to keep them operational and constitutional. But it has not been realised at what cost this has been done.

According to Praveen Dalal, managing partner of ICT law firm Perry4Law, Supreme Court’s Judgment on Section 66A is a big blow for Cyber Law Due Diligence in India and reading down of Section 79(3) (b) and Rule 3(4) by Supreme Court in the present manner is “Counter Productive” in long run. He has also suggested that Modi Government must urgently bring suitable Amendments in the IT Act 2000 to tackle growing Cyber Threats and Cyber Crimes in India.

Indian cyber law has never been appropriate since its inception. Too much stress is given to suppress civil liberties and enhance e-surveillance. However, it has now reached a stage where immediate steps must be taken to protect civil liberties in cyberspace on the one hand and projects like Digital India on the other. This is also the high time to leave politics and do positive things for Indian masses.

Source: Cjnews India.

Posted in Uncategorized

Modi Government Must Urgently Bring Suitable Amendments In The IT Act 2000: Praveen Dalal

praveen-dalal-managing-partner-of-perry4law-and-ceo-of-ptlb1Recently the Supreme Court of India delivered a judgment for the case named Shreya Singhal v. Union Of India (24th March 2015), Writ Petition (Criminal) No.167 Of 2012 (PDF). This is a significant case as it covers many crucial aspects of cyber law of India. However, the true impact and interpretation of this judgment is yet to evolve.

We have already covered one of the aspects of this judgment. According to Praveen Dalal Supreme Court’s judgment on Section 66A is a big blow for Cyber Law Due Diligence in India (PDF). This has happened as the Supreme Court has “read down” few sections and rules under the IT Act 2000 that would have serious repercussions in the near future.

According to Praveen Dalal, the Supreme Court’s intentions were good as it was saving the otherwise “Unconstitutional” sections and rules by reading them down and making them Constitutional. However, although the Court has saved these sections and rules from being declared Unconstitutional, it has also made their applicability in Indian context very complicated and against the interests of Indian Cyberspace, opines Praveen Dalal.

Both Congress and BJP governments are guilty of not fulfilling the roles assigned to them by the voters. Further, Indian Parliament has also become redundant these days as no effective laws are being passed by it for the past few years. As a matter of fact it is doubtful whether we have separation of powers in India as on date.

According to Praveen Dalal, both Cyber and Telegraph Laws of India need urgent repeal as better laws must be formulated in their place. He also believes that India urgently needs a Techno Legal Framework to deal with Digital India and Cyberspace related issues. However, nothing has happened in this direction and this is a grave cause of concern as a “Dormant Parliament” is not a healthy sign for a country like India, opines Praveen Dalal.

Praveen Dalal has also suggested that after the Section 66A judgment, Narendra Modi government must bring urgent amendments to the Cyber Law of India. At a time when others are still interpreting and praising the judgment, he is the first one to provide critical inputs and suggestions regarding the judgment.

Both Congress and BJP governments have already tarnished their images and reputation by supporting Section 66A. Supreme Court of India must be congratulated for bringing order to the chaos created by our Executive and Parliament, opines Praveen Dalal. However, the “Rippling Effects” of Section 66A must be anticipated by Modi government in advance and its must start working on the “Appropriate Amendments” as soon as possible, says Praveen Dalal.

We at Centre of Excellence for Cyber Crimes Investigation in India (CCICI) hope that Modi government would consider these suggestions this time and act in the best possible interest of India setting aside its own biases and ideologies.

Source: CCICI.

Posted in Uncategorized

Supreme Court’s Judgment On Section 66A Is A Big Blow For Cyber Law Due Diligence In India: Praveen Dalal

Praveen Dalal-Managing Partner Of Perry4Law And CEO Of PTLBMany have rejoiced the recent judgment of Supreme Court of India titled Shreya Singhal v. Union Of India (24th March 2015), Writ Petition (Criminal) No.167 Of 2012 (PDF). However, on a closer look it is clear that while solving the minor problem the Supreme Court of India has created a major problem for Indian citizens and its cyberspace.

Few tweets by Praveen Dalal are worth reading in this regard. He believes that striking down of Section 66A of IT Act 2000 means that Indian Cyber Law needs urgent Amendments as we are exploring Digital India as well.

To achieve the objectives of Digital India, we need a robust cyber security infrastructure. The starting point can be the formulation of cyber security policy of India 2015. Cyber security breach disclosure norms of India must also be formulated by Indian government for successful implementation of Digital India.

He also believes that reading down of Section 79(3) (b) by Supreme Court in the present manner is “Counter Productive” in long run. He also cautions that SC’s Judgment on Section 66A is a “Big Blow” for Cyber Law Due Diligence in India (PDF) and “reading down portions” must be challenged through a Review Petition.

Perry4Law Firm would come up with more detailed interpretation of this judgment in due course of time, if required. For the time being it is clear that not everything is right with the judgment of Supreme Court and Indian Cyber Law may witness many ups and downs after this judgment.

Source: CCICI.

Posted in Uncategorized

It Took India Almost 10 Years To Realise That Women Empowerment Is Possible Through ICT

It Took India Almost 10 Years To Realise That Women Empowerment Is Possible Through ICTThe year was 2006 when Praveen Dalal suggested the use of ICT for Women Empowerment in India (PDF). However, it took almost 10 years for India to realise that women empowerment is possible though ICT. Narendra Modi government has finally appreciated this fact and has introduced the Digital India project covering this aspect as well. However, there are many limitations and shortcomings of Digital India project of India as on date and with these limitations and shortcomings the effect of Digital India would not be as conducive as anticipated.

Of all facts one fact is very frustrating and discouraging and that would also defeat the Digital India project in the long run. According to Praveen Dalal, mandatory e-governance services in India are needed that are presently missing. This is also one of the main reasons explaining why e-governance has failed in India.

Another reason is that Indian government is very slow in accepting suggestions and recommendations that can be game changer for India. For instance, if the suggestions of Praveen Dalal were accepted in the year 2006 itself, women empowerment in India would have a totally different meaning today in India. Platforms like MyGov have little significance if the suggestions provided by public are not accepted and acted upon.

However, in many cases Indian government accepts the suggestions and recommendations of public. For instance, many of the suggestions of Perry4Law Organisation (P4LO) regarding technology companies were accepted by the then Congress government.

The present BJP government is also open to public suggestions and inputs. However, how much they would be accepted depends upon the policies and strategies of Modi government. If Modi government is looking towards positive and image making inputs only, that would not be a fruitful exercise. Modi government must also keep in mind the shortcomings and weakness of its policies and projects. Censorship of posts and tweets and manipulation of news and search results is definitely not the right approach in this regard.

As far as Digital India and Aadhar projects of India are concerned, Praveen Dalal has compiled a list of aspects that Digital India and Aadhaar project must take care of in order to be successful. Now it is for the Modi government to consider the same and apply them to strengthen Digital India project wherever applicable and relevant. There is no sense in waiting for another 10 years to provide even the most basic e-delivery of services to Indian citizens.

Source: P4LO Blog.

Posted in Uncategorized