Cyber Security Trends In India 2016

Perry4Law-Organisation-P4LOThe year 2015 witnessed lots of buzzing about Cyber Security in India. From political circles to corporate houses, Cyber Security was a hot topic to discuss. Nevertheless, Cyber Security is still at discussion stage and actual implementation of Cyber Security initiatives and measures in India was still missing in 2015. Perry4Law Organisation (P4LO) provided Cyber Security Developments of India 2015 for its viewers and readers. Our viewers and readers may also be interested in Indian Cyber Security Developments in 2015 provided by P4LO.

In this post we are trying to anticipate the Cyber Security Trends of India 2016. This is in continuation of the Cyber Security Trends of India 2015 as provided by us in 2015. The year 2016 may witness the following Cyber Security Trends in India:

(1) Cyber Security Infrastructure: Cyber Security Infrastructure in India could remain at nascent stage in the year 2016 as well. This is so because till now India is still trying to understand the basic concepts of Cyber Security. We believe that Indian Cyber Security Infrastructure must be urgently “Strengthened” so that sophisticated Cyber Attacks can be suitably managed in India.

(2) International Cyber Security Framework: Cyber Attacks and Cyber Security are International Issues (PDF) and they deserve to be managed at Global Level. Despite this fact we have no “Globally Acceptable” Cyber Law and Cyber Security Treaties. P4LO has been advocating for the formulation of International Cyber Law and Cyber Security Treaty (PDF) for long. Now Indian Government has also decided to stress upon formulation of International Cyber Law and Cyber Security Treaties. This emphasis upon International Legal Cyber Security Framework would further increase in the year 2016. P4LO has dedicated two web resources titled “International Legal Issues Of Cyber Attacks” and “International Legal Issues of Cyber Security” for our readers and viewers. The aim of these web resources is to help both National and International Stakeholders to frame Techno Legal Cyber Security Regulatory Framework at National and International levels respectively.

(3) Digital India And Aadhaar Cyber Security: Digital India project of Narendra Modi Government is a very ambitious technology driven initiative. It can significantly improve the delivery of Public Services in India by using Information and Communication Technology (ICT). However, Digital India is suffering from various “Shortcomings” that need to be eliminated by Modi Government on priority basis. The chief among them are disregard to Civil Liberties like Privacy Protection and Data Protection and lack of Cyber Security Infrastructure to support the Digital India project.

The worst “Illegality and Unconstitutionality” of Digital India project is its “Forceful and Deliberate Reliance” upon Aadhaar that is Not “Not Mandatory“. For instance, Aadhaar has been made compulsory for Digital Locker despite Supreme Court’s contrary directions. This makes even the Digital India project vulnerable to Constitutionality Attacks. Besides, Aadhaar has its own Data Security, Civil Liberties and Cyber Security issues that are still unresolved as on date. There is an urgent need to disassociate Digital India project from Aadhaar project.

(4) Banking Cyber Security: Cyber Security of banks in India is not satisfactory despite the fact that Reserve Bank of India (RBI) has been trying very hard in this regard since 2010. RBI has in the year 2011 mandated that a Chief Information Officers (CIOs) is mandatory for all banks in India. However, till the December 2015, this requirement has not been complied with by most banks of India. Further, banks of India have also failed to ensure Cyber Security Due Diligence that is mandatory for banks in India. Banks in India are not complying with Cyber Security requirements because RBI has not taken any “Deterrent Action” against the defaulting banks. However, the position would change in the year 2016 as RBI has decided to establish an exclusive IT Subsidiary that would manage the Cyber Security related issues of banks of India. P4LO recommends that RBI must make “Surprise Visits” at the banks in order to check their Cyber Security preparedness. Further, Techno Legal Cyber Security Audits must also be undertaken by RBI to check the Cyber Security Infrastructures of banks of India.

(5) Directors’ Cyber Security Obligations: Cyber Security obligations and Cyber Law Due Diligence (PDF) were not taken seriously by Indian Companies and their Directors in the year 2015. However, things are going to change in the year 2016 as Indian Government has been contemplating introduction of Cyber Security Breach Disclosure Norms in India. Cyber Breaches reporting would become mandatory in such circumstances. In fact, the Indian Companies Act, 2013 imposes Cyber Security Obligations upon Directors of Indian Companies. Similarly, the Information Technology Act, 2000 also imposes Cyber Law Obligations upon Directors of Indian Companies. In short, Cyber Law and Cyber Security Obligations of Directors of Indian Companies would tremendously increase in the year 2016.

(6) Botnet Protection: Indian Government announced the establishment of a Botnet cleaning centre in the year 2015 to tackle the menace of Botnet in India. The same may be established in the year 2016 and that would be a good step to strengthen the Cyber Security Infrastructure of India. This initiative would be in addtion of the initiatives like National Critical Information Infrastructure Protection Centre (NCIPC) of India and National Cyber Security And Coordination Centre (NCSC) Of India. According to a report, Botnet are causing losses upto the extent of $6 Million a month for Online Advertisement Industry alone. The exact estimates of financial and other losses caused by Botnet is not possible as many of them use Deep Web and Dynamic DNS, Fast Flux and Bullet Proof Servers that makes it very difficult to trace and remove such Botnet. Use of Anti Forensics methods coupled with absence of a conclusive Authorship Attribution results in lack of imposing of legal responsibility and criminal prosecution of stakeholders responsible for such Botnet, Malware and Cyber Attacks in majority of cases.

(7) Cloud Computing Cyber Security:Cloud Computing industry and services are still taking a shape in India. Business and Entrepreneurs are still trying to acquaint themselves with the Legal and Regulatory requirements of Cloud Computing in India. Although we have no dedicated Cloud Computing Laws in India yet there are many Techno Legal Cloud Computing Due Diligence requirements in India. Due to the Legal Risks associated with Cloud Computing in India, many believe that use of Cloud Computing is not a viable option in India. The year 2016 would bring enhanced Cyber Law, Cyber Security, Data Protection (PDF) and Privacy Protection obligations upon the Cloud Computing Companies and their Directors.

(8) E-Health Cyber Security: Digital India project of Narendra Modi Government is covering E-Health and M-Health aspects as well. Suitable Legal Framework for E-Health/M-Health is urgently required in India and the same may be done in the year 2016 by Indian Government. A National E-Health Authority (NeHA) of India has already been proposed by Indian Government. Further, Electronic Health Record (EHR) Standards in India have also been formulated by Indian Government. Cyber Security of E-Health and M-Health Applications, Devices and Infrastructure could be stressed in the year 2016 in India.

(9) Critical Infrastructure Protection: Critical Infrastructure Protection (CIP) is a big challenge for both national and international stakeholders. Internet is full of unprotected SCADA systems on which various Critical Infrastructures are blindly relying without any Cyber Security protections. Critical Infrastructure Protection in India (PDF) is not in a good condition and Indian Government needs to work real hard in this regard. Indian Government must take Cyber Security very seriously and it is high time to frame a Critical Infrastructure Policy of India.

(10) CISO Culture: The year 2016 would see an increased appointment and participation of Chief Information Security Officer (CISO) in India. Narendra Modi Government has already appointed Dr. Gulshan Rai as the first CISO of India. Further, Companies in India are increasingly becoming aware that a Chief Information Officer (CIO) is need of the hour to protect the interest of the Company in Digital World and Cyberspace. Keeping this in mind both Enterprises and Indian Government are contemplating to increase spending upon Cyber Security Infrastructures of their respective domains.

We hope this illustrative list of Cyber Security Trends in India 2016 would be informative and our readers and viewers would find it useful.

Posted in Uncategorized | 7 Comments

Cyber Security Developments In India 2015 By Perry4Law Organisation (P4LO)

Perry4Law Organisation (P4LO)Cyber Security Trends and Development provide valuable insight into the shortcomings of Cyber Security initiatives of any Nation. Similarly, Cyber Security Trends and Developments of various Nations also help in consolidation of International Legal Issues of Cyber Security. Though we have no globally acceptable International Cyber Security Treaty (PDF), yet global Cyber Security Trends can help in consolidation of International Legal Issues of Cyber Security.

Perry4Law Organisation (P4LO) has been providing Cyber Security Trends and Developments in India for long. We have already provided the Cyber Security Trends and Developments of India 2013 (PDF) and Cyber Security Trends and Developments in India 2014. We have also provided Cyber Security Trends of India 2015 and most of our predictions and analysis were proved true by the unfolded events that took place in Indian Cyberspace and foreign Jurisdictions. Cyber Security Problems and Challenges of India were also highlighted by us.

We also dedicated an exclusive Blog on International Legal Issues of Cyber Security titled International Legal Issues Of Cyber Attacks And Cyber Security, Cyber Terrorism And Cyber Warfare. The aim of this Blog is to provide Techno Legal Cyber Security inputs and suggestions so that International Legal Issues of Cyber Security can be discussed at a single platform.

Some of the Cyber Security Developments that took place in India in the year 2015 are as follows:

(1) Constitutional Cyber Security: Indian Constitution was framed many decades ago. It was not possible to include provisions pertaining to Cyber Law and Cyber Security in the year 1950. Perry4Law Organisation (P4LO) has suggested that Cyber Security and allied fields must be suitably incorporated into the Indian Constitution keeping in mind the future requirements. We are already working in this direction and would come up with Constitutional Cyber Security Issues very soon.

(2) Protection Of School Children: The year 2015 witnessed that School Children are vulnerable to many forms of Cyber Threats. These include Social Engineering attacks, Cyber Stalking, Cyber Harassment, etc. A need was felt in India that School Children must be suitably educated about Cyber Issues.

(3) Cyber Law Due Diligence: Cyber Law Due Diligence (PDF) is not in good condition in India. Companies, Individuals and other Stakeholders did not comply with Cyber Law Due Diligence requirements in the year 2015 as prescribed by Information Technology Act, 2000 (IT Act 2000). However, the worst blow came from none other than the Supreme Court of India. Indian Supreme Court has killed Cyber Law Due Diligence to a great extent. As a matter of fact, we need a strong Cyber Law Due Diligence in India unlike the one suggested by the Supreme Court.

(4) Equation Group And NSA: It has been reported that United States National Security Agency (NSA) may have been planting surveillance software into hard drives and other essential computer equipment sold around the world for more than a decade through Equation Group. NSA has also used radio waves for E-Surveillance purposes in the past. Kaspersky Lab has also revealed that hardware based stealth spyware were also used by Intelligence Agencies in the year 2015.

(5) Cyber Security Infrastructure: Cyber Security Infrastructure in India is still not upto the mark till 2015. Indian Cyberspace is vulnerable to diverse form of Cyber Attacks. In these circumstance, it is imperative that Indian Cyber Security Infrastructure must be strengthened to maximum possible extent. Further, Narendra Modi Government must protect Indian Cyberspace on a Priority basis. As on date and till 2015, India is a Sitting Duck in Cyberspace and Civil Liberties Protection regime.

(6) Banking Cyber Security: Cyber Security of Banks in India is still not given priority by Indian Banks in the year 2015. In fact, Reserve Bank of India (RBI) has been trying to strengthen Cyber Security of Indian Banks but with little success. Now RBI has decided to establish an IT Subsidiary for looking into Cyber Security related issues of Banks of India. This can be a significant move on the part of RBI and may force the Banks in India to finally strengthen their Cyber Security in the year 2016.

(7) Smart Cities: Indian Government has announced in 2015 to establish many Smart Cities in India. Such Smart Cities would be dependent upon Information and Communication Technology (ICT) in diverse manner. Since ICT would be used, Smart Cities Cyber Security in India cannot be ignored by Indian Government. Smart Cities in India, like in foreign countries, are facing many Cyber Security problems and challenges that need to be resolved before launching of full fledged project.

(8) Digital India Cyber Security Issues: Digital India is one of the most ambitious Technology Driven projects of the World. However, its strong dependence upon Aadhaar has made it vulnerable to Legal and Constitutional Attacks. Perry4Law Organisation (P4LO) has outlined some Shortcomings of Digital India Project and we hope they would be considered by Indian Government for a better Digital India initiative of India. The most alarming shortcoming in this regard is that Digital India is suffering from lack of Cyber Security Infrastructure. Nothing is more dangerous and more worrisome than implementing the E-Governance and Digital India Projects of India without adequate Cyber Security.

(9) Cyber Security Legal Framework: All Governments need full and complete “Disclosures” of Cyber Security Breaches affecting the lives of their Citizens. Unfortunately, Cyber Security Breach Disclosure Norms in India are still missing in the year 2015. This is because we have an outdated Cyber Law and missing Cyber Security Law in India. Outdated and Unconstitutional Laws like Cyber Law and Telegraph Act must be urgently repealed and new laws must be formulated in this regard. Further, a Techno Legal Framework must be urgently formulated by Indian Government. At the same time we also need the Cyber Security Policy of India 2015 that is a must to strengthen Indian Cyber Security Capabilities. Civil Liberties Issues in Cyberspace like Privacy Protection must also be ensured by the proposed Cyber Security Policy of India 2015.

(10) E-Surveillance in India: Unconstitutional E-Surveillance issues remained intact in India in the year 2015 as well. Projects like Aadhaar, Digital India, Smart Cities, etc are still violating the Civil Liberties of Indian Citizens without any Procedural and Constitutional Safeguards. Telecom giant Vodafone has confirmed existence of Secret Wires for Indian Government E-Surveillance purposes. Although Indian Department of Telecommunication (DOT) promised investigation into this matter but the same remained an “Empty Promise” only. So far DOT has failed to make the “Investigation Report” public. In similar activities, UK’s Government admitted that it indudged in Illegal E-Surveillance over Lawyers Communications. With the combination of Aadhaar and Digital India, India has become the Biggest Digital Panopticon of the World. To make the matter worst, we have no Parliamentary Oversight over this Digital Panopticon of India. Even the Intelligence Agencies of India need Parliamentary Oversight and Reforms.

(11) Cyber Security Legal Practice: The year 2015 is the starting point for Cyber Security Legal Practice World wide. Law Firms around the World have strated exploring Cyber Security Legal Issues as possible areas of practice. However, as on date there are very few Cyber Security Law Firms in the World that are capable of managing Cyber Security Legal Practice. Perry4Law Law Firm is one of such few Law Firms that are providing Cyber Security and Cyber Forensics Legal Services in India and Foreign Jurisdictions. Some Consultancy Firms have also hired Lawyers in India so they they can provide Cyber Security Legal Services in India. However, the “Legality” of this method is yet to be ascertained as in India Lawyers cannot form Partnership with Non Legal Individuals/Firms. Along with the benefits of Cyber Security Legal Practice, Law Firm’s Cyber Security Obligations in India are also increasing.

(12) Cyber Warfare Policy: Cyber Warfare has become a reality in the present Digital Environment. However, India is not prepared to deal with Cyber Warfare that is taking place at the Global scale. Cyber Warfare against India is also happening but we are not capable of detecting the same in a timely and real time manner. Further, even in the year 2015, we have no Cyber Warfare Policy in India (PDF) that can manage the Techno Legal issues of Cyber Warfare. Even the Tallinn Manual on Cyber Warfare is not applicable to International Cyber Warfare Attacks and Defence and every Nation is free to adopt its own methods and procedures in this regard. Related fields like Cyber Terrorism and Cyber Espionage were also not taken care of by Indian Government in the year 2015.

(13) Encryption Law And Policy: In the year 2015 also Indian Government did not pay any attention to Encryption Policy of India (PDF). The net result is that we have neither a dedicated Encryption Law in India nor any Policy regarding Encryption usage in India till 2015. Although Indian Government tried to formulate an Encryption Policy in the year 2015 yet it was poorly drafted and was immediately withdrawn by Indian Government.

(14) Mobile Security: Just like the year 2014, the year 2015 also witnessed a stress upon Mobile Governance usage in India. Similarly, just like 2014, in the year 2015 also no steps were taken by Indian Government towards ensuring Mobile Security in India. This has given rise to additional Mobile Banking Cyber Security Risks before the Banking Industry of India. Fortunately, RBI has decided to set up an IT Subsidiary to look into matters pertaining to Banking Security and Mobile Banking Cyber Security can also be looked into by that IT Subsidiary.

(15) M-Health: India has also stressed upon use of Mobile Health (M-Health) concept for widespread availability of healthcare services to Indian population. Besides inadequate Cyber Security, M-Health is also suffering from lack of Legal Framework to govern the same. The position is that M-Health projects and businesses in india lacks Regulatory Compliances. Due to this Legal Loophole, M-Health service providers are violating other Indian Laws applicable to them.

(16) Cloud Computing: Cloud Computing in India has miserably failed to comply with either the Indian Laws or the absolutely essential Cyber Security requirements. In the absence of dedicated Laws regarding Privacy Protection and Data Protection (PDF), Virtualisation and Cloud Computing are “Legally Risky” and are “Landmines” for Privacy Violation in India. Further, we have no dedicated Law for Cloud Computing in India as well. The position remained the same in the year 2015.

(17) Internet of Things (IOT): Goods and services based upon Internet of Things (IOT) were introduced in India in 2015. This trend is going to increase in the year 2016 as well as Projects like Smart Cities, Digital India, etc would rely upon IOT for proper functioning. Even the draft IOT Policy of India (PDF) and Revised Draft IOT Policy of India (PDF) were released by Indian Government. However, both the IOT Policies of Indian Government failed to address the Civil Liberties issues. Privacy Rights in the Information age (PDF) have to be addressed by Indian Government for new technologies and concepts.

(18) Cyber Insurance: The year 2015 witnessed a booming Cyber Liability Insurance in India. The major reason for the growth of Cyber Insurance Policies in India is the increased numbers of Cyber Crimes and Cyber Attacks in India. However, Cyber Insurance Stakeholders in India have still to understand the technicalities of Techno Legal aspects of Cyber Insurance.

Perry4Law Organisation (P4LO) hopes that our readers would find this research report on Indian Cyber Security Development in India 2015 useful.

Posted in Uncategorized | 2 Comments

Perry4Law Organisation (P4LO) Celebrates And Supports The First Constitution Day Of India 2015

Praveen Dalal-Managing Partner Of Perry4Law And CEO Of PTLBConstitution of India is the supreme document of India that governs the Constitutional issues including the governance and functioning of Executive, Parliament and Judiciary of India. Constitution of India is the bulkiest document of its type in the world. It carries many Articles and Schedules that are not easy to understand.

Perry4Law Organisation (P4LO) has been dicussing various issues of Indian Constitution from time to time. This is more so regarding Civil Liberties, Human Rights and Fundamental Rights subjects that are very near and dear to our hearts.

P4LO is also on the forefront of celebrating the “Constitution Day of India” from the very begining. For instance, P4LO has decided to celebrate the First Constitution Day of India on 26th November 2015 in a very novel and desirable manner. We have officially launched the Virtual Law Campus (VLC) in India that covers many techno legal fields like Constitution of India, Cyber Law, Cyber Security, Cyber Forensics, Civil Laws, Criminal Laws, etc.

Dedicated websites in this regard would be made operational very soon and few of these websites can be accessed here1, here2 and here3. Two dedicated blogs have also be launched in this regard and the same can be accessed at blog1 and blog2. This is in addition to the already existing initiative titled Virtual Legal Education Campus (VLEC) of India.

Since Constitution of India is organic in nature, P4LO has also introduced the modern concepts of Laws to Indian Constitution. We have dedicated mnay Techno Legal Blogs that are covering the Techno Legal issues of Indian Constitution. When the Constitution of India was drafted, Information and Communication Technology (ICT) was not in use. Hence, ICT related issues were not incorporated into the Indian Constitution. At P4LO we are working in the direction of making the provisions of Indian Constitution in conformity with ICT and Techno Legal requirements.

We have already suggested that Indian Government must formulate a Techno Legal Framework for India as Indian Cyberspace is suffering from many threats and deficiencies. For instance, Indian Constitution must also suitably accomodate contemporary topics like Cyber Law, Cyber Security, Cyber Forensics, E-Discovery, E-Courts, Online Dispute Resolution (ODR), etc.

Similarly, Indian Government must also work in the direction of strengthening of Online Education and Skills Development in India. We have taken a small but significant step in these directions by establishing the first ever Virtual Law Campus (VLC) of India and world wide. The VLC would cover many Techno Legal Skills Development fields including Techno Legal issues of Indian Constitution.

We hope the Indian Government would find our initiatives in general and VLC in particular helpful in furthering the Preambulary Intents and Constitutional Philosophy.

Posted in Uncategorized | Leave a comment

Global Techno Legal News And Views By Perry4Law Organisation (P4LO)

Global Techno Legal News And Views By Perry4Law Organisation (P4LO)Merging of technology and law raises interesting techno legal issues that are not easy to handle. There are very few organisations or individuals that can manage techno legal issues in India and world wide. Perry4Law Organisation (P4LO) is one such organisation that handles unique and qualitative techno legal services in fields like cyber law, cyber security, cyber forensics, e-discovery, etc. One such initiative is known as Global Techno Legal News and Views.

Some of the interesting post of the blog are:

(1) Non Mandatory Aadhaar: The matter pertaining to legality and constitutionality of Aadhaar project is pending before the Supreme Court of India. The Central Government has been maintaining that Aadhaar is not mandatory but for all practical purposes it has been made mandatory by Indian Government.

(2) Digital India: Digital India project of India is an ambitious but troublesome initiative as it is suffering from numerous shortcomings. This is the reason that the Digital India project is heading towards rough waters. In fact, Digital India is the biggest digital panopticon of India so far. There is an urgent need to make it legal and constitutional.

(3) Carbanak Malware: The notorious malware Carbanak was instrumental in stealing about a Billion US Dollars from financial institutions worldwide. Vskimmer Trojan, capable of stealing credit card information from Windows systems, was already in circulation. Similarly, the Malware Dump Memory Grabber was also targeting POS systems and ATMs of major U.S. banks. These malware were creating havoc in India and international levels.

(4) Censorship By Twitter: In an unexpected move, Twitter has been censoring tweets relating to topics like Aadhaar, Digital India, etc. Till the time of writing of this post, Twitter is still censoring topics like Aadhaar, Digital India, etc.

(5) Hardware Spyware: Kaspersky has revealed that intelligence agencies have been using hardware based stealth spyware. These hard drives are manufactured by Western Digital, Seagate, Toshiba and other top manufacturers, thereby making their use a potential cyber hazard.

(6) FBI Search Warrants: Recently a proposal was made to expand the search warrant powers of FBI. Google opposed the same and openly conveyed its dissent for the proposed US Justice Department proposal to expand federal powers to search and seize digital data, warning that the changes would open the door to US “government hacking of any facility” in the world.

(7) Lenovo Adware: Lenovo has been accused of pre installing Adware in laptops thereby compromising their security. Users have complained that a programme called Superfish pre-installed by Lenovo on consumer laptops was “Adware”, or software that automatically displays adverts.

(8) Microsoft Cloud Computing: It has been reported that Microsoft has adopted a new standard for cloud privacy that commits the company to protect the privacy of customers’ data, not to use it for advertisement purposes, and to inform the customer of legal requests for personal data. Google along with other companies has been fighting against e-surveillance activities of U.S. agencies.

(9) Mobile Communications Security: Intercept has recently published an article describing that U.S. and British spies hacked into the internal network of Gemalto in 2010 that is one of the largest manufacturers of SIM cards in the world. They stole the encryption keys used to protect the privacy of mobile cellular communications across the globe. These spies mined the private communications of Gemalto engineers and employees in multiple countries, including India. However, the most interesting revelation comes in the form that GCHQ could not intercept keys used by mobile operators in Pakistan, even though Pakistan is a priority target for Western intelligence agencies. This is because Pakistanis used more secure methods to transfer the encryption keys between the SIM card manufacturers and Pakistani mobile operators.

(10) Lawyers Communications: Recently a British court ruled that the U.S. – U.K. surveillance regime was unlawful for seven years. This means that the regime has also failed to comply with the European convention on human rights. U.K. government is already facing a trial where it has been accused of unlawfully intercepted conversations between lawyers and their clients.

(11) Online Card Games: Some online gaming stakeholders in India have approached the Supreme Court of India to get clarity on the legality of online games like rummy, poker, etc. In response of the same, the Supreme Court asked the opinion of Central Government in this regard but the same has been informally denied by the Central Government. This means that till the time Supreme Court actually says that online rummy, online poker and online card games are legal in India, majority of these gaming stakeholders may be exposing themselves to legal risks and civil and criminal liabilities. Now that the Supreme Court of India has finally refused to decided legality of online poker and online rummy in India, online card games websites may be legally risky if not properly drafted and managed.

(12) Internet Safety Campaign: Indian government has announced that an Internet safety campaign would be started very soon in India. From the media reports it seems that the awareness drive would cover all stakeholders ranging from school level to government departments.

(13) Google Timestamps: In a bizzare manner, Google has manipulated the timestamp of the news titled Digital India, Aadhaar and digital panopticon of India and put the date 27-02-2015 instead of 02-03-2015. This means that news surfers looking for latest news would not get the same and after some time the news would be removed from the relevance search as well. We have also checked the date results and the news was lying on 4th page with other news of 27th February 2015 date. This is a strange behaviour on the part of Google and all such behavioursa of Google are catalogued at the blog titled “Unofficial Websites, News, Blogs And SERPs Censorship By Google“. A mirror of this blog is also available here.

(14) E-Mail Policy: Indian government has been struggling long to formulate and implement the e-mail policy of India. This is important for India as sensitive documents cannot be transferred out of India as per Indian laws like Public Records Act, 1993. Even Delhi High Court is analysing the e-mail policy of India and has shown its displeasure over slow action on the part of Indian government in this regard. It has now been reported that Indian government has decided to ban the use of Gmail or any other private email for official communication across all its organisations, and make it mandatory for them to migrate to email services provided by the National Informatics Centre (NIC).

(15) CISO Of India: In a significant move, the Prime Minister’s Office (PMO) has appointed Dr. Gulshan Rai as the first Chief Information Security Officer (CISO) of India. This would go a long way in ensuring critical infrastructure protection in India (PDF). We also strongly recommend that a revised Cyber Security Policy of India 2015 must be drafted by Modi Government that must address cyber security issues in a more comprehensive and holistic manner. Further, international legal issues of cyber attacks must also be considered well in advance by Indian Government. Perry4Law Organisation (P4LO) has released a research paper on international legal issues of cyber security and cyber attacks and the same can be considered by Indian Government while strengthening Indian cyber security capabilities.

(16) Anti Bullying Committee: Cyber bullying in India is a big nuisance with practically no remedies. However, things would be changed very soon with the issuance of CBSE Guidelines for Prevention of Bullying and Ragging in Schools 9th March 2015, Reg: (D.O. No. 12-19/2012-RMSA-I) (PDF). Due to increasing cases of physical and cyber-bullying of students, Central Board of Secondary Education (CBSE) has directed all its affiliated schools to form an anti-bullying committee. The committee should comprise of vice-principal, a senior teacher, school doctor, counsellor, parent-teacher representative, school management representative, legal representative and peer educators. CBSE also directed the schools to tackle sexual abuses and strictly implement POCSO Act 2012.

(17) Technology Companies Regulations: Dealing with technology and foreign companies is a big challenge for Indian government. Whether it is taxation aspects or applicability of Indian laws to such companies, India has not been able to achieve a success in this regard so far. There is also a lack of legal framework to govern such technology and foreign companies in India as on date. At Perry4Law Organisation (P4LO) and Perry4Law’s Techno Legal Base (PTLB) we have been suggesting techno legal frameworks in this regard from time to time. We at P4LO and PTLB welcome this support of Indian Government and various stakeholders to our suggestions and recommendations from time to time. However, we strongly recommend that we need a comprehensive techno legal framework in this regard especially if we have to make the “Made in India” and “Digital India” projects successful.

(18) Killer USB: A Russian hacker/researcher created a killer USB that can crash the victim system once the modified/hacked USB is plugged into it. The basic idea of the USB drive is quite simple. When we connect it up to the USB port, an inverting DC/DC converter runs and charges capacitors to -110V. When the voltage is reached, the DC/DC is switched off. At the same time, the filed transistor opens. It is used to apply the -110V to signal lines of the USB interface. When the voltage on capacitors increases to -7V, the transistor closes and the DC/DC starts. The loop runs till everything possible is broken down.

(19) Traffic Routing: Networks and systems need to trust each other to make the Internet function in a speedier manner. If one system or service provider falters, the services of other may be hampered. In one such incidence, users around the world were not able to access Google’s service for a short period of time due to a technical glitch. Users were cut off due to the routing leak from Indian broadband Internet provider Hathway. The leak is similar to a 2012 incident caused by an Indonesian ISP, which took Google offline for 30 minutes worldwide.

(20) Grid Security Expert System (GSES): A Grid Security Expert System (GSES) of India has been proposed to be developed by Powergrid. Cyber security of automated power grids of India is need of the hour. It is only after a massive power blackout in 2012 that Indian government has woken up to the dangers of cyber attacks against Indian power sector. GSES would involve installation of knowledge based Supervisory Control and Data Acquisition (SCADA) system, numerical relays and Remote Terminal units upto 132 kV stations and the reliable Optical fibre Ground wire (OPGW) communication system at an estimated cost of around Rupees 1200 crores. The objective of the GSES is implementation of the Automatic Defense mechanism to facilitate reliable and secure grid operation.

(21) Cyber Law Due Diligence: Cyber law due diligence received a major jolt when the Supreme Court of India read down the internet intermediary due diligence requirements. The main problem seems to be reading down of Section 79(3) (b) and Rule 3(4) By Supreme Court in a manner that would be counter productive in the long run. In fact, reading down of Section 79(3) (b) and Rule 3(4) is more problem than solution as the Supreme Court erred in adopting this approach.

(22) SEBI And Cyber Security: It has been reported that SEBI has expanded the ambit of its Technical Advisory Committee (TAC) to include cyber security of the markets. CECSRDI welcomes this move of SEBI and is committed to help it in every possible manner to achieve this benign cyber security objective.

(23) E-Police Station: An e-police station in Delhi would register online FIR for motor vehicle theft cases. The pilot project of the “Motor Vehicle Theft (MVT) Application” is now accessible on mobiles and computers. Presently this facility is available only for police stations in South Delhi and the same will be extended to entire Delhi after sorting out technical glitches and other problems.

(24) Social Media Compliances: Social media websites are not complying with laws of India. India’s struggle against social media websites to fall in line with Indian laws continues even in Narendra Modi’s regime. To make the matter worst we have no social media laws in India or any effective and implementable social media policy of India. Of course, a new framework for use of social media by governmental organisations has been suggested by Indian government in the past but that is of little help in solving the present problem at hand. The real solution, according to Praveen Dalal, is formulation of a techno legal framework that can address the diverse and complicated issues of cyberspace in India. In short, social networking laws in India need clarity and codification.

(25) MPPEB Scam: MPPEB scam has become an investigation nightmare for the law enforcement agencies of India. The credibility and reliability of evidence is in question on the one hand and unresolved cyber forensics issues are on the other hand. Scientific investigation methodology is still to be used in the investigation of MPPEB scam.

(26) IT Subsidiary Of RBI: The Reserve Bank of India (RBI) has showed its commitment to fight against cyber crimes and financial frauds by declaring that an information technology driven subsidiary would be established by it to deal with cyber nuisances. This IT subsidiary of RBI would also deal with cyber security and related issues with a special focus upon banking related technology issues. The IT subsidiary of RBI would also evaluate the technical capabilities of banks that is almost missing as on date.

(27) Privacy Invasive Software: The Supreme Court of India has asked the Indian Government to clarify upon privacy invasive software and mobile applications. Supreme Court of India has taken a serious note of the software and mobile applications that can be used to extract private information from smartphones.

(28) Smart Cities In India: Smart cities in India have been proposed to be established in near future. However, smart cities in India may face cyber security and civil liberties issues that are left unresolved by Indian Government.

(29) Protection Of Good Samaritan: In a welcome move, the Narendra Modi led Government has issued Guidelines on Protection of Good Samaritan While Saving Lives of Road Accident Victims (2015) (PDF). This shows the sensitivity of Indian Government towards the precious lives that can be saved if road accident victims can be taken to hospitals as soon as possible.

We hope our readers would find this post and blog useful.

Posted in Uncategorized | 1 Comment

Law Of Domicile In India

Law Of Domicile In IndiaDomicile of an individual is very significant for deciding his/her marriage, succession, taxation, etc related issues. However, domicile is a complicated subject as it is a mixed question of facts and laws. In fact, there is no set procedure to get a domicile certificate in India as on date. To make the matter worst, there is an acute confusion between a domicle certificate and a residence certificate. Most of the Indian States and their authorities consider a residence certificate as a domicile certificate.

In its popular sense, this synonymous treatment of domicile and residence may be justified. However, in its technical sense, domicile is a conflict of laws principle and it has no role to play while deciding the territorial laws of a nation. In essence, domicile involves existence of more than one sovereign jurisdiction and a corresponding resolution of legal issues by applying the most appropriate law in a given circumstances.

Domicile as a conflict of laws concept identifies a person, in cases having a foreign element, with a territory subject to a single system of law, which is regarded as his personal law. Generally speaking, a person is domiciled in the country in which he is considered to have his permanent home. His domicile is of the whole country, being governed by common rules of law, and not confined to a part of it.

The interesting part about a domicile is that no one can be without a domicile and no one can have two domiciles. This is logical as well as a person domiciled in a particular jurisdiction cannot be domiciled in another foreign territory. For instance, in India a domicile of origin is attributed to every person at birth by operation of law. This domicile is not decided by his place of birth or by the place of residence of his father or mother, but by the domicile of the appropriate parent at the time of his birth, according as he is legitimate or illegitimate.

A person domiciled in a country establishes his legal status for the whole of the country and is subject to one body of law. But in federal countries like the United States, Australia, or Canada, or in a composite State like the United Kingdom, different systems of law may prevail in different regions in respect of certain matters. In such cases, each of the territories governed by a separate system of law is treated, for the purpose of conflict of laws, as a ‘country’, though in public international law or constitutional law it is not a separate sovereign State.

This is not the legal position in India. Though a Union of States, and a federation in that sense, the whole country is governed by a single unified system of law, with a unified system of judicial administration, notwithstanding the constitutional distribution of legislative powers between the Centre and the States. There is no State-wise domicile within the territory of India. A man who is domiciled in India is domiciled in every State in India and identified with a territorial system of legal rules pervading throughout the country. He is ‘domiciled’ in the whole of this country, even though his permanent home may be located in a particular spot within it . Thus, the concept of “domicile” varies from country to country and from jurisdiction to jurisdiction.

It is equally important to understand the difference between the terms domicile and residence. The word “domicile” should not be confused with a simple “residence”. The residence is a physical fact and no volition/intention is needed to establish it. The animus manendi is not an essential requirement of residence, unlike in the case of a domicile of choice. Thus, any period of physical presence, however short, may constitute residence provided it is not transitory, fleeting or casual. The intention is not relevant to prove the physical fact of residence except to the extent of showing that it is not a mere fleeting or transitory existence To insist on an element of volition is to confuse the features of ‘residence’ with those of ‘domicile’. While residence and intention are the two essential elements constituting the ‘domicile of choice’ residence in its own right is a connecting factor in a national legal system for purposes of taxation, jurisdiction, service of summons, voting etc .

The determination of domicile of an individual has a great legal significance. It helps in identifying the personal law by which an individual is governed in respect of various matters such as the essential validity of a marriage, the effect of marriage on the proprietary rights of husband and wife, jurisdiction in divorce and nullity of marriage, illegitimacy, legitimation and adoption and testamentary and intestate succession to moveables. The domicile is the legal relationship between an individual and a territory with a distinctive legal system, which invokes that system as his personal law. India recognises only one domicile, namely, domicile in India by virtue of Artice 5 of the Constitution of India. Further, the concept of ‘domicile’ has no relevance to the applicability of municipal laws, whether made by the Union of India or by the States.

The law of domicile in India can be traced under the Indian Succession Act, 1925. The domicile under the provisions of the Act can be classified under the following categories:

(i) Domicile of origin,

(ii) Domicile of choice, and

(iii) Domicile by operation of law.

(i) Domicile of origin: Every person must have a personal law, and accordingly every one must have a domicile. He receives at birth a domicile of origin, which remains his domicile, wherever he goes, unless and until he acquires a new domicile. The new domicile, acquired subsequently, is generally called a domicile of choice. The domicile of origin is received by operation of law at birth and for acquisition of a domicile of choice one of the necessary conditions is the intention to remain there permanently. The domicile of origin is retained and cannot be divested until the acquisition of the domicile of choice. By merely leaving his country, even permanently, one will not, in the eye of law, lose his domicile until he acquires a new one. This proposition that the domicile of origin is retained until the acquisition of a domicile of choice is well established and does not admit of any exception .

(ii) Domicile of choice: The domicile of origin continues until he acquires a domicile of choice in another country. Upon abandonment of a domicile of choice, he may acquire a new domicile of choice, or his domicile of origin, which remained in abeyance, revives. The burden of proving a change of domicile is on him who asserts it. The domicile of origin is more tenacious. “Its character is more enduring, its hold stronger and less easily shaken off. The burden of proving that a domicile of origin is abandoned is needed much heavier than in the case of a domicile of choice. No domicile of choice can be acquired by entering a country illegally. The domicile of choice is a combination of residence and intention. Residence, which is a physical fact, means bodily presence as an inhabitant. Such residence must be combined with intention to reside permanently or for an unlimited time in a country. It is such intention coupled with residence that acquires him a new domicile. It is immaterial for this purpose that the residence is for a short duration, provided it is coupled with the requisite state of the mind, namely the intention to reside there permanently. If a man intends to return to the land of his birth upon a clearly foreseen and reasonably anticipated contingency, such as, the end of his studies, he lacks the intention required by law. His tastes, habits, conduct, actions, ambitions, health, hopes, and projects are keys to his intention. That place is properly the domicile of a person in which he has voluntarily fixed the habitation of himself and his family, not for a mere special and temporary purpose, but with a present intention of making it his permanent home, unless and until something (which is unexpected or the happening of which is uncertain) shall occur to induce him to adopt some other permanent home.

The only intention required for a proof of a change of domicile is an intention of permanent residence. What is required to be established is that the person who is alleged to have changed his domicile of origin has voluntarily fixed the habitation of himself and his family in, the, new country, not for a mere special or temporary purpose, but with a present intention of making it his permanent home. On the question of domicile at a particular time the course of his conduct and the facts and circumstances before and after that time are relevant.

(c) Domicile by operation of law. (Married women’s domicile): The rules of Private International Law in India are not codified and are scattered in different enactments such as the Civil Procedure Code, the Contract Act, the Indian Succession Act, the Indian Divorce Act, and the Special Marriage Act etc. In addition, some rules have also been evolved by judicial decisions. In matters of status or legal capacity of natural persons, matrimonial disputes, custody of children, adoption, testamentary and intestate succession etc. the problem in this country is complicated by the fact that there exist different personal laws and no uniform rule can be laid down for all citizens. The distinction between matters which concern personal and family affairs and those which concern commercial relationships, civil wrongs etc. is well recognised in other countries and legal systems. The law in the former area tends to be primarily determined and influenced by social, moral and religious considerations, and public policy plays a special and important role in shaping it. Hence, in almost all the countries the jurisdictional, procedural and substantive rules that are applied to disputes arising in this area are significantly different from those applied to claims in other areas. That is as it ought to be. For, no country can afford to sacrifice its internal unity, stability and tranquility for the sake of uniformity of rules and comity of nations which considerations are important and appropriate to facilitate international trade, commerce, industry, communication, transport, exchange of services, technology, manpower etc. This glaring Tact of national life has been recognised both by the Hague Convention of 1968 on the Recognition of Divorce and Legal Separations as well as by the Judgments Convention of the European Community of the same year. Article 10 of the Hague Convention expressly provides that the contracting States may refuse to recognise a divorce or legal separation if such recognition is manifestly incompatible with their public policy. The Judgments Convention of the European Community expressly excludes from its scope (a) status or legal capacity of natural persons, (b) rights in property arising out of a matrimonial relationship, (c) wills and succession, (d) social security, and (e) bankruptcy. A separate convention was contemplated for the last of the subjects.

The judicial interpretation of the concept of domicile in India is very clear. In Dr.Pradeep Jain v U.O.I the Supreme Court observed: “The entire country is taken as one nation with one citizenship and every effort of the Constitution makers is directed towards emphasizing, maintaining and preserving the unity and integrity of the nation. Now if India is one nation and there is only one citizenship, namely, citizenship of India, and every citizen has a right to move freely throughout the territory of India and to reside and settle in any part of India, irrespective of the place where he is born or the language which he speaks or the religion which he professes and he is guaranteed freedom of trade, commerce and intercourse throughout the territory of India and is entitled to equality before the law and equal protection of the law with other citizens in every part of the territory of India, it is difficult to see how a citizen having his permanent home in Tamil Nadu or speaking Tamil language can be regarded as an outsider in Uttar Pradesh or a citizen having his permanent home in Maharashtra or speaking Marathi language be regarded as an outsider in Karnataka. He must be held entitled to the same rights as a citizen having his permanent home in Uttar Pradesh or Karnataka, as the case may be. To regard him as an outsider would be to deny him his constitutional rights and to derecognise the essential unity and integrity of the country by treating it as if it were a mere conglomeration of independent States”.

In Dr.Yogesh Bhardwaj v State of U.P the Supreme Court observed: “Domicile’, being a private international law concept, is inapposite to the relevant provisions, having no foreign element, i.e., having no contact with any system of law other than Indian, unless that expression is understood in a less technical sense. An expression, which has acquired a special and technical connotation, and developed as a rule of choice or connecting factor amongst the competing diverse legal systems as to the choice of law or forum, is, when employed out of context, in situations having no contact with any foreign system of law, apt to cloud the intended import of the statutory instrument.

In Mr. Louis De Raedt v U.O.I the Supreme Court observed: “For the acquisition of a domicile of choice, it must be shown that the person concerned had a certain State of mind, the animus manendi. If he claims that he acquired a new domicile at a particular time, he must prove that he had formed the intention of making his permanent home in the country of residence and of continuing to reside there permanently. Residence alone, unaccompanied by this state of mind, is insufficient. The burden to prove that the petitioners had an intention to stay permanently in India lies on them. The fundamental right of the foreigner is confined to Article 21 for life and liberty and does not include the right to reside and settle in this country, as mentioned in Article 19(1)(e), which is applicable only to the citizens of this country. The power of the Government in India to expel foreigners is absolute and unlimited and there is no provision in the Constitution fettering this discretion. The legal position on this aspect is not uniform in all the countries but so far the law that operates in India is concerned, the Executive Government has unrestricted right to expel a foreigner”.

In Y. Narasimha Rao V Y. Venkata Lakshmi the Supreme Court observed: “As pointed out above, the present decree dissolving the marriage passed by the foreign court is without jurisdiction according to the Act as neither the marriage was celebrated nor the parties last resided together nor the respondent resided within the jurisdiction of that court. The decree is also passed on a ground that is not available under the Act, which is applicable to the marriage. What is further, the decree has been obtained by appellant 1 by stating that he was the resident of the Missouri State when the record shows that he was only a bird of passage there and was ordinarily a resident of the State of Louisiana. He had, if at all, only technically satisfied the requirement of residence of 90 days with the only purpose of obtaining the divorce. He was neither domiciled in that State nor had he an intention to make it his home. He had also no substantial connection with the forum”.

The law of domicile in India is crystal clear and is free from any ambiguities. However, there seems to be an ignorance of the concept in its true perspective in India among various States and their authorities. We at Perry4Law Organisation (P4LO) beleive that there is an urgent need to spread “public awareness” in this regard. Further, it would be a good startegy to formulate the domicile Policy of India by Central Government as soon as possible. We hope the Central Government would come up with the Indian Domicile Policy very soon.

Posted in Uncategorized | Leave a comment

Aarushi Murder Case Reflects Poor Cyber Forensics Usage By CBI And Defence Lawyers

Aarushi Murder Case Reflects Poor Cyber Forensics Usage By CBI And Defence LawyersVery few murder cases are as sensational and complex as is the Aarushi murder case. There are many loose ends and infirmities in the investigation of Aarushi murder case by the Central Bureau of Investigation (CBI). Although CBI claims to have successfully cracked the case yet public opinion in this regard is sharply divided. The aim of this article is not to discuss all the pros and cons of the decision of the lower court but a very specific aspect that has been ignored by CBI and even by the defense lawyers/lower court to a great extent. This aspect pertains to inadequate and improper usage of digital evidence and cyber forensics best practices by the CBI while conducting investigation and prosecution of the parents of Aarushi for her murder.

As per the cyber forensics trends and developments in India 2014, till now cyber forensics is not widely and appropriately used by the law enforcement agencies, lawyers, judges, etc in India. As a result most of the cyber criminals are either not prosecuted at all or they are acquitted in the absence of adequate evidence. Similarly, the truth of a crime can be revealed by using proper cyber forensics methodologies but the same is not possible till our law enforcement agencies use proper cyber forensics methods.

Another related issue is that the defense lawyers are also not pressing hard to use cyber forensics principles while defending their clients. If the defense lawyers produce convincing and admissible digital evidences based upon sound cyber forensics practices, the courts would be bound to accept the same. This would also force the public prosecutors and law enforcement agencies like CBI to strengthen their own cyber forensics and cyber crimes investigation capabilities.

In short, handling of digital evidence is a big challenge for the law enforcement agencies of India and lawyers/courts. We have already witnessed that cyber forensics issues have troubled our law enforcement agencies in Aarushi Talwar’s murder case, IPL Match Fixing case, Bitcoins websites investigation, Nokia’s tax violation case, Rajnath Singh Son’s case, Amrita Rai’s G-Mail account hacking case, etc. Indian government must seriously consider empowering law enforcement agencies of India with suitable trainings and technologies.

In the Aarushi murder case, CBI failed to use cyber forensics methodologies and digital evidence to prove the guilt of the accused beyond reasonable doubts. It is very important to maintain a “chain of custody” and “proper documentation” of the acquisition of such digital evidence and investigation authorities must ensure that the evidence acquired by them is “admissible” in a court of law.

Unfortunately, the lawyers of the convicted parents seem to have ignored the digital evidence that, if proved successfully, could easily lead to their acquittal. The same should be pressed before the High Court before it is too late. When stakes are high it is not a good strategy to ignore and exclude crucial areas that can strengthen a lawyer’s case.

At Perry4Law Organisation (P4LO) we believe that in the present times many scams, crimes and contraventions can be effectively solved using cyber forensics methods. Even the recent MPPEB/ Vyapam scam has raised interesting cyber forensics issues. Indian law enforcement agencies, lawyers and courts must understand the importance of the “forensically sound image” of the hard disk/digital media in question by using the bit by bit image method. Similarly, the strength and capabilities of cyber forensics laboratories operating in India must also increase and enhanced.

As far as Aarushi murder case is concerned, the same reflects a poor cyber forensics usage by CBI and defense lawyers and proper use of the same by either side may result in tilting of the case in its favour before the higher courts.

Posted in Uncategorized | Leave a comment

Telecom Security Policy Of India Is Urgently Needed

Telecom Security Policy Of India Is Urgently NeededMobiles and Internet are fast becoming part of Indian culture and day to day lifestyle. More and more people are connecting to the digital highway on daily basis and after some time a massive population would be using digital technologies for their daily chores. While this would bring many advantages and services for Indian population yet this would also raise many techno legal issues as well. As on date we have no techno legal framework to manage such issues. Even the Digital India project of India is heading towards rough waters due to its shortcomings and limitations.

Indian government’s choice for mobile governance is well understood but India is still not ready for mobile governance. The cyber security trends in India 2015 by Perry4Law Organisation (P4LO) have proved that India needs sound and robust mobile cyber security to survive the explosion of mobile usage in India. As on date Pakistan’s mobile communications security is much better than Indian mobile security.

It is equally important that the cyber security policy of India 2015 must be urgently formulated by Indian government. The National Cyber Security Policy of India 2013 (NCSP 2013) is a very weak policy document that cannot be relied upon for India’s growing cyber security requirements. A dedicated Telecom Security Policy of India is also required to manage telecom security related issues in India. Such telecom security policy must also address the unconstitutional e-surveillance issues that are rampant in India as on date. India has no dedicated privacy and data protection (PDF) laws as on date and this would create civil liberties issues in the near future.

The Telecom Security Directorate of India and National Telecom Network Security Coordination Board (NTNSCB) of India were also proposed by Indian government in the past but their actual constitution and working is still doubtful. It was also suggested that mobile service providers of India shall use Indian made SIM cards only. Cyber security awareness brochures in India were also mooted by Indian government in the past but its actual implementation is still missing. It was also mandated that Internet telephony and VOIP service providers must establish servers in India. The Intelligence Bureau (IB) of India has also expedited the testing of VOIP interception system in India.

It is obvious that telecom security related norms in India are more breached that complied with. Even the norms for import of telecom equipments in India have not been implemented in India. Huawei and ZTE are already facing telecom security related issues in India. Huawei was also accused of breaching national security of India by hacking base station controller in AP. India government is also using unconstitutional and illegal Central Monitoring System (CMS) for telephone tapping in India. In fact, Vodafone has confirmed that India has been using “Secret Wires” in the telecom infrastructure to indulge in e-surveillance. Indian Department of Telecommunications suppressed the whole incidence with a mere assurance of “investigation” that never made public so far.

We at Perry4Law Organisation (P4LO) recommend that a techno legal telecom security policy of India must be urgently formulated by Indian government. The same must include concerns arising out of areas like cyber law, cyber security, digital evidence, etc. We hope Indian government would do the needful in this regard as soon as possible.

Posted in Uncategorized | Leave a comment

Cyber Forensics Developments In India 2014

Praveen Dalal-Managing Partner Of Perry4Law And CEO Of PTLBPerry4Law Organisation (P4LO) and Cyber Forensics Research Centre of India (CFRCI) have already provided the Cyber Forensics Trends and Developments in India 2013 (PDF) and Cyber Forensics Trends and Developments in India 2014- Part I. In this work, P4LO and CFRCI would be discussing the Cyber Forensics Development of India 2014.

Indian Cyber Forensics Developments 2014 are as follows:

(1) Cyber Capabilities: The need to develop Cyber Crimes and Cyber Forensics Capabilities of India was felt in the year 2013 and the same continued in the year 2014 as well. However, both Cyber Crimes Investigations in India and Cyber Forensics Capabilities were not up to the mark in 2014. Nevertheless, it was felt by various stakeholders that Cyber Crime Investigation Trainings in India is urgently needed. Indian Government has also reiterated that a Cyber Crimes Prevention Strategy of India may be formulated very soon.

(2) Cyber Forensics Best Practices: P4LO and CFRCI recommended formulation of Cyber Forensics Best Practices in India in 2014. We also recommended formulation of dedicated Laws for Cyber Forensics in India. However, “Legislative Deficiencies” remained intact in 2014 as far as Cyber Forensics in concerned.

(3) E-Discovery: E-Discovery in India is another area that espoused interest among various stakeholders. However, E-Discovery Legal Issues in India are still missing till the end of 2014. Both Cyber Forensics and E-Discovery deserve separate and dedicated Laws that must be enacted in the year 2015.

(4) Police Modernisation: Modernisation of Police Force of India was on “Priority List” of Indian Government. Delhi Police has taken many significant technology oriented steps to ensure easy “Public Access” of Delhi Police’s Services to Delhi’s Citizens. Similarly, many States of India are in the process of establishing Online Systems where First Information Reports (FIRs) can be filed and accessed through Internet. Training of Police Officers of different States was also undertaken on a “Regular Basis” throughout the India in 2014 and the same would be continued in the year 2015 as well.

(5) Social Media: Investigation of Social Media Websites in India was a “Major Challenge” before Indian Government in the year 2014. Social Networking Law for India has always been a controversial topic. Even the Congress Government was in favour of having a Law for Social Media in India. The Home Ministry of India also expressed its intention to take legal actions against those posting “Objectionable Contents” on Social Media Websites and having adverse impact upon Indian Society or Law and Order.

We hope our readers and various stakeholders would find this Second Part of the Cyber Forensics Developments in India 2014 useful.

Posted in Uncategorized | Leave a comment

Prospective Cyber Security Trends In India 2015

Praveen Dalal-Managing Partner Of Perry4Law And CEO Of PTLBPerry4Law Organisation (P4LO) has already provided the cyber security trends and developments of India 2013 (PDF) and Cyber Security Trends and Developments in India 2014. In this work, P4LO and Perry4Law’s Techno Legal Base (PTLB) would be discussing the prospective Cyber Security Trends in India in 2015.

According to the research and analysis of Centre of Excellence for Cyber Security Research and Development in India (CECSRDI) managed by P4LO and PTLB, in the year 2015 we may face the following cyber security challenges in India:

(1) International Legal Issues: The international legal issues of cyber attacks and cyber security would significantly increase in the year 2015. In the absence of a universally acceptable International Cyber Security Treaty (PDF), the power tussle over Cyber Security Technology in forums like Wassenaar Arrangement would continue in the year 2015 as well. The Conflict of Laws in Cyberspace would further complicate the scenario and more reliance upon Mutual Legal Assistance Treaty (MLAT) would be there.

(2) State Sponsored Cyber Attacks: The state sponsored cyber attacks would also increase in the year 2015. This would include agencies and actors working on behalf of a state that is launching the cyber attack. Countries around the world are building cyber armies for this purpose and this trend may finally be a battleground for preventive defense and cyber counterstrike.

(3) Increased Malware: Malware like Stuxnet, Duqu, Flame, Uroburos/Snake, Blackshades, FinFisher, Gameover Zeus (GOZ), etc would further increase in the year 2015. India needs to develop offensive and defensive cyber security capabilities to tackle these malware. Cyber security breaches are increasing world over and India must be “cyber prepared” to deal with the same. The cyber security challenges before the Narendra Modi Government are not easy to manage and Indian Cyberspace must be protected on a “priority basis”.

(4) Cyber Espionage: Cyber espionage activities would also increase in the year 2015. The participating stakeholders in this regard would be state and big corporations that would try to steal sensitive information of their adversaries’ thorough stealth and sophisticated cyber attacks and malware.

(5) Cloud Computing: Use of cloud computing in India would be encouraged but it would not be used to the maximum possible extent due to regulatory issues. Further, privacy and data protection (PDF) issues would also reduce use of cloud computing in India in 2015. The Cyber Law Developments of India 2014 have also reflected this position.

(6) Mobile Security: Ensuring mobile security would be a tough task for Indian Government and various stakeholders in the year 2015. Indian Government is adopting mobile governance for various purposes. However, mobile cyber security in India and e-governance cyber security in India must also be kept in mind while relying upon mobile governance in India.

(7) Critical Infrastructures: Critical infrastructure protection is a big challenge for Countries around the world. Critical Infrastructure Protection in India (PDF) would be required in the year 2015 as India has launched projects like Digital India and Internet of Things (IoT) (PDF). Indian Government needs to work hard in this regard.

We hope our readers would find the prospective Cyber Security Trends of India 2015 useful.

Posted in Uncategorized | 9 Comments

Cyber Law Developments In India 2014

Praveen Dalal-Managing Partner Of Perry4Law And CEO Of PTLBPerry4Law Organisation (P4LO) has already covered the cyber law trends and developments in India 2013 (PDF). In this work, P4LO is discussing the cyber law developments of India 2014.

P4LO is managing a techno legal Cyber Crimes Investigation Centre of India (CCICI) that is providing unique cyber crimes related investigation, training and legal services. As per CCICI and P4LO, the cyber law trends and developments of India 2014 are as follows:

(1) Cyber Law Of India: The Information Technology Act, 2000 (IT Act 2000) still governs the cyber law of India and related issues. IT Act 2000 has become an outdated and draconian law that needs to be repealed. The telegraph and cyber law of India remained outdated, colonial and draconian in the year 2014 as well.

India must ensure techno legal measures to regulate Indian cyberspace. Similarly, regulations and guidelines for effective investigation of cyber crimes in India is also need of the hour. The Indian Government has assured in the year 2014 that the IT Act 2000 could be amended to accommodate e-commerce concerns.

(2) Cyber Crimes Prevention Strategy: Cyber crimes have significantly increased in India in the year 2014. Reacting to the same, Indian Government has now decided to formulate a cyber crimes prevention strategy for India. However, till the end of December 2014, the proposed strategy has not been formulated.

(3) Cyber Crimes Investigation Training: with increased cyber crimes in India, a need was felt to provide cyber crimes investigation training to law enforcement agencies of India. We at P4LO and CCICI believe that India needs to enhance cyber crimes investigation capabilities so that cyber crimes can be effectively tackled. Similarly, modernisation of police force of India is urgently needed with a special focus upon techno legal skills development for them.

(4) Encryption Laws: Almost three years back the Standing Committee on Information Technology pulled Department of Telecommunication (DOT) over encryption issues. However, dedicated encryption laws in India remained missing in the year 2014 as well. The encryption laws and regulations in India need clarity. Legal risks for websites development companies in India would also increase due to improper use of encryption for such websites. A dedicated encryption policy of India (PDF) and techno legal encryption law in India is need of the hour.

(5) International ATM Heist: Recently, the RAKBANK and Bank of Muscat Oman became victims of international ATM heist. The hacking prompted authorities in the US and Europe to launch an international manhunt. Authorities made arrests soon after in Germany and the US, and most of the money was recovered. The Computer Emergency Response Team (CERT) of India has even started investigation in this international ATM heist case as it has Indian connections as well. The Karnataka police have speeded up their investigation into the international ATM heist case and it has been investigating the possible involvement of Enstage software’s staff in this regard.

(6) Corporate Scam Investigations: Although the Indian Companies Act, 2013 (PDF) has been formulated to curb corporate frauds yet a dedicated fraudulent MLM regulations is need of the hour. The powers of Serious Fraud Investigation Office (SFIO) were also enhanced so that they can effectively deal with corporate frauds and crimes in India. SEBI has also notified the Securities and Exchange Board of India (Procedure for Search and Seizure) Regulations, 2014 (PDF). The Economic Offences Wing (EOW) of the Mumbai Police has also speed up Rs 425 Crore QNet Scam Investigation.

(7) Cyber Insurance: Cyber insurance in India has become a reality in the year 2014 and many companies and individuals have started taking cyber insurance policies in India. However, the business of cyber insurance would raise many novel techno legal issues in this regard that all stakeholders must be well prepared to deal with.

(8) Cloud Computing: The cloud computing legal issues in India are still not clear and this has resulted in limited adoption of cloud computing in India in the year 2014. The cloud computing legal and regulatory requirements in India for businesses and entrepreneurs must be analysed in advance before launching a project. Cloud computing service providers in India are Internet intermediary within the meaning of IT Act, 2000 and they are also required to comply with cyber law due diligence requirements (PDF).

(9) E-Mail Policy: The e-mail policy of India has still not been implemented despite strict warnings by Delhi High Court. So bad is the situation that the Delhi High Court has accused central government of sitting over e-mail policy of India. The Delhi High Court has also directed Central Government to issue notification regarding electronic signature under Information Technology Act 2000. The encryption policy of India is also missing till date though it is need of the hour. However, Madhya Pradesh has given legal recognition to e-mail communications among Government Departments.

(10) Online Payments: Online and mobile payments witnessed an increase in India in the year 2014. However, legal and regulatory issues were not taken seriously by various mobile payment providers in India in 2014. There are many legal issues of e-commerce in India that various online payment service providers of India must comply with. P4LO has already specified the cyber law due diligence requirements for Paypal and online payment transferors in India. Similarly, we have also outlined the e-commerce and online business legal compliances for online payment market of India. Further, payment gateway and POS terminal services providers must also keep in mind the cyber law due diligence requirements in India.

(11) Online Gambling In India: Online gambling laws in India remained in a state of suspension in the year 2014. Online gambling in India is still punishable in almost all of the cases with few selective exceptions. The matter is pending before the Supreme Court of India and it has referred the matter for the opinion of Central Government. However, the Central Government has not given a conclusive opinion on this issue so far and the matter has been postponed for hearing in the month of January 2015.

(12) Illegal Online Pharmacies: Illegal online pharmacies operating from India were in news throughout the year 2014. Maharashtra FDA has even requested the Central Government to formulate policy regarding online pharmacies operating in India. Many online pharmacies websites in India are controlled by underworld and organised criminal networks. Illegal online pharmacies are on hit list of Google and Federal Authorities of United States.

There are many legal requirements that online pharmacies operating in India are required to comply with. However, most of the online pharmacies operating in India are not following these laws and regulations. As a result they are incurring and exposing themselves to various forms of legal risks.

(13) Websites Blocking In India: Websites blocking in India was another development that resulted in many protests as well. For instance, Tamil website Savukku was ordered to be blocked by Madras High Court. However, immediately after the blocking of the Savukku website, it became available through proxy servers making the blocking redundant. In the year 2013, the Indian Government blocked 39 Internet sites on ground of pornography. The Supreme Court of India also sought the response of Indian Government in this regard in 2013. However, Indian Internet Service Providers (ISPs) told the Supreme Court that they cannot block pornographic websites unilaterally and voluntarily.

(14) Bitcoins: The legality of bitcoins in India was a major questioning the year 2014. The Enforcement Directorate (ED) searched and raided few Bitcoin exchanges to see whether they were violating Indian laws or not.  ED believed that Bitcoins can be used for criminal activities including money laundering, hawala transactions and funding of terrorist activities. Indian Laxmicoin had even sought clarifications from regulatory authorities of India before its launch. We at P4LO and CCICI believe that Bitcoin Exchanges operating in India must comply with Indian Laws to be legal and safe. Cyber attacks also targeted Bitcoin users and Bitcoin Exchanges in the year 2014. According to some reports, Bitcoin website Mt. Gox’s disappeared due to sophisticated cyber attacks and stealing of Bitcoins.

(15) Mobile Applications: Mobile applications also saw a tremendous increase in India in 2014. However, most of the mobile application developers are violating Indian Laws and may be prosecuted in future.

P4LO and CCICI hope that our readers and various stakeholders would find this cyber law development in India 2014 research work useful.

Posted in Uncategorized | 5 Comments