Archive for ◊ March, 2014 ◊

• Wednesday, March 19th, 2014

PRAVEEN DALAL MANAGING PARTNER OF PERRY4LAW AND CEO OF PTLBWhat constitutes National Security? There are no simple and straight forward answers to this complex question. We cannot say that National Security is an “Internal Security” aspect. Further, we also cannot claim that National Security is a protection mechanism against “External Aggressions”. Even “Border and Territorial Protection” by Armed Forces is also not National Security. The reason is because National Security is not an isolated concept but a “Homogeneous Mixture” of various aspects of Security.

In my personal opinion, a simple definition of National Security can be “The Protection of Economical, Political, Social, Territorial, Sovereign and Technological Interests of a Nation from Internal and External Aggression and Threats emanating from State and Non State Actors in both Physical Territories and Cyberspace”. We have already covers territories belonging to Land, Air, Sea and Outer Space in this regard. And to some extent we have also covered Cyberspace as well. However, there is no International Treaty or Convention that Covers the National Security aspects in “Totality and in Comprehensive Manner”.

India has recently decided to formulate a comprehensive National Security Policy. However, by past experience it would not be wrong to presume that such Policy would not be formulated for at least few more years. Further, its “Actual Implementation” may be delayed for even Five years. But the most important aspect of the proposed National Security Policy is that it must be “Comprehensive and Holistic” in nature.

Thus, the National Security Policy of India needs Techno Legal Boost. Any suitable and effective National Security must cover “Technology Issues” as well. For instance, Cyber Security and Telecom Security must be essential part of any National Security Policy. The Cyber Security Trends of India 2013 (PDF) have proved that these aspects have not been taken care of by Indian Government so far. It is only now that the National Security Council (NSC) has proposed some Cyber Security Measures for India. However, these measures are not going to make much difference in the otherwise ailing Cyber Security of India.

The Critical Infrastructure Protection in India (PDF) has to be further strengthened. Recently it was decided that NTRO would protect the Critical ICT Infrastructures of India. The National Infrastructure Protection Plan for Thermal Power Sector of India has already been proposed and this is a good step. A Tri Service Cyber Command for Armed Forces of India is also in pipeline. The Cyber Attacks Crisis Management Plan of India must also be implemented as soon as possible. Further, the National Cyber Coordination Centre (NCCC) of India must be “Made Functional” as soon as possible.

A Techno Legal Cyber Security Law of India must also be formulated as soon as possible. Such Law must ensure Cyber Security Breach Disclosures on the part of various Telecom and other Companies and Individuals. Just like past promises, the commitment to formulate a legislation mandating strict Cyber Security Disclosure Norms in India has been kept in deep freezer. There is an urgent need to ensure Mandatory Cyber Security Breaches Notification in India as non disclosures would result in Serious Cyber Security Issues for India. “Soft Requests” and “Self Regulations” for Cyber Security Breach Disclosures would not be helpful in the long run.

Target Corporation is already Facing Numerous Litigations for failure to take proper Cyber Due Diligence once it was aware of the Data and Cyber Security Breach. There are clear hints that Cyber Litigations against Foreign Websites would Increase in India in the near future and Cyber Due Diligence cannot be ignored by Indian Companies anymore.

Recently the Telecom Department’s Security Chief Ram Narain said that Telecom Companies are mandated by License Conditions (PDF) to share information on “Potential Cyber Threats”. Besides, the National Telecom Security Policy of India may impose more “Stringent Obligations” than the Licence Conditions. As the Foreign Telecom Companies are facing the heat of Cyber Security and Telecom Security in India, this is a good opportunity for Indian Telecom Companies to extend their commercial base in India. India has been planning to undergo Technological Upgrade of Border Broadcast Infrastructure due to Chinese broadcasts. The Telecom Commission Cellular Loop’s Proposal would also strengthen Mobile Based Surveillance on National Security Grounds in India.

It would not be an easy task to formulate Techno Legal National Security Policy of India. Even if the same is formulated, its actual implementation would be a herculean task for Indian Government. Nevertheless, it is a good step on the part of Indian Government to work on such Policy and take adequate and necessary action in this regard.

Category: Uncategorized  | Comments off
• Monday, March 17th, 2014

Health, Food And Medicine Related Legal Compliances In IndiaThe laws pertaining to food, health and medicines are fast changing but the businesses dealing in them are very slow in adapting with them. As more and more businesses are making their online presence felt, the food and health laws are frequently violated. When e-commerce model is used to sell food, health and medicines in an online environment, many complicated techno legal issue arise.

For instance, fields like online pharmacies, ayurveda, healthcare technology, nutraceuticals, e-health, m-health, telemedicine, etc require compliance with techno legal requirements as prescribed by various legislations of India. These include compliance with laws like Prevention of Food Adulteration Act, 1954 and Rules 1955 (PDF), Food Safety and Standards Act, 2006 (PDF), information technology act, 2000, etc.

When business is done through e-commerce mode, cyber law, cyber security and data security compliances are also required to be taken care of. Internet intermediary liability and cyber law due diligence (PDF) must be taken care of beforehand before launching a website in these fields. The position has become so clear now that cyber due diligence cannot be ignored by Indian companies anymore.

For instance, take the example of Target Corporation that faced cyber attacks and data breach recently. For reasons best known to Target, it failed to take remedial action in this regard. Now target is facing litigation threats around the world and it may be prosecuted in India as well very soon for failing to comply with techno legal requirements of applicable Indian laws.

The position is fast changing in developed nations. The European Union has even suggested measures to strengthen privacy and data rights of its citizens. India also cannot ignore these issues anymore and sooner or later regulatory authorities would question the non compliance on the part of food, health and medicine websites operating in India.

Clinical establishments operating in India are also required to comply with the requirements of the Clinical Establishments (Registration and Regulation) Act 2010 (PDF) and the Clinical Establishments (Central Government) Rules 2012 (PDF). Further, Recommendations on Electronic Medical Records Standards in India (PDF) have also been prescribed that have to be followed and complied with by Indian clinics and healthcare professionals of India.

The legal risks for developer and owners of food, healthcare and medicine related websites cannot be ignored. Further, mobile medical devices and handsets and their respective applications must also be in strict conformity with Indian laws. Medical device makers, software providers and medical fraternity of India must also keep in mind the encryption laws of India and cloud computing related compliances of India.

Category: Uncategorized  | Comments off
• Sunday, March 02nd, 2014

Tamil Website Savukku Now Available With Proxy URLs Making The Proposed Blocking Of Website RedundantRecently the Tamil website Savukku was ordered to be blocked by Madras High Court. Although the process has not been completed yet the website is available with proxy URLs making the entire judicial exercise redundant. This is how technology works and the judiciary must also keep this aspect of technology in mind while ordering blocking of websites.

The website in dispute is now also available under proxy URLs in varying forms of the name of the HC judge who gave the order. This practically means that even if the department of electronics and information technology (DeitY) blocks the disputed website, the same would be openly available and accessible to public at large. Further, if the website is blocked at the server level, the owner of the website can reload the contents if he maintains a data backup.

Another problem in this regard is the conflict of laws in cyberspace that would make the order of the Madras High Court redundant. For instance, if the disputed website is rehosted on a server located in a foreign jurisdiction, the order of the Court may not be enforced so readily. Even if the order is enforced it would take considerable period of time making the entire exercise futile.

The mutual legal assistance treaty (MLAT) is also not fruitful in all cases. Recently United States refused to serve Indian summons upon U.S. companies and this problem is often faced during conflict of laws in cyberspace. Although some development in this field has taken place after the establishment of Indo-American Alert, Watch and Warn Network for real time information sharing in cyber crime cases yet the position has remained the same so far.

India urgently needs a techno legal framework to manage cyberspace issues in general and conflict of laws in cyberspace in particular. Otherwise the judicial decision would not serve any purpose at all.

Category: Uncategorized  | Comments off