Monthly Archives: July 2013

Cyber Law Due Diligence For European Business Would Be The New Trend

Cyber Law Due Diligence For European Business Would Be The New TrendCyber law due diligence in India is well known though a majority of Indian entrepreneurs operating e-commerce and online businesses are openly flouting the same. This may be due to ignorance of due diligence requirements of India or due to the fact that Indian government has not started punishing the violators yet. As a result e-commerce frauds, offences and crimes have significantly increased in India.

On the other hand other jurisdictions are taking good interest in tackling the violations by various online communities and entrepreneurs. For instance, United States has shut down 1677 illegal online pharmacies websites. Similarly, the European Union has declared that any business found to be engaging in hacking or any other cyber crime would be closed down.

This is a serious threat to those businesses that depend primarily upon unethical and illegal activities to survive. Similarly, this is also a warning note to those businesses that do not give proper attention to cyber law and cyber security requirements.

As per the new EU framework, member states must take necessary measures to make sure that firms who indulge in any kind of cyber crime can now be held accountable. The rules allow member states to serve punishment even if an employee carried out hacking without bosses’ knowledge. This is more on the lines of “strict liability” that business houses and owners must keep in mind.

Similarly, this would also require the businesses to appoint chief information officers and chief technology officers so that their business interests can be adequately safeguarded. In India this appointment of CIO has been made mandatory for the banks of India by Reserve Bank of India (RBI). However, till now banks of India are not following this requirement.

However, EU is not indifferent like India regarding cyber crimes and cyber law due diligence requirements. The proposed framework has prescribed sanctions that include exclusion from entitlement to public benefits or aid; temporary or permanent disqualification from the practice of commercial activities; placing under judicial supervision; judicial winding-up; temporary or permanent closure of establishments which have been used for committing the offence, etc.

Of late cyber attacks against critical infrastructure of EU countries have increased a lot. These are not ordinary attacks but are very sophisticated malware attacks that require urgent attention of EU regulators. The present framework may be the result of these growing cyber attacks.

National Cyber Security Policy Of India Has Failed To Protect Privacy Rights In India

PRAVEEN DALAL MANAGING PARTNER OF PERRY4LAW CEO PTLBThe National Cyber Security Policy (NSCP), 2013 has listed many Objectives that Indian Government wishes to pursue to protect the Cyber Security Interests of India. However, from the very beginning the NCSP is facing Implementation Hurdles. The NCSP is also not holistically drafted as it is in active conflict with other Projects and Initiatives of Indian Government.

For instance, consider the example of the Central Monitoring System (CMS) Project of India. The CMS Project has been launched without any Parliamentary Oversight and Legal Framework. The problem has been further aggravated due to absence of Lawful Interception Law and Privacy Laws in India. The net effect of this situation is that Indian Government and its Agencies can do willful e-surveillance and phone tapping without any Parliamentary Oversight and Judicial Scrutiny.

Similarly, the Unconstitutional Aadhaar Project has already been Challenged before various High Courts in India. Aadhaar Project has serious Cyber Security and Data Security Issues that are still unresolved. The truth is that Biometric Collection in India is done in an Illegal and Unconstitutional Manner as on date.

So we have all sorts of private and sensitive personal and biometric information lying openly with Indian Government and its Agencies without any sort of Check and Balances. In these circumstances the claims of Privacy Protection by the NCSP of India have to be judged.

The NCSP claims that it aims at enabling protection of information while in process, handling, storage and transit so as to safeguard privacy of citizen’s data and for reducing economic losses due to cyber crime or data theft. The Policy is silent as to how it would be able to do so. The Policy is also silent as to how it would Balance the Civil Liberty and National Security Requirements while enforcing Indian Cyber Security.

The present Mental Framework of Indian Government as well as the Regulatory Regime of India is “Anti Privacy” and “Anti Civil Liberty” in nature. Despite contrary media claims, the NSCP has maintained this position and Status Quo.

In nutshell, the NCSP of India has failed to protect Privacy Right of Indian Citizens. Rather, accompanied with Projects like CMS, Aadhaar, etc it would be actually violating the same. Let us wait for its actual implementation to see its true effect upon Civil Liberties Protection in Cyberspace.

National Cyber Security Policy (NSCP) 2013 Of India Declared But Much Still To Achieve

National Cyber Security Policy (NSCP) 2013 Of India Declared But Much Still To AchieveThe much awaited national cyber security policy of India has been finally declared by Indian government. It has incorporated many good policy decisions that can go a long way in improving the cyber security of India.

However, till it is made operational and is actually implemented, it would remain mere paper work. Thus, the real challenge is to make the National Cyber Security Policy 2013 operational at the ground level. Similarly, there are many more techno legal issues that a good and holistic cyber security policy must incorporate. Indian cyber security policy is still deficient on many counts. Nevertheless this is a good effort in the right direction.

Some of the areas covered by the policy include cyber security skills development, cyber crisis management plan, critical infrastructure protection, preferential treatment to domestic hardware software, security issues of IT equipments, engaging in public private partnerships to strengthen cyber security of India, etc.

The National Cyber Security Policy 2013 also aims at protecting information and building capabilities to prevent cyber attacks. It has also rightly touched the aspects of global cooperation and coordination in the cyber security field.

The objectives of the NCSP 2013 include creation of a cyber ecosystem in the country, encouraging open standards, strengthening of regulatory framework, securing e-governance services, critical infrastructure protection, promotion of research and development in cyber security, spreading cyber security awareness, providing fiscal benefits to businesses for adoption of standard security practices and processes, developing effective public private partnerships and collaborative engagements through technical and operational cooperation.

The policy calls for developing a dynamic legal framework and periodically reviewing it to address the cyber security challenges arising out of technological developments in cyber space.

The policy plans to operate a 24X7 national level computer emergency response team to function as a nodal agency for coordination of all efforts for cyber security emergency response and crisis management.

We would cover various aspects of NCSP 2103 in great detail in our subsequent posts.