Monthly Archives: October 2013

India Must Ban Gmail And Yahoo E-Mails For Official Communications

India Must Ban Gmail And Yahoo E-Mails For Official CommunicationsFor too long companies like Google have been denying to follow the laws of India by citing its own governing laws and policies. There are many reasons why companies like Google can take Indian laws and Indian cyber security for granted. The chief among them is lack of a strong and effective techno legal framework to regulate companies like Google.

Technology companies like Yahoo, Google, etc have been accused of providing a direct entry to the intelligence agencies of United States into their servers and data centres. Similarly, intelligence agencies like national security agency (NSA) are covertly gaining access to the data centres of Google, Yahoo, etc.  James Clapper, the director of NSA, has also confirmed that NSA is targeting foreign nationals, including Indians, for e-surveillance and eavesdropping activities of NSA.

India is a late entrant in the field of cyber security and it is only now that the cyber security policy of India has been formulated. Now Indian government is trying to cover the field step by step. In a move to safeguard its critical and sensitive data and to minimise external spying, the government announced that it could ban e-mail services such as Gmail and Yahoo for official communications by December this year. The government had declared that all official communications will take place through the National Informatics Centre (NIC’s) email service.

The Department of Electronics and Information Technology (DEITY) is currently drafting a policy on e-mail usage for government offices and departments and the policy is almost ready. The policy seeks to protect the large amount of critical government data and is expected to cover about 5-6 lakh Central and State government employees for using the email service provided by NIC.

The new initiative was recommended by a section in the government, especially intelligence agencies, over use of email services, provided by the US-based firms having their servers located in overseas locations, making it difficult to track if sensitive government data is being sneaked into. They have even recommended establishment of servers in India by Internet telephony and VOIP service providers in India.

Companies like Google, Yahoo, etc must also be asked to establish their respective servers in India so that Indian laws can be given effect to maximum extent. Presently, Google has been refusing to entertain legally valid requests from Indian law enforcement agencies and Indian attorneys.

Meanwhile, the BRICS nations, Brazil, Russia, India, China and South Africa, are building their own high-speed Internet free of the U.S. influence. Tech firms have started massive lobbying in Brazil to stall a legislation that may force Google, Facebook and other Internet companies to store locally gathered data inside Brazil. India is also required to formulate strict techno legal legislations that can force the companies like Yahoo, Google, Microsoft, Facebook, etc to compulsorily establish servers and technology infrastructure in India. While doing so the lobbying by these technology companies must not be given any importance in India as it has already caused big loss for Indian cyberspace.

When both U.S. technology companies and U.S. government are ignoring complying with Indian laws and even the mutual legal assistance treaty (MLAT) between U.S. and India has proved to be mere sham, there is no sense in delaying enactment of a techno legal framework in this regard.

Cyber Security Of E-Governance Services In India Is Needed

Lock backgroundElectronic governance (e-governance) is a valuable tool in the hands of Indian government to deliver public services in an economic, transparent and accountable manner. Presently there is no dedicated legal framework for e-governance in India.

Similarly, there is no law that can ensure compulsory e-delivery of public services in India. The proposed draft electronic delivery of service bill, 2011 of India is yet to become an applicable law and binding obligation upon central government and state governments.

Naturally, e-governance in India is dying and Indian government has to do a good amount of hard work to keep it alive. There are many hurdles before the successful implementation of e-governance projects in India. However, nothing is more dangerous and more worrisome than implementing the e-governance projects of India without adequate cyber security.

Cyber security of e-governance projects of India is still not contemplated by Indian government. This can be well understood as when even implementation of e-governance is in poor state one cannot expect safe and cyber secure e-governance services in India.

Indian government has recently admitted that it acted very late for drafting the cyber security policy of India 2013. Even the cyber security policy is deficient on many counts. Further, actual implementation of the cyber security policy of India is still to be achieved that would be a mammoth task in the absence of adequate cyber security expertise.

Indian government has been repeating mistakes after mistakes even if it is warned much in advance. For instance, Indian government is adamant on wasting public money on illegal and unconstitutional projects like Aadhaar. After wasting many crores Indian money, it is only now that the Supreme Court of India has declared that Aadhaar card is not mandatory for availing public services in India.

Similarly, Indian government is pushing mobile banking without realising its risks and without ensuring sufficient mobile banking cyber security in India. We do not have any mobile payments cyber security in India as on date. Mobile frauds and online banking frauds have increased tremendously and cyber crime conviction rates in India are almost none. India is not ready for mobile governance as on date and even mobile governance and e-authentication in India needs to be ensured.

Private banks are implementing online banking related projects in India without any cyber law due diligence and proper project appraisal. Recently, the ICICI bank has launched an initiative titled Pockets that allows transfer of funds through a Facebook account. Initiatives like these are not in strict compliance with the cyber and banking laws of India. The ICICI bank’s pockets initiative may be insecure and violative of Indian laws.

Luckily, the Reserve Bank of India has made the security and risk mitigation measures for card present transactions in India enforceable from 1st October, 2013. This has put the onus of secured card transactions upon banks and they cannot fool the victims’ customers in this regard.

Cyber security in India must be improved so that public services can be better delivered through the mode of e-governance and mobile governance. Similarly, cyber security legal practice must be encouraged and developed in India so that cyber crimes and cyber security related breaches can be properly prosecuted.

Indian government is also required to formulate adequate e-governance cyber security policies for India and implement the same in true letter and spirit. Till then relying upon Indian e-governance services, barring few exceptional ones, is a risky proposition and must be avoided.