National Cyber Security And Coordination Centre (NCSC) Of India Under Consideration

Shri. Ravi Shankar Prasad, Minister of Telecommunications and Information TechnologyCyber security has never been a priority for Indian government. The cyber security trends and developments in India 2013 (PDF) have depicted this sad position of India cyber security. At this stage when the national cyber security issues are ignored by India it is very difficult to manage international legal issues of cyber attacks. The conflict of laws in cyberspace has added their own techno legal complicities to this situation. As a result India is considered to be a soft target and sitting duck in cyberspace.

Now there are some positive reports that cyber security in India would be strengthened. Cyber security has been made part and parcel of a larger initiative known as “Digital India”. In the past, a National Cyber Coordination Centre (NCCC) of India was proposed by Indian government. However, it remained on books alone as it was never constituted till now.

In January 2014 the Congress Government decided to launch the NCCC. However, NCCC never saw the light of the day. Now BJP Government is planning to launch the NCCC very soon. We at Perry4Law and Perry4Law’s Techno Legal Base (PTLB) welcome this move of Narendra Modi Government. There would be inter-ministerial discussions, before sending the proposal to the Cabinet. The Government is expected to send the proposal to the Cabinet in the next 15 days.

The NCCC proposal is a significant development as both NCCC and the National Critical Information Infrastructure Protection Centre (NCIPC) of India have failed to function properly so far. This has severely impacted the critical Infrastructure Protection in India (PDF). Perhaps, this is a good time to formulate Critical ICT Infrastructure Protection Policy of India as well. As an interim measure, it has been decided in the past that NTRO would protect the Critical ICT Infrastructures of India. A Tri Service Cyber Command for Armed Forces of India is also in pipeline.

Some policy decisions in the field of cyber security have already been taken by Congress Government. These include constitution of NCCC and NCIPC, formulation of a National Cyber Security Policy of India 2013 (NCSP 2013) and National Infrastructure Protection Plan in Thermal Power Sector of India, etc. The BJP Government is not doing anything new but making the efforts to implement exiting projects of Congress Government.

Of course, BJP Government can formulate and implement a working Cyber Attacks Crisis Management Plan of India, Cyber Warfare Policy of India (PDF), etc. Internet is full of unprotected and unsafe devices, SCADA Systems and computers and India has her own share of such unprotected devices. Cross border cyber crimes are also difficult to trace and resolve. The proposed NCCC and NCIPC would come handy in many cyber situations and we welcome the move and efforts of Shri. Ravi Shankar Prasad, Minister of Telecommunications and Information Technology in this regard.

Global Crackdown On Malware Blackshades Results In 90 Arrests Globally

Global Crackdown On Malware Blackshades Results In 90 Arrests GloballyHuman beings are the weakest link in cyber security chain and this was once again proved during the latest crackdown upon crackers and cyber criminals using the malware Blackshades. There were 700,000 estimated victims, whose computers have been hijacked by criminals using the Blackshades software. The crackdown was organised by law enforcement agencies of 19 countries around the world. This has also resulted in the arrest of 90 accused for allegedly using the malware. Among those arrested, in Moldova, was a Swedish hacker who was a co-creator of Blackshades.

Blackshades is another remote administration tool (RAT) that can compromise victim’s security and covertly activate his/her webcam. The modus operendi of infecting a victim’s computer is use of age old social engineering tactics using e-mail and other forms of electronic messages. Sending of a malicious link through e-mail and luring the victim to click the same is a common form of cyber attack that is very prevalent these days. Users of Blackshades also utilised this technique besides physically installing the malware wherever possible. The malware was used to commit various cyber crimes ranging from extortion to bank fraud.

Last week, watching it all play out were about two dozen FBI cyber crime investigators holed up in the New York FBI’s special operations center, high above lower Manhattan.  Rows of computer screens flickered with updates from police in Germany, Denmark, Canada, the Netherlands and elsewhere. Investigators followed along in real time as hundreds of search warrants were executed and suspects were interviewed. The sweep, capping a two-year operation, is one of the largest global cyber crime crackdowns ever. It was coordinated so suspects didn’t have time to destroy evidence.

Malware like Blackshades are successful because many computer users do not update anti-virus software. Many click on links sent in messages on social media sites such as Facebook, or in email, without knowing what they are clicking on. In seconds, malware is downloaded. Often computer users have no idea infection has taken place.

Cyber Security Laws In India Needed

Cyber Security Laws In India NeededThe correlation between a legal framework and cyber security is not difficult to anticipate and conceptualise. Cyber security compliances require adherence to certain well established legal principles. The moment a cyber security breach occurs; many legal issues and compliance requirements are automatically invoked.

For instance, in a typical cyber attack, it becomes imperative to ascertain and find the originator of such attack. The requirements to engage in first instance analysis, e-discovery and cyber forensics also arise due to such cyber attack. The reporting requirement to the compliance and regulatory authorities also arise.

However, none of this applies to Indian companies and individuals that are facing cyber attacks no matter howsoever sophisticated and damaging such cyber attack are. In India companies and individuals are not reporting cyber security breaches and attacks to the government and its agencies. The cyber security trends and developments in India 2013 (PDF) short listed all these shortcomings of Indian cyber security initiatives.

The Indian government has in the past declared that cyber security breach disclosure norms of India would be formulated very soon. However, till now no action has been taken in this regard and companies and individuals are still not reporting cyber security breached to Indian government and its agencies.

For instance, cyber crimes and cyber attacks against banks of India is a very common phenomenon in India. However, banks of India are not only lax while maintaining cyber security but they are also not disclosing such cyber crimes and cyber attacks due to fear of adverse publicity and regulatory penalties. This is creating more problems for the bank customers in general and banking cyber security in India in particular.

The Information Technology Act, 2000 (IT Act 2000) is the sole cyber law of India. However, it is not capable of forcing the companies and individuals to disclose cyber security breaches and cyber crimes. Nevertheless, the rules under the IT Act, 2000 prescribe cyber law due diligence (PDF), internet intermediary liability, reasonable cyber security practices, etc. they indirectly cover some aspects of cyber security disclosure norms. But they are not sufficient to meet the demands of present times.

Indian Parliament needs to enact a dedicated cyber security law of India that can cater all these regulatory and compliance requirements. Such a law needs to take into consideration techno legal requirements of cyber security. The sooner such a law is enacted the better it would be for the national interest of India as cyber security is an essential and integral part of the national security policy of India.

Cyber Attacks Are Targeting Bitcoin Users And Bitcoin Exchanges

Cyber Attacks Are Targeting Bitcoin Users And Bitcoin ExchangesCyber crimes and cyber attacks have taken a professional shape unlike traditional hobby based exercises. Now we have well organised crime syndicates that try their hands on anything that is lucrative and profit making. The latest to add to this list is the Bitcoins. The Bitcoins users are facing increased cyber attacks around the world and stealing of Bitcoins has become a normal phenomenon these days.

The Bitcoin exchanges around the world are facing numerous challenges. These include challenges from the point of view of laws, technical aspects, cyber security, etc. In India the Reserve Bank of India (RBI) issued an advisory cautioning Bitcoin users and Bitcoin exchanges of India of potential legal and security risks.

Cyber criminals have also realised the significance of Bitcoins as a potential virtual currency of the future. They have been using novel methods to steal Bitcoins from innocent users. In the absence of appropriate cyber security awareness and inadequate cyber security safeguards, Bitcoins ate stolen very frequently.

Third party applications are now bundled with illegal Bitcoins miners. .Recently, the E-Sports Entertainment LLC (ESEA) entered into a consent judgment for creating ESEA Botnet and violation of U.S. laws. Cyber criminals have also infected hundreds of thousands of computers with a malware known as “Pony” to steal Bitcoins and other digital currencies.

Thus, cyber security of Bitcoins exchanges and personal computers of Bitcoin users holding their virtual currency is a real challenge. Let us see how this highly volatile virtual currency would survive the sophisticated cyber attacks in the future.

Tri Service Cyber Command For Armed Forces Of India In Pipeline

Tri Service Cyber Command For Armed Forces Of India In PipelineCyber security in India is not upto the mark and as per the expectations. While the cyber attacks are becoming very targeted and highly sophisticated yet India has not made even the most basic efforts to secure its cyberspace. The cyber security trends and developments in India 2013 provided by Perry4Law and Perry4Law’s Techno Legal Base (PTLB) has also outlined many crucial issues (PDF) that are missing from Indian cyber security initiatives.

For instance, India has no cyber warfare policy. A dedicated cyber warfare policy of India (PDF) must be formulated as soon as possible. Similarly, the critical infrastructure protection in India and its problems, challenges and solutions (PDF) are still to be looked into with great priority. It is only now that India has declared that NTRO would protect the Critical ICT Infrastructures of India.

Similarly, a cyber command for Armed Forces of India was in pipeline for long. Now some progress in this regard has taken place. It has been reported that to counter various forms of cyber attacks, India would soon set up a tri-service cyber command. This development was long due but there was little progress in this regard.

The ministry of defence has a draft on the subject ready which the cabinet committee on security, headed by the prime minister, would be taking up for discussion in the days to come. A note for the cabinet committee on security has been prepared for setting up the tri-service cyber command.

Sources said the office of the chairman, chief of staff committee, has written a detailed note to defence minister AK Antony regarding setting up cyber command. Officials, privy to drafting the cabinet note, have explained that the need to have a cyber command has been felt for a long time, as the cyber security infrastructure of India is “weak”.

This is evident from recent incidents of cyber attacks on India. Last year, Chinese hackers broke into sensitive computer systems at the headquarters of the Eastern Naval Command in Visakhapatnam, where the indigenous nuclear submarine Arihant has been undergoing sea trials.

Recently, Defence Research and Development Organisation (DRDO) computer systems were breached and sensitive files were leaked. A top defence ministry officer admitted that India has delayed on the cyber security front. “Cyber command would ensure both offensive and defensive cyber security capabilities. Issues like cyber warfare, cyber espionage and cyber terrorism, etc. would be taken care of by a cyber command.

Prime Minister Manmohan Singh, while addressing the combined commanders conference in November, highlighted the need for developing capacities to counter what he described as “global surveillance operations”.

That NSA whistleblower Edward Snowden had allegedly collected information and intercepted communications in India has lent urgency to setting up a cyber command. As per a recent report, the US is the biggest buyer of malware in the world. Global cyber espionage networks are being actively used to spy on other countries. The command and control servers of malware FinFisher were also found in 36 countries, including India.

US International Strategy For Cyberspace

US International Strategy For CyberspaceCyberspace issues have assumed great importance for countries around the world. This is the reason why issues like Cyber Law and Cyber Security have become an essential part of national as well as international ICT policies and strategies.

Although cyberspace is a boundary less place yet there is no internationally acceptable cyberspace treaty till now. Even the basic International Cyber Law Treaty, which can be uniformly accepted by all countries of the world, is missing. Till now India is not a part of this cyber law treaty.

United States (US) has in the past revealed its international strategy for cyberspace to promote an open and secure information and communications infrastructure. US will work internationally to promote an open, interoperable, secure, and reliable information and communications infrastructure that supports international trade and commerce, strengthens international security, and fosters free expression and innovation, said US Secretary of State Hillary Clinton in remarks during the release of strategy at the State Department.

To achieve that goal, we will build and sustain an environment in which norms of responsible behavior guides states actions, sustains partnerships, and support the rule of law in cyberspace, she added.

What they are able to do in cyberspace, whether they can exchange ideas and opinions openly, freely explore the subjects of their choosing, stay safe from cyber criminals, and engage in professional and personal activities online, confident that doing so will remain private and secure, depends a great deal on the policies that we will adopt together, she added.

Of late, Civil Liberties of netizens are openly violated in the name of national security. We have already voiced our concerns in India in this regard. We believe that India must reconcile Civil Liberties and National Security Requirements in the larger interest of Civil Liberty Protection in Cyberspace.

We have also dedicated an initiative titled Human Rights Protection in Cyberspace that has been providing Techno Legal ICT Policies and Strategies for protecting Civil Liberties in Cyberspace.

While US initiative is praiseworthy, it cannot succeed till it collaborates at international level. We may secure some aspects of cyberspace at national level but at international level it is an altogether different issue. But at least a good step has been taken by US and we welcome the same.

Huawei Accused Of Breaching National Security Of India By Hacking Base Station Controller In AP

Huawei Accused Of Breaching National Security Of India By Hacking Base Station Controller In APCyber crimes and cyber attacks have become a common phenomenon in India. However, their intensity and sophistication is increasing day by day. This is evident from the Cyber Law Trends and Developments of India 2013 (PDF), Cyber Security Trends and Developments in India 2013 (PDF) and Cyber Forensics Trends and Developments in India 2013 (PDF) provided by Perry4Law and Perry4Law’s Techno Legal Base (PTLB).

Although National Cyber Security Policy of India 2013 (NCSP 2013) has been declared yet its integration with the National Security Policy of India is still missing. Further, Critical Infrastructure Protection in India needs a special focus. For instance, Huawei and ZTE are already in telecom security tangle and India is considering norms for import and testing of telecom equipments in India. The security agencies of India have even suggested use of indigenously made cyber security softwares.

Now Hindu has reported a serious cyber security attack against Bharat Sanchar Nigam Limited (BSNL)’s network. According to Hindu,  in a major incident of national security breach, India’s top intelligence agencies and Department of Telecom is all set to jointly launch an investigation into the alleged role of Chinese telecom equipment giant Huawei in hacking into BSNL’s network and sabotaging its expansion plans in Rajahmundry in coastal Andhra Pradesh.

Curiously, this is probably the first case where the Centre is also looking at inter-corporate rivalry between two Chinese telecom companies, the other being ZTE, which has bagged BSNL’s network expansion project including the one in Rajahmundry. ZTE is facing its own problems and recently it was accused of assisting conducting of e-surveillance in Iran.

The crucial point here is that if something like this can happen for the simple reason of corporate rivalry what can be done to further the objects cyber terrorism, cyber espionage and cyber warfare.

Following reports of Huawei engineers hacking a ‘base station controller’ (BSC), which controls several ‘base transceiver station’ (BTS) or mobile radio base station in an area, during network upgradation work at Rajahmundry in September/October this year, the National Security Council Secretariat (NSCS) in the Capital alerted the Department of Telecom, which in turn sought reply from the BSNL. Though the state-run telecom company conceded there has been a breach by Huawei, it failed to give a detailed account of damage done to the national security or the penal action taken against the Chinese firm.

Now, a five-member team comprising senior official from NSCS, Intelligence Bureau, Ministry of Home Affairs and BSNL will reach the core of the entire issue. “Several key questions have remained unanswered by the BSNL Andhra Pradesh circle. We will find out entire details about the hacking of BSC like failure of password management, change in database, accessibility of BSC from remote location and authorisation of commands to Huawei personnel. Considering the fact that all this has happened in a coastal city, and that too in a Naxal-affected State, a thorough probe might bring out more facts,” a senior official engaged in the probe told The Hindu.

What is more startling is the fact that the BSNL even failed to report the matter to police or intelligence sleuths in Andhra Pradesh even after finding out the gravity of the situation. It just reported the matter to the Huawei, says an internal communication between the NSCS and the DoT. Initially, the BSNL did not take the matter seriously. It was only after the DoT’s follow ups on the issue, the telecom PSU responded.

In its reply to the DoT, the BSNL said the Andhra Pradesh circle stated that the ‘BSC was relocated at Rajahmundry as a part of phase VII ZTE expansions and 10 numbers of BTS were re-homed on trial basis for confirmation of its satisfactory working before loading actual phase VII sites on it. All the BTS were reverted as soon as the problem (of hacking) was noticed and no live traffic was lost. The BSC was brought down by some (Huawei) company employee due to some inter-corporate rivalry. The problem was resolved when it was brought to the notice of M/s Huawei.”

“A notice was issued to M/s Huawei directing them to investigate the matter. In response to the notice, a national team from M/s Huawei visited Andhra Pradesh circle and assured that such incidents will not reoccur in future and they will take all possible measures to avoid such incident. Such incident has not occurred after the assurance,” the BSNL response to the DoT said.

National Cyber Security Policy Of India 2013 (NCSP 2013)

PRAVEEN-DALAL-MANAGING-PARTNER-OF-PERRY4LAW-CEO-PTLBThe National Cyber Security Policy of India 2013 (NCSP 2013) (PDF) was recently declared by Indian Government. It is a Good Policy on many counts but it also failed to address many crucial aspects as well. For instance, the National Cyber Security Policy of India has failed to protect Privacy Rights in India. Nevertheless, this is a good step in the right direction and it must be updated and improved as the time passes

A sound Cyber Security Policy must be Techno Legal and Holistic in nature. It must be Techno Legal in nature so that it can accommodate both Technological and Legal aspects. It must be Holistic as it should cover as much areas as possible. It must be realistic as well as a single Policy cannot be considered to be Panacea for all Cyber Crimes and Cyber Attacks against India.

Thus, the Indian Cyber Security Policy must be supplemented by other Techno Legal Policies. For instance, the E-Mail Policy of India must supplement the Cyber Security Policy. The Cyber Security Policy must also be supplemented with the Telecom Security Policy of India and National Telecom Policy of India 2012 (NTP 2012). In fact, the National Security Policy of India must have the Cyber Security Policy as an essential component.

This NCSP 2013 intends to protect information and information infrastructure in Cyberspace, build capabilities to prevent and respond to cyber threat, reduce vulnerabilities and minimise damage from cyber incidents through a combination of institutional structures, people, processes, technology and cooperation.

The NCSP 2013 aims at facilitating creation of Secure Computing Environment and enabling adequate trust and confidence in electronic transactions and also guiding stakeholders’ actions for protection of Cyberspace. It outlines a road-map to create a framework for comprehensive, collaborative and collective response to deal with the issue of Cyber Security at all levels within the country. It also recognises the need for objectives and strategies that need to be adopted both at the National level as well as International level.

The NCSP 2013 envisages a vision and mission statement aimed at building a secure and resilience Cyberspace for citizens, businesses and Government. It strives to enable goals aimed at reducing national vulnerability to cyber attacks, preventing cyber attacks and cyber crimes, minimising response and recover time and effective cyber crime investigation and prosecution. It intends to facilitate monitoring key trends at the national level such as trends in cyber security compliance, cyber attacks, cyber crime and cyber infrastructure growth.

The Objectives of the NCSP 2013 include to create a secure cyber ecosystem in the country, generate adequate trust and confidence in IT system and transactions in cyberspace and thereby enhance adoption of IT in all sectors of the economy,  to create an assurance framework for design of security policies and promotion and enabling actions for compliance to global security standards and best practices by way of conformity assessment (Product, process, technology and people), to strengthen the Regulatory Framework for ensuring a Secure Cyberspace Ecosystem, to enhance and create National and Sectoral level 24X7 mechanism for obtaining strategic information regarding threats to ICT infrastructure, creating scenarios for response, resolution and crisis management through effective predictive, preventive, protective response and recovery actions, to improve visibility of integrity of ICT products and services by establishing infrastructure for testing & validation of security of such product, to create workforce for 5,00,000 professionals skilled in next 5 years through capacity building skill development and training, to provide fiscal benefit to businesses for adoption of standard security practices and processes, to enable Protection of information while in process, handling, storage and transit so as to safeguard privacy of citizen’s data and reducing economic losses due to cyber crime or data theft, to enable effective prevention, investigation and prosecution of cyber crime and enhancement of low enforcement capabilities through appropriate Legislative Intervention.

Although the Objectives and Aims of the NCSP 2013 are Laudable yet their “Actual Implementation” is the real problem. India has not been able to achieve these Cyber Security Objectives so far. Since India is a late entrant in the Cyber Security field, it would only be fair to give it some more time to implement these Objectives successfully.

National Security Policy Of India Needs Techno Legal Boost

PRAVEEN-DALAL-MANAGING-PARTNER-OF-PERRY4LAW-CEO-PTLBNational Security has undergone a see change these days. It is wrong to assume that the National Security Policy is confined to traditional threats alone. National Security of India is facing many challenges these days that are mainly attributable to the use and abuse of Information and Communication Technology (ICT).

For instance, Cyber Crimes, Cyber Attacks, Cyber Security Incidences, Cyber Warfare, Cyber Terrorism, Cyber Espionage, etc are some of the problems that are peculiar to the contemporary times. These threats are intimidating the National Security of India by striking at the Financial, Economic, Social and Political Environment of India.

An implementable Techno Legal Crisis Management Plan of India for Cyber Attacks and Cyber Terrorism is need of the hour. The National Cyber Coordination Centre (NCCC) of India must also be made operational immediately.

Critical Infrastructure Protection in India must also be ensured by Indian Government. For instance, Supervisory Control and Data Acquisition (SCADA) Systems is a favourite target for Cyber Criminals and Cyber Terrorists. By targeting SCADA these cyber miscreants can damage the Critical Infrastructure of India. We must ensure sufficient Cyber Protection of SCADA Systems in India in general and Critical Infrastructure in particular.

Malware like Stuxnet and Duqu have already shown how Critical Infrastructures and SCADA systems are vulnerable to Cyber Attacks. Indian Critical Infrastructures have also been targeted by these Malware. It is believed that Stuxnet was responsible for shutting down an Indian Communication Satellite. These Malware have also been targeting Indian Nuclear Systems and Facilities.

The National Critical Information Infrastructure Protection Centre (NCIIPC) of India, established under the guidance and control of Defence Research and Development Organisation (DRDO) must also play a more pro active role in this regard.

Although NCIIPC has issued the Guidelines For Protection of National Critical Information Infrastructure in India (PDF) yet the role of NCIIPC in India is still not clear due to absence of a Gazette Notification by the Government of India under section 70A of the Information Technology Act, 2000.

Recently DRDO sought Penal Provisions in National Telecom Security Policy of India for Telecom Companies violating the norms. However, recently the Computer Systems of DRDO and Security Officials were breached and Sensitive Files were leaked. Thus, DRDO must also enhance its own Cyber Security besides managing the Cyber Security of other Institutions.

We must develop Offensive and Defensive Cyber Security capabilities of India. A Cyber Command for Armed Forces of India is already in pipeline. The Cyber Command has also become necessary as Countries across the world have started utilising Cyber Attacks and Malware against others. As per a recent report, U.S. is the Biggest Buyer of Malware in the world.  Similarly, Global Cyber Espionage Networks are being actively used to spy and engage in E-Surveillance on other Countries. The command and control servers of Malware FinFisher were also found in 36 countries, including India.

Indian Government must Reconcile Civil Liberties and National Security Requirements in India. While protecting the National Security, Civil Liberties Protection in Cyberspace must also be ensured. Recently, United Nations passed a resolution approving Right to Privacy in the Digital Age.

However, India is in no mood of complying with that resolution. India has launched Illegal and Unconstitutional Projects like Aadhar, Central Monitoring System (CMS), National Intelligence Grid (Natgrid), Crime and Criminal Tracking Networks and Systems (CCTNS), etc without any Parliamentary Oversight and Legal Frameworks. In fact, the Internet Spy System Network and Traffic Analysis System (NETRA) of India has been proposed by Indian Government without any Legal Framework.

There is also a lack of Cyber Security Legal Practice in India. Not many Law Firms are providing Legal Services in the field of Cyber Security as it requires Techno Legal Expertise. Indian Government is planning a Legislation mandating strict Cyber Security Disclosure Norms in India. Further, Cyber Law Due Diligence requirements in India are also going to increase in India.

Cyber Security is an essential part and component of National Security of India. Indian Government must keep this fact in mind and draft a suitable Techno Legal National Security Policy of India.

DRDO Seeks Penal Provisions In National Telecom Security Policy Of India For Telecom Companies Violating The Norms

DRDO Seeks Penal Provisions In National Telecom Security Policy Of India For Telecom Companies Violating The NormsCyber security is a very broad field that covers multiple facets of information and communication technology (ICT). One of the segments of cyber security pertains to telecom and mobile cyber security. Mobile cyber security in India is still missing and even mobile banking cyber security in India is in a bad shape. There is an urgent need to ensure mobile cyber security in India.

Recently, the national cyber security policy of India 2013 and national telecom policy of India 2012 were released by Indian government. It would even be better if an implementable national telecom security policy of India is formulated as well as soon as possible.

As of now the telecom service providers of India are openly flouting the laws of India. They are not following the cyber law due diligence in India. For instance, Airtel and Tata Teleservices Limited are violating cyber law of India in general and Internet Intermediary Rules of India in particular. These violations must be punished by Department of Telecommunication (DoT) and Telecom Regulatory Authority of India (TRAI).

Now Business Standard has reported that Defence Research and Development Organisation (DRDO) has communicated to the Department of Telecommunications (DoT) that the proposed National Telecom Security Policy should have a framework to penalise telecom service providers if they fail to abide by the norms. This is a sensible recommendation keeping in mind the cyber security interests of India.

DRDO has said that telecom service providers should endure that user data is not revealed or duplicated or copied or shared with recipients other than those designated by the sender, and should ensure that user data is not being routed outside the infrastructure within India when the end points of communication are inside Indian territory. This means that telecom service providers of India have to comply with the proposed e-mail policy of India.

Of course, there cannot be any bar from disclosure and sharing when the laws of India and foreign jurisdictions as well as court orders warrant so. Similarly, in cases of cyber crimes and cyber security breaches there should be an obligation on the part of Indian telecom service providers to comply with Indian laws. In fact, Indian government is planning a legislation mandating strict cyber security disclosure norms in India.

Telcos will require ensuring authentication of end user, authorised access to services and attribution of activities and payloads to end users. The attribution in the form audit, forensic and tracking mechanisms should ensure tracking of inappropriate use, criminal activities and enforcement of IT and cyber security laws of the Government.

Earlier, the Government had differences with Blackberry over the encrypted message and email services the firm provides to customers. Fearing that such encrypted services can be used to plan and execute terrorist strikes, India had also threatened to ban the providers of such services if they failed to accommodate the legitimate demands of law enforcement agencies.