IP Protection Of Entertainment Industry Of India On Internet, Cyberspace And In A Digital Environment

IP Protection Of Entertainment Industry Of India On Internet, Cyberspace And In A Digital EnvironmentThe way Indian courts have been ordering blocking of websites in India for alleged intellectual property rights (IPRs) violations, it is apparent that Indian legal and judicial system has failed to cope up with the technological advances. Not only this, Indian entrepreneurs and IPRs owners have failed to understand how the Internet works and how to enforce the IPRs in a digital environment. Naturally, the fight against online piracy is already a lost battle for the entertainment industry of India.

Anti Piracy protection to entertainment industry of India from online mediums and websites needs techno legal solutions. A good combination of legal and technological measures is needed to effectively protect the IPRs of owners of movies, songs, digital contents, etc.

The problem in an online environment is that conflict of laws in cyberspace makes the laws of a particular country ineffective and useless. For instance, if a website hosted in United States hosts a pirated movie of an Indian producer, blocking of such website in India is only an insignificant part of the solution. Such blocked website can not only be accessed from India using proxy servers but it always remains accessible through out the world.

We at Perry4Law and Perry4Law’s Techno Legal Base (PTLB) believe that use of a DMCA notice to get the infringing material removed from such U.S. based website is a more reliable and permanent solution. We have been sending successful DMCA notices on behalf of our clients through out the world, including U.S. We have been able to get the infringing contents successfully removed from European Countries, Asian Countries, U.S., U.K., etc.

We have also provided our suggestions to U.S. Copyright Office regarding Small Claims (PDF) and Orphan Works (PDF). These suggestions can be appropriately used by Indian Government while formulating an anti piracy policy regarding entertainment industry of India.

The IP protection of entertainment industry of India on Internet, cyberspace and in a digital environment requires techno legal approach. Similarly, brand protection and management in India in an online environment is totally different form traditional approach. In many cases Indian entertainment industry stakeholders have used illegal means to get the infringing contents removed or temporarily unavailable. This solution is worst than the problem as it may land the entertainment industry in trouble.

We at Perry4Law and PTLB strongly recommend that laws of different jurisdictions must be followed while protecting the IPRs of Indian entertainment industry. IP protection cannot be effective if it is defective or based upon illegal acts or omissions. In case of doubt, it is always advisable to use the services of a good techno legal law firm of your choice.

Luxembourg And UK Data Protection Authorities May Probe EBay Regarding Cyber Breach

Luxembourg And UK Data Protection Authorities May Probe EBay Regarding Cyber BreachCompanies having international presence and business must keep in mind the regulatory compliance requirements of applicable jurisdictions as well. The companies located in United States have ignored the laws of other nations for long and they have not realised that they are required to keep in mind the laws of other jurisdictions. Now this indifference or ignorance of U.S. companies has started putting them in legal troubles.

Recently EBay declared that its systems were compromised by crackers in the past. However, just like other companies, EBay also failed to notify about the same to the law enforcement and regulatory authorities and the consumers in a timely manner.  All it did was a belated suggestion to change the passwords. As expected three U.S. States are investigating EBay’s cyber security standards and cyber security breach disclosure practices. Similarly, Target Corporation was also attacked by cyber criminals in the past and as a result of that Target Corporation faced litigation threats around the world. Now EBay is also facing similar litigation threats.

U.S. companies cannot hide behind the veil of conflict of laws in cyberspace anymore. No company can know this much better than Google who is facing online defamation case in India and has to comply with the right to be forgotten in Europe. Now the Luxembourg and U.K. data-protection authorities may probe EBay regarding the cyber-attack that exposed passwords and personal information of consumers around the world, including India. Even Indian regulatory authorities may initiative an investigation against EBay to ensure that privacy rights and data of Indian citizens may not have been violated during the cyber breach.

Gerard Lommel, the head of Luxembourg’s privacy watchdog, said the regulator will decide next week whether to investigate the company over the data breach. U.K. Information Commissioner Christopher Graham said in a blog post that he is “actively looking at the situation with a view to launching a formal investigation”.

Luxembourg has already told EBay that it “will expect answers” over the breach. The country’s regulator would take charge of any data-protection investigation because it’s responsible “for all users that have signed a contract with EBay in Europe”, he said. “This is a big deal and we will for sure stay in close contact with our colleagues in other data protection authorities in Europe”, Lommel said. “The first steps will be to see where the risks now are and what the company’s plans are to remedy the situation”.

Right To Be Forgotten Can Be Enforced Against Google In Europe Says European Court of Justice (ECJ)

Right To Be Forgotten Can Be Enforced Against Google In Europe Says European Court of Justice (ECJ)In a landmark judgement, the European Court of Justice (ECJ) has held that Google must ensure Right to Be Forgotten to its users. This is in continuation of European Union’s earlier efforts to strengthen privacy rights and data protection amid global e-surveillance practices.

Conflict of laws has made complicated the legal environment applicable to cyberspace. This holds good for India as well where technology companies like Google, Facebook, etc are violating Indian laws openly. Indian government has failed to take any effective step in this regard and we at Perry4Law hope that the new Government would formulate effective techno legal framework for Indian cyberspace.

In fact Google’s online defamation case has already reached to the level of Indian Supreme Court. However, Indian Courts are very lenient when it comes to foreign technology companies operating in India. On the other hand, the ECJ has been taking a stand that is in conformity with civil liberties protection in cyberspace. ECJ has held that Internet companies like Google can be forced to remove irrelevant or excessive personal information from search engine results.

Google suffered a previous privacy setback earlier this year when a German court ordered it to block search results in Germany linked to photos of a sex party involving former Formula One motor racing boss Max Mosley.

The case highlighted the struggle in cyberspace between free speech advocates and supporters of privacy rights who say people should have the “right to be forgotten” – meaning that they should be able to remove their digital traces from the Internet. It creates technical challenges as well as potential extra costs for companies like Google and Facebook.

Google can be required to remove data that are “inadequate, irrelevant or no longer relevant, or excessive in relation to the purposes for which they were processed and in the light of the time that has elapsed,” said judges at the Luxembourg-based court. The ECJ said the rights of people whose privacy has been infringed outweighed the general public interest.

Google said it was disappointed with the ruling, which contradicted a non-binding opinion from the ECJ’s court adviser last year that said deleting sensitive information from search results would interfere with freedom of expression. “We are very surprised that it differs so dramatically from the Advocate General’s opinion and the warnings and consequences that he spelled out. We now need to take time to analyze the implications,” said Google spokesman Al Verney.

The European Commission proposed in 2012 that people should have the “right to be forgotten” on the Internet. This was watered down by the European Parliament last year in favor of a “right to erasure” of specific information. The proposal needs the blessing of the 28 European Union Governments before it can become law. Google, Facebook and other Internet companies have lobbied against such plans, worried about the extra costs.

The developments of privacy and data protection at the EU are systematic and consistent in nature over a long period of time. Some significant developments in this regard are draft European Parliament Legislative Resolution for General Data Protection Regulation 2009-2014 (PDF), European Parliament’s support for Commission’s efforts to foster EU Citizens’ Rights Memo 14-185 (PDF), MEPs anti surveillance stand against U.S. NSA (PDF), etc. The latest to add to this civil liberties protection list is supporting vote of European Parliament for EU data protection reforms (Word) that have now become irreversible in nature.  The new Data Protection Regulation was approved with 621 votes for, 10 against and 22 abstentions.

The issues of privacy and data protection in Europe have become all the more sensitive since a former U.S. intelligence contractor, Edward Snowden, leaked details last year of U.S. surveillance programmes for monitoring vast quantities of emails and phone records worldwide.

Unfortunately, countries like United States, India, United Kingdom, etc are working towards curbing civil liberties in cyberspace on the one hand and increasing unconstitutional e-surveillance powers on the other hand. On the other hand, EU has been working in the direction of making consumers’ data and information safe and secure.

In the United States, California recently passed a state “eraser” law which will require tech companies to remove material posted by a minor, if the user requests it. The new rule is scheduled to take effect in 2015 and will likely face a court challenge.

Interpol Busts Illegal Online Airline Ticket Transactions Gang Using Fake Or Stolen Credit Cards

Interpol Busts Illegal Online Airline Ticket Transactions Gang Using Fake Or Stolen Credit CardsUse of fake or stolen credit cards for e-commerce or online purchases is very common these days. The cyber criminals steal the credit card details from one jurisdiction and use the same in an altogether different jurisdiction. This makes the task of law enforcement agencies very difficult as conflict of laws in cyberspace are very difficult to manage. Further, authorship attribution for cross border cyber crime is also a big challenge before the law enforcement agencies world over.

Cyber criminals are also using technological means to hide their online tracks. For instance, use of freely available anonymous services can hide the online tracks of cyber criminals. Similarly, dynamic DNS and fast flux and bullet proof servers can also cause trouble for cyber crime investigations.

To counter these inter country cyber crime investigations, law enforcement agencies of the world have joined their hands together and formed the International Criminal Police Organization (Interpol). The Interpol assists in investigations that are scattered in multiple jurisdictions.

In one such inter country investigation; Interpol has carried out a massive crackdown on suspicious online airline ticket transactions using fake or stolen credit cards. More than 180 people have been arrested or detained during an operation coordinated by Europol and supported by Interpol at airports across Europe and the Americas to tackle credit card fraud and illegal immigration. A two day operation was carried out on April 8 and 9 involving law enforcement agencies from across the world with support from the European Cyber crime Centre (EC3), the EU border control agency Frontex and Eurojust.

Representatives from 35 airlines worked directly with the EC3, police agencies across the European Union, US Secret Service, US Immigration and Customs Enforcement, the Colombian National Police and payment card companies Visa Europe, MasterCard and American Express to identify suspicious airline ticket sales made via the Internet.

After receiving alerts from airlines of more than 265 suspicious transactions, payment card companies reviewed the transactions using their own financial data systems and the International Air Transport Association (IATA) provided fraud intelligence. Notifications were sent to airports across the world, where police detained criminals attempting to travel using fraudulently obtained flight tickets.

Google’s Online Defamation Case Filed By Visaka Industries Ltd Reaches For Indian Supreme Court Hearing

PRAVEEN-DALAL-MANAGING-PARTNER-OF-PERRY4LAW-CEO-PTLBForeign Companies like Google, Facebook, Microsoft, etc, have taken Indian Laws for granted for too long. It seems they have the support of Indian Government as the Policies and Regulatory Framework of India are such that they allow these Companies to “Slip Easily”. Even Indian Telecom Companies are engaging in behaviours that are not allowed within the current Legal Frameworks. The Information Technology Act, 2000 prescribes certain Cyber Laws Due Diligence Requirements (PDF) that Indian Telecom Companies are not following at all. For instance, the reports of Violations Of Cyber Law Due Diligence and Internet Intermediary Rules by Tata Teleservices Limited and Airtel are well known.

However, this situation cannot continue for too long as sooner or later Indian Government would be forced to take “Stringent Actions” against both domestic and foreign companies. In fact, the cyber litigations against foreign websites would increase in India in the near future. The Google’s online defamation case of India, initiated by Visaka Industries Ltd against Google, is just the beginning.

Google is also on the wrong side of many Indian Laws. For instance, Google is already violating many Laws of India, especially the Cyber Law of India. In fact, the G-Mail must be banned in India as it is “Abetting and Encouraging the Commission of Cyber Crimes” against Indian Citizens and Organisations. India must ensure Techno Legal Measures to regulate Indian Cyberspace if it really wishes to curb the menace created by both domestic and foreign technology companies.

Google has been facing Conflict of Laws problems in India. While Google is adamant on following the United States Laws and Polices yet various stakeholders are insisting that Google must adhere to Indian Laws as well. Google has long used the Conflict of Laws Façade and Subsidiary Argument to evade applicability of Indian Laws.  This is natural and there is nothing wrong in taking a legal stand like this. What is not understandable is why Indian Government is “not taking strict actions against Google” and its “Unregulated Services” in India.

We at Perry4Law believe that all Subsidiary/Joint Ventures Companies in India, especially those dealing in Information Technology and Online Environment, must mandatorily establish a server in India. Otherwise, such Companies and their Websites should not be allowed to operate in India. The Ministry of Home Affairs, India and Intelligence Bureau (IB) are already exploring this possibility.

A “Stringent Liability” for Indian Subsidiaries dealing in Information Technology and Online Environment must be established by Laws of India. More stringent online advertisement and e-commerce provisions must be formulated for Indian Subsidiary Companies and their Websites.

Now we have a good chance to remove the “Governmental Apathy” towards these crucial issues as the matter is coming for hearing on Monday before the Supreme Court of India. The Court should not be swayed away with the Subsidiary Argument that has been fooling Indian Judiciary for long.  The Supreme Court is seized with the issue whether the Subsidiary of Google Inc. is liable for allegedly defamatory comments made on its blogging site. This is a big opportunity for Indian Supreme Court to “Streamline” Indian Laws in this regard.

Google has already lost the case in Andhra Pradesh High Court in 2011 and it has appealed to the Supreme Court. If Google loses again it will be held “Criminally Liable” for violation of various Indian Laws, including the Indian Penal Code, 1860 and the Information Technology Act, 2000.

E-Mail Policy Of India In Pipeline

E-Mail Policy Of India In PipelineElectronic mail or e-mail is one of the favourite methods of cyber criminals to compromise computer systems and to gain sensitive and personal information. Further, service providers like G-mail are abetting and encouraging commission of cyber crimes as well. E-mail service providers like g-mail, yahoo, hotmail, etc are also facilitating violating the provisions of Public Records Act, 1993 wherever public records are involved.

Realising the seriousness of the situation, Delhi High Court is analysing e-mail policy of India and complaint mechanism to Facebook. The Delhi High Court has also directed Central Government to issue notification regarding electronic signature under Information Technology Act 2000. An advisory by Maharashtra Government to use official e-mails has already been issued.

The recent e-surveillance initiatives of National Security Agency (NSA) of United States created uproar among world community at large. James Clapper, the Director of NSA, has also admitted that NSA is targeting foreign citizens for surveillance. This includes netizens of India as well.

Issues like e-surveillance and conflict of laws have forced India to exert more control over its cyberspace. India has even suggested formulation of an international regulatory framework for Internet governance at the United Nations. Even the United Nations (UN) Third Committee approved text titled Right to Privacy in the digital age to curb e-surveillance practices among various nations.

However, India must ensure techno legal measures to regulate Indian cyberspace. Further, domain name protection in India must be free from ICANN’s influence as ICANN is not helping in enforcement of Indian laws at all.

The Department of Electronics and Information Technology (DeitY) has already issued policy documents in this regard. These include email services and usage policies of Government of India (PDF), NIC policy on format of e-mail address (PDF), password policy of Government of India (PDF), security policy for users by Government of India (PDF) and service level agreement by Government of India (PDF).

However, issues like non cooperation by United States and companies like Google, Microsoft, Yahoo, etc registered there must be resolved on a priority basis. Although an Indo-American alert, watch and warn network for real time information sharing in cyber crime cases has been proposed yet its establishment and effectiveness is yet to be tested. In the past US has not only refused to serve Indian summons upon US websites including Facebook and Google but has also blocked a MLAT attempt to make Google, Facebook, etc comply with Indian Laws. Meanwhile companies like Google and Facebook continue to violate Indian Laws. The present e-mail policy of India must consider all these aspects before allowing foreign e-mail services to be used in India.

Domain Name Protection In India Must Be Free From ICANN’s Influence

Domain Name Protection In India Must Be Free From ICANN’s InfluenceDomain name protection in India is long overdue. We have no dedicated domain name protection laws in India and domain name protections are generally claimed under the Indian Trademark Act, 1999.

At the international level, Internet Corporation for Assigned Names and Numbers (ICANN) is managing the dispute resolution pertaining to domain names. The Uniform Domain-Name Dispute Resolution Policy (UDRP) of ICANN is frequently suggested to be used for trademark disputes and domain name disputes. ICANN has prescribed a very selective list of approved dispute resolution service providers who can alone adjudicated disputes pertaining to domain names.

Thus, the domain name dispute resolution mechanism of ICANN is not only managed by selective few institutions but it is also a costly affair as arbitration fees has to be deposited to invoke UDRP proceedings. This means that even in the clearest case of trademark violation, cyber squatting and commission of a crime, the aggrieved person has to approach ICANN approved dispute resolution provider and has to deposit fee for invoking the dispute resolution procedure.

Anybody who has dealt with ICANN must be aware that ICANN never takes any action against the guilty domain name registrars no matter whatsoever wrong doing they have been engaging in. ICANN accredited registrars take advantage of this position and they openly flout laws of India.

As per the Information Technology Act, 2000 and the Information Technology (Intermediary Guidelines) Rules, 2011, an Indian domain registrar who is accredited to ICANN and operating in India is an intermediary and it is required to follow cyber law due diligence to escape Internet intermediary liability in India.

However, domain name registration service providers like Public Domain Registry [publicdomainregistry.com] are not at all complying with Indian laws, especially the IT Act, 2000. Even ICANN is aware of such non compliance and is shielding such registrars instead of taking a punitive and administrative action.

We have already lodged a criminal compliant against Public Domain Registry before the Delhi Police and are now exploring other legal options in this regard. We have also brought to the knowledge of ICANN about such criminal complaint, irregularities and lack of compliance of the part of Public Domain Registry.

We have also contacted GoDaddy in this regard and it has informed us that GoDaddy is not at all involved with the offending domain name in question. This means that GoDaddy’s name has been wrongly allowed to be used by both the domain registrar Public Domain Registry and ICANN despite being well aware of the irregularities and illegalities.

This entire episode has forced us to think how ICANN must be made accountable for not respecting laws of other jurisdictions like India. Recently, Indian government has prescribed that domain names ending with .in extension must not use privacy protect facilities and must disclose their true identity. Most of the domain name service providers operating in India have complied with the requirement.

On similar terms, the Indian government must mandate that domain name service providers operating in India must comply with Indian laws on priority if there is a conflict between the Indian laws and the agreement between ICANN and such domain name service provider.

Although this is the actual legal position as on date yet an expression declaration in this regard would help in clearing any doubts about this proposition. India must also work in the direction of making the role and influence of ICANN negligible while dealing with Indian domains and Indian domain name registrars.

Indo-American Alert, Watch And Warn Network For Real Time Information Sharing In Cyber Crime Cases

Indo-American Alert, Watch And Warn Network For Real Time Information Sharing In Cyber Crime CasesLaw enforcement agencies of India have been facing the conflict of law situation in Indian cyberspace for long. As a result any cyber crime that has a foreign element is very difficult to solve for Indian law enforcement agencies. This is more so when the Internet intermediary is located in United States as Internet intermediaries like Google, Yahoo, Microsoft, Facebook, etc are very fussy while sharing information about cyber criminals.

In fact companies like Google, Facebook, etc are openly violating Indian laws and Indian government is in a helpless situation in this regard. There is no other option left for the Indian government but to formulate stringent techno legal measures against these foreign companies.

Not only these foreign companies are harbouring cyber criminals by not providing their details but e-mail service providers like G-mail actually abets and encourages commission of cyber crimes in India. As an urgent measure Indian government must ban G-mail in India for official and private communications to avoid increase in cyber crimes in India. The Maharashtra government has already issued an advisory to use official e-mails for official communications.

Business Standard has reported that with growing reluctance of service providers to furnish real time information in cyber crime cases, India will seek active cooperation from the US for setting a joint mechanism to overcome such difficulties. As the two countries plan to meet at the India-US Homeland Security dialogue here on December 4, the difficulties faced by Indian security agencies in cyber-crime related cases top the agenda.

The two-day meet will be inaugurated by Home Minister Sushi Kumar Shinde and attended by US Assistant Secretary for Policy (Homeland Security) David Heyman and US Ambassador to India Nancy Powell among others. In the agenda papers it was stated that India, which ranks fifth in the world in the incidence of cyber crime, has seen hacking of 9,000 websites in three years thus posing a serious threat to the government.

Highlighting the difficulties faced by Indian security agencies, the papers said most of the prominent service providers like Hotmail, Google, Facebook, Twitter are based in the US and a general request takes anywhere between 15 and 80 days. “Further there is no guarantee that the required information would be provided at all. “However, despite urgent requests, there have never been provided by any of the service providers even in single case,” it was stated.

According to TOI, US servers almost take a “lifetime” to respond to India’s requests in cases of cyber crime investigations and still do not deliver many times, leading to situations like communal tensions spiral out of hand. The lengthy process of mutual legal assistance treaty and the route of letter rogatory are not helping matters either.

India is likely to push for easier and quicker methods of sharing information on cyber crimes with the US in the two day meet as most servers are based in that country. India will ask for setting up of an Indo-American Alert, Watch and Warn Network of participating law enforcement agencies of both countries for real-time sharing of information to manage crises and threats. It will also push for setting up of an expert group that will promote legal mechanisms that encourage cyber cooperation and facilitate creation of training materials and technical assistance.

“In addition to internet logs, in many cases profile and email contents etc are also required for investigations. However, despite urgent requests, there have never been provided by any of the service providers even in single case,” the document further states.

It also points out the futility of MLTA and LR regimes. “The LR process is time consuming and the resultant delays invariably make the entire investigation a futile exercise,” it says.

Perry4Law and Perry4Law’s Techno Legal Base (PTLB) have already provided their suggestions (PDF) to Indian government and Serious Fraud Investigation Office (SFIO) in this regard on similar lines. Most of these suggestions are already part of the proposed meet.

Advisory By Maharashtra Government To Use Official E-Mails, Indian Cloud Based Services, Routing Traffic Through NIXI And Section 43 A Compliance Check

Advisory By Maharashtra Government To Use Official E-Mails, Indian Cloud Based Services, Routing Traffic Through NIXI And Section 43 A Compliance CheckThe cyberspace environment of India is passing through a transformation stage. The Central Government is presently working on the formulation of the e-mail policy of India. It is contemplating banning private e-mail service providers like G-mail and Yahoo for government communication purposes. However, G-mail must be banned in India for even private communications as it abets and encourages the commission of cyber crimes in India.

Now even States have taken notice of this situation and they have started working in this direction. An Advisory by Maharashtra Government to use Official E-Mails, Indian Cloud Based Services, Routing Traffic through NIXI and Section 43A Compliance Check (PDF) has been issued. The advisory has drawn the attention of various stakeholders towards the process of keeping of Indian data outside the country that is easily accessible to external Governments and their corporate sector.

DIT in its communication to all departments from time to time, has instructed them to host their websites only on servers located within India. Any website hosting must also comply with CERT-IN guidelines for web security and go through periodic security audits. Guidelines for Indian Government Websites (GIGW) specify that all government websites must use .gov.in or .nic.in domain names. They should NOT USE any other domain names such as .com, .org, .org.in, etc.

Section 4 of the Public Record Acts, 1993 states that “no person shall take or cause to be taken out of India any public records without the prior approval of the Central Government; provided that no such prior approval shall be required if any public records are taken or sent out of India for any official purpose”.

There have been incidents in recent times, about hackers breaking into government websites e.g. very recently social justice website was hacked, and it was found that this website developed and maintained by a private company was running from the United States. Hackers not only deface the government websites, but also tend to steal/ manipulate valuable data and even insert malicious content and/ or redirect visitor traffic to malicious websites. In case of information leak or hacking of server hosted abroad, there are difficulties investigating the case as Indian laws are difficult to be applied on those agencies.

Considering these issues, it is hereby re-iterated that all websites and Applications of State Government Departments and all Directorates, Corporations, Public Undertakings under them, should be hosted within India and preferably on Government owned servers in State Data Centre or NIC data centres or on servers collocated in Tier 3 data centres in India.

Regarding the e-mail usage, it has been observed that many Government employees use private (i.e. publicly available) email IDs such as Gmail, Yahoo, Hotmail. Several senior Government officials in Maharashtra Government have their Gmail/Yahoo/Hotmail IDs listed in Government portals as their official e-mail. Through use of such e-mail system, sensitive Government data is being transmitted and stored on private servers outside the country. This is clear violation of section 4 of the Public Records Act, 1993, and various other instructions as listed in previous paragraphs.

Various Government agencies have been raising concerns over use of e-mail services provided by foreign firms which have their servers located in overseas locations (or non-traceable locations), thus making it difficult to track any misuse or leakages. Department of Electronics and Information Technology, Government of India is drafting a policy on e-mail usage in government offices and departments, which will be released very soon. In light of all above, all departments are hereby requested that preferably only government provided email IDs, from servers within India, he used for official communication by all government employees. You may contact NIC or DIT or MahaOnline for the same. When Govt. Of India issues any instructions in this regard, they will be brought to the notice of all departments for strict compliance

While using Gmail, Yahoo, Skype, Evernote, iPad Notes, Google Drive, SkyDrive, Google Docs, Office 365, Dropbox, Amazon cloud, Facebook, Twitter, YouTube, Google Maps etc. same precautions as above would apply regarding sensitive government data or citizen data.

SDC hosted in Mumbai is connected to National Internet Exchange of India (NIXI) exchange point at Navi Mumbai. This ensures that domestic Internet packets mostly remain with India. Whenever any department/ corporation etc. is hosting a website outside the SDC, or purchasing bandwidth for various locations, it should be ensured that the concerned data centre/ISP is connected to nearby NIXI nodes.

Not only security of data, but keeping Citizen’s private data secure is also important. Failure to protect sensitive data attracts provisions of Section 43A of Information Technology Act 2000, as amended in 2008. Section 3 of Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 20 11 notified by Govt. Of India on 11th April 2011 defines SPD (Sensitive Personal Data), while Section 8 of these Rules defines Reasonable Security Practices and Procedures. Hence it is advisable that whenever any Department is collecting or keeping Citizen data, Section 43A compliance Audit should be got done. It is also necessary that appropriate NDA(Non-Disclosure Agreement) is signed with the vendors as well all their employees designing/ developing/ implementing/ maintaining the software, hardware, network, bandwidth etc.

As mandated in eGovernance Policy of Government of Maharashta, standards in eGovernance are of a high priority activity. Standards will ensure sharing of information through seamless interoperability of data across e-Governance applications. eGovernance Policy also mandates use of open standards in all e-Governance projects in the state. In view of the above, ensure that all the existing and new e—Governance projects, right from the conceptualization and design stage, should adhere to the listed Technical Standards in Interoperability framework document and other eGovernance standards published by GOI from time to time.

YAll administrative units within the government departments, divisional and district offices, directorates, state public undertakings, corporations etc. must comply with this Advisory.

G-Mail Must Be Banned In India As It Abets And Encourages Commission Of Cyber Crimes

G-Mail Must Be Banned In India As It Abets And Encourages Commission Of Cyber CrimesElectronic mails (e-mails) have become indispensable part of our daily life. Both private individuals and government departments use e-mail for personal and official purposes. However, when it comes to use of e-mail facilities of service providers like G-mail, things become complicated and there are many Laws of India are violated by both government department users and the service providers like G-mail.

Cyber criminals are using e-mail services of companies like Google whose G-mail does not provide the source of the communication. Google is also very fussy about providing information about cyber criminals even if there are clear cases of doing so. Fortunately, the Delhi High Court is presently seized with a case that would scrutinise the e-mail policy of India.

However, the long term interest of India warrants that G-mail should be banned in India not only for governmental purposes but otherwise as well as G-mail abets and encourages commission of cyber crimes and cyber contraventions in India. G-mail not only masks the Internet Protocol Address (IP Address) of a cyber criminals that makes it impossible to trace an IP Address without Google’s assistance but Google also insists upon following of non Indian laws for providing even basic level information. Till the time the entire legal process is over, the damage is already done by Google/G-mail.

Google is openly violating the laws of India by using the façade of conflict of laws and Indian government is taking Google lightly. We need to have techno legal framework in India so that companies like Google cannot take Indian laws for a ride. We also need such techno legal framework so that child pornography can be curbed to the maximum possible extent in India.

Indian Government Is Taking Google Lightly And Allowing It To Continuously Violate Indian Laws

Indian Government Is Taking Google Lightly And Allowing It To Continuously Violate Indian LawsGoogle has been facing conflict of laws problems in India. While Google is adamant on following the United States laws and polices yet various stakeholders are insisting that Google must adhere to Indian laws as well.

Google has long used the conflict of laws façade and subsidiary argument to evade applicability of Indian laws.  This is natural and there is nothing wrong in taking a legal stand like this. What is not understandable is why Indian government is not taking strict actions against Google and its unregulated services in India.

We take a pride in saying that none is above law and rule of law would prevail in India no matter howsoever high a person or institution may be. However, when it comes to Google, Indian government is not willing to take a tough stand against it. The truth is that technology companies like Google are violating laws of India and Indian government is sleeping over the matter.

The present trend shows that cyber litigations against foreign websites would increase in India. However, neither the cyber law of India nor the Indian government’s attitude is strong enough to make the foreign companies afraid of Indian laws.

While cyber law due diligence for European business would be the new trend yet cyber law due diligence in India is still a matter not known to various technology companies and social media websites.

Companies like Google are also ridiculing the Internet intermediary liability as prescribed by Indian cyber law. They are also deliberately violating Indian laws, including Indian cyber law, and Indian government is looking helplessly in this regard. Indian government must make the commercial operations of foreign companies in India more amenable to Indian laws so that the parent companies located at foreign jurisdictions respect and follow Indian laws as well.

All subsidiary/joint ventures companies in India, especially those dealing in information technology and online environment, must mandatorily establish a server in India. Otherwise, such companies and their websites should not be allowed to operate in India. A stringent liability for Indian subsidiaries dealing in information technology and online environment must be established by laws of India. More stringent online advertisement and e-commerce provisions must be formulated for Indian subsidiary companies and their websites.

The matters touching these aspects have already reached the High Court and Supreme Court levels and if Indian government still remains indifferent towards these issues, suitable directions from our Constitutional courts would be much desirable.

E-Surveillance, Civil Liberties Protection In Cyberspace And Conflict Of Laws

PRAVEEN-DALAL-MANAGING-PARTNER-OF-PERRY4LAW-CEO-PTLBNational Security is a “Vague and Misguided Concept” and under the “Guise of National Security”, the Civil Liberties of Citizens is violated World over, including India. As more and more Technology is being used by Citizens and Netizens, the Law Enforcement Agencies and other Government Agencies have started “Targeting” the Online Dealings of various Netizens.

In almost all of these cases, the Civil Liberties in Cyberspace are violated “Without any Judicial Scrutiny and Legal Framework”. Whether it is United States, United Kingdom, India or any other Country, Intelligence and Security Agencies are openly violating various Constitutional and Human Rights in Cyberspace.

Civil Liberties like Privacy, Free Speech, Right to Know, Right to Share Information, etc are at “Serious Peril” of being compromised forever if immediate steps are not taken right now. None would suggest that Privacy should be given prominence over National Security but at the same some none would say that Privacy Rights and other Civil Liberties can be compromised and infringed for the sake of some “Presumed and Artificial National Security Requirements”.

A “Balance” must be maintained between Civil Liberties and National Security Requirements and they must be “Reconciled” to have the best results. If we give unnecessary importance to either Privacy or National Security, the end result would be “Counter Productive” in the long run.

As on date we have no “Globally Acceptable” Cyber Law Treaty, Cyber Security Treaty and Civil Liberties Protection Treaty for Cyberspace. As a result we have no protection at the International Level against Cyber Crimes, Cyber Attacks, Cyber Espionage, Cyber Terrorism, E-Surveillance, Cyber Warfare, etc. Even the Tallinn Manual on the International Law applicable to International Cyber Warfare is not an Internationally Acceptable Legal Framework. As such it is “Not Binding” upon other Countries and they are free to not to follow the same and its Principles.

Among the respective National Legal Frameworks as well there is neither a “Harmony” nor “Accountability” for violation of Civil Liberties in Cyberspace. Intelligence and Security Agencies are operating without “Parliamentary Oversight”. In Countries like U.S., U.K., India, etc, Intelligence Agencies are either operating “Without a Law” or in “Clear Violation of Constitutional Norms”.

Further, “Surveillance Mechanisms” have been adopted and used to indulge in “Illegal E-Surveillance” World over. E-Surveillance in India has crossed all the “Procedural Safeguards Limits” and these E-Surveillance activities are violating both Constitutional Provisions and Civil Liberties in Cyberspace.

We have “Grossly Offensive” Projects like Aadhaar, Central Monitoring System, National Intelligence Grid (NATGRID), Crime and Criminal Tracking Network and System (CCTNS), etc without any “Parliamentary Oversight” and “Legal Framework”.

In India there is “No Requirement” to obtain a Court Warrant to engage in E-Surveillance and Eavesdropping. Further, with the introduction of Central Monitoring System of India, the scope for “Judicial Intervention” has been absolutely ruled out. The present position reiterates that when Rights are outlawed only outlaws would have Rights. Similarly, the present Cyberspace environment has also proved that Self Defence in Indian Cyberspace and Internet is need of the hour.

The Conflict of Laws Scenario in Indian Cyberspace has reached a stage where immediate Government action is required. India must ensure Techno Legal Measures to Regulated Indian Cyberspace so that both National Security and Civil Liberties can be respected and protected equally.

Strict Laws against Technology Companies and Social Networking Websites like Google, Facebook, etc must also be framed in India so that they can be forced to comply with Indian Laws.

International E-Surveillance Exercises targeted against India and its Citizens must be rebuked and strongly taken care of by India especially when the Intelligence Agencies are “Targeting Foreign Nationals”, including Indian Nationals.

Online Gambling And Gaming Laws And Regulations In India And Conflict Principles

Online Gambling And Gaming Laws And Regulations In India And Conflict PrinciplesOnline gambling and gaming is fast catching the eyes of entrepreneurs and players alike. We have been frequently approached regarding ascertaining the legality of online gambling and gaming in India. As on date, we have no dedicated online gambling and gaming laws in India. However, keeping in mind the importance of this area there must be dedicated online gambling and gaming laws and regulations in India so that this area is properly regulated and chances of e-commerce frauds and cyber crimes can be minimised.

Recently, it was decided that an anti match fixing law would be formulated for India. This decision was taken due to growing cases of match fixing in series like IPL. We also need to regulate online gambling and gaming activities in India so that no stakeholder is found on the wrong side of the law.

Online gambling and gaming is essentially an international phenomenon as the website may be registered in the name of a person residing in country A, the server hosting the website may be located in country B and the players could be located in multiple countries.

Similarly, the software and application providers may also be involved in legal hassles due to the supply of their products and services in India. For instance, forensics analysis of Nokia’s computers used to download software in India is presently undertaken by Indian tax authorities to investigate violation of income tax and transfer pricing provisions of India.

In short, online gambling and gaming may be legal in one country whereas it may be illegal in another. The country where it is illegal may prosecute the website owner, server provider and the players in their respective jurisdictions as the effect of the same is felt in their jurisdictions and residents of these countries may found involved in online gambling and gaming that is illegal in these countries.

There is a serious conflict of laws in the area of online gambling and gaming industry. When it comes to India, this conflict is further aggravated due to conflict of laws between respective States of India. While in a few States it may be legal in almost all other States it is illegal.

As far as gambling in India is concerned, we have a Central law on gambling known as Public Gambling Act of 1867. Similarly, we have many State laws on gambling that are mostly based upon the central law. Further, almost all the State laws are regulating real world or offline gambling in India. The exception in this regard can be found in the laws applicable in places like Goa and Sikkim.

Recently Goa has made its casino laws very stringent keep in mind the money laundering, black money and tax evasion issues in mind. Similarly, Sikkim is also in the process of harmonising its laws with the central laws.

As far as judiciary is concerned, the Supreme Court of India has made a distinction between skills based and chance based gaming activities. Of course, each case depends upon its own facts and circumstances and the respective state law and we cannot apply one decision uniformly in all cases of gambling and online gambling.

The skill and chance and state subject legal arguments are not sufficient to comply with complicated techno legal requirements of India as on date. So before launching an e-commerce portal, the concerned person or company must make it sure that techno legal requirements are duly complied with.

We believe that cyber law due diligence, Internet intermediary liability and cyber due diligence for Indian companies must be kept in mind by various e-commerce websites and players. The skill and chance and state subject legal arguments are not sufficient to comply with complicated techno legal requirements of India as on date. So before launching an e-commerce portal, the concerned person or company must make it sure that techno legal requirements are duly complied with.

India Must Ensure Techno Legal Measures To Regulate Indian Cyberspace

PRAVEEN-DALAL-MANAGING-PARTNER-OF-PERRY4LAW-CEO-PTLBTechnology Companies like Google, Yahoo, Microsoft, etc and Social Media Websites like Facebook, Twitter, LinkedIn, etc are providing mechanisms and services through which Civil Liberties in Cyberspace are exercised. The traditional media is so heavily regulated and monitored by our respective Governments that they have limited role in strengthening the Speech and Expression and Right to Know Rights of Netizens. These Technology Companies and Social Media Websites not only provide a “Voice” to the mass population but they also help in keeping a “Check” upon our respective Governments and their Agencies.

However, there is a “Flip Side” to these benefits as well. The services provided by these Technology Companies and Social Media Websites are frequently “Misused” by third parties and these Companies and Websites are not “Compliance Friendly” when it comes to Laws and Regulations of various Jurisdictions. These Companies and Websites frequently abuse the “Conflict of Laws Gaps” to deny information that can help in arresting and prosecution of the Cyber Criminals.

All of these Companies and Websites follow the Laws of their respective Jurisdiction and in almost all cases this means the Laws of United States. What is frustrating for Indian Government and its Agencies is that even if there is a “Clear Violation” of Indian Laws, these Companies and Websites do not provide the “Data and Information” requested by Indian Government and its Agencies. Even Legal Requests by Attorney are not entertained in proper manner and they are required to follow U.S. Laws and Regulations or are asked to undergo a procedure that is neither approved nor recognised by Indian Legal System.

These Companies and Websites can take this “Liberty” because Indian Government has not taken “Techno Legal Steps” against them. As a result Companies like Google, Facebook, etc are openly Violating Indian Laws and “Blatantly Refusing” to entertain and respect Indian Legal Requests for Information.

Even the much hyped Mutual Legal Assistance Treaty (MLAT) has its own “Limitations” to make the offending People/Companies liable as per Indian Laws. For instance, recently U.S. blocked India’s MLAT attempt to make Google, Facebook, etc to comply with Indian Laws. So what would Indian Government do if these Companies and Websites do not comply with Indian Laws and if they cannot be “Compelled” to comply with Indian Laws through MLAT and other mechanisms as well?

Regulating Internet or Cyberspace is a big challenge for all the Nations. India has also started feeling the pressure of the same as Foreign Companies and Websites have started affecting the Law and Order, Peace and Tranquility, National and Cyber Security, etc of India.

India urgently needs to act on both the fronts of Technology and Legal Framework to make these Companies and Websites comply with Indian Laws. On the Technology side, Indian Government must force these Companies and Websites to “Establish Servers in India”. Further, in extreme cases, Indian Government can also “Block” the Services provided by these Companies and Websites at the “National Gateway Level” or “Selectively and Case to Case Basis” through the Indian Computer Emergency Response Team (Cert-In). Judicial Intervention can also be sought to Block the Services provided by these Companies and Websites.

On the Legal Side, Indian Government can make “Necessary Amendments” in the Licenses, Rules and Regulations applicable to these Companies and Websites if they wish to do any sort of “Commercial Activities” in India. Any Company or Website having an Indian Subsidiary Company, Place of Establishment or Business in India, assessable to Indian Income or other Taxes, deriving any Income or Profits from Indian Operations (whether Directly or Indirectly), Income Accruing or Arising in India from their Operations anywhere in the World, etc must be “Compulsorily Amenable” to Indian Laws.

Similarly, Mergers and Acquisitions, Transfer Pricing and Arm Length Dealings, Private Equity and Foreign Direct Investments, Sale and Purchase of Indian Companies Shares and Stakes, etc by these Foreign Companies and Websites must also be “Strictly Regulated” so that they cannot Manipulate and Evade Compliance with Indian Laws.

We request the attention of Indian Government towards these ”Crucial Issues” that must be taken care of on a “Priority Basis”. We are also willing to frame necessary “Techno Legal Framework” so that Foreign Companies and Websites do not evade the Compliance with Indian Laws anymore through the grey area of Conflict of Laws in Cyberspace.

Guidelines Issued By Election Commission Of India For Media Coverage Under Section 126 Of RP Act, 1951

Guidelines Issued By Election Commission Of India For Media Coverage Under Section 126 Of RP Act, 1951The Election Commission of India (ECI) has issued guidelines (PDF) regarding media coverage under section 126 of Representation of People Act, 1951. As per a press release issued by the ECI, Section 126 of the Representation of the People, 1951, prohibits displaying any election matter by means, inter alia, of television or similar apparatus, during the period of 48 hours before the hour fixed for conclusion of poll in a constituency.

The expression similar apparatus includes websites, blogs, social media platforms, etc as well. This makes the enforcement of this prohibition very difficult as websites and social media platforms may not always be located within Indian jurisdictions.

Realising the practical difficulties to regulate foreign websites and social media platforms, it has been proposed that Indian social media websites must be started. It is also been considered to force the technology companies to establish their servers in India so that Indian laws can be enforced more effectively.

Foreign companies like Google, Facebook, etc are not complying with Indian laws and legal requests for information. They are taking shelter behind the conflict of laws in Indian cyberspace and are avoiding compliances with Indian laws. In these circumstances enforcement of the provisions of Section 126 of the Representation of the People, 1951 would be really challenging.

Section 126 (1) (b) provides that no person shall display to the public any election matter by means of cinematograph, television or other similar apparatus in any polling area during the period of forty-eight hours ending with the hour fixed for the conclusion of the poll for any election in the polling area.

Section 126 (2) provides that any person who contravenes the provisions of sub-section (1) shall be punishable with imprisonment for a term which may extend to two years, or with fine, or with both.

Section 126 (3)   provides that for the purposes if Section 126, the expression “election mater” means any matter intended or calculated to influence or affect the result of an election.

Both foreign companies and Indian telecom and technology companies are required to follow cyber law due diligence in India.  They are also “Internet Intermediary” under the provisions of Information Technology Act, 2000. If these companies contravene Indian laws, including section 126 of the RP Act, 1951, they can be prosecuted in India.

Similarly, any individual who assists in the contravention of section 126 shall also be liable to be punished under section 126. Political parties of India and their online supporters must keep this in mind while doing campaign on websites and social media websites.

During elections, there are sometimes allegations of violation of the provisions of the Section 126 of the RP Act, 1951 by TV channels in the telecast of their panel discussions/debates and other news and current affairs programmes. ECI has also invited the attention of all stakeholders to Section 126A of the R.P. Act 1951, which prohibits conduct of Exit poll and dissemination of their results during the period mentioned therein, in the hour fixed for commencement of polls in the first phase and half hour after the time fixed for close of poll for the last phase in all the States.

ECI once again reiterated that the TV/Radio channels and cable networks should ensure that the contents of the programme telecast/broadcast/displayed by them during the period of 48 hours referred to in Section 126 do not contain any material, including views/appeals by panelists/participants that may be construed as promoting/prejudicing the prospect of any particular party or candidate(s) or influencing/affecting the result of the election.

However, during the period not covered by Section 126 or Section 126A, concerned TV/Radio/Cable/FM channels are free to approach the state/district/local authorities for necessary permission for conducting any broadcast related events which must also conform to the provisions of the model code of conduct and the programme code laid down by the Ministry of Information and Broadcasting under the Cable Network (Regulation) Act with regard to decency, maintenance of communal harmony, etc. They are also required to stay within the provisions of Commission’s guidelines dated 27th August, 2012 regarding paid news and related matters. Concerned Chief Electoral Officer/District Election Officer will take into account all relevant aspects including the law and order situation while extending such permission.

Attention of all media has also been drawn to the following guidelines issued by Press Council of India to follow for observance during the election:

(i) It will be the duty of the Press to give objective reports about elections and the candidates. The newspapers are not expected to indulge in unhealthy election campaigns, exaggerated reports about any candidate/party or incident during the elections. In practice, two or three closely contesting candidates attract all the media attention. While reporting on the actual campaign, a newspaper may not leave out any important point raised by a candidate and make an attack on his or her opponent.

(ii) Election campaign along communal or caste lines is banned under the election rules. Hence, the Press should eschew reports, which tend to promote feelings of enmity or hatred between people on the ground of religion, race, caste, community or language.

(iii)  The Press should refrain from publishing false or critical statements in regard to the personal character and conduct of any candidate or in relation to the candidature or withdrawal of any candidate or his candidature, to prejudice the prospects of that candidate in the elections. The Press shall not publish unverified allegations against any candidate/party.

(iv) The Press shall not accept any kind of inducement, financial or otherwise, to project a candidate/party. It shall not accept hospitality or other facilities offered to them by or on behalf of any candidate/party.

(v) The Press is not expected to indulge in canvassing of a particular candidate/party. If it does, it shall allow the right of reply to the other candidate/party.

(vi)  The Press shall not accept/publish any advertisement at the cost of public exchequer regarding achievements of a party/government in power.

(vii) The Press shall observe all the directions/orders/instructions of the Election Commission/Returning Officers or Chief Electoral Officer issued from time to time.

The above guidelines should be duly observed for compliance by all the concerned media, including social media. There are great chances that these guidelines would be violated by various political parties and their supporters especially through online mechanisms and social media websites. Only time would tell how far ECI would be able to meet the objectives mentioned in this press release.

Google, Facebook, Etc Continue To Violate Indian Laws

Google, Facebook, Etc Continue To Violate Indian LawsConflict of laws in Indian cyberspace is getting more and more complicated day by day as Indian government fails to take proper and stringent actions against social media websites like Facebook and technology companies like Google.

While these companies are openly refusing to comply with Indian legal requests yet Indian government has still to find a mechanism to make them  comply with Indian laws especially the Information Technology Act, 2000, Code of Criminal Procedure, 1973 and other related civil and criminal laws of India.

These companies are willing to provide only that much of information as they may deem proper as per their own policies and local laws. Even when it comes to adhering to their own policies they are not strictly following to the same.

The Chandigarh Police cyber cell has recently faced this attitude of Facebook and Google. They have complained of lack of cooperation from United States located technology companies like Google and Facebook.

The cyber crime cell says that their investigation is not making any progress due to lack of cooperation from Google and Facebook. As per the records, the cyber cell here has received over 100 complaints about social networking sites – mainly Facebook – related to account hacking, creation of fake accounts, and uploading of objectionable pictures and posts in the past nine months (January to September), but only seven of them have been converted into First Information Reports (FIRs).

Although Facebook and Google may not be liable under the laws of United States for non compliance with requests and directions of  law enforcement agencies of India yet these companies are “Internet Intermediary” within the meaning of Information Technology Act, 2000 and they are required to follow cyber law due diligence in India.

Indian government may force companies like Facebook, Google, etc to establish servers in India by allowing them to commercially operate in India only once they comply with Indian laws. This is a much needed step in the present circumstances as per cyber law experts of India.

Conflict Of Laws Scenario In Indian Cyberspace

PRAVEEN-DALAL-MANAGING-PARTNER-OF-PERRY4LAW-CEO-PTLBOne of the most complex problems of Cyberspaces is that Jurisdictional Issues are not easy to determine and enforce. The Sovereignty of Nations is often found clashing with each other where each Nation tries to enforce its own Laws and Policies. This is the reason that Conflict of Laws in Cyberspace can be found very easily.

Many Technology Companies are incorporated in United States but they have global presence are often found in Conflict of Laws situation in India. These U.S. Companies include Companies like Google, Microsoft, Yahoo, Facebook, Twitter, etc. These Companies are required to follow Cyber Law Due Diligence in India otherwise they can be Criminally Prosecuted in India. Cyber Law Due Diligence for Companies in India has now been well established by the Information Technology Act, 2000 (IT Act 2000).

These Companies are also Intermediary within the meaning of IT Act, 2000 and they are bound by statutory defined Internet Intermediary Liability in India. It is very clear that Cyber Litigations Against Foreign Websites would increase in India.

Foreign Countries, especially European countries, have prescribed stringent provisions for Technology Companies and they follow the same religiously. However, when it comes to Indian Laws, these Foreign Companies cite one excuse or other to avoid compliance with them.  The Cyber Law of India applies to Technology Companies like Google, Facebook, etc no matter whatever excuse they may take this regard.

It is a well known fact that Companies like Google are not complying with Indian laws and Indian Government is not doing much in this regard. Of course, Indian Government may force Companies like Facebook, Google, etc to Establish Servers in India by allowing them to commercially operate in India only once they comply with Indian Laws. This is a much needed step in the present circumstances.

Even Mutual Legal Assistance Treaties (MLAT) are not very effective in all cases. Recently the United States refused to serve Indian summons upon Technology Companies including Google Facebook, etc. Similarly, United States also blocked Indian attempt to make Companies like Google, Facebook, etc comply with Indian laws.

At Perry4Law and Perry4Law’s Techno Legal Base (PTLB) we believe that Indian Government must take “Urgent Steps” to force these Technology Companies to comply with Indian laws. Indian Government must use Techno Legal Methods to achieve this objective.

Similarly, steps against Indian Companies and Intermediaries must also be taken as right now they are not taking Indian Laws seriously and this gives a bad signal to other Companies. We would be glad to help Indian Government and Law Enforcement Agencies in achieving these much needed objectives.