Author Archives: Praveen Dalal

US Supreme Court Approves Rule To Let US Judges Issue Warrants For Computer Access In Any Jurisdiction But Constitutional Issues Remain Unresolved

PRAVEEN-DALAL-MANAGING-PARTNER-OF-PERRY4LAW-CEO-PTLBThe legal landscape in United States (US) is fast changing. Part of this can be attributed to the ongoing election campaign while part of it is due to the modernisation of the antique laws of US. Recently an e-mail privacy bill was unanimously passed by the US house. The bill requires the law enforcement authorities to obtain a search warrant before asking technology companies to hand over old e-mails.

Now it has been reported that on Thursday, the US Supreme Court approved a change to Rule 41 of the Federal Rules of Criminal Procedure. The current law in US requires law enforcement agencies of US to know where a computer is before they can get a warrant to directly hack the machine. This is required to ensure that jurisdiction of the concerned judge is not exceeded by issuing a warrant regarding a territory beyond the judge’s powers and jurisdiction.

Now the proposed amendments in the rules would no more require compliance with this requirement and the law enforcement agencies would be free to use a single search warrant to infiltrate any system anywhere in the world. This is another way of saying that law enforcement agencies of US would now have long arm jurisdiction to target any computer or device located in any country including India.

US Chief Justice John Roberts transmitted the rules to Congress, which will have until December 1 2016 to reject or modify the changes to the federal rules of criminal procedure. If Congress does not act, the rules would take effect automatically. The US Justice Department, which has pushed for the rule change since 2013, has described it as a minor modification needed to modernise the criminal code for the digital age, and has said it would not permit searches or seizures that are not already legal.

However, this claim of Justice Department is far from truth. When law enforcement agencies are empowered to target global audience, then civil liberty issues are bound to arise. This is a major amendment in the criminal jurisprudence of US and it cannot be brushed aside as a simple amendment or modification. Looking from another perspective, this modification/amendment is prima facie in direct conflict with civil liberties protection in cyberspace and would give rise to conflict of laws in cyberspace in various jurisdictions.

In fact, Google, owned by Alphabet Inc, and civil liberties groups such as the American Civil Liberties Union and Access now contend the change would vastly expand the Federal Bureau of Investigation’s (FBI) ability to conduct mass hacks on computer networks. They say it also could run afoul of the US Constitution’s protections against unreasonable searches and seizures. Not only this, a hacking adventure or unauthorised search conducted by FBI or any other law enforcement agency of US upon Indian computers and systems would also violate the provisions of Indian Constitution.

In addition, the proposed rule would also allow the FBI and others to hack into victims’ computers that have already been compromised by cyber-criminals. This is being billed as a measure to help track down the operators of botnets but its legal consequences are far greater than this objective. It is clear that FBI is targeting privacy and anonymity tools to keep a tab on online transactions and dealings. It has also been disclosed that the former Tor developer created malware for the FBI to hack Tor users. FBI has also informed that it would not disclose how it hacked the Apple’s iPhone and Tor network. However, the evidence collected by such Tor hack was disallowed by the judge of a US court. Let us wait and watch how developments would take place in this regard in the year 2017.

How To Obtain A Domicile Certificate In India

How To Obtain A Domicile Certificate In IndiaDomicile is a complicated subject in India that has vexed States and its authorities across the India. Suprisingly, the domicile laws in India are very clear but the confusion is still persisting. Till now various States in India are confused between the concepts of Domicile and Residence. These concepts are totally different and so is their purpose and treatment. If a person is interested in obtaining a domicile certificate in India he ends up reading the procedure for obtaining a residence certificate.

The main difference between a domicile certificate and residence certificate is that a domicile certificate, wherever available, is applicable to whole of India whereas a residence certificate is limited to the territorial jurisdiction of a particular State. A person cannot have more than one domicile certificate but the same individual may try to obtain more than one residence certificate in different States. However, obtaining more than one residence certificate is a punishable offence in India.

So the crucial question is how to obtain a domicile certificate in India. The answer is not a simple one as there is no set procedure for the same. However, one thing is clear. A domicile certificate can be obtained from the Central Government and State Government is not the suitable authority for that purpose. Till now the legal position in this regard is not clear and this interpretation seems to be the applicable rule in India.

However, before a domicile certificate can be issued in India, it is pertinent to prove the factum of residence and the intention to make India a permanent place of residence. Mere residence in India for many number of years, even if continuous in nature, is not sufficient to claim the domicile status in India. To a great extent domicile and citizenship are synonymous as per Indian legal system. The Constitution of India prescribes a single domicile system and States cannot modify this legal position.

The burden of proof is upon the applicant of the domicile certificate to show that he intends to settle in India permanently. This intention can be proved from past, present and future course of action on the part of the applicant. This proof of intention cannot be taken lightly by the Central Government as an improperly issued domicile certificate can be used for tax evasion, illegal and irregular succession dealings, inheritance related irregularities, etc. This is more so when inter country legal issues are involved.

This is so because Domicile is a Conflict of Laws principle and ascertainment of Domicile status becomes very complicated when foreign jurisdiction is also involved. It is very difficult to ascertain the true intention of the applicant of the Domicile certificate from the limited set of facts. Domicile is a question of fact and laws and this is the reason that the appropriate authority must be very vigil while issuing a Domicile certificate.

Till now the Central Government has not issued any guidelines or rules that can be referred to while issuing a Domicile certificate. There are different Central Government Ministries/Departments that can be approached for issuance of a Domicile certificate. However, when the Domicile certificate is requested by a person of Indian origin (PIO) or non resident Indian (NRI) or Overseas Citizens of India Cardholder (OCI cardholder), then the complications are significantly increased. These legal complications are further increased when such PIO/NRI/OCI has become a citizen of a foreign nation.

It is clear that there is no set procedure to obtain a Domicile certificate, especially by a PIO/NRI/OCI who has become a citizen of a foreign nation. At Perry4Law Organisation (P4LO) we strongly recommend that the Central Ministries like Ministry of Home Affairs, Ministry of External Affairs, Bureau of Immigration (BOI), etc must come out with clear cut guidelines and rules pertaining to issuance of a Domicile and residence certificate. Such guidelines or rules must not be narrowly drafted but must be drafted keeping in mind the widest possible techno legal implications.

As India is embracing the Digital India project, it is imperative to consider the techno legal issues as well because in future many citizen centric services would be delivered through electronic mode and use of Internet related technologies. The Domicile policy of India needs to be techno legal on the one hand and covering the Conflict of Laws principles on the other. We hope the Indian Government would come up with a techno legal Domicile policy of India very soon.

 

Delhi Police Gets IP Address Logs Of Amrita Rai’s G-Mail Account From Google But The Problem Continues

PRAVEEN-DALAL-MANAGING-PARTNER-OF-PERRY4LAW-CEO-PTLBComputers and e-mail accounts are source of sensitive, personal and crucial information and data these days. If a computer or e-mail account is compromised, it may cause inconvenience, financial loss and embarrassment for the victim. The victim has to face double harassment when such sensitive information is leaked on the Internet. One such episode occurred when personal photographs of journalist Amrita Rai and senior Congress minister Digvijaya Singh were recently leaked by unknown crackers. It was suspected that the e-mail account of Amrita was cracked and sensitive photographs were acquired from the same.

Unfortunately, Amrita was managing a G-Mail account for storing such photographs. It is common knowledge that G-Mail substitutes its own Internet protocol (IP) address with the address of the person using the concerned e-mail account. This not only means that G-Mail is abetting commission of various cyber crimes world over, including India, but it also means that Indian law enforcement agencies have to approach G-Mail every time they have to investigate a G-Mail related cyber crime. This is high time to ban private e-mail service providers like G-Mail that hide the IP address of the criminal in derogation of Indian laws. In fact, Indian government is already considering banning e-mail services of G-Mail, Yahoo, etc in India for official communications and this is a good step in right direction.

It is common knowledge that in the absence of a techno legal framework in India, companies like Google, Facebook, etc would continue to violate Indian laws. The latest Google App Vault service and healthcare venture of Facebook would also raise serious regulatory issues in India in near future. The cloud computing regulatory issues in India are also not followed by various cloud computing service providers. These factors make the cyber crime investigation tasks of Indian police very difficult to manage.

For instance, although Delhi Police has been able to get the IP address logs of Amrita’s G-Mail account yet this is no achievement at all. The photographs were leaked in the month of April 2014 and the account may have been compromised much earlier than that. Even presuming that the account was breached in the month of April 2014, still 5 months have already elapsed and the valuable and fragile digital evidence has already been lost. If Delhi Police starts analysing the IP address even today itself, it would take significant time to reach a logical conclusion.

Further, the IPs from which the G-Mail account is suspected to be accessed belongs to places like Netherlands (Amsterdam) and Philippines (Manila). Approaching these countries after 5 months and getting relevant evidence now would be expecting too much at this stage. Further, IP address spoofing, using of proxies, corroborating the IP address with other evidences, etc would take significant time and resources. It is quite possible that the IP address and server logs of concerned computers located at Amsterdam and Manila may be either not managed at all or they must have been deleted after 5 months. In any case, there are great chances that Delhi Police may hit a road block in the end.

To add further delay to this process, Delhi Police plans to approach the cyber forensic officials to give it a clear picture about this entire episode. Cyber forensics laboratories in India are already overburdened with cyber crime cases and are running with big backlog of such cases. Delhi Police cannot expect to get a response from the cyber forensics officials before six months. After getting the opinion of cyber forensics officials, Delhi Police would invoke mutual legal assistance treaty (MLAT), if any, applicable between India, Amsterdam and Manila. In short, this process is not going to end very soon. The worst part is that this is not the first or last episode of this type and more such incidences would happen in the near future. Will Indian Government wake up from its long sleep and take some concrete action in this regard?

Google’s Online Defamation Case Filed By Visaka Industries Ltd Reaches For Indian Supreme Court Hearing

PRAVEEN-DALAL-MANAGING-PARTNER-OF-PERRY4LAW-CEO-PTLBForeign Companies like Google, Facebook, Microsoft, etc, have taken Indian Laws for granted for too long. It seems they have the support of Indian Government as the Policies and Regulatory Framework of India are such that they allow these Companies to “Slip Easily”. Even Indian Telecom Companies are engaging in behaviours that are not allowed within the current Legal Frameworks. The Information Technology Act, 2000 prescribes certain Cyber Laws Due Diligence Requirements (PDF) that Indian Telecom Companies are not following at all. For instance, the reports of Violations Of Cyber Law Due Diligence and Internet Intermediary Rules by Tata Teleservices Limited and Airtel are well known.

However, this situation cannot continue for too long as sooner or later Indian Government would be forced to take “Stringent Actions” against both domestic and foreign companies. In fact, the cyber litigations against foreign websites would increase in India in the near future. The Google’s online defamation case of India, initiated by Visaka Industries Ltd against Google, is just the beginning.

Google is also on the wrong side of many Indian Laws. For instance, Google is already violating many Laws of India, especially the Cyber Law of India. In fact, the G-Mail must be banned in India as it is “Abetting and Encouraging the Commission of Cyber Crimes” against Indian Citizens and Organisations. India must ensure Techno Legal Measures to regulate Indian Cyberspace if it really wishes to curb the menace created by both domestic and foreign technology companies.

Google has been facing Conflict of Laws problems in India. While Google is adamant on following the United States Laws and Polices yet various stakeholders are insisting that Google must adhere to Indian Laws as well. Google has long used the Conflict of Laws Façade and Subsidiary Argument to evade applicability of Indian Laws.  This is natural and there is nothing wrong in taking a legal stand like this. What is not understandable is why Indian Government is “not taking strict actions against Google” and its “Unregulated Services” in India.

We at Perry4Law believe that all Subsidiary/Joint Ventures Companies in India, especially those dealing in Information Technology and Online Environment, must mandatorily establish a server in India. Otherwise, such Companies and their Websites should not be allowed to operate in India. The Ministry of Home Affairs, India and Intelligence Bureau (IB) are already exploring this possibility.

A “Stringent Liability” for Indian Subsidiaries dealing in Information Technology and Online Environment must be established by Laws of India. More stringent online advertisement and e-commerce provisions must be formulated for Indian Subsidiary Companies and their Websites.

Now we have a good chance to remove the “Governmental Apathy” towards these crucial issues as the matter is coming for hearing on Monday before the Supreme Court of India. The Court should not be swayed away with the Subsidiary Argument that has been fooling Indian Judiciary for long.  The Supreme Court is seized with the issue whether the Subsidiary of Google Inc. is liable for allegedly defamatory comments made on its blogging site. This is a big opportunity for Indian Supreme Court to “Streamline” Indian Laws in this regard.

Google has already lost the case in Andhra Pradesh High Court in 2011 and it has appealed to the Supreme Court. If Google loses again it will be held “Criminally Liable” for violation of various Indian Laws, including the Indian Penal Code, 1860 and the Information Technology Act, 2000.

E-Surveillance, Civil Liberties Protection In Cyberspace And Conflict Of Laws

PRAVEEN-DALAL-MANAGING-PARTNER-OF-PERRY4LAW-CEO-PTLBNational Security is a “Vague and Misguided Concept” and under the “Guise of National Security”, the Civil Liberties of Citizens is violated World over, including India. As more and more Technology is being used by Citizens and Netizens, the Law Enforcement Agencies and other Government Agencies have started “Targeting” the Online Dealings of various Netizens.

In almost all of these cases, the Civil Liberties in Cyberspace are violated “Without any Judicial Scrutiny and Legal Framework”. Whether it is United States, United Kingdom, India or any other Country, Intelligence and Security Agencies are openly violating various Constitutional and Human Rights in Cyberspace.

Civil Liberties like Privacy, Free Speech, Right to Know, Right to Share Information, etc are at “Serious Peril” of being compromised forever if immediate steps are not taken right now. None would suggest that Privacy should be given prominence over National Security but at the same some none would say that Privacy Rights and other Civil Liberties can be compromised and infringed for the sake of some “Presumed and Artificial National Security Requirements”.

A “Balance” must be maintained between Civil Liberties and National Security Requirements and they must be “Reconciled” to have the best results. If we give unnecessary importance to either Privacy or National Security, the end result would be “Counter Productive” in the long run.

As on date we have no “Globally Acceptable” Cyber Law Treaty, Cyber Security Treaty and Civil Liberties Protection Treaty for Cyberspace. As a result we have no protection at the International Level against Cyber Crimes, Cyber Attacks, Cyber Espionage, Cyber Terrorism, E-Surveillance, Cyber Warfare, etc. Even the Tallinn Manual on the International Law applicable to International Cyber Warfare is not an Internationally Acceptable Legal Framework. As such it is “Not Binding” upon other Countries and they are free to not to follow the same and its Principles.

Among the respective National Legal Frameworks as well there is neither a “Harmony” nor “Accountability” for violation of Civil Liberties in Cyberspace. Intelligence and Security Agencies are operating without “Parliamentary Oversight”. In Countries like U.S., U.K., India, etc, Intelligence Agencies are either operating “Without a Law” or in “Clear Violation of Constitutional Norms”.

Further, “Surveillance Mechanisms” have been adopted and used to indulge in “Illegal E-Surveillance” World over. E-Surveillance in India has crossed all the “Procedural Safeguards Limits” and these E-Surveillance activities are violating both Constitutional Provisions and Civil Liberties in Cyberspace.

We have “Grossly Offensive” Projects like Aadhaar, Central Monitoring System, National Intelligence Grid (NATGRID), Crime and Criminal Tracking Network and System (CCTNS), etc without any “Parliamentary Oversight” and “Legal Framework”.

In India there is “No Requirement” to obtain a Court Warrant to engage in E-Surveillance and Eavesdropping. Further, with the introduction of Central Monitoring System of India, the scope for “Judicial Intervention” has been absolutely ruled out. The present position reiterates that when Rights are outlawed only outlaws would have Rights. Similarly, the present Cyberspace environment has also proved that Self Defence in Indian Cyberspace and Internet is need of the hour.

The Conflict of Laws Scenario in Indian Cyberspace has reached a stage where immediate Government action is required. India must ensure Techno Legal Measures to Regulated Indian Cyberspace so that both National Security and Civil Liberties can be respected and protected equally.

Strict Laws against Technology Companies and Social Networking Websites like Google, Facebook, etc must also be framed in India so that they can be forced to comply with Indian Laws.

International E-Surveillance Exercises targeted against India and its Citizens must be rebuked and strongly taken care of by India especially when the Intelligence Agencies are “Targeting Foreign Nationals”, including Indian Nationals.

India Must Ensure Techno Legal Measures To Regulate Indian Cyberspace

PRAVEEN-DALAL-MANAGING-PARTNER-OF-PERRY4LAW-CEO-PTLBTechnology Companies like Google, Yahoo, Microsoft, etc and Social Media Websites like Facebook, Twitter, LinkedIn, etc are providing mechanisms and services through which Civil Liberties in Cyberspace are exercised. The traditional media is so heavily regulated and monitored by our respective Governments that they have limited role in strengthening the Speech and Expression and Right to Know Rights of Netizens. These Technology Companies and Social Media Websites not only provide a “Voice” to the mass population but they also help in keeping a “Check” upon our respective Governments and their Agencies.

However, there is a “Flip Side” to these benefits as well. The services provided by these Technology Companies and Social Media Websites are frequently “Misused” by third parties and these Companies and Websites are not “Compliance Friendly” when it comes to Laws and Regulations of various Jurisdictions. These Companies and Websites frequently abuse the “Conflict of Laws Gaps” to deny information that can help in arresting and prosecution of the Cyber Criminals.

All of these Companies and Websites follow the Laws of their respective Jurisdiction and in almost all cases this means the Laws of United States. What is frustrating for Indian Government and its Agencies is that even if there is a “Clear Violation” of Indian Laws, these Companies and Websites do not provide the “Data and Information” requested by Indian Government and its Agencies. Even Legal Requests by Attorney are not entertained in proper manner and they are required to follow U.S. Laws and Regulations or are asked to undergo a procedure that is neither approved nor recognised by Indian Legal System.

These Companies and Websites can take this “Liberty” because Indian Government has not taken “Techno Legal Steps” against them. As a result Companies like Google, Facebook, etc are openly Violating Indian Laws and “Blatantly Refusing” to entertain and respect Indian Legal Requests for Information.

Even the much hyped Mutual Legal Assistance Treaty (MLAT) has its own “Limitations” to make the offending People/Companies liable as per Indian Laws. For instance, recently U.S. blocked India’s MLAT attempt to make Google, Facebook, etc to comply with Indian Laws. So what would Indian Government do if these Companies and Websites do not comply with Indian Laws and if they cannot be “Compelled” to comply with Indian Laws through MLAT and other mechanisms as well?

Regulating Internet or Cyberspace is a big challenge for all the Nations. India has also started feeling the pressure of the same as Foreign Companies and Websites have started affecting the Law and Order, Peace and Tranquility, National and Cyber Security, etc of India.

India urgently needs to act on both the fronts of Technology and Legal Framework to make these Companies and Websites comply with Indian Laws. On the Technology side, Indian Government must force these Companies and Websites to “Establish Servers in India”. Further, in extreme cases, Indian Government can also “Block” the Services provided by these Companies and Websites at the “National Gateway Level” or “Selectively and Case to Case Basis” through the Indian Computer Emergency Response Team (Cert-In). Judicial Intervention can also be sought to Block the Services provided by these Companies and Websites.

On the Legal Side, Indian Government can make “Necessary Amendments” in the Licenses, Rules and Regulations applicable to these Companies and Websites if they wish to do any sort of “Commercial Activities” in India. Any Company or Website having an Indian Subsidiary Company, Place of Establishment or Business in India, assessable to Indian Income or other Taxes, deriving any Income or Profits from Indian Operations (whether Directly or Indirectly), Income Accruing or Arising in India from their Operations anywhere in the World, etc must be “Compulsorily Amenable” to Indian Laws.

Similarly, Mergers and Acquisitions, Transfer Pricing and Arm Length Dealings, Private Equity and Foreign Direct Investments, Sale and Purchase of Indian Companies Shares and Stakes, etc by these Foreign Companies and Websites must also be “Strictly Regulated” so that they cannot Manipulate and Evade Compliance with Indian Laws.

We request the attention of Indian Government towards these ”Crucial Issues” that must be taken care of on a “Priority Basis”. We are also willing to frame necessary “Techno Legal Framework” so that Foreign Companies and Websites do not evade the Compliance with Indian Laws anymore through the grey area of Conflict of Laws in Cyberspace.

Conflict Of Laws Scenario In Indian Cyberspace

PRAVEEN-DALAL-MANAGING-PARTNER-OF-PERRY4LAW-CEO-PTLBOne of the most complex problems of Cyberspaces is that Jurisdictional Issues are not easy to determine and enforce. The Sovereignty of Nations is often found clashing with each other where each Nation tries to enforce its own Laws and Policies. This is the reason that Conflict of Laws in Cyberspace can be found very easily.

Many Technology Companies are incorporated in United States but they have global presence are often found in Conflict of Laws situation in India. These U.S. Companies include Companies like Google, Microsoft, Yahoo, Facebook, Twitter, etc. These Companies are required to follow Cyber Law Due Diligence in India otherwise they can be Criminally Prosecuted in India. Cyber Law Due Diligence for Companies in India has now been well established by the Information Technology Act, 2000 (IT Act 2000).

These Companies are also Intermediary within the meaning of IT Act, 2000 and they are bound by statutory defined Internet Intermediary Liability in India. It is very clear that Cyber Litigations Against Foreign Websites would increase in India.

Foreign Countries, especially European countries, have prescribed stringent provisions for Technology Companies and they follow the same religiously. However, when it comes to Indian Laws, these Foreign Companies cite one excuse or other to avoid compliance with them.  The Cyber Law of India applies to Technology Companies like Google, Facebook, etc no matter whatever excuse they may take this regard.

It is a well known fact that Companies like Google are not complying with Indian laws and Indian Government is not doing much in this regard. Of course, Indian Government may force Companies like Facebook, Google, etc to Establish Servers in India by allowing them to commercially operate in India only once they comply with Indian Laws. This is a much needed step in the present circumstances.

Even Mutual Legal Assistance Treaties (MLAT) are not very effective in all cases. Recently the United States refused to serve Indian summons upon Technology Companies including Google Facebook, etc. Similarly, United States also blocked Indian attempt to make Companies like Google, Facebook, etc comply with Indian laws.

At Perry4Law and Perry4Law’s Techno Legal Base (PTLB) we believe that Indian Government must take “Urgent Steps” to force these Technology Companies to comply with Indian laws. Indian Government must use Techno Legal Methods to achieve this objective.

Similarly, steps against Indian Companies and Intermediaries must also be taken as right now they are not taking Indian Laws seriously and this gives a bad signal to other Companies. We would be glad to help Indian Government and Law Enforcement Agencies in achieving these much needed objectives.