Monthly Archives: December 2013

E-Mail Policy Of India In Pipeline

E-Mail Policy Of India In PipelineElectronic mail or e-mail is one of the favourite methods of cyber criminals to compromise computer systems and to gain sensitive and personal information. Further, service providers like G-mail are abetting and encouraging commission of cyber crimes as well. E-mail service providers like g-mail, yahoo, hotmail, etc are also facilitating violating the provisions of Public Records Act, 1993 wherever public records are involved.

Realising the seriousness of the situation, Delhi High Court is analysing e-mail policy of India and complaint mechanism to Facebook. The Delhi High Court has also directed Central Government to issue notification regarding electronic signature under Information Technology Act 2000. An advisory by Maharashtra Government to use official e-mails has already been issued.

The recent e-surveillance initiatives of National Security Agency (NSA) of United States created uproar among world community at large. James Clapper, the Director of NSA, has also admitted that NSA is targeting foreign citizens for surveillance. This includes netizens of India as well.

Issues like e-surveillance and conflict of laws have forced India to exert more control over its cyberspace. India has even suggested formulation of an international regulatory framework for Internet governance at the United Nations. Even the United Nations (UN) Third Committee approved text titled Right to Privacy in the digital age to curb e-surveillance practices among various nations.

However, India must ensure techno legal measures to regulate Indian cyberspace. Further, domain name protection in India must be free from ICANN’s influence as ICANN is not helping in enforcement of Indian laws at all.

The Department of Electronics and Information Technology (DeitY) has already issued policy documents in this regard. These include email services and usage policies of Government of India (PDF), NIC policy on format of e-mail address (PDF), password policy of Government of India (PDF), security policy for users by Government of India (PDF) and service level agreement by Government of India (PDF).

However, issues like non cooperation by United States and companies like Google, Microsoft, Yahoo, etc registered there must be resolved on a priority basis. Although an Indo-American alert, watch and warn network for real time information sharing in cyber crime cases has been proposed yet its establishment and effectiveness is yet to be tested. In the past US has not only refused to serve Indian summons upon US websites including Facebook and Google but has also blocked a MLAT attempt to make Google, Facebook, etc comply with Indian Laws. Meanwhile companies like Google and Facebook continue to violate Indian Laws. The present e-mail policy of India must consider all these aspects before allowing foreign e-mail services to be used in India.

Domain Name Protection In India Must Be Free From ICANN’s Influence

Domain Name Protection In India Must Be Free From ICANN’s InfluenceDomain name protection in India is long overdue. We have no dedicated domain name protection laws in India and domain name protections are generally claimed under the Indian Trademark Act, 1999.

At the international level, Internet Corporation for Assigned Names and Numbers (ICANN) is managing the dispute resolution pertaining to domain names. The Uniform Domain-Name Dispute Resolution Policy (UDRP) of ICANN is frequently suggested to be used for trademark disputes and domain name disputes. ICANN has prescribed a very selective list of approved dispute resolution service providers who can alone adjudicated disputes pertaining to domain names.

Thus, the domain name dispute resolution mechanism of ICANN is not only managed by selective few institutions but it is also a costly affair as arbitration fees has to be deposited to invoke UDRP proceedings. This means that even in the clearest case of trademark violation, cyber squatting and commission of a crime, the aggrieved person has to approach ICANN approved dispute resolution provider and has to deposit fee for invoking the dispute resolution procedure.

Anybody who has dealt with ICANN must be aware that ICANN never takes any action against the guilty domain name registrars no matter whatsoever wrong doing they have been engaging in. ICANN accredited registrars take advantage of this position and they openly flout laws of India.

As per the Information Technology Act, 2000 and the Information Technology (Intermediary Guidelines) Rules, 2011, an Indian domain registrar who is accredited to ICANN and operating in India is an intermediary and it is required to follow cyber law due diligence to escape Internet intermediary liability in India.

However, domain name registration service providers like Public Domain Registry [] are not at all complying with Indian laws, especially the IT Act, 2000. Even ICANN is aware of such non compliance and is shielding such registrars instead of taking a punitive and administrative action.

We have already lodged a criminal compliant against Public Domain Registry before the Delhi Police and are now exploring other legal options in this regard. We have also brought to the knowledge of ICANN about such criminal complaint, irregularities and lack of compliance of the part of Public Domain Registry.

We have also contacted GoDaddy in this regard and it has informed us that GoDaddy is not at all involved with the offending domain name in question. This means that GoDaddy’s name has been wrongly allowed to be used by both the domain registrar Public Domain Registry and ICANN despite being well aware of the irregularities and illegalities.

This entire episode has forced us to think how ICANN must be made accountable for not respecting laws of other jurisdictions like India. Recently, Indian government has prescribed that domain names ending with .in extension must not use privacy protect facilities and must disclose their true identity. Most of the domain name service providers operating in India have complied with the requirement.

On similar terms, the Indian government must mandate that domain name service providers operating in India must comply with Indian laws on priority if there is a conflict between the Indian laws and the agreement between ICANN and such domain name service provider.

Although this is the actual legal position as on date yet an expression declaration in this regard would help in clearing any doubts about this proposition. India must also work in the direction of making the role and influence of ICANN negligible while dealing with Indian domains and Indian domain name registrars.

Indo-American Alert, Watch And Warn Network For Real Time Information Sharing In Cyber Crime Cases

Indo-American Alert, Watch And Warn Network For Real Time Information Sharing In Cyber Crime CasesLaw enforcement agencies of India have been facing the conflict of law situation in Indian cyberspace for long. As a result any cyber crime that has a foreign element is very difficult to solve for Indian law enforcement agencies. This is more so when the Internet intermediary is located in United States as Internet intermediaries like Google, Yahoo, Microsoft, Facebook, etc are very fussy while sharing information about cyber criminals.

In fact companies like Google, Facebook, etc are openly violating Indian laws and Indian government is in a helpless situation in this regard. There is no other option left for the Indian government but to formulate stringent techno legal measures against these foreign companies.

Not only these foreign companies are harbouring cyber criminals by not providing their details but e-mail service providers like G-mail actually abets and encourages commission of cyber crimes in India. As an urgent measure Indian government must ban G-mail in India for official and private communications to avoid increase in cyber crimes in India. The Maharashtra government has already issued an advisory to use official e-mails for official communications.

Business Standard has reported that with growing reluctance of service providers to furnish real time information in cyber crime cases, India will seek active cooperation from the US for setting a joint mechanism to overcome such difficulties. As the two countries plan to meet at the India-US Homeland Security dialogue here on December 4, the difficulties faced by Indian security agencies in cyber-crime related cases top the agenda.

The two-day meet will be inaugurated by Home Minister Sushi Kumar Shinde and attended by US Assistant Secretary for Policy (Homeland Security) David Heyman and US Ambassador to India Nancy Powell among others. In the agenda papers it was stated that India, which ranks fifth in the world in the incidence of cyber crime, has seen hacking of 9,000 websites in three years thus posing a serious threat to the government.

Highlighting the difficulties faced by Indian security agencies, the papers said most of the prominent service providers like Hotmail, Google, Facebook, Twitter are based in the US and a general request takes anywhere between 15 and 80 days. “Further there is no guarantee that the required information would be provided at all. “However, despite urgent requests, there have never been provided by any of the service providers even in single case,” it was stated.

According to TOI, US servers almost take a “lifetime” to respond to India’s requests in cases of cyber crime investigations and still do not deliver many times, leading to situations like communal tensions spiral out of hand. The lengthy process of mutual legal assistance treaty and the route of letter rogatory are not helping matters either.

India is likely to push for easier and quicker methods of sharing information on cyber crimes with the US in the two day meet as most servers are based in that country. India will ask for setting up of an Indo-American Alert, Watch and Warn Network of participating law enforcement agencies of both countries for real-time sharing of information to manage crises and threats. It will also push for setting up of an expert group that will promote legal mechanisms that encourage cyber cooperation and facilitate creation of training materials and technical assistance.

“In addition to internet logs, in many cases profile and email contents etc are also required for investigations. However, despite urgent requests, there have never been provided by any of the service providers even in single case,” the document further states.

It also points out the futility of MLTA and LR regimes. “The LR process is time consuming and the resultant delays invariably make the entire investigation a futile exercise,” it says.

Perry4Law and Perry4Law’s Techno Legal Base (PTLB) have already provided their suggestions (PDF) to Indian government and Serious Fraud Investigation Office (SFIO) in this regard on similar lines. Most of these suggestions are already part of the proposed meet.