Merging of technology and law raises interesting
techno legal issues that are not easy to handle. There are very few
organisations or individuals that can manage techno legal issues in
India and world wide.
Perry4Law
Organisation (P4LO) is one such organisation that handles unique
and qualitative techno legal services in fields like cyber law, cyber
security, cyber forensics, e-discovery, etc. One such initiative is
known as
Global
Techno Legal News and Views.
Some of the interesting post of the blog are:
(1) Non Mandatory Aadhaar: The matter
pertaining to legality and constitutionality of Aadhaar project is
pending before the Supreme Court of India. The Central Government has
been maintaining that Aadhaar is
not
mandatory but for all practical purposes it has been made
mandatory by Indian Government.
(2) Digital India: Digital
India project of India is an ambitious but
troublesome
initiative as it is suffering from numerous shortcomings. This is
the reason that the Digital India project is heading towards
rough
waters. In fact, Digital India is the biggest
digital
panopticon of India so far. There is an urgent need to make it
legal and constitutional.
(3) Carbanak Malware: The notorious
malware Carbanak was instrumental in
stealing
about a Billion US Dollars from financial institutions worldwide.
Vskimmer
Trojan, capable of stealing credit card information from
Windows systems, was already in circulation. Similarly, the
Malware
Dump Memory Grabber was also targeting POS systems and ATMs
of major U.S. banks. These malware were creating havoc in India and
international levels.
(4) Censorship By Twitter: In an
unexpected move, Twitter has been censoring tweets relating to topics
like
Aadhaar,
Digital
India, etc. Till the time of writing of this post, Twitter is
still
censoring topics like Aadhaar, Digital India, etc.
(5) Hardware Spyware: Kaspersky has
revealed that intelligence agencies have been
using
hardware based stealth spyware. These hard drives are manufactured by
Western Digital, Seagate, Toshiba and other top manufacturers,
thereby making their use a potential cyber hazard.
(6) FBI Search Warrants: Recently a
proposal was made to expand the search warrant powers of FBI. Google
opposed the same and openly conveyed its
dissent
for the proposed US Justice Department proposal to expand federal
powers to search and seize digital data, warning that the changes
would open the door to US “government hacking of any facility” in
the world.
(7) Lenovo Adware: Lenovo has been
accused of
pre
installing Adware in laptops thereby compromising their security.
Users have complained that a programme called Superfish pre-installed
by Lenovo on consumer laptops was “Adware”, or software that
automatically displays adverts.
(8) Microsoft Cloud Computing: It has
been
reported
that Microsoft has adopted a new standard for cloud privacy that
commits the company to protect the privacy of customers’ data, not
to use it for advertisement purposes, and to inform the customer of
legal requests for personal data. Google along with other companies
has been fighting against e-surveillance activities of U.S. agencies.
(9) Mobile Communications Security:
Intercept has recently published an article describing that U.S. and
British spies hacked into the internal network of Gemalto in 2010
that is one of the largest manufacturers of SIM cards in the world.
They stole the encryption keys used to protect the privacy of mobile
cellular communications across the globe. These spies mined the
private communications of Gemalto engineers and employees in multiple
countries, including India. However, the most interesting revelation
comes in the form that GCHQ could not intercept keys used by mobile
operators in Pakistan, even though Pakistan is a priority target for
Western intelligence agencies. This is because Pakistanis used
more
secure methods to transfer the encryption keys between the SIM
card manufacturers and Pakistani mobile operators.
(10) Lawyers Communications: Recently
a British court ruled that the U.S. – U.K. surveillance regime was
unlawful for seven years. This means that the regime has also failed
to comply with the European convention on human rights. U.K.
government is
already
facing a trial where it has been accused of unlawfully
intercepted conversations between lawyers and their clients.
(11) Online Card Games: Some online
gaming stakeholders in India have approached the Supreme Court of
India to get clarity on the legality of online games like rummy,
poker, etc. In response of the same, the Supreme Court asked the
opinion of Central Government in this regard but the same has been
informally denied by the Central Government. This means that till the
time Supreme Court actually says that online rummy, online poker and
online card games are legal in India, majority of these gaming
stakeholders may be exposing themselves to legal risks and civil and
criminal liabilities. Now that the Supreme Court of India has finally
refused
to decided legality of online poker and online rummy in India,
online
card games websites may be
legally
risky if not properly drafted and managed.
(12) Internet Safety Campaign: Indian
government has announced that an
Internet
safety campaign would be started very soon in India. From the
media reports it seems that the awareness drive would cover all
stakeholders ranging from school level to government departments.
(14) E-Mail Policy: Indian government
has been struggling long to formulate and implement the
e-mail
policy of India. This is important for India as sensitive
documents cannot be transferred out of India as per Indian laws like
Public
Records Act, 1993. Even Delhi High Court is
analysing
the e-mail policy of India and has shown its displeasure over slow
action on the part of Indian government in this regard. It has now
been
reported
that Indian government has decided to ban the use of Gmail or any
other private email for official communication across all its
organisations, and make it mandatory for them to migrate to email
services provided by the National Informatics Centre (NIC).
(15) CISO Of India: In a significant
move, the Prime Minister’s Office (PMO) has
appointed
Dr. Gulshan Rai as the first Chief Information Security Officer
(CISO) of India. This would go a long way in ensuring
critical
infrastructure protection in India (PDF). We also strongly
recommend that a revised
Cyber
Security Policy of India 2015 must be drafted by Modi Government
that must address cyber security issues in a more comprehensive and
holistic manner. Further,
international
legal issues of cyber attacks must also be considered well in
advance by Indian Government. Perry4Law Organisation (P4LO) has
released a
research
paper on international legal issues of cyber security and cyber
attacks and the same can be considered by Indian Government while
strengthening Indian cyber security capabilities.
(16) Anti Bullying Committee: Cyber
bullying in India is a big nuisance with practically no remedies.
However, things would be changed very soon with the issuance of
CBSE
Guidelines for Prevention of Bullying and Ragging in Schools 9th
March 2015, Reg: (D.O. No. 12-19/2012-RMSA-I) (PDF). Due to
increasing cases of physical and cyber-bullying of students, Central
Board of Secondary Education (CBSE) has
directed
all its affiliated schools to form an anti-bullying committee. The
committee should comprise of vice-principal, a senior teacher, school
doctor, counsellor, parent-teacher representative, school management
representative, legal representative and peer educators. CBSE also
directed the schools to
tackle
sexual abuses and strictly implement POCSO Act 2012.
(17) Technology Companies Regulations:
Dealing with technology and foreign companies is a big challenge for
Indian government. Whether it is taxation aspects or applicability of
Indian laws to such companies, India has not been able to achieve a
success in this regard so far. There is also a lack of legal
framework to govern such technology and foreign companies in India as
on date. At Perry4Law Organisation (P4LO) and
Perry4Law’s
Techno Legal Base (PTLB) we have been suggesting
techno
legal frameworks in this regard from time to time. We at P4LO and
PTLB welcome this support of Indian Government and various
stakeholders to our suggestions and recommendations from time to
time. However, we strongly recommend that we need a comprehensive
techno legal framework in this regard especially if we have to make
the “Made in India” and “Digital India” projects successful.
(18) Killer USB: A Russian
hacker/researcher created a
killer
USB that can crash the victim system once the modified/hacked USB
is plugged into it. The basic idea of the USB drive is quite simple.
When we connect it up to the USB port, an inverting DC/DC converter
runs and charges capacitors to -110V. When the voltage is reached,
the DC/DC is switched off. At the same time, the filed transistor
opens. It is used to apply the -110V to signal lines of the USB
interface. When the voltage on capacitors increases to -7V, the
transistor closes and the DC/DC starts. The loop runs till everything
possible is broken down.
(19) Traffic Routing: Networks and
systems need to trust each other to make the Internet function in a
speedier manner. If one system or service provider falters, the
services of other may be hampered. In one such incidence, users
around the world were
not
able to access Google’s service for a short period of time due
to a technical glitch. Users were cut off due to the routing leak
from Indian broadband Internet provider Hathway. The leak is similar
to a 2012 incident caused by an Indonesian ISP, which took Google
offline for 30 minutes worldwide.
(20) Grid Security Expert System (GSES): A
Grid
Security Expert System (GSES) of India has been proposed to
be developed by Powergrid.
Cyber
security of automated power grids of India is need of the
hour. It is only after a
massive
power blackout in 2012 that Indian government has woken up to
the dangers of
cyber
attacks against Indian power sector. GSES would involve
installation of knowledge based Supervisory Control and Data
Acquisition (SCADA) system, numerical relays and Remote Terminal
units upto 132 kV stations and the reliable Optical fibre Ground wire
(OPGW) communication system at an estimated cost of around Rupees
1200 crores. The objective of the GSES is implementation of the
Automatic Defense mechanism to facilitate reliable and secure grid
operation.
(21) Cyber Law Due Diligence: Cyber
law due diligence received a
major
jolt when the Supreme Court of India
read
down the internet intermediary due diligence requirements. The
main problem seems to be reading down of Section 79(3) (b) and Rule
3(4) By Supreme Court in a manner that would be
counter
productive in the long run. In fact, reading down of Section
79(3) (b) and Rule 3(4) is
more
problem than solution as the Supreme Court
erred
in adopting this approach.
(22) SEBI And Cyber Security: It has
been
reported
that SEBI has expanded the ambit of its Technical Advisory Committee
(TAC) to include cyber security of the markets.
CECSRDI
welcomes this move of SEBI and is committed to help it in every
possible manner to achieve this benign cyber security objective.
(23) E-Police Station: An
e-police
station in Delhi would register online FIR for motor vehicle
theft cases. The pilot project of the “Motor Vehicle Theft (MVT)
Application” is now accessible on mobiles and computers. Presently
this facility is available only for police stations in South Delhi
and the same will be extended to entire Delhi after sorting out
technical glitches and other problems.
(24) Social Media Compliances: Social
media websites are
not
complying with laws of India. India’s struggle against social
media websites to fall in line with Indian laws continues even in
Narendra Modi’s regime. To make the matter worst we have no
social
media laws in India or any effective and implementable
social
media policy of India. Of course, a new framework for use of
social media by governmental organisations has been suggested by
Indian government in the past but that is of little help in solving
the present problem at hand. The real solution, according to
Praveen
Dalal, is formulation of a techno legal framework that can
address the diverse and complicated issues of cyberspace in India. In
short, social networking laws in India need
clarity
and codification.
(25) MPPEB Scam: MPPEB scam has become
an investigation nightmare for the law enforcement agencies of India.
The credibility and reliability of
evidence
is in question on the one hand and
unresolved
cyber forensics issues are on the other hand. Scientific
investigation methodology is still to be used in the investigation of
MPPEB scam.
(26) IT Subsidiary Of RBI: The Reserve
Bank of India (RBI) has showed its commitment to fight against cyber
crimes and financial frauds by declaring that an information
technology driven subsidiary
would
be established by it to deal with cyber nuisances. This IT
subsidiary of RBI would also deal with cyber security and related
issues with a special focus upon banking related technology issues.
The IT subsidiary of RBI would also evaluate the technical
capabilities of banks that is almost missing as on date.
(27) Privacy Invasive Software: The
Supreme Court of India has asked the Indian Government to clarify
upon
privacy
invasive software and mobile applications. Supreme Court of India
has taken a serious note of the software and mobile applications that
can be used to extract private information from smartphones.
(28) Smart Cities In India: Smart
cities in India have been proposed to be established in near future.
However, smart cities in India may face
cyber
security and
civil
liberties issues that are left unresolved by Indian Government.
We hope our readers would find this post and blog
useful.