Monday, August 31, 2009

Cyber Laws Are Urgently Required To be Strengthened In India

Cyber security is a big challenge for India. The government of India is not only unaware about the basics of cyber security but is also adamant about not bringing suitable changes. Whatever positive development that has taken place in India pertaining to cyber law, cyber security and cyber forensics can be attributed primarily to Mr. Praveen Dalal and Managing Partner of Perry4Law.

The government of India has recently come up with the proposed information technology amendment Act, 2008 that was passed by both rajya sabha and lok sabha without even a discussion or debate. It is only after the strong protest by Perry4Law and Mr. Praveen Dalal that the government is now considering to review its decision before finally coming out with the amended information technology act, 2000. Let us hope the government would seek the expert advice and suggestions of cyber law experts like Mr. Praveen Dalal before finally coming out with the act.

An interesting development that has taken place after the proposed IT Amendment Bill, 2008 is that ASSOCHAM and some others cyber law observers have endorsed and accepted the views and stand of Perry4Law and Mr. Praveen Dalal. They are also insisting upon including provisions for a strong cyber law and effective cyber security in the ultimate IT Act, 2000. It is good to see that even the Indian Judiciary and Supreme Court of India have now endorsed the opinion and vies of Mr. Praveen Dalal and Perry4Law

The rajya sabha and lok sabha have acted not only hastily but also irresponsibly while passing the IT Act Amendment Act, 2008. Surprisingly, till now the amended bill has not been notified by the government of India. It seems the government is not serious about bringing suitable changes in the IT Act, 2000 either due to absence of expertise or due to political reasons. Whatever the reasons may be but the government has no choice but to bell the cat now.

India must appreciate that for a safe and secure cyberspace, we need a good legal framework. The present IT Act, 2000 is a piece make legislation that is weak on the fronts of cyber law, cyber security, cyber forensics, etc. In the absence of a sound legal framework for the ICT systems in India,

Similarly, other e-governance projects of government are also in poor state. As each component of e-governance is related to some other one, a deficiency in the basic legal and technological framework would bring sad results for India. It is high time for India to do some good work in the fields of cyber law, cyber security and cyber forensics.


Sunday, August 30, 2009

Monopolies And Restrictive Trade Practices Act Will Be Repealed Soon

Section 66 of the Competition Act for repealing the Monopolies and Restrictive Trade Practices (MRTP) Act and dissolution of the MRTP Commission would be notified by Tuesday (1st September 2009), said Salman Khurshid, minister of state for corporate affairs. This move would end the problem of concurrent jurisdiction between the two laws.

The Competition Commision of India (CCI), established in 2003 as an advisory body, got statutory powers in 2007 by an Act of Parliament. Thus, this had necessitated repealment of the MRTP Act.

The minister also said in an interaction with members of PHD Chamber of Commerce, an industry body, that the government was open to a dialogue with the industry to know its apprehension and concerns relating to notification of Section 5 of the Competition Act. The Section related to mergers and amalgamations.

He also said that issues relating to prosecution will be addressed in the New Companies Bill. In the new Bill, many routine defaults will be made compoundable offenses and not treated as criminal offenses.


Friday, August 28, 2009

Chinese ICT Equipments And National Security Issues In India

India is to investigate whether its use of Chinese-made telecom equipment in sensitive border and insurgency-hit areas could jeopardise national security, a minister said Friday. "It is a security issue. The government is looking into the matter," junior telecom minister Sachin Pilot said in New Delhi, according to the Press Trust of India news agency. "Whatever prudent decision is jointly recommended by the ministries of home affairs and communication and information technology, the government will not hesitate to take it," Pilot added. A report this week in the Hindustan Times newspaper said India's intelligence agencies had warned that Chinese products could have embedded elements enabling China to launch a cyber attack or shut down the equipment. China and India share uneasy relations thanks to an unresolved border dispute dating back to a brief but bitter war in 1962. China's close ties with India's arch rival Pakistan are also a cause of tension. But bilateral trade between the economic rivals has zoomed to exceed 40 billion dollars, according to industry and government estimates. India is battling myriad insurgencies, ranging from an Islamist rebellion in its Himalayan region of Kashmir to Maoist unrest in a vast swathe of eastern and central India and tribal separatism in its northeast.


Tuesday, August 25, 2009

Compensation Ordered For Corporate Negligence In Cyber Crime Cases In India

Human rights violation in cyberspace may take many shapes. One of them is the negligence committed by the Internet service providers (ISPs). The infamous case of Lakshamana Kailash's arrest by police for the negligence of Bharti Airtel is a classical example of the same. In a welcome step the Maharashtra State Human Rights Commission (MSHRC) has directed Bharti Airtel to pay Rs 2 lakh as compensation to the Bangalore-based techie for providing wrong information to the police that led to his arrest in 2007. Although the compensation awarded is meager as compared to the claimed compensation of 20 crores yet the gesture of suo motu action on the part of MSHRC is really praise worthy.

The story of Lakshamana Kailash's arrest smacks of all that can go wrong with an investigation. Kailash spent 50 horrifying days in a Pune jail after he was arrested by the police on the basis of information provided by Bharti Airtel regarding the Internet protocol (IP) address used to create a profile on Orkut defaming Shivaji. The Commission, which took up the case suo motu after reading newspaper reports, found that Bharti Airtel provided wrong information to the police on the IP address as they made a mistake in the time for which the information was sought. The 12-hour time difference for information provided led to the arrest of the wrong person.

"In our opinion, the company officials misled the police by providing wrong information. They did not care to check whether the requested time was AM or PM and gave details of the victim who used the IP address in the morning instead of night," The Commission noted in its June order.

On the basis of information provided by Bharti Airtel, Kailash was arrested on September 1, 2007. Subsequently, when yahoo provided its independent information, the three real culprits were arrested on October 3, 2007. Despite arresting the real culprits, it was only on October 20, 2007 that the police filed an application to release Kailash.

It seems the issues of human rights protection in cyberspace in India are going to be frequent in the future.

Monday, August 24, 2009

Cyber Regulations Appellate Tribunal Of India: A Dream Or Reality

Over two years after the Cyber Regulations Appellate Tribunal (CRAT) — the maiden forum in the country to exclusively try cyber cases — became functional, it recently got a new address and a well-equipped courtroom. However, the red tape policy of Indian government has not allowed it to be an effective cyber crimes redressal forum.

Firstly, there is a general lack of awareness among not only the public but the law enforcement as well. This has resulted a lower rate of cyber crime reporting in India till now. Secondly, even the judicial officers are not aware about the basics of cyber law and cyber crimes. This has resulted in lower conviction rates in India.

The CRAT cannot effectively serve its purpose till we make it functional in every aspect. The manpower need training, the government needs to be serious, law enforcement must be aware about cyber crimes, etc.

Friday, August 21, 2009

The Stalled Judicial Reforms In India And The Decisive Bold Step

It is now clear that the declaration of the law minister Mr. Molly regarding judicial reforms in India proved to be just a wish alone. With no hopes for the judicial and legal reforms in India left, we are now witnessing a silver lining in the dark clouds of mammoth backlogs of cases and archaic and redundant laws. With a welcome step that shows the fairness and boldness of the judicial officials like Justice DV Shylendra Kumar, a new debate has once again cropped up.

The Government had to withdraw the Bill on Judges' Assets in the last session of Parliament after a chorus of protest from the Opposition against the provision that a judge's assets would be beyond the purview of the Right to Information Act. Justice Kumar argued that it was the Supreme Court itself that pushed RTI and said that he was than willing to declare his assets in public.


Thursday, August 20, 2009

Critical ICT Infrastructure Protection In India Is Urgently Required

The Infrastructure security trends in India are not very encouraging and to make the situation worst we have weak cyber law in India (IT Act, 2000). We have to develop technologies and capabilities to protect Indian citizens in areas such as power, transport, civil aviation, etc. Additionally, we have to increase the security of infrastructure and utilities supporting arms such as ICT, transport, and services in the financial and administrative domain.

Critical ICT infrastructure protection in India must be taken seriously in the larger interest of Indian citizens. Crisis management by improving security systems integration is the need of the hour and a dedicate effort is required in this direction.

Agrees Praveen Dalal, Managing Partner of Perry4Law and the Leading Techno-Legal Specialist of India*. He maintains that presently critical ICT infrastructure protection in India has not got the attention of national policy makers and there is a long gap to cover before we can protect our critical infrastructures. He opined that India does not have a good ICT Policy and this is resulting in weak cyber security, inadequate cyber forensics capabilities and poor cyber laws.

It is clear that India has to play a pro-active role in this direction to avoid serious damage to Indian infrastructure. The first step seems to be to make stringent and good cyber law in this regard as soon as possible. Thankfully, the terrible Information Technology Amendment Act, 2008 (IT Act 2008) has been rightly rejected by the Indian government and the same has “not been notified” to prevent further degradation of the already weak cyber law of India.

*Praveen Dalal, Managing Partner of Perry4Law, is the Leading Techno-Legal Specialist of India and is an Internationally renowned Expert in the fields of Cyber Forensics, Cyber Security, Cyber Law, etc. Both him and Perry4Law are “authorities” on techno-legal issues like critical infrastructure protection and are internationally renowned in this regard.


India Is Heading Towards The Cyber Crime Nation Of The World

Thanks to the weakest cyber law of the world, India is heading towards becoming the cyber crime nation of the world. This is not the first time that similar concerns have been raised. Previously, Praveen Dalal, Managing Partner of Perry4Law, the leading techno-legal ICT law firm of India has cautioned that India is not only suffering from malware attacks but is also emerging as the focal point for cyber crime activities.

India is fast emerging as a major hub of cybercrime as recession is driving computer-literate criminals to electronic scams, claimed a study by researchers at the University of Brighton.

Titled 'Crime Online: Cybercrime and Illegal Innovation', the study states that cybercrime in India, China, Russia and Brazil is a cause of "particular concern" and that there has been a "leap in cybercrime" in India in recent years, partly fuelled by the large number of call centres.

"One recent report ranked India in 2008 as the fourteenth country in the world hosting phishing websites. Additionally, the booming of call centres in India has generated a niche for cybercriminal activity in harvesting data", the report maintained.

It is sad that India is doing nothing to improve this position. There is an emergent need to reformulate Indian cyber laws like IT act, 2000 and make them more stringent and effective.

Google Revealed The Blogger Identity

In January, the 37-year-old Ms. Cohen sued Google after the search engine giant declined to provide her with the identity of the blogger who made five posts on the "Skanks of NYC" blog in August of 2008.

Although Ms. Cohen's lawsuit received widespread global attention because of its connection to Google, such cases are not uncommon online, where users will often push the boundaries of free speech behind a perceived curtain of anonymity.

"Requiring an intermediary, whether it's an ISP [Internet service provider] or a search engine, to disclose the information they have off of an IP address or an email address is pretty common," said Michael Geist, a University of Ottawa professor who holds the Canada Research Chair in Internet and e-commerce law.

"But I think it happens a bit behind the scenes ... and sometimes it takes these higher-profile cases for people to better understand that, where required, intermediaries will disclose whatever information they have and that veil of anonymity that some people think they have isn't quite as strong as they think."

Google declined to comment directly on the lawsuit, opting instead to issue a brief statement saying the company sympathizes with anyone who winds up the victim of cyber bullying. "We also take great care to respect privacy concerns and will only provide information about a user in response to a subpoena or other court order," the company said. "If content is found by a court to be defamatory, we will of course remove it immediately."


Monday, August 17, 2009

Use Of Technology In India To Remove Chronic Backlog Of Cases

E-Courts in India have tremendous potential to reduce the backlog of cases in India. However, establishment and implementation of e-courts requires techno-legal expertise that is presently missing in India. As a result e-courts projects in India always failed from time to time.

Ironically India has very few e-courts experts who can really give Indian e-courts project a shape. However, till now neither the Indian government nor the Supreme Court e-court committee has seriously though about taking help of the experts in this regard.

Mr. Praveen Dalal, Managing Partner of Perry4Law and the Leading Techno-Legal Specialist of India* is of the opinion that we nee pro-active role on the part of government as well as e-court project management team to successfully implement the same. He maintains that the backlog of cases would ultimate crush the legal and judicial system of India if a timely action is not taken immediately. Establishment of timely e-courts is a good option in this regard according to him.

Even on the legislative side as well India is lacking far behind. India has the sole cyber law in the form of information technology act, 2000. The same is inadequate on many counts and cannot accommodate the requisites of e-courts in India. Further issues of cyber forensics and cyber security would also impede the e-courts projects in India. The national e-governance plan must also be suitably reformulated in his regard. The government must act immediately to get the desired results.

* Mr. Praveen Dalal, Managing Partner of Perry4Law, is the Leading Techno-Legal Specialist of India and is an Internationally renowned Expert in the fields of Cyber Forensics, Cyber Security, Cyber Law, etc. Both him and Perry4Law are “authorities” on e-courts and are internationally renowned in this regard.



Sunday, August 16, 2009

Technological Harrasment Is Increasing In India

A real estate agent based in Bangalore was arrested in Chennai on Sunday for allegedly harassing Tamil film heroine Sneha by sending frequent text messages on her mobile phone urging her to marry him.

Sneha had on Saturday submitted a complaint to the city police commissioner T Rajendran claiming that she was receiving text messages bordering on sexual harassment on her phone from an unindentified person. The sender was pestering the heroine to marry him.

The police commissioner forwarded the complaint to the cyber crime wing. An investigation team headed by assistant commissioner of police (cyber crime) M Sudhakar traced the mobile number to N Raghavendra of Bangalore. He was tracked down and arrested from T Nagar in Chennai.

This is the second instance of a film star being harassed by a love-struck fan in the recent past in Tamil Nadu. Earlier, a Malaysia-based diehard female fan of top actor Suriya had come under police scrutiny when she repeatedly called him at odd hours urging him to marry her. That incident happened two years ago.

In the present case, police have registered a case under various sections and arrested Ragavendra. He was remanded in judicial custody after being produced before the XI metropolitan magistrate court in Saidapet on Sunday. Police recovered his mobile phone and sent it to the cyber lab for verifying whether he had sent the text messages to Sneha using this mobile phone.

"Based on information provided by the service provider, we located the address of Raghavendra and questioned family members in Bangalore about his whereabouts. Raghavendra had actually come down to Chennai to meet some of his business associates. Subsequently, we traced his whereabouts city using his mobile phone tower location. On an indication that he was somewhere in T Nagar area, we accosted one of his friends and asked him to talk to Raghavendra to trace his exact location. Based on this information, a police team nabbed Raghavendra in front of a hotel in T Nagar and took him into custody," deputy commissioner of police (central crime branch) C Sridhar told The Times Of India.

Initially, Raghavendra denied the allegation but later conceded to having sent the text messages to Sneha. Raghavendra, a B Com graduate, had trained in an auditor's office in Bangalore and is now engaged in the real estate business. He was acquainted with realtors in Chennai and used their contacts to tap potential buyers of properties here; he often travelled to the city.

"He claimed to have got Sneha's mobile number from a contact in Chennai last year and from then on he had been sending love text messages to her. Initially Sneha ignored these messages, but she took it seriously when she received messages with an intimidating tone," a police officer said.


Monday, August 10, 2009

Electronic Voting Machines Can Be Manipulated In India: Says Experts

Recently there has been lot of controversies regarding electronic voting machines (EVMs) in India. In this “guest column”, Mr. Praveen Dalal is providing his views and opinion in this regard.

Electronic Voting Machines (EVMs) have revolutionised the Indian election process. EVMs have many advantages over the traditional paper based voting system. However, all the advantages are futile if they can be abused and the election results can be manipulated.

The ECI-EVMs in India are claimed to carry many security safeguards. The machine code of the source programme code known as hex-code (not the source code itself) is given to the micro controller manufacturer for fusing in the micro controllers. From this machine code, the source code cannot be read. Source code is never handed over to anyone outside the software group.

This makes the comparisons between ECI-EVM and EVMs used by foreign countries irrelevant. Most of the systems used in other countries are PC based and running on operating Systems. Hence, these could be vulnerable to hacking. The EVM in India on the other hand is a fully standalone machine without being part of any network and with no provision for any input. The software in the EVM chip is one time programmable and is burnt into the chip at the time of manufacture. Nothing can be written on the chip after manufacture. Thus the ECI-EVMs are fundamentally different from the voting machines and processes adopted in various foreign countries.

The source code is so designed that it allows a voter to cast the vote only once. The next vote can be recorded only after the Presiding Officer enables the ballot on the Control Unit. In between the machine becomes dead to any signal from outside (except from the Control Unit). The control units do not electronically transmit their results back the Election Commission, even though a simple and unconditionally secure protocol for doing this exist. The EVMs are purposely designed in this manner to prevent any intrusion during electronic transmission of results. Instead, the EVMs are collected in counting booths and tallied on the assigned counting days.

Despite all these safeguards, the chances of abuses and manipulations cannot be ruled out. These abuses may be man made and effectuated or technological glitches and manipulations.

Some of the objections in this regard point that the machines only display an electronic number but there is no paper trail to cross check against as physical proof of who people actually voted for. Similarly, concerns have been raised that no EVM is safe from hacking or rigging. The EVMs are manufactured by a state owned organisation, Bharat Electronics Limited (BEL). BEL and ECI consider obscurity and obfuscation as security, however this is really not security. The human element is weakest in the security chain and in the absence of an external authentication and corroboration, the results may be manipulated.

If we go through a good cyber forensics phase, these manipulations can be traced and taken care of. For instance, all the data is recorded on non-volatile dual redundant memory chips and can be retained for over 6 months even when the power pack is removed. Even when the battery is removed the memory in the microchip remains intact. If the Court orders a recount, the Control Unit can be reactivated by fixing the battery and it will display the result stored in the memory. Now if any political party, person or institution is not satisfied with the election results and smells some foul play, he/she/it must act within these 6 months otherwise the data may be lost forever. Of course, if there is a backup of the data the same may be kept for a longer period.

Now the crucial question arises is what if voting is proved to be tainted subsequently after cyber forensics appraisal and a Government has been formed on the basis of that voting? Will the Election Commission declare such elections null and void? Will the President of India declare a re-election? Will the Supreme Court of India take cognisance of this fact?

There is no sense if this crucial matter is taken lightly by the Election Commission, President of India, Supreme Court of India, etc. The ghost of EVM is still haunting these authorities and it would be better if the matter is resolved once for all as soon as possible.

Mr. Praveen Dalal, Managing Partner of Perry4Law, is the Leading Techno-Legal Specialist of India and is an Internationally renowned Expert in the fields of Cyber Forensics, Cyber Security, Cyber Law, etc. These are his personal views and opinion.

Saturday, August 8, 2009

LPO Industry In India Is Calling

In an informative piece of work, Dhiraj Phukan, Associate Leader-Consulting with KPO Consultants, has elaborated on this aspect. According to him these turbulent times have opened doors of opportunities for prospective entrepreneurs, lawyers, and present companies to enter, consolidate, and grow their business in the LPO sector.

Well renowned company expert, Mr. Praveen Dalal of Perry4Law said that his company has seen an increase in requests on LPO assignments at the moment as compared time before recession.

It seems the LPO opportunities are increasing in India and India being the hub of LPO assignments has lot to offer.

Wednesday, August 5, 2009

WI-FI Banned In Many Indian Offices

The Home Ministry has banned the use of wireless fidelity (WiFi) internet or WiFi-enabled computers in sensitive ministries and has issued dos and don’ts for departments and Indian missions abroad which use such service.

“In view of the vulnerabilities associated with the usage of WiFi and their exploitation by terrorists/criminals and unscrupulous hackers, sensitive ministries and departments are advised not to install or use any WiFi network in the offices,” says a July Ministry of Home Affairs circular.

The ministries will have to install “best available” WiFi intrusion detection systems and carry out regular audit of their airspace to detect hot spots, rogue access points etc. The move follows terror emails sent by militants of the Indian Mujahideen by hacking open WiFi services to send emails around the time of blasts in Jaipur, Ahmedabad and Delhi.

The MHA said that a survey of WiFi networks in the National Capital Region had shown that over 73% of the detected networks, including those in key central and Delhi government offices and prominent financial institutions, had “either no or very weak security.”

Ministries and Indian missions which install WiFi networks will have to ensure that these are robust enough to “protect confidentiality, integrity and availability of the information data” as well as implement secured authentication, authorization and encryption.

Officials traveling abroad have been told to desist using open-access points available free at international airports. And, in case they do, they should enable the firewall in their computer, run random checks to see if anyone else was using their computer, encrypt wireless traffic using virtual private network (VPN) etc, the guidelines say.