Monday, January 11, 2010

Is UIDAI A Privacy Violation And E-Surveillance Instrumentality?

The security and privacy issues of UIDAI have been raised times and again. The real problem seems to be that neither UIDAI nor its functions are legally valid and constitutionally sound. In its present form they are violative of not only the sacrosanct Human Rights but also the Fundamental Rights conferred by the Constitution of India (COI), says Praveen Dalal.

The first and foremost evil of UIDAI without a proper legal framework is that it would violate the “Right to Privacy” as conferred under Article 21 of the Constitution. This is not expressly mentioned in it but the same has been enunciated by way of judicial interpretation by the Supreme Court of India. India is a signatory to the International covenant on civil and political rights, 1966. Article 17 thereof provides for the “right of privacy”. Article 17 of the international covenant does not go contrary to any part of our municipal law. Article 21 has, therefore, to be interpreted in conformity with the international law.

Even the “Data Protection” requirements would pose big challenge before India. The amount of data collected for by UIDAI would be tremendous. Presently, India does not have either a legal framework or technical capabilities to accommodate the demands of the proposed functions of UIDAI.

The main aim of the proposed project by UID Project seems to be to strengthen the “E-Surveillance Capabilities” of India. With the passage of IT Act 2008 India has now officially become an endemic e-surveillance society. The amendments have provided unregulated, unconstitutional and arbitrary e-surveillance powers to Government of India and its agencies and instrumentalities. The fact is that India has become an E-Police State, states the ICT Trends of India 2009.

Privacy rights are valuable and must not be violated by the government under the garb of national security. An important question that has been raised in the past is whether the citizens have a right to self-defense against the State if the latter is violating their rights illegally? Private or self defense is a Human Right, Constitutional Rights as well as Statutory Right. The Indian citizens have a right to exercise self defense even against the State. This is more so in the sphere of ICT where there are least possibilities of human injuries. However the same can be exercised by law abiding citizens alone and criminals cannot claim this Constitutional Protection. The UIDAI Project must keep all these aspects in mind before being finally implemented in India.


Wordpress Must Change Its Policy Regarding Copyright Violations

A recent copyright violation of an article on E-Courts in India by a person named Tabrez Ahmad has resulted in the analysis of copyright protection policy of Wordpress. Similar copyright violation was also notified to Google that duly removed the infringed material from respective Blogs of the infringer. However, Wordpress/ Automattic have failed to do the needful as per the Indian laws like Indian Copyright Act, 1957 and Information Technology Act 2000. This may raise serious legal issues in the near future vis-à-vis copyright violation issues in the cyberspace in India.

Wordpress is a fantastic blogging community. It has, however, a serious problem when it comes to preventing copyright violation of other users. The main problem lies with its “Policy” to deal with such copyright violation notices. Wordpress deals with copyright violation notices through its Digital Millennium Copyright Act Notice (DMCA Notice) page. It requires sending an emailed notice (“Infringement Notice”) providing the information described at the DMCA Notice page.

If Automattic takes action in response to an Infringement Notice, it will make a good faith attempt to contact the party that made such content available by means of the most recent email address, if any, provided by such party to Automattic. The Infringement Notice may also be forwarded to the party that made the content available or to third parties such as

All Infringement Notices need to be sent to prescribed e-mail as plain text emails without attachments (email attachments are discarded) and include the following or they will be deemed invalid:

(a) An electronic signature of the copyright owner or a person authorised to act on their behalf,

(b) An identification of the copyright claimed to have been infringed,

(c) A description of the nature and exact location of the infringing content,

(d) The name, address, telephone number and email address of the complainer,

(e) A statement by the complainer that he believe in good faith that the use of the content that he claims to infringe his copyright is not authorised by law or by the copyright owner or such owner’s agent and under penalty of perjury, that all of the information contained in his Infringement Notice is accurate, and that the complainer is either the copyright owner or a person authorised to act on his behalf.

If a DMCA notice is valid, Wordpress/ Automattic is required by law to respond to it by disabling access to the allegedly infringing content. What is frustrating is to know that Wordpress would not do anything even if it is a clear and obvious case of copyright violation. Wordpress must not force the entire population of the World to comply with the conditions of DMCA even if these provisions may not be applicable in a totally different jurisdiction. As per the amended Cyber law of India (through Information Technology Act 2008), an intermediary like Wordpress is liable for due diligence and other cyber crimes/copyright violations if it has actual knowledge. A simple notice is the only requirement under the Indian laws to invoke the jurisdiction of Indian courts.

Since the copyright violator is residing in Indian jurisdiction, Indian courts have jurisdiction to try issues arising out of violation of copyright as well as cyber law of India. There is no need for the Wordpress/ Automattic to insist upon fulfilling DMCA requirements in a very clear and apparent case of copyright violation. It would be interesting to observe how things would develop from this stage.


Police In India Needs Techno-Legal Training

Cyber law enforcement is passing through a bad phase in India. There is hardly any conviction of cyber criminals in India. On the one hand India has bad and weak cyber law whereas on the other hand law enforcement is hardly aware about the basics of cyber law and cyber forensics.

The cyber forensics knowledge level of the police officers in India is much below the required level. On many occasions when the police teams have been asked to confiscate the computer found at the crime scene, they have ended up bringing the monitor only with them. Even they are not aware in which part of the computer does information resides. The police officers of cyber cells of various State police departments are not aware of the basics of computers. During a training session discussing Internet and other basics one of the constables enquired where the Internet building is located.

Recently Director-General of Police (Criminal Investigation Department and Training) D.V. Guruprasad confessed that the police have no clue how to handle cyber crime. In a marketing fraud case, the police had dumped desktops and laptops of the accused in a storeroom without realising they did not have the hard disks in them. When the head constable was asked about the hard disks, he did not know what they were. If this is the situation, there can be no cyber crimes conviction in India. With a weak cyber law, India has already become a safe heaven for cyber criminals, say experts.

According to Praveen Dalal, Managing Partner of Perry4Law and the leading Techno-Legal Expert of India, “The police officers, lawyers and judges must be trained in “Techno-Legal” aspects so that cyber criminals may be suitably punished. In the absence of proper training, there is almost no conviction of cyber criminals in India”.

Time has come to take help of good techno-legal experts who can train the police officers, lawyers, judges, etc in this regard. Also the Information Technology Act 2000 must be suitable updated to so that it may cease to be a “criminal friendly legislation”.