Monday, January 31, 2011

Is Internet Kill Switch A Solution To Cyber Threats?

Internet kill switch (IKS) has been in controversies for long. Legislative exercise to allow President of America to use the IKS in cases of national emergencies has started once again. The crucial question that arises at this time is whether IKS is a solution to growing cyber threats like cyber espionage, cyber warfare and cyber terrorism?

Some experts claim concept of IKS does not exist at all since Internet cannot be killed absolutely by any nation. They have even labeled IKS as a misnomer and suggested that instead of this endemic e-surveillance exercise, countries must concentrate upon better cyber security.

I would not go into the discussion whether IKS can kill or paralyse Internet at all. My limited concern is whether IKS is a solution to growing cyber threats world wide? I believe that IKS is definitely not a substitute for robust and effective cyber security.

While IKS may be a back door attempt to engage in endemic e-surveillance exercises, it has little to do with effective cyber security practices. Cyber criminals all over the world are engaged in stealing sensitive information and compromising more strategic computer systems. Some of them are even stealth in nature with no sign of their existence.

The real threat is from these stealth cyber criminals who have control over many strategic computers. Think about a situation where these cyber criminals get the control of IKS itself. The first such attempt would definitely come from enemy and rouge states. By developing an IKS we would be allowing these enemy states to take control of our cyberspace.

Of course, IKS would be strongly guarded by robust cyber security measures but are these measures sufficient enough? I think they are not because if they are sufficient enough to prevent cyber attacks, we would no more need an IKS. We can deploy the measures meant for IKS itself to guard our own cyberspace from foreign intrusions. Let us think about it before jumping upon the IKS wagon.

Friday, January 28, 2011

Duckduckgo: For Privacy Enthusiastics And Others

While it is still premature to predict whether privacy or efficiency would be the decisive factor for search engines, but one thing is for sure. DuckDuckGo (DDG) is going to stay. Its main strength over other search engines like Google and Yahoo is that it is privacy oriented and is a great combination with the onion routing (TOR) software.

While Google and Yahoo do not provide user friendly results for their services if TOR is used, Bing is an exception. Bing does not show any error like Yahoo or ask for capacha verification like Google while using TOR.

However, when it comes to DDG, not even Bing can match it. This is because of the unique and anonymity features of DDG. If you use DDG through TOR using latest version of Firefox, your privacy is assured to a great extent. Google, Yahoo and Bing fail on this front.

However, some additional steps must be taken by users to get a stronger anonymity. They must manage their plugins and addons and must ensure that their information is not leaked by them. Take special care of java and java scripts through NoScript along with a Firefox browser.

Use DDG and have a safe, secure and private browsing experience.

Tuesday, January 25, 2011

Is Google Against Use Of Tor Software?

There is a question that has been troubling me for long. The question is whether Google is against use of Privacy safeguards like Tor software? This question arose as one of my friends used the Tor network while opening a new Blog.

It seems Google misunderstood the Tor traffic as malicious activities and removed the blog from its database. The complete details of the same are available at its Help Forum. Fortunately, I got some good suggestions and guidance from one of the Top Contributors there named Nitecruzr.

These suggestions and guidance helped me in understanding much of the procedure of Google and the common mistakes that must be avoided. However, the core question still remains unanswered?

The only question to be considered is whether use of privacy and cyber security safeguards like Tor software is in itself sufficient ground to remove a blog from Google’s database?

If a blog is not a spam blog or otherwise not a malware infected, does the mere use of Tor violates the terms and conditions of Google? I have submitted a review request with Google and keeping in mind their competencies and professional attitude, a result is expected soon.

When Google and others are working in the direction of strengthening the privacy of its users, use of Tor per se should not be any problem. For instance, Google itself is working in the direction of making browsers more secure and anonymous.

We hope Google would not be against privacy of its users as such.

Monday, January 24, 2011

Cyber Crime Cells Of India Lacks Expertise

Law enforcement is a tedious task especially in the present information technology world. Technology has posed many challenges before police forces in India regarding cyber crimes. In the absence of awareness about cyber law of India, police officials in India are avoiding dealing with growing cyber crimes in India.

Even if a case is registered for cyber crime, police officials in India do not possess required expertise to solve the same. For instance, even basic level cyber forensics capabilities are missing in various cyber cells of India. Although cyber cells have been opened in India yet a dominant majority of them are not actually doing anything for solving cyber crimes.

The main reason for this poor performance is lack of cyber law and cyber forensics knowledge. It would be unfair to expect an expert knowledge from police officers in India but they must at least know the basics of cyber law and cyber forensics. They must have at least basic level of techno legal cyber law and cyber forensics trainings.

Home Minister of India Mr. P. Chidambaram must seriously consider projects and initiatives that can help in developing cyber skills of police force in India. Issues like cyber law and cyber forensics have not yet been considered important enough by him so far.

Further, good and effective trainings courses must also be arranged for police force in India that is presently missing. With ever increasing use of technology, police work in India is going to be more challenging. Police force must be prepared for this challenging job.

Blackberry Messenger Service Now An E- Surveillance Tool In India

Research in motion (RIM) has been under tremendous pressure form Indian government to allow e-surveillance and interception of its Blackberry services. In order to safeguard its commercial interests in India, Blackberry has established a framework that would allow Indian intelligence agencies to monitor contents on its messenger service.

Blackberry has now asked the Indian government to issue a directive to the operators to connect to its new automated service that would allow such interceptions. However, this arrangement does not extend to the enterprise Virtual Private Network (VPN) solution, provided through the Blackberry Enterprise Server (BES) product.

RIM is still maintaining that there can be no change to the security architecture for BES in India or any other country as the decoding of BES emails by RIM is not technically possible. This is so because neither RIM nor the wireless operators are ever in possession of the customers' encryption keys.

India has presently no constitutionally valid phone tapping and lawful interception law. This practically means that Blackberry/RIM is supporting Indian government in its illegal phone tappings and interception exercises.

The BES of RIM is still out of the reach of Indian government because of technology alone. For other purposes as well, Blackberry users must use technology for self defence and to protect their civil liberties.

A research project named RIM Check has also been designed to gather information on how traffic exits the Blackberry network depending on the country in which the user is located. Those wish to analyse their Blackberry traffic to detect illegal e-surveillance by Indian government, can submit their data to this project.

Government Is Responsible For Growing Cyber Crimes In India

Cyber crimes in India have increased at an alarming stage. What is worrisome is the fact that it is the Indian government itself that is responsible for this menace. India has a sole cyber law that is incorporated in the information technology act, 2000 (IT Act, 2000). Though it needed improvements but there was no case for its deterioration to the detriment of national interest of India.

Indian government brought the deleterious information technology amendment act, 2008 (IT Act, 2008). Through this amendment almost all the cyber crimes have been made bailable and this removed all sorts of deterrence for the cyber criminals in India and world wide. Indian cyber law is already a piecemeal attempt and this amendment further made it a bane for India.

Concerns regarding India becoming a safe heaven for cyber criminals were incessantly raised by techno legal experts of India but Indian government did not pay heed to the same. Naturally, the present situation was bound to arise.

In the interest of India, Prime Minister Dr. Manmohan Singh must urgently intervene and ensure that an effective, strong and stringent cyber law is enacted. The present cyber law of India is doing much more harm than any help for India.

Friday, January 21, 2011

RBI Mandated Cyber Due Diligence For Banks In India

The Reserve Bank of India (RBI) has recently released a report of its working group on information security, electronic banking, technology risk management, and cyber frauds.

The report covers various areas such as IT Governance, information security (including electronic banking channels like internet banking, ATMs, cards), IT operations, IT services outsourcing, Information System Audit, Cyber frauds, business continuity planning, customer education and legal issues.

The report has also issued many guidelines that Indian banks would be required to follow in order to provide safe and secure technology driven banking. Practically, this means that banks in India would be required to adopt techno driven and cyber law related due diligence requirements.

Indian information technology act, 2000 (IT Act 2000) carries many provisions that may result in liabilities on the part of various banks. With growing cases of cyber crimes and cyber frauds, banks must take both IT Act, 2000 and these guidelines very seriously.

Banks must take a special care of ATM frauds, credit card frauds, online banking and Internet banking frauds, etc. Besides, phishing scams must also be taken care of by banks.

With the present guidelines, banks can no more ignore due diligence requirements that they have been ignoring for long. The earlier banks are prepared for cyber related issues the better it would be for them.

RBI Must Curb Online Banking Frauds In India

The recent decision of Reserve Bank of India (RBI) to prevent ATM frauds in India is a welcome step in the right direction. The next step that RBI must take is to strengthen the entire IT infrastructure for banking industry in India.

ATM is just one of the aspects of banking industry. Online banking and Internet banking is still to be made temper proof from cyber criminals. Another challenge is the weak and cyber criminal friendly cyber law of India.

The sole cyber law of India is incorporated in the information technology act, 2000 (IT Act 2000). The Act has made almost all the cyber crimes bailable. For instance, if a person cracks your e-mail account or online banking account, the courts have to release him on bail as a matter of right. He cannot be put in jail and he would go free even after committing the offence of cracking (read hacking) in India.

RBI would have great troubles in meeting this challenge because no matter howsoever effective steps it takes, cyber criminals have great incentives to commit cyber crimes against banking institutions in India, says Praveen Dalal, a Supreme Court Lawyer and leading techno legal expert of India. The banks must use “Techno Legal Solutions” on the one hand and spread “Public Awareness” on the other, suggests Dalal.

It is clear that RBI has to meet great challenges before Indian banking industry can be considered reasonably safe from cyber criminals.

Cracking And Website Defacement Increasing In India

Password cracking and e-mail account cracking has increased significantly in India. Similarly, websites defacement, both governmental as well as private, has become a norm in India. This is happening because the cyber law of India, i.e. information technology act, 2000 (IT Act 2000) almost gives a clean chit to such cyber criminals.

After the information technology amendment act, 2008 (IT Act 2000), almost all cyber crimes, including website defacement and cracking, have become bailable. Even if a cyber criminal is apprehended he must be released on bail as a matter of right.

A pertinent question arises why such a stupid legislation has been enacted by India? The answer is not difficult to find. Industrial lobbying and desire for complete e-surveillance capabilities have made Indian cyber law a cyber criminal friendly legislation. Consequently, India has also become a safe heaven for cyber criminals.

Anybody can commit almost any cyber crime in India and move free. Consider few examples in this regard. The website of India's premier investigation agency the Central Bureau of Investigation (CBI) was defaced and it remained down for more than a month. Till now no person has been arrested and even if a person would be arrested, he would be released on bail.

A group of crackers, claiming to be from Kashmir, recently cracked a website’s password dedicated to the Bollywood superstar, Amitabh Bacchan and defaced it. Similarly, India Blooms site was also compromised by crackers. The website of Cochin Port Trust (CPT) came under attack on Thursday by a group identified as 'Xtremist and DonZ company' that gained access to site and defaced it. The latest to add to this list is cracking the official e-mail address of the education office of Hoshiarpur from which pornographic material was sent to many schools in this district.

There is an urgent need on the part of prime minister’s office (PMO) India to consider this matter urgently and repeal the troubled cyber law of India. Instead of the present cyber criminal friendly legislation, PMO must come up with an effective and strong cyber law of India. The present cyber law of India is flawed in many aspects that is going against the interests of India at large.

Judicial E-Infrastructure In India Needs Rejuvenation

Technology can help traditional legal and judicial systems of India in many forms. These include online dispute resolution (ODR), e-courts, digitilisation of court’s files and proceedings, online bail applications, etc.

India has been working in this direction but without proper policies and expertise. Although some parts of traditional courts have been computerised yet by and large technology has remained an alien concept for Indian courts.

There is a complete failure on the fronts of ODR, e-courts, digitilisation initiatives, online proceedings, etc. India is confusing computerisation with e-courts and digital judicial services. The truth is that we are still waiting for the establishment of first e-court in India.

We keep on hearing that first e-court has been established in Gujarat or Delhi or some other state. But we do not have a single e-court till now. So much so that even there is no e-court committee or any other similar committee that is presently working for the establishment of e-courts in India.

I think law minister Mr. Veerappa Moily must take some pro active and constructive steps in this regard. Our legal and judicial system badly needs physical and electronic infrastructure. Presently, judicial e-infrastructure in India is in really bad shape.

India must understand the difference between computerisation of courts and e-courts and immediately start working in the direction of establishment of effective judicial e-infrastructure.

Wednesday, January 19, 2011

Cloud Computing: A New Landmine For Privacy In India

Cloud computing is a cost effective and efficient service provided it is managed as per legal and moral standards. One of the biggest roadblocks for cloud computing is legal and regulatory issues. Cloud computing has been in controversies for violation of legal provisions in general and privacy rights in particular.

In the past telecom companies have been criticised for illegal and unlawful disclosures of private information of their users. For instance, the secret NSA program, working with AT&T and Verizon, recorded over 10 million phone calls between American citizens. This caused a fear among privacy advocates about the extent to which telecommunication companies can monitor their user activity.

Similar fears and contravention applies to cloud computing service providers, especially where there are no privacy laws and data protection laws. Clearly there is no universal or harmonised legal framework regarding cloud computing and telecommunications privacy. It varies from nation to nation and jurisdiction to jurisdiction. India has no dedicated privacy laws, data security laws and data protection laws.

Similarly, cyber security and cloud computing security issues are also by and large unresolved in India. India has no cyber security law in place. Event the sole cyber law of India, i.e. information technology act, 2000 is useless for preventing growing menaced of cyber crimes in India.

With companies like research in motion (RIM) openly declared their intentions to allow cloud computing base data access for blackberry services in India to intelligence agencies and law enforcement agencies, this trust deficit has widened further. Fortunately, Google rightly refused to part with encryption keys regarding its Gmail services. This is a bold step on the part of Google and others must also follow the same path.

There is no reason whatsoever that cloud computing would not violate privacy rights, data protection principles and data security practices in India. In fact, there is a very bright possibility that all these unlawful acts would happen in India without any legislative safeguards and court orders.

If you are privacy conscious do not use cloud computing in India and oppose governmental use of the same for public delivery of its services. The fact is that India is not yet ready for cloud computing.

Indian Cyber Defence Must Be Strengthened

Technology and polices do not go well in India. Policy and legislative issues regarding technology are never considered properly in India. We have a weak and criminals friendly cyber law in India, absence of cyber security to protect our cyberspace, inadequate cyber forensics capabilities, lack of legal enablement of ICT systems in India and so on.

The list is endless and there is no need to further add failures in the fields of e-governance, e-readiness and other ICT projects of India to this list. However, what is worrisome is the fact that Indian computers and cyberspace is highly vulnerable to cyber crimes and cyber attacks.

India has no guidelines and policies regarding crucial issues like critical ICT infrastructure protection, protected systems, cracking of crucial and strategic governmental computers and systems, defence force empowerment for cyber warfare, etc.

Even there is no protection against cyber espionage and cyber terrorism in India. This sad position exists in India because our Parliament did not find important enough to ensure legal enablement of ICT systems in India and to ensure strong and robust laws regarding these crucial issues.

What is more frustrating is that India is wasting crores of public money on illegal and unconstitutional projects that have been rightly rejected by countries like US, UK, etc. However, India found these projects worth trying and is eager to throw away crores of public money rather than utilising it for the real and effective betterment of India.

We do not need Aadhar project, Natgrid, CCTNS, e-surveillance and snooping capabilities, etc. These projects are just cash cows that few IT companies of India and abroad are encashing. We need real and effective cyber security and national interest oriented projects.

India is sleeping over crucial issue and is adopting absurd and unconstitutional projects for the sole benefit of few. Industrial lobbying has really taken its toll on the cyber law, cyber security and cyber forensics front in India. Let us hope India would wake up from its deep sleep before it is too late. Let us also hope that India would develop timely, effective and robust cyber security offensive and defensive capabilities urgently.

Tuesday, January 18, 2011

E-Courts In India Needed

Indian judicial system is overburdened and technology can help it in reducing the growing arrears of cases in India. However, there is a problem in adopting and using technology for legal and judicial purposes in India. Legal enablement of ICT systems in India is missing and this makes the use of technology for legal and judicial purposes almost impossible in India.

Take the example of national litigation policy of India (NLPI). Although it carries lots of legal and judicial reforms yet when it comes to use of technology, it is silent about that aspect.

Technology can be used in legal and judicial system of India in many forms. For instance, online dispute resolution (ODR) can be used for resolving many cases out of court as well as while they are pending in courts. Presently, ODR in India is seldom used except by few ODR providers of India.

Similarly, technology can be used for establishing e-courts in India. Unfortunately, till the month of January 2011, we do not have even a single e-court in India. We are still waiting for the establishment of first e-court of India.

E-courts in India cannot be established till we have good techno legal expertise to manage this mission mode project. India has a single techno legal e-courts training and consultancy centre. Obviously, lack of expertise is hindering use of technology for ODR and e-courts purposes in India.

Law minister Veerappa Moily must urgently take some effective and concrete measure so that technology can be an integral part of Indian legal and judicial system.

Monday, January 17, 2011

CBI And Police In India Is Operating Without Laws

Parliamentary democracy is the backbone of any nation that believes in rule of law. This is so because parliament of any nations is primarily responsible for enacting suitable and timely laws so that law and order can be maintained in the society. However, what would happen if there is no parliamentary democracy or the parliament of a nation fails to fulfill its constitutional duties?

Unfortunately, this is exactly what is happening in India these days. Indian Executive is imposing projects and authorities without any legal framework and with no parliamentary oversight at all. Projects like Aadhar, Natgrid, CCTNS and authorities like UIDAI are classic examples of lack of parliamentary democracy in India.

However, something more drastic and bizarre is also present. Even after more than 60 years of getting its independence, Indian law enforcement and intelligence agencies are virtually governed by no legal framework.

Even the premier investigation agency of India known as central bureau of investigation (CBI) of India is not governed by any law. It is only with the draft central bureau of investigation act, 2010 (Bill) that some sort of legal framework has been suggested for CBI.

The draft CBI Act 2010 also needs further improvements and modifications. Further, with the legal framework for CBI, it would also require to hone up its skills regarding cyber law, cyber forensics, cyber security, etc. Recently the website of CBI was defaced and it remained offline for more than a month. This also means that the national informatics centre (NIC) of India also needs to put in place good cyber security policy.

The recent parliamentary session of India was completed wasted and wiped out without any legislative business. With the present bad performance of parliament incidences like these would further undermine its dignity and role. It is high time that parliamentary democracy must be resorted in India that has lost somewhere in the galleries of executive branch of constitution of India.

Friday, January 14, 2011

Legal Education In India Needs Reforms

Legal education in India is still governed by traditional fields like criminal law, civil laws, corporate laws, etc. A majority of law colleges still follow the traditional syllabus. Contemporary topics like cyber law, competition law, private international law, etc are taught in very few law colleges of India. Further, even if these subjects are taught in some colleges, practical aspects of the same are seldom taught in these law colleges.

Surprisingly even after the graduation in law, subsequent higher legal education is an exception than the norm. Very few students opt for masters and doctorate degrees. This is undermining the research capabilities of India in legal fields.

Surprisingly, concepts like lifelong learning in India (LLI) or continuing legal education in India (CLE) are still not much known in India. Even the law ministry is not very enthusiastic regarding CLE.

The present legal education is regulated by the bar council of India (BCI) that instead of improving the quality of legal education imposed the bar examination upon fresh law graduates. Fortunately, it has been postponed and may never see the light of the day.

Both BCI and law ministry must come out with a clear legal education reform policy that meets the requirements of contemporary times. For instance we need institutions like PTLB that provide practical techno legal trainings and education.

Further, with the growing use of information technology, e-learning and online platforms can further strengthen the legal education and training in India. This would also extend the reach of qualitative law colleges and institutions to areas where opening of traditional law colleges is not possible.

Law minister Veerappa Moily must urgently draft a concept paper on legal education reforms in India and include many concepts and areas that are still missing from the legal education of India.

India Needs A New And Better Cyber Law

Cyber law of India has become a nightmare due to growing interference of industrial lobbying in India. Thanks to the cyber criminal friendly nature of our information technology act, 2000 (IT Act 2000), now any cyber criminals can commit almost any cyber crime and go free.

This is so because the information technology amendment act, 2008 (IT Act 2008) has made almost all cyber crimes bailable i.e. the cyber criminals are entitled to bail as a matter of right.

Experts feel that, India does not have strong and effective cyber laws to deal with crucial issues like critical infrastructure, cyber security, cyber forensics, etc. India is blind towards cyber law, cyber security and cyber forensics requirements. The IT Act, 2000 is a poorly drafted law and badly implemented legislation. It is weak and ineffective in dealing with growing Cyber Crimes in India as it is the most Soft and Cyber Criminal Friendly Legislation of the World, says Praveen Dalal, Managing Partner of Techno Legal ICT Law Firm Perry4Law and Supreme Court Lawyer.

Another aspect that has made the present cyber law of India unconstitutional is absence of privacy laws and data protection laws in India vis-à-vis e-surveillance and Internet censorship powers. In the absence of Privacy and Data Protection Laws and Unaccountable and Unregulated E-Surveillance Provisions under the amended IT Act 2008, the E-Surveillance, Internet Censorship and Website Blocking Powers cannot stand the “Constitutionality Test” of Constitution of India, opines Praveen Dalal.

The fact is that ministry of communication and information technology (MCIT) has not been performing the functions and duties entrusted to it by Indian government. MCIT needs a complete overhaul and scrutiny of prime minister’s office (PMO).

To start with, MCIT must urgently start the initiative of drafting a new and effective cyber law of India. Once that is done, we can get rid of the bane named information technology act, 2000.

Wednesday, January 12, 2011

Aadhar Project And UIDAI Must Be Scrapped

One of the most controversial projects of India is unique identification project of India (UID project of India) or Aadhar project of India. The Aadhar project is openly and blatantly violating various civil liberties of Indian citizens. Even the unique identification authority of India (UIDAI) is devoid of any constitutional and legal status.

If Aadhar project and UIDAI are clearly unconstitutional project/authority why is Indian government wasting crores of money upon them? This is the most frustrating aspect of Aadhar project and UIDAI.

The only answer seems to be so that the Indian government can enhance its e-surveillance capabilities by clubbing Aadhar project with national population register (NPR) of India, national intelligence grid (Natgrid), crime and criminal tracking network and systems (CCTNS), etc. These are only known projects and there may be many projects that Indian citizens may not be aware of.

According to Praveen Dalal, Supreme Court lawyer and leading techno legal expert of India, there is no second opinion about the fact that Aadhar Project and UIDAI are “Unconstitutional” in the absence of a “Constitutionally Sound Law” in this regard. This is more so when there are no dedicated Privacy Laws in India and Data Protection Laws in India, opines Praveen Dalal.

Surprisingly, the government of India has deliberately abstained from enacting suitable privacy and data protection laws in India. On the contrary, it amended the sole cyber law of India contained in the information technology act 2000 (IT Act 2000) through the information technology amendment act, 2008 (IT Act 2008).

After this amendment, unregulated, unaccountable and unconstitutional powers were obtained by Indian government regarding e-surveillance and electronic eavesdropping in India. This amendment was primarily made to accommodate projects like Natgrid, Aadhar, CCTNS, etc.

Even there is no lawful interception law in India. The present E-Surveillance and Phone Tapping practices adopted by India are “Unconstitutional” in the absence of a Constitutionally Sound Lawful Interception Law, says Praveen Dalal.

If we analyse the entire scenario, there are very strong ground to scrap Aadhar project and UIDAI till proper legal framework is at place. May be our Prime Minister Dr. Manmohan Singh would take initiative in this regard before it is too late.

Monday, January 10, 2011

E-Courts In India: Project Report For December 2010

India has been sleeping over crucial cyber issues like strong cyber law, effective cyber security and adequate cyber forensics capabilities. Further, industrial lobbying has kept the genuine national interests at far distance and introduced elements of commercial interests for the benefits of few.

Naturally, Parliament of India has not acted the way it was supposed to act in these crucial areas. The Parliament of India must scrap the cyber law of India i.e. information technology act, 2000 and enact an apt law that serves national interest rather than commercial interests of few big industrial players of India.

Besides the “inherent cyber criminals friendly weaknesses” of Cyber Law of India, it has also eliminated the chances of having good alternative dispute resolution mechanism through the use of Information and Communication Technology (ICT), says Praveen Dalal, Supreme Court Lawyers and Managing Partner of Perry4Law. Neither E-Courts nor Online Dispute Resolution (ODR) can be established and survive within the present Legal Framework of IT Act, 2000, warns Praveen Dalal.

Besides having virtually no legal framework for establishment of E-Courts in India and use of ODR for Dispute Resolution of Cyber Contraventions under the IT Act, 2000, even the National Litigation Policy of India (NLPI) has failed to consider E-Courts and ODR as effective methods of Speedy Trial and Judicial Reforms, says Praveen Dalal.

No wonder, we are waiting for the establishment of first e-court in India even till December 2010 and there is no use of ODR in India. The tenure of e-court committee of India has already expired and even the empowered committee of department of justice has not been constituted till now.

The worst in this situation that government of India can do is to entrust the responsibility of establishment of e-courts in India to industrial bodies and associations and their partners. Law Minister Veerappa Moily must urgently step in to salvage the situation that has already become very worst.

Will India Wake Up To Cyber Security Realities?

Industrial lobbying is a bane for India as it has been weakening Indian economy and Indian national, internal and external security. Take the issue of cyber law, cyber security and cyber forensics.

India has a pathetic and criminal friendly cyber law known as information technology act, 2000 (IT Act 2000). The same has been amended by the information technology amendment act 2008 (IT Act 2008) for the sole purpose of e-surveillance and Internet censorship activities in India. This present pathetic position of the IT Act 2000 is also due to the industrial lobbying that prevented Parliament of India from enacting a strong, effective and stringent cyber law.

According to Praveen Dalal, Managing Partner of techno legal ICT Law Firm Perry4Law and Supreme Court Lawyer, India is blind towards cyber law, cyber security and cyber forensics requirements. The IT Act 2000 is a poorly drafted law and badly implemented legislation. It is weak and ineffective in dealing with growing Cyber Crimes in India as it is the most “Soft and Cyber Criminal Friendly Legislation” of the World, opines Praveen Dalal. There is an urgent need to “Amend” the present cyber law of India and make it Robust, Effective and Stringent, suggests Praveen Dalal.

An issue related to this lack of cyber capabilities of India pertains to capabilities of law enforcement agencies to deal with cyber law and cyber crimes related cases. Presently, Indian law enforcement agencies have negligible capacity in this regard.

With the suggestion of The Central Bureau of Investigation Act, 2010 (The CBI Act 2010), the responsibilities of CBI would also be increased drastically in this regard, informs Praveen Dalal. However, CBI is not prepared to deal with issues like cyber law, cyber security and cyber forensics. In fact, CBI website has been defaced by alleged Pakistani crackers and is down for the time being.

India needs greater research and training in the fields of cyber war, cyber terrorism, cyber security, cyber forensics, cyber law, etc. India just has a single techno legal cyber security centre that is providing techno legal research, training and education in this regard. CBI and other law enforcement agencies must actively seek support of institutions or centers like the one managed by Perry4Law Techno Legal base (PTLB).

It has been a long time since India is sleeping over these crucial matters. It is high time for India to wake up and do something in this regard.

Sunday, January 9, 2011

The Draft Central Bureau Of Investigation Act, 2010

One of the major problems with Indian law enforcement agencies and intelligence agencies is that they are virtually governed by no law. Experts of this field have been asking for the establishment of sufficient laws for law enforcement agencies and intelligence agencies of India for long.

The CBI, IB and RAW in India represent a case in which there is almost no law to look at. Further, there is no legally tenable mechanism that can keep an eye upon these agencies and their functioning. With the enactment of National Investigation Agency Act, 2008 some steps have been taken in this regard.

With the introduction of endemic surveillance and e-surveillance projects like Aadhar, national intelligence grid (Natgrid), crime and criminal tracking network and systems (CCTNS), etc it has become absolutely essential to enact suitable laws in this regard.

According to Praveen Dalal, Supreme Court Lawyers and Managing Partner techno legal firm Perry4Law, there is an urgent need of “Parliamentary Oversight” of Intelligence Agencies and Law Enforcement Agencies in India as presently there is none. Fortunately, The Central Bureau of Investigation Act, 2010 has been drafted by the Indian Government and after proper deliberations and its finally passing by the Parliament of India, it may become an enforceable law very soon, informs Praveen Dalal.

However, is the CBI Bill sufficient to accommodate the growing requirements of civil liberty protections in India? Like all other similar Bill, even the CBI Bill is suffering from various “Shortcomings”, informs Praveen Dalal. The chief among them is absence of “Civil Liberty Safeguards” against possible misuse of projects like Aadhar, NATGRID, CCTNS, etc, opines Praveen Dalal. However, at least a good step in the right direction has been taken by Indian Governments, says Dalal.

Will Supreme Court Of India Protect Privacy Rights In India?

Enactment of suitable Privacy Laws in India is long overdue. However, the Government of India has not considered this issue to be important enough.This is so even if Projects like Aadhar, NATGRID, CCTNS, etc may be declared to be “Unconstitutional” by Constitutional Courts of India. The matter is pending before the Supreme Court and this occasion can be utilised by it for prescribing “Stringent and Suitable” Privacy Rights Guidelines.

In this “Guest Column” Praveen Dalal, Supreme Court Lawyer and Managing Partner of Perry4Law, has analysed the possibility of expansion of right to privacy in India by the Supreme Court of India.

Few things related to 2G Scam have happened in the right perspective so far at the Supreme Court of India. The questioning of Supreme Court regarding inaction on the part of Prime Minister’s Office (PMO) India, giving due credit to the CAG’s Report, accepting Ratan Tata’s Writ Petition regarding Privacy Rights Violation, etc are some of them.

The latest to add to this list is denial of Supreme Court to issue any “Interim Relief” in the Tata’s Writ Petition and issuing of notices to open and outlook magazines which had published contents of the alleged taped conversation.

Tata had sought an interim relief for restraining the respondents from further publication of recorded conversations between him and Radia. He also sought an Injunction that would prevent the publishing and circulation of the contents of these conversations in “Any Form”. However, is it possible and does it make any difference at this stage?

The answer seems to be in Negative although Tata may not like the same. This is because contents of conversations are already out in “Public Domain” and on multiple traditional and electronic mediums and platforms. It is not possible for the Supreme Court of India or even for the Government of India to do much at this stage and in this regard.

However, one aspect has skipped the attention of all parties to the Writ Petition and even of the Supreme Court. The sole purpose of Ratan Tata seems to be to protect “His Privacy Rights” by preventing the “Disclosure and Circulation” of conversation or communication recorded through “Surveillance Methods” of State machinery. At this stage this concern and demand seems to be “Infructuous” and “Academic Purpose” only. This is because even if Supreme Court of India provides the “Relief” that Tata is claiming “In Toto”, the “Contents” of the conversation would remain on Internet and this is next to impossible to remove.

There is a blessing in disguise in Tata’s Petition. This is a golden chance for the Supreme Court of India to analyse the “Implementation” of its decision in the PUCL case (Phone Tapping Case). The Supreme Court must “Widen” the scope of Privacy Rights in India not only in the context of Phone Tapping but in an “Overall Manner”. The Supreme Court must formulate and lay down the widest possible “Guidelines” regarding Privacy Protection in India as it has done in the Vishaka’s Case (Guidelines against Sexual Harassment).

I hope this Writ Petition by Tata would come as a rescue of Fundamental Rights in general and Right to Privacy of Indians in particular. The only question that remains to be seen is will the Supreme Court of India protect Privacy Rights of Indians at large? I am optimistic and would be glad to see this outcome.

Legal Framework For Mandatory Electronic Delivery of Services In India

Electronic governance (e-governance) is the best form of good governance. E-governance brings transparency, accountability and fairness in the governmental dealings with the citizens. Since e-governance is an administrative aspect, which may or may not be used by government and its officers, a legal framework is usually established so that electronic delivery of services can ensured.

E-governance in India has failed miserably barring very few and exceptional cases. This is because e-governance in India is ailing from various vices and shortcomings. To be successful, e-governance in India needs accountability and department of information technology (DIT) India must be answerable to the prime minister’s office (PMO), India.

National e-governance plan (NEGP) of India has already failed to a greater extent. Even ICT Trends in India 2009 by Perry4Law Techno Legal Base (PTLB) have marked the year 2009 “Blunder ICT Year” of India. The year 2009 saw some major information and communication technology (ICT) pitfalls and bad decisions were made by the Indian government. The year 2010 has been even worst where 2G scam and other administrative and legal lapses have been committed by DIT, India. It would not be wrong to conclude that India has become technologically bankrupt.

Many problems of NEGP and e-governance projects of India can be solved by enacting effective privacy and data protection laws in India. In the absence of privacy and data protection laws, projects like Aadhar, national intelligence grid (Natgrid), crime and criminal tracking network and systems (CCTNS), etc can never be legitimate, legal and constitutional. Similarly, authorities like unique identification authority of India (UIDAI) are also illegal and unconstitutional in the absence of such laws.

However, the real problem with Indian e-governance initiative is that legal framework for mandatory electronic delivery of services in India is missing, says Praveen Dalal, Supreme Court lawyers and Managing Partner of India’s exclusive techno legal law firm Perry4Law. There is no effective legal enablement of ICT systems in India and even the Information Technology Act, 2000 is non-mandatory in nature in this regard, informs Praveen Dalal.

Naturally, e-delivery framework in India is in doldrums despite the contrary claims of Indian government. Further, e-infrastructure system of India is in big mess. Although, Right to Information Act, 2005 mandates that all public authorities must maintain their records in electronic form, yet this mandate has by and large been neglected by all public authorities of India, informs Praveen Dalal.

Perhaps, too much autonomy and powers have been given to the DIT, India by PMO. It is high time for the Prime Minister of India Dr, Manmohan Singh to ask time bound and actual results from DIT, India so that e-delivery of services in India can become a reality and not just paper achievement.

Where Are Privacy Rights In India?

Privacy rights in India have always been neglected. Indian government has obvious interests in not enacting a well define privacy that that can curb the excessive surveillance and endemic e-surveillance activities of sate and its instrumentalities. Even the civil society kept a mum up to a stage when e-surveillance and phone tapping has become epidemic. Now all of a sudden privacy issues has become a nightmare for Indian government.

To start with, data and privacy laws are missing in India. Even there is no sign that such crucial laws would be enacted for another five years or more. All past assurances of Indian government in this regard are just façade to keep civil liberties activists silent.

Further, there is no lawful interception law in India. Of course, we have a colonial law named Indian telegraph act that is not at all meeting the requirements of present time. Instead of enacting a suitable law that meets the requirements of Indian constitution, the Indian government is keeping the dead law alive for the sole purpose that its activities can remain free from judicial scrutiny and without legal obstacles. This law is also primarily used to engage in legal as well as illegal phone tappings in India.

On top of it are illegal and unconstitutional projects like Aadhar, national intelligence grid (Natgrid), CCTNS, etc and unaccountable authorities like UIDAI that are having an absolute free hand regarding funds, lack of accountability and absence of transparency.

UIDAI is one of the worst e-surveillance instrumentalities of India and prime minister’s office of India (PMO India) must take active steps to scrap Aadhar project and UIDAI till proper legal framework and adequate safeguards are at place.

Similarly, it seems that the Natgrid project would be imposed upon us by the cabinet committee on security (CCS). Although, Natgrid project has not yet been approved by CCS yet the way Home Ministry of India is lobbying there seems to be little hope that CCS would not be forced to grant its approval even after its own objections in this regard.

Similarly, there is little planning and coordination regarding CCTNS in India. In fact, CCTNS may not be accepted by various states of India in the absence of proper planning, guidelines and legal framework.

In all this drama, there is still little hope from the Supreme Court of India (SCI). The decision of SCI on the writ petition of Ratan Tata must also include the constitutionality of Aadhar project/UIDAI, Natgrid, CCTNS, etc. The SCI would be deciding about the conflicting interests of public interest and privacy rights but no such question arises when there is no public interest involved at all.

Indian government is violating privacy rights of Indians without just causes and in the absence of any legal framework. Let us hope the SCI would do justice to this situation and reformulate privacy norms for India as soon as possible and without delaying the matter too much. I hope the entire exercise of SCI is not limited to mere prohibition of release of phone tapping tapes.

Saturday, January 8, 2011

Cyber Warfare Capabilities Must Be Developed In India

Cyber warfare is not a new term anymore. Although, its exact definition and scope is not clear yet none can deny the role of information warfare in the near future. Even India has also appreciated its importance. The best part is that this appreciation is coming from none other that the Prime Minister of India Dr. Manmohan Singh.

Dr. Manmohan Singh has issued clear directions to National Security Council (NSC) of India to work in the direction of establishment of cyber command authority (CCA) for India. Dr. Singh has also asked for putting in place an action plan before such an authority is set up. Dr. Singh has also rightly deferred the plan to set up CCA till a thorough review of the cyber threat is done.

However, India lacks proper expertise and training to undertake such an ambitious project and establish such an authority. We have a single techno legal cyber security research, training and education centre in India (CSRTCI). Further, we also have a single techno legal cyber security training and educational centre in India managed by Perry4Law Techno Legal Base (PTLB).

According to Praveen Dalal, CEO of CSRTCI and Leading Techno Legal Expert of India, Cyber Warfare Capabilities have assumed tremendous importance these days. The future Cyber Warfare would be even more mysterious, anonymous and dangerous. Further, the Indian Government even need not to spend crores of cash for this purpose if it opts for “Open Source” Software, suggests Praveen Dalal.

So the matter boils down to appropriate cyber security policy and adequate techno legal training. Dr. Manmohan Singh must include as many institutions and individuals as possible so that cyber security of India may become robust and effective.

Critical Infrastructure Protection In India Is Required

Critical infrastructure protection (CIP) in India (CIP in India) is an essential part of homeland security of India. Homeland security is assuming importance these days in India. However, homeland security of India needs urgent rejuvenation as the same is not up to the mark. As the concept is new, it would be fair if India take two or more years to streamline its homeland security.

Further, cyber security issues are also closely related to homeland security of India. On the front of cyber security as well India has to cover a long distance. India must develop cyber security capabilities as soon as possible.

Cyber Security and Homeland Security are in infancy stage in India, says Praveen Dalal, Managing Partner of Perry4Law and leading techno legal expert of India. Both of them are very important to preserve India’s Critical ICT Infrastructure Protection. Further, India also needs a separate Framework for Cyber Security, CIP and Homeland Security issues, suggest Praveen Dalal.

With the growing cyber threats against India like cyber terrorism, cyber warfare, cyber espionage, etc, it is very much required to have good cyber security strategy in India. India also needs to formulate suitable ICT policy covering all these crucial issues.

However, of all the requirements the most important one pertains to techno legal skill development in India. Indian government or its agencies do not have sufficient numbers of skill workforce to deal with issues like cyber law, cyber security, cyber forensics, cyber warfare, cyber terrorism, cyber espionage, etc.

We have just a single techno legal cyber security research, training and education centre (CSRTCI) in India. The CSRTCI is managed by Perry4Law Techno Legal Base (PTLB), one of the techno legal segments of Perry4Law and spearheaded by Praveen Dalal himself.

Finally, India has also not shown much interest in formulation of techno-legal crisis management plan (CMP). Although many talks in this regard have been undertaken, a concrete action in this regard is still awaiting.

Home Minister P Chidambaram must take initiative regarding cyber security, cyber forensics, cyber warfare, etc. Home Ministry is currently undertaking projects like Natgrid, CCTNS, etc and it would be a good idea to cover areas like CIP, homeland security, and CMP as well.

E-Surveillance Is Not A Substitute For Cyber Skills

I personally believe that our Home Minister Mr. P Chidambaram is a learned and honest person. However, he is also gullible. Whether it is multinational companies, foreign governments, law enforcement agencies, etc all of them are selling their “stale and failed ideas” to Mr. Chidambaram and he is willingly accepting the same with a generous heart.

It seems many people and companies have realised that India is a very good market when it comes to security and cyber security related products and services. However, what would Indian government do with cyber security products if it cannot use the same?

If the Home Ministry or Indian government is even little bit aware how concepts like cyber security and cyber forensics work, it must be aware of free and open source software (FOSS) and open source hardware.

The cost is just one of the factors. The real issue is to manage the affairs of Home Ministry in a constitutionally sound manner. Home Ministry has been mandating various acts or omissions that openly go against the spirit of Indian Constitution.

For instance, India has no constitutionally valid phone tapping law and phones are tapped in India on the basis of unconstitutional colonial laws.

Similarly, privacy laws and data protection laws have been deliberately kept out of the loop of legislative business of parliament of India to accommodate illegal phone tappings and e-surveillance. Even projects like Aadhar and authorities like UIDAI are working on this principle.

Encryption standards that are essential for strong cyber security and risk free e-commerce have been deliberately constrained to ridiculous levels. Companies like Blackberry, Skype, Google, etc have been asked for to surrender encryption keys so that law enforcement and intelligence agencies may snoop at will.

I think the real problem is that neither our executive/parliament/judiciary nor our law enforcement and intelligence agencies are aware of technical issues like cyber law, cyber security and cyber forensics. As an escape route they have decided to use e-surveillance as a substitute to cyber capabilities.

Mr. Chidambaram, e-surveillance is not the substitute for cyber security and cyber forensics capabilities. You must give suitable and practical training to your law enforcement and intelligence agencies in cyber law, cyber security and cyber forensics so that they can solve cases and save millions of precious lives in real time.

National security, and above that every single life, is very important but there must be checks and balances while exercising it. National security should not be used as a façade to violate civil liberties in India, which unfortunately is presently happening in India.

Lawful Interception Law Missing In India Says Praveen Dalal

In this “Guest Column”, Praveen Dalal Supreme Court Lawyer and CEO of Exclusive Human Rights Protection Centre in Cyberspace (HRPIC) of India, has shared his views regarding phone tapping and e-surveillance laws of India. The views and opinions are solely of Mr. Praveen Dalal and we do not endorse or substantiate his viewpoints.

It is both ironic and sad that laws used by British Government against Indians are used by our own Indian Government against its own Citizens. There are many “Draconian Colonial Laws” that were kept intact by Indian Government even if they go against the very Philosophy and Spirit of Indian Constitution. This is because these Outdated and Unconstitutional Laws are well serving the “Purposes” of Indian Government.

One of such laws that require an immediate repeal is the Indian Telegraph Act, 1885. It is the most abused law of India when it comes to Phone Tapping and Illegal Surveillance. The fact and truth is that India does not have a Legal and Constitutionally Sound Phone Tapping and E-Surveillance Law.

Even after the Supreme Court of India declared Right to Privacy a part of Article 21 of Indian Constitution, Indian Government kept at bay the requirement to protect Privacy Rights of its Citizens. Instead, it preferred to impose Projects and Authorities without any Legal Framework. This is nothing but a “Complete Failure” of “Parliamentary Democracy” in India. I wonder whether India has Separation of Powers anymore.

So much so that even after the Supreme Court’s Judgment in PUCL case prescribed minimum “Safeguards” against Illegal Phone Tapping, nothing has changed. The “Safeguards” provided by Supreme Court were “Sub Minimum” and even those Safeguards are not followed in India.

Naturally, even Private Individuals also jumped upon Illegal Phone Tapping and E-Surveillance business and they are openly operating in India. This is bound to happen because when even the Government is not “Fair”, it cannot expect its Citizens to be honest and upright.

Till now it is clear that India would not provide any sort of Privacy Rights to its Citizens and would not protect their crucial Data through a dedicated and strong Data Protection Law in India. The only safeguard that is available against Indian Government and Private Individuals from violating our Privacy Rights is to use “Self Defence Measures”.

This is the reason why I believe that Google, Skype, Blackberry, etc must not succumb to the pressures of Indian Government. They must strongly refuse to share any information regarding its users unless and until there is a “Court Order” in this regard.

Time has come for the Supreme Court of India to stop Indian Executive from Hijacking the Constitution of India, by bypassing both Parliament of India and Indian Judiciary. Since the matter is pending before Supreme Court, it can lay down “Stringent Requirements” before Phone Tapping and E-Surveillance can be conducted in India.

Computer Forensics Research And Development Needed In India

Cyber forensics or computer forensics in India is at the infancy stage. Cyber forensics is very important field that is required for many purposes. It is required for civil and criminal proceedings and it makes the criminal justice delivery system more effective and scientific.

However, despite the great demand for cyber forensics in India there is acute shortage of good cyber forensics experts in India. This is primarily due to lack of proper training and skill development institutions in India.

For instance, there is just a single techno legal cyber forensics training centre in India managed by Perry4Law Techno Legal Base (PTLB). We need more such training centers so that cyber forensics experts can be produced as per the contemporary requirements.

Once again we have a single techno legal cyber forensics research and development centre in India (CFRDCI) managed by PTLB and exclusive techno legal firm of India Perry4Law. The centre is not only doing research in the field of cyber forensics but also in allied fields like cyber security (CSRTCI), cyber warfare, cyber espionage, cyber terrorism, human rights protection in cyberspace, etc.

The centre is providing best practices for cyber forensics in India and is the exclusive repository for cyber forensics software in India. The best part of the centre is that it is managing the techno legal aspects of cyber forensics. Being techno legal it manages both legal and technical aspects of law and technology.

With the growing demands of cyber forensics in India, pressure upon the governmental laboratories and institutions is tremendous. Obviously, they cannot match the demand for growing cyber forensics requirements in the courts cases.

The government of India in general and Home Ministry in particular must actively look forward towards cyber forensics as an essential requirement for India. This is more so when projects like national intelligence grid (Natgrid), crime and criminal tracking network and systems (CCTNS), etc would be launched very soon. Let us hope for the best in this regard.

Central Monitoring System Of India In Pipeline

The proposed central monitoring system (CMS) by department of telecommunication (DoT) is a good step in the right direction. However, the chances of its failure and misuse are much greater than unconstitutional projects like Aadhar, National intelligence grid (Natgrid), etc. The only thing that goes in favour of the proposed CMS is that Mr. Kapil Sibal is the present Minister for the Ministry that is entrusted to implement the project.

Mr. Kapil Sibal being a learned person and a man of integrity, CMS may also have “procedural safeguards” that is rarely considered and provided by Indian government. The decision to frame appropriate rules under the sole cyber law of India, i.e. information technology act, 2000, shows his intention to respect and protect privacy rights and data protection within the limited sphere of cyber law of India.

However, this does not mean that India should not formulate appropriate privacy laws and data protection laws. Absence of privacy laws and data protection laws in India has already made some of the most important projects and authorities of India illegal and unconstitutional.

For instance, Indian law enforcement and intelligence agencies are operating almost without any law. Similarly, Aadhar project and unique identification authority of India (UIDAI) are operating without any law. Phone tapping and e-surveillance in India is done without a constitutionally sound law and so on.

Let us hope that Mr. Kapil Sibal would realise that CMS means putting all telecom communication within the hands of selective people. These selective people must be transparent and accountable through proper safeguards otherwise the whole purpose of CMS would be to further strengthen phone tapping and e-surveillance powers of Indian government and its agencies. Needless to mentions, that would be illegal and unconstitutional like the previous initiatives of Indian government.

Legal Framework For Information Society In India

One of the most challenging tasks for India is to provide legal framework for information society. It is also known as legal enablement of ICT systems in India. The main component of this process is that legal and judicial systems are customised in line with information and communication technology (ICT).

The examples of such process include electronic courts (E-courts), online dispute resolution (ODR) mechanism, enacting good cyber law, enacting good laws regarding cyber forensics, etc.

In the Indian context, a significant growth has already been achieved regarding computerisation of traditional courts and their procedures. Many crucial aspects regarding Indian litigation like case list, case status, certified copies, etc are available online. This has also considerable reduced the backlog of cases in India.

However, despite this growth India has failed on almost all other fronts. For instance, till January 2011 we are still waiting for the establishment of first e-court in India. We do not have any ODR mechanism in India, we have an outdated and criminal friendly cyber law in the form of information technology act, 2000 that requires urgent amendments, we have no laws regarding cyber forensics in India, etc. In short, legal enablement of ICT systems in India has failed so far.

A recent development regarding legal and judicial reforms pertains to national litigation policy of India (NLPI). Law Minister Veerappa Moily has launched this policy and very soon the same may be finalised. However, NLPI also failed to consider legal enablement of ICT systems in India properly. It failed to address the requirements of e-courts and ODR mechanisms.

We at Perry4Law and Perry4Law Techno Legal Base (PTLB) have publically provided our suggestions in this regard especially regarding e-courts and ODR. Hopefully, these suggestions would be incorporated in the final NLPI. After all legal enablement of ICT systems is an essential part of legal and judicial reforms of India and it cannot be ignored for long.

IT Act 2000 Rules In Pipeline

Shri Kapil Sibal, the Union Minister of Ministry of Information and Communication Technology has recently announced action plan for his Ministry for the next 100 days. This was a much needed reform for the otherwise plagued Ministry that has been in controversies in the past.

Some of the initiatives proposed by Mr. Kapil Sibal have far reaching reformative implications. For instance, Department of Telecommunications (DoT) would hold consultations for a transparent regime of licensing, spectrum allocation etc. Similarly, legal framework for mandatory electronic delivery of services in India would also be considered.

However, the most important initiative that is in pipeline is the proposal to frame and notify the rules in respect of key sections viz. 43A (Data Protection), 70A (Protection of Critical Information Infrastructure), 70B (Agency to handle Cyber Security), 79 (Liabilities of Service Providers) relating to Cyber Security in the Information Technology Act.

Till now it is not clear what the hurry was that forced the government of India to bring half backed and knee jerk based amendments in the cyber law of India. The information technology amendment act 2008 made cyber law of India weak and criminal friendly. Naturally, cyber crimes increased drastically in India. The proposed amendments brought more harm than benefits.

To make the matter worst, important provisions like data protection, critical infrastructure, encryption standards, etc have not yet been enacted sufficiently. Even the rules pertaining to these crucial provisions have not been formulated.

At last, Mr. Kapil Sibal took charge of the department of technology (DIT) that would bring some accountability in the department. Further, his intentions to formulate proper rules for various crucial fields are also praiseworthy. Let us hope for the best but nothing short of suitable amendments in the cyber law of India can make it effective.