Saturday, December 31, 2011

Online Education In India: Some Legal Considerations

Online education in India is still passing through a transformation. In India, a major focus is given to traditional institutionalised education system that requires establishment of big infrastructure not necessarily justifying its costs. On the other hand, online education can provide cost effective, timely, qualitative and transparent education system of India.

Another limitation of the traditional educational system of India is that it is largely academic in nature. Very few educational institutions of India are providing practical trainings and skills development courses while imparting education to their students and professionals.

This has resulted in mass unemployment for a large majority of educated masses of India. As per many studies and surveys, only 20-25% educated population is fit for employment purposes in India. We must stress more upon technical education in India and technical education skills development in India.

Skills development in India is an area that has still not got the attention of policy makers of India. This is more so regarding cyber skills development in India. Virtual campuses in India can solve many of educational problems of India. These problems include corruption, lack of transparency, lack of accountability, non qualitative education, monopolistic behaviours, etc. Virtual campuses can eliminate the corruption in higher education of India and bring fairness and competition among various stakeholders.

Higher education in India needs reform especially the higher legal education in India. PhDs in India are suffering due to corruption. Similarly, lack of skills and expertise is also affecting higher education in India.

Another area that has received limited attention of Indian government pertains to lifelong learning in India. For instance, till now Perry4Law Techno Legal Base (PTLB) is the exclusive techno legal lifelong learning institutions and centre of India. Professional continuing legal education in India is also missing.

Although efforts in the direction of conducting bar examinations in India were undertaken in 2011 yet they are not coherent and well designed and managed. Bar examinations in India need to be properly managed and scientifically undertaken. The focus should be to evaluate skills and knowledge of the students rather than introducing another hurdle that is more on the side of formality. A better option is to scrap the bar examination altogether or conduct a very qualitative bar examination in India.

Further issues have been introduced with the proposal to conduct Indian legal services examinations In India and Indian regulatory services examination In India. These examinations require a totally different outlook, orientation and preparation that are presently missing in India.

As online education in India is going to grow, contents creation and its management would be a big problem. For instance, legal research in India is no good and plagiarism in India and other places is widespread. Further, the growing use of online advertisement for online contents has increased the demand and value for educational and non educational contents. In order to earn money through advertisement and e-learning methods, many individuals and companies are violating the intellectual property rights (IPRs) like copyright of others.

Individuals and companies engaging in online business or transactions are required to observe cyber law due diligence in India. Cyber due diligence for companies in India requires that they avoid violating IPRs of others and also prevent the violation of the same at their own online platforms and websites.

Countries like United States have created dedicated laws like online copyright infringement liability limitation act (OCILLA) in this regard. However, in India we have no such dedicated law for dealing with online copyright violations cases. Even the copyright law of India is not expressly dealing with this issue. However, Internet intermediaries’ liability in India, under the information technology act 2000 (IT Act 2000), covers this issue.

The role and responsibility of Internet intermediaries in the field of copyright in India cannot be anymore ignored by various stakeholders. Even technological issues of IPRs in India must be kept in mind by all while dealing with others contents and IPRs. Liability of Internet intermediaries for copyright violations in India is very stringent under the cyber laws of India and contents of others should not be taken without their permissions.

Perry4Law Techno Legal Base (PTLB) has been providing various techno legal e-learning courses in India. These include online legal education in India, online cyber law education in India, online cyber law trainings in India, online cyber law courses in India, etc.

PTLB is providing the exclusive techno legal e-learning courses in India. The exclusive techno legal e-learning centre in India is also managed by PTLB. It is providing e-learning for lawyers in India, public legal awareness training in India, legal e-learning in India, online skills development in India , etc. There is no second opinion that Indian legal workforce needs to be skilled driven.

Similarly, online education in India needs to be developed urgently. However, in order to achieve this task, we must do proper planning and actual implementation. The sooner it is done the better it would for all the stakeholders involved.

Thursday, December 29, 2011

Cyber Laws In India

Cyber laws in India are very important part of legal framework world over. India also has a cyber law in the form of information technology act 2000 (IT Act 2000). With growing emphasis upon e-commerce and e-governance in India, cyber law in India has become very important.

However, we have no dedicated e-commerce laws in India and e-governance laws in India. With the proposed draft electronic delivery of services bill 2011 (EDS Bill 2011), some efforts in the direction of strengthening e-governance have been taken by Indian government. However, till now we have no mandatory e-governance rights in India under the cyber law of India.

The cyber law of India has many unique and interesting aspects. Internet intermediary liability in India, cyber due diligence in India, cyber due diligence for Indian companies, social media due diligence in India, etc are some of them. With the passing of the information technology amendment act 2008 (IT Act 2008), the liability of websites, social media platforms, blogging sites, etc has increased a lot. Domain name protection in India is another issue that may become a part of cyber law in the near future.

A lot of cyber crimes, cyber contraventions, intellectual property rights (IPRs) violations, etc are committed due to lack of awareness about Indian cyber law. However, many cyber crimes and IPRs violations are deliberately committed and they deserve to be taken seriously.

There are very low cyber crimes convictions in India. This is because the cyber crime investigations in India are not proper due to lack of cyber law and cyber forensics knowledge. There is an urgent need to ensure cyber skills development in India so that cyber crimes can be prosecuted successfully.

Perry4Law Techno Legal Base (PTLB) is managing the exclusive techno legal centre for cyber laws in India. PTLB is the exclusive techno legal e-learning institution of India. It is providing various techno legal e-learning courses in India and cyber law education and training is one of them.

Online cyber law education in India needs to be strengthened further. Online cyber law courses in India can fill the gap in our educational system that is largely academic in nature. Such online courses can not only provide practical trainings and skills development but they can also remove the distance barriers.

A special emphasis must be given to legal lifelong learning in India that is presently missing. Continuing professional legal education in India needs to be developed on the lines as has been done in western countries. Further, the legal and judicial fraternity of India needs scientific knowledge that has become necessary with the enactment of IT Act 2000 and similar technology related laws.

There are certain areas that are closely related to cyber law. For instance, issues like cyber forensics in India, e-discovery in India, cyber security in India, etc have still not got the attention of Indian parliament. We need dedicated laws on each of such fields that are presently missing in India. There are very few cyber forensics research, training and educational centers in India. Similarly, cyber security research centers in India are also limited. Even lesser are digital evidencing and e-discovery centers in India.

Cyber laws would also be relevant for areas like online dispute resolution (ODR) in India and e-courts in India. Cross border technology transactions and dispute resolution is the latest trend in the field of ODR. Further, legal issues of entertainment and media industry in India would also involve cyber law implications. DNS redirection and distributed denial of service attacks are these days used to protect IPRs and brands. These methods are strictly not legal and have serious cyber law implications.

There are many more issues that are involved with cyber laws of India. However, they cannot be covered in a single post and we would cover them one by one in our subsequent posts. We hope readers would find this information useful.

Monday, December 26, 2011

Indian Electronic Delivery of Services Bill (EDS) 2011

Electronic delivery of services is an efficient method of services delivery to public at large. Use of information and communication technology (ICT) eliminates many evils like lack of transparency, corruption, non accountability and brings order in public dealings.

Recently an agreement was signed between the World Bank and Indian government that granted a loan of $150 million to India for the e-delivery of public services in India. As a condition precedent to get the benefits of such loan, electronic services delivery in India has been proposed in the past. However, e-delivery of public services in India would still take few years as we have no legal framework for mandatory e-governance in India.

The proposed e-delivery of public services development policy loan of India has to be utilised through a policy and legislative framework that Indian government must establish very soon. The e-delivery of public services development policy loan (DPL) project of India would fail to take effect if either the electronic services delivery policy of India is not formulated or it is not implemented in a manner that confers mandatory e-governance services in India upon Indian citizens. In short, there should be a legal framework for e-governance in India that provides e-governance services to Indian citizens as a matter of right.

In fact, policy changes in this regard are already visible in India. For instance, the financial limits of mobile banking transactions in India have been removed to give better options of banking in India. Similarly, SEBI is contemplating electronic initial public offer (EIPO) in India. Even Indian judiciary is exploring the possibility of using an electronic bail communication system in India. Through the proposed Cable TV Networks (Regulation) Second Amendment Bill 2011 of India, digital television services would be offered to consumers at affordable prices and with superior quality.

To ensure e-delivery services in India, Indian government has proposed a draft electronic service delivery Bill, 2011 of India. This is a good step in the right direction. However, the proposed Draft Electronic Services Delivery Bill 2011 “failed” to provide mandatory e-governance services in India. The real problem with Indian e-governance initiatives in general and proposed ESD Bill 2011 in particular is that legal framework for mandatory electronic services delivery in India is still missing from it.

The parliament of India must amend the proposed ESD Bill 2011 so that better form of the same can be provided.

Social Media Due Diligence In India

Social Media Websites in India are facing numerous challenges these days. From Technical Difficulties to Legal Challenges, Social Networking Sites in India are under constant pressure to comply with the Laws of India. Although there are no dedicated Social Media Laws in India yet the Cyber Law of India is prescribing certain provisions in this regard. Social Networking Sites must be aware of these Social Networking Laws of India as a failure to do so may attract Civil and Criminal Sanctions.

Cyber Law Due Diligence in India is directly emanating out of Indian Information Technology Act 2000 (IT Act 2000) and it is also prescribing Cyber Due Diligence for Indian companies. Social Media Due Diligence in India is also flowing out of IT Act 2000 that very few in India have appreciated. Cyber Law on Social Media and Networking Sites in India demands exercise of “Due Care” and “Due Diligence” by these Websites and people managing the same.

Of late, Social Media Websites in India are frequently made “Parties” to various Civil and Criminal Cases. The “Representatives” of these Websites are summoned by Courts of India vis-à-vis various Cyber Crimes and Cyber Contraventions. Cyber Crimes and Social Media Websites in India have become inseparable these days and this may make the individuals managing day to day affairs of such websites “Liable” for these Cyber Crimes and Cyber Contraventions.

Cyber Due Diligence is also closely related to Internet Intermediaries Liability in India. Internet Intermediary Laws in India mandate that Social Media Websites must be “Diligent” while dealing with Cyber Crimes and Cyber Contraventions committed through their Platforms. Once the matter is “Brought to the Knowledge” of these social Media Websites, their liability “Accrues” as Internet Intermediary for these Cyber Crimes and Cyber Contraventions. Subsequently, they cannot deny either the “Knowledge” or their “Liability” for these Cyber Crimes and Contraventions.

Even in the field of Intellectual Property Rights (IPRs), the liability of Social Media Websites may arise. For instance, Liability of Internet Intermediaries for Online Copyright Violations is very common. Even in India cases pertaining to Online IPRs Violations may grow in near future.

However, there are some “Disturbing Trends” as well that may impact the growth of Social Media in India. For instance, the decision of Department of Information Technology (DIT) Minister Mr. Kapil Sibal to ask Social Media Websites Of India to Pre Screen Users Contents before posting in neither Possible nor Feasible. Fortunately, Mr. Kapil Sibal “clarified” that DIT do not wish Social Media Websites in India to Pre Screen Users Contents.

Similarly, any decision to Ban or Block a Social Media Website or any other Website that is used by large segment of Public in India for alleged or potential Cyber Crimes or Online IPRs Violation or Cyber Contravention would be a “Bad Decision”. What is more surprising regarding Blocking of Websites in India is that the same is often done without much “Application of Mind”. Simply because a Party has asked for Blocking of a Website in India from a Court in India should not be a “Sufficient Ground” to grant such permission. In India Websites have been blocked for reasons that cannot stand any sort of “Judicial Scrutiny”. Ironically, it is the Indian Judiciary itself that is granting Blocking of Websites in India as a “Matter of Right” of the Complainant.

The Ignorant Judicial Websites Blockings in India has increased a lot. What is more surprising is that Internet Service Providers (ISPs) like Reliance simply files a case and gets an Ex Parte or other “Favourable Order” from an Indian Court. Then they simply Block the Websites without analysing the “Legality’ of such an action.

However, the “Fault” lies with Indian Judiciary that grants such “Blanket Orders of Blocking” without going into the “Merits of the Case”. For instance, how can a Court decide that a File Hosting or File Sharing Website can “Possibly Violate” the IPRs of the Complainant? By issuing such “Blocking Order”, that also in an Ex Parte Mode, Indian Judiciary is making the Indian Cyberspace more “Unpredictable and Unreasonable”. In my personal opinion, Websites Blocking in India by Indian Judiciary is neither Strictly Legal nor Strictly Constitutional and Constitutional Courts of India must take note of this unfortunate fact.

The real solution to this problem lies at enacting a Social Media Policy of India by Indian Government that can be a “Guiding Factor” for all, including Indian Judiciary. Suitable Framework and Guidelines for use of Social Media by Government Organisations in India must also be enacted and implemented properly. Indian Social Media Framework and Guidelines for Government Organisations has already been framed and all that is required is its “Proper and Actual Implementation” in India. The Guidelines for Social Media Contents Monitoring in India may also be issued very soon.

Social Media Websites Due Diligence in India needs to be taken “Seriously” by all Stakeholders. However, there need to be a “Harmony” between executive, Judiciary and parliament in India. The “Chaos” through which Social Media Jurisprudence in India is suffering must be removed as soon as possible.

Wednesday, December 21, 2011

Intelligence Gathering Is Not Above Right To Privacy In India

Right to privacy in India is a constitutional right. Efforts are in the process to make it a statutory right as well. A dedicated statutory right to privacy in India is in pipeline in the form of right to privacy bill of India 2011. The proposed Bill must protect human rights in cyberspace to be valid and constitutional and it must respect the privacy rights of Indians in the information age. The proposed draft right to privacy bill 2011 of India may confer some form of privacy rights to Indians. However, its true scope is yet to be made public.

Privacy laws in India and privacy rights in India have always been ignored. We have no national privacy policy in India as well. Data protection laws in India are missing and so are data privacy laws in India. Privacy, data protection and India seems to be separable and unrelated concepts.

Indian government launched projects like Aadhar, National Intelligence Grid (Natgrid), Crime and Criminal Tracking Network and Systems (CCTNS), National Counter Terrorism Centre (NCTC), Central Monitoring System (CMS), Centre for Communication Security Research and Monitoring (CCSRM), etc. None of them are governed by any Legal Framework and none of them are under parliamentary scrutiny.

Further, there are some very crucial issues that are posing constitutional problems for the intelligence and security agencies of India. For instance, intelligence gathering in India is unconstitutional. Similarly, counter terrorism capabilities of India are not sufficient and Indian counter terrorism capabilities needs rejuvenation. Finally, parliamentary oversight and constitutional safeguards are missing in the functions of these agencies.

India does not have a constitutionally sound lawful interception law. Phone tapping in India is still done in an unconstitutional manner and at times by private individuals as well. Further surveillance of Internet traffic in India is now openly acknowledged by Indian government.

The intelligence infrastructure of India has become synonymous for non accountability and mess. There is neither any parliamentary oversight nor and transparency and accountability of the working of intelligence agencies of India. Intelligence infrastructure of India needs rejuvenation keeping in mind the constitutional obligations.

The draft Intelligence Services (Powers and Regulation) Bill, 2011 has failed to take the shape of a law in India and it has been announced that law on intelligence agencies would be formulated soon. Even the Draft Central Bureau of Investigation Act, 2010 has failed to become an applicable law.

E-surveillance in India, websites blocking in India, Internet censorship in India, etc are also not done a strictly constitutional manner. Till now Indian courts have not tested the acts of intelligence agencies. Recently Indian research and analysis wing (RAW) was granted e-surveillance powers without any legal framework. Now the home ministry of India is demanding that intelligence and law enforcement agencies must be kept out of the purview of the proposed Privacy law, and should be allowed to continue monitoring the activities and carry out electronic surveillance of citizens.

Home ministry is suggesting that the way intelligence and investigation agencies are exempted under schedule 2 of the Right to Information (RTI) Act, they should be kept out of the proposed privacy Bill in view of national security.

Under schedule 2 of the RTI Act, citizens are restricted from seeking information from agencies such as the Intelligence Bureau (IB), the Research and Analysis Wing, the Central Bureau of Investigation, the National Investigation Agency, the National Intelligence Grid and the National Technical Research Organisation.

Home ministry do not wants the privacy Bill to interfere with intelligence gathering activities even if means accommodating more safeguards in line with the sprit of the privacy Bill.

This seems to be an unreasonable demand as we must now stress upon great parliamentary scrutiny of intelligence agencies and law enforcement agencies. On the contrary we are diluting the constitutional freedoms and procedural safeguards. It is high time for parliament of India to interfere and enact constitutionally sound laws in this regard.

Sunday, December 18, 2011

Cyber Crimes And Social Media Websites In India

Social media websites are popular places for building new relationships and contacts. However, social media websites are also becoming a place for cyber criminals to indulge in various cyber crimes. In fact, the share of offences related to social media websites among cyber crimes registered in India is showing an upward trend. Most of these cases are of posting defamatory or obscene matter or images on various social media websites.

For instance, Facebook users are experiencing attacks from hackers and morphed images having pornographic contents are being uploaded on Facebook accounts without the knowledge of actual users. Cases related to account hacking, morphed photographs and data laundering are very common these days.

Many crimes related to social networking sites involving personation, defamation and anti-national activities have been reported recently. Data collected by the National Crime Records Bureau shows that in cities like Bangalore, those between 30 and 45 years of age are involved more in cyber crimes than youngsters. The bureau records suggest that most cyber offences are for illegal gain, eve-teasing and harassment.

We have no dedicated social media laws in India although guidelines for social media contents monitoring in India may be prescribed. Although we have a cyber law in India in the form of information technology act 2000 (IT Act 2000) yet we have no dedicated social networking laws in India. The cyber law for social media in India needs to be strengthened further keeping in mind a balance between civil liberties and law enforcement requirements.

Human rights protection in cyberspace in India is also required to be considered by Indian government. Presently, protecting civil liberties protection in Indian cyberspace is not a priority for India and this is a serious problem.

For instance, till now we have no social media policy in India. Even we do not have dedicated social networking laws in India that can take care of the misuses of social platforms. However, the framework and guidelines for use of social media for government organisations has been recently suggested by department of information technology. Theses guidelines provide an Indian social media framework for governmental departments and organisations that employees of these organisations must follow.

Social media is considered to be an Internet intermediary as per Indian cyber law. The recent controversy of Internet censorship in India has once again reiterated the importance of effective social media laws in India.

Cyber law due diligence in India has become very stringent. This applies to various fields and to multiple stakeholders. For instance, cyber due diligence for banks in India is now a well known requirement for banks in India. However, Internet intermediaries are the most widely covered stakeholders in this regard. Intermediaries liability for cyber law due diligence in India is really tough and they must take it very seriously. Similarly, social media users must have basic level awareness about cyber laws and cyber crimes. Many of these cyber crimes can be prevented if public awareness about the same is spread in India.

Thursday, December 8, 2011

Internet Intermediary Laws In India And Cyber Due Diligence

Cyber law due diligence in India has become very stringent. This applies to various fields and to multiple stakeholders. For instance, cyber due diligence for banks in India is now a well known requirement for banks in India. However, Internet intermediaries are the most widely covered stakeholders in this regard. Intermediaries liability for cyber law due diligence in India is really tough.

In absence of a clear cut Internet intermediary law in India, Indian government is indulging in Internet censorship in India. Stringent directions are frequently issued to Internet intermediaries under the rules of information technology act 2000. This occasionally results in censorship of Internet in India. Further, Indian government is now openly acknowledging surveillance of Internet traffic in India.

E-surveillance in India and surveillance of Internet traffic in India have increased to a considerable limit that now requires judicial scrutiny. Censorship of Internet in India should be challenged as soon as possible in the larger interests of Indian Internet users.

Recently Internet intermediaries in India have been asked to pre screen contents before they are posted on their websites. India wants companies like Google and Facebook to censor users’ contents before they are posted.

In fact, Yahoo has filed a petition raising the questions regarding the right to privacy of a company that stores sensitive data of its customers and users and to what extent authorities can coerce it to part with the information considered necessary to either track terror perpetrators or thwart future attacks.

The Google’s outcry for lack of Internet intermediary law in India is another example of growing dissatisfaction towards Indian cyber laws, especially Internet intermediary laws of India. Time has come for Indian government to address the issues of enacting sound and effective Internet intermediary laws in India and cyber due diligence requirements for internet intermediaries in India.

Monday, December 5, 2011

Internet Intermediaries In India Asked To Pre Screen Contents

When information technology act 2000, the sole cyber law of India, was amended through the information technology amendment act 2008, very few people opposed the same. The provisions of the proposed IT Act 2008 were draconian and without constitutional and procedural safeguards. This is the reason why self defense mechanisms against state were also advocated to counter illegal and unconstitutional e-surveillance and internet censorship.

However, commercial enterprises and internet intermediaries silently accepted the amendments without realising its far reaching consequences. Now e-surveillance in India has become a big nuisance for intermediaries like internet service providers (ISPs), e-commerce sites, search engines, e-mail providers, etc. The liability of Internet intermediaries for copyright violations would also create problem for intermediaries in India.

Intermediaries liability for cyber law due diligence in India has become very stringent after the IT Act 2008. The IT Act 2000 now carries many e-surveillance, websites blocking and Internet censorship provisions and Indian government is openly using these provisions without following the constitutional requirements.

Recently, through a petition, Yahoo has raised questions regarding the right to privacy of a company that stores sensitive data of its customers and users and to what extent authorities can coerce it to part with the information considered necessary to either track terror perpetrators or thwart future attacks.

The matter must also be looked from another angle. Human rights protections in cyberspace in India are not safeguarded at all. Even at the international level United Nations has not shown much interest in protecting civil liberties in cyberspace. The data privacy laws in India are also missing. In short, there is complete negation of human rights in cyberspace in the Indian context.

Now the Indian government has asked Internet companies like Google, Microsoft, Yahoo and social media sites like Facebook to prescreen user content from India and to remove disparaging, inflammatory or defamatory content before it goes online. Top officials from the Indian units of Google, Microsoft, Yahoo and Facebook have met with Kapil Sibal in this regard.

Kapil Sibal has told them that he expected them to use human beings to screen content instead of the automated technology. However, these companies believe that his demand is impossible to fulfill keeping in mind the nature of internet and user generated contents. Let us see how things would take shape in this regard.

Constitutional Phone Tapping Law In India Is Needed

Phone tapping in India is regulated by outdated and ancient law known as Indian Telegraph Act 1885 and corresponding rules there under. As per section 5 of the telegraph act, the central government or state government is empowered to order interception of messages. Rule 419 and 419A sets out the procedure of interception and monitoring of telephone messages.

As per Rule 428 of the India telegraphic rules, no person without the sanction of the telegraph authority, use any telephone or cause or suffer it to be used, purposes other than the establishment of local or trunk calls.

However, in practice whatever little safeguards provided by the act are seldom followed. Phone tapping by private individuals in India is rampant and even governmental phone tapping is unaccountable. We have no constitutionally sound lawful interception law in India. Even the Home Ministry of India is considering enactment of a lawful Interception Law in India.

It is suffice to say that this unconstitutional phone tapping in India and illegal e-surveillance in India is a “constitutional failure of India”. India urgently needs a valid phone tapping law. The central monitoring system project of India (CMS Project of India) is also not supported by any legal framework.

This is the real problem for the CMS Project of India. We have no dedicated privacy laws in India, data security laws in India and data protection laws in India. Further, the CMS Project of India is also beyond the “parliamentary scrutiny”.

Further, we have no e-surveillance policy in India. Even phone tapping in India is done in an “unconstitutional manner” and even by private individuals with or without governmental approval.

Recently even the Supreme Court of India took a serious note of the growing and blatant incidences of privacy violation in India by Indian government and private individuals/companies supported by it. Supreme Court went upto the extent of saying that no person living in India is safe from privacy violations and omnipresent forgeries prevalent in India.

The present practice of Indian government regarding phone tapping, e-surveillance and e-interceptions is far from being legal and constitutional. India urgently needs a constitutionally sound lawful interception law. Let us hope the Supreme Court would bring some order in the otherwise chaosed banana republic of India.

Sunday, December 4, 2011

E-Courts In India Must Be Expedited

Pendencies of cases in Indian courts are normal phenomenon these days. Delay in resolution of disputes adversely affects the confidence of business community and international investors. While traditional litigation system of India cannot be reformed overnight yet effective steps in this direction must be urgently taken.

Technology can be a viable option for resolving judicial problems in India. For instance online dispute resolution (ODR) mechanism can be effectively used to resolve many disputes in an online environment. Similarly, e-courts in India can be established to reduce corruption and irregularities of Indian judicial system.

There is no second opinion that e-courts in India needed. However, establishment of e-courts in India is still a dream as e-courts project of India has failed to provide the necessary impetus in this regard. There are many reasons why e-courts in India failed to take off. The chief among them is the absence of necessary expertise to manage and implement e-courts project of India.

For instance, we have a single techno legal e-courts training and consultancy centre in India. It is managed by Perry4Law Techno Legal Base (PTLB). We need more such specialised institutions to successfully manage the e-courts project of India.

Recently on the occasion of Law Day, Union law minister Salman Khurshid shared his desire for making court proceedings paperless. He asked whether Indian Supreme Court can be paperless. Citing the example of Brazil he stressed that India needs to move in that direction as well.

The idea is good provided India has necessary expertise and will to implement the e-court project of India. Presently that seems to be missing and this make the paperless court a distant dream in India.

Thursday, November 24, 2011

Online Dispute Resolution And International Response

Online dispute resolution (ODR) is growingly seen as an effective alternative dispute resolution mechanism world over. Traditional litigation methods are time consuming, expensive and unproductive. ODR is not only speedier but is also economical and effective.

Online dispute resolution in India is still in its infancy stage. This is so because even the alternative dispute resolution in India is not free from troubles and procedural formalities.

However, success of ODR in India is still doubtful. To be successful, ODR in India needs urgent rejuvenation. This has happened because legal enablement of ICT systems in India is missing. ADR and ODR services in India are still evolving. There are very few ODR service providers in India.

Naturally, online dispute resolution services in India are still evolving. We have very few online dispute resolution centers in India. Further, Perry4Law Techno Legal Base (PTLB) is the sole techno legal ADR and ODR services provider in India.

Techno legal ODR services have become necessary due to growing use of information technology for business and commercial purposes world over. For instance, ODR and cross border e-commerce transactions are also interrelated. Similar is the case regarding dispute resolution of cross border technology transactions.

Similarly Online dispute resolution in Asia is still evolving. Online dispute resolution in Asian countries is largely confined to a single or two countries that also to a limited extent. Clearly online dispute resolution standards of practice for India and Asia need to be developed urgently.

However, nothing can strengthen ODR more than international efforts and international coordination activities. International legal standards for online dispute resolution (ODR) and international harmonisation of ODR is urgently required.

United Nations can play am important role in international development and international harmonisation of ODR. United Nations and online dispute resolution are closely related in this regard. In fact, UNCITRAL, ODR and India are interconnected.

Thus, it is clear that whether it is India, Asia, Europe, United States or any other international country or territory, ODR would play a very important role in effective, economical and speedier dispute resolution. Of course, United Nations has to play a more pro active role in this regard at the international level.

Wednesday, November 23, 2011

Cyber Security Of Automated Power Grids Of India

Power sector reforms in India are in the pipeline. Among many suggested measures, some of them pertain to use of automated systems through IT intervention for sustained collection of accurate baseline data and automation of some electricity functions. The idea is good but is not free from problems like lack of expertise and inadequate cyber security in India.

Malware like Stuxnet and Duqu have already proved that critical infrastructures like power grids, nuclear facilities, satellites, defense networks, governmental informatics infrastructures, etc are vulnerable to sophisticated cyber attacks.

In the Indian context, the critical infrastructure protection of India is not in good shape. There is neither an implementable cyber security policy of India nor there is any critical ICT infrastructure protection policy of India.

In these circumstances, use of automated power grids in India should be undertaken only after making cyber security of India robust, reliable and effective. For instance, the supervisory control and data acquisition (SCADA) systems are used world over for managing automated water utilities and power grids. However, successful cyber attacks against these SCADA systems have result in great loss and productivity of these utilities.

SCADA may be the new cyber attack priority for cyber criminals and rouge nations. We must ensure sufficient cyber protection of SCADA systems in India in general and critical infrastructure in particular.

Consider a real life situation in India. The Restructured Accelerated Power Development and Reform Programme (R-APDRP) of UT electricity department will soon be implemented as the Joint Electricity Regulatory Commission ( JERC) has accorded its approval to the department for availing the funds from the central government through the Power Finance Corporation (PFC). These funds will be used towards the implementation of Part-A of R-APDRP scheme for creation of reliable and automated systems with IT intervention for sustained collection of accurate baseline data.

R-APDRP will have projects which would be undertaken in two parts - part A and part B. Part-A includes the projects for establishment of baseline data and IT applications for energy accounting/auditing and setting up IT based consumer service centres. Part-B shall include regular distribution strengthening projects. Part-A also covers SCADA implementation which facilitates centralised control of power supply position in Chandigarh. PFC has been appointed as a nodal agency for this Central Government funded scheme.

If cyber security aspects of automated electricity grids in India are taken care of, this e-governance drive would prove very useful and productive for power sector of India. We hope Indian government would consider all these aspects for the larger interest of power industry of India.

Sunday, November 20, 2011

Cyber Security Of Indian Satellites And Critical Infrastructure

We are living in a technology era where technology is both a friend and foe. It is up to us to work in this direction and ensure on which side technology should be. If technology is used for delivery of public services, we have the benefits of concepts like e-governance and e-commerce. On the other hand if the technology is used for causing wrong or harm to others we face concepts like cyber crimes, cyber attacks, cyber warfare and cyber terrorism.

Cyber warfare, in its basic form as well, is now a well accepted cyber threat. Cyber warfare against India is also well known and we must formulate a cyber warfare policy for India to counter such threats. Indian defense and security against cyber warfare needs to be upgraded and strengthened.

Similarly, terrorism and cyber terrorism are also posing big security problems for India. Indian counter terrorism capabilities are not sufficient and there is an urgent need to strengthen the same. Similarly, cyber espionage and cyber terrorism against India is also well known.

To start with we must have a robust and effective cyber security in India. We must also have an implementable cyber security policy of India. The cyber security policy must keep in mind both the preventive as well as offensive cyber attacks and cyber defense capabilities.

Critical infrastructure protection in India needs to be undertaken on a priority basis. We must have a critical infrastructure protection policy of India that must be strenuously followed by all governmental departments, organisations and even by private service providers.

For instance, supervisory control and data acquisition (SCADA) systems are a favourite target for cyber criminals and cyber terrorists. By targeting SCADA these cyber miscreants can damage the critical infrastructure of India. We must ensure sufficient cyber protection of SCADA systems in India in general and critical infrastructure in particular.

Malware like Stuxnet and Duqu have already shown how critical infrastructures and SCADA systems are vulnerable to cyber attacks. Indian critical infrastructures have also been targeted by these Malware. It is believed that Stuxnet was responsible for shutting down an Indian communication satellite. Similarly, these Malware have also been targeting Indian nuclear systems and facilities.

Even the government computers have been comprised successfully in India in the past. Recently Indian National Informatics Centre’s (NIC) server were compromised and used to attack computers of other nations. Even satellites of various nations have been compromised and taken control of by terrorists and enemy nations.

These developments are serious enough and they must be sufficient for Indian government to formulate an implementable cyberspace crisis management plan of India. Of course, national security policy of India, cyber security policy of India, critical infrastructure protection policy of India, cyber warfare policy of India, etc must be integral part of the same. The sooner these steps are taken the better it would be for the larger interest of India.

Thursday, November 17, 2011

India’s National Informatics Centre Servers Compromised

Attacking and compromising the servers located in various countries has become a common practice for cyber criminals. By compromising the servers of various nations, these cyber criminals can launch general and sophisticated cyber attacks, without much chances of their identity being known to the victim individuals, organisations and nations.

Cyberspace is boundary less and it is very difficult to prevent cyber attacks from different jurisdictions. Essentially cyber security is an international aspect that must be dealt with at the international level. An international cyber security cooperation and treaty is required that can take care of various issues like cyber attacks, cyber warfare, cyber terrorism, cyber espionage, etc.

For instance, even if a cyber attack can be located to a particular jurisdiction, “attributing” the same to a single individual or organisation/nation is really difficult. This means we cannot pinpoint with absolute certainty that a particular nation is behind a particular cyber attack. This raises a very complicated jurisdictional and attribution problem.

The starting point to gather sufficient information pertaining to cyber attacks existing simultaneously at various jurisdictions is to have an internationally acceptable cyber security cooperation. An internationally acceptable cyber crimes/law treaty is also required in this regard.

Cyber attacks against India as well as from India are increasing. For instance, the servers of the Indian National Informatics Centre (NIC) have been attacked and compromised successfully in recent months and were used to launch attacks on countries including China.

Indian critical infrastructure protection is already in bad shape. Further, we also do not have any critical ICT infrastructure protection policy in India. Indian nuclear facilities are vulnerable to cyber attacks from Malware like Stuxnet. It is also believed that Stuxnet was also responsible for the destruction of an Indian broadcasting satellite.

India is already investigation the Duqu Malware that used the command and control servers located in India. Fortunately Stuxnet virus removal tools and Duqu virus removal tools are already available free of cost that can be used to test various systems for these Malware. Perhaps time has come for a cyber command and control authority of India that can take care of these cyber threats.

Saturday, November 12, 2011

Turf War In India Is Compromising Indian National Security

Indian national security is vulnerable from many angles and regarding many aspects. Whether it is internal security, external security, cyber security, anti terrorism capabilities, etc, India has to cover a long gap before Indian national security can be considered to be robust and effective.

It is not the case that India has not tried to work in this direction. But almost all the initiatives undertaken in this regard have either created multiple authorities and systems or they have been stalled for one reason or another.

For instance, Indian government launched projects like Aadhar, national intelligence grid (Natgrid), crime and criminal tracking network and systems (CCTNS), national counter terrorism centre (NCTC), central monitoring system (CMS), centre for communication security research and monitoring (CCSRM), etc. None of them are governed by any legal framework and none of them are under parliamentary scrutiny.

Similarly, a majority of these projects are simply overlapping with one another. They are supported by different ministries and departments of Indian government and their main purpose is to serve the concerned ministry or department alone. This has resulted in the emergence of a turf war between these ministries and departments.

For instance, while projects like NCTC, Natgrid, etc are essential for national security of India yet both Natgrid and NCTC have already been downsized. Turf war is preventing various ministries and departments in cooperating and collaborating various national security related projects.

For instance, the intelligence bureau (IB) director Nehchal Sandhu is not keen on the Natgrid and NCTC initiatives of home minister of India P. Chidambaram. Sandhu believes the two will dilute the IB’s vast charter.

A few days after the Delhi blasts in September this year, Sandhu shot off a missive to his senior-most officers seeking concrete suggestions on how to improve the agency’s counter-terrorism efforts. He was worried that the IB had failed to anticipate the terror attacks. More so, after Chidambaram admitted that “there was no prior intelligence” available.

Sandhu views NATGRID with suspicion. According to senior officials, NATGRID would be a major encroachment on the IB’s established terrain and also put fetters on its free access to sensitive data such as phone call records, intercepted emails, financial data, etc., that the agency currently enjoys complete access to. NATGRID will place elaborate protocols in place that seeks authentication of those who seek the information and also bars them from seeking anything that is beyond the set parameters.

It is high time to consider national interest first rather than own self interests that are jeoparadising the national security of India.

Indian Counter Terrorism Capabilities Needs Rejuvenation

Terrorism is a serious problem for India and so far Indian counter terrorism responses are far from satisfactory. Whether it is traditional terrorism or cyber terrorism, India is lagging far behind. Unfortunately, a tragedy is always needed in India to wake up Indian government temporarily.

Once the tragedy is over, the concerns for national security and cyber security also subsides. On the contrary, in the name of national security and cyber security, corruption, myopic vision and e-surveillance are the only chosen options by Indian government. If you add the fact of turf war between various Indian ministries and departments, the chaotic picture of Indian national security in general and counter terrorism capabilities in particular emerges very clearly.

There is no second opinion about the fact that intelligence gathering is an essential part of national security of India. However, intelligence gathering skills developments in India are far from satisfactory. Naturally, India cannot fight with terrorism and cyber attacks with the present intelligence infrastructure of India. The present intelligence infrastructure of India is in big mess.

The intelligence infrastructure of India needs urgent rejuvenation. It is high time to move away from mere lips services and political statements and to move ahead in the direction of developing counter terrorism capabilities. We have an obvious but unresolvable terrorism dilemma in India.

With the growing use of social media by cyber criminals and terrorists, the intelligence agencies world over are engaging in open source intelligence through these social media and platforms.

Indian intelligence agencies must develop not only open source intelligence capabilities in India but they must also learn how to deal with highly sophisticated encryption usages. By limiting their capabilities to a weak encryption usage limited 40 bits encryption alone, this aim is absolutely frustrated. We must formulate a well drafted encryption policy of India that covers all the possible uses and prevention of the abuses of encryption.

India has been ignoring all these issues for many decades. It is high time to think about these issues and do some actual and hard core work in this regard.

Friday, November 11, 2011

Free Stuxnet Malware Removal Toolkits And Software

Stuxnet and Duqu Malware have shown the vulnerabilities of our critical infrastructures. Critical infrastructure protection in India is also required to be analysed from the point of view of these sophisticated Malware. In fact, we must urgently formulate a critical ICT infrastructure protection policy of India.

While the destruction of an Indian broadcasting satellite by Stuxnet Malware is still a mystery yet India is investigating Duqu Malware that had a command and control server in India. Meanwhile, open source Duqu Malware removal toolkits and software have also been released by the open source community.

Undoubtedly, Stuxnet is the most sophisticated Malware that has come to notice so far. There are few good tools and software that can be used to deal with Stuxnet Malware. They can be used for a specific purpose or for checking the entire computer system.

These tools and software are providing curative protection against Stuxnet Malware in the following forms:

(1) Computer: The Stuxnet Removal Tool can be used to scan an entire computer for Stuxnet Malware.

(2) USB: The Stuxnet Remover for USB can be used for analysing a USB for Stuxnet infection.

(3) LNK Shortcut: Stuxnet also utilises the shortcut vulnerabilities of various versions of Windows operating systems. Microsoft has released Microsoft Fix it tools to fix this vulnerability. For Microsoft Fix it to disable .LNK and .PIF file functionality you can use this tool. If you want to disable workaround offered by Fix it than use this tool. You need to restart your computer after using this workaround to take affect on your computer. Another good tool is the Sophos Windows Shortcut Exploit Protection tool to block Stuxnet rootkit from exploiting LNK Shortcut vulnerability in all versions of Windows.

It is worth while to give these tools and software a try.

Thursday, November 10, 2011

Open Source Duqu Malware Removal Toolkits And Software

Stuxnet and Duqu Malware have started a new wave of cyber crimes and cyber attacks. They are sophisticated Malware that cannot be a task of random or average skilled cracker or cyber criminal. These Malware have been written by very sophisticated Malware writers.

Stuxnet and Duqu Malware have also affected Indian computer systems. For instance, it is believed that the Stuxnet Malware was responsible for destroying an Indian broadcasting satellite. Similarly, the command and control server of the Duqu Malware was also traced to India.

While India is presently investigating the Duqu Malware yet it is clear that Indian nuclear facilities may not be cyber secure. There is an urgent need on the part of India to strengthen its cyber security capabilities in general and cyber warfare capabilities in particular. In US, the Defense Advanced Projects Research Agency (DARPA) has been working hard to develop its cyber capabilities.

While India has not yet come up with solutions to fight Malware like Stuxnet and Duqu yet open source community has done a good job. A new scanning tool has been released by engineers at independent security testing firm NSS Labs that can be used to detect Duqu drivers installed on a system. The tool was developed with the goal of discovering any additional drivers and enable researchers to learn more about the functionality, capabilities and ultimate purpose of the Duqu Malware.

Similarly, the Laboratory of Cryptography and System Security (CrySyS) in Hungary has released an open-source toolkit that can find traces of Duqu infections on computer networks. It contains signature- and heuristics-based methods that can find traces of Duqu infections where components of the Malware are already removed from the system. Duqu deactivates after a time limit and removes itself from the computer, but some temporary files could still indicate that the computer was affected by a former Duqu infection. The toolkit might identify these traces.

If you wish to analyse your computer or network for Duqu Malware, it is worth giving these tools a try.

Wednesday, November 9, 2011

Is Ultra Surf Providing Anonymous Surfing And Ensuring Cyber Security?

Privacy and anonymity are very important aspects of protecting civil liberties in cyberspace. They also strengthen cyber security to some extent. However, maintaining good level of privacy, anonymity and cyber security has become a daunting challenge these days.

Further, endemic e-surveillance and blatant privacy violations have become the norm theses days. Even the United Nations (UN) has not been able to control the growing desires and adopted designs of various national governments to curb privacy and anonymity rights of their citizens.

For instance, Indian Government launched projects like Aadhar, national intelligence grid (Natgrid), crime and criminal tracking network and systems (CCTNS), national counter terrorism centre (NCTC), central monitoring system (CMS), centre for communication security research and monitoring (CCSRM), etc. None of them are governed by any legal framework and none of them are under parliamentary scrutiny.

India needs strong privacy rights and anonymity protection in these circumstances. Self defence in cyberspace is a concept whose time has come at both national and international level. At the national level of India self defence is required not only against cyber criminals but also against our own over zealous and e-surveillance oriented Indian government. Proactive self defence in cyberspace against our own governments has become a necessity. Of course there is a limit where self defence in cyberspace ceases to exist.

When it comes to anonymity, the onion routing (Tor) is the universal standard. However, there are certain extra steps that Tor users must take to get maximum benefit our of Tor infrastructure. If used properly, ToR can provide good levels of privacy, anonymity and cyber security.

Another good tool for maintaining privacy is ultra surf. Ultrasurf is a product of Ultrareach Internet Corporation. Originally created to help internet users in China find security and freedom online, Ultrasurf has now become popular pro-privacy, anti-censorship software, with millions of people using it to bypass firewalls and protect their identity online.

However, for some strange reasons ultra surf is not working fine for us as it is leaking our internet protocol address even after we use it properly. While some sites show the IP address of ultra surf yet some other show the real IP address. If real IP address is visible, there is little use of any privacy/anonymity software.

We also sent an e-mail to ultra surf in this regard and till the time of writing this article we did not get any response. May be our analysis is wrong and we apologise in advance for any misunderstanding or wrong reporting. We would appreciate the inputs of public at large and encourage them to use any search engine with suitable query, including what is my IP. If the search engine shows the real IP address, ultra surf need to do some serious work in this regard.

Privacy and anonymity is also necessary to enhance cyber security as many cyber attacks are specifically linked to IP address. If a different IP address is publicly available that can reduce the risks of many cyber attacks.

We hope anonymity, privacy and security enthusiastic would enlighten us with their correct, accurate and technical analysis and inputs in this regard.