31 Mar 2012

Is Cloud Computing A Viable Solution In India?

Cloud computing has been projected as an essential requirement in India these days. However, this assertion fails to mention that cloud computing in India is legally risky. The rush for use of cloud computing in India has also ignored the analysis whether cloud computing is a viable solution in India or not.

Cloud computing to be viable and sustainable must be supported by many elements including a sound regulatory framework for the same. Till now we have no dedicated regulatory framework for cloud computing in India. In fact, we have no legal framework for cloud computing in India at all.

As per the recent research and studies of Perry4Law and Perry4Law Techno Legal Base (PTLB), cloud computing in India is risky and India is not ready for cloud computing. This conclusion of Perry4Law and PTLB has been endorsed by other companies and it has been reported that chief information officers (CIOs) in India are not comfortable using cloud computing in India.

Absence of an effective cloud computing policy of India is responsible for limited utilisation of cloud computing in India. However, legal issues of cloud computing in India are the main reason for cautious adoption of cloud computing in India.

Further, India is a country that has weak privacy, data protection and data security laws. India is also infamous for its e-surveillance and eavesdropping exercises without any constitutional laws backing the same. Phone tapping in India is not done in a strictly constitutional manner and we also lack a lawful interception law in India.

With the information technology amendment act, 2008 (IT Act 2008), the cyber law of India has been amended and this has also made it vulnerable to constitutionality attacks. With projects like national intelligence grid (Natgrid), crime and criminal tracking network and systems (CCTNS), central monitoring system (CMS), etc e-surveillance in India has reached its zenith.

In this background we have to analyse the use of cloud computing in India. Cloud computing in India cannot succeed till we have trust in the service provider. We cannot trust a service provider who can be forced to disclose even the most sensitive information and data without a court order.

In India a mere order from the Indian government or its agencies is enough for the service provider to share sensitive information. There is no judicial scrutiny of a warrant that is absolutely required in these circumstances. So you cannot be even sure what government agencies are looking at and what information they are taking from the service provider.

Any business model must essentially balance profit motives and risks associated with the business. Similarly, the users of cloud computing services must ensure that the convenience of software as a service (SASS) and cloud computing is much greater than the risks of data leakages and manipulations.

Till now the legal opinion is weighting against the use of cloud computing and SAAS in governmental departments and for governmental projects. Without a conducive legal framework, user’s data in India is not safe. Let us create a conducive commercial and legal environment before we jump upon cloud computing wagon.

26 Mar 2012

Telenor Searching For New Telecom Partner In India

Uninor is a joint venture partnership between Norwegian Telenor and real estate company Unitech. It has been witnessing many ups and downs in the recent past and is trying its level best to get the best out of this situation.

Telenor is now planning to make a new beginning in India by entering into a joint venture or other association with a new partner in India. Telenor has already short listed some potential companies and partners in this regard and is in the process of finalisation of the same.

Telenor is also in the process of starting a new company in India and it has already filed a Foreign Investment Promotion Board (FIPB) application. The strategy of Telenor in this regard is very simple. It would first find a solution with the current partner Unitech and would then find a suitable new partner.

Telenor is planning to sort out all differences and problems before applying for the new licence. Once that is done a new partner would be inducted and assets from the Uninor would be transferred to the newly formulated company.

Meanwhile Unitech has approached the Company Law Board (CLB) seeking arbitration in the dispute. But Telenor has been planning to oppose this move of Unitech on Monday (26-03-2012). It also means that Telenor has rejected Unitech's proposal for payment of about $150 million to Unitech to exit the JV and sell its 32.7% stake in Uninor to Telenor.

Unitech had made this proposal after the Company Law Board had asked it to decide by March 19 if it wanted to buy out the 67.25% stake held by Norway's Telenor or exit their joint venture. However, Telenor and Unitech have failed to reach at a consensus in this regard so far.

Last month, Telenor's CEO Jon Fredrik Baksaas had declared that Telenor was not interested in buying out the minority stake held by Unitech and wanted to make a fresh start with a new partner.

22 Mar 2012

Cyber Due Diligence For Paypal And Online Payment Transferors In India

Online payment management in India has become a very lucrative business. The main reason for the same is the recent growth of e-commerce in India. Further, although cash on delivery is the premier mode of payment in India for e-commerce transactions yet a gradual shift to cashless and online payments is happening in India.

For instance, Internet banking guidelines in India by Reserve Bank of India (RBI) have been issued more than a decade ago. Similarly, an integrated banking system of India is in pipeline. Thus, the banking, financial and regulatory environment in India is changing and it is moving towards Internet banking, online payments and e-banking.

However, online shopping in India has certain legal and cyber security issues to be taken care of. For instance, cyber law due diligence in India is an area that e-commerce and online payment players must take care of. Cyber law due diligence for Indian companies is one of the most frequently litigated aspect in India. Lack of cyber law awareness and cyber due diligence awareness is the main reason that many websites and companies have been recently prosecuted in India.

Recently it has been reported that PayPal is planning to expand its domestic presence in Asia, where it has up to now been used mainly for international payments. PayPal is particularly eyeing upon markets of India and China that have huge potentials. PayPal has already applied for a license to work domestically in China and it also plans to do so in India with an eye toward entering Indian market next year. PayPal may also explore and establish mobile-payment system that is in great demand these days.

Even healthcare and pharmaceutical companies are exploring use of e-commerce for increasing their customers and profits. Many pharmaceutical companies are exploring digital communication channels for drugs and healthcare products in India.

E-commerce stakeholders, including online payment players, are required to comply with techno legal requirements in order to do their business legally and effectively. Further, we need dedicated e-commerce laws in India that can cover various techno legal and due diligence aspects. Till clear cut liabilities and rights are demarcated, it is advisable to stay on the side of legal compliance.

20 Mar 2012

The Banking, Financial And Regulatory Environment In India

E-commerce in India is flourishing and many business houses and companies are investing in various forms of e-commerce commercial activities in India. However, a majority of e-commerce payments are still made in an offline manner. The cash on delivery may harm e-commerce in India in the long run. A shift toward online payments is not only desirable but is also inevitable. In fact, an integrated modern banking law for India is in pipeline that may strengthen online payments making in India.

So what is the present techno legal banking, financial and regulatory environment prevailing in India? Perry4Law and Perry4Law Techno Legal Base (PTLB) have compiled a list of their important research works pertaining to banking and financial environment existing in India. The following articles are worth considering in this regard:

(1) Internet Banking Guidelines in India by RBI

(2) National Telecom Policy 2012 of India by TRAI

(3) Compounding Authority Procedure under Indian FEMA Act 1999

(4) Procedure for Compounding of Contraventions under Indian FEMA, 1999

(5) RBI Delegates Compounding Powers under FEMA to Its Regional Offices

(6) Compounding Of Contraventions under FEMA, 1999

(7) Banking Related Mergers and Acquisitions (M&As) in India

(8) Banks in India Are Not Providing Positive Confirmations of NEFT Transactions

(9) National Electronic Funds Transfer (NEFT) System of India: RBI Guidelines

(10) Mobile Banking Transactions in India - Operative Guidelines for Banks by RBI

(11) Enhanced Due Diligence Measures by Banks of India for Higher Risk Customers

(12) ECB for MFIs and NGOs Engaged In Micro Finance Activities under Automatic Route in India

(13) MFIs In India Allowed To Raise ECBs Up To USD 10 Million

(14) SEBI Contemplating Electronic Initial Public Offer (E-IPO) In India

(15) SEBI Guidelines on Outsourcing of Activities by Intermediaries

(16) RBI: Indian Banks’ Investments in Non Subsidiary and Non Financial Services Companies

(17) Risk Management and Inter Bank Dealings in India

When the e-commerce activities would increase in India, online payment would be the preferred mode of payment by online consumers and customers. This is the reason why companies like PayPal are planning to enter Chinese and Indian online payment markets.

Similarly, with a growing emphasis upon electronic delivery of services in India by Indian government, online payment market of India becomes a good place to make huge profits.

However, both e-commerce players and online payment players are required to ensure cyber law due diligence in India. The cyber law due diligence for Indian companies is very stringent and there is no reason to take it lightly. In fact, cyber due diligence for foreign and Indian websites in India is an issue that is frequently agitated before Indian courts. Further, legal requirements of undertaking e-commerce in India must also be strictly followed.

Perry4Law and PTLB hope this compilation of research works pertaining to banking, financial and regulatory environment existing in India would be helpful to all concerned. We wish all the best to all e-commerce and online payment handling companies and institutions.

19 Mar 2012

Internet Banking Guidelines In India By RBI

Internet banking is all set for a big growth in India. With increasing emphasis upon e-governance and e-commerce, Internet banking in India would be used more frequently. However, along with the benefits of use of Internet banking, the cyber crimes and financial fraud risks are also increasing.

Cyber security of banks in India is still not given a priority. Banks are not interested in ensuring cyber security of electronic transactions. Even the recommendations of Reserve Bank of India (RBI) to ensure cyber security, appointment of chief information officers (CIOs), establishing a steering committee at board level, etc have remained unfulfilled. Even RBI has warned banks for inadequate cyber security.

As per the notification number DBOD.COMP.BC.No.130/ 07.03.23/ 2000-01 of RBI, issued on 14th June 2001, RBI has issued the following guidelines to be implemented by banks in India regarding Internet banking:

(1) Technology And Security Standards:

(a) Banks should designate a network and database administrator with clearly defined roles as indicated in the Group’s report. (Para 6.2.4)

(b) Banks should have a security policy duly approved by the Board of Directors. There should be a segregation of duty of Security Officer / Group dealing exclusively with information systems security and Information Technology Division which actually implements the computer systems. Further, Information Systems Auditor will audit the information systems. (Para 6.3.10, 6.4.1)

(c) Banks should introduce logical access controls to data, systems, application software, utilities, telecommunication lines, libraries, system software, etc. Logical access control techniques may include user-ids, passwords, smart cards or other biometric technologies. (Para 6.4.2)

(d) At the minimum, banks should use the proxy server type of firewall so that there is no direct connection between the Internet and the bank’s system. It facilitates a high level of control and in-depth monitoring using logging and auditing tools. For sensitive systems, a stateful inspection firewall is recommended which thoroughly inspects all packets of information, and past and present transactions are compared. These generally include a real time security alert. (Para 6.4.3)

(e) All the systems supporting dial up services through modem on the same LAN as the application server should be isolated to prevent intrusions into the network as this may bypass the proxy server. (Para 6.4.4)

(f) PKI (Public Key Infrastructure) is the most favoured technology for secure Internet banking services. However, as it is not yet commonly available, banks should use the following alternative system during the transition, until the PKI is put in place:

(i) Usage of SSL (Secured Socket Layer), which ensures server authentication and use of client side certificates issued by the banks themselves using a Certificate Server.

(ii) The use of at least 128-bit SSL for securing browser to web server communications and, in addition, encryption of sensitive data like passwords in transit within the enterprise itself. (Para 6.4.5)

(g) It is also recommended that all unnecessary services on the application server such as FTP (File Transfer Protocol), telnet should be disabled. The application server should be isolated from the e-mail server. (Para 6.4.6)

(h) All computer accesses, including messages received, should be logged. Security violations (suspected or attempted) should be reported and follow up action taken should be kept in mind while framing future policy. Banks should acquire tools for monitoring systems and the networks against intrusions and attacks. These tools should be used regularly to avoid security breaches. The banks should review their security infrastructure and security policies regularly and optimize them in the light of their own experiences and changing technologies. They should educate their security personnel and also the end-users on a continuous basis. (Para 6.4.7, 6.4.11, 6.4.12)

(i) The information security officer and the information system auditor should undertake periodic penetration tests of the system, which should include:

(i) Attempting to guess passwords using password-cracking tools.

(ii) Search for back door traps in the programs.

(iii) Attempt to overload the system using DDoS (Distributed Denial of Service) & DoS (Denial of Service) attacks.

(iv) Check if commonly known holes in the software, especially the browser and the e-mail software exist.

(v) The penetration testing may also be carried out by engaging outside experts (often called ‘Ethical Hackers’). (Para 6.4.8)

(j) Physical access controls should be strictly enforced. Physical security should cover all the information systems and sites where they are housed, both against internal and external threats. (Para 6.4.9)

(k) Banks should have proper infrastructure and schedules for backing up data. The backed-up data should be periodically tested to ensure recovery without loss of transactions in a time frame as given out in the bank’s security policy. Business continuity should be ensured by setting up disaster recovery sites. These facilities should also be tested periodically. (Para 6.4.10)

(l) All applications of banks should have proper record keeping facilities for legal purposes. It may be necessary to keep all received and sent messages both in encrypted and decrypted form. (Para 6.4.13)

(m) Security infrastructure should be properly tested before using the systems and applications for normal operations. Banks should upgrade the systems by installing patches released by developers to remove bugs and loopholes, and upgrade to newer versions which give better security and control. (Para 6.4.15)

(2) Legal Issues:

(a) Considering the legal position prevalent, there is an obligation on the part of banks not only to establish the identity but also to make enquiries about integrity and reputation of the prospective customer. Therefore, even though request for opening account can be accepted over Internet, accounts should be opened only after proper introduction and physical verification of the identity of the customer. (Para 7.2.1)

(b) From a legal perspective, security procedure adopted by banks for authenticating users needs to be recognized by law as a substitute for signature. In India, the Information Technology Act, 2000, in Section 3(2) provides for a particular technology (viz., the asymmetric crypto system and hash function) as a means of authenticating electronic record. Any other method used by banks for authentication should be recognized as a source of legal risk. (Para 7.3.1)

(c) Under the present regime there is an obligation on banks to maintain secrecy and confidentiality of customers’ accounts. In the Internet banking scenario, the risk of banks not meeting the above obligation is high on account of several factors. Despite all reasonable precautions, banks may be exposed to enhanced risk of liability to customers on account of breach of secrecy, denial of service etc., because of hacking/ other technological failures. The banks should, therefore, institute adequate risk control measures to manage such risks. (Para 7.5.1-7.5.4)

(d) In Internet banking scenario there is very little scope for the banks to act on stop payment instructions from the customers. Hence, banks should clearly notify to the customers the timeframe and the circumstances in which any stop-payment instructions could be accepted. (Para 7.6.1)

(e) The Consumer Protection Act, 1986 defines the rights of consumers in India and is applicable to banking services as well. Currently, the rights and liabilities of customers availing of Internet banking services are being determined by bilateral agreements between the banks and customers. Considering the banking practice and rights enjoyed by customers in traditional banking, banks’ liability to the customers on account of unauthorized transfer through hacking, denial of service on account of technological failure etc. needs to be assessed and banks providing Internet banking should insure themselves against such risks. (Para 7.11.1)

(3) Regulatory And Supervisory Issues:

As recommended by the Group, the existing regulatory framework over banks will be extended to Internet banking also. In this regard, it is advised that:

(a) Only such banks which are licensed and supervised in India and have a physical presence in India will be permitted to offer Internet banking products to residents of India. Thus, both banks and virtual banks incorporated outside the country and having no physical presence in India will not, for the present, be permitted to offer Internet banking services to Indian residents.

(b) The products should be restricted to account holders only and should not be offered in other jurisdictions.

(c) The services should only include local currency products.

(d) The ‘in-out’ scenario where customers in cross border jurisdictions are offered banking services by Indian banks (or branches of foreign banks in India) and the ‘out-in’ scenario where Indian residents are offered banking services by banks operating in cross-border jurisdictions are generally not permitted and this approach will apply to Internet banking also. The existing exceptions for limited purposes under FEMA i.e. where resident Indians have been permitted to continue to maintain their accounts with overseas banks etc., will, however, be permitted.

(e) Overseas branches of Indian banks will be permitted to offer Internet banking services to their overseas customers subject to their satisfying, in addition to the host supervisor, the home supervisor.

Given the regulatory approach as above, banks are advised to follow the following instructions:

(a) All banks, who propose to offer transactional services on the Internet should obtain prior approval from RBI. Bank’s application for such permission should indicate its business plan, analysis of cost and benefit, operational arrangements like technology adopted, business partners, third party service providers and systems and control procedures the bank proposes to adopt for managing risks. The bank should also submit a security policy covering recommendations made in this circular and a certificate from an independent auditor that the minimum requirements prescribed have been met. After the initial approval the banks will be obliged to inform RBI any material changes in the services / products offered by them. (Para 8.4.1, 8.4.2)

(b) Banks will report to RBI every breach or failure of security systems and procedure and the latter, at its discretion, may decide to commission special audit/ inspection of such banks. (Para 8.4.3)

(c) The guidelines issued by RBI on ‘Risks and Controls in Computers and Telecommunications’ vide circular DBS.CO.ITC.BC. 10/ 31.09.001/ 97-98 dated 4th February 1998 will equally apply to Internet banking. The RBI as supervisor will cover the entire risks associated with electronic banking as a part of its regular inspections of banks. (Para 8.4.4, 8.4.5)

(d) Banks should develop outsourcing guidelines to manage risks arising out of third party service providers, such as, disruption in service, defective services and personnel of service providers gaining intimate knowledge of banks’ systems and misutilizing the same, etc., effectively. (Para 8.4.7)

(e) With the increasing popularity of e-commerce, it has become necessary to set up ‘Inter-bank Payment Gateways’ for settlement of such transactions. The protocol for transactions between the customer, the bank and the portal and the framework for setting up of payment gateways as recommended by the Group should be adopted. (Para 8.4.7, –

(f) Only institutions who are members of the cheque clearing system in the country will be permitted to participate in Inter-bank payment gateways for Internet payment. Each gateway must nominate a bank as the clearing bank to settle all transactions. Payments effected using credit cards, payments arising out of cross border e-commerce transactions and all intra-bank payments (i.e., transactions involving only one bank) should be excluded for settlement through an inter-bank payment gateway. (Para 8.4.7 )

(g) Inter-bank payment gateways must have capabilities for both net and gross settlement. All settlement should be intra-day and as far as possible, in real time.
(Para 8.4.7)

(h) Connectivity between the gateway and the computer system of the member bank should be achieved using a leased line network (not through Internet) with appropriate data encryption standard. All transactions must be authenticated. Once, the regulatory framework is in place, the transactions should be digitally certified by any licensed certifying agency. SSL / 128 bit encryption must be used as minimum level of security. Reserve Bank may get the security of the entire infrastructure both at the payment gateway’s end and the participating institutions’ end certified prior to making the facility available for customers use. (Para 8.4.7 )

(i) Bilateral contracts between the payee and payee’s bank, the participating banks and service provider and the banks themselves will form the legal basis for such transactions. The rights and obligations of each party must be clearly defined and should be valid in a court of law. (Para 8.4.7)

(j) Banks must make mandatory disclosures of risks, responsibilities and liabilities of the customers in doing business through Internet through a disclosure template. The banks should also provide their latest published financial results over the net. (Para 8.4.8)

(k) Hyperlinks from banks’ websites, often raise the issue of reputational risk. Such links should not mislead the customers into believing that banks sponsor any particular product or any business unrelated to banking. Hyperlinks from a banks’ websites should be confined to only those portals with which they have a payment arrangement or sites of their subsidiaries or principals. Hyperlinks to banks’ websites from other portals are normally meant for passing on information relating to purchases made by banks’ customers in the portal. Banks must follow the minimum recommended security precautions while dealing with request received from other websites, relating to customers’ purchases. (Para 8.4.9)

The Reserve Bank of India have decided that the Group’s recommendations as detailed in this circulars should be adopted by all banks offering Internet banking services, with immediate effect. Even though the recommendations have been made in the context of Internet banking, these are applicable, in general, to all forms of electronic banking and banks offering any form of electronic banking should adopt the same to the extent relevant.

All banks offering Internet banking are advised to make a review of their systems in the light of this circular and report to Reserve Bank the types of services offered, extent of their compliance with the recommendations, deviations and their proposal indicating a time frame for compliance. The first such report must reach us within one month from the date of this circular. Banks not offering any kind of I-banking may submit a ‘nil’ report.

Banks who are already offering any kind of transactional service are advised to report, in addition to those mentioned in paragraph above, their business models with projections of cost / benefits etc. and seek our post-facto approval.

12 Mar 2012

National Telecom Policy 2012 Of India By TRAI

National Telecom Policy of India 2011 was suggested in the past and now it has been revised by the Telecom Regulatory Authority of India (TRAI). The proposed National Telecom Policy 2012 of India is an improvement over the Policy suggested in 2011.

Perry4Law and Perry4Law Techno Legal Base (PTLB) provided its techno legal public inputs in this regard and many of them have been endorsed by TRAI.

Some of the suggestions of Perry4Law and PTLB that have been accepted by TRAI pertain to issues like establishing servers in India, establishing cloud computing legal framework in India, establishment of telecom security in India, reconciling privacy rights and law enforcement requirements, reconciling privacy rights and national security requirements, adoption of lawful interception methods, telecom dispute resolution reforms in India, crisis management and emergency response services, delivery of e-services in a time bound manner, digitisation of governmental records, establishing cloud computing best practices in India, encryption and privacy issues of cloud computing, establishing a centralised monitoring system in India, etc.

The following are the core techno legal provisions that have been suggested by TRAI and many of these suggestions have also been provided by Perry4Law and PTLB in the past:

(1) Servers: Ensure that all servers on which sensitive data are hosted are located within the country and ensure that all local content is hosted on servers located within the country.

(2) Cloud Services: To setup an efficient cloud computing environment.

(a) Adopt best practices to address the issues related to cloud services;
(b) Create a secure network for cloud computing covering encryption and privacy;
(c) Create a legal and security frame work covering network security, law enforcement assistance and preservation of cross-border data flows for deployment of Cloud Services;
(d) TRAI to devise appropriate mechanisms to provide interoperability among cloud computing service providers.

(3) Security: To ensure security of the information in the telecom network and monitoring of the information, compliant with the objectives of national security.

(a) Keeping in view individual privacy and in line with international practices, develop and deploy a state of the art system for providing assistance to Law Enforcement Agencies (LEAs);
(b) Mandate and enforce that the Telecom Service Providers take adequate measures to ensure the security of communication in/through their networks by adopting contemporary information security standards;
(c) Create an institutional framework through regulatory measures to ensure that safe-to-connect devices are inducted into the Telecom Networks;
(d) Build national capacity in all areas that impinge on Telecom network security and communication assistance for law enforcement, such as security standards, security testing, interception and monitoring capabilities and manufacturing of critical telecom equipment;
(e) Ensure that all equipments supplied to the telecom service providers are in conformity with the laid down security and safety standards;
(f) Mandate, on consideration of recommendations from TRAI, standards in the areas of functional requirements, safety and security and in all possible building blocks of the communication network i.e. devices, elements, components, physical infrastructure like towers, buildings etc;
(g) Develop a rational criterion for sharing of costs beyond a threshold limit between Government and the service providers in implementing security measures.

(4) Quality of Service: To ensure better quality of experience for telecom consumers.

(a) Quality of Service and consumer interests being under TRAI's domain, TRAI will appropriately lay down the end-to-end system performance standards, Quality of Service parameters, and measures to Protect consumer interest; (covers all issues of QoS listed in the draft NTP)
(b) TRAI to be given necessary powers including the power to enforce including penalty provisions, to enforce the observance by the service provides of the laid down standards /parameters;
(c) Undertake legislative measures to bring disputes between telecom consumers and service providers within the jurisdiction of Consumer Forums established under Consumer Protection Act.

(5) Emergency Response Services: To enable access to telecommunication services in times of emergency and disasters.

(a) Entrust TRAI, under clause 11 (1) (b) of TRAI Act, with the development of nationwide Unified Emergency Response Mechanism by providing nationwide single access number for emergency services;
(b) To ensure availability of communication to agencies connected with law and order, security and disaster management during calamities and emergencies.

(6) Development of E-Applications: To facilitate the development of e-applications, particularly in Education, Health, Agriculture, Skill development, Small and Medium Enterprises, e-Governance, e-Commerce, e-banking.

(a) Promote an ecosystem for participants in VAS industry value chain to develop applications, particularly to meet the needs of the rural citizens;
(c) Incentivise companies involved largely with the development of e-applications for rural areas and in regional languages;
(c) Put in place an appropriate regulatory framework for delivery of VAS at affordable price so as to fuel growth in entrepreneurship, innovation and provision of region specific content in regional languages;
(d) Encourage development of mobile phones based on open platform standards and leverage the mobile device for enabling secure transactional services including online authentication of identity;
(e) Work with handset manufacturers and international standards bodies to make e-applications interoperable in Indian languages;
(f) Incentivise application developers to provide customized applications suitable for local needs;

(7) Enabling Delivery of E-Services to Rural Areas: To deliver e-services provided by various government agencies to the citizens.

(a) Promote synergies between roll-out of broadband and various Government programs viz. e-governance, e-Panchayat, NMEICT, MNREGA, NKN, AADHAR, AAKASH tablet etc.;
(b) Digitize the content available in the government departments;
(c) Coordinate with State Governments and different Ministries in Government of India such that all procedures are amended, to ensure digital delivery of services, in a definite timeframe;
(d) Coordinate with State Governments and different Ministries in Government of India such that all personnel are trained in a definite timeframe to achieve the desired degree of competence in understanding of the revised procedures and delivery of services;
(e) Equip all the Panchayats and Villages Centres with the requisite Hardware and train the personnel;
(f) Stimulate the demand for e- applications and services by working closely with Department of IT in the promotion of local content creation particularly in regional languages.

(8) Empowering Urban Citizens: To empower citizens in the urban areas through establishment of Fiber networks and deployment of applications required for smart cities and towns.

(a) Provide fiber to home/kerb as an integrated access to meet ICT requirements of urban citizens;
(b) Make regulatory changes to unbundle fiber infrastructure;
(c) Coordinate with State Governments and different Ministries in Government of India such that all procedures for services in urban areas are amended in a definite timeframe to ensure digital delivery of services;
(d) Coordinate with State Governments and different Ministries in Government of India such that all personnel are trained in a definite timeframe to achieve the desired degree of competence in understanding of the revised procedures and delivery of services;
(e) Digitize the content and data available in the government departments, in a definite timeframe;
(f) Provide policy support including standards implementation, for secure communication of information within and between different sectors;
(g) Develop a regulatory framework for Machine to Machine communications;

(9) Innovation and IPR Creation: To promote entrepreneurship, innovation and IPR creation for indigenous product development and its commercialisation.

(a) Develop detailed guidelines for promotion of innovation and IPR creation;
(b) Promote Indian products viz., products having Indian IPR, by stipulating a mandatory market share;
(c) Create a Telecom Research and Development Corporation (TRDC) for setting up of an R&D fund and establishing a Research and Development Park;
(d) Establish a Telecom Research and Development Park for facilitating research, IPR creation and commercialization;
(e) Facilitate access to financial resources on favorable terms and provide fiscal incentives to relevant R&D institutions;
(f) Assist researchers to obtain IPRs for their innovation;
(g) Set up an autonomous Telecommunications Standard Development Organization (TSDO) to develop standards to meet national requirements, to generate IPRs and to participate in international standardization bodies to contribute in formulation of global standards;
(h) Create suitable testing infrastructure to aid in development of new products and services;
(i) Encourage the entrepreneurs to develop and commercialize Indian products by making available requisite funding (pre-venture and venture capital), management and mentoring support.

11 Mar 2012

Kintiskton, MarkMonitor, Google, Online Brand Protection And IP Violations

Almost all small websites and small companies prefer to use limited computational powers, software, hardware, bandwidth consumption, etc. Within these limited resources these small companies and websites have to provide the best results.

However, the entire planning and financial equilibrium of these companies and websites is jeopardised the moment some individual, company or robot crawlers mess up with such website. There are some very aggressive crawler bots that consume the bandwidth meant for entire month in few days.

These crawler bots do not respect the restrictions placed by the robot txt files and even if you block their internet protocol (IP) range, they resurface again with newer IP blocks. In almost all cases this behaviour is attributable to a company or organisation that is helping in investigation, preventing, fighting and remedying intellectual property rights (IPRs) violations.

It may be an IPRs law firm or a company like MarkMonitor that helps in online brand protection and online trademark protection. Such IPRs law firm or company like MarkMonitor are well within their rights to analyse and report online contents for IPRs violations. However, they must do so in a manner that is not only legal but also reasonable and not causing any loss, financial or otherwise, to third parties.

Bombarding websites and blogs having limited capabilities and computational resources with mammoth requests that also bypassing the restrictions placed by website owner is strictly not legal. It involves issues like privacy violations, trespass, unauthorised access, possible denial of service attack and distributed denial of service attack, etc.

For instance, the Kintiskton crawling bot is behaving in the abovementioned manner. Some have claimed that the Kintiskton bot is operating on the part of IPRs law enforcement firms and companies like MarkMonitor.

This also reminds us about our recent series of complaints with Google, MarkMonitor, etc. During the period we pursued our trademark and copyright violation complaints with Google, MarkMonitor was the registrant for the domains blogspot and blogger. The legal notice sent to MarkMonitor to bring to Google’s knowledge the offending act and omissions was replied to after much time with a standard reply that is far from satisfactory.

It is also obvious that MarkMonitor is managing the brand and IPRs related issues of Google. The Kintiskton crawling bot seems to be acting on behalf of MarkMonitor and wherever applicable on behalf of Google as well. However, this could have serious legal consequences as this exercise of Kintiskton crawling bot may not be legally sustainable under the Information Technology Act, 2000 (IT Act 2000) that is the cyber law of India.

Now this fact has also been made public so whoever managing the Kintiskton crawling bot must be aware that this exercise may not be entirely legal and acceptable to users and website owners whose websites are vandalised by the bot. Time has come to change the crawling policy of Kintiskton crawling bot.

10 Mar 2012

New GTLDs, ICANN And Domain Names Disputes Resolutions

If you are having an online presence chances are very good that you may have one or more domain names. Just like physical property, domain names are equivalent to virtual or online property that is a must to have possession these days.

Although the importance of domain name is well understood yet its legal protection in India has not invoked interest among our legislature. Domain name protection in India is still provided under the trademark law of India. Domain names are essential part of commercial activities and we need a separate domain name protection law in India.

The importance of domain names has further increased due to the recent announcement of ICANN to register new generic top level domains (GTLDs). In fact, ICANN’s new generic top level domain names (new GTLDs) registration has begun and is in progress.

Perry4Law and Perry4Law Techno Legal Base (PTLB) recommend that the new GTLD applicants must undertake due diligence before applying for the same. A risks and benefit analysis of ICANN’s new GTLDs registrations must be made by individuals and companies alike.

In particular, the applicants must make a techno legal analysis, new GTLDs due diligence, anticipate possible legal rights objections under ICANN's new GTLD program, etc. The legal issues of new GTLDs application, their registration and subsequent litigations would surface and a sound strategy in this regard can help in minimising the legal risks associated with the same.

Even after the application period for new GTLDs would be over, there is no guarantee that legal and other objections would not be raised. Independent objections and legal rights objections for ICANN’s new GTLDs would follow after the application period ends.

Legal rights objection assistance for new GTLDs by Perry4Law and PTLB may be sought by the applicants of new GTLDs independent of ICANN or any other organisation. Perry4Law and PTLB are not related to ICANN or any other organisation in this regard.

Trademark and brand protection under new GTLDs registration by ICANN must be rigorously pursued by various stakeholders. It is recommended by Perry4Law and PTLB to formulate a good techno legal strategy by the new GTLDs applicants for successful registration of new GTLDs in their names.

Legal Enablement Of E-Health In India Is Needed

Information and communication technology (ICT) is a real enabler to strengthen healthcare industry of India. Whether it is telemedicine, e-health or any similar concept, technology is central to the successful implementation of these projects.

For some strange reason, health industry of India has neither being given a technology boost nor an appropriate legal framework has been formulated for it by the Indian government. For instance, very few health care industry players in India are using ICT for providing health related services. Similarly, e-health in India is facing legal roadblocks. Till now we do not have any dedicated e-health laws and regulations in India.

Legal enablement of e-health in India is urgently required. When technology is used for medical purposes, it gives rise to medico legal and techno legal issues. In United States, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Health Information Technology for Economic and Clinical Health Act (HITECH Act), etc are some of the laws that take care of medico legal and techno legal issues of e-health and telemedicine.

As far as India is concerned, we have no dedicated e-health and telemedicine laws in India. Even essential attributes of these laws like privacy protection, data protection, data security, cyber security, confidentiality maintenance, etc are not governed by much needed dedicated laws.

Now health ministry of India has given some hints that it would use technology for health related issues in India. It has decided to utilise technologies like Skype and technological concepts like biometrics, m-health, e-health, etc for India's primary health centres (PHCs) and sub-centres.

Although the intentions of health ministry may be good yet its implementation is flawed from the very beginning. Health ministry is committing the same blunder that Aadhar project of India has committed. Collecting and using sensitive biometric and personal details without privacy law, data protection law, data security law, etc is counter productive.

There are no procedural and technological safeguards in place in India till now that can protect privacy and data rights of Indian citizens from misuses and e-surveillance. This may be the reason why Aadhar project may be scrapped in the long run. The technological initiatives of health ministry may also face similar fate.

In short, for the successful implementation of e-health and telemedicine in India, legal enablement of the same is absolutely required. Till now neither the Indian government nor the health ministry has provided any information in this regard. Till legal enablement of e-health in India is achieved all initiatives in this direction may prove counter productive.

9 Mar 2012

E-Health In India Is Suffering From Legal Roadblocks

Electronic commerce (e-commerce) has finally been accepted as a viable business model in India. This is despite many shortcomings that are mostly legal and technological in nature. On the legal side, we have no dedicated e-commerce laws and regulations in India. On the technological side we are still looking forward to wider broadband penetration and technology awareness.

However, there is an aspect that may e-commerce enthusiastics in India have failed to understand. Online dealings give rise to many civil and criminal sanctions if not properly undertaken. For instance, if cyber law due diligence in India is not undertaken by e-commerce websites they may be held civilly and criminally liable for act or omissions on their part.

Similarly, e-commerce websites and platforms are Internet intermediaries who may have to comply with not only laws of India but also laws of other jurisdictions. In order to enjoy the protection of safe harbour in India, e-commerce websites must comply with Information Technology (Intermediaries Guidelines) Rules 2011 of India.

Of all e-commerce fields, e-health in India is most delicate and difficult to establish. For instance, individuals and companies are shying away from selling prescribed medicines and drugs online. All the e-commerce players in e-health field are doing are selling healthcare and cosmetics through e-commerce websites.

E-health players in India cannot be blamed for this position. The Indian government has not made conducive environment for e-health in India. Since the legal risks of e-health in India are tremendous, e-health players are not opening online drugs and medicines stores in India.

When technology is used for medical purposes, it gives rise to medico legal and techno legal issues. In United States, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Health Information Technology for Economic and Clinical Health Act (HITECH Act), etc are some of the laws that take care of medico legal and techno legal issues of e-health and telemedicine.

On the contrary, we have no dedicated e-health and telemedicine laws in India. Even essential attributes of these laws like privacy protection, data protection, data security, cyber security, confidentiality maintenance, etc are not governed by much needed dedicated laws.

E-health and telemedicine are very important part of health policy of India. However, legal enablement of e-health has not taken place in India. It is high time for Indian government in general and health ministry of India in particular to ensure legal enablement of e-health in India.

Independent Objector And Legal Rights Objections For ICANN’s New GTLDs

As you may be aware that ICANN’s new generic top-level domains (GTLDs) registration is in Progress. Once the application period is over, individuals, companies and even ICANN would analyse the applications for possible violation of intellectual property rights (IPRs) like trademark, trade name, etc. Further, brand owners would also closely scrutinise the filled applications for possible brand and goodwill violations.

ICANN has already started the process in this regard. ICANN has proposed to appoint “independent objectors” who would scrutinise the applied GTLDs for possible violations of IPRs and other rights. An independent objector would be responsible for determining if a new GTLD being applied for is in the best interest of the Internet community. If he/she/it reaches a negative conclusion, he/she/it will file formal objections against a new GTLD application.

Similarly, the IPRs owners, brand owners, etc can also escalate their disputes with a dispute resolution authority if they think that the applied GTLD violates their IPRs or brands or other rights. Such legal rights objections under ICANN's new GTLD domain registration program can be raised by such IPRs owners, brand owners, etc.

The legal rights objection assistance for new GTLDs by Perry4Law as well as an independent objector’s assistance of Perry4Law is available to all stakeholders, GTLDs applicants and opposers, IPRs owners, brand owners, etc. As on now we are not officially affiliated to or attached with ICANN or any other dispute resolution organisation in this regard. We would provide the independent objector services and legal rights objection services independently and on our own without any assistance from ICANN or other institution.

Our purpose is to prepare individuals, organisation, IPRs owners, brand owners, etc in a techno legal manner so that they are well versed with their rights and obligations under the new GTLDs registration process.

Perry4Law, its partners and associates and techno legal segments like Perry4Law Techno Legal Base (PTLB) are neither related nor affiliated with any of the GTLD applicants. We represent absolute impartiality and our decisions are guided by pure legal considerations without any personal preferences and bias.

If you are interested in our independent objector’s services or legal rights objection services, kindly contact us in this regard. Further, if you wish to proceed with your application in a well planned and successful manner, we can provide you with our techno legal expertise in this regard.

Finally, if you wish to resolve your differences and disputes, if any, through our alternative dispute resolution (ADR) platform or online dispute resolution (ODR) platform, we welcome you to do so.

Perry4Law and PTLB wish all the best to all GTLDs stakeholders.

8 Mar 2012

E-Commerce Laws In India

Electronic commerce (e-commerce) is all set for big growth in India. However, legal and regulatory requirements of e-commerce are stringent in nature. In fact cyber law due diligence in India and internet intermediary liability in India are very stringent.

E-commerce websites are Internet intermediaries within the meaning of information technology act 2000 (IT Act 2000). The IT Act 2000 is the cyber law of India that also governs e-commerce regulatory framework. After the passing of the Information Technology (Intermediaries Guidelines) Rules, 2011 of India, e-commerce websites must comply with valid legal requests to retain their safe harbour protections.

Perry4Law and Perry4Law Techno Legal Base (PTLB) have compiled a list of legal articles that are relevant for understanding the techno legal aspects of e-commerce in India. These articles are:

(1) Legal Requirements of Undertaking E-Commerce in India

(2) E-Commerce Laws In India

(3) E-Commerce Lawyers and Law Firms in India

(4) E-Commerce Laws In India-II

(5) Electronic Commerce Laws in India

(6) E-Commerce Regulations and Laws in India

(7) E-Commerce Dispute Resolution in India

(8) Online Dispute Resolution For Cross Border E-Commerce Transactions

(9) E-Health Laws and Regulations in India

We hope our readers would find these articles useful and these articles would help them in establishing and running a legally sustainable e-commerce business in India.

Legal Rights Objection Assistance For New GTLDs By Perry4Law

Internet Corporation for Assigned Names and Numbers (ICANN) has started accepting application for the registration of new generic top level domain names (GTLDs). ICANN’s new GTLDs registration is in progress and once the deadline is over, ICANN would analyse the suitability of these applications.

The applicants must make risks and benefits analysis of ICANN’s new GTLDs registrations before making an application. Further, the applicants must also undertake proper and techno legal due diligence regarding new GTLDs applications. Once that is done to the best of an applicant’s knowledge, the ball would be in ICANN’s court.

ICANN would allow filing of legal objections against applications filed for granting of new GTLDs. The legal rights objections under ICANN’s new GTLDs domain registration program could open floodgate for objections against granting of new GTLD to a particular applicant or class of applicants. Brand names, trademarks, intellectual property rights (IPRs), etc are some of the reasons that may be cited by the objector for the refusal to grant of applied GTLD.

A well prepared applicant has greater chances that his/her/its application may be granted. Similarly, a vigilant and genuine objector must make it sure that his objections succeed and the offending GTLD is not allotted to the applicant.

If you wish to analyse your case for your personal reasons or for agitating before any court, tribunal or international organisation providing arbitration or online dispute resolution (ODR) service, you may contact us to get a preliminary analysis of the same.

If you wish to get any dispute or difference resolved through our neutral(s) you may also contact us in this regard. At Perry4Law and Perry4Law Techno Legal Base (PTLB) we provide the exclusive techno legal ADR and ODR services in India and abroad. We would analyse your case from both technological and legal perspectives.

If you think that someone is trying to misappropriate your goodwill, trade name, trademark, brand name, etc, we may assist you in enforcing your rights and intellectual property rights (IPRs), either before or after the GTLDs registration time specified by ICANN expires. We would use Uniform Domain Name Dispute Resolution Policy of ICANN or such other procedure as has been “mutually agreed” between us for analysing, opinion giving and dispute resolution.

We can also help you in determining beforehand whether the potential use of the applied-for GTLD by the applicant:

(i) Takes unfair advantage of the distinctive character or the reputation of the objector’s registered or unregistered trademark or service mark (“mark”), or

(ii) Unjustifiably impairs the distinctive character or the reputation of the objector’s mark or

(iii) Otherwise creates an impermissible likelihood of confusion between the applied-for GTLD and the objector’s mark.

Perry4Law or its panelists will ordinarily determine the merits of the objection based solely on the parties’ pleadings, and may make reference to a range of non-exclusive consideration factors.

For an objection based on trademark rights, we would consider the following non exclusive consideration factors:

(i) Whether the applied-for GTLD is identical or similar, including in appearance, phonetic sound, or meaning, to the objector’s existing mark.
(ii) Whether the objector’s acquisition and use of rights in the mark has been bona fide.
(iii) Whether and to what extent there is recognition in the relevant sector of the public of the sign corresponding to the GTLD, as the mark of the objector, of the applicant or of a third party.
(iv) Applicant’s intent in applying for the GTLD, including whether the applicant, at the time of application for the GTLD, had knowledge of the objector’s mark, or could not have reasonably been unaware of that mark, and including whether the applicant has engaged in a pattern of conduct whereby it applied for or operates TLDs or registrations in TLDs which are identical or confusingly similar to the marks of others.
(v) Whether and to what extent the applicant has used, or has made demonstrable preparations to use, the sign corresponding to the GTLD in connection with a bona fide offering of goods or services or a bona fide provision of information in a way that does not interfere with the legitimate exercise by the objector of its mark rights.
(vi) Whether the applicant has marks or other intellectual property rights in the sign corresponding to the GTLD, and, if so, whether any acquisition of such a right in the sign, and use of the sign, has been bona fide, and whether the purported or likely use of the GTLD by the applicant is consistent with such acquisition or use.
(vii) Whether and to what extent the applicant has been commonly known by the sign corresponding to the GTLD, and if so, whether any purported or likely use of the GTLD by the applicant is consistent therewith and bona fide.
(viii) Whether the applicant’s intended use of the GTLD would create a likelihood of confusion with the objector’s mark as to the source, sponsorship, affiliation, or endorsement of the GTLD.

After closing the application window (from January 12 to March 29, 2012) and posting all applications, ICANN will announce the opening of the objection filing window. Currently, the objection filing window is anticipated to be seven months, from approximately May 1 to December 1, 2012.

Within 30 days of the close of the objection window, ICANN will publish a "Dispute Announcement" listing all administratively compliant objections. The applicants would be notified of any objections and the applicants will then have 30 days to file a response. Within 30 days of receiving a response, an expert panel would be appointed. Normally the panel will render its determination within 45 days of appointment.

Non-payment of fees by an objector during legal rights objections will result in rejection of the objection, without panel appointment. Non payment of response fees by an applicant during legal rights objections will result in the objection being deemed successful. Obviously, applicants have to defend the legal rights objections as they cannot afford to loose the applied GTLD. Perry4Law and its neutral can assist both objectors and applicants in this regard.

Perry4Law and PTLB believe that applying for and getting new GTLDs requires well planned techno legal strategy. A company or individual desiring to apply for the same need to analyse all the possible strengths and weaknesses of his application well in advance. While the strengths must be further improved special work need to be done upon the weakness of such future application. Perry4Law and PTLB wish all the best to future GTLDs applicants.

Corporate Skills Development In India Is Required

Corporates across the world are struggling to hire skilled and knowledgeable workforce. Surprisingly, only 20 to 25% of graduates and professionals are worth employment in these corporates. Educational institutions producing these graduates are not only outdated but are also academic in nature. They do not provide practical trainings and workable experience to these graduates.

India is no different in this regard and Indian government has a tremendous job in hand to change this situation. Skills developments in India are urgently required to change this position. Further keeping in mind the techno legal requirements of present times, techno legal skills development in India are also required.

Techno legal areas like cyber law, cyber security, cyber forensics, ethical hacking, etc are worst affected. In the name of technical education mere academic diplomas and degrees are provided that are not helping the students in any manner whatsoever.

Perry4Law, Perry4Law Techno Legal Base (PTLB) and Perry4Law Techno Legal ICT Training Centre (PTLITC) believe that information and communication technology (ICT) can help Indian government in achieving the goals set by it regarding skills development. For instance, use of e-learning, online education and distance learning education system can not only ease the pressure from traditional universities and educational institutions but would also help in providing technical and practical education to masses across India.

Perry4Law, PTLB and PTLITC are providing exclusive techno legal e-learning courses in India and techno legal skills development trainings and courses in India. PTLB is providing various techno legal courses for corporate executives, CEOs, CIOs, etc.

Companies and CEOs are required to follow cyber law due diligence in India and must comply with the requirements of Internet intermediaries to get the safe harbour protection under Indian laws. PTLB is providing exclusive techno legal cyber law trainings for corporate executives and CEOs in India.

These trainings have been specifically designed so that corporate executives and CEOs can successfully comply with Indian laws, especially information technology act, 2000 (IT Act 2000) that is the cyber law of India. If you are interested in our techno legal trainings, kindly enroll with us in this regard.

We are committed to improve the techno legal skills developments in India are looking forward for suitable partners and associates in this regard. Read our e-learning blog for regular updates in this regard.

5 Mar 2012

E-Commerce Regulations And Laws In India

Electronic commerce is an area whose legal formalities cannot be taken lightly. Electronic commerce involves multiple jurisdictions and at times multiple laws of different countries are applicable to a single electronic commerce website.

Further, the landscape for electronic commerce dispute resolution in India is also fast changing. With more and more stress upon online disputes resolution (ODR) in India electronic commerce disputants now prefer ODR as a mechanism for dispute resolution. Corporate disputes resolution through ODR in India is also being explored. E-courts and ODR have also added their own valued to electronic commerce and corporate dispute resolutions in India.

Electronic commerce in India is witnessing a good growth due to progressive policies and liberal foreign direct investments (FDIs). E-commerce uses information and communication technology (ICT) to operate. Although many technological aspects are also taken care of by an e-commerce platform, yet establishment and running of an e-commerce website is the most important requirement.

Internet is boundary less and a website hosted in a particular country can be accessed from any part of the world. Further, there may be cases where a websites located in a particular country may attract legal jurisdictions of multiple countries. Thus, compliance with the laws of the principal country as well as those countries where such e-commerce websites targets audience and customers is of prime importance.

There have been instances where e-commerce websites located in India failed to observe cyber law due diligence in India and e-commerce regulations and laws in India. Criminal trials and criminal liabilities have been imposed by Indian legal system upon such websites. The bazee.com case and the criminal and civil trials against companies like Google, Yahoo, Facebook, Microsoft, etc are few examples of the same. Such cases against e-commerce websites and foreign companies would further increase and e-commerce players must appoint nodal officers in India to comply with Indian laws.

Thus, not only legal requirements for undertaking e-commerce in India are stringent but even Internet intermediaries liability in India must be taken seriously by companies engaged in online transactions and businesses. We have no dedicated e-commerce laws in India but the information technology act 2000 (IT Act 2000) covers basic level e-commerce legal framework in India. The IT Act 2000 also prescribes cyber due diligence for foreign websites in India.

E-commerce due diligence in India is a much needed requirement that all e-commerce players, whether Indians or foreign, must undertake as soon as possible. Non observation of local and foreign laws can tarnish the image and brand of a company that cannot be regained again. It is better to err on the side of precaution rather than caught on the wrong side of the law.

National Cyber Coordination Centre (NCCC) Of India

India has too many agencies and authorities and they are scattered all over India. For practical reasons, there are no centralised agency that can manage law and order and cyberspace related issues. This is resulting in increased cyber attacks and cyber crimes committed against India and Indian citizens.

Cyber law issues, cyber security and national security are on agenda of Indian government these days. However, till now cyber security in India is not upto the mark and cyber law of India requires an urgent repeal. This is because the entire approach and attitude of India government is defective.

Indian government has failed to understand that e-surveillance is not a substitute for cyber security capabilities. Instead of developing cyber security capabilities of India, the Indian government is stressing upon growing use of e-surveillance in India and Internet censorship in India.

All these exercises of India government have been done without any legal framework supporting these initiatives of Indian government. Phones are tapped in India without a constitutionally valid phone tapping laws in India. The central monitoring system project of India (CMS Project of India) is also not supported by any legal framework. Surveillance of Internet traffic in India is also another area that requires a sound legal framework. Various authorities with far reaching powers have been created without any legal backing.

Now the government has proposed setting up of National Cyber Coordination Centre (NCCC) of India. The NCCC would provide actionable alerts to government departments in cases of perceived security threats. It is hoped that this would help in fighting terrorists and other cyber criminals.

The NCCC will scan whole cyber traffic flowing at the point of entry and exit at India's international Internet gateways. The web scanning centre will provide actionable alerts for proactive actions to be taken by government departments. All government departments will now talk to the Internet Service Providers (ISPs) through NCCC for real time information and data on threats. Presently, the monitoring of web traffic is done by Centre for Development of Telematics (C-DoT) which has installed its equipments at the premises of ISPs and gateways.

All tweets, messages, emails, status updates and even email drafts will now pass through the new scanning centre. The centre may probe further into any email or social media account if it finds a perceived threat.

India's National Security Council Secretariat (NCSC) has asked various departments to assess their needs for officials, who will coordinate with the scanning agency. The National Security Council handles the political, nuclear, energy and strategic security concerns of the country.

This can be another agency without a legal framework. Creating agencies without legal framework is counter productive as it violates civil liberties and human rights. Parliamentary oversight of intelligence agencies of India and proposed NCCC is absolutely required. The Indian government must keep this in mind while creating NCCC.

Mobile Phone Laws In India Required

With the active use of mobile phones in India, dedicated cell phone laws in India and mobile phone laws in India are urgently required. Further, we must also ensure mobile cyber security in India and mobile banking cyber security in India. Even Reserve Bank of India (RBI) has warned Indian banks for inadequate cyber security adoption. Despites these pressing requirements neither mobile phone laws nor mobile phone security has been ensured in India.

Mobile phones are increasingly being used for multi purpose in India. However, legal framework for mobile phones in India is still missing. Some provisions can be made applicable to mobiles in India through the information technology act 2000 (IT Act 2000) but we still do not have a dedicated mobile phone laws in India.

The Department of Telecommunication (DoT) has proposed a new national telecom policy of India 2011 that would be operational very soon. The new telecom policies as well as other projects of Indian government and DoT are excessively favouring e-surveillance in India and surveillance of Internet traffic in India. We need a legally valid e-surveillance policy of India to address these issues. Otherwise, it would violate human rights protection in cyberspace.

The proposal to allow DoT to monitor cell phone locations in India is also a controversial issue. Big brother must not overstep its limits in India. The proposed cell site based e-surveillance in India has crossed this limit well beyond those permitted by Indian Constitution.

We must have well defined procedure and cell site data location laws in India. As we have no dedicated privacy laws, data protection laws, data security laws, anti telemarketing laws, anti spam laws, etc, mobile phones monitoring in India is not legally sustainable.

Even the proposed central monitoring system (CMS) project of India is not legitimate and legally sustainable as there is no legal framework that justifies its operation in India. Currently there is no phone tapping law in India that is constitutionally sound and we urgently need a lawful interception law in India. Similarly, the colonial phone tapping laws of India must be repealed and new and constitutionally sound phone tapping laws in India must be formulated.

The mobile phone laws of India must cover all these issues that are presently left unaddressed. In the absence of such laws, mobile phone data analysis, mobile phone location tracking, mobile phone tapping in India, etc are illegal and unconstitutional.

E-Health Laws And Regulations In India

Information and communication technology (ICT) has streamlined the way medical services and para medical services are provided world over. E-health and telemedicine are examples of use of ICT for medical purposes.

However, when technology is used for medical purposes, it gives rise to medico legal and techno legal issues. In United States, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Health Information Technology for Economic and Clinical Health Act (HITECH Act), etc are some of the laws that take care of medico legal and techno legal issues of e-health and telemedicine.

On the contrary, we have no dedicated e-health and telemedicine laws in India. Even essential attributes of these laws like privacy protection, data protection, data security, cyber security, confidentiality maintenance, etc are not governed by much needed dedicated laws.

However, numerous statues carry individual provisions that may be applicable to e-health and telemedicine activities in India. For instance, the e-governance and e-commerce related aspects of e-health and tele medicine may be governed by the Information Technology Act, 2000 (IT Act 2000) that is the cyber law of India. All electronic contraventions and violations pertaining to e-health and tele medicine can be regulated b the IT Act 2000.

Similarly, privacy and data protection aspects in cyberspace pertaining to e-health are also governed by the IT Act 20000. Further, the Supreme Court of India has interpreted Article 21 of Indian Constitution as conferring a right to privacy upon all persons in India. Even in some cases the Supreme Court of India has held that patients have a right to privacy to protect their health related information except where non disclosure of such information is violating fundamental rights of others and is against public interest and public policy.

Even data security and cyber security aspects have been covered by the IT Act 2000 to some extent. The real problem is that these provisions that protect privacy, data protection, data security, etc are piecemeal efforts and they are not serving the purposes as required.

We need to have dedicated e-health laws and regulations in India that are presently missing. The sooner these e-health laws and regulations are formulated in India the better it would be for the larger interest of medical community and patients in India.