Thursday, 31 March 2011

Cloud Computing Security In India

Cloud computing is the new buzz word in India these days. Cloud computing is a multi billion industry and every cloud computing vendors is interested in having a share of the same. Even governmental departments of India have been very enthusiastic about cloud computing even though they are paranoid about simple use of encryption in India.

The bigger question that still remains unanswered is should India use cloud computing? India has no legal framework for cloud computing and cloud computing regulations in India are missing. India has no dedicated privacy laws, data protection laws and data security laws. Even leading techno legal expert of India Praveen Dalal believes that India should not use SaaS and cloud computing for crucial governmental services in the absence of adequate legal framework and procedural safeguards.

So as far as legal framework and civil liberty safeguards are concerned, cloud computing is a new landmine for privacy in India. For instance, in order to safeguard its commercial interests in India, Research in Motion’s Blackberry has established a framework that would allow Indian intelligence agencies to monitor contents on its messenger service. Interestingly, this e-surveillance arrangement is cloud computing based and this shows how vulnerable cloud based systems can be for violating civil liberties.

Thus, from all angles cloud computing in India is risky. This is more so when we have no lawful interception law in India. Indian law enforcement agencies and intelligence agencies need no court warrant to indulge in e-surveillance and phone tapping. There is nothing that would restrict them to exploit cloud computing environment in India.

The truth is that India is not ready for cloud computing. We have no cloud computing laws and legal framework in India, we have no privacy laws and data protection laws in India, we have no data security laws and cyber security laws in India.

We have also a poorly drafted cyber law of India that requires immediate repeal. India is also facing sever cyber threats and this also mandates establishing a robust and resilient cyber security mechanism in India.

A special attention must also be given to cyber security of cloud computing in India. When sensitive and personal information is stored in a cloud based environment, its physical and cyber security becomes of prime importance.

There is no sign of cloud computing security in India. Even the basic cyber crime policy of India and cyber security policy of India are missing. Except promoting commercial interests and illegal e-surveillance powers, cloud computing is not meeting the civil liberties protection requirements in India.

For the time being, Indian consumers and customers should not shift to a cloud computing based environment though cloud computing companies and Indian intelligence agencies have a very good reason to impose the same upon us.

Wednesday, 30 March 2011

RBI And ATM Card Security In India

Reserve Bank of India (RBI) has been taking many banking sector reforms in India. One of it pertains to security of banking instruments and banking transaction mechanisms. RBI has also directed all banks to create a position of chief information officers (CIOs) as well as steering committees on information security at the board level at the earliest.

Similarly, RBI has also prescribed cyber due diligence for banks operating in India. The cyber due diligence requirement would now put a pressure upon the banks to deal with cyber crimes in general and phishing, credit card frauds, online banking frauds, etc in particular more seriously.

Cyber criminals are inventing new methods to defraud banking customers in India. The most recent one pertains to collective use the methods of phishing, cracking and manipulation with account details of a phone registered for banking purposes.

Reacting sharply, RBI has told all the banks to use a system that would provide online alerts for all ATM card transactions irrespective of amount. Till now banks were sending online alerts to the cardholders for only “card not present” (CNP) transactions. These transactions were performed for the value of Rs 5,000 and above.

RBI has directed that all banks must implement this direction by June 30. Earlier this year RBI sought to make “card not present” transactions more secure by insisting that banks ask for an additional password in addition to the credit card number and the CVV number printed on the back of the card. The additional security feature came into effect from last month.

Phishing, Phone Deactivation And Banking Frauds In India

A recent media report has revealed a novel method of committing banking frauds in India. The report mentions that phishers have developed a new modus operendi to defraud banking customers of their hard earned money.

The modus operendi is very simple. The cyber criminals first ascertain victim's sensitive information like bank account/credit card/PAN numbers, address, date of birth and mobile phone numbers, etc. On the basis of such vast information, they then make a fake PAN card and obtain a new SIM card in the victim's name.

Once the SIM card is issued, the victim's mobile phone having the old SIM card gets deactivated. This is done to ensure the victim doesn't receive details of his/her bank account while it is being misused.

Now here lies the confusion. If I apply for a new SIM card it does not automatically deactivates my old number. I would get an additional number and it would not deactivate my previous SIM card. So there is something missing from the police version or the media story.

Nevertheless, the loss to the victims of this crime is real. Further, this episode has also raised a question as to the liability of telecom service provider, bank and the defrauded bank customers respectively.

Tuesday, 29 March 2011

Indian Response To EU Convention On Cyber Crime

In this article on EU convention on cyber crime, the author has comprehensively discussed the problems that international cyber law regime is facing. The biggest problem mentioned by the author is lack of cyber law harmonisation initiatives at the international level.

Till now there is no universally acceptable international cyber crime treaty. In fact the international cyber crime treaty and Indian response to the same are far from harmonisation efforts. India seems to be in no immediate mood to be a part of international cyber law harmonisation efforts of EU.

European Union’s Convention on Cyber Crime is the first international treaty on cyber law. The treaty endeavours to regulate cyber crimes at international level by harmonising national laws, improving cyber crimes investigative techniques and increasing cooperation among nations. The treaty came into force on 1 July 2004.

On 1 March 2006 the Additional Protocol to the Convention on Cybercrime came into force. The additional protocol requires the States to punish as a criminal offence the dissemination of racist and xenophobic material through computer systems, as well as of racist and xenophobic-motivated threats and insults.

Among other things, the convention deals with infringements of copyright, computer-related fraud, child pornography and violations of network security. It also contains a series of powers and procedures such as the search of computer networks and lawful interception.

Although the objectives of the convention are praiseworthy, they have been by and large remained unfulfilled, says Praveen Dalal, managing partner of New Delhi based law firm Perry4Law and leading techno legal expert of India. For instance, lawful interception laws are missing in most countries including India. Similarly, protecting children in cyberspace from various cyber crimes like cyber stalking, sexual abuses, etc is still an unfulfilled dream, informs Dalal. The truth is that cyberspace is still an unfriendly place for juveniles, says Dalal.

Similarly, on the front of civil liberties in cyberspace as well the convention failed to make much difference. For instance, there should be a balance between law enforcement requirements and civil liberties. However, in the name of national security, human rights are very frequently and openly violated by various nations, including India, informs Dalal.

International cyber law harmonisation is still an unfulfilled dream as various nations are not willing to cooperate in this regard. All nations have their own agendas and priorities that are preventing adoption of an internationally acceptable cyber law treaty.

International Cyber Crime Treaty And Indian Response

In this article on international cyber crime treaty and India, the author has very aptly discussed the issues pertaining to harmonisation of international cyber crime law. Indian response to the EU convention on cyber crimes has been in negative and India is still not a party to the convention.

We have neither a cyber crime policy in India nor a cyber law policy in India. Naturally, signing of an international cyber crime treaty by India is not foreseeable in the near future. Despite the efforts of EU and United Nations, cyber law is still governed by national laws.

Cyber laws of the world are by and large territorial in nature and applicability. As a result, different countries have different cyber law and this at times result in conflict of laws.

International initiatives to bring harmonisation were also undertaken but these initiatives failed to generate confidence among the developing countries. As a result, these developing countries are still not part of any international treaty or convention on cyber crimes. International cyber crime treaty and India are still two different domains till date.

The European Union convention on cybercrime is the first international treaty that is trying to resolve the growing nuisances of cyber crime and Internet crimes. The treaty is trying to harmonise national laws, improve cyber crimes investigative techniques and increase cooperation among nations. The treaty came into force on 1 July 2004.

Recently, efforts were made at the United Nations (UN) to adopt a “more comprehensive” and “truly global” International cyber crime treaty, informs Praveen Dalal, managing partner of New Delhi based law firm Perry4Law and leading techno legal expert of India. However, the proposal was rejected by UN and till now there is no globally acceptable cyber crime treaty in existence, informs Dalal.

The biggest roadblock preventing culmination of an internationally acceptable cyber crime treaty is absence of procedural safeguards to prevent abuse and violation of civil liberties of netizens. There is an urgent need to maintain a balance between civil liberties and national security and law enforcement requirements, suggests Dalal. The clash of civil liberties like free speech and expression, privacy rights, etc with law enforcement needs must be adequately reconciled by any international treaty to be successful, suggests Dalal.

Nations across the world are not paying much attention to privacy issues in cyberspace in general and human rights protection in cyberspace in particular. For instance, India has an exclusive techno legal human rights protection centre for cyberspace. Issues pertaining to protection of civil liberties in Indian cyberspace are regularly discussed by this centre. However, such centers are rare not only in India but also in other parts of the world. As a result civil liberty representations are not properly made while formulating any international treaty or convention.

Among many laudable objectives of this centre, one of it pertains to providing assistance in the formulation of “international cyber law treaty”. In fact, Perry4Law and PTLB are in the process of formulating a draft that must be considered by the Indian government before acceding to any convention in this regard.

India must not sign any international treaty or convention on cyber crime till it is very much sure that the delicate balance between civil liberties and law enforcement needs is properly maintained. Further, India must also not sign such treaty if it is discriminatory or is going against India’s interests, suggests Dalal.

For the time being, India is in no mood to join any such international treaty and when it desires to do so all the aspects must be kept in mind. But before doing so, India must formulate suitable cyber crime policy, cyber security policy and strengthen its cyber law.

Cyber Terrorism Against India

Cyber terrorism in India has been in discussion these days. The initial response of India towards cyber terrorism was not very encouraging. Even today cyber terrorism is not taken very seriously by India.

India is facing severe cyber attacks and it is no more possible to ignore the threats of cyber attacks. Cyber terrorism in India and its preparedness are still not upto the mark. Despite what India claims, we are still not ready to meet the challenges of cyber terrorism.

Some security experts doubt the very existence of cyber terrorism. However, Cyber Terrorism is a “Consequence” rather than a “Nomenclature” says Praveen Dalal, managing partner of India’s exclusive techno legal firm Perry4Law. Irrespective of what we call the process of this form of Cyber Attack, we must be prepared to deal with the “Adverse Consequences” of the same, suggests Dalal.

Cyber terrorism is becoming a big nuisance for India and India has to be technologically as well as legally sound to tackle the menace of cyber terrorism. There is an emergent need to amend the cyber law of India, i.e. Information Technology Act, 2000 (IT Act, 2000) in this regard as a single provision is not sufficient as per the cyber law experts.

Indian crisis management plan for cyber attacks and cyber terrorism is also required to be effectively implemented. Merely claming that India has a crisis management plan to deal with cyber terrorism is not enough. India’s preparedness against cyber terrorism must be robust and effective.

To start with, India must enact a good cyber security policy. Cyber threats like cyber terrorism, cyber war, etc are increasing against India in the absence of national cyber security policy say Dalal. Even the critical infrastructure protection in India is not possible in the absence of such cyber security policy, informs Dalal.

Securing national critical national infrastructure of India from cyber attacks is responsibility of India government. The same is not accepted by Indian government till now. Even statements made in the Parliament of India by India government do not show any preparedness in this regard except of basic level. Time has come to take cyber attacks and cyber terrorism against India seriously.

Copyright Law Of India Needs Amendments

Copyright is one of the most valuable intellectual property rights (IPRs). Indian copyright act 1957 is protecting copyright of various copyright holders in India. Although the copyright law in India is suitably protecting the copyrights of traditional works yet it has not been very successful in protecting online contents.

Creation of online contents requires lots of time, energy and creativity. This is the reason why copyright law protects such contents. However, some unscrupulous website owners try to encash upon others labour and inputs.

The problem is more prominent where Google’s online advertisement program adsence has been activated on the offending site. This gives an additional reason to steal others contents for own benefits.

Although Google is aware of these activities yet it is very slow in taking actions against the culprits. What is surprising is the fact that these copyright violators are openly violating the copyright of others and even after a DMCA complaint Google has not taken action against the culprits. It seems Google is encouraging copyright violation by not taking action against the copyright violators.

A majority of these copyright violators are legal researchers who just copy, cut and paste online contents of others. According to Praveen Dalal, managing partner of New Delhi based law firm Perry4Law and a Supreme Court attorney, plagiarism is omnipresent in Indian legal research community. Law students and fresh law graduates do not wish to do the real hard work and take the shortcut of copy and paste, informs Dalal. This is not only violating the copyright law of India but is also reflecting poorly upon the legal research skills of India, says Dalal.

Irrespective of how copyright law of India punishes the copyright violators and copyright owners take actions against such offenders, Google also have a legal and moral obligation to deal with such offenders seriously.

Not only Google must remove such offending weblinks from Google’s search database but the Adsence program of such offending sites must also be canceled.

Recently, Google declared its policy to strictly deal with spam blogs. However, for the time being, content farming sites, splogs and copyright violators are defeating Google.

The present online copyright violation issues are not adequately dealt with by the present copyright law of India. The copyright law of India must also be suitably amended to give credit to the copyright holders and punish the copyright violators in an online environment.

Copyright Law in India

In this guest column, we are providing the views of Mr. Praveen Dalal, Managing Partner of New Delhi based and exclusive techno legal law firm of India Perry4Law, on copyright law of India. These views have become the standard for Indian copyright law and are most widely cited and circulated on the Internet, books, article, etc. This article was originally written in 2005 and is the same one. For intellectual property rights (IPRs) related service, kindly contact Perry4Law directly and do not e-mail us your queries.

Introduction

The copyright law protects the intellectual creations in original works. The subject matter of copyright is literary and artistic work. The copyright protection commences as soon as the work is created and it does not require any registration formalities. Traditionally the concern of copyright law was limited to books, music, paintings or films. Copyright protection has now taken new dimensions and today it extends to even computer software and compilations of data. Copyright has some closely related rights that confer similar principles of protection. These are known as “related rights” or “neighbouring rights”. These rights protect persons, other than the creators, who are involved in the dissemination of copyrighted work. These rights are confined to three specific categories of persons: performers, producers of phonograms and broadcasting organizations. In some countries such rights may be a part of the copyright law,[1]while in others there is different legislation to protect these rights. The Berne Convention for the protection of Literary and Artistic works, as revised up to 1971, provided the highest level of international legal protection for copyright, prior to TRIPS. With the conclusion of TRIPS under the Uruguay Round of multilateral trade negotiations, protection of copyright and related rights became, for the first time, a subject covered by the international trade law. Articles 9 to 13 of TRIPS prescribe the “minimum standards” for the protection of copyright. Article 9.1 of TRIPS establishes that WTO members must comply with Articles 1 to 21 of the Berne Convention, 1971, including the Appendix thereto. The Berne Convention requires that the enjoyment and exercise of copyright cannot be subjected to any formality such as registration. The only exception to adherence to the Berne Convention is Article 6bis, which obliges the members to protect the moral rights of the authors.

Article 9(2) of the Berne Convention contains exceptions to the exclusive right of reproduction conferred by the copyright law. The pre-requisites for the applicability of this Article are:

(a) These limitations and exceptions should be granted in certain special cases,
(b) These should not conflict with the normal exploitation of the work, and
(c) These should not unreasonably prejudice the legitimate interests of the author.

In the context of copyright, TRIPS does not confine this Berne exception only to the right of reproduction but extends it to all exclusive rights conferred by copyright.

Indian Perspective On Copyright Protection

The Copyright Act, 1957 provides copyright protection in India. It confers copyright protection in the following two forms:

(A) Economic rights of the author, and
(B) Moral Rights of the author.

(A) Economic Rights: The copyright subsists in original literary, dramatic, musical and artistic works; cinematograph films and sound recordings.[2] The authors of copyright in the aforesaid works enjoy economic rights u/s 14 of the Act. The rights are mainly, in respect of literary, dramatic and musical, other than computer program, to reproduce the work in any material form including the storing of it in any medium by electronic means, to issue copies of the work to the public, to perform the work in public or communicating it to the public, to make any cinematograph film or sound recording in respect of the work, and to make any translation or adaptation of the work.[3] In the case of computer program, the author enjoys in addition to the aforesaid rights, the right to sell or give on hire, or offer for sale or hire any copy of the computer program regardless whether such copy has been sold or given on hire on earlier occasions.[4] In the case of an artistic work, the rights available to an author include the right to reproduce the work in any material form, including depiction in three dimensions of a two dimensional work or in two dimensions of a three dimensional work, to communicate or issues copies of the work to the public, to include the work in any cinematograph work, and to make any adaptation of the work.[5] In the case of cinematograph film, the author enjoys the right to make a copy of the film including a photograph of any image forming part thereof, to sell or give on hire or offer for sale or hire, any copy of the film, and to communicate the film to the public.[6]These rights are similarly available to the author of sound recording.[7] In addition to the aforesaid rights, the author of a painting, sculpture, drawing or of a manuscript of a literary, dramatic or musical work, if he was the first owner of the copyright, shall be entitled to have a right to share in the resale price of such original copy provided that the resale price exceeds rupees ten thousand.[8]

(B) Moral Rights: Section 57 of the Act defines the two basic “moral rights” of an author. These are: (i) Right of paternity, and (ii) Right of integrity. The right of paternity refers to a right of an author to claim authorship of work and a right to prevent all others from claiming authorship of his work. Right of integrity empowers the author to prevent distortion, mutilation or other alterations of his work, or any other action in relation to said work, which would be prejudicial to his honour or reputation. The proviso to section 57(1) provides that the author shall not have any right to restrain or claim damages in respect of any adaptation of a computer program to which section 52(1)(aa) applies (i.e. reverse engineering of the same). It must be noted that failure to display a work or to display it to the satisfaction of the author shall not be deemed to be an infringement of the rights conferred by this section.[9] The legal representatives of the author may exercise the rights conferred upon an author of a work by section 57(1), other than the right to claim authorship of the work.[10]

Judicial Response

The response of Indian judiciary regarding copyright protection can be grouped under the following headings:

(1) Ownership of copyright,
(2) Jurisdictional aspect,
(3) Cognizance taken by the court,
(4) Infringement of copyright,
(5) Availability of alternative remedy, and
(6) Rectification of copyright.

(1) Ownership of copyright: The ownership in copyright may vest in different persons under different circumstances. In Eastern Book company v Navin J.Desai[11] the question involved was whether there is any copyright in the reporting of the judgment of a court. The Delhi High court observed: “It is not denied that under section 2(k) of the Copyright Act, a work which is made or published under the direction or control of any Court, tribunal or other judicial authority in India is a Government work. Under section 52(q), the reproduction or publication of any judgment or order of a court, tribunal or other judicial authority shall not constitute infringement of copyright of the government in these works. It is thus clear that it is open to everybody to reproduce and publish the government work including the judgment/ order of a court. However, in case, a person by extensive reading, careful study and comparison and with the exercise of taste and judgment has made certain comments about judgment or has written a commentary thereon, may be such a comment and commentary is entitled to protection under the Copyright Act”. The court further observed: “In terms of section 52(1)(q) of the Act, reproduction of a judgment of the court is an exception to the infringement of the Copyright. The orders and judgments of the court are in the public domain and anyone can publish them. Not only that being a Government work, no copyright exists in these orders and judgments. No one can claim copyright in these judgments and orders of the court merely on the ground that he had first published them in his book. Changes consisting of elimination, changes of spelling, elimination or addition of quotations and corrections of typographical mistakes are trivial and hence no copyright exists therein”. In Godrej Soaps (P) Ltd v Dora Cosmetics Co[12] the Delhi High Court held that where the carton was designed for valuable consideration by a person in the course of his employment for and on behalf of the plaintiff and the defendant had led no evidence in his favour, the plaintiff is the assignee and the legal owner of copyright in the carton including the logo.

(2) Jurisdictional aspect: The question of territorial jurisdiction of the court to deal with copyright infringement was considered by the courts on several occasions. In Caterpillar Inc v Kailash Nichani[13] the plaintiff, a foreign company, was carrying on business in several places in India including Delhi, through its Indian distributors and collaborators. The plaintiff claimed the relief of ad-interim injunction for preventing infringement of its copyright by the defendant, though the defendant was dealing in different goods. The Delhi high Court held that it was not necessary to show that the business being carried on by the plaintiff in Delhi should necessarily be in respect of footwear and articles of clothing as well. It is sufficient if the business was being carried on by the plaintiff in Delhi and further that there was an infringement of plaintiff’s copyright in respect of certain goods, which were being sold by the defendant in Delhi. The court further held that section 62 of the Copyright Act makes an obvious and significant departure from the norm that the choice of jurisdiction should primarily be governed by the convenience of the defendant. The legislature in its wisdom introduced this provision laying down absolutely opposite norm than the one set out in section 20 CPC. The purpose is to expose the transgressor with inconvenience rather than compelling the sufferer to chase after the former. In Lachhman Das Behari Lal v Padam Trading Co[14] the Delhi High Court observed that the plaintiff being a firm functioning at Delhi, the suit filed by it in the Delhi courts is maintainable and is not liable to be rejected under Order 7 Rule 11 of the CPC as prayed. The Court further observed that the plea regarding want of territorial jurisdiction is not covered by Order7 rule 11 of CPC. The court observed that even if it is held that this court has not the territorial jurisdiction, the plaint cannot be rejected. At the most it can be returned for presentation to the proper court. In Exphar Sa & Anr v Eupharma Laboratories Ltd & Anr[15] the Supreme Court finally settled the position in this regard. The Court observed: “Section 62(2) cannot be read as limiting the jurisdiction of the District Court only to cases where the person instituting the suit or other proceeding or where there are more than one such persons, any of them actually and voluntarily resides or carries on business or presently works for gain. It prescribes an additional ground for attracting the jurisdiction of a court over and above the “normal” grounds as laid down in Section 20 of the C.P.C. Even if the jurisdiction of the Court were restricted in the manner construed by the Division Bench, it is evident not only from the cause title but also from the body of the plaint that the Appellant No 2 carries on business within the jurisdiction of the Delhi High Court. The Appellant No 2 certainly “a person instituting the suit”. The Division Bench went beyond the express words of the statute and negatived the jurisdiction of the Court because it found that the Appellant No 2 had not claimed ownership of the copyright, infringement of which was claimed in the suit. The appellant No 2 may not be entitled to the relief claimed in the suit but that is no reason for holding that it was not a person who had instituted the suit within the meaning of Section 62(2) of the Act”.

(3) Cognizance taken by the court: To prevent copyright infringement, timely cognizance taking by the appropriate court is absolutely essential. The taking of cognizance by the court depends upon the limitation period as mentioned in the Limitation Act, 1963 and Cr.P.C, 1973. In David Pon Pandian v State[16] the Madras High Court, while dealing with section 68A of the Copyright Act, observed: “The Court can take cognizance of the offence if the charge sheet is filed within the period of limitation prescribed under Section 468 of the Cr.P.C and in computing the period of limitation, the date of commission of the offence is to be reckoned as the starting point. If the charge sheet is not filled so, the Court has no power to entertain the complaint” The court referred the decision of the Supreme Court in State of Punjab v Sarwan Singh[17] in which it was observed: “The object of Cr.P.C in putting a bar of limitation on the prosecution was clearly to prevent the parties from filing cases after a long time, as a result of which material evidence may disappear and also to prevent abuse of the process of Court by filing vexatious and belated prosecutions long after the date of the offence. The object, which the statute seeks to sub-serve, is clearly in consonance with the concept of fairness of trial as enshrined in Article 21 of the Constitution. It is, therefore, of utmost importance that any prosecution, whether by State or a private complainant, must abide by the letter of the law or to take the risk of the prosecution failing on the ground of limitation” In Shree Devendra Somabhai Naik v Accurate Transheet Pvt Ltd[18] the Gujarat High Court explained the inter-relationship between Article 137 of the Limitation Act, 1963 and section 50 of the Copyright Act, 1957. The Court observed: “The order passed by the by the Copyright Board is an order whereby it is held that the provisions of Article 137 of the Limitation Act are not applicable and the board has also held that the Copyright Board is a Tribunal and quasi-judicial authority for all other purposes except for the purposes which are specifically provided in the Copyright Act. It is an order by which an application under Section 50 of the Copyright act is entertained and the Copyright Board will decide the same on merits. The Copyright Board does not believe the delay alleged by the present appellant. Entertaining an application is a matter of discretion. In the present case, the Copyright Board in its wisdom, overruling the contention that the application was barred by limitation, decided to entertain the application. It is a discretionary order”.

(4) Infringement of copyright: A copyright owner cannot enjoy his rights unless infringement of the same is stringently dealt with by the Courts .The approach of the Indian Judiciary in this regard is very satisfactory. In Prakashak Puneet Prashant Prakashan v Distt.judge, Bulandshahr &Ashok Prakashan (Regd)[19] the Allahabad High Court held that if the petitioner publishes a book by adding any word before or after the book “Bal Bharati”, he infringes the copyright of the respondent. In Hindustan Pencils Ltd v Alpna Cottage Industries [20] the Copyright Board of Goa held that where the similarities between the artistic works of the parties are fundamental and substantial in material aspects, it would amount to copyright violation and the defendant’s copyright is liable to be expunged from the register of copyright. The Board referred the decision of Prem Singh v Cec Industries[21] wherein it was observed: “In a case where the first party himself is shown to have adopted or imitated a trademark and copyright of a third party, then Courts can resolutely decline to step in aid of this party because honesty of action is the crux of the matter and Courts protection is extended only on the principle that damage to a party who has acquired goodwill or reputation in certain trading style for making his goods, should not be allowed to be affected by the dishonest user of the same by another”. The Board further referred the decision of the apex court in R.G. Anand v M/S Delux Films[22] where the Court observed: “Where the same idea is being developed in a different manner, it is manifest that the source being common, similarities are bound to occur. In such a case, the Courts should determine whether or not the similarities are on fundamental or substantial aspects of the mode of expression adopted in the copyrighted work with some variations here and here. In other words, in order to be actionable the copy must be a substantial and material one which at once leads to the conclusion that the defendant is guilty of the act of piracy”. In Ushodaya Enterprises Ltd v T.V. Venugopal [23] the division bench of the Andhara Pradesh High Court held that even though the defendant has registered the carton under the Trademark Act, that may not come to the aid of the defendant as the case of the plaintiff is that it owns a copyright of the artistic work under the Copyright Act and no registration is required for the same. Thus the court held that the plaintiff was justified in alleging infringement of his artistic work. In Khajanchi Film Exchange v state of MP [24] the appellants apprehending the violation of their copyright in the film, prayed for the writ of “Mandamus” without first exhausting the alternative remedy available under the Copyright Act. The Division Bench of the Madhya Pradesh High Court Observed: “There is no dispute in the submission that it is the duty of police to be watchful in the area and detect crime and punish the criminal in accordance with law. But the petitioners did not complain that any stage nor did they seek action from other functionaries of the State. They ask for mandamus without putting the grievance before the respondent and seeking their reaction. The writ petition was filed 16 days before the release of the film. Enough time appellants had, to approach the authorities/ police and later to the respondents giving their reaction to the grievance and how it was ready to deal with the matter. Therefore, unless the demand was put across and reaction awaited for some time, moving the court was premature and unsustainable. Therefore, petition was filed on mere apprehension that appellants would be deprived of their rights which did not exist when claim for mandamus was made. Mandamus can be granted only when default, commission, or omission takes place which had not happened in this case”. In Jolen Inc v Shoban Lal Jain [25] the Madras High Court held that latches and acquiescence is a good defence to an action for copyright infringement. The court held that the plaintiff having allowed the defendant to carry on the business under the trade name of the plaintiff for 7 years is prima facie guilty of acquiescence and it cannot claim for relief of injunction against the defendant as the balance of convenience is in favour of him.

(5) Availability of alternative remedy: The availability of an efficacious alternative remedy prevents a person from invoking the writ jurisdiction of the High court. In Khajanchi FilmExchange and Another v State of M.P and others [26] petitioners instead of approaching the concerned authorities filed a writ petition in the High Court. The Madhya Pradesh High Court observed: “The film was not yet released. The petitioners did not approach the respondents. There was no failure on the part of the respondents in performance of their legal duties with respect of the right complained of. The entire machinery was put to doubt by the petitioners on the basis of the averments made in the writ petition that it is to the common knowledge that they do not take action. Thus apprehending infringement of their rights, the writ petition was filed. The petitioners should have approached the concerned authorities first; and in the event of their failure to take preventive measures/seizure of cassettes under the M.P.Police Regulations and the copyright Act, the petitioners should have approached this Court. If a writ is entertained and relief readily granted before release of the movie without approaching the respondents who have to prevent threatened violation of copyright, it would open a flood gate of litigation. The copyright Act provides adequate safeguards and procedure. It cannot be said that a mere apprehension that certain offence may take place, a writ can be filed seeking a direction that no such offence be allowed to take place. First authorities have to be asked to prevent it. The function of the police is to prevent piracy and unauthorized exhibition. In the instant case there was no inaction on the part of the police and other concerned officials and they were unnecessarily dragged in writ petition without even putting them to notice of proposed writ. No demand notice was served, no specific complaint was lodged. Thus writ is not maintainable”.

(6) Rectification of copyright: In the rectification proceedings, an entry in the Copyright Register pertaining to a particular copyright can be expunged by the Copyright Board. In Lal Babu Priyadarshi v Badshah Industries[27] the Division bench of the Patna high Court Observed: “Rule 16(3) of the Copyright Rules, 1958 which embodies the principle of natural justice provides that when there is a rival claim with regard to subject matter of the copyright then no order can be passed in favour of any party without hearing the application of the other applicant. Non-observance of the said provision will vitiate the order with regard to the entry in the Register of the Copyright. The said requirement cannot be waived nor non-observance of the said provision can be said to be a mere irregularity. If a person making an application under section 45 is not aware of the rival claim then the matter would be different. But in this case, as is evident from the notice sent by the appellants through their counsel, they were aware of the claim of the respondents and as such they should have given notice to the respondents intimating them of their intention to file an application for registration so that the respondents could have raised objections and, thereafter, the matter would have been decided in terms of provisions contained in Section 45, read with Rule 16. In this case Rule 16 has not been followed before making the entry in the Register of Copyright under section 45 and, thus, the Board rightly came to the conclusion that non-observance of the provisions of Rule16 (3), which is mandatory in nature, has vitiated the certificate of registration in favour the appellants”.

On-Line Copyright Issues

The Internet is a paradox. It is everywhere, yet, at the same time, it is nowhere. It is “a worldwide entity whose nature cannot be easily or simply defined.[28] The ease with which computers can transfer and exchange digital information on the Internet have caused concern among intellectual property owners, especially copyright owners. The information technology allows the computer users to easily and secretly transform the copyrighted materials into digital form and store them in their computer memory. Once a user digitized information, he can easily upload it to the Internet. Once the information is available on the Internet anyone in the world with Internet access can download, modify, and distribute it. Thus, in an instant, a copyrighted work can potentially lose its value and significantly suppress an author’s incentive to create new material.[29] Thus, with the advancement of information technology, copying, modifying, and distributing of copyrighted materials has become very simple and difficult to trace. The copyright owners are now at the mercy of a technology that has raced ahead of the law. Because the Internet “is a cooperative venture not owned by a single entity or government, there are no centralized rules or laws governing its use.

Traditional Copyright infringement Theories: Traditionally there was only one copyright infringement theory known as “primary infringement”, which made the person infringing the copyright personally liable for his acts. Thus, the concept of third party liability or secondary liability was not recognized by the legal systems of various countries all over the world, including the United States. As the society progressed, need was felt to develop new theories to meet the challenges thrown by it. While there were no express provisions, which talked about infringing acts of another, third party liability theories were evolved in the courts over the years. The courts derived these theories from the traditional tort law and patent law theories of contributory and vicarious liability. The U.S Supreme Court articulated the rationale for incorporating “third party liability” into the copyright law in Sony Corporation of America v Universal Studios, Inc. [30] The court specifically noted patent law’s explicit statutory prohibition against inducing infringement and against contributory infringement, and held that he absence of express language in the Copyright Act did not preclude third party liability. Moreover, the court reasoned that “vicarious liability is imposed in virtually all areas of law, and the concept of contributory infringement is merely a species of the broader problem of identifying the circumstances in which it is just to hold one individual accountable for the actions of another.” Direct Infringement: Direct infringement is a strict liability offence and guilty intention is not essential to fix criminal liability. The requirements to establish a case of copyright infringement under this theory are: (1) Ownership of a valid copyright; and (2) Copying or infringement of the copyrighted work by the defendant. Thus, a person who innocently or even accidentally infringes a copyright may be held liable under the Copyright Act of the U.S. and under the laws of various other countries. The guilty intention of the offender can be taken into account for determining the quantum of damages to be awarded for the alleged infringement.

Contributory infringement: The contributory infringement pre-supposes the existence of knowledge and participation by the alleged contributory infringer. To claim damages for infringement of the copyright, the plaintiff has to prove: (1) That the defendant knew or should have known of the infringing activity; and (2) That the defendant induced, caused, or materially contributed to another person’s infringing activity.[31]

Vicarious Infringement: Vicarious copyright infringement liability evolved from the principle of respondent superior. To succeed on a claim of vicarious liability for a direct infringer’s action, a plaintiff must show that the defendant: (1) Had the right and ability to control the direct infringer’s actions; and (2) Derived a direct financial benefit from the infringing activity.[32] Thus, vicarious liability focuses not on the knowledge and participation but on the relationship between the direct infringer and the defendant. Legal precedent for vicarious copyright infringement liability has developed along two general relational lines. The first relational line involves the employer/employee relationship, whereas the second involves the lessor/lessee relationship.

Internet and copyright infringement theories: The advent of information technology has made it difficult to apply the traditional theories to various cyberspace entities and organizations. These cyberspace players can be grouped under the following headings:
(1) Internet Service Providers (ISPs),
(2) Bulletin Board Services Operators (BBSO),
(3) Commercial Web Page owner/operators, and
(4) Private users.

(1) Internet Service Providers (ISPs): An ISP most often provides Internet access and he may be held liable for copyright infringement. In Religious Technology Center v Netcom On-Line Communication Services, Inc[33] a former minister uploaded some of the copyrighted work of the Church of Scientology to the Internet. He first transferred the information to a BBS computer, where it was temporarily stored before being copied onto Netcom’s computer and other Usenet computers. Once the information was on Netcom’s computer, it was available to Netcom’s subscribers and Usenet neighbors for downloading for up to eleven days. The plaintiffs informed Netcom about the infringing activity; nonetheless, Netcom refused to deny the subscriber’s access because it was not possible to prescreen the subscriber’s uploads, and kicking the subscriber off the Internet meant kicking off the rest of the BBS operator’s subscribers. Thus, plaintiffs sought a remedy against Netcom for infringement under all three theories –direct, contributory, and vicarious. The court first analyzed whether Netcom directly infringed plaintiff’s copyright. Since Netcom did not violate plaintiff’s exclusive copying, distribution, or display rights, Netcom was held not liable for direct infringement. The court then analysed the third party liability theories of contributory and vicarious infringement. The court held that Netcom would be liable for contributory infringement if plaintiffs proved that Netcom had knowledge of the infringing activity. The court then analyzed whether Netcom was vicariously liable. Here, once again the court found that a genuine issue of material fact supporting Netcom’s right and ability to control the uploader’s acts existed. The court found that Netcom did not receive direct financial benefit from the infringement. Thus, the court found that the Netcom was not liable for direct infringement, could be liable for contributory infringement if plaintiffs proved the knowledge element, and was not liable for vicarious infringement.

(2) Bulletin Board Services: The BBSs are more vulnerable to copyright infringement litigations than the ISPs because they can operate independent of the World Wide Web. The first case in this category was Playboy Enterprises, Inc v Frena.[34] In this case, the defendant operated a subscription BBS that allowed the subscribers to view, upload, and download material. The court held that Frena had violated Playboy’s exclusive distribution right and their exclusive display right. Because Frena supplied a product containing unauthorized copies of copyrighted work, he has violated the distribution right. Moreover, because Frena publicly displayed Playboy’s copyrighted photographs to subscribers, he violated the display right. The court concluded that Frena was liable for direct infringement, though Frena himself never placed infringing material on the BBS and despite his arguments that he was unaware of the infringement. The court relied upon the strict liability theory and held that neither intent nor knowledge is an essential element of infringement. In Sega v Maphia[35] the BBS was providing services to numerous subscribers who upload and downloaded files to and from the BBS. The evidence clearly showed that the BBS operator knew that subscribers were uploading unauthorized copies of Sega’s video games to and downloaded from his BBS. The court held that since the BBS operators only knew and encouraged uploading and downloading, but did not himself upload or download any files, he was not liable for direct infringement. The court, however, found the BBS operator contributory liable. Regarding the knowledge element, the BBS operator admitted that he had knowledge of the uploading and downloading activity. The court rejected the BBS operator’s asserted fair use defense since their activities were clearly commercial in nature. Further, the nature of the copyrighted games was creative rather than informative and the entire copyrighted works were copied, uploaded, and downloaded. This copying had adversely affected the Sega’s sale.

(3) Commercial Web sites: The Web Page owners must be cautious of the things they post on their Web Pages so that they do not violate the stringent provisions of the copyright laws. A Web Page owner cannot successfully plead and prove that they were unaware about the copyrighted material because copyright notices are prominently given in authorized software. They also have the controlling power over the content of their pages. The owner are usually the parties that actually perform the uploads to their pages.

(4) Private Users: A computer user who uploads copyrighted material to the Internet is liable for direct infringement. This liability could be avoided only if he can prove the fair use doctrine. Thus, an Internet user should not post copyrighted material on the Internet in a casual manner.

On-line copyright issues in India

The reference to on-line copyright issues can be found in the following two major enactments:

(1) The Copyright Act, 1957, and
(2) The Information Technology Act, 2000.

(1) Copyright Act, 1957 and on-line copyright issues: The following provisions of the Copyright Act, 1957 can safely be relied upon for meeting the challenges of information technology:

(a) The inclusive definition of computer is very wide which includes any electronic or similar device having information processing capabilities.[36] Thus, a device storing or containing a copyrighted material cannot be manipulated in such a manner as to violate the rights of a copyright holder.

(b) The term computer programme has been defined to mean a set of instructions expressed in words, codes, schemes or in any other form, including a machine readable medium, capable of causing a computer to perform a particular task or achieve a particular result.[37] It must be noted that Section13 (a) read with Section 2(o) confers a copyright in computer progamme and its infringement will attract the stringent penal and civil sanctions.

(c) The inclusive definition of literary work includes computer programmes, tables and compilations including computer databases.[38] Thus, the legislature has taken adequate care and provided sufficient protection for computer related copyrights.

(d) The copyrighted material can be transferred or communicated to the public easily and secretly through electronic means. To take care of such a situation, the Copyright Act has provided the circumstances which amount to communication to the public. Thus, making any work available for being seen or heard or otherwise enjoyed by the public directly or by any means of display or diffusion other than by issuing copies of such work regardless of whether any member of the public actually sees, hears or otherwise enjoys the work so made available, may violate the copyright.[39] The communication through satellite or cable or any other means of simultaneous communication to more than one household or place of residence including residential rooms of any hotel or hostel shall be deemed to be communication to the public.[40]

(e) The copyright in a work is infringed if it is copied or published without its owner’s consent. The Copyright Act provides that a work is published if a person makes available a work to the public by issue of copies or by communicating the work to the public.[41] Thus, the ISPs, BBS providers, etc may be held liable for copyright violation if the facts make out a case for the same.

(f) The copyright in a work shall be deemed to be infringed when a person, without a licence granted by the owner of the copyright or the Registrar of Copyrights under this Act or in contravention of the conditions of a licence so granted or of any condition imposed by a competent authority under this Act-
(i) Does anything, the exclusive right to do which is by this Act conferred upon the owner of the copyright, or
(ii) Permits for profit any place to be used for the communication of the work to the public where such communication constitutes an infringement of the copyright in the work, unless he was not aware and had no reasonable ground for believing that such communication to the public would be an infringement of copyright.[42]

(g) The Copyright Act specifically exempts certain acts from the purview of copyright infringement. Thus, the making of copies or adaptation of a computer programme by the lawful possessor of a copy of such computer programme from such copy in order to utilize the computer programme for the purpose for which it was supplied or to make back-up copies purely as a temporary protection against loss, destruction, or damage in order only to utilize the computer programme for the purpose for which it was supplied, would not be copyright infringement.[43] Similarly, the doing of any act necessary to obtain information essential for operating inter-operability of an independently created computer programme with other programmes by a lawful possessor of a computer programme is not a copyright violation if such information is not otherwise readily available.[44] Further, there will not be any copyright violation in the observation, study or test of functioning of the computer programme in order to determine the ideas and principles, which underline any elements of the programme while performing such acts necessary for the functions for which the computer programme was supplied.[45] The Act also makes it clear that the making of copies or adaptation of the computer programme from a personally legally obtained copy for non-commercial personal use will not amount to copyright violation.[46]

(h) If a person knowingly makes use on a computer of an infringing copy of a computer programme, he shall be held liable for punishment of imprisonment for a term which shall not be less than seven days but which may extend to three years and with fine which shall not be less than fifty thousand rupees but which may extend to two lakh rupees. However, if the computer programme has not been used for gain or in the course of trade or business, the court may, for adequate and special reasons to be mentioned in the judgment, not impose any sentence of imprisonment and may impose a fine which may extend to fifty thousand rupees.[47] It must be noted that copyright can be obtained in a computer programme under the provisions of the Copyright Act, 1957.[48] Hence, a computer programme cannot be copied, circulated, published or used without the permission of the copyright owner. If it is illegally or improperly used, the traditional copyright infringement theories can be safely and legally invoked. Further, if the medium of Internet is used to advance that purpose, invoking the provisions of the Copyright Act, 1957 and supplementing them with the stringent provisions of the Information Technology Act, 2000, can prevent the same.

(2) Information Technology Act, 2000 and on-line copyright issues: The following provisions of the Information Technology Act, 2000 are relevant to understand the relationship between copyright protection and information technology:

(a) Section 1(2) read with Section 75 of the Act provides for extra-territorial application of the provisions of the Act.[49] Thus, if a person (including a foreign national) violates the copyright of a person by means of computer, computer system or computer network located in India, he would be liable under the provisions of the Act.

(b) If any person without permission of the owner or any other person who is in charge of a computer, computer system or computer network accesses or secures access to such computer, computer system or computer network[50] or downloads, copies or extracts any data, computer data base or information from such computer, computer system or computer network including information or data held or stored in any removable storage medium[51], he shall be liable to pay damages by way of compensation not exceeding one crore rupees to the person so affected. Thus, a person violating the copyright of another by downloading or copying the same will have to pay exemplary damages up to the tune of rupees one crore which is deterrent enough to prevent copyright violation.

(c) While adjudging the quantum of compensation, the adjudicating officer shall have to consider the following factors: (i) The amount of gain or unfair advantage, wherever quantifiable, made as the result of the default; (ii) The amount of loss caused to any person as a result of the default; (iii) The repetitive nature of the default.[52] Thus, if the copyright is violated intentionally and for earning profit, the quantum of damages will be more as compared to innocent infringement.

(d) A network service provider (ISP) will not be liable under this Act, rules or regulations made there under for any third party information or data made available by him if he proves that the offence or contravention was committed without his knowledge or that he had exercised all due diligence to prevent the commission of such offence or contravention.[53]

(e) The provisions of this Act shall have overriding effect notwithstanding anything inconsistent therewith contained in any other law for the time being in force.[54]

Conclusion

The provisions of the abovementioned two enactments show that the Copyright protection in India is strong and effective enough to take care of the Copyright of the concerned person. The protection extends not only to the Copyright as understood in the traditional sense but also in its modern aspect. Thus, on-line copyright issues are also adequately protected, though not in clear and express term. To meet the ever- increasing challenges, as posed by the changed circumstances and latest technology, the existing law can be so interpreted that all facets of copyright are adequately covered. This can be achieved by applying the “purposive interpretation” technique, which requires the existing law to be interpreted in such a manner as justice is done in the fact and circumstances of the case. Alternatively, existing laws should be amended as per the requirements of the situation. The existing law can also be supplemented with newer ones, specifically touching and dealing with the contemporary issues and problems. The Information Technology Act, 2000 requires a new outlook and orientation, which can be effectively used to meet the challenges posed by the “Intellectual Property Rights” regime in this age of information technology. Till the country has such a sound and strong legal base for the protection of Intellectual Property Rights, the judiciary should play an active role in the protection of these rights, including the copyright. The situation is, however, not as alarming as it is perceived and the existing legal system can effectively take care of any problems associated with copyright infringement.


Endnotes


[1] For instance, in countries like US or India, copyright law covers the rights of producers of phonograms. [2] Section 13 [3] Section 14(a) [4] Section 14(b) [5] Section14(c) [6] Section 14(d) [7] Section 14(e) [8] Section 53A [9] Explanation to Section 57(1). [10] Section 57(2) [11] 2001 PTC 57(Del) [12] 2001 PTC 407(Del) [13] 2002 (24) PTC 405(Del) [14] 2002 (25) PTC 508(Del) [15] 2004 (2) Scale 589 [16] 2002 (24) PTC 377(Mad) [17] AIR 1981 SC 1054 [18] 2002 (25) PTC 434(Guj) [19] 2001 PTC 213 (All) [20] 2001 PTC 504 (CB) (Goa) [21] AIR 1993 Del 223 [22] AIR 1978 SC 1613 [23] 2001 PTC 727 (AP) (DB) [24] 2003 (26) PTC 183(MP) (DB) [25] 2001 PTC 216 (Mad) [26] 2002 (25) PTC 812(MP) [27] 2002 (25) PTC 173 (Patna) (DB) [28] Religious Technology Center v Netcom On-Line Communication services, Inc, 907 F.Supp. 1361(1995) [29] Mary Shulman, Internet Copyright Infringement Liability, 27 Golden Gate U.L.Rev.555, 558(1997) [30] 464 .U.S.417 (1984) [31] Gershwin Publishing Corpn v Columbia Artists Management, Inc 443 F2d 1159(2d Cir.1971) [32] Netcom, 907 F.Supp. at 1375 [33] 907 F.Supp.1361 (N.D. Cal.1995) [34] 839 F.Supp.1552(M.D.Fla.1993) [35] 948 F.Supp .923 (N.D. Cal.1996 [36] Section 2(ffb) [37] Section 2(ffc) [38] Section 2(o) [39] Section 2(ff) [40] Explanation to Section 2(ff) [41] Section 3 [42] Section 51(a) [43] Section 52(1) (aa) [44] Section 52(1) (ab) [45] Section 52(1) (ac) [46] Section 52(1) (ad) [47] Section 63B [48] Section 13(1) (a) read with Section 2(o) [49] Praveen Dalal: The Unexplored Dimensions of Right To Privacy (under publication) [50] Section 43(a) [51] Section 43(b) [52] Section 47 [53] Section 79 [54] Section 81

Sunday, 27 March 2011

Privacy Laws In India

India has no dedicated privacy law and we need to urgently formulate good privacy laws in India. Absence of privacy laws in India is proving biggest roadblock for many national security projects of India.

Indian government failed to maintain the delicate balance between national security requirements and human rights protection in Indian cyberspace. This has raised serious privacy violations issues and many crucial projects have failed to see the light of the day.

Indian government never thought that its indifference towards privacy laws, data security laws and data protection laws would become its headache. With controversies like illegal phone tapping, imposition of Aadhar project, launch of projects like national intelligence grid (Natgrid) and crime and criminal tracking network and systems (CCTNS) without any procedural safeguards, etc enactment of a dedicated and constitutionally sound privacy law has become absolutely essential.

Projects like Aadhar, Natgrid, CCTNS, etc require strong privacy laws and effective data security and data protection practices. In the absence of these procedural safeguards, it is advisable to scrap the most controversial and endemic e-surveillance project named Aadhar and authority named UIDAI.

The main reason for absence of these laws is the growing anxiety of Indian government and its intelligence agencies towards e-surveillance. Unfortunately, Indian government has misunderstood that e-surveillance is a substitute for good cyber security and cyber forensics skills.

On the other hand, India urgently needs to enact data security and cyber security laws. While e-surveillance and electronic eavesdropping are important for law enforcement and national security purposes, there is no justification for deliberately abstaining from enacting suitable procedural safeguards against their abuses. What is more surprising is that Parliament of India has absolutely abdicated its role in this regard and thereby has endangered the separation of powers concept of Indian Constitution.

If India wishes to engage in lawful interceptions and phone tappings, it must enact lawful interception law as soon as possible. Further, lawful interception laws must be supported by adequate and strong privacy laws in India. Privacy laws in India are urgently required and India cannot afford to postpone the same any more.

Cyber Crimes And Network Security In India

Cyber crimes are increasing in India at an alarming speed. With a poor track record of cyber crime convictions, the situation is even more worrisome. The law enforcement officials in India are not well versed with cyber law related issues. The cyber crime cells operating in India lacks expertise to nab cyber criminals.

If this is not enough, the information technology act 2000 has made almost all the cyber crimes bailable in India. Cyber criminals can commit these bailable cyber crimes and roam free on bail as a matter of right.

While cyber criminals have almost no need to fear from the Cyber Law of India, yet Companies, Organisations and Intermediaries must observe Cyber Due Diligence in India, informs Praveen Dalal, managing partner of New Delhi based law firm Perry4Law.

If you are a Bank operating in India, you must also meet the mandatory requirements to create a position of Chief Information Officers (CIOs) as well as establish Steering Committees on Information Security at the Board Level at the earliest, informs Dalal. This is required to ensure effective cyber security for banks and financial institutions operating in India.

Further, system administrators must also observe due diligence regarding Indian cyber law and cyber security requirements. By showing a lax attitude towards cyber security, these system administrators may find themselves booked under the laws of India.

As cyber crimes increase in India and due diligence requirements becomes more stringent, it would be a sound practice to adopt effective cyber crime policy for an organisation. Further, organisations and individuals must also pay enough attention to the cyber security requirements of their networks.

These days, network security has become very important for business entities. Almost all the organisations are connected with cyberspace and this makes their networks vulnerable to cyber attacks. Network security must be an integral part of the security policy of all organisations. An increasing awareness about network security in India has been seen and this is a good step in the right direction.

Saturday, 26 March 2011

Cyber Law Policy Of India

Cyber crime policy of India is an important aspect of technology driven legislations in India. Without a proper policy background, effective cyber laws cannot be formulated in India. The present cyber law of India has decayed and requires an urgent scrapping.

Cyber law of India has reached to its present detrimental position due to lack of accountability and excessive trust upon people who do not understand the importance of a strong and robust cyber law for India. Cyber law of India cannot improve till the Prime Minister’s Office (PMO) interferes and initiates the procedure to enact a strong cyber law for India.

Although after the 2G scam Prime Minister of India Dr. Manmohan Singh has started taking interest in ministry of communication and information technology (MCIT) yet he must also make it sure that the present cyber law of India is cured from the ailments of industrial lobbying and e-surveillance. He must direct the MCIT to urgently draft a new, better and comprehensive cyber law for India.

India has no constitutionally sound lawful interception law in India. Further, India is also not a part of EU Convention on Cyber Crime and its Cyber Law is not as per the Contemporary International Standards, informs Praveen Dalal, managing partner of New Delhi based law firm Perry4Law and Supreme Court lawyer. India must urgently formulate an effective Cyber Law Policy so that the Cyber Law of India may be modernised and made effective, suggests Dalal.

Let us hope India would pay attention to these crucial suggestions and would urgently make its cyber law productive and useful.

Indian Financial Sector Legislative Reforms Commission (FSLRC)

Financial and banking sector reforms in India are in the progress. Lots of pro active and constructive steps have been taken by Indian government in the recent past. Reserve Bank of India (RBI) in general and Finance Ministry of India in particular are really streamlining the banking and financial sectors of India.

Keeping the pace, the Government of India has recently passed a resolution for the constitution of Financial Sector Legislative Reforms Commission (FSLRC) of India. The main objective of constitution of FSLRC is to rewrite and harmonise financial sector legislations, rules and regulations. This had become necessary as the institutional framework governing India’s financial sector was built over a century and the same has become redundant for the contemporary requirements.

Some of the areas that FSLRC can analyse and consider pertain to merger and acquisition norms, non banking financial companies regulation, wealth management regulations, cyber security for banking and financial institutions, due diligence by banks and financial sectors of India, etc.

Merger and acquisitions for banking sector of India is in the process of being streamlined. With the recent proposed amendments in the Banking Regulations Act, 1949, only RBI would have power to regulate M&A pertaining to banking sector. In fact, the proposed amendments have already been approved by Cabinet of India.

Non banking finance companies (NBFC) laws in India have also been streamlined by Supreme Court of India. A Bench consisting of Justice Markandey Katju and Justice Gyan Sudha Misra upheld the “constitutional validity” of such State laws and termed such laws as salutary measures which were long overdue to deal with scamsters.

RBI working group on non banking finance companies has also been established. Wealth management regulations in India have also been proposed to curb growing crimes arising out of this field.

RBI has also mandated cyber due diligence for banks in India. This way cyber frauds and cyber crimes can be tackled more appropriately by banks of India. Further, cyber security for banking and financial sectors of India has also been streamlined by RBI. RBI has recently released the information technology vision document for 2011-17 (IT Vision 2011-17). This document mandates both cyber due diligence and cyber security requirements on the part of banks operating in India.

These are some of the areas that FSLRC can consider. However, keeping in mind the roles and objectives of FSLRC, these issues are just part of the list that is much more elaborative and challenging.