Sunday 27 February 2011

Data Protection Law In India

Data protection is an important aspect of privacy rights protection and commercial expediency. On the one hand it ensures that privacy rights are respected by not divulging the sensitive information whereas on the other hand it is “must have” requirement of many business models.

Outsourcing industry relies heavily upon a sufficient and strong data protection law. In the Indian context, outsourcing industry is relying upon contractual terms as there is no dedicated data protection law in India. This is also hampering the outsourcing business to a great extent.

However, although commercial aspects of data protection can be ignored to a certain limit, this cannot be said about the constitutional requirements of privacy protection in India.

According to Praveen Dalal, a Supreme Court lawyers and leading techno legal expert of India, we have no “Dedicated” Data Protection Law in India. Even India does not have a Data Security Law and Privacy Law. This makes the sensitive information and personal details of Indian Citizens “Highly Vulnerable” to misuse, informs Dalal.

If we analyse this situation in the light of recent e-surveillance projects of Indian government, the matter becomes worst. E-surveillance projects like Aadhar/UID, national intelligence grid (Natgrid), crime and criminals tracking networks and systems (CCTNS), central monitoring system (CMS), etc are not supported by any legal framework and parliamentary oversight.

What is ironical is that Intelligence Agencies of India and Law Enforcement Agencies of India themselves are not subject to any “Parliamentary Scrutiny”, informs Praveen Dalal. Indian Government must maintain a “Balance” between National Security and Civil Liberties, suggests Dalal.

When intelligence agencies are themselves outside the purview of parliamentary oversight and there are no privacy laws, data protection laws and data security laws, we cannot trust Indian government and its agencies much. Even the phone tapping in India is done in an unconstitutional manner in India.

In this background, it becomes absolutely essential for the Supreme Court of India to interfere. A writ petition regarding protection of privacy rights of an individual is already pending before the Supreme Court of India and let us hope the court would do the justice once more.

Saturday 26 February 2011

Intelligence Agencies Of India Need Parliamentary Oversight And Reforms

The intelligence agencies of India need urgent reforms and Parliamentary oversight. Presently, these agencies are enjoying a protection of secrecy, non accountability and lack of Parliamentary oversight.

Surprisingly, Parliament of India has been very lax in bringing these agencies under some sort of accountability and legislative oversight. The legislations like Official Secret Act provided immunity and blanket protection to the works of these agencies whereas other transparency legislation like Right to Information Act, 2005 are simply not applicable to them.

In the absence of any legal framework governing the functioning of these agencies and lack of Parliamentary oversight, how the performance and acts of these agencies can be analysed is a big question.

While none can dispute the importance of national security yet there should be a balance and reconciliation between national security and civil liberties in India. According to Praveen Dalal, a Supreme Court lawyer and leading techno legal expert of India, Projects like Aadhar/UID, National Intelligence Grid (NATGRID), Crime and Criminal Tracking and Systems (CCTNS), Central Monitoring System (CMS), etc are required for National Security but Civil Liberties and Fundamental Rights are also of Prime Importance.

Thus, when civil liberties are neglected for the sake of some assumed national security, it is a constitutional failure. For instance, the present unconstitutional phone tapping practices adopted by Indian government and its security and intelligence agencies has already become a constitutional failure. If Parliament of India does not intervene immediately, people would loose faith upon constitution of India.

The truth is that intelligence agencies of India need urgent Parliamentary oversight and administrative reforms.

Friday 25 February 2011

Encryption: An Unresolved Enigma In India

Encryption is a technology that is always feared by India. Despite the benefits of encryption for a robust cyber security, safe and secure e-commerce, meaningful e-governance and many such benefits, use of encryption has always been suppressed in India.

India has no rules, regulations and laws regarding use of encryption. Some vague rules are scattered in the telecom related affairs of governmental departments and their agencies but no clear and legally sustainable norms are present in India till now.

According to Praveen Dalal, managing partner of Perry4Law and the leading Techno-Legal Expert of India, India must ensure that encryption standards are suitably regulated through a good and strong cyber law and other laws so that security and law enforcement requirements can be reconciled.

Presently, encryption standards are biased in favour of security agencies requirements that need to be addressed by Parliament of India, opines Praveen Dalal.

For example, the directions to Research in Motion’s (RIM) Blackberry, Gmail, Skype, etc by Indian government for providing encryption keys are hegemony manifestations and not genuine security concerns. If the Indian government is serious about its claims, it must produce factual and documentary proofs of the possible and actual threats form the Chinese telecom gears and the questioned Internet services and utilities.

However, any concrete laws and regulations regarding encryption standards in India are very unlikely as the same may go against the endemic e-surveillance practices of Indian government and its agencies.

Monday 14 February 2011

India Needs Legal Enablement Of ICT Systems

Information and communication technology (ICT) has become pervasive in today’s world. There is no area that has not been touched by ICT and legal field is no exception to this. However, the difficulty with legal system of India is that it has failed to ensure legal enablement of ICT systems.

Some of the possible uses of ICT for legal and judicial systems of India include e-courts, online dispute resolution (ODR), web based legal and judicial services, etc. Recently, a division bench of Delhi High Court directed all Delhi courts as well as its own officials to e-mail a copy of bail orders to Tihar jail authorities within 24 hours of being pronounced. Earlier, the Supreme Court of India asked its registry to send legal notices through e-mail. These are good examples of web based judicial services in India.

However, on the front of legal enablement of ICT systems in India there is a complete failure. Till the month of February 2011 India has not even a single e-court, no use of ODR and very selective web based legal and judicial functioning. What India is doing on these fronts is mere computerisation of traditional functions.

Law Minister Veerappa Moily launched the national litigation policy of India (NLPI). However, NLPI is deficient as far as e-courts and ODR is concerned. The Supreme Court of India has recently reconstituted the E-Court Committee and it may consider these aspects.

However, if the Committee keeps on working like in the past, not much can be expected from it. The Committee must urgently utilise the techno legal expertise of specialists in these field and if the Committee remains an internal body of its own officers, this objective may not be achieved.

There is an urgent need of good coordination between Supreme Court and Law Ministry in this regard. Till now none of them have taken pro active steps to ensure legal enablement of ICT systems in India.

Sunday 13 February 2011

Government And UIDAI Are Fooling Indians

The Parliament’s Standing Committee on Finance on Friday grilled UIDAI chairman Nandan Nilekani and Planning Commission secretary Sudha Pilla. Even the basic level questions were not answered by either of them and Nandan Nilekani evaded the cross examination under the pretense of providing a power point presentation next time.

But we all know that in these circumstances there would not be a “next time” for UIDAI and Aadhar project as they cannot be allowed to operate in these circumstances. It is very surprising how Aadhar project and UIDAI survived so long?

Neither Aadhar project nor UIDAI are supported by any legal framework. They symbolize the growing trend of executive dictatorship in India. Aadhar project and UIDAI are brainchild of Planning Commission that most strikingly lacks the basic level planning.

There are no procedural safeguards against the most obvious civil liberty violations in the Aadhar project. In the absence of privacy laws and data protection law, Aadhar project is a sure case of civil liberties violation landmine.

The truth is that Indian government in general and Planning Commission and UIDAI in particular are fooling Indian citizens with a project that is not at all worth considering. While UK and US have abolished similar projects, India is merrily adopting the same.

Aadhar project is supported by Indian government for just two reasons. First is that it empower the government, though unconstitutionally and illegally, with endemic e-surveillance powers. The second reason is that Aadhar project is one of the “cash cows” that Indian government has gifted to private companies.

While our prime minister’s office (PMO) is looking helplessly, crores of public money has already been wasted by the Aadhar project. Repeated requests to suspend the Aadhar project till it is ready to be rolled out have not been heeded to by our Prime Minister Dr. Manmohan Singh. Only God can save us from India that has now undoubtedly become a “banana republic”.

Friday 11 February 2011

Aadhar Project Of India Is Unconstitutional

Unique Identification is a favourite topic for most of the Governments’ world over. While developed nations like US and UK have realised the inherent fallacy of this Project, India on the other hand is still committed to the Aadhar Project.

Aadhar project is managed by Nandan Nilekani as the Chairman of Unique Identification Authority of India (UIDAI). Neither the Aadhar Project nor the UIDAI are governed by any Legal Framework, even if there was sufficient time to adopt one.

Even our Prime Minister Dr. Manmohan Singh did not bother to give Aadhar/UIDAI a Constitutionally Sound status. The fact is that both Aadhar Project and UIDAI are Unconstitutional and Indian Government is imposing the same upon its Citizens.

Realising that Aadhar/UIDAI may be challenged in the Indian Courts, a façade was created in the form of National Identification Authority of India Bill 2010 (Bill). The Bill is still to become an applicable law as it has not been approved by the Parliament of India.

However, according to experts even after the Bill becomes and applicable law, both Aadhar and UIDAI would remain “Unconstitutional”. This is so because the “Constitutional Safeguards” that are required to make Aadhar/UIDAI Constitutional are still missing from the proposed Bill.

It seems the sole purpose of Aadhar Project is to make India an Endemic E-Surveillance State. There is no element of public good attached to Aadhar Project and under the garb of public welfare, it is just strengthening the e-surveillance capabilities of India.

This is the reason why we do not have any privacy laws in India that can prevent the abuse of laws like Indian Information Technology Act, 2000, Indian telegraph Act, 1885, etc. Making the biometric database of Aadhar as the base, Indian government intends to control every single movement and details of its citizens.

This would be possible by combining the biometric database of Aadhar with other projects like Census, National Population Register, National Intelligence Grid (Natgrid), etc. A “Centralised Database” would be available to Indian Government that is not at all accountable to the Judiciary, Constitution and Parliament.

The only safeguard seems to be to firmly opposed Aadhar/UIDAI and by not giving even a single detail in this regard to UIDAI or its agencies. Of course, if you trust a Government that habitually and addictively engages in illegal and unconstitutional phone tapping, you are most welcomed to do so.

Sunday 6 February 2011

Data Security And Privacy In Indian Banking Industry

Data security, data protection and privacy laws are never considered important by Indian government. As a result there are many crimes and cyber crimes that are regularly committed in India without much fear of punishment. Even BPO industry is not safe in the absence of these crucial laws.

Although the BPO industry can afford to casually take this situation, Indian banking industry cannot take it lightly. This is more so since Reserve Bank of India (RBI) has recently mandated stringent due diligence requirements for banks in India.

Of all these requirements, the most pressing one are coming from the IT Act, 2000. The IT act, 2000 is the sole cyber law of India that demands many due diligence requirements on the part of various players, including banks of India.

Although there are numerous such due diligence requirements yet banks must consider the cyber security aspects on a priority basis. Indian banks are increasingly facing cyber crimes pertaining to banking industry. Further ATM frauds, credit card cloning, phishing attacks against banks, etc are also on rise.

In these circumstances, online banking and mobile banking in India are still not safe. The real problem arises as to imposing a liability for any such cyber crimes. If the money of a bank customer is stolen due to any of these cyber crimes, who would be responsible for such loss? Would it be the bank or the customer is still a question many banks fail to answer.

With the due diligence requirements imminent upon banking industry in India, it would no longer be able to pass the buck to its customers. In the absence of such due diligence, the bank may be required to compensate the customer for the loss they sustained due to bank’s negligence.

Banks of India must consider data security and privacy issues of their customers very seriously otherwise they would be violating the due diligence requirements under various law, especially the cyber law of India.

Phone Tapping Guidelines Are Not Followed In India

No time in the past the need for a valid lawful interception law in India in general and phone tapping law in particular is felt so much. Indian executive is blatantly violating the phone tapping requirements in India without any judicial scrutiny.

Even there is no constitutionally sound phone tapping law in India. India urgently needs a phone tapping law that is in conformity with present times and constitutional philosophy. The matter is pending before the Supreme Court of India and some concrete pronouncement in this regard is expected.

Now it has come to light that the Goa Government has been tapping telephones in the State, allegedly in violation of Supreme Court directions and the Indian Telegraph Rules, until very recently.

After an RTI application was made by RTI activist Savio Correia, the State Home Department informed that telephone tapping was done in breach of the procedure established by law. Even the direction of Supreme Court to establish a “Review Committee” for these purposes was not heeded to until September last year.

In India, neither the Central Home Ministry nor the State Home Ministries are disclosing the number, manner and methods of phone tappings in India. Interestingly, there is no provision for obtaining a judicial order from a court to tap a phone in India. All it needs to tap a phone in India to have a desire to do so. Even private individuals are doing the same for money without any deterrence.

India is also deliberately not formulating any guidelines or procedural safeguards to prevent abuse of phone tapping in India by the executive. This is so because these guidelines would take the arbitrary and unconstitutional powers of Indian executive to tap phone at will. This aspect must be kept in mind by the Supreme Court while deciding the petition pending before it.

Anti Internet Kill Switch Measures Needed

The episode of shutting down the access to Internet by the internet service providers (ISPs) of Egypt has given rise to a new situation. This situation demands that in case of such future attempts to regulate Internet and damage Internet neutrality, measures must be at place to frustrate such attempts.

According to Praveen Dalal, leading techno legal expert of India and a Supreme Court lawyer, there is nothing like an Internet Kill Switch (IKS) and it is just a “Misnomer”. There are many methods through which Internet users can defeat any attempt to regulate Internet access, says Dalal.

Although measures to defeat censorship of Internet already exist and there cannot be a situation where Internet can be stopped absolutely yet time has come to specifically and dedicatedly develop some more effective and direct methods to defeat these attempts by governments.

The growing hunger of tyrannical and draconian governments all over the world to control its citizen’s civil liberties like privacy rights and right to speech and expression should be curbed immediately.

When nations like America are working in the direction of making legislation for allowing an IKS to be used by its President, the trend is going in a wrong direction. The Egypt episode has further fueled the fire for an IKS.

An initiative to fight against measures like IKS would never come from governments. The individuals must themselves develop techno legal mechanisms to defeat any future attack on Internet freedom and neutrality.

India Needs A Valid Phone Tapping Law

Lawful interception of communications of citizens is a much needed requirement for law enforcement and security agencies world wide. Lawful interception, by its very nature, must be lawful and constitutional. An illegal or unconstitutional interception like phone tapping cannot be tolerated in a civilized and democratic country.

India urgently needs a lawful interception law that is presently missing. For instance, phone tapping in India is still governed by colonial law of telegraph act that is not at all suitable for the present constitution bound India.

Techno legal experts like Praveen Dalal believe that phone tapping in India is not constitutionally performed. This is logical as well as after the constitution of India came into force, citizens of India are empowered with many fundamental rights, including right to privacy. The present phone tapping and interception mechanism of Indian government is illegal and unconstitutional.

The Supreme Court recently took serious note of unauthorised phone tapping by private telecom companies and sought Centre's response on the action taken against Reliance Infocom for intercepting politician Amar Singh's telephone five years ago. During the hearing, the bench was informed that the conversation was tapped on the basis of a "forged" letter.

It was also contended that the guidelines laid down by the apex court regarding phone tapping in the past were aimed at preventing the arbitrary exercise of the powers conferred under Section 5(2) of the telegraph act, as it would amount to serious violation of an individual's fundamental right to privacy.

However, despite these guidelines by the supreme court of India, executive are clearly violating the constitutional rights of Indian citizens. There is an urgent need of enacting a lawful interception law in India as suggested legal experts like Praveen Dalal.

Saturday 5 February 2011

Cyber Security Of Stock Exchanges In India

A very prominent feature of unauthorised intrusions and cracking activities of cyber criminals is that their primary target is financial institutions or institutions similar to that. This is logical as well because that is where the money is. Banks, financial institutions, stock exchanges, etc are all gold mines for crackers and cyber criminals.

Proving this point once more, cyber criminals have repeatedly penetrated the computer network of the company that runs the NASDAQ Stock Market during the past year. Cyber investigators have yet to establish the motive for such intrusion. They are considering a range of possible motives, including unlawful financial gain, theft of trade secrets and a national-security threat designed to damage the exchange.

Further, investigators are also worried about the present as well as future cyber threats to the exchanges as zero day vulnerability is difficult to predict. Even it is difficult to say that all security gaps have been plugged.

Indian stock exchanges are no different from NASDAQ and there is an urgent need to consider their cyber security on a priority basis. India has to preserve the stability and reliability of electronic stock trading on the one hand and has to ensure that investors have full faith in such system.

Both Indian cyber law as well as cyber security are not in good shape. This is not an ideal condition for stock exchanges in India as neither is there any deterrent law nor is there a well defined and robust cyber security mechanism that is followed by India in this regard.

Time has come to enact an effective and strong cyber law and strengthen the cyber security of India.

TAGUP Report Submitted To Finance Minister Of India

Ministry of Finance, Department of Economic Affairs has constituted the Technical Advisory Group for Unique Projects (TAGUP) vide their O.M. dated 1“ June 2010. The Terms of Reference of the Committee has also been laid down in the above O.M. This Committee has been constituted in pursuance of the Finance Minister Pranab Mukherjee’s Budget Speech (2010-ll).

Finance Minister vide Para 104 of the Speech had inter alia proposed to set up a Technology Advisory Group for Unique Projects under the Chairmanship of Nandan Nilekani for an effective tax administration and financial governance system through creation of IT projects which are reliable, secure and efficient.

There are five projects of the Government in the recent years which have come to involve complex system development as listed below-

(a) The Tax Information Network (TIN)
(b) The New Pension Scheme (NPS)
(c) The National Treasury Management Agency (NTMA)
(d) The Expenditure Information Network (EIN)
(e) The Goods and Services Tax (GST)

Nandan Nilekani, now Chairman of UIDAI and TAGUP has recently handed over the TAGUP Report to the Finance Minister. Praising the report as a good teamwork, the Finance Minister said that an effective tax administration and financial governance system calls for creation of IT projects which are reliable, secure and efficient.

TAGUP has made the following key recommendations in its Report:

(a) The Group recommends that for complex IT intensive projects (especially for those referred to in the Terms of Reference and generally to IT mission critical projects in Government) National Information Utilities (NIUs) working in the spirit of partnership with Government be put in place to handle all aspects of IT systems.

(b) While strategic control is retained by Government at all times, NIUs should be set-up as private companies with a public purpose. They should be financially independent and empowered to take quick and efficient business decisions pertaining to attracting and retaining talent, procurement, rapid response to business exigencies, and adopting new technologies, among other things.

(c) Human resource Challenges: Strong support from the top leadership within Government, dedicated team at the level of project implementation, and ownership and commitment at various operational levels are necessary concomitants of success of any project. The Group recommends that every project should have a dedicated Mission Leader within the Government with a Mission Execution Team. The Mission Execution Team should be manned by personnel, who possess a diverse set of skills including intimate familiarity with the Government processes, specialization in verticals such as technology, outreach, law, as well as the ability to manage a large decentralized organization, among others. The Group also recommends certain monetary and non-monetary incentives for the Team.

(d) Multiple Levels of Government: Many of these projects span the Central, State and Local Governments. A critical aspect of the success of such multiple-level IT projects is that the solution must be incentive compatible across stakeholders. Common functions should be included in a single application platform shared by all stakeholders. Such a single application platform, while respecting the constitutional autonomy of all Governments involved, may be deployed in a decentralized environment, but its development must necessarily be centralized.

(e) The Group has also made recommendations in the areas of contracting, incubation, solution architecture, openness, transparency, and protection of the individual in case of large, complex IT intensive projects.

(f) The Report addresses the challenges faced by large complex IT projects in Government, and then applies this framework to the evaluation of the five projects (GST, TIN, EIN, NTMA and NPS) at hand.

(g) The Group also noted that the Empowered Group on IT infrastructure for GST in its IT Strategy for GST has recommended the setting-up a Goods and Services Tax Network which has the characteristics of an NIU as per this Report.

(h) Specific recommendations relating to the five projects of the Ministry of Finance have been given in the Report.

The Report can be accessed on the Ministry of Finance website.

Wednesday 2 February 2011

Aadhar Project And UIDAI Must Be Scrapped

Unique identity is a concept adopted and forsaken by many developed countries like UK, US, etc. This is because the concept of unique identification is a clear case of civil liberties violation in general and privacy rights infringement in particular.

India on the other hand is pushing unique identification project (UID project) or Aadhar project that also without any legal framework. The position is even more dangerous for civil liberty violations in India in the absence of privacy laws, data protection laws and data security laws in India.

The urgency and anxiety shown by Indian government to push Aadhar project in India only shows it is more interested in e-surveillance rather than social inclusion of Indians. Aadhar project is portrayed as a welfare scheme but in realty it is big brother project, that also without any accountability and legal framework.

Aadhar project is managed by unique identification authority of India (UIDAI), headed by Mr. Nandan Nilekani. Mr. Nilekani is a man of integrity and caliber but has no legal background. He has reason to be least bothered with civil liberties and privacy rights.

Despite that Mr. Nilekani suggested for the drafting of a legal framework for Aadhar project and enacting suitable privacy laws in India. He even asked for drafting a legal framework for UIDAI in the form of National Identification Authority of India Bill 2010 (Bill) that has been cleared by Indian cabinet and introduced in the Rajya Sabha. However, the Bill still would not be sufficient to make Aadhar project and UIDAI constitutional and they would still remain “unconstitutional”.

Even industrialist Ratan Tata has filed a petition under Article 32 of Constitution of India to enforce his privacy rights. Meanwhile, the department of personnel and training (DoPT) has issued an approach paper on data protection but that is mere an eye wash and formality. No further action has been taken by DoPT to legislate on privacy and data protection laws in India.

It would be appropriate if prime minister’s office (PMO) offices immediately intervened and scrap the project till constitutionally sound framework is at place. Prime Minister of India Dr. Manmohan Singh has to act fast as he has already given much life to Aadhar project and UIDAI, that also in an unconstitutional manner.

Tuesday 1 February 2011

Lawful Interception Law In India: Need Of The Hour

Countries world over are using the façade of national security to violate civil liberties and India is no exception. India has no constitutionally sound lawful interception law, say supreme court attorney and techno legal expert Praveen Dalal.

Lawful interception consists of many segments. It includes e-surveillance, phone tapping, eavesdropping, wiretaps, pen registers, etc. As the name suggests, lawful interception must be supported by a law. This is the lay man’s interpretation of the definition of lawful interception.

However, a legal mind should not be confused by this layman’s definition. Any good lawyer would tell you that lawful interception must not only be supported by a law but that law must also pass the tests of constitutionality.

Nations all over the world are enacting laws whose primary purpose is to strengthen unlawful interceptions through the instrumentality of laws. Since this is going to be challenged by people, nations are playing the card of “national security” by creating fear, uncertainty and doubt (FUD factor).

India is no exception to this rule. Under the guise of national security, India is sticking to the same law that it considered draconian before its independence. The Indian Telegraph Act, 1885 is the colonial and draconian law that Indian government in general and home ministry of India in particular uses to indulge in unconstitutional phone tapping.

According to Praveen Dalal, a Supreme Court Lawyer and leading Techno Legal Expert of India, India is the only country of the World where phone tapping is done without a Court Warrant and by Executive Branch of the Constitution of India. Phone tapping in India is “Unconstitutional” and the Parliament of India has not thought it fit to enact a “Constitutionally Sound Law” in this regard. Even the Supreme Court’s directions in PUCL case have proved futile and presently the Court is dealing with the issue once more, informs Dalal.

Not only phone tapping, but even e-surveillance and eavesdropping is not regulated by a constitutionally sound law in India. India urgently needs a Lawful Interception Law, suggests Praveen Dalal. The present Cyber Law of India contained in Information Technology Act, 2000 (IT Act, 2000) is not a Constitutionally Sound Law for Lawful Interceptions in India, opines Dalal.

There is a growing distrust and anger among Indian masses regarding privacy violations and violations of other civil liberties. Further, with projects like Aadhar, national intelligence grid (Natgrid), etc privacy violations and other civil liberty violations are further bound to increase. In the absence of a constitutionally sound lawful interception law in India, only self defence measures can come to the rescue of Indian citizens.

The prime minister’s office (PMO) of India in general and our prime minister Dr. Manmohan Singh in particular must ensure a constitutional sound lawful interception law in India. Further, he must also ensure a good, effective and constitutional cyber law for India as well.

Due Diligence For Banks In India Under IT Act 2000

Cyber risks for banking industry in India are increasing at an alarming rate. Whether it is phishing scams, spam frauds, Nigerian frauds, ATM frauds or credit card cloning frauds, Indian banking industry is not prepared to tackle them.

Realising the gravity of the situation, the Reserve Bank of India (RBI) has recently released a report of its working group on information security, electronic banking, technology risk management, and cyber frauds.

The report has also issued many guidelines that Indian banks would be required to follow in order to provide safe and secure technology driven banking. Practically, this means that banks in India would be required to adopt techno driven and cyber law related due diligence requirements.

Till now banks have not taken due diligence requirements seriously. Already many cyber law related contraventions adjudication proceedings have started in India. The trend is going in the direction of more such consumer disputes and adjudication proceedings in India.

A major reason for this apathy on the part of banks for due diligence is lack of awareness regarding provisions of cyber law of India. The information technology act, 2000 (IT Act, 2000) clearly mandates observation of due diligence on the part of banks. In the absence of such due diligence, banks can be held liable for consumer losses.

Banks must establish core IT committees as per RBI directions that must consist of good techno legal professionals who can guide them regarding various due diligence requirements under the IT Act, 2000 and other laws.