Friday, December 30, 2011

Cyber Law, Cyber Security And Educational Updates 31-12-2011

This post covers some recent updates regarding cyber law, cyber security, ethical hacking education and skills development in India, censorships by Google and Facebook, cyber security of ICICI bank’s products like Internet banking and credit cards, cyber due diligence in India, malware and virus attacks, etc.

(1) Virus Attack On ICICI Bank Transactions: A Cyber Security Lapse

2) After Google It Is Facebook’s Turn To Adopt Censorship

(3) Manual Action Penalty And Censorship By Google

(4) Are ICICI Credit Cards In India Insecure?

(5) Is Facebook The Most Appalling Spying Machine?

(6) Why Google Censored Cyber Laws In India Blog?

(7) Who Is Manipulating Blogspot Blogs: Google Or Malicious Competitors?

(8) Social Media Due Diligence In India

(9) Indian Electronic Delivery of Services Bill (EDS) 2011

(10) Cyber Laws In India

(11) Cyber Due Diligence For Indian Companies

(12) Corporate IT Frauds And Cyber Crimes Investigation In India

(13) Financial Frauds And IT Crimes In Indian Companies Is Increasing

(14) Ethical Hacking Training And Courses In India

(15) Digital Preservation In India Needed

(16) Ethical Hacking Training Providers In India

(17) Ethical Hacking Training Institutes In India

(18) Chief Information Officers (CIOs) Training In India

(19) Chief Information Officers (CIOs) Made Mandatory For All Banks In India (Old Update)

(20) Indian Judiciary, Cyber Law and Websites Blocking

(21) Techno Legal E-Learning Courses In India

(22) Electronic Discovery And Litigation Support Services In India

(23) Ignorant Judicial Blocking Of Website In India

(24) Legal Issues Of Entertainment And Media Industry In India

(25) Aadhar Project Of India Is Unconstitutional Says Praveen Dalal

(26) The power of social networks

(27) WiFi Protected Setup vulnerable to Reaver tool attack

(28) Stuxnet, Duqu and the sons of the “Tilded” platform

(29) GSM mobile … the insecure network

I hope readers would find this useful.

Thursday, December 29, 2011

Is Facebook The Most Appalling Spying Machine?

I am no big fan of conspiracy theories but I am a big fan of civil liberties protection in cyberspace. I also believe that when rights are outlawed only outlawed would have rights. If you add e-surveillance to this situation, the plight of civil liberties in cyberspace is well understood.

If a company engages in online profiling and data mining, something is grossly wrong with its policies and intentions. Further, the unilateral websites censorships by sites like Google and accounts censorship by sites like Facebook further adds woes to this situation.

WikiLeaks founder Julian Assange has labelled Facebook as “the most appalling spying machine that has ever been invented” although Facebook denied the same. Now Richard Stallman has declared Facebook and Google+ are mistreating their users. Furthermore, he points out Facebook performs massive surveillance with its tracking cookies.

Over the last few months, Facebook was accused multiple times of using cookies to track users even after they log out of the service, though it has since fixed the issues and explained how its system worked. Facebook has also been sued in multiple states for tracking its users even after they logged out of the service. All the lawsuits allege the company violated federal wiretap laws.

Recently 10 consumer and privacy groups have asked the Federal Trade Commission (FTC) to investigate Facebook. This is the second request to the FTC for a probe of the social network this week. Even Edward Markey, a Massachusetts Democrat, and Joe Barton, a Texas Republican, have asked the Federal Trade Commission (FTC) to investigate how Facebook’s cookies behave. However, Facebook has denied its recently-granted patent is used for tracking logged-out users. The company says it just describes the Facebook Platform.

A security researcher claims that Facebook alters its tracking cookies the moment you log out, instead of deleting them. Since your uniquely identifying account information is still present in these cookies, Facebook can continue to track you. This means that if you log out of Facebook, you’re not really doing much. If you then head to a website that contains a Facebook plugin, your browser will continue to send personally identifiable information back to Facebook.

Now Facebook is planning to gradually roll out sponsored stories in news feed, beginning next year. From January 2012, sponsored stories or advertisements, which now appear on the right side of the page, will be part of the news feeds of the users - along with other normal updates and posts. Every time a Facebook user clicks on the 'like' button for certain brands or pages, the ad would display the user's name, picture and a line, saying he/she likes the advertiser.

It seems Facebook is well committed to engage in e-surveillance and privacy violations of its users. Further Google, Microsoft, Yahoo, Adobe and many other companies also exhaustively track users’ online activities.

It is for the users to adopt privacy protection mechanisms to defeat such attempts of Facebook. Some good options include using plugins like Do Not Track Plus, Ghostery, Adblock Plus, etc. These plugins allow you to have a good control over your browser that sends referrer data through which these companies are misusing users’ data and information.

Do not trust these companies alone for your privacy protection and you must also take some pro active steps to enforce your privacy.

Wednesday, December 28, 2011

Are ICICI Credit Cards In India Insecure?

Recently news about virus attack upon ICICI bank transactions was reported. While it is premature to consider this fact true or false yet truth and authenticity of the claims of either the security professional or the ICICI bank must be established through an official channel.

Now another person has raised hypothetical doubts about the security of ICICI Credit Card in India. The author has tried to explain the hypothetical weakness in ICICI Credit Cards, as issued in India. On plain reading of the fact, the doubts also seem to be very genuine and reasonable.

This may be a single case or this may be the regular practice adopted by ICICI bank. But at this stage it is too early to comment upon that aspect. Let us analyse the facts provided by the author of the website. He writes:

“When a card is blocked and new card is reissued by ICICI Bank, the first 14 digits of the new card are the same as the old card. The 2 changing digits are also in a series. I did it twice on the same card i.e. block a card and request for a reissue. So the three card numbers were having same first 14 digits and the following last two digits.

(1) xxxx xxxx xxxx xx08
(2) xxxx xxxx xxxx xx16
(3) xxxx xxxx xxxx xx24

So say if your card details was leaked online and you request ICICI to block the old card and get a new one, then all the attacker has to do is wait for a month for a hypothetical new card to reach and then use all other details (except for the CVV of course, but cvv is just a 3 digit attack vector) and guess the last two digits. The last two digits also following a series. According to my totally unlearned eyes, this is a weakness. What do you say?”

He further explains in the comment “Once you have a card number + personal details from previous attack, expiry date is the lamest to crack. Cards are issued for years and not months, so it will mostly be the same month as when the card was issued, i.e. the same month as the card was blocked. Year part will be a company policy right? i.e. from the year of issue + x years types. CVV is just a 3 digit numerical hack. If you have all other info, cracking CVV should not be a challenge”.

Can somebody shed light upon this hypothetical doubt?

Manual Action Penalty And Censorship By Google

For long Google denied the concept of manual action penalty against websites. Google maintained that websites are only algorithmically demoted if they are found violating the guidelines and quality standards of Google. However, this assertion of Google cannot be trusted if we analyse the numerous cases of websites delisting and demotion that is frequently conducted by Google.

The real question that must be analysed here is there a system to uncover what a rogue employee of Google is doing under the garb of manual action penalty? Clearly either Google or malicious competitors are manipulating websites and blogs.

Even Matt Cutts has publicly acknowledged that Google uses whitelists as well as manual actions penalties to demote and delist websites and blogs. This contradicted the earlier stand of Google and this acknowledgement is a direct result of the antitrust investigations from the EU, the Texas attorney general, and possibly the US Federal Trade Commission.

Matt has provides examples of cases where a manual action penalty can be imposed by Google. It includes cases where Google receives reports of spam, off-topic porn, things like that, etc. This list is not only vague but is also a potential source of imposing censorship and websites filtering by Google without following the due process of law. Surprisingly, after Google even Facebook used censorship to block my Facebook account without citing any reasons.

There is no doubt that whenever companies like Google or Facebook have to adopt measures that are neither strictly legal nor in conformity with their own policies, they always invoke the trump card of “spam communications”. Of course, spam is a violation of terms of services (TOS) of any company, including Google and Facebook, but a resource must actually be spam to invoke such penalty. Both manual action penalty and algorithm demotions methods of Google are prone to misuses and they may actually be misused in many cases by Google employees.

There is no second opinion about the fact that manual interventions are an important part of any search engine. The problem is that for so many years, Google has largely avoided acknowledging that these interventions exist, and it has said almost nothing about how they work. So the question why has Google censored cyber laws in India blog would remain unanswered by Google.

Tuesday, December 27, 2011

After Google It Is Facebook’s Turn To Adopt Censorship

It seems the guys at Google and Facebook have nothing better to do than messing up with accounts of their users. While Google demoted my block after its initial censorship, Facebook has altogether blocked me from my account.

Surprisingly whenever companies like Google or Facebook have to adopt measures that are neither strictly legal nor in conformity with their own policies, they always invoke the trump card of “spam communications”. Of course, spam is a violation of terms of services (TOS) of any company, including Google and Facebook, but a resource must actually be spam to invoke such penalty.

We have been experiencing censorship by various online platforms from time to time. This may be due to the critical and bold analysis that we make from time to time. Critical analysis is definitely protected under Indian and US constitution as freedom of speech and expression. If a post or resource is well within the limits of constitutional right to speech, it cannot and should not be curtailed.

It seems commercial interests and draconian laws are forcing companies like Google and Facebook to censor users’ accounts, posts and messages. Clearly this is an illegal and unconstitutional act on their part and they must cease to indulge in these practices.

While I am still continuing my blog, it seems time to say goodbye to Facebook has arrived. All those individuals who were following my activities there and wish to continue to do so are invited to the Priyanka Sharma Daily. It seems to be a better alternative to Facebook and is more comfortable and user friendly.

However, this episode of Facebook has reminded me of the statement by Julian Assange that Facebook is an “appalling spying machine” and its insistence upon mobile number is sufficient proof of the same. It is better to leave Facebook than giving a mobile number, so goodbye Facebook.

It is well known that spy agencies and intelligence agencies world over use social media for open source intelligence (OSINT) purposes. US even plans to use, perhaps already using, fake virtual people botnet and persona management software to gather inputs from social media websites. Time has come to question the dubious practices of social media websites and blogging platforms so that they can be sterilised from malicious people violating civil liberties of netizens.

Virus Attack On ICICI Bank Transactions: A Cyber Security Lapse

The online banking system of India is not cyber secure. Take the recent example of virus attack upon ICICI Internet banking transactions. It proved that Internet banking system and mechanism of ICICI bank is not cyber secure. It is not even clear whether ICICI bank has appointed a chief information officer (CIOs) to manage its Internet banking functions that has been made compulsory by the Reserve Bank of India.

Cyber security of banks in India is in bad shape despite mandatory guidelines by RBI in this regard that has asked Indian banks to ensure cyber secure due diligence for banks in India.

The cyber law due diligence in India requires Indian banks to ensure compliance with information technology act, 2000 (IT Act 2000) otherwise stringent penal and pecuniary penalties can be imposed.

Similarly, cyber due diligence for Indian companies is now a well known responsibility. A failure to observe cyber due diligence by banking companies in India is neither good for their business nor for their customers.

Surprisingly, till now ICICI bank has not officially come forward to repudiate this claim of the security professional Yash who has claimed to discover this vulnerability in the Internet banking system of ICICI.

Internet banking risks in India are increasing and cyber security of Internet banking in India must be strengthened by various banks. In fact, Internet banking cyber security in India needs to be strengthened so that customers’ confidence can improve.

Now the Indian banks may use two methods to solve this problem. They may use dubious and illegal methods of false complaints and pages/websites/blogs removal requests to various hosting companies like Google, Facebook, etc and thereby remove the negative reporting about their business. Or they may improve the cyber security of their systems and thereby gain more respect and trust of their customers.

Unfortunately, many prefer the former option that is seldom productive and is injurious to own interests in the long run. What is more surprising is that Internet intermediaries like Google, Facebook, etc are in fact acceding to these requests and are messing up with accounts of their users. Let us hope things would change very soon on all fronts.

Monday, December 26, 2011

Cyber Law, Cyber Security, Websites Blocking And Internet Censorship Updates

There are many significant developments happening in India and abroad in the fields like cyber security, websites blocking, Internet censorship, skills development an trainings, etc. Some of such developments have been covered by my digital paper titled The Priyanka Sharma Daily.

This post is summarising and giving the account of the some of these articles posted in the past few weeks.

Some of the posts worth reading are:

(1) Indian electronic delivery of services bill (EDS) 2011

(2) Social media due diligence in India

(3) Financial frauds and IT crimes in Indian companies are increasing

(4) Corporate IT frauds and cyber crimes investigation in India

(5) Ethical hacking trainings and courses in India

(6) Ethical hacking training providers in India

(7) Ethical hacking training institutes in India

(8) Chief information officers (CIOs) trainings in India

(9) E-surveillance in India

(10) Internet censorship in India

(11) Ignorant judicial blocking of websites in India

(12) Cyber law on social media and networking sites in India

(13) Social networking laws in India

(14) Social media laws in India

(15) Techno legal e-learning courses in India

(16) Legal issues of entertainment and media industry in India

(17) Google outcry lack of proper Internet intermediary laws in India

(18) Aadhar project of India may be scrapped

(19) Aadhar project of India is unconstitutional says Praveen Dalal

(20) Data security, cyber security and privacy in Indian banking industry

(21) Is online banking system of India cyber secure?

(22) Is ICICI Internet banking system cyber secure?

(23) Internet banking cyber security in India

(24) Who is manipulating and censoring Blogspot blogs: Google or malicious competitors?

(25) Why has Google censored cyber laws in India blog?

(26) Cyber security of Internet banking in India

(27) Internet banking risks in India

(28) Startfor hack, not so private and secret anymore?

(29) Israeli spy gear sent to Iran via Denmark, the dirty trade

(30) Iran, the cyber threat … are we creating a new enemy?

(31) E-Corruption … “who controls the controller?”

I hope readers would find these updates useful.

Saturday, December 24, 2011

Internet Banking Cyber Security In India

Internet banking is both a necessity and evil. As a necessity it brings conform and time efficiency. As a drawback, it attracts various forms of financial frauds and cyber crimes. With the removal of limits for financial transaction through mobile banking in India, more such cyber crimes and financial frauds are anticipated.

These are the few good posts in this regard that have been shared in the last week:

(1) Internet Banking Risks In India

(2) Cyber Security Of Internet Banking In India

(3) Indian Internet Banking Risks

(4) Indian Cyber Security Of Internet Banking

(5) Insecure Online Banking

(6) Data Security And Privacy In Indian Banking Industry

(7) Data Security, Cyber Security And Privacy In Indian Banking Industry

(8) Online Banking System Of India

(9) ICICI Online Banking System

Clearly, there is an urgent need on the part of Reserve Bank of India (RBI) to ensure that the guidelines prescribed by it are immediately implemented by the banks of India. Let us hope that banking customer’s interests would be safeguarded by RBI and Indian banks that is neglected for the time being.

Thursday, December 22, 2011

Cyber Security Of Internet Banking In India

Internet banking in India or e-banking in India is a process that involves use of information and communication technology (ICT) for doing various banking related transactions. While use of ICT for banking purposes in India has many advantages yet there are certain cyber law, cyber security and due diligence tasks as well that Indian banks must perform to escape civil and criminal liabilities.

Banks in India are required to not only ensure cyber due diligence in India but also cyber security due diligence in India. Reserve Bank of India (RBI) has very categorically told Indian banks to ensure effective cyber security in their day to day affairs and banking transactions. However, banks in India are not complying with RBI’s cyber security due diligence requirements.

Internet banking risks in India are increasing rapidly. Even the RBI acknowledged Internet banking risks in India. Although electronic banking in India has many advantages and convenient to handle yet online banking risks in India cannot be ignored by either the banks or its customers.

Unfortunately, Indian banks are poor at cyber security. This is resulting in an increase in banking related cyber crimes and financial frauds. For instance, Citigroup Inc recently confirmed that computer hackers breached the bank's network and accessed data on hundreds of thousands of bank card holders. Similarly, a security researcher has recently proved that Internet banking system of ICICI is not cyber secure.

Obviously, Internet banking in India is not cyber secure and RBI must urgently step in to remedy this situation. RBI’s ombudsman office is already flooded with complaints of ATM frauds. Similarly, phishing complaints are also on rise where customers’ money is misappropriated. Banks in India must voluntarily build cyber security mechanism and also implement the recommendations of RBI in this regard. Even better would be to enact a dedicated Internet banking law in India.

Internet Banking Risks In India

Technology has brought many benefits for banking consumers in India. However, technology has also given birth to many unforeseen challenges. Cyber security challenges of Internet banking in India have grown tremendously in the past. In fact, Internet banking in India is not cyber secure despite the recommendations of Reserve Bank of India (RBI). Banks in India are ignoring the cyber security due diligence requirements prescribed by Reserve Bank of India (RBI).

Internet banking is a very important aspect of Indian banking industry. Internet banking not only provides instant banking facilities but it also confers mobility to the account holders. However, cyber security of internet banking infrastructure of India is the need of the hour. Instances of theft of money through hacking of accounts of the accounts holders are fast becoming a trend in India.

This is partly due to the ignorance of the accounts holders and partly due to the weak cyber laws of India. The account holders are increasingly targeted for phishing attacks that result in loosing of sensitive banking information.

According to Praveen Dalal, Managing Partner of Perry4Law and the leading Techno-Legal Expert of India, the Information Technology Act 2008 has made most of the cyber crimes and cyber offences “bailable”. India has made its cyberspace a “free zone” and “safe heaven” for cyber criminals and cyber offenders. He says that now even after committing hacking in India a person would be entitled to “bail” as a matter of right. There is nothing that prevents such cyber criminals from committing cyber crimes in India in the absence of a deterrent law.

This has resulted in an increased spate of cyber crimes including hacking of the e-mail IDs of the Internet banking users and stealing of their money.

Further, India has also become one of the most endemic surveillance societies of the World. Confidential information is already vulnerable and with the proposed Indian plans of installing key loggers at cyber cafes, the same would exclude the use of cyber cafes for these purposes. Although cyber cafés are not a good place to transact confidential matters yet with a poor Internet penetration in India this may still happen, says Dalal.

With a weak cyber law, lack of cyber security awareness and increasing e-surveillance initiatives in India, Internet banking disputes are bound to increase in India. The government is least bothered about these issues and ultimately the account holders would have to bear the financial losses.

Is ICICI Online Banking System Cyber Secure?

Online banking transactions in India and electronic banking in India are in a real mess. Thanks to the defunct cyber law of India, inadequate cyber security mechanisms like encryption usages for banks, ignoring the cyber security due diligence requirements prescribed by Reserve Bank of India (RBI) and many more such issues.

Naturally, online banking risks in India have increased tremendously. We have no dedicated Internet or e-banking laws in India. Further, online banking systems in India are not cyber secure. Even mobile banking in India is risky.

This position is obvious if we analyse the present trends occurring in India. For example Citigroup had recently confirmed cyber attack upon bank’s network. It is also well known that a timely and appropriate cyber due diligence could have prevented such attacks and various cyber frauds that are growing in the banking sector of India.

Now it has been reported that a proof-of-concept virus has been developed by a security professional to attack the ICICI Online banking using the Man-in-Middle / Man-in-Browser attack method. It shows what an attack can do to an online banking customer who uses ICICI online banking facility and how it can result in financial loss.

Naturally, cyber security of banks in India is not in order at all. Cyber Security Policy for Banks in India is an issue that is very important for Banks of India, says Praveen Dalal, managing partner of New Delhi base ICT law firm Perry4Law and leading cyber law expert of India. With the growing use of Internet Banking, ATM machines, Credit and Debit Cards, Online Banking, etc, Banks of India must also upgrade their Cyber Security Infrastructure and establish a Cyber Security Policy, suggests Dalal.

An integrated modern banking law for India is in pipeline and it would be a good idea to make it techno legal in nature so that it can address cyber crimes and cyber security in a more effective manner. Corporate and banking laws in India are in the process of being streamlined. RBI has even issues a notification prescribing enhanced due diligence measures for high risks customers in India. RBI is planning to boost ATM security in India. On similar lines, RBI must curb online banking crimes and frauds in India.

Banks in India need to adopt techno legal measures to prevent ATM and other similar financial frauds and cyber crimes. Further, cyber due diligence trainings for bank employees can also be beneficial in this regard. Banks must also appoint steering committees and CIOs as soon as possible.

Sunday, December 18, 2011

Cyber Law Firms In India

Cyber law of India is a very young legal framework. The information technology act, 2000 (IT Act 2000) brought the cyber law of India in existence. With the passage of time, many amendments were also introduced in the cyber law of India. However, cyber law being a dynamic and updating law requires continuous upgradations and improvements.

Being a new field, there are very few lawyers and law firms that are dealing with cyber law litigation, consultancy and corporate advisory services. Further, there are only handfuls of experts that are providing cyber law due diligence services in Delhi, India.

However, a few law firms in New Delhi, India are really good in cyber law field. In fact, these law firms are giving cyber law a new shape in India. However, there is a single techno legal cyber law firms in New Delhi, India and world wide that manages both technical as well as legal aspects at the same time.

Perry4Law is the exclusive techno legal ICT and IP law firm in New Delhi, India and world wide that has acquired international reputation in the fields like cyber law, cyber security, cyber forensics, etc. Perry4Law Techno Legal Base (PTLB) supplements the techno legal expertise of Perry4Law.

One area that has recently interested the legal community pertains to cyber security. Although cyber security as a legal field has started gaining attention of foreign lawyers and law firms yet cyber security law firms in India or cyber security lawyers in India are still missing.

Perry4Law is also the exclusive cyber security law firm in New Delhi, India.As more and more people are using information and communication technology (ICT), cyber contraventions and cyber crimes are increasing in India at an alarming speed. Lawyers and legal firms in India need to upgrade their cyber skills. Similarly, cyber crimes investigation training India is also required in India for various stakeholders.

Friday, December 16, 2011

E-Commerce Lawyers And Law Firms in India

Electronic commerce (e-commerce) in India is witnessing a rapid growth. As more and more business entities and entrepreneurs are becoming aware of the benefits of online presence and brand promotion and protection in India, e-commerce has become a popular method of doing business. Even domain name protection in India has assumed significance due to this reason.

We have no dedicated e-commerce laws in India. However, the information technology act 2000 (IT Act 2000), which is the sole cyber law of India, is regulating the e-commerce business and transactions in India. Internet intermediaries liability in India under the IT Act 2000 is very stringent.

For instance, the e-commerce players can be held liable for online infringement of copyright in India of the copyright owners. Cyber law due diligence in India is one aspect that all e-commerce site owners must frequently engage in. The present laws of India are stringent in nature and subsequently claiming ignorance of such laws would not make much difference.

Further, e-commerce regulatory requirements are techno legal in nature that very few can understand. For instance, Perry4Law is the exclusive techno legal ICT and IP law firm of India and world wide. Among other areas, techno legal services pertaining to e-commerce litigation, consultancy, corporate advisory, contract drafting, etc are by Perry4Law.

Presently, very few lawyers in India familiar with technological aspects in general and e-commerce laws in particular. Lawyers in India need to upgrade their skills and knowledge in the upcoming fields like cyber law, e-commerce, etc.

For e-commerce entrepreneurs and business houses, Perry4Law and Perry4Law Techno Legal Base (PTLB) strongly recommend that before opening an e-commerce site or business, the owner of the same must consult a good techno legal law firm that can advice him upon all the possible and applicable aspect of e-commerce laws in India.

A failure to do proper cyber due diligence before opening an e-commerce portal in India may be counter productive and attract fines, penalties and criminal sanctions. It is better if a proper legal due diligence has been done in this regard before opening the e-commerce business in India.

Sunday, December 11, 2011

Reverse Migration Of Workforce To India Is Anticipated

There was a time when brain drain from India was happening at a great pace. This was because the employment opportunities and living conditions of other nations, especially developed nations, was incentive enough to migrate to such countries.

With the economic growth of India and better working conditions available at India, workforce is considering returning back to India. Further, areas like business process outsourcing (BPO), legal process outsourcing (LPO) and knowledge process outsourcing (LPO), etc are already dominated by India.

Legal process outsourcing in India (LPO in India) and knowledge process outsourcing in India (KPO in India) are now attracting not only foreign employers but also foreign employees. Even Indians working abroad are considering returning back to India. LPO and KPO in India have matured into big commercial industry in India and LPO and KPO companies and firms in India are world renowned.

According to various reports Indian workforce working abroad would return back within few years. Industries like cement, automobiles, oil and gas, alternate energy and construction are the main industries attracting reverse migrants.

Qualitative education was also one of the reasons why many professional migrated abroad. Establishment of virtual campuses in India would ease up this educational migration. For instance, Perry4Law Techno Legal Base (PTLB) is managing the exclusive techno legal e-learning portal of India and world wide. It provides many qualitative and highly specialised courses that would remain a dream through traditional Indian educational institutions.

This is a good trend for India. However, India needs to take care of many issues. Skills development in India is one such area. Technical education and skills development in India requires special attention. Higher research and education also needs to be strengthened in India. PhDs in India are dying and corruption is undermining the higher education in India. Even the higher legal education in India needs urgent reforms.

Similarly, Indian LPO and KPO industry must be innovative and competitive to deal with various competing destinations. This is more so regarding the knowledge process outsourcing services in India. For example, the e-discovery outsourcing, LPO and KPO services in India are still in infancy stage despite tremendous potential for the same. LPO and KPO in India need to adapt to technology so that techno legal assignments can be managed.

India must gear up to encash this reverse migration trend. Various techno legal initiatives and policy decisions must be made in this regard so that this migration can be as smooth as possible.

Internet Censorship In India

This article has raised very pertinent points regarding internet censorship in India. Internet censorship in India should not be a norm in a democratic country like India. Better solutions exist to address this crucial issue. Censorship of internet in India by bypassing the constitutional mandates amount to anarchy that should not be the norm in India.

Internet in India is under potential threat of censorship and e-surveillance. Internet censorship in India has increased a lot. Similarly, e-surveillance in India has also increased to intolerable limits.

India has a draconian but cyber criminals’ friendly cyber law in the form of information technology act, 2000 (IT Act 2000). It was amended in 2008 to confer unregulated e-surveillance, Internet censorship and website blocking powers to Indian government and its agencies. The present cyber law of India is an unconstitutional one in the absence of procedural safeguards that can prevent these abusive draconian powers under the IT Act 2000. It requires an urgent repeal.

On top of it we have the proposed central monitoring system (CMS) project of India that has been proposed without any parliamentary oversight. Further, stress upon Internet kill switch is also given by India without realising that Internet kill switch is not a solution to cyber threats. Anti Internet kill switch measures are needed to prevent Indian government from taking recourse of any such unconstitutional and draconian action.

Website blocking and Internet censorship should be resisted as far as possible in India. This fight should be techno legal in nature where both technical and legal measures must be adopted to thwart surveillance and censorship activities of Indian government and its agencies. Proactive self defence in cyberspace is needed not only against alien enemies but also against our own Orwellian government.

Self defence in cyberspace is a concept whose time has come at both national and international level. At the national level of India self defence is required not only against cyber criminals but also against our own over zealous and e-surveillance oriented Indian government. Suggestions have been given in the past that United Nations (UN) must protect human rights in cyberspace as well. However, UN is not serious about protecting human rights in cyberspace.

At the national level, Indian government acquired itself unregulated, illegal and unconstitutional e-surveillance, Internet censorship and website blocking powers with no procedural safeguards. The information technology act, 2000 (IT Act 2000) was amended through the information technology amendment act 2008 (IT Act 2008) and this amendment gave unconstitutional and illegal powers to Indian government and its agencies. With the notification of the IT Act, 2008, the journey from welfare state to a police state was completed for India.

Instances of website blocking in India and Internet censorship in India have increased a lot. What is more worrisome is the fact that e-surveillance and Internet censorship in India have increased without any lawful interception law in India. Lawful interception law in India is missing and phone tapping in India is done in an unconstitutional manner.

Of all e-surveillance project, nothing is worst than the Aadhar project of India and its implementing unique identification authority of India (UIDAI) headed by Nandan Nilekani. Irrespective of what Nandan Nilekani and Indian government says, Aadhar project and UIDAI are serving a very vicious, evil and nefarious objective of e-surveillance without procedural safeguards. Surprisingly, even Google is censoring results pertaining to Aadhar project and UIDAI and is messing up with search placement results.

Now Internet intermediaries in India have been asked to pre screen contents before they are posted on their platforms by the account holders. India wants companies like Google and Facebook to censor users’ contents. In fact, Goggle web censorship has greatly increased in the past. Perhaps somebody at Google was already doing the pre screening of some web contents in India, with or without knowledge of Google.

Google has been in controversies from time to time. Whether it is illegal data gathering, censorship of Google news searches, manipulation of search results, etc, Google has been doing it all. In fact, it seems Google was actively helping Indian government and its agencies for messing up with Aadhar project, UIDAI, World Bank or any other similar post that questions the wrong practices of Indian government. During that period Google continued its censorship drive in India and many posts failed to appear in news, blogs and search segments.

What Internet intermediaries are facing now is a direct result of their succumbing to Indian government pressure and unconstitutional laws like IT Act 2008. They should have challenged the constitutional validity of IT Act 2008 that is the root cause of all these troubles. Fortunately Yahoo took Indian government to court over e-surveillance and more such litigations are expected in the near future. Let us see how cyber law of India would develop in this regard.

Source: PTLB Blog

Saturday, December 10, 2011

LPO And KPO Companies And Firms In India

Legal process outsourcing in India (LPO in India) and knowledge process outsourcing in India (KPO in India) are two terms that do not require any introduction. India having an English fluent educated workforce is one of the favourite destinations for LPO and KPO related services.

However, other countries are now giving a tough fight to India in LPO and KPO services and Indian LPO and KPO industry must be innovative and competitive to deal with these competing destinations. LPO and KPO in India are still by and large covering the traditional outsourcing requirements with few exceptions. This is more so regarding the knowledge process outsourcing services in India.

Take the example of e-discovery LPO and KPO in India. The e-discovery outsourcing, LPO and KPO services in India are still in infancy stage despite tremendous potential for the same. This is because a dominant majority of LPO and KPO service providers in India and not sound in a techno legal manner. LPO and KPO in India need to adapt to technology so that techno legal assignments can be managed.

Perry4Law, the exclusive techno legal ICT and IP law firm of the world, is providing the best techno legal LPO and KPO services in India and world wide. Its techno legal segments like Perry4Law Techno Legal Base (PTLB) and Perry4Law Techno Legal ICT Training Centre (PTLITC) are world renowned.

PTLB is also providing the exclusive citizen to government (C2G) LPO and KPO services in India and it is also the sole citizen to government LPO and KPO services provider in India. PTLB has set an example how firms and LPO and KPO services providers must adapt according to technology to provide cutting edge and world class LPO and KPO services.

The future belongs to techno legal LPO and KPO service providers and Perry4Law, PTLB and PTLITC have clearly got a leverage, advantage and expertise over other LPO and KPO service providers of India and abroad.

Friday, December 9, 2011

Guidelines For Social Media Contents Monitoring In India

Social networking is an area whose time has come. People across the globe are part of social media and networking platforms. This also applies to India. However, dedicated social networking laws in India and social media laws in India are missing despite much requirement.

Even we have no social media policy of India that governs the use of social media in India. The growing demands for cyber due diligence in India has further necessitated for adopting of a sound social networking policy in India by various stakeholders.

For the first time, a social media framework and guidelines for Indian government organisations has been suggested. However, keeping in mind the past record of Indian government, this may be another proposal that would not be fulfilled.

Cyber law of India has imposed certain restrictions and liabilities upon social networking websites. For instance, social networking sites are liable if they fail to exercise cyber due diligence in India. Similarly, social media is also liable for online IPRs violations, including online copyright violations in India.

Recently Internet intermediaries of India were agitated when they were asked to pre screen users’ contents before posting at their websites. Companies like Google and Facebook were asked to take appropriate steps in this regard. However, lack of adequate Internet intermediary laws in India has proved to be a big hurdle in regulating online contents in India. Google has openly showed its dissatisfaction in this regard to Indian government.

Now Indian government is planning to formulate guidelines for monitoring content on social media platforms and removal of objectionable content from websites. Let us hope the same would be drafted after analysing various merits and demerits of this proposal.

Cyber Attacks And Political Pressures Upon Cyber Dissidents Worries European Council

Human rights protection in cyberspace is an important aspect of civil liberties protection these days. However, despite the significance of this issue, both national and international governments ate shying away from protecting human rights in cyberspace. On the other hand they are actively engaging in e-surveillance, Internet censorship, etc that violates various civil liberties in cyberspace. Throughout the world technology has been increasingly used to violate human rights in cyberspace.

In India various individuals and companies have already sued Indian government for violating their civil liberties in real world as well as cyber world. A writ petition for protection of privacy rights in India is already pending before the Supreme Court of India. The way Indian executive is playing with the Constitution of India, the day is not far when there would be a complete “constitutional failure” in India.

Similarly, Yahoo has already taken Indian government to court over illegal demands of e-surveillance by union home ministry of India. In its petition, Yahoo has emphasised upon the right to privacy of a company that stores such sensitive data and questioned as to what extent authorities can coerce it to part with the information considered necessary to either track terror perpetrators or thwart future attacks.

India has demanded companies like Google and Facebook to censor user contents. Indian government has asked the Internet intermediaries like Google, Yahoo, Microsoft, Facebook, etc to pre screen offensive contents before they are posted. This has happened because there are no well defined Internet intermediary laws in India deals with cyber due diligence requirements of these companies in India. Google has already communicated its dissatisfaction with the Internet intermediary law of India.

Further, censorship of Internet in India and blocking of websites in India is very common even without any constitutional and civil liberty safeguards. Further, Indian government is now openly acknowledging surveillance of Internet traffic in India. In fact, measures to fight websites blocking and Internet censorship have also been suggested by few.

In these circumstances, protecting human rights in cyberspace is not an easy task and most of the nations are not willing to do so for their own e-surveillance reasons. Although UN has declared that access to Internet is a human right yet all countries are openly violating this right. Efforts of United Nations to protect human rights in cyberspace are still half hearted and slow. UN must protect human rights in cyberspace in widest possible manner.

Lack of privacy laws and procedural safeguards have already stalled the national intelligence grid (Natgrid) project of India. Intelligence work is no excuse for non accountability that is commonly available to Indian intelligence and security agencies of India.

Similarly, absence of data privacy laws in India has created a big trouble for the Aadhar project of India. Chances are very great that Aadhar project of India may be scrapped and it must be scrapped in its present form and structure.

In these troubled situations, the council of Europe is taking many pro active steps to strengthen human rights protection in cyberspace. The Council of Europe has recently released a resolution titled “Abuse of State Secrecy and National Security: Obstacles to Parliamentary and Judicial Scrutiny of Human Rights Violations”. This is a significant step to reduce the blanket use of national security façade to violate civil liberties.

Now Council of Europe has issued an alert to European countries about the risk to free speech by cyber attacks and political pressure on internet platforms, internet service providers (ISPs), independent media, whistleblowers, human rights defenders and political dissidents.

The Council's Committee of Ministers issued a Declaration expressing concern over pressure being exerted on internet companies and ISPs to tighten controls on internet content, which supports a recent EU Court of Justice ruling that ISP filters are prohibited under European law.

The Council is also worried about the impact of cyber attacks, particularly Distributed Denial of Service (DDoS) attacks, on advocates of free speech, which it sees as a relatively new way that this right is being violated.

The Council alerted member states about their potential violation of Articles 10 and 11 of the European Convention on Human Rights if they exert pressure on ISPs and internet platforms, or participate in cyber attacks against whistleblowers and other new media.

Let us hope that other nations, including India, would take clue from these developments happening in Europe and consider changing their laws and attitudes accordingly.

Friday, November 25, 2011

Police In India Is Not Comfortable With Cyber Crimes

Cyber crimes in India are increasing at a rapid rate. However, the cyber law of India is not strong enough to deter these cyber crimes and common man has to suffer the results of this weak cyber law of India.

Further, the law enforcement agencies of India are not well trained to deal with cyber crimes. If a person whishes to lodge a first information report (FIR) with the police for a cyber crime, he is discouraged by police in every possible manner.

If you seek an explanation from the police officers for this behaviour they would candidly tell you that they lack the necessary expertise to deal with cyber crimes. If police force is not at all aware of cyber law there is no chance that it can solve many sophisticated cyber crimes.

Cyber crimes investigation in India is not satisfactory at all. Police forces lack cyber crimes investigation capabilities in India. Cyber skills development in India for police forces is need of the hour. Even the cyber crimes cells of India are not effective in successfully investigating and solving various cyber crimes.

The position has become so worst that now complainants of cyber crimes have to knock at the doors of high courts to get proper relief. Recently a Criminal Miscellaneous Writ Petition has been filed in Lucknow Bench of Allahabad High Court for transferring a cyber criminal cases against Facebook to Special Task Force (STF) or some other specialised agency of UP Police.

The petitioner a social activist Nutan Thakur approached the court after the local police failed to take any action in FIRs filed by her against Facebook over alleged use of criminally abusive language. The local police reported that they have no expertise in computers so they cannot proceed ahead.

Blaming the police force of India for this lack of expertise is not good. It is the duty of Indian government to suitably train the police force of India. Modernisation of police force of India is urgently required. Police force must be provided cyber crimes investigation courses and trainings in India.

Perry4Law Techno Legal Base (PTLB) is providing techno legal cyber law trainings for police agencies and various stakeholders. PTLB e-learning virtual campus manages various techno legal courses for stakeholders from around the world. Indian police force must get suitable trainings in the field like cyber law and cyber forensics from institutions like PTLB.

Tuesday, November 22, 2011

Skills Development In India Is Required

India has one of the largest educated workforces of the world. However, a majority of these educated students are not suitable for employment purposes. This is because employment requires skills and practical trainings that our academic educational system does not provide.

Indian government is aware of this limitation of Indian educational system and is working in the direction of skills development, practical trainings and vocational education. Even suitable legal framework to streamline educational sector in India is in pipeline.

Skills development in India is an area that requires top priority of Indian government. Further, technical education skill development in India also needs to be taken care of. Virtual campuses can be a big help in streamlining professional, vocational and skills development in India.

Even the legal education in India needs great reforms. PhDs in India are dying and higher legal education in India needs urgent reforms. In particular, continuing professional legal education in India needs to be developed. Further, public legal awareness training in India also needs to be strengthened.

India is providing many Information Technology related services. However, other countries, especially China, have now started giving competition to India. A cyber skilled workforce of India needs to be developed. Even cyber law skills developments in India are required to meet growing cyber crimes.

The cyber crime investigation capabilities in India need to be upgraded as cyber crimes are far exceeding the cyber capabilities of law enforcement agencies of India. Cyber crime investigation training in India as well as cyber fraud detection training in India is needed to tackle cyber crimes, white color crimes and organised crimes.

To solve these high tech and organised crimes, we also need to develop cyber forensics capabilities in India. Cyber forensics training in India can help in detection and prosecution of these crimes. Perry4Law Techno Legal Base (PTLB) is managing the exclusive techno legal online cyber forensics training centre of India that is developing cyber forensics skills of various stakeholders.

Since India is facing growing cyber attacks, cyber warfare, cyber terrorism, cyber espionage, etc, we also need to ensure cyber security skills development in India. Ethical hacking training and courses in India can be really helpful.

PTLB skills development initiative is providing techno legal trainings in the fields like cyber law, cyber security, cyber forensics, offensive and defensive cyber capabilities, etc. Interested individuals, organisations and stakeholders can enroll for these courses to develop their skills.

Saturday, November 19, 2011

Ethical Hacking Skills Development In India

Skills development in India is an area that requires top priority. Even among various skills, cyber skills development in India requires a special treatment. Skills development in India for technical education is missing as Indian educational institutions are paying more attention to academic nature rather than practical and vocational requirements.

Cyber crimes in India are increasing at an alarming rate. Similarly cyber attacks against India are increasing at fast pace. However, neither cyber crime investigation training in India nor cyber security training has been undertaken so far to a satisfactory level.

For instance, very few institutions are providing ethical hacking training, courses and education in India. Further there is a single ethical hacking software and tools repository in India managed by Perry4Law Techno Legal Base (PTLB).

Cyber security skills development in India is the need of hour. Cyber forensics skills development in India is another area that requires urgent attention of various stakeholders.

PTLB e-learning platform is providing various techno legal e-learning trainings, education and courses. Interested stakeholders may contact PTLB in this regard.

To sum up, ethical hacking skills development in India are urgently required to take care of cyber crimes and cyber attacks that are playing havoc with Indian critical infrastructure. The sooner it is done the better it would be for the national interest of India.