Saturday, January 8, 2011

Cyber Warfare Capabilities Must Be Developed In India

Cyber warfare is not a new term anymore. Although, its exact definition and scope is not clear yet none can deny the role of information warfare in the near future. Even India has also appreciated its importance. The best part is that this appreciation is coming from none other that the Prime Minister of India Dr. Manmohan Singh.

Dr. Manmohan Singh has issued clear directions to National Security Council (NSC) of India to work in the direction of establishment of cyber command authority (CCA) for India. Dr. Singh has also asked for putting in place an action plan before such an authority is set up. Dr. Singh has also rightly deferred the plan to set up CCA till a thorough review of the cyber threat is done.

However, India lacks proper expertise and training to undertake such an ambitious project and establish such an authority. We have a single techno legal cyber security research, training and education centre in India (CSRTCI). Further, we also have a single techno legal cyber security training and educational centre in India managed by Perry4Law Techno Legal Base (PTLB).

According to Praveen Dalal, CEO of CSRTCI and Leading Techno Legal Expert of India, Cyber Warfare Capabilities have assumed tremendous importance these days. The future Cyber Warfare would be even more mysterious, anonymous and dangerous. Further, the Indian Government even need not to spend crores of cash for this purpose if it opts for “Open Source” Software, suggests Praveen Dalal.

So the matter boils down to appropriate cyber security policy and adequate techno legal training. Dr. Manmohan Singh must include as many institutions and individuals as possible so that cyber security of India may become robust and effective.

Critical Infrastructure Protection In India Is Required

Critical infrastructure protection (CIP) in India (CIP in India) is an essential part of homeland security of India. Homeland security is assuming importance these days in India. However, homeland security of India needs urgent rejuvenation as the same is not up to the mark. As the concept is new, it would be fair if India take two or more years to streamline its homeland security.

Further, cyber security issues are also closely related to homeland security of India. On the front of cyber security as well India has to cover a long distance. India must develop cyber security capabilities as soon as possible.

Cyber Security and Homeland Security are in infancy stage in India, says Praveen Dalal, Managing Partner of Perry4Law and leading techno legal expert of India. Both of them are very important to preserve India’s Critical ICT Infrastructure Protection. Further, India also needs a separate Framework for Cyber Security, CIP and Homeland Security issues, suggest Praveen Dalal.

With the growing cyber threats against India like cyber terrorism, cyber warfare, cyber espionage, etc, it is very much required to have good cyber security strategy in India. India also needs to formulate suitable ICT policy covering all these crucial issues.

However, of all the requirements the most important one pertains to techno legal skill development in India. Indian government or its agencies do not have sufficient numbers of skill workforce to deal with issues like cyber law, cyber security, cyber forensics, cyber warfare, cyber terrorism, cyber espionage, etc.

We have just a single techno legal cyber security research, training and education centre (CSRTCI) in India. The CSRTCI is managed by Perry4Law Techno Legal Base (PTLB), one of the techno legal segments of Perry4Law and spearheaded by Praveen Dalal himself.

Finally, India has also not shown much interest in formulation of techno-legal crisis management plan (CMP). Although many talks in this regard have been undertaken, a concrete action in this regard is still awaiting.

Home Minister P Chidambaram must take initiative regarding cyber security, cyber forensics, cyber warfare, etc. Home Ministry is currently undertaking projects like Natgrid, CCTNS, etc and it would be a good idea to cover areas like CIP, homeland security, and CMP as well.

E-Surveillance Is Not A Substitute For Cyber Skills

I personally believe that our Home Minister Mr. P Chidambaram is a learned and honest person. However, he is also gullible. Whether it is multinational companies, foreign governments, law enforcement agencies, etc all of them are selling their “stale and failed ideas” to Mr. Chidambaram and he is willingly accepting the same with a generous heart.

It seems many people and companies have realised that India is a very good market when it comes to security and cyber security related products and services. However, what would Indian government do with cyber security products if it cannot use the same?

If the Home Ministry or Indian government is even little bit aware how concepts like cyber security and cyber forensics work, it must be aware of free and open source software (FOSS) and open source hardware.

The cost is just one of the factors. The real issue is to manage the affairs of Home Ministry in a constitutionally sound manner. Home Ministry has been mandating various acts or omissions that openly go against the spirit of Indian Constitution.

For instance, India has no constitutionally valid phone tapping law and phones are tapped in India on the basis of unconstitutional colonial laws.

Similarly, privacy laws and data protection laws have been deliberately kept out of the loop of legislative business of parliament of India to accommodate illegal phone tappings and e-surveillance. Even projects like Aadhar and authorities like UIDAI are working on this principle.

Encryption standards that are essential for strong cyber security and risk free e-commerce have been deliberately constrained to ridiculous levels. Companies like Blackberry, Skype, Google, etc have been asked for to surrender encryption keys so that law enforcement and intelligence agencies may snoop at will.

I think the real problem is that neither our executive/parliament/judiciary nor our law enforcement and intelligence agencies are aware of technical issues like cyber law, cyber security and cyber forensics. As an escape route they have decided to use e-surveillance as a substitute to cyber capabilities.

Mr. Chidambaram, e-surveillance is not the substitute for cyber security and cyber forensics capabilities. You must give suitable and practical training to your law enforcement and intelligence agencies in cyber law, cyber security and cyber forensics so that they can solve cases and save millions of precious lives in real time.

National security, and above that every single life, is very important but there must be checks and balances while exercising it. National security should not be used as a façade to violate civil liberties in India, which unfortunately is presently happening in India.

Lawful Interception Law Missing In India Says Praveen Dalal

In this “Guest Column”, Praveen Dalal Supreme Court Lawyer and CEO of Exclusive Human Rights Protection Centre in Cyberspace (HRPIC) of India, has shared his views regarding phone tapping and e-surveillance laws of India. The views and opinions are solely of Mr. Praveen Dalal and we do not endorse or substantiate his viewpoints.

It is both ironic and sad that laws used by British Government against Indians are used by our own Indian Government against its own Citizens. There are many “Draconian Colonial Laws” that were kept intact by Indian Government even if they go against the very Philosophy and Spirit of Indian Constitution. This is because these Outdated and Unconstitutional Laws are well serving the “Purposes” of Indian Government.

One of such laws that require an immediate repeal is the Indian Telegraph Act, 1885. It is the most abused law of India when it comes to Phone Tapping and Illegal Surveillance. The fact and truth is that India does not have a Legal and Constitutionally Sound Phone Tapping and E-Surveillance Law.

Even after the Supreme Court of India declared Right to Privacy a part of Article 21 of Indian Constitution, Indian Government kept at bay the requirement to protect Privacy Rights of its Citizens. Instead, it preferred to impose Projects and Authorities without any Legal Framework. This is nothing but a “Complete Failure” of “Parliamentary Democracy” in India. I wonder whether India has Separation of Powers anymore.

So much so that even after the Supreme Court’s Judgment in PUCL case prescribed minimum “Safeguards” against Illegal Phone Tapping, nothing has changed. The “Safeguards” provided by Supreme Court were “Sub Minimum” and even those Safeguards are not followed in India.

Naturally, even Private Individuals also jumped upon Illegal Phone Tapping and E-Surveillance business and they are openly operating in India. This is bound to happen because when even the Government is not “Fair”, it cannot expect its Citizens to be honest and upright.

Till now it is clear that India would not provide any sort of Privacy Rights to its Citizens and would not protect their crucial Data through a dedicated and strong Data Protection Law in India. The only safeguard that is available against Indian Government and Private Individuals from violating our Privacy Rights is to use “Self Defence Measures”.

This is the reason why I believe that Google, Skype, Blackberry, etc must not succumb to the pressures of Indian Government. They must strongly refuse to share any information regarding its users unless and until there is a “Court Order” in this regard.

Time has come for the Supreme Court of India to stop Indian Executive from Hijacking the Constitution of India, by bypassing both Parliament of India and Indian Judiciary. Since the matter is pending before Supreme Court, it can lay down “Stringent Requirements” before Phone Tapping and E-Surveillance can be conducted in India.

Computer Forensics Research And Development Needed In India

Cyber forensics or computer forensics in India is at the infancy stage. Cyber forensics is very important field that is required for many purposes. It is required for civil and criminal proceedings and it makes the criminal justice delivery system more effective and scientific.

However, despite the great demand for cyber forensics in India there is acute shortage of good cyber forensics experts in India. This is primarily due to lack of proper training and skill development institutions in India.

For instance, there is just a single techno legal cyber forensics training centre in India managed by Perry4Law Techno Legal Base (PTLB). We need more such training centers so that cyber forensics experts can be produced as per the contemporary requirements.

Once again we have a single techno legal cyber forensics research and development centre in India (CFRDCI) managed by PTLB and exclusive techno legal firm of India Perry4Law. The centre is not only doing research in the field of cyber forensics but also in allied fields like cyber security (CSRTCI), cyber warfare, cyber espionage, cyber terrorism, human rights protection in cyberspace, etc.

The centre is providing best practices for cyber forensics in India and is the exclusive repository for cyber forensics software in India. The best part of the centre is that it is managing the techno legal aspects of cyber forensics. Being techno legal it manages both legal and technical aspects of law and technology.

With the growing demands of cyber forensics in India, pressure upon the governmental laboratories and institutions is tremendous. Obviously, they cannot match the demand for growing cyber forensics requirements in the courts cases.

The government of India in general and Home Ministry in particular must actively look forward towards cyber forensics as an essential requirement for India. This is more so when projects like national intelligence grid (Natgrid), crime and criminal tracking network and systems (CCTNS), etc would be launched very soon. Let us hope for the best in this regard.

Central Monitoring System Of India In Pipeline

The proposed central monitoring system (CMS) by department of telecommunication (DoT) is a good step in the right direction. However, the chances of its failure and misuse are much greater than unconstitutional projects like Aadhar, National intelligence grid (Natgrid), etc. The only thing that goes in favour of the proposed CMS is that Mr. Kapil Sibal is the present Minister for the Ministry that is entrusted to implement the project.

Mr. Kapil Sibal being a learned person and a man of integrity, CMS may also have “procedural safeguards” that is rarely considered and provided by Indian government. The decision to frame appropriate rules under the sole cyber law of India, i.e. information technology act, 2000, shows his intention to respect and protect privacy rights and data protection within the limited sphere of cyber law of India.

However, this does not mean that India should not formulate appropriate privacy laws and data protection laws. Absence of privacy laws and data protection laws in India has already made some of the most important projects and authorities of India illegal and unconstitutional.

For instance, Indian law enforcement and intelligence agencies are operating almost without any law. Similarly, Aadhar project and unique identification authority of India (UIDAI) are operating without any law. Phone tapping and e-surveillance in India is done without a constitutionally sound law and so on.

Let us hope that Mr. Kapil Sibal would realise that CMS means putting all telecom communication within the hands of selective people. These selective people must be transparent and accountable through proper safeguards otherwise the whole purpose of CMS would be to further strengthen phone tapping and e-surveillance powers of Indian government and its agencies. Needless to mentions, that would be illegal and unconstitutional like the previous initiatives of Indian government.

Legal Framework For Information Society In India

One of the most challenging tasks for India is to provide legal framework for information society. It is also known as legal enablement of ICT systems in India. The main component of this process is that legal and judicial systems are customised in line with information and communication technology (ICT).

The examples of such process include electronic courts (E-courts), online dispute resolution (ODR) mechanism, enacting good cyber law, enacting good laws regarding cyber forensics, etc.

In the Indian context, a significant growth has already been achieved regarding computerisation of traditional courts and their procedures. Many crucial aspects regarding Indian litigation like case list, case status, certified copies, etc are available online. This has also considerable reduced the backlog of cases in India.

However, despite this growth India has failed on almost all other fronts. For instance, till January 2011 we are still waiting for the establishment of first e-court in India. We do not have any ODR mechanism in India, we have an outdated and criminal friendly cyber law in the form of information technology act, 2000 that requires urgent amendments, we have no laws regarding cyber forensics in India, etc. In short, legal enablement of ICT systems in India has failed so far.

A recent development regarding legal and judicial reforms pertains to national litigation policy of India (NLPI). Law Minister Veerappa Moily has launched this policy and very soon the same may be finalised. However, NLPI also failed to consider legal enablement of ICT systems in India properly. It failed to address the requirements of e-courts and ODR mechanisms.

We at Perry4Law and Perry4Law Techno Legal Base (PTLB) have publically provided our suggestions in this regard especially regarding e-courts and ODR. Hopefully, these suggestions would be incorporated in the final NLPI. After all legal enablement of ICT systems is an essential part of legal and judicial reforms of India and it cannot be ignored for long.

IT Act 2000 Rules In Pipeline

Shri Kapil Sibal, the Union Minister of Ministry of Information and Communication Technology has recently announced action plan for his Ministry for the next 100 days. This was a much needed reform for the otherwise plagued Ministry that has been in controversies in the past.

Some of the initiatives proposed by Mr. Kapil Sibal have far reaching reformative implications. For instance, Department of Telecommunications (DoT) would hold consultations for a transparent regime of licensing, spectrum allocation etc. Similarly, legal framework for mandatory electronic delivery of services in India would also be considered.

However, the most important initiative that is in pipeline is the proposal to frame and notify the rules in respect of key sections viz. 43A (Data Protection), 70A (Protection of Critical Information Infrastructure), 70B (Agency to handle Cyber Security), 79 (Liabilities of Service Providers) relating to Cyber Security in the Information Technology Act.

Till now it is not clear what the hurry was that forced the government of India to bring half backed and knee jerk based amendments in the cyber law of India. The information technology amendment act 2008 made cyber law of India weak and criminal friendly. Naturally, cyber crimes increased drastically in India. The proposed amendments brought more harm than benefits.

To make the matter worst, important provisions like data protection, critical infrastructure, encryption standards, etc have not yet been enacted sufficiently. Even the rules pertaining to these crucial provisions have not been formulated.

At last, Mr. Kapil Sibal took charge of the department of technology (DIT) that would bring some accountability in the department. Further, his intentions to formulate proper rules for various crucial fields are also praiseworthy. Let us hope for the best but nothing short of suitable amendments in the cyber law of India can make it effective.