Thursday, January 28, 2010

NATGRID Must Be Handled Properly To Survive

NATGRID may be a good platform for India to strengthen its intelligence and law enforcement initiatives. However, it cannot survive in the absence of “Political Will” to make it an effective and responsible tool. With the benefits of NATGRID come the issues of accountability and fairness in its operation. India must formulate adequate "Safeguards" before making NATGRID functional. The NATGRID project must not die like the other projects handled by India from time to time.

National Intelligence Grid (NATGRID) is an essential requirement for robust and effective intelligence agencies and law enforcement functions in India. The only requirement is to ensure that its abuses can be anticipated, prevented and remedied, says Praveen Dalal, Managing Partner of Perry4Law and the leading Techno-Legal Expert of India.

The Ministry of Home affairs, India is managing this ambitious NATGRID project. It sent the proposal to establish NATGRID to various other allied Ministries for their suggestions. Now Ministries like external affairs, finance, defence, telecom, etc have provided their suggestions in this regard. This has paved way for the final clearance of the project.

Techno-Legal specialist Praveen Dalal informs that the aim of NATGRID is to ensure a readily available and real time information sharing platform between intelligence agencies, law enforcement agencies, etc of India. Information gathering and its timely distribution is also an essential part of “Crisis Management Strategies” of any nation. While the NATGRID system is a must for India, yet India has to make it sure that it is not abused for “Political Purposes” and in a manner that goes against the provisions of the Constitution of India.

The scope for misuse is tremendous as NATGRID is planning to link 21 categories of databases maintained by different public and private agencies for ready access by the country’s intelligence agencies. There must be “mechanism” to ensure that this wonderful system may not be abused, warns Praveen Dalal.

Since the concerned ministries have cleared the proposal the same will be now placed before the Cabinet Committee on Security (CCS) for approval. The CCS consent would be the penultimate step for the establishment of NATGRID within next two years, i.e. till 2011. It would be a good idea if the CCS “consults” experts and stakeholders before finally approving the projects, opines Praveen Dalal.

Monday, January 25, 2010

Electronic Surveillance And Encryption Standards In India

E-Surveillance of Internet communications is not a new concept as it has been happening for many years in the intelligence agencies circles world wide. It also adversely effects "Human Rights in Cyberspace". However, now even others are using “sniffers” and other tools to gather information and communications happening between the sender and the recipient. The same is possible because of non-use of strong encryption techniques while communicating. India is insisting upon weak encryption standards and usage on the recommendations of intelligence and security agencies. This would not deter the criminals and terrorists to use the same but would make the online transactions of law abiding citizens vulnerable to eavesdropping and sniffing activities.

Electronic surveillance has been in place for long. Internet communications are sniffed by not only law enforcement agencies and intelligence agencies but also by cyber criminals. Now even terrorists are using technology for their nefarious activities.

Recent news has revealed that some unknown Pakistani hackers had intercepted an official email communication between J&K Police’s intelligence chief and the J&K Chief Minister. However, it is claimed that the intercepted email did not carry “sensitive information”. As per a senior police officer this is normal as both sides do it.

Omar Abdullah, Chief Minister J&K, has been encouraging use of Information and Communication Technology (ICT) for government functions. He has been seeking police reports and daily confidential police bulletins through e-mails instead of traditional mailing system.

According to Mr. Praveen Dalal, Managing Partner of Perry4Law and the leading Techno-Legal Expert of India, “Electronic communications sniffing is a very effective mechanism to steal e-mail passwords and confidential information. The same happens if the sniffer is at the same network in case of wired networks or through airwaves if he is targeting the wireless networks”.

To avoid the interception of the email communication by the security agencies, terrorists are not communicating between two email addresses but use a single address with several people knowing the password. The militant then save the document in the draft folder which could be subsequently read by his companions.

Similarly, security agencies are also adopting various methods to keep their e-communications safe and secure. This tussle between the terrorists and security agencies would further increase in the distant future and India should be well prepared to deal with the same.

India must also ensure that encryption standards are suitably regulated through a good and strong cyber law so that security and law enforcement requirements can be reconciled, opined Praveen Dalal. Presently, India is confused regarding the same and trying to stifle the same as much a possible. Indian authorities are insisting upon 40 bits encryption for long whereas anything below 128-bit encryption is equivalent to no encryption at all.

An enhanced encryption use would not only strengthen public trust in online transactions but also would prevent unauthorised e-surveillance by the State. However, Indian Department of Telecommunications has not been uniform in its stand against encryption standards in the Blackberry services in India. The security agencies of India are insisting upon weak encryption standards in India so that they can monitor the electronic communications of Indian citizens and others. This is resulting in an enhanced and unregulated electronic communications sniffing in India. India must change its attitude in this regard as this approach would bring more troubles than benefits.


Saturday, January 23, 2010

India Is Adopting Double Standards Regarding Its Cyber Law

India is adopting double standards and creating a façade to hide its incompetent and weak cyber law. On the one hand the government made the cyber law a safe heaven whereas on the other hand it is trying to show that it is serious about cyber crimes. If the government is so serious about cyber crimes, why it made it criminal friendly and a safe heaven for the cyber criminals? This double standard of Indian government would create lot of socio-economic problems in the contemporary modern society of India.

The Parliament of India is either not willing to enact suitable laws in a timely manner or it makes absurd laws like the Information Technology Amendment Act 2008 (IT Act 2008). India is already struggling hard to tackle cyber crimes and cyber contraventions. However, what is more confusing is why Indian government made India a Safe Heaven for cyber criminals? Further, with the IT Act 2008 India became an E-Surveillance State. The E-Surveillance may be crucial for Indian National security and Internal Security vis-à-vis information technology but even these crucial capabilities are missing. The cyber warfare capabilities of India are still decades far away. The net result due to the Irrational Cyber Law of India is that there is a complete Cyber Anarchy existing in India.

Realising the gravity of the situation, Mr. Praveen Dalal, Managing Partner of Perry4Law and the leading Techno-Legal Expert of India, sent a communication to the Government of India including the Prime Minister of India, President of India, Supreme Court of India, Ministry of Parliamentary Affairs, etc in this regard. The government reciprocated through media by showing its concern regarding the rising number of cyber crimes in India. Now the Centre is planning to assign the Central Bureau of Investigation (CBI) to investigate cases registered under the Information Technology Act 2000 (IT Act 2000) in the country. This is the irony of Indian political thinking. On the one hand they made almost all the cyber crimes in India “Bailable” whereas on the other hand they are “showing concern” for the very same cyber crimes that have been committed due to the lax cyber law of India that they enacted, says Praveen Dalal.

The Centre has in a letter to the State Governments requested them to issue general consent for the handing over of such cases to the CBI. The CBI cannot proceed till the States grant it permission to do so. This step of the Centre may be a compulsion as Indian law enforcement needs Techno-Legal Training to solve cyber crimes effectively. Surprisingly, the Centre is aware that cyber crimes are affecting the life of the general public and cases of phishing, online credit card fraud, hacking, pornography and theft of data, source code and identity are on the rise. It also believes that these cases have national and international ramifications and affect national security. What is not understandable is why such serious crimes have been made bailable and why India has been made a cyber heaven for cyber criminals, questions Praveen Dalal.

The only explanation to this strange behaviour of Indian government may be that it is “confused” regarding its cyber law. Further, Indian government cannot enact strong and stringent cyber law because the “industry lobbying” of Indian companies would not allow it to do so. Till India acquires good “legislative skill” and shows its will to provide a robust cyber law of India, the confusion will keep on marring the government’s decision making power.



Wednesday, January 20, 2010

Independent India With The Colonial Mindset: The Intelligence Agencies Fiasco

India has gained independence long time ago but it is still slave of the “colonial mindset”. Laws and regulations made by the Britishers for India with the primary purpose of oppression of Indian masses have still been kept intact by the Indian government. This is despite the fact that Constitution of India makes them “Unconstitutional” in many circumstances. However, since these laws are “Suiting” Indian governments present ruling requirements they have been kept unchanged, rather protected, from the required up gradations and annulments.

India has a long history of clinging to antique and colonial laws and abstaining from enacting suitable and timely legislations. These absurdities are well beyond any reasonable governance norms ruling the masses of India. India is notoriously infamous for creating authorities and agencies without any legal sanction and framework. Surprisingly, a majority of them pertains to law enforcement and intelligence agencies like CBI, IB, RAW, etc. What India is actually doing is using administrative circulars and executive orders to give legitimacy to these institutions. India is deliberately avoiding the “Parliamentary Scrutiny” of these agencies. Why these circulars and orders have still not been declared 'unconstitutional' by Indian judiciary is still a bigger mystery?

In short, law enforcement and intelligence agencies are virtually governed by no law in India. The government of India (GOI) never took pain to provide a viable and constitutionally sound legal framework for these institutions in India. Legal framework is the backbone for any crucial function of the government. This is more so where the law enforcement and intelligence activities of the State are involved. Law enforcement and intelligence activities and functions touch the most basic aspects of a person’s life. That is why we have strong human rights and constitutional protections that safeguard the life and liberties of such persons.

It would be both ironical as well as violation of basic human rights and fundamental rights if the law enforcement and intelligence activities are conducted in an illegal, unreasonable and improper manner. The duties, functions, liabilities and rights of these law enforcement and intelligence agencies must be specified in an unambiguous and proper manner. There is no scope for any sort of ambiguity in these functions of the State.

For instance, the British Security Service is one of three intelligence services or “Agencies”. These include the Secret Intelligence Service (SIS), commonly known as MI6, the Governmental Communications Headquarters (GCHQ), and the Security Service (MI-5). While there are significant differences between the British and US legal structures for law enforcement and intelligence services, MI6 is most like the CIA, GCHQ resembles the NSA, and the Security Service most closely resembles the FBI. All of them are constituted under duly enacted legislative frameworks. Surprisingly, India has taken a very strange approach in this regard.

Invasion of Privacy of Indian citizens by Indian Government and its Agencies is certainly going to be there in future. This is more so when the Indian Government has openly declared its Policy to adopt endemic surveillance and e-surveillance over Indian citizens. The Indian Government would spend 800 Crores hard earned public money for tapping all phones in real time. Ironically, Indian citizens' money would be used against Indian only and that also in an illegal and unconstitutional manner. There is an emergent need to formulate a good and effective "ICT Legal Framework" for the protection of "Human Rights In Cyberspace". Further, India has finally decided to go ahead with the controversial security gadget, the full body scanner. The first such scanner will be installed at the Delhi airport within six months, officials said. This would also have serious privacy issues that are not governed by a dedicate privacy law in India. Even the Unique Identification Authority of India (UIDAI) is not a “legally constituted” authority. In the absence of just and reasonable law(s) to support the same, it would violate the Human Rights and Fundamental Rights of the citizens of India, say techno-legal experts like Praveen Dalal. The interaction of Information and Communication Technology (ICT) with Human Rights is no more a science fiction and India must keep in mind the mandates of Human Rights Protection in Cyberspace while implementing projects that have no legal sanction and backing.

Lawlessness and unreasonableness is guaranteed if there is no accountability. Accountability is absent when there is no legal framework for those managing essential governmental functions challenging the human rights and fundamental rights of the affected persons. Perry4Law has provided a “10 Point Legal Framework for Law Enforcement and Intelligence Agencies in India” to the Government of India. It seems the suggestions of Perry4Law have finally got attention of Indian government. Vice-President Hamid Ansari gave a definite thumb up to a system of oversight to govern the intelligence community in India. He said the current scheme where intelligence agencies are kept outside the ambit of parliamentary scrutiny is no longer tenable. The traditional practice of oversight by the concerned minister and prime minister and general accountability to Parliament is now considered amorphous and does not meet the requirements of good governance in an open society.

The final step is for the Parliament of India to take. Mere assurances and multiple intelligence agencies would not serve any purpose. Indian government has slept too much over these crucial requirements and the sooner it wakes up better it would be for India.



Wednesday, January 13, 2010

Supreme Court Of India Must Change Its Mindset

The Supreme Court is Supreme not because it is right but it is right because it is Supreme. There are very few occasions when the trust and respect for the Indian Judiciary were at its nadir. During the infamous emergency imposition by the Center in the late 70s such public outrage was shown. Presently as well with the corruption in judiciary, slow speed of disposal of cases and adoption of double standards by the judiciary in matters like transparency and right to information, public trust and respect for judiciary has been on the lower side once again. However, the Delhi High Court has shown a great “Judicial Courage” by upholding the values of Constitution of India. It would be ironic if the Supreme Court becomes a “Judge of its own Cause” and negates the entire “Constitutional Philosophy” and “Administrative Law” of India.

Of late the Delhi High Court has shown tremendous judicial capabilities and strength by upholding the values of Constitution of India (COI). One after another it gave landmark judgments that were expected from the Supreme Court of India. At a time when the trust in the judicial system of India is falling to the lowest level this attitude of the Delhi High Court has emerged as a ray off hope in the dark clouds of judicial incapabilities.

While the District level courts are working more than good Delhi High Court has also joined this race and has become the sentinel of constitutional rights of Indian citizens. However, it cannot substitute the Supreme Court for many reasons. Although Delhi High Court is a court of law and a constitutional court, it has a major limitation. Its jurisdiction is confined to the limits of Delhi alone. On the other hand the Supreme Court of India is a “National Court” having wider powers and supreme authority.

The recent judgement of the Delhi High Court regarding declaration of assets by the Supreme Court is one of the best judgments it has ever given. Unfortunately, the same must have come from the Supreme Court itself. Having failed to do so, the Supreme Court must not now challenge the decision of Delhi High Court to itself in the Supreme Court. It would only undermine the dignity and trust of Supreme Court further. Instead the Supreme Court must now concentrate more upon damage recovery than further aggravating the situation.

Time has come when the Supreme Court must change its mindset and attitude and gain more respect and dignity in the eyes of Indians. After all, it must remove the general perception prevalent among the Indian masses that the “Supreme Court is Supreme not because it is right but it is right because it is Supreme

Tuesday, January 12, 2010

Internet Censorship In China Irked Google

Google Inc. will stop censoring its search results in China and may pull out of the country completely after discovering that computer hackers had tricked human-rights activists into exposing their e-mail accounts to outsiders.

The change of heart announced Tuesday heralds a major shift for the Internet's search leader, which has repeatedly said it will obey Chinese laws requiring some politically and socially sensitive issues to be blocked from search results available in other countries. The acquiescence had outraged free-speech advocates and even some shareholders, who argued Google's cooperation with China violated the company's "don't be evil" motto.

The criticism had started to sway Google co-founder Sergey Brin, who openly expressed his misgivings about the company's presence in China. But the tipping point didn't come until Google recently uncovered hacking attacks launched from within China. The apparent goals: breaking into the computers of at least 20 major U.S. companies and gathering personal information about dozens of human rights activists trying to shine a light on China's alleged abuses.

Google spokesman Matt Furman declined to say whether the company suspects the Chinese government may have had a hand in the attacks. Secretary of State Hillary Rodham Clinton said the Google allegations "raise very serious concerns and questions" and the U.S. is seeking an explanation from the Chinese government.

Google officials also plan to talk to the Chinese government to determine if there is a way the company can still provide unfiltered search results in the country. If an agreement can't be worked out, Google is prepared to leave China four years after creating a search engine bearing China's Web suffix, ".cn" to put itself in a better position to profit from the world's most populous country.

"The decision to review our business operations in China has been incredibly hard, and we know that it will have potentially far-reaching consequences," David Drummond, Google's top lawyer, wrote in a Tuesday blog posting.

A spokesman for the Chinese consulate in San Francisco had no immediate comment.

Abandoning China wouldn't put a big dent in Google's earnings, although it could crimp the company's growth as the country's Internet usage continues to rise. China's Internet audience already has soared from 10 million to nearly 340 million in the past decade. Google, based in Mountain View, said its Chinese operations account for an "immaterial" amount of its roughly $22 billion in annual revenue. J.P. Morgan analyst Imran Khan had been expecting Google's China revenue to total about $600 million this year. Although Google's search engine is the most popular worldwide, it's a distant second in China, where the homegrown processes more than 60 percent of all requests.
Free-speech and human rights groups are hoping Google's about-face will spur more companies to take a similar stand. "Google has taken a bold and difficult step for Internet freedom in support of fundamental human rights," said Leslie Harris, president of the Center for Democracy & Technology, a civil-liberties group in Washington. "No company should be forced to operate under government threat to its core values or to the rights and safety of its users." It's "an incredibly significant move," said Danny O'Brien, international outreach coordinator at the Electronic Frontier Foundation, an Internet rights group in San Francisco. "This changes the game because the question won't be 'How can we work in China?' but 'How can we create services that Chinese people can use, from outside of China?'"

Many Web sites based outside China, including Google's YouTube video site, are regularly blocked by the country's government. Google's new stance on China was triggered by what it described as a sophisticated computer attack orchestrated from within the country. Rep. Anna Eshoo, D-Calif., praised Google for disclosing chicanery that "raises serious national security concerns."

Without providing details, Google said it and at least 20 other major companies from the Internet, financial services, technology, media and chemical industries were targeted. The heist lifted some of Google's intellectual property but didn't get any information about the users of its services, the company said. Google has passed along what it knows so far to U.S. authorities and other affected companies.

It does not appear that any U.S. government agencies or Web sites were affected by the attack, according to two U.S. administration officials. The officials spoke on condition of anonymity because they were not authorized to speak publicly about the issue. The assault on Google appeared primarily aimed at breaking into the company's e-mail service, "Gmail," in an attempt to pry into the accounts of human right activists protesting the Chinese government's policies.

Only two e-mail accounts were infiltrated in these attacks, Google said, and the intruders were only able to see subject lines and the dates that the individual accounts were created. None of the content written within the body of the e-mails leaked out, Google said. As part of its investigation into that incident, Google stumbled onto another scam that was more successful. Google said dozens of activists fighting the Chinese government's policies fell prey to ruses commonly known as "phishing" or malware. The victims live in the United States, Europe and China, Google said.

Phishing involves malicious e-mails urging the recipients to open an attachment or visit a link that they're conned into believing comes from a friend or legitimate company. Clicking on a phishing link of installs malware — malicious software — on to computers. Once it's installed on a computer, malware can be used as a surveillance tool that can obtain passwords and unlock e-mail accounts.

Google's unfettered search results won't necessarily ensure more information will be made available to the average person in China because the government could still use its own filtering tools, said Clothilde Le Coz, Washington director for Reporters Without Borders, a media watchdog group. "The Chinese government is one of the most efficient in terms of censoring the Web," she said. The blocking technology has proven so effective that it's become known as the "Great Firewall of China."


Monday, January 11, 2010

Privacy And E-Surveillance Issues Must Be Resolved First By UIDAI

The Unique Identification Project of India is based upon lack of planning and foresight. The hit and trial attitude of the Government of India (GOI) coupled with the charitable tendencies to distribute the public money among corrupt officials of India without any transparency and accountability would once again fail another much needed project in India. The Unique Identification Authority of India (UIDAI) is not a “legally constituted” authority. In the absence of just and reasonable law(s) to support the same, it would violate the Human Rights and Fundamental Rights of the citizens of India, say techno-legal experts like Praveen Dalal. The interaction of Information and Communication Technology (ICT) with Human Rights is no more a science fiction and India must keep in mind the mandates of Human Rights Protection in Cyberspace while implementing projects that have no legal sanction and backing.

The security and privacy issues of UIDAI have been raised times and again. The real problem seems to be that neither UIDAI nor its functions are legally valid and constitutionally sound. In its present form they are violative of not only the sacrosanct Human Rights but also the Fundamental Rights conferred by the Constitution of India (COI), says Praveen Dalal.

The first and foremost evil of UIDAI without a proper legal framework is that it would violate the “Right to Privacy” as conferred under Article 21 of the Constitution. This is not expressly mentioned in it but the same has been enunciated by way of judicial interpretation by the Supreme Court of India. India is a signatory to the International covenant on civil and political rights, 1966. Article 17 thereof provides for the “right of privacy”. Article 17 of the international covenant does not go contrary to any part of our municipal law. Article 21 has, therefore, to be interpreted in conformity with the international law.

Even the “Data Protection” requirements would pose big challenge before India. The amount of data collected for by UIDAI would be tremendous. Presently, India does not have either a legal framework or technical capabilities to accommodate the demands of the proposed functions of UIDAI.

The main aim of the proposed project by UID Project seems to be to strengthen the “E-Surveillance Capabilities” of India. With the passage of IT Act 2008 India has now officially become an endemic e-surveillance society. The amendments have provided unregulated, unconstitutional and arbitrary e-surveillance powers to Government of India and its agencies and instrumentalities. The fact is that India has become an E-Police State, states the ICT Trends of India 2009.

Privacy rights are valuable and must not be violated by the government under the garb of national security. An important question that has been raised in the past is whether the citizens have a right to self-defense against the State if the latter is violating their rights illegally? Private or self defense is a Human Right, Constitutional Rights as well as Statutory Right. The Indian citizens have a right to exercise self defense even against the State. This is more so in the sphere of ICT where there are least possibilities of human injuries. However the same can be exercised by law abiding citizens alone and criminals cannot claim this Constitutional Protection. The UIDAI Project must keep all these aspects in mind before being finally implemented in India.