The Gurgaon BPO
case has opened a Pandora's box on the jurisdictional aspects involved in the
Cyber Space offences. The British Police is also investigating the case and
sooner or later the issue of jurisdiction will hit the Gurgaon case also. In
the Mphasis fraud case also there was an overlap of jurisdiction that is yet
to be fully settled.
So far there
have been many instances when the jurisdiction in Cyber Space offences have
been discussed.
For example, in
the Yahoo memorabilia case, the French Government did assert its jurisdiction
against Yahoo based in USA.
But US courts
did not fully agree. They upheld the right of Yahoo to some extent and said
that it is not within the jurisdiction of France though its website is
accessible by French Citizens in France and elsewhere.
But Yahoo
conceded that the "French Language Portal" will respect the French demands and
removed the objectionable material from the French site of Yahoo. In a
way this meant that the jurisdiction of France was accepted on the basis of
the language of the website. This has given room to a new line of thought as
if it is correct to say that if a Hindi Website is published from US, then it
would be deemed that it is meant for the Hindi population and hence is subject
to Indian jurisdiction.
In the Kaazaa
case ( Metro Goldwyn Meyer Vs Grokster), Californian Court held that if a
website has a relationship with the residents of California, then its courts
had jurisdiction.
In the Dow
Jones & Co Vs Gutnik case, the Australian High Court asserted its jurisdiction
since an Australian citizen had been defamed through a website published in
US.
This was again
a decision based on the end objective of an web activity. In other words, if
an activity is directed to the citizens of a country then that country will
have a jurisdiction.
If this
principle is blindly applied, it appears that if US Citizen's right is
affected in the Mphasis case or UK Citizen's rights are affected in the
Gurgaon BPO case, US and UK Courts should have jurisdictions to try the cases
respectively. If the Courts have the jurisdiction, the respective law
enforcement agencies should also have investigatory jurisdiction.
True to the
nature of any such disputes, in any case, interests of the citizens of
more than one country will be involved in any Cyber Offence. For example in
the Yahoo case, while French Government asserted the rights of its Citizens,
American Government had to defend the rights of Yahoo as its Citizen.
Similarly in the MGM and Gutnik cases also there were two sides to the story
and two Governments had the legitimate rights of its Citizens to be protected.
Hence the
principle supported in the above cases can only hold that
"Multiple Jurisdiction" has to be recognized in an offence. It cannot however
resolve the conflict in the jurisdiction.
Even in the
Mphasis and Gurgaon BPO cases therefore, India has a role to play not
withstanding that the accusation is that of a crime which even we would like
to prevent. However, until found guilty, the accused is entitled to a fair
trial as a Citizen of India.
Hence Indian
Government and Law Enforcement have every right to assert that they have the
necessary jurisdiction to investigate and try the case in India.
As a fall out
of such instances, the jurisdiction discussions are now entering the financial
regulatory area where RBI and SEBI are two important institutions in India
having substantial regulatory powers.
It is reported
that the US Banking regulation authorities viz: Office of the Comptroller of
the Currency (OCC) has requested permission of the RBI to inspect BPO
outfits in India which process information on behalf of US Banks. RBI appears
to have sent the request to the Government of India for instructions.
It is not clear
if the Government will have the necessary will power to assert its sovereignty
by refusing to allow jurisdiction of the US regulatory authority on an Indian
Company. We are aware that in the Bazee.com case, Government did let the US
embassy interfere in the investigation.
It is
interesting to note that amongst the Banking BPOs there are two types, one
which is a captive unit of an International Bank which may or may not have
operations in India and third party BPOs.
The dilemma is
whether the captive BPO s are to be treated as an extension of the parent
body?.. If so will it make a difference it the Indian unit is a Company
registered in India and not a branch office?
Another dilemma
is "If we agree to the jurisdiction of OCC to inspect, and consequently
regulate the operations of the Indian BPO arms of the US Banks, does it amount
to acceding to the authority of US Government on Indian Companies?
Yet another
point of commercial consideration is that if the Indian BPOs fall under the
jurisdiction of the US financial regulatory authorities, then will it not pave
the way to claim later that only US accountants will have jurisdiction for
audit and certification of SOX and SAS 70 compliance and not any Indian
Counterpart? Extending the logic further, will it not also open the grounds
for arguing that in respect of legal disputes arising in the Indian BPOs
only US Lawyers will have the jurisdiction to represent them..even in India?
The OCC request
which is now pending with the Government is therefore having the potential for
establishing a precedent that could turn out to be a "Frankenstein Monster".
Agreeing to the request of OCC may therefore have the effect of opening a door
for loss of Indian Sovereignty on the operations of the Indian Companies.
Naavi.org
therefore requests the Government of India to refrain from taking any hasty
decisions in this regard. Instead this could be an opportunity to define how
we can define the jurisdiction of Cyber Offence incidents.
The essential
requirement is that the country cannot concede any jurisdictional rights
either on the Law Enforcement or Judiciary when any Citizen of India is
involved. The investigation and the trial has to take place under the
supervision of the Indian authorities. Perhaps this is reasonably addressed
with the involvement of CBI as a nodal agency for Interpol related
cases.
In case of
regulatory bodies involved in "Inspections", we may debate the possibility of
developing an apex nodal authority such as "BPO Regulatory Coordination
Authority of India" through which all the foreign regulatory bodies work for
imposition of any regulations on the Indian soil.
Naavi
June 26, 2005
(Comments
welcome)
Related
Articles:
US banking watchdog sniffs around Indian BPOs..ET
Banks may face call centre investigation..Guardian UK
This
Could be Cyber Terrorism....Naavi.org
India
Has A Robust Data Protection Law !...Naavi.org
Financial
Fraud and Cyber Crimes...Naavi.org
Outsourcing Controversy is a Clash of Two Societies..Naavi.org
