---

Certificate Course in Cyber Laws..at Mysore .to commence shortly  Certificate Course in Cyber Laws..at Hubli to commence shortly

Vande Mataram

The Blog Blocking Controversy..Is it legal?

The ill advised decision of the Government of India to block certain blogs following the Mumbai blasts has raised a debate on whether it was justified on the basis of "Right to Freedom of Speech". Coming close on the heels of the controversial amendment to the "Right to Information Act" proposed by the Government to keep certain information outside the purview of the RTI act, the Blog issue has rightly cast a doubt on the democratic intentions of the present Central Government.

Apart from the Netizen Rights issues involved in the case, it is necessary to address three other issues of equal importance.

1. Under what provisions of law did the Ministry of Information Technology issued the said notification blocking the sites.

2.Under what provisions of law did the ISPs act beyond the apparent mandate of the notification

3.How does the proposed amendments to ITA-2000 would affect a similar instance.

This article explores  these issues in some detail.

Also Read: Bloggers Beware..Naavi

Beware of the Proposed Amendments to ITA-2000

While Netizens of India may rejoice at the strong legal support to the cause of freedom of speech indicated by the opinion of Cyber Law Experts on the Blog Blocking issue, it should be remembered that there are vested interests trying to get the present provisions modified and make ISPs immune to any liability not only under ITA-2000 but also under IPC.  I wish the protagonists of freedom of speech in cyber space take up their fight against the attempt to push through the proposed amendments to the ITA-2000.

The proposed new section reads..."  An “Intermediary” shall not be liable under any law for the time being in force, for any third party information, data, or link made available by him, except when the intermediary has conspired or abetted in the commission of the unlawful act....."

Note the words "any law" protecting ISPs even under  IPC or perhaps under DOT regulations and Indian Telegraph Act or the proposed Broadcast Bill or the Cyber Cafe regulations. Also note the words  "except when the ISP has conspired or abetted". Surely you cannot presume this condition to be fulfilled in the present case or for that matter in 99.999 % of cases. The proposed amendment will therefore give near absolute indemnity to ISPs, Portals, Cyber Cafes etc in respect of vicarious liabilities under the present law. (See here for details)

ISPs Could be liable for blocking of non notified Blogs

According to Mr Pavan Duggal the well known Cyber Law specialist in India, ISPs may be liable for lack of "Due Diligence" and may lose protection under Section 79 for their role in blocking legitimate blog sites. The undersigned supports this view. If  ISPs had misinterpreted the DOT direction regarding the blocking of specific sites and had unilaterally taken a decision to block a larger domain, it could be interpreted as "Diminishing the Value of Information Residing inside a Computer Resource" and therefore an offence under Section 66 gets recognized. The protection under Section 79 then needs to be checked against "What is Due Diligence" under the circumstances. If the technology permits blocking of a specific file on the Internet without blocking the entire domain or an IP address then the action of the ISPs in blocking entire domains or IP addresses would amount to causing a wrongful harm outside the scope of "Due Diligence". ..Financial express quote

Blocking of Blogs

The unwise move of the Government in trying to block blogs in the aftermath of the Mumbai blasts has attracted criticism from all quarters.

This is the second time the Government of India has made an attempt to censor the internet speech, the first time being when the yahoo e-group of a Mizoram group was attempted to be blocked. Even in the earlier instant the ISPs blocked the entire domain and blocked all e-groups though the intention was to block a specific group. The same appear to have happenned this time too. It is surprising that the ISPs were so naive as to block the main domain in a disputed URL and caused all the furore. Perhaps this was a deliberate plan to discredit the Government.

However, it is necessary for a Democratic Government should try to avoid measures that may be considered as stifling public speech. If so there would be no difference between Indian government and China or Burma .

At the same time it must be stated that ISPs are also resorting to similar tactics when it comes to clocking Skype or messenger services because it affects their business. Even this should be considered as not desirable.

Related Articles:  DoT directive to block blogs irks bloggers..CIOL : Blocking of Yahoo-Groups- Ignorance? or Arrogance? ..naavi.org : India bloggers angry at net ban

Confusion on Broadcast Bill

Will it be reviewed? or Not?.. is a question on which the I & B Ministry seems to be in a dilemma if the reports emanating in the press are to be believed. According to the Hindu report, the report is unlikely to be diluted and the ministry feels that it is on right tracks. The report says..Quote: The Government on Saturday dismissed as "baseless" and "out of context" the attack on the draft Broadcast Bill and ruled out "dilution" of the provisions of the measure that has been severely criticised as "draconian" by the media.:Unquote

However this report in indiatelevesion.com says "You can kiss goodbye to the Broadcast Services Regulations Bill 2006". On the other hand this report in Financial Express says that the Government may be ready to revisit the Bill.

It is clear from the conflicting reports that there are forces working for and against the Bill. Knowing the nature of the current Government deferment of the decision is a more likely result. Considering the closeness of Hindu to the current establishment it appears that the forces in favour of the Bill appear to be strong.

Physical Security at Bangalore BPOs enhanced

Following the Mumbai Train blasts on 11/7/2006, Bangalore Police has alerted BPOs in the city and persuaded them to set up cameras to scan all entry and exit points. Report in DH

Broadcast Bill To Wait

The Broadcast ministry is involving the industries to discuss the proposed broadcasting bill before the draft is finalized and taken to the Parliament. Report in DNAindia

Closure of Bangalore BPO raises eye brows!.

The sudden closure of the Bangalore operations of the UK based BPO (British telecom firm Belair Communications) resulting in overnight sacking of 93 employees without any benefit has caused concern amongst not only the employees but also the serious BPO players. If fly by night operators start using Indian soil for setting up BPOs, quality manpower will shun the BPO industry and the employee turnover may further increase. Just as the BPOs are demanding the "Employee Register", it is time for Nasscom to think of a "Employer Register" and track foreign companies who open shops without the desire for long term operations. Report in HT

UK based firm taking the flight in the immediate aftermath of the HSBC fraud which is being investigated for possible terrorist angle involving UK residents raises a doubt whether there was any relationship between the fruadsters and this company. May be the Bangalore Police investigate this possibility also.

US Couple get Bail in Chennai Cyber Crime Case

The US Couple (COO of US Personnel Inc and his wife) accused in the data theft case at Summit HR, Chennai  has obtained anticipatory bail from the High Court at Madras. It is interesting to note (Refer Deccan Chronicle Report of 8th July 2006) that in the process of obtaining the anticipatory bail, the accused have admitted to having taken photographs in the server room to capture the configurations and also admitted to the fact that they collected information passing through their server. Summit HR claims that the information so accessed contained confidential information not meant for US personnel and that the photographing of the server configurations were also not authorized.

The case will now revolve around the interpretation of the provisions of the Service Level Agreement both as specifically made out their in as well as the intention of the parties as implied in their subsequent conduct. The usual practice in a BPO industry will also become relevant to interpret some of the provisions of the agreement.

Normal security requirements in BPO considers carrying of a camera mobile into the premises as a security risk. If therefore any person has to carry a digital camera inside a BPO and also photograph the server room and network architecture it is considered  an exceptional activity under any security principles. Such activity is considered prohibited unless  a permission was specifically sought far and given. It is difficult to understand how a senior executive of a Company (the accused is a COO of a BPO himself)  committed such an act without seeking specific permission.

Further, if "Information passing through a mail server" is considered as giving right to the mail server owner or the owner of the mail service, then all our mails coming through @vsnl.com or @sify.com address will become the property of VSNL or Sify. All employers will have right to monitor the individual e-mails of the employees. This is not accepted either in law or in practice. Even when the State has to intercept e-mail based on considerations of national interest, the reasons are to be properly documented and procedures laid down in "Wire Tapping Act" or similar provisions has to be adhered.

In a relevant US  judgment, the full  bench of the US First Circuit Court of Appeals  in the case of  Bradford Councilman  came to the conclusion that the service provider of an e-mail service cannot access the e-mails of the clients.

The instant case will put to test the acceptability of this US judgment in a BPO environment and also the Due Diligence principles applicable to IT workers as per standard security practices such as BS7799or ISO 27001, familiarity of which should be presumed at senior levels of employment in BPOs.

 Bangalore Police Oppose Bail to HSBC Fraud accused

Bangalore Cyber Crime Police are opposing  granting of bail to the HSBC fraud accused Mr Nadeem Kashmiri and also pressing for Narco analysis to continue their investigations. (Report in Indian Express, Bangalore Edition, July 8, 2007). Related Report in Techworld.nl

Security Practices at BPOs

The increasing incidents of security breach in BPOs either through insider frauds or otherwise have once again highlighted the need for BPO managements to tune up their security measures. In this regard, the UK Data Protection Act could be a good bench mark to start with. While this may be considered mandatory for BPO s  handling data from UK and EU, even others can take a cue from the provisions. It is however necessary to mention here that the BPOs operating in India should also keep in mind that complying with ITA-2000 is also a matter of security requirement since "lack of Due Diligence" could lead to vicarious liabilities in respect of third party data owners. Related Article in Tech world:

Who Owns BPO Assets?

BPO industry is recognized as a growing industry in India. As more and more activities come up in this sector, corresponding legal issues are also making their appearance. One such issue that confronts the industry today is a proper understanding of the legal ownership of the assets.

BPOs own two kinds of assets namely the Computer Assets and the Human Assets. The Computer assets include the hardware, software, connectivity etc. Human assets include the direct employees assigned to a BPO job and indirect employees who constitute an "Overhead" for the project.

In such an instance the legal issue that arises is "Who is the owner of the Asset"?.. Is it the BPO or Is it the Client?..Read the Detailed Article

US Corporate War Turns Murky in Chennai Soil

The Summit HR Vs US Personnel Cyber Crime case has taken an ugly turn with the the complainant company facing a counter charge that one of the employees was harassed into giving a written statement to the management.

In a move of far reaching consequence, an arbitration commissioner was also reported to have been appointed by the High Court  to enquire into the civil aspects of the dispute. This was apparently without notice to the defendant of this complaint (who was the Complainant  in the criminal case of hacking). It is also reported that the commissioner has put a seal on one of the BPO's offices (The complainant of the hacking case) until further orders from the Court which is expected today (July 7, 2006).

It would be interesting to understand how the Honourable Court assumed Jurisdiction in this case overruling  Section 61 of ITA-2000 and determined the priority and balance of  convenience resulting in the partial closing down of BPO's operations pending arbitration.

This incident is likely to affect the global reputation of Chennai and India as a center for BPO operations like no other BPO fraud has done so far. The incident highlights the unfortunate reality that in India, irrespective of who is right, seeking legal remedy could  be damaging both on the complainant and the accused as the "Law Takes its own course". This is well reflected in the famous Kannada proverb that in a Court case, "One who wins, loses and One who loses dies".

Report in FE : Report in yahoo

Broadcast Bill May Increase Competition in Cable TV Industry

The proposed Broadcast Services Regulations Bill has a provision which states that "No Content broadcasting service provider or Broadcasting Network Service Provider shall have more than the prescribed of the total number of Channels or Subscribers in a city or a State subject to the overall ceiling of 15% for the whole country". Since the current national subscriber average is stated to be 60 million subscribers, this provision may mean that the ceiling for any MSO operator could be around 9 million subscribers. In a city like Chennai where 90 % of the market is held by a single operator, there may therefore be a need for new operators to share the business.

Delhi Police Show Strength while Chennai Police Hesitate

In the Airtel hacking case in Delhi, the accused Mr Ankit K Srivatsava was rejected bail by the Delhi High Court. Significantly, the Court accepted the argument of the Prosecution that the offence had been committed irrespective of whether there was any security flaw or not. ...report in TOI

It is interesting to note that in the parallel incident of hacking investigated by the Chennai Police in the Summit HR Vs US Personnel case the Police have been hesitant to arrest the US Couple involved even though there is a distinct possibility of their leaving the country and frustrating the investigation. If this hesitant approach of the Chennai Police continues, it would be a matter of concern for IT industries in Chennai since  the safety of their Information Assets would be in doubt. We wish that Nasscom and the Ministry of Information Technology takes note that to attract IT industries to Chennai, it is very important for them to feel that there is a good law and order situation in the Chennai Cyber Space. The unfolding events in the Summit HR-US Personnel case would provide an indication as to whether Chennai is a good IT destination or not.

As per the report of Deccan Chronicle (6th July 2006), the accused Mr David Mangan, the Chief Operating Officer of US Personnel has approached the Second Metropolitan Court to seek instructions to the Police for a fair trial and also approached the High Court for initiating the arbitration proceedings. The report also states that the defense has also raised some issues on "Ownership" of the disputed data accessed by the accused. The jurisdiction or lack of it of the Indian Courts vis-à-vis Section 61 of ITA-2000 will also be brought to the debate. All in all the case promises to be an interesting academic subject which Cyber Law observers in India need to watch out. Report in DC (Please scroll down to the middle of the page)

Media as a Watchdog

The recent attention some members of the Chennai media have shown on the HR BPO case has brought some of the salient features of this interesting cyber crime case to the knowledge of the public. The accused have now moved an anticipatory bail application since they seem to have realized the gravity of the offence and the scope of the Indian Law.

It has been observed that in an earlier case involving a Cyber Crime fraud of over Rs 20 lakhs, the lack of the media interest (probably due to lack of information) had let the case to die down without the victim getting a fair hearing. Hopefully a vigilant media this time not let this happen again.

Since the present case involves a test on how Indian law responds to a complaint by a US BPO whose interests in India are reportedly hurt by the crime, Nasscom should also ensure that an accusing finger is not pointed by the world media on the inability of Indian system to protect BPO interests. Probably the Ministry of IT would also be keen in ensuring that Chennai which is projected as the next BPO destination does not display any weakness in providing the law enforcement support where it matters.

Academicians may watch this case carefully since there is an interesting possibility that the criminal aspects of this case is pursued in India while the civil liability arising out of this crime would be discussed in USA.

Ministry of Information..With No Information

In discussing e-Governance, we often observe the websites of Government websites. At a time there is a discussion on the Broadcast Services Regulations Bill 2006, the website of Ministry of Information and Broadcasting has no information on the Bill. When the link "Content" on the home page was clicked, we found an interesting page with the name of the contact person completely blank. (See here) The link on CCA went to a page containing account details of MIB.(See here). A rather poor reflection of the efficiency of the department.

Broadcast Bill Raising Adverse Reactions

After years of inaction on the Communication Convergence Bill, the Ministry of Information and Broadcasting has moved the draft Broadcast Services Regulations Bill 2006. The Bill has attracted serious allegations of containing draconian powers for content regulation and censorship. Many have felt that this is likely to be misused for political ends. The Bill have its impact on CAS as well as compulsory Cricket Broadcast which are of interest to Indian media watchers.

Related Articles: Kill this Broadcast Bill before it kills your rights..dnaindia.com : Broadcast bill outrageous: Experts..dnaindia : Broadcast bill ready; scheduled to be tabled in Monsoon Session of Parliament..India Televesion.com : The Broadcast Bill confuses control with regulation : Various articles
 

Airtel  Case..Is it Section 66-Hacking? or Ethical-Hacking?..Is it Section 72 offence?..or.?

The Delhi High Court is witnessing an interesting debate on Section 66 of ITA-2000. The defence has taken the stand that the incident where the accused accessed confidential information residing inside the computer resource of Airtel was not an offence and was a case of demonstration of "Vulnerability of the system" or i.o.w. a case of  "Ethical Hacking". The defense seems to be admitting to the offence under Section 72 of the Act.

The prosecution, on the other hand, has put up an argument that accused had cracked the secret passwords of 26 high-profile users, including senior police and PMO officials, besides threatening the telecom major with exposure. The accused had then allegedly demanded Rs one crore from the Airtel authorities by threatening to leak the information, police said.

Let's watch how the case unfolds.

Zeenews Report

HR BPO Fraud in Chennai.. Arrest of US Nationals Possible

According to a report in Deccan Chronicle, the cyber wing of the city police said on Monday that it was busy gathering evidence against a US couple ahead of their possible arrest in a data theft case.  The couple, who are top executives of a US-based payroll processing and HR outsourcing company, have already been restrained from leaving the city.  The two have been accused of stealing high-value business data from another US-based company operating in the city. “We want to build the case before making the arrest,” a senior police officer of the cyber crime cell said. ..Deccan Chronicle

"Data Theft" case booked in Chennai

Cyber Crime Police station in Chennai has filed an FIR against three American executives of US Personnel for allegedly hacking into the computer resources of Summit HR, another US based company engaged in HR Outsourcing, and operating from Chennai.

It is reported that the Bangalore Cyber Crime Police is undergoing a special training to understand the kind of fraud that has occurred in HSBC. Perhaps Chennai Cyber Crime Police will also have to undergo a crash course to understand the complicated crime that the Chennai incident  presents.

Though the Chennai Police have booked the case under Section 66 along with Sections 120 B and 406 of IPC, the Police have not yet made any arrests. The two accused who reside in Chennai are American nationals and  it is surprising that though there is a possibility of their leaving the country to frustrate the investigations, Police have refrained from making arrest. Perhaps the Police are haunted with the memories of the arrest of the Baazee.com CEO in which the US consulate interfered and brought pressure on the Police to go soft on the accused. However the Chennai case is different in the aspect that the complainant company is also an American Company and the accused is not being blamed of a vicarious liability as in the Baazee.com case but of a direct offence under Section 66.

It is possible that the case may again raise a controversy from the US consulate this time for a different reason that  timely action was not taken to protect American interests particularly if the accused leave the country before investigations are completed.

It would be interesting to observe how Nasscom reacts to this incident as this incident will test security infrastructure in India for BPOs in terms of the legal and law enforcement support. Since there is no problem on the laws, perhaps Nasscom should assist the Chennai Police in understanding this crime and help them take it to the  logical conclusion just as they are  assisting the Police in Mumbai and Bangalore.

Report in IE : Report in FE : Report in DC

Chennai Police Face a BPO fraud Challenge

Close on the heels of HSBC fraud in Bangalore, another fraud has come to light in Chennai concerning a HR BPO which promises to be an even bigger challenge than the HSBC fraud. With the disputed property alleged to have been hacked being "Business Process Data" quantification of the extent of damage caused is difficult to be determined. It could actually run to crores of rupees though not as easily measurable as in the HSBC fraud. It is understood that this case also involves foreign nationals and hence the Police are exercising caution in their approach. However, since the issue involves the ability of the Indian Police to protect the assets of the US BPO operators in India, industry circles and Nasscom should be deeply concerned with the efficiency of the Police in the handling of the case. If Chennai police raises to the occassion and ensure successful investigation and prosecution, then Nasscom and the Ministry of Communications and Information Technology can proudly say that Indian Environment is safe for International BPOs. Though Chennai Police is not as adequately equipped as the Bangalore Police in terms of Cyber Crime investigations, they have the credit of having obtained the first conviction under ITA-2000 in the Suhas Katti case. Hopefully, this does not remain a flash in the pan but indicates a fundamental strength of the Chennai Police.

"Proof of the Pudding is in the Eating"

The HSBC Fraud case being investigated by the Cyber Crime Police Station, Bangalore is now at the stage where the investigations has to shift to the UK nationals who masterminded the fraud. Considering the involvement of a Kashmiri youth who falsified his educational records, and the net effect of the fraud which is to destabilize the BPO industry in India, the possibility of the fraud being part of a "Cyber Terrorist Strategy" cannot be ruled out. Police therefore have a challenge in their hands to ensure conviction in the case. The Bangalore Cyber Crime Police have so far been successful in its investigations and securing the local accomplice of the fraud. But the proof of success is when they make the case stick in a court of law and ensure conviction not only for the Indian accomplice but also for the UK Citizens who are involved in the case. fortunately, India has the law that can bite..it has the jurisdiction over the UK nationals under Section 66 of the IT Act and can get imprisonment for 3 years. Report in TOI on Current status