Is Supreme Court obliging business interests in admitting the Zoom petition?

In a Public Interest Litigation, an advocate has filed a petition in the Supreme Court seeking ban on Zoom . The petition seeks a direction that the Government has to ban the use not only for the use of the Government but also for the public.

It is unfortunate that the Supreme Court has admitted the petition and sent  notices to the Government and Zoom.

So far, whenever the Supreme Court has been notified about the adverse impact of apps like TikTok or the Anti Society systems like the Bitcoin, the Supreme Court did not consider it necessary to respond in public interest. On the other hand it gave a completely anti establishment judgement in the case of Bitcoin and the CJI did not think of reviewing the decision.

However, it has now acted with alacrity to respond to the Zoom petition as if it is a great natural emergency during Covid lock down.

I wish the Judges consult some independent technology specialists who are not in the pay rolls of companies adversely affected by the popularity of Zoom.  Otherwise the credibility of the Court is likely to be severely dented.

This petition was not worth the paper on which it was printed. It ought to have been rejected even for admission with a fine. The Court however has given undue respect to the PIL and issued notices.

At the same time, the Court has failed to issue notices to all stake holders and therefore if it proceeds with the hearing of the petition, the current users of Zoom will be adversely affected. The current users of Zoom in India are also citizens of India and have their own rights to use the software of their choice.

The Supreme Court has failed to realize that there is no compulsion for any individual to use Zoom and it is the choice of the public to use Zoom or chose any other equivalent software.

Intervention of Supreme Court is therefore only serving the business interests of the competitors of Zoom which include big names like Microsoft and CISCO. It has very little public interest objective.

It is possible that the Court might have been wrongly informed  that this is a “Chinese Software” which is spying on India and this could have influenced the decision to admit the petition. This may not be the correct view since Zoom is an US Company and there is no indication that it works under the directions of the Chinese Government, as of now.

The Court might have also been given to understand that Zoom is the only software that has the vulnerabilities  and every other video conference software of Microsoft or Adobe or CISCO are security wise impregnable. This is also not correct.

The Court needs to check with security professionals how often Microsoft or Adobe products are found to have vulnerabilities, whether CISCO has been every accused of providing a backdoor to FBI etc.

Supreme Court may not be aware that Zoom provides recording of meetings as an option either on the cloud or in local computers as do others. It is a choice of the users to store it on the cloud if they want.

I would be pleasantly surprised if the advocate Wajeeh Shafiq or Harsh Chugh or their associates Nimish Chib and Divye Chugh can explain the concept of “End to End Security” and why they think Zoom’s  transmission security is inferior to other similar systems including G mail and Facebook.

The petitioner advocates need to also ki clarify whether they are talking of “Privacy Protection” or “Information Security” and how they distinguish “Personal Data Protection” and “Corporate Information Security”. They seem to be confused.

The Supreme Court should understand that vulnerabilities are part of the software development process and the only way the consumer interest is served is to make all software developers liable for zero day vulnerabilities if any consumer suffers a loss on account of such vulnerabilities. This is feasible even under our consumer protection laws .

Zoom is an intermediary under ITA 2000 and if its platform is used for commission of any offence, it can be tried under any of the provisions of ITA 2000 including hacking, denial of access etc., and Zoom will have to prove “Due Diligence”. ITA 2000 has extra territorial jurisdiction as well as a possibility of extending the liabilities to the Zoom CEO under Section 85 of ITA 2000. Zoom CEO is in USA and the Company is a US Company and hence it should not be difficult to invoke extra territorial jurisdiction if the petitioners want.

Instead of using such provisions that are already available under the ITA 2000, the petitioners are launching a speculative attack to serve the business interests of the competitors.

The petition is therefore ill conceived and it indicates that business rivals of Zoom must have encouraged this litigation or the petitioners are doing it for publicity purpose.

Supreme Court has to show maturity and maintain distance from such business related issues.

Naavi

Print Friendly, PDF & Email
Posted in Cyber Law | Leave a comment

Back to Teaching ITA 2000 with a Cyber Jurisprudence perspective

After teaching Cyber Laws and ITA 2000 for a long long time, Naavi had moved his attention to teaching “Privacy and Data Protection” because that was the need of the hour.

The market has however come around to realize while studying the upcoming Personal Data Protection Act that it is afterall an extension of ITA 2000/8 and replacement of one aspect of our current Information Technology Act.

Simultaneously the market is realizing that even if the passage of the Personal Data Protection Bill 2019 can be held up, the Section 43A of ITA 2000/8 or the Section 72A or Section 67C or Sections 69,69A,69B, 70 B or Sections 85 and 79 all remain effective today and most of them will continue to remain effective even after PDPA 2020 comes into existence.

Hence the need to know Cyber Law and IT Act has got rejuvenated.

To satisfy this demand, Naavi is conducting two 12 hour courses in the next 10 days. One course will be over the week ends and will be for the members of a CISO/CTO group. The second would be a week day course for more law oriented persons.

The Core coverage would be ITA 2008 but the emphasis could be different. While the CTO’s/CISOs will receive the information security perspective of ITA 2000/8, the other group will receive a little more legal perspective.

I hope both segments will be satisfied with what is on offer.

Ofcourse the Course has to refer to some Case studies, Cyber Crimes, Adjudication,  the Digital and Electronic Signatures, Section 43A obligations of Reasonable Security or Due diligence concept under Section 79 and the Evidentiary aspects of Section 65B.

After the lock down is lifted fully, neither the participants nor me may have the same time to conduct such programs and therefore these could be unique occasions to revisit ITA 2000/8 at a time when the PDPA 2020 is likely to occupy our mind space for the immediate future.

The details of the week day batch  is available below.

Yes… It is a paid course and the payment link is here

The participants of this Course will get copies of three e-Books, one on Cyber Crimes, one on Electronic Signatures and one on Section 65B.

I invite all interested Advocates and IT personnel to take advantage of this knowledge boosting sessions.

The focus of this program is different from the Classical approach and adopt a Cyber Jurisprudent’s approach…

We will focus on this is what the law says…This was the legislative intent… Perhaps this is the best interpretation…

Even when there is a judicial verdict, we shall analyze it rather than accepting it in blind faith.

I believe that this approach will help us improve our collective understanding of the law and we all will be contributing to the development of Cyber Jurisprudence.

Naavi

P.S.: Participants would receive participation certificate from Cyber law college.

 

Print Friendly, PDF & Email
Posted in Cyber Law | Leave a comment

It has taken 20 years for the concept of virtual teaching to be accepted..

Naavi was the pioneer in Cyber Law Education in India. Cyber Law College itself was a concept ahead of its times and when it started its activities in July 2000 and launched first course in Cyber Laws in October 2000, the concept of “Virtual” was alien to most. It was however necessary in the context of economy.

The first version of the program was as a “Distance Learning Course”. Then several years later the concept of video classes developed after 2005. During that time classes were conducted online on the platform of gatherplace.com and later gotomeeting and Webex with a batch of students at the other end seeing a common projected screen. Then came the individual across the screen training in Digital Signatures and HIPAA where the student/s or trainees connected either individually or collectively on their own computers. One of the successful use of this virtual meeting was for HIPAA training for a group of medical transcriptionists in Phillipines.

With the success of these experiments, Naavi also launched the Arbitration.com (now odrglobal.in) as a video conference based online dispute resolution mechanism.

However, none of these were fully accepted by the market and they remained as experiments. While the teaching and training continued, it often involved travelling and wasteful expenditure. However, 20 years later, the Corona Virus has changed the perspective of “Virtual Meetings”. Now it is not only acceptable but also the preferred norm.

Now towards the end of the lock down period, we are observing that there are innumerable number of online meetings and webinars both by individuals and organizations.  Naavi’s dream of carrying the College in his laptop bag has now been realized and even got further miniaturized into the mobile.

Cyber Law College moved from other video conference tools to Zoom and now more options are becoming available. We may even see some Indian version “fokuz.online” coming up with an indigenous version of a class room.  Many other platforms including Tata VSNL have woken up from their slumber and trying to enter the market without much success.

The Apnacourse.com, and the like which enabled recorded versions of the training programs to be hosted were useful but with the entry of Zoom like tools, may find it difficult to grow.

However Online Examination tools with proctoring and without proctoring are still in the nascent stages and will get integrated with the Zoom like platforms to provide a complete transformation of the education system in India.

The training material of Cyber Law College also went through the transition from the following bulky but attractive books to the current form of PDF files or Kindle books.

The books shown above which were training materials used for two of the courses reflect the relics of those days.

Subsequently CD Books were also used by Naavi both in 1999 when the printed book “Cyber Laws for Every Netizen in India” had to be supplemented with the copy of the Bill as presented in the Parliament.  Subsequently, several CD Books were released on Cyber Crimes.

Presently E Books, Kindle format have become the norm though the physical books still have retained the charm except for the difficulty in distribution.

During this fascinating journey of 20 years, Naavi also promoted the concept of “Cyber Vidya” with the vision of upgrading the teaching in Government schools with virtual teaching. The project which was discussed with the Karnataka Government at one point of time would have been a great development had it been taken up. But as usual it was ahead of its time. But its time has now come and I see some thoughts about this are floating in the market . Perhaps this dream of “Cyber Vidya” will also be realized one day.

This journey down the memory lane was triggered because Naavi/Cyber Law College is starting online courses on Cyber Law and IT Act in the next week after a gap of several years.

One of the courses will be for CISOs and CTOs and the other for Cyber Law students.

I will share more details of what is envisaged in these courses so that interested persons can take advantage of the same.

Naavi

 

Print Friendly, PDF & Email
Posted in Cyber Law | Leave a comment

New Course on Cyber Law from Naavi

Program conducted over interactive online session. Covers entire Information Technology Act along with the Cyber Jurisprudential analysis of the law, including Digital Signatures, Section 65B of Indian Evidence Act and Legal aspects of Information Security, Cyber Crimes in E Banking, E Commerce scenario etc

Payment for registration can be made here:

All participants would be issued participation certificate from Cyber Law College

Naavi

Print Friendly, PDF & Email
Posted in Cyber Law | Leave a comment

Validity of Digital Contracts in India and implications of the Stamp Act

It is close to 20 years since India passed the Information Technology Act and notified it with effect from 17th October 2000. It enabled digital contracts to be recognized in law and established a “Judicially recognized Digital Society”. (For this reason, Naavi has been calling for celebration of 17th October as the Digital Society Day of India).

When the IT Act was passed, the legal recognition to electronic documents under Section 4 extended all current laws to the domain of Cyber Laws by replacing the “Written” document with an “Electronic Document”. Hence under the Indian Contract Act, offers and acceptances in writing could be replaced with offers and acceptances with the use of Electronic documents. “Signing” was also extended to electronic documents by introducing the system of “Digital Signature”.

In 2008 version, provision was made for other forms of electronic signature and in 2015 we came across the notification of e-sign as one of the other forms of authentication of an electronic document along with the digital signature.

With these, an electronic document with digital signature or e-sign could be considered as equivalent to a written and signed document. Hence if such documents are used for communication of proposals or acceptances, it would form a valid digital contract.

Section 10A also provided the clarity that communication of proposals and acceptances through electronic document can lead to valid contract formation.

Exclusion of Documents from ITA 2000

The excluded documents under the then Section 1(4) which is now listed under Schedule-I,  exempted Negotiable Instruments, Trust deed, Will, Power of Attorney and a contract of sale or transfer of any interest in immovable property from the legal recognition under the Act. Hence all other documents which were in electronic form could be considered as “Included” in ITA 2000.

The exclusions of these types of documents were also adopted in other countries which at that time had adopted similar laws. At the time when Draft  E Commerce Act 1998, the Information Technology Bill 1999 and then the Information Technology Act 2000 was under discussion in professional circles, we had observed that the Indian law did not within the Act provided a justification for the inclusion of these documents under the “Excluded Category”. However the law had adopted the provisions from the then Malaysian law, Singapore law, Utah law etc. Unless we go through the minutes of the meeting at that time in the Drafting Committee or unless Mr T. K Vishwanathan the person who was responsible for the actual drafting of the act comes up with his memories on the issue, we will have to do with my memories in this regard.

According to my memory, some of the Countries including Pakistan (It had an ordinance similar to our bill), had specified the reasons why they kept out the immovable property transactions from the recognition. (See my comments on this bill on January 17, 2002) The ordinance had clearly said as follows:

Section 9: Stamp Duty. — (1) Notwithstanding anything contained in the Stamp Act, 1899 (II of 1899), for a period of two years from the date of commencement of this Ordinance, stamp duty shall not be payable in respect of any instrument executed in electronic form.

(2) The Provincial Governments shall, within the period specified in sub-section (1), devise and implement appropriate measures for payment of stamp duty through electronic means before or at the time of execution of the instrument in electronic form.

It was clear that the exemption was considered because of lack of proper method for collection of stamp duty. I am sure that the reasoning here as well as in other laws of that time was that stamp duty is not payable on electronic documents for reasons that were relevant at that point of time.

It was also considered (my interpretation), that India wanted to disallow property documents  because electronic documents were not considered stable enough to be retained for more than 5 years and the requirement of property documents extended to retention for hundreds of years. A similar 5 year upper limit can be observed with respect to retention of certain aspects of digital signature records.

Finally, ITA 2000 did not specify the reasons for exemption of some documents and whether one of the reasons was to do with the Stamp duty issue. Hence today we are confused whether Stamp Duty is payable on electronic contracts or not.

Readers may refer to some of the articles I have provided in the “Reference Articles”  at the end of this article, written by many expert advocates and my own earlier articles. Some of them try to take the Maharashtra State Government amendment of the State Stamp Act to say that since a procedure for payment of stamp duty is now available, we should consider that Electronic contracts are also to be considered as coming under the Stamp duty.

The article of Uthara Priyadarshini in Bar and Bench appears to hold out the most acceptable analysis.

Types of E Contracts

Not all contracts which we call as “E-Contracts” are formed with a specific offer and acceptance or a common agreement so that they can be printed out or Stamp duty paid at the time of signing. Incidentally I disagree with one of the authors in the articles below who considers typing the name or placing a picture of signature etc as electronic signatures under Section 3A of ITA 2000.

The only valid Section 3A electronic signature is the e-Sign. There are other forms of e-contracts such as Click Wrap, Browse Wrap or Shrink Wrap which experts often refer to.

As regards the “Click Wrap” contracts, since a “Click” cannot be considered as a “Digital Signature”, the document cannot be considered as a “Signed document”. However, the “Click-Wrap” can still be considered for formation of an “Implied Contract” since ITA 2000 did not bar the formation of contract as provided under Indian Contract Act which included both Oral and Implied contracts.

The “Click-Wrap” contract comes under the category of “Un-Negotiated”, “Dotted Line or Standard form” Contract and the principles of “Unconscionable contracts” as laid out in the CERC Vs LIC Of India Supreme Court case apply. Accordingly the “Dominant party” has to ensure that onerous clauses are sufficiently highlighted and  there is a “Meeting of Minds” between the two parties to agree on the terms of the clause which may otherwise be considered as “One Sided”.

The “Browse-Wrap” contract where there is a contract some where hidden on a website which says, if you continue browsing, you are deemed to have accepted the terms of this contract is also a “Deemed or Implied Contract”. Similarly the “Shrink-Wrap” contract also tries to bind a person to the contract even before he has the full information of the terms in that part, an implied, standard form contract only.

Hence the “Click-Wrap”, “Shrink-Wrap” or “Browse-Wrap” types of electronic contracts donot fall into the category of “Written Contracts” under Indian law.

If however the offer and acceptance documents are digitally signed with a digital certificate issued by the Indian certifying authority and was valid at the time of signing, then the document can be considered as a valid contractual documents and subject to the exemptions that it is not a Bill of Exchange or Promissory Note (Cheques are included after the 5th February 2003 amendment), or a Trust deed or a Will or a Power of Attorney or a document that transfers title in an immovable property.

Now the question comes about the lack of Stamping of the document at the time of execution.

We must appreciate that “Stamping” of a document to make it valid or to make it invalid if not stamped is a requirement of revenue generation for the Government. If the Government wants to continue generating revenue on online contracts, they need to institute a proper methodology for payment of stamp duty, generating an acknowledgement and noting that on the document.

Also, if the Indian Stamp Act has defined that the Stamp Act is applicable for only paper documents then the State Governments cannot make their own amendments contrary to the Central law by introducing new instruments under the Act.

If “Electronic Documents” are recognized as an Exclusive category of documents which are neither “Oral” not “Documentary”, then the powers under Section 90 of ITA 2000 to the States should not be extended to create a new kind of “Instrument” under the State Stamp Acts which is inclusive of “Electronic Documents”. The Indian Evidence Act under Section 17 clearly identifies three kinds of statements for admission where there is a distinction between “Oral”, “Documentary” and “Contained in electronic form”, which substantiates this view. Hence “Electronic Records” are a new kind of documents other than “Oral” and “written” and Stamp act cannot create a new instrument for the purpose of collecting revenue.

The amendments of the State Governments of Maharashtra and other Governments such as Delhi, Gujarat, Rajasthan and Karnataka mentioned in the article in Lex Counsel by Seema Jhingan and others appear ultra-vires the powers of the State.

Legislative Intent

The legislative intent of introducing ITA 2000 to facilitate E Commerce was to ensure that commercial contracts could be carried on with the use of Electronic Documents exchanged over the network as “Offer E Mail” and a “Acceptance E Mail” leading to formation of contracts since there was a way of signing the offer and acceptance, there was determination of attribution, time and place of message etc.

Under “Section 4 of the Draft E Commerce Act 1998” it was stated as under:

c) In relation to this Act, electronic records shall not be liable to stamp duty under the Stamp Act, 1899.

It also added as comments:

Comments: It is not feasible to give broad legal recognition to all documents that are signed with an electronic signature because, under Indian Law, hand written signatures are more appropriate for certain categories of agreements. Therefore, the purpose of limiting application of this Act is to acknowledge the intent of relevant laws that mandate the use of pen and ink for some documents.

For example, in the case of negotiable instruments, the current state of technology does not adequately provide a reliable mechanism for the transfer or negotiation of electronic records to holders in due course beyond an originator and an initial recipient of the electronic record.

Additionally, this section provides authority to the Central Government to amend, as appropriate, the limitations set forth in this section.

Further, the application of the Stamp Act has been limited to recognize the intangible nature of electronic records, based upon precedent set in the Depositories Act, 1996.

It can therefore be construed that the Legislative intent behind ITA 2000 was clearly to exempt the Electronic Contracts from the Indian Stamp Act.

Cancellation of Stamps

Beyond all the above arguments there is also a need to look at how “Cancellation” of a stamp in the electronic scenario has to be recorded. For Stamping to be valid, the document has to be stamped at the time of its execution and has to be cancelled in an appropriate form. Does the procedure of making a payment to the treasury and noting the payment transaction number in the document constitute a valid cancellation in the absence of a specific mention in the procedures lead down by the State Governments will be a moot point.

The mother of all ITA 2000 like laws was the UNCITRAL Model law on E Commerce adopted as a resolution in UN.  The UNCITRAL model law confined itself to the commercial contracts but did make mention about “Stamping” in a different context where “Stamping” is considered as a “Signature”. It noted that “alongside the traditional handwritten signature, there exist various types of procedures (e.g., stamping, perforation), sometimes also referred to as “signatures”, which provide various levels of certainty.” It also said “the concept of a signature adopted in that context is such that a stamp, perforation or even a typewritten signature or a printed letterhead might be regarded as sufficient to fulfill the signature requirement. “

These description of “Signature” were in a different context but has a connotation in the “Cancellation of Stamps” since one of the methods of cancellation is to write the date of the instrument or sign across the adhesive stamp.

Desirability of Stamping E Contracts

Not withstanding the right of the State Government to impose Stamp Act on E Contracts, and their ability to introduce the required procedures, the desirability of such a measure needs to be examined from the point of view of commercial feasibility and ease of doing business.

This is a call that the Central Government and the State Governments should take together. If the challenges are too harrowing, companies could shift the contract execution to a “Stamp Tax Haven” (virtually) using the available provisions of ITA 2000 and avoid the stamp duty.

We are presently on the threshold of a “Personal Data Protection Act” (PDPA) and this act will impose huge penalties for non compliance that cannot be ignored by E-Business organizations. In determining the obligations under the Act, the “Consent” is a critical element. The PDPA expects that the “Consent” passes the test of the Indian Contract Act. If read along with the validity of contracts under the Indian Stamp act, then all the “Consents” will fail to be valid contracts both because they may not be digitally signed or they may not be stamped under the Indian Stamp Act.

The only option for such digitally signed, un-stamped memorandum of understanding is to use the “CEAC-DROP BOX” concept which creates the witnesses to establish the evidentiary value of the memorandum of understanding without a “Documentary Contract”.

For the sake of ease of business however, this issue needs to be clarified in law so that the business entities are not kept in the dark. One option available now is through the PDPA which is still in the Bill stage, which can clarify that “Consent” can be provided without a digitally signed or Stamped document provided there is a necessary collateral evidence confirming the intention of the parties.

The above are my personal views and readers may also read the articles referred to below to get a comprehensive view of the issue.

I invite the views of others so that we can collate the views of the fraternity both from the field of Advocates, Technology professionals and the Data Protection professionals.

Naavi

Reference Articles:

1.Electronic Contracts-Applicability of Stamp Duty: Seema Jhingan, Neha Yadav and Saniya Kothari published at Mondaq.com

2. Stamp duty implications on E-Agreements: Ishika Agarwal, Vinod Kothari Consultants

3. E Contracts in India: Commercial law Blog

4. Are E Contracts amenable to Stamp Duty ?: Anuj Agarwal/Uttara Priyadarshini:  Bar and Bench:

5. Redefining the scope of ITA 2008.. in the amendments..

6. Stamp Duty on Electronic Records

Print Friendly, PDF & Email
Posted in Cyber Law | Leave a comment

EU parliament member’s data breached ?

In an embarrassing revelation, an Indian security firm “Shadowmap” promoted by Yash Kadakia, has revealed that data about 1200 accounts of elected officials and staff and another 15,000 accounts of EU affairs professionals were disclosed on the web along with the encrypted passwords.

This is being highlighted here not because we are happy that the data has been exposed, but to indicate to politically motivated ethical hackers like “Elliot Alderson” or “Robert Baptiste” that instead of worrying about the data breach incidents in their own country, they are trying to spread false rumors of data breach in India whether in the Arogya Setu or Aadhaar.

If Indian hackers work with similar motivation as Mr Baptiste to defame foreign Governments, perhaps many other Governments EU can also be embarrassed. But I suppose Indian hackers are not largely interested in such unproductive attacks (Except perhaps on Pakistan!).

The entire world is grappling with data security and need to make Internet more trustworthy. I therefore urge that the talented hackers who call them “Ethical”, should help the community to defeat the dark web and criminals who operate therefrom, rather than going after defaming the Government officials who may not be as much talented.

An academic question that arises in this case is “Who is liable under GDPR for this breach?”

Since the EU parliament is headquartered in France, (or is it still Belgium? or Luxembourg?)  it has to come under the jurisdiction of the French Supervisory authority and Mr Baptiste should directly contact the supervisory authority of his country and question them. Technically however, the breach is attributed to whom so ever was responsible as a “Data Controller”. It could be some department of the EU Parliament like our own NIC being a part of the Government. Will it be considered as a separate entity and notice issued? … We will wait and see how committed is the EU Parliament for the cause of data protection.

Perhaps the Internet Freedom Foundation and other similar friends of  Baptiste should issue a notice to the EU Parliament committee to take action.

Naavi

P.S: Also see here:

Print Friendly, PDF & Email
Posted in Cyber Law | Leave a comment