Naavi.org

We all agree that use of Cyber space by Common people is on the increase and has reached a level where we are worried about the internet/Mobile addiction and its adverse impact on the society. Government itself is encouraging a higher use of Internet through the Digital India program. E Commerce is also developing into a business model that is pushing the Citizens into online shopping and mobile Banking in a big way.

This is therefore a fertile ground for Criminals to take to Cyber Criminal activities and the Cyber Crime industry to grow faster than any other genuine business.

This will be the biggest headache for the Governments both at the Central and State level and needs to be addressed at the earliest. Despite the higher Cyber Crime and Cyber Security risks, the future is  where the population will take up to Internet even more.

Hence we need to learn to live with Cyber Crimes and find solutions on how to shield ourselves to the extent possible.

When the Citizen of the country faces any crime situation, the first friend he looks out is the Police. Hence whenever any citizen faces a problem arising out of Cyber Space, he will approach the Police for a solution. Cyber Crime police therefore have become the most sought after police personnel by the public.

However, the number of Cyber Crime cases are so huge that the Cyber Crime Police everywhere feel that they are over burdened and unable to do justice to their job. The requirement of building adequate skills are being addressed by different agencies within the Government including National Police Academy, along with the assistance of NASSCOM, DSCI, CDAC etc. to the extent possible. But the requirements are so huge that there will always be need to do more in this respect.

Governments in Center and States have not yet considered “Cyber Space Policing” as some thing which should be in the domain of “National Policing Structure” and clinging on to the age old concept of “Policing is a State Subject”. For border less crimes like Cyber Crimes, Policing have to be integrated at the International level but we are struggling here with a need for coordination within India. Just as we have brought a federal management structure for GST, we need to bring a”Federal Cyber Crime Management Council” under the Home Ministry to address the requirements of the Cyber Crime Policing and ensure that there is a single Cyber Policing authority for the whole country.

“One Country one Police” should be implemented at least in the Cyber Crime scenario.

We wish that Mr Rajanath Singh has the same acumen as Arun Jaitely to bring about this reform in the coming days.

In the current structure, Cyber Crime Police are working with a systemic disadvantage even to work within their current skill levels and hence it is becoming increasingly difficult for them to manage complaints from public.

Public will not be able to understand and even if so, appreciate the difficulties of Cyber Crime policing and increasingly feel that their complaints are not addressed by the Police.

At the same time Police will continuously feel justified in rejecting Cyber Crime complaints because they know that they have no time to look into every complaint.

When we take note that even in celebrity cases like Hrithik Roshan complaint against Kangana Ranaut, the progress is slow, one can wonder how badly equipped are the Police in handling the volumes.

While Supreme Court and Legal luminaries are more worried about issues like “Privacy”, no body seems to consider that

it is a Fundamental Right of a Citizen of a Country to get his complaints heard by the Police.

The sense of “Security” that a citizen is entitled to, comes from the feeling that if he is facing discomfort from  a wrongful action from another, he can run to the Police for help and help will be available immediately.

Are Cyber Crime Police today capable of providing such security?.. The answer is clear and resounding “No”. Cyber Crime police stations are overwhlemed with cases and jurisdictional police stations lack expertise  and hence complaints just end up as “Acknowledgements” and most of the time confined to dust bins without any investigation.

If this situation is not addressed, soon people will stop even approaching the Police and start approaching private hackers to take their revenge. Just as we have allowed “Naxalism” to grow in the physical society, we will be seeding “Cyber Naxalism”.

Ten years from now the same Cyber Crime Police will be fighting more of Cyber Naxalism than affording protection to genuine Netizens.

We therefore need to act in such a manner that the burden of Cyber Crime Police is brought down (even while efforts to increase the work force may continue). The Capacity building that DSCI is trying to do through setting up of Cyber Labs need to continue but will not be sufficient to meet the requirements of the society.

Public will therefore continue to feel that Cyber Crime police are incapable and uninterested.

I request all my friends in the Police to respond with suggestions on how we can relieve the Cyber Crime Police from such tasks that are today taking up most of their times but is not resulting in the satisfaction of the complainants.

It is in this context that in the previous article  on Social media abuse, Naavi.org  pointed out that the solution lies with the intermediaries like Google and ISPs to shed their practice of “Hiding the IP address” and “Requiring Police or Judicial intervention for revealing the identity of e-mail senders and domain name owners”.

We know that these ISPs are not keen on considering Citizen’s interests but are more concerned about the rights of Criminals. It is like our Human rights organizations who are more concerned about the victims of police atrocities but not when Police or Army are itself victims of Abuses.

We therefore suggest Supreme Court hearing the petition on Social Media Abuse should take action as suggested herein.  The Home Ministry and the IT Ministry should advise the Attorney General to request the Supreme Court to mandate some of the suggestions which I have tried to make here and in my earlier article on Social Media abuse.

What I have pointed out in this article which I would like to reiterate is that

1. ISPs like Google should provide the “Originating IP Address” with all e-mails going out of their system. “Hiding IP Address by ISPs” should be considered as”Abetment to Spamming” and should be discontinued forthwith.
2. The ISPs in India should introduce a mechanism where by any person who is a recipient of an electronic message can file an e-mail request with the ISP to seek information of the sender to the last level of name and address of the IP address owner. 
3. Other network owners should also be compelled to introduce similar measures where by they should provide the information of the identity of the sender of a message when the request is made in a proper manner.

Any non cooperation in this respect should be recognized as an offence.

Presently, under Section 69B, the Secretary of IT at DeiTy has the powers to seek “Traffic Information” failing which there could be 3 years imprisonment to the Intermediary’s CEO and executives.

This power should not be reserved for handling only political requirements but should be extended to the members of the Public.

To extend its scope,

Government should designate a number of persons all over India to act as “Nodal Officers” who can receive public requests and send properly structured requests to Intermediaries so that they may revel the information sought without affecting their commitment to Privacy.

Implementation of this suggestion  does not require any change of law or even the rules but a simple administrative instruction. Hence there should be no excuse in implementing this suggestion unless “Providing the Sense of Security to Netizen Citizens of India is not the priority of the Government of India”.

In the meantime  Mr T.K.Vishwanathan Committee on ITA 2008 amendment can also take note to declare that “Hiding identity of IP addresses which are used for misuse” is considered as an abetment to Spamming and punishable. The committee can suggest separate rules though I feel that the existing rules under Section 69B itself is sufficient to bring in this change.

The effect of this change would be that most Cyber Crime complaints will first land with these Nodal officers who can acknowledge the receipt of the complaint and forward it to the Police for their records to meet the CrPc requirements. These nodal agencies can issue “IP resolution Requests” to Google and other e-mail service providers as part of the law enforcement authorities. They can then send requests to the ISPs and obtain the details of the end user network. They can also send further request to the network owners to identify the ultimate user of the device from which the abusive mail was sent or a domain was registered.

This three step identification process will provide the identity of the perpetrator of the crime to the victim and he can there after take action either to formally approach the Police or a Court for Civil remedies.

In many cases the complainant may decide not to pursue the case or pursue it only for Civil remedies. The Police will therefore be out of such complaints.

As regards the procedure for requesting the Nodal officer, the key is that complaint should be allowed only by an identified complainant ..such as with Aadhaar ID and a digitally signed (or e-signed) request. As long as the complainant is declaring that “He is feeling that his Privacy or Security is being adversely affected by the act of the sender of the message”, there is no need for any other reason to refuse the request.

This should be handled like an RTI query through a web form (enabled for e-sign) and automatically acted upon so that IP resolution happens in real time.

There could be a general declaration that the complainant accepts that he shall be punishable if he fakes his identity or the reason for seeking the information.

I request that the Central Government takes this suggestion seriously and implement  some or all of the above suggestions to bring relief both to the Cyber Crime Police Stations and to the Public.

I also wish that organizations such as Center for Internet and Society or the media houses such as “Republic” should undertake a study on the “Satisfaction Level of Public in India on Cyber Crime Policing” in India and provide some feedback to the Government on whether Cyber Crime Policing could improve with such measures.

If “Digitization of India” is an election issue, “Efficient Cyber Crime handling” is also an election issue and hence the media houses need to flag this in their election surveys at least in the urban areas.

Any suggestions are welcome. I wish all right thinking persons should join this debate.

Naavi

Eminent lawyers of the country seem to have taken up a fight against Social Media for enabling “abusive content”.

According to the news reports, they are demanding that Supreme Court should consider “Regulation of Social Media”.

However, we need to point out that Supreme Court should not be diverted from the core issue into getting into regulating social media though this would make a good media copy.

Some time back when Supreme Court scrapped Section 66A of ITA 2000, Naavi.org was a lone dissenting voice stating in no unclear terms that Supreme Court was wrong.The advocates who are now crying hoarse against Social Media had words of great praise for scrapping of Section 66A. (Refer articles here).

Our opposition to Section 66A scrapping was that it was a wrong medicine for the problem which was the wrongful arrest of citizens for innocuous social media activities. The decision was faulty since Section 66A was not meant for addressing abusive posts on Twitter and Facebook but was wrongly blamed. As a result, Cyber Bullying, Cyber Stalking, Harassment through E-Mails, SMS, Spamming and Phishing all went  out of the regulation under Section 66A.

Under the guise of protecting the “Freedom of Speech”, the Supreme Court in this Shreya Singhal judgement gave a “License to Abuse”. What we are observing today has the origin in the perception that “Section 66A was scrapped by Supreme Court because social media abuse was considered as a part of the fundamental right to freedom of speech”.

It is therefore amusing that the same eminent lawyers and the Supreme Court as well as the conventional media are now converging on an attempt to gag the Social Media under some pretext.

If Supreme Court withdraws its Shreya Singhal judgement and reinstates Section 66A, it would be one of the best and easy solutions to reverse the perception.

It must be reiterated here that the arrests of innocent citizens under Section 66A which led to the decision  of scrapping the section was born out of a mis-interpretation of the Police that the section was applicable to “Publishing” in the social media such as FaceBook and the Twitter. The Courts at all levels failed to call the mistake and took to grandstanding as “Champions of Freedom of Speech” and scrapped the section.

Now it appears that the Eminent Jurists are again creating a situation that may lead to another bad decision as regards Social Media.

In the present instance, abuses on Social media can be addressed (in the absence of Section 66A) through relevant sections of IPC provided the electronic evidence is properly presented with Section 65B certification. Hence there is legal protection against misuse of the Social Media except for procedural issues that may require attention. If Section 66A is reinstated, situation would improve substantially.

However, the root problem of Social Media use for abuse is not that there is a freedom to publish anything including irresponsible content but the fact that it can be done “Anonymously”. The same eminent jurists and the Supreme Court are responsible for creating a false impression in the society that “Privacy is protected by hiding one’s identity in social media communications”.

Again, it is not the issue whether “Privacy” is an important fundamental right and needs to be protected or not… but whether the current manner in which we are protecting Privacy through enabling “Anonymity” is the right way to protect Privacy.

All Twitter and Facebook abuses as well as WhatsApp misuse can be stopped if in case of misuse the persons responsible can be identified easily and simply named and shamed. But we are not prepared to do it because we feel “Privacy” right is being curtailed by making the identity of Social Media users hard to get at except with an FIR or Court direction.

We track the location of users of Computers and Mobiles to the last meter to display restaurants around us or for hailing a cab, but we are not prepared to track the location of the social media abusers.

The Twitter and Facebook IDs are dependent on the e-mail IDs of the owners and its use pattern. Similarly, website IDs are dependent on domain name registrations which again are linked to e-mail IDs.

Hence behind most of the issues that we face today and call Cyber Crimes or Social Media abuses, there is a hidden e-mail ID. If Google happens to the biggest e-mail provider, then it is the reason for most of these crimes being encouraged and abetted by the false sense of Privacy protection that the society is now supporting.

I have recently raised a query with Google why it should not take the mandatory consent of the recipients of Gmail to automatically know the originating IP address of the sender. If as a part of the Gmail setting, I declare that all incoming emails should be accepted only if the originating IP address is revealed to the recipients, Google can put in a system where the senders would be notified that their email will be delivered to the destination address only if they permit revealing the originating IP address to the addressee.

This is a simple technical correction which the Supreme Court can mandate if they are really concerned about the social media abuse.

In a similar manner, the dynamic IP address of the ISP or the owner of a mobile  should also be automatically revealed at the request of a recipient of an e-mail or SMS or Call for which ISPs can put in a system where by the request is made by an identified citizen of India (say under his Aadhaar identity) and a declaration that he is in receipt of an e-mail or mobile communication from the person whose identity is being sought and a further assurance that if his request is on false grounds, he may be prosecuted for “Breach of Privacy under false pretensions”.

This is also a simple technical correction which the Supreme Court can mandate if they are really concerned about Social Media abuse.

I therefore call upon the honourable Chief Justice of India, Mr Dipak Sharma and responsible advocates mike Mr Harish Salve that they should consider these suggestions.

I request readers who re rightly connected, to pass on this request to Mr Harish Salve and Justice Dipak Mishra since they are unlikely to be otherwise informed about the “Solutions” and would be bogged down with the “Problems”.

Naavi

We continue our academic debate on the recent case of Shapoorji Pallonji Vs MHADA  in which the company challenged the e-tender bidding process followed for the award of a major Rs 11000 contract  for reconstruction of BDD Chawls and successfully obtained a ruling that they should be allowed to participate in the bid, though there was a dispute as to whether the bid process was properly concluded or not.

We have already discussed the details in the earlier articles and from the available information it is reported that NIC had created the e-tender system which involved a process of uploading tender documents encrypted with the public key of the tender authority into the server and then clicking a button “Freeze Bid”. The petitioner in this case contended that they were able to successfully upload the document and they got “Successfully Uploaded” message on the screen. However, there after they logged out and the requirement of clicking the “Freeze Bid” button was not displayed. NIC confirmed that the freezing of the bid was not logged in the server and hence the process was not complete.

The reason that the button was not displayed could be due to any number of technical reasons either at the server end or at the user end or at the intermediary network services level. This was considered as a “Technical Glitch” and the Court agreed with the contention that technical glitches should not be allowed to prevent an otherwise valid bid to be taken into consideration.

At this time, I am not going into further debate on this issue and as I have mentioned several times, I donot have any specific vested interest in Ms Shapoorji Pallonji getting an entry into the bid or finally winning it etc. Hence the legal team of Shapoorji Pallonji which consists of some of my friends, need not get upset about what I am objecting to. I am only debating the possibility that if we admit that any unsuccessful e-commerce contracting party can raise non fulfillment of an online process due to claimed technical glitches as a defence to void the contractual requirements, it would create a bad precedent and makes life difficult for all e-commerce entities. I therefore feel if there was any other “Public Good” reasons which required the petition to have been allowed, it should have been allowed under those grounds rather than under the “Technical Glitches” reason.

However, I need to answer one of the points raised by a friend stating

” If you insist the onus of having clicked the freeze button should be on the end point  you are effectively saying all individuals must now have cameras behind them recording their actions. That is just not going to work. “

This is the Shapoorji Pallonji dilemma which is not unique to this case but to any transaction in which electronic documents are relied upon and transaction is considered evidentially important.

We must appreciate that at present, according to Indian law, “Click Wrap Contract” is not considered as a valid “Signed Contract”. Unless a contract is digitally signed by both the offeror and the acceptor, a valid digital contract like a written and signed contract cannot be completed.

The Income Tax department and MCA authorities have therefore adopted a process where at the stage of submitting a return, the entire document is captured in toto and a Digital Signature or e-Sign is applied on the web form and then sent to the receiver.

However, what most E Commerce parties are doing is to adopt the US practice of providing a button at the bottom of a contractual document saying “I Accept” or some other similar words. Some people add an affirmative action such as ticking the check box or having a captcha. Others ignore even this precaution.

In such cases, we consider the contract as a “Deemed Contract” where the contract is implied by circumstances evidenced by the meta data of the transactions but detailed terms of contract is considered as open to dispute as per the usual considerations of an “Unconscionable Contract” and “Standard Form Contract” for which several Supreme Court judgement have set the standards. All practicing advocates should know these cases and there is no need for me to repeat a reference here. I have used the references successfully in the adjudication case of S.Umashankar Vs ICICI Bank which is too old for many to remember, except for its historical importance.

It appears that the NIC tender process has also adopted this “Deemed Contract” principle at least to the process of submission of the tender documents….such as Log in with your registered log in ID and password, upload the documents, click the “Freeze Bid” button etc.

There is a dispute that NIC did not give proper instructions in this regard which is outside the  scope of my knowledge and I leave it to the NIC to confirm or deny beyond what they have already done in the affidavit before the Court which has been rejected.

Whether the process of tendering was completed or not is a “Sub Contract” to the tender process and it has to be analyzed in the “Deemed Contract Status”.

In a deemed contract, either party can dispute on the details and that is what has happened in this case. I suppose the Court has considered all angles and come to a proper decision and if not,  it is for the parties concerned to challenge it in a higher Court.

However, can this process of “Uncertain Deemed Contracts” driving e-commerce transactions and the high value e-tendering systems be allowed to prevail? or should we have a solution? is a matter of concern for “Non Practicing Blog Writers” who are more concerned about the “System” rather than an individual litigant. Practicing advocates argue for one party today and another party the other day while “Non Practicing Blog Writers” have to be accountable for their views to the public and justify change of opinion with reasoning if required.

The Undersigned has anticipated this type of problems several years ago when he launched the services of ceac.in (Those who are unaware, can go through it once again).

Under CEAC service “Certification of a Web Page” now also upgraded as “CEAC-Evidence Drop Box”, it has been suggested that whenever people take critical decisions based on a web document, it is prudent to record the document and get it certified under Section 65B of IEA.

I have submitted many such documents in the case of web based copyright infringements, defamation, matrimonial cases etc. Very recently, there was a demand from a customer who had lost all his accounting records stored on a server in USA which was attacked by a ransomware to show case the evidence that his records were destroyed by the ransomware and the same was provided by CEAC.

Unfortunately many may not  know the existence of such services and I donot have the habit of advertising the same as often as I should perhaps do. Hence people may not know either that such trusted third party services have been available since 2002 nor that the requirements can be fulfilled if not with CEAC, with others.

The CEAC-EDB service is specially designed for requirements which Shapoorji Pallonji persons encountered when they were preparing to submit their documents for a huge contract in the last minutes where there was no time left for alternate submission if the technology had failed.

The idea here is that since there is no time to invite an expert Section 65B certifier to record the process in his presence, and also that it has to be done from the premises of the user and in his computer, the user foregoes the need to involve a trusted third party for recording the observation but does the next best thing of “Archiving” the process with a trusted third party at a time no dispute has arisen so that it can be produced as evidence that the process was completed in a certain manner and there was a technical glitch which appeared as a “Error Statement on the screen” or simply by “Nothing appearing on the screen”.

I am sure that some of the informed readers will suddenly jump to other debate of Section 65B certification but we can keep that discussion for a different time.

I recently submitted one Section 65B certified statement of “Certified E Mail Delivery” to a respondent at the instance of a petitioner so that the Court could proceed with the hearing ex-parte since the respondent was not cooperating in the litigation. Similarly, the “Archival of a user end electronic activity” would be certified as to the “Archival”. It is open to the defendant to raise any argument that the archived document itself was fabricated and the archival cannot save the defense. But the onus of proof will be on the defendant that the document is in fact fabricated. The “Archival” will prove the good faith of the user in recording a process before he was aware that it could land in a dispute and Courts may consider it as better than trying to approach the m without any documentary evidence.

In the Shapoorji Pallonji case, a screen shot was reportedly produced but I am not sure if it was Section 65B certified. Also the point of dispute is more on what happenned after the screen showed “Successfully Uploaded”. Did it go blank? Or was the system shut off immediately without waiting for the next screen to appear? etc. This was not clearly established except through the statement of the petitioner. Had they properly recorded the entire process including a few seconds after the uploading of the documents, a better evidence would have been available. The dispute arose only after the bid was rejected by the committee and had the documents been archived earlier with  a trusted third party, the evidence would have been stronger.

I agree that in this case,  Court was not that strict but if objection had been raised by other bidders, or MHADA had not agreed to accommodate the estranged bidder, Court would have been perhaps stricter. It is better for parties engaged in high value bidding not to take the risk that Court will be always considerate to them to accept the “Technical Glitch” excuse and condone any failure of the tendering process.

Hope this clarifies what I think about “Should we always carry a Camera..”?

Naavi

Also See: 

The e-tendering issues in Maharashtra.. “Uploading” is not the same as “submitting” the tender  

The Pandora’s box of Technical Glitches opened……2: MHDA and NIC need to take not

 The Pandora’s box of Technical Glitches opened….The e-tender judgement in Maharashtra…1

The decision of the Mumbai High Court in the Writ Petition (L) 2070 of 2017 filed by the well known Construction company Shapoorji Pallonji & Company Private Limited against the State of Maharashtra in respect of an e-Tender rejection has raised interesting debate on the e-tendering process used by Governments in different States and the Center.

Some of the experts in law have made comments on the earlier articles which require some clarification to be provided from my side and I will try to do the same here.

(P.S: The opinion expressed here does not in anyway discount the accepted fact that M/s Shapoorji Pallonji & Company is a reputed and long standing Civil Contracting firm and must be considered as a highly eligible company to win any Civil Contract whether from the State Government of Maharashtra or elsewhere).

One comment is that the e-tendering process is often tampered with in such a manner that bids from genuine parties are prevented from being placed and in the instant case the petitioner had the resources and commitments to challenge such technical glitches and hence the verdict is welcome.

I do agree that some of the e-tendering software might be tampered with or otherwise be badly built and inadequately tested. This could be part of the larger problem of corruption in administration and not always due to the inadequacy of the software/software developer including NIC.

However, if such a criminal charge was suspected in the instant case, the complaint should have been preferred as a criminal complaint seeking punishment of persons responsible for hacking or denial of service provided there was sufficient evidence.

There is no need to justify this verdict for the reason that tampering for corruption is a possibility or fact and this decision pulls up the Government authorities who are easy targets to blame.

The facts in this case indicate that the petitioner was first of all not ready with his bid until the very end and claims that he encountered technical problems which could not be resolved in time.  Some operator at their end could have simply forgotten the last process and in a hurry to complete the tender might have thought that he was through the process once the “Successfully uploaded” message appeared on  the screen. This is a common mistake many computer operators do.

The petitioner’s claim of having been prevented from completing the process is only a self serving evidence from the petitioner that there was a technical glitch. It is unclear from the judgement (but can be reasonably presumed otherwise) that the screen shot submitted by the petitioner that the “Documents were uploaded successfully” was  supported by a Section 65B certificate.

Even if the successful “Uploading” was proved, it does not complete the process of tender until the “Freeze Bid” is completed. After the documents are uploaded and before the freeze bid process is completed, the bidder may have the option of changing his bid by abandoning the tender or re-submitting the document.

As long as the bidder retains the option to withdraw the submission, the submission has to be treated as incomplete. Hence “Uploading” is not equivalent to “Bidding” but the Judgement will support this anomalous situation.  

In the instant case,  if the bid committee had not rejected the application of the petitioner, they would have been violating the rights of the remaining bidder. Considering the might of the rejected bidder, it would have perhaps required a lot of courage of an honest official to take the decision.

If there was any prima facie evidence of a criminal tampering with the system, the correct remedy for the petitioner to seek was a criminal punishment of those who tampered with the system as also to cancel the tender and arrange a re-tender in due course.

The petitioner however did not chose this option but chose instead to file a simple writ petition to include the late bid.

If the petitioner was really interested in “Public Good” as some critics of my view imply, they could have raised the issue of “Tampering of E-Tender Process” and helped in cleaning up the system which they did not chose to do.

On the other hand, by allowing regularization of “Incomplete Tender Process” the Court has set a precedent where by the “Tender Rules” are amenable to be changeed if any of the unsuccessful bidders are capable of moving a Court in their favour. This could be used as an excuse in every other tender process by a bidder who fails to meet the rigorous tender rules that others have already followed.

I wish that Maharashtra State Government or NIC should challenge the order because this makes every other e-tendering process a “Suspect” and hits at the very integrity of NIC and the Government officials involved.

I request that those Critics who have ferociously defended the judgement may kindly shed their vested interests and look at the Judgement from the perspective of what is right in principle irrespective of which party benefits therefrom.

Naavi

Related Articles:

The Pandora’s box of Technical Glitches opened….The e-tender judgement in Maharashtra…1

The Pandora’s box of Technical Glitches opened……2: MHDA and NIC need to take note

This is in continuation of the earlier article

The essence of the judgement in the case of Shapoorji Pallonji & Company Private Limited vs State of Maharashtra in the disputed e-Tender rejection case is that

An e-tender cannot be denied acceptance of filing even if the process could not be completed or if it is delayed beyond the period of closure.

Though the instant case was that of a large contract involving the State and the application of one of the parties had been rejected reducing the competition from three to two bidders, the principle established in this case can have far-reaching impact on every other E Commerce transaction and hence there is a need to discuss the impact of this judgement in greater detail.

Also, in the instant case, the judgement has not made much of a change in the fortunes of the other parties as the process of selection of the tender party will continue and the final choice is based on many other factors. But in many other cases of E-Commerce one technical issue may decide whether the contract is either valid or not and there is no second chance to correct the error. Hence if the principle established here becomes a universal guideline there could be lot more repercussions to the E Commerce industry than what is apparent.

Technology is a “Tool” that enables a transaction to take place between two legal entities and the law (ITA 2000) recognizes this through Section 11 of ITA 2000.

However whether an intermediary tool used on the web is a tool used by the first party or the second party depends on the factors leading to the use of the tool for completing the transaction. This principle has been well established in law in the case of the intermediary message delivery agency like the Post Office which can be an agent of either the sender or the receiver depending on who between them engaged the services of the Post Office. Today when there is an alternative to the Postal authorities, most of the time it is the sender who choses either the Post office or a particular courier to deliver his message and hence the delivery agency becomes the agency of the sender.

Any omissions of the delivery agency in such a case therefore becomes the legal responsibility of the sender.

In the instant case, the e-Tender application belonged to the Government and hence we can say that the defects in the system becomes attributable to the Government. Whether it is to be attributed to the MHDA or NIC is a fact that needs to be determined from some additional information which is presently not with us. Probably MHDA has used the services of NIC and their contract will determine the inter-se responsibilities.

The reported technical glitch could have arisen out of any of the following reasons.

a) Technical glitch in the tender software owned by NIC and leased out to MHDA for which either of them could be responsible based on the contract

b) Networking service which could be the ISP of the sender or the ISP of the tender processing agency

c) Hosting service provider who hosted the tender related documents

d) The sender’s computer including hardware, OS software, Application Software such as a Java script or Adobe Flash etc., the Anti virus or security software working there in, the configuration of security features, etc

Has the Court determined whether the so called “Technical Glitch” arose out of only the Tender software?… it is not clear.

Has the Court examined the configuration of the computer of the user before arriving at the conclusion that mistake must be with the Government end?…. it is not clear.

The Court has taken note that after the uploading of the documents, there was a process called “Freeze Bid” which involved the need for the party to receive an “Acknowledgement”.  According to the petitioner’s contention, this Acknowledgement was not received but they were able to provide a “Screen Shot” to demonstrate that the bid documents were “Uploaded”.

It is not clear if this “Screen Shot” produced by the petitioner in his own cause was “Section 65B certified.

The bidder paid the EMD in the form of a Bank Guarantee (Not known when this was submitted).

However, the respondent appears to have produced records to show that the portal recorded the transaction as an “Invalid Bid” and the tender document was not found in the place where it was meant to be.

According to the evidence it was stated that there was a “Failure” of the petitioner in “Not Clicking the Freeze Bid Button” and this was mandatory.

In defense the petitioner has argued that “…Even if the Freeze Bid button was not clicked, the uploaded document is stored on NIC’s server or associated file server or network attached storage or storage area network or within the data base.”

It was like a tender document that had to be put in a tender box was thrown into the premises some where but not put inside the tender box. Hence the tender committee could not take it into account.

The argument that it was inside the premises of MHDA (some where in the server) and the cover was unopened (encrypted) etc are arguments which donot have legal sanctity. The Court appears to have therefore seriously erred on this account.

If there is a process for submitting a tender and the contract is complete only when all the aspects are fulfilled, the Court had no right to arbitrarily come to the conclusion that it is enough if the document is uploaded and it was not necessary to “Commit” the document by clicking on the Freeze Bid button.

The Freeze Bid button/process is a mechanism that provides an option to the person submitting the tender not to complete the process even after the uploading of the document so that he can abandon his upload and resubmit his documents again and then click on the Freeze-bid button.

If the petitioner had wanted to change an uploaded document and at that time MHDA had raised the argument that the upload completes the process, the same petitioner would have argued that the process was incomplete and hence it should be given an opportunity to re-submit the document.

I therefore consider that the decision of the Court was not found on proper understanding of the system and it failed to address the need to debate on why the “Freeze Bid Button” was a critical process of tender submission and no matter what was the reason, not getting an acknowledgement was a failure of the submission of the tender document properly.

The Court has also ignored the provisions of ITA 2000, Section 12 which clearly mentions that when an “Acknowledgement” is a stipulated part of completion of a contract, non receipt of the acknowledgement was a clear reason to treat the contract as invalid.

The Court appears to have failed to follow the law in this regard.

Further if the submission was delayed even by just 2 minutes after the closure of the tender, it is a matter that cannot be condoned by the Court. If so, Court can manage the tender process by itself without the administrator in between. This appears to be a case of judicial over reach.

While we are not much concerned about this one decision where one Shapoorji Pallonji & Company Private Limited, got a second chance to make a bid for a huge Government project, we are concerned with the impact that this decision leaves on other E Commerce transactions.

Technical Glitches are not completely avoidable whether it is in a Mobile Wallet system or a E Banking system or any other electronic transaction. When systems are built, several layers of transaction confirmation is built and extensive testing undertaken to take care of the possibilities of technical problems that may arise. Since web platforms always have  a problem that they have to remain compatible with a variety of user end systems operating on multifarious hardware, OS and software platforms, it is impossible to create systems that are 100% foolproof. Hence an E-Transaction cannot be treated as legally complete under the discretion of a Court and not on the system records.

Tomorrow somebody may buy a property on 99acres.com and later challenge it to the judgement of the Court as to whether the purchase was out of technical glitch or not. Somebody  may enter into a transaction on Quikr and later claim that it was a technical glitch. There was a Bank of Maharashtra UPI fraud involving a technical glitch. Now there is perhaps another incident of a Rs 19 crore fraud in MobiKwick which also could be a technical glitch.

Can the Court stand in judgement of every such transaction? Or will the Court discriminate that only of the contract value is 100,000 crores, they will step in or otherwise no?

Before setting a precedence to over rule what is specified in law the Court should have considered the impact that its decision leaves on the industry. The Court should not have ruled that an Incomplete process can be considered as “complete” even on an “Exception” basis.

This will set up a bad precedent and cause more problems than what it has set out to correct.

By poking its nose in interpreting the “Technical Glitch” aspect, the Court has tried to re-define the concept of “Reasonable Security Practice” which will now require to follow the principle that “Human Spirits should prevail over technology”. This will adversely affect many technology concepts such as Facebook, Twitter, WhatsApp etc.

Given the ingenuity of Cyber Criminals, they can make every transaction look like a technical glitch if they want and Courts will be scratching their heads on understanding the difference between failure of a contract through technical glitch and failure due to a deliberate tweaking of the system. I am sure that it is child’s play to get the tender documents uploaded without an acknowledgement generation in every tender process. Then the sanctity of the “Freeze Bid” process as the final confirmation is defeated.

Similarly, when there is a “Terms and Condition” or “Privacy Policy” that needs to be “Consented” to with the clicking of an “I Accept Button”, some body may claim, even without clicking the button, the transaction is deemed as “Clicked” because the Mumbai High Court has the discretion to declare so.

It is field day for litigants because “Technical Glitch” can be a good excuse for challenging any E Commerce Transaction.

Considering the overwhelming adverse impact that this decision will leave, I wish that the decision is challenged since it violates the principles of Section 12 of ITA 2000… if there is still time.

The better view for the Court to take is that

“The technology supplier shall use “Reasonable Security Practices” to ensure that technical errors are minimized though it may not be completely eliminated. Any loss caused to the users on account of inefficeint, inadequately tested products that fail to meet the “Reasonable Security Practice” standards should be covered out of “Cyber Insurance” or through “Claim of damages” in a separate suit rather than regularizing a transaction which failed.

Naavi

Copy of the judgement is available here

Also see: 
The e-tendering issues in Maharashtra.. “Uploading” is not the same as “submitting” the tender
 The Pandora’s box of Technical Glitches opened….The e-tender judgement in Maharashtra…1

An interesting judgement has come forth from the High Court of Maharashtra in the Shapoorji Pallonji & Company Private Limited vs State of Maharashtra which has debated some less known aspects of Information Technology Act 2000 (ITA2000) and the use of technology in e-Governance. Some aspects of the judgement are presented here for academic information.

Copy of the judgement is available here

The writ petition pertains to the complaint from Shapporji Pallonji & Company Private Limited (SPC) that their tender application made through the e-tender process by Maharashtra  Housing Development Authority (MHDA) was rejected for a technical reason that the tender process was not completed. National Center (NIC) was a Co-Petitioner since they maintained the system. The judgement was delivered on 28th September 2017 by honourable Justices Anoop V Mohta and Smt Bharati H Dangre.

An important observation of the judgement that needs to be taken note of is the statement that

“…it is clear that technology has its own glitches and the moot question is whether such glitches which causes substantial injustice are permitted to be cured manually, when as on today we have not reached a stage where the systems is fool proof and gives a guarantee that it is not susceptible to any error”

“… In the present case we have observed that uncertainty prevails in certain areas and no technology can make the system full proof (Ed: Is it fool proof?..see here or here) and as such a situation where the technology can err, we cannot completely exclude the element of human intervention in exceptional circumstances. Ultimately it is the human being who controls the technology and when it errs, it is for the human being to rectify it”.

“…Since we feel that the technology has failed to serve its intended purpose in the present case, and interest of justice call for intervention”

In summary the Court has ordered that the bid of the petitioner needs to be considered along with the two other bids.

We congratulate the legal team of the petitioner who successfully convinced the Judges that

a) There was a technical glitch in the system

b) The respondent refused to manually intervene and set the adverse effect of the glitch right

c) As a result, a rightful opportunity was denied to the petitioner and public good was adversely affected

With the decision behind us, we can now proceed on the larger impact of the decision on the e-Tender and other e-commerce industry.

Considering that

a) the dependence of the current society on e-transactions is very high, and

b) the technology cannot be fool proof, the possibility of technical glitches real

c) along with malicious interventions of technical nature to subvert an electronic system

a judicial declaration that that “Manual Interventions cannot be excluded in technical processes” opens up a Pandora’s box the impact of which has been ignored by the Judgement.

In order to understand the complications that the judgement can bring in, I recall the judgement of the Sonu@Anvar Vs State of Haryana  on Section 65B of Indian Evidence Act in which a convicted criminal wanted to seek aquittal because the evidence against him was procedurally not certified as required under law.

The technical argument of the petitioner in this case was sustainable and there was perhaps a flaw in the application of criminal justice system. However, the Court in this case came up with a practical conclusion that strict application of the procedure “.. is not in the interests of administration of justice as it would necessitate the reopening of a large number of criminal cases”.

In a developing society we need to appreciate that mistakes do happen and the Courts need to consider the larger impact on the society that their decisions and the possibility of a chaotic situation being created in protecting the genuine interest of one petitioner. A myopic view is often more harmful and could be avoided.

This e-Tender case is likely to be one such case where the decision could create avoidable chaotic disturbance to the e-Commerce industry in general.

I would try to explain more in my follow up article.

For the time being, let’s end with congratulating the team that brought this complicated issue into the discussion table which includes the NIC which caused the problem in the first place by not anticipating the technical problems and putting contingent remedies in place through inadequate testing and documentation.

(continuation article)

Naavi