Karnan and Kejriwal Show… Can we handle such exceptional constitutional emergencies?

Posted on May 10, 2017 by Vijayashankar Na

Two events dominated the news rooms yesterday both of which make us sad that the bizarre nature of some individuals are forcing others to consider equally drastic measures to avoid further disasters. Ultimately the society stands divided and bruised.

The first event was the decision of the Supreme Court of India to declare Justice Karnan, a sitting Judge of Kolkata High Court guilty of Contempt sentencing him to six months of imprisonment. Court ordered his immediate arrest.

Kolkata Police ignored the order and did not act in time. This allowed Mr Karnan to leave Kolkata and go to Chennai. Now he is under the Chennai Police jurisdiction and Kolkata police can say that they were not able to execute the order of the Supreme Court. TN Police may find their own excuses not to arrest him and in the end, Supreme Court will be considered as an “Ineffecive Institution” that cannot enforce a simple diktat of causing arrest of its own convict.

The second event was the demo of a self constructed EVM lookalike in the Delhi assembly and showing how it could be manipulated. This was to discredit the Indian election system and undermine the democratic system in India.

The demo was done within the legislative assembly session so that no action can be taken on “Mis-representation” or “Defamation” without the defense of “Privileges of an MLA”. Election Commission will therefore not be able to take any action on Mr Kejriwal or his party for seeding an element of doubt in the minds of people that our election system is rigged.

On a single day therefore the two events have denigrated two apex institutions of our country which should be handy for India-baiters to dub our democracy and judiciary as a farce.

Both Mr Karnan as well as Mr Kejriwal had an agenda of their own, parts of which can be justified. Mr Karnan can say that he was exposing corruption in higher judiciary and he was targetted in counter action. Mr Kejriwal can say that he is trying to rid the election system of a possible vulnerability.

However, the damage that both are doing to the overall system is some thing that needs to be recognized as an “Irreversible Damage”. At the same time, there are enough reasons to believe that both these crusaders have themselves created a situation where there are leaving no choice for others to take drastic decisions.

If others try to follow propriety and honour traditions of decorum, then we may see far worse days ahead. There is therefore a need to cut our losses and take corrective measures before things go more and more out of hand.

In the case of Mr Karnan, who is himself considered as a “Constitutional Authority”, many legal luminaries consider that Supreme Court does not have a jurisdiction to order arrest or curtail his judicial powers. They suggest that the only way his powers can be taken away is through a process of “Impeachment” knowing fully well that he would retire much before such action can be taken.

At the same time, supporters of Mr Karnan forget that it was even more unconstitutional for Mr Karnan to don his Judicial hat and pass orders of arrest and five year imprisonment on 7 senior judges of the country including the Chief Justice of India. These seven judges together have the powers under the constitution to even amend the Constitution itself. To argue therefore that they donot have the powers to order disrobement of Mr Karnan is “hair splitting”.

Also, in case no restraining action is taken, Mr Karnan could pass other bizarre orders including arrest of the Prime Minister and perhaps even the President of India and claim that he has all the powers to himself. It was therefore inevitable that the Supreme Court had to move and take action which can be called one of the “Rarest of Rare” situations.

Mr Karnan has not only denigrated the superior Judiciary but also brought “Caste” into judicial decisions and for this alone he deserves to be dumped into oblivion for ever, though it is impossible to undo the seeds of doubt he has injected in the minds of the citizens of India that judges are always looking at the Caste and Religion of the litigants and the advocates. This is a great disservice to all the honest judges who have treated the profession as a noble responsibilities beyond the normal discussions of caste, religion or politics.

I am aware that many of my friends in the Legal circles would not be happy with this view but the situation is similar to what a doctor faces when a limb has to be amputated to save the body.

Now the Supreme Court has to demonstrate that they can cause the arrest of Mr Karnan even if he has run away to a sanctury and may go into hiding until the heat subsides. Otherwise how can Supreme Court think that persons like Mr Vijay Mallya will respect the Court?

Coming to Mr Kejriwal’s theatrics, he used one of his MLAs to demonstrate that EVMs can be hacked. But what the AAP MLA Mr Saurabh Bharadwaj has done is to construct a device of his own and demonstrate how it can be hacked. This is a complete fraud enacted to fool the public. The objective is to create a fear among the public that our election system is unreliable and is manipulated by persons in power.

Mr Bharadwaj has not used a genuine EVM but his demonstration was meant to present his device as a genuine machine. There was therefore an attempt to impersonate the fake EVM as the real EVM. Using such a fake device, he is demolishing the foundation of democracy in India. The EVM system which is being hailed as a model by many other nations, is being denigrated so that India could suffer an economic loss and reputation loss in the global market.

All this together should qualify the demo as a punishable offence. It can be debated if his action could even be considered as an act of “Cyber Terrorism” since he used a “Computer Contaminant” to manipulate a “Lookalike EVM” and his intention was to give an impression that he is demonstrating the “Hacking of a genuine EVM”. Though he may be unsuccessful, it is definitely an “Attempt” to create a fear in a section of the society that our democracy has been undermined by the Election Commission at the behest of the ruling party.

However, since the demo was conducted within the precincts of the Assembly session, it may be constitutionally improper to take legal action except with the permission of the Speaker which ofcourse would not be forthcoming.

This again means that if legislative power is in the hands of people like Mr Kejriwal, they would even commit a murder inside the Assembly and exercise their privilege to bar investigation.

It is therefore necessary for the Election Commission and the Government of India to devise a means by which Mr Saurabh Bharadwaj is brought to book for an “Attempt to Destabilize the Democracy of India” under the appropriate legal provision.

Unfortunately neither the Supreme Court may be able to cause the arrest of Mr Karnan nor the Election Commission may be able to take action on Mr Surabh Bharadwaj. It is the Citizens of India who will be kept wondering that when people with power lose their mental balance, they will become the greatest risks to the country and our system is unable to control such mavericks.

I understand that in the US constitution, there is a provision that if the President is suspected to have lost his mental balance, some of his subordinates such as the Secretary of State, the Vice President, the Speaker and the Chief Justice may take a collective decision to remove the Presidential powers.

We need such a power to be exercised now to remove Mr Arvind Kejriwal and Mr Karnan from their respective constitutional positions without the usual procedures such as an “Impeachment” or “No Confidence Motion”.

May be it is time to consider suitable constitutional amendments to make emergent decisions possible in emergent situations…. without of course re-concentrating the powers in another single office including the Prime Minister or the President.

May be the President, Prime Minister together along with the Defence Minister,Chief of Defence, Chief Election Commissioner, Chief Justice of India, Speaker of the Loksabha, and the leader of the recognized opposition party, etc could be declared as a collective body to take such decisions on which the Constitution currently is inadequate to address.

….A point for debate

Naavi

Update: 11th May 2017

As anticipated, Mr Karnan is playing hide and seek and Police parties are shuttling between Kolkata, Chennai, Tindivanam (TN) and Kalahasti (Andhra) to locate him. In the meantime it is reported that he would be filing a petition challenging the order of the Supreme Court in the Supreme Court itself and has successfully executed an affidavit before a notary in Chennai without the Police being able to locate him.

The game perhaps is to extend this hide and seek, filing a review petition, seeking a stay etc until he retires or until the Supreme Court gets tired. Mr Karnan with all his experience is teaching people like Mr Vijay Mallya some tricks.

We would not be surprised if he turns into a successful practicing advocate after his retirement and replace the aging Mr Ram Jethmalani in defending Mr Kejriwal pro bono.

Also Read:

Justice Karnan Esclates fight

A Sad day for Indian Judiciary

Cyber Law Compliancy and Electronic Voting

EVM Controversy

Posted in Cyber Law | Leave a comment

Google Mobile Ad server has a serious vulnerability.. Mobile App owners..please take care

Posted on May 9, 2017 by Vijayashankar Na

Many of the app developers develop interesting and useful mobile Apps which are offered free and supported by Ads from Google.

There is no doubt that the creator of the Ad is entitled to monetize his creative work and we also appreciate that Google provides a reasonably good option to monetize and the system needs to be encouraged.

However, one of the risks that such App owners who allow ads to be served from a third party face, is the possibility of law infringing advertisements being served by the Ad servers.

All Ad service providers therefore need to take care that no advertisements which infringe the laws are served when the App is being used by the users.

I had recently (5th March 2017)  came across an incident where an app “A2ZKannada” which provides Kannada radio stations on the mobile displayed an ad on the android mobile with a link to a pornographic site. I notified the same to the app owner who informed as follows.

” Yes the app is ours. Thanks for the information regarding the inappropriate advertisement in our app. Actually its from Google Admob services. We are unaware that Google is approving these ads.

We will investigate this and bring this to attention of Google. If possible please let us know the name of the site that was advertised.  Thanks again.”
However, since I had not recorded the ad, I could not provide full details.

Today, I observed the same ad being displayed on another app.

These ads obviously appear randomly and it is difficult for us to reproduce the same. However, I have provided the date and time of the display and I am sure that Google already has information on who all visited the app at that specific time or there abouts. If Google asks, I am willing to give my mobile information to pin point the incident.

I have information that in the previous instance, the Company contacted Google but could not get any response.

I would like to reiterate that displaying links to “hot video” could be considered as an offence under Section 67,67A and 67B of ITA 2000/8 and the offence would be extended to the CEO and other officers and directors of the company owning the App through the operation of section 79 and 85 of the Act. Hence the App owners cannot take this lightly and brush aside as a technological aberration.

The App owners would have signed an implied contract with Google which should be considered Google as also an intermediary and responsible and liable for similar punishments.

However, if a complaint is actually made, then the Police are more likely to catch hold of the App owner and leave out Google.

It is therefore essential for all App owners using Google Ad service to immediately notify their Google Ad contact with a message to the equivalent of the following.

” We on behalf of ……….., a customer of your Google Ad service with the ID ….. hereby bring to your notice as follows:

We understand (Refer: https://www.naavi.org/wp/google-mobile-ad-server-serious-vulnerability/  ) that  there is a possibility that the ads served by your Company may be violative of the laws prevalent in India and may render us for penal legal action.

We request you to kindly note that under Information Technology Act 2000/8 applicable to publishing of electronic documents, display of ads that link to pornographic content which have been referred to in the said article are liable to be considered as a punishable offence.

We also foresee the possibility of other kinds of offensive ads including racist or terror promoting ads being displayed in similar circumstances exposing us to grave risk of loss of business, reputation and even imprisonment.

Since we donot have any control on the ads served, the entire responsibility to avoid such ads lies with you and you are deemed to have indemnified us completely from the legal consequences arising out of such ads.”

Please ensure that the e-mail is digitally signed or use the services of ceac.in which will provide free notification service as a special case with Section 65B certification of the notice having been sent to the given Google Ad contact. The App owners may also use the services of cyber-notice.com which will also be provided free for this incident reporting.

As regards Google Ad managers, I would like to state that

“The incident indicates that there is a vulnerability in their filter mechanism and this particular ad seems to be getting through whatever filtering mechanism you might have built. I consider this as a “Bug” in your system.

I am aware that your system largely is well designed and does prevent such occurrences most of the time.

Probably such ads are also legal in certain countries and the filter might have failed in identifying the country of origin of the visitor.

You are required to investigate these incidents seriously and let me know how you are eliminating the bug.

Now that you are notified publicly, if the bug is not rectified and in the next such occasion some visitor files a criminal complaint against the App owner and Google, your company would be liable for the consequences. Such liabilities include the possible imprisonment of your officers working in India. I therefore expect that Google will not neglect this open complaint and take necessary action.”

If any other App owner or member of the public observe similar ads being displayed in any App or website, kindly let me know.

Naavi

Posted in Cyber Law | Leave a comment

American Health Care Act 2017.. Will it benefit Indian IT Companies?

Posted on May 8, 2017 by Vijayashankar Na

India has a high stake in the American Health Care industry since there is a huge IT spending by the Health care and Health Insurance industry in USA which also gets reflected in the outsourcing market. It is for this reason that HIPAA and HITECH Acts have been of interest to India as  prime Privacy and Information Security regulations which the Indian Business Associates of US Covered Entities were mandated to implement.

Even while the Indian industries are waiting for our own versions of HIPAA through the proposed Health Data Privacy and Security Act and the proposed Data Protection Act of India, HIPAA-HITECH Act provisions continue to be a “Best Practice Standard” for Indian companies exposed to Health Data which is classified as “Sensitive Personal Information” under Section 43A.

Hence any changes in the US Health Care market needs to be closely monitored by Indian companies to assess the financial impact that these regulations may have on the Indian companies. In this context the recent changes in the US in Health Care legislation needs to be watched by the Indian IT industry.

One of the election promises made by Mr Donald Trump was to repeal the present Affordable Health Care Act (ACA) regulations referred to as “Obama Care” and replace it with a better legislation. Now the US Congress has passed the “American Health Care Act -2017 (AHCA)” repealing the Obama Care with “Trump Care”. It has to go through the formalities of being passed by the senate before the President can proclaim it as a law.

The Trump Care does not affect HIPAA or HITECH Act provisions of Privacy and Information Security and hence it does not affect the HIPAA stakeholders both in USA and India. The Obama Care and Trump care both address the Health Insurance industry and the extent to which the citizens of USA should be provided with health insurance subsidized by the Government. Obama Care mandated “Health Insurance for All” and created an IT infrastructure for registration of individuals and for marketing insurance policies etc. People were made to obtain insurance if their income is above a particular limit or pay a tax penalty. If they were below an income limit, the Government would subsidize their premium. The entire project created a large IT business in USA, some of which must have benefitted Indian Companies also.

Trump was of the opinion that Obama Care was not feasible and the insurance companies were increasing the premia to an extent that there would be an unreasonable burden on the Government. Hence he wanted substantial changes or a replacement of the old act with a new act.

Under the new AHCA, it is not mandatory for everyone to take Health Insurance. If some body wants to take a new policy or renew a discontinued policy, when there could be pre-existing conditions, then the insurance agencies can charge a penal premium.

Also the cut off income for subsidization of premium has been brought down reducing the incidence of subsidy in the country as a whole.

Further there could be changes on existing policies with the States could introduce options to leave out some protections.

All this means that there has to be a tweaking of the insurance related data and a complete overhaul of many accounts.

This means that there would be another rush of IT work for making the changes in the accounts of individuals, removal of some from the subsidy scheme, changing the coverage etc. Essentially it could be a low end data updation work part of which could be automated or managed by the customers themselves. However the insurance companies need to revise their terms of insurance and hence IT work related to it would arise.

In summary we can therefore say that the switch over from Obama Care to Trump care would not affect the compliance requirements under HIPAA but may provide additional business for outsourced IT managers, subject of course to the new push for more domestic work force which Mr Trump wants.

Naavi

Related Article in Foxnews

Posted in Cyber Law | Leave a comment

Wipro under Cyber Terror threat..”Breaking Bad” in action

Posted on May 7, 2017 by Vijayashankar Na

It is a grim reminder to the hard times we live in that a threat has been made to WIPRO stating “If a ransom of Rs 500 crores is not made in “Bitcoins”, there would be a “Bio Attack” on Wipro employee’s through a poisoning of their  food chain system or through a drone dispersion of poison through air”. The implication of the threat received by WIPRO seems to be that RICIN,  a “Poison” extracted from castor seeds would be used to cause extensive death within WIPRO.

I consider this not as an issue concerning only WIPRO. This is a Terror threat and the risks may extend far beyond WIPRO. Hence let us proceed to start an extensive debate on the subject starting with this article.

What is RICIN Threat?

“RICIN” is a natural extract from Castor beans and is said to be easily extracted from waste dumps from castor oil processing industry. It can be transmitted through food, water, air or touch and causes death if ingested in lethal dosage. There is no antidote or vaccine available at this point of time to public for Ricin poisoning. But flushing out the poison from the system may help in survival of the victim if undertaken quickly.

Ricin became a household name because of a popular TV serial “Breaking Bad”  aired in US channels. In this serial, it was repeatedly referred to for killing some body without leaving a forensic trace in the body. It can be used as a powder, a mist, a pill or pellet, and can be dissolved in water and other liquids. This means that a person can contract Ricin poisoning via inhalation or ingestion or through touching a poisoned material such as a letter.

From the medical information available about RICIN poisoning, we understand that

The initial symptoms of Ricin poisoning depend upon both the degree and route of exposure.  It may include Fever, Vomiting, Nausea, Severe cough, Abdominal pain, Diarrhea, Dehydration, Flu-like symptoms. Symptoms may occur 12-24 hours after exposure and death can be caused within 72 hours.

(Hence doctors do not have sufficient time to exhaust all “Tests” before deciding on the course of treatment and should not waste time in recommending tests of various kinds.)

Symptomatic poisoning requires to be treated by giving victims supportive medical care to minimize the effects of the poisoning. It is suggested that Care could include such measures as helping victims breathe, giving them intravenous fluids giving them medications to treat conditions such as seizure and low blood pressure, flushing their stomachs with activated charcoal (if the Ricin has been very recently ingested), or washing out their eyes with water if their eyes are irritated.

(This means that the patient should be immediately moved to a proper hospital and medical practitioners should avoid taking the risk of waiting for the symptoms to subside in the ordinary course.)

The medical fraternity may take suitable steps to spread awareness of RICIN poisoning and its symptoms to all medical practitioners.

Now let’s come back to the news report and what the Police can do following the reporting of the incident. The threat has come through an e-mail in the name of Ramesh2@protonmail.com which obviously is a fake ID and requires effort to decypher.

Incidentally, the “Privacy” supporters who often cry foul whenever “Security” concerns are raised and swear by the ToR browsers and the anonymization of internet communication, should now realize what is the threat of such unhindered anonymity.

Similarly, the “Bitcoin” supporters also need to realize how “Bitcoin” has irrevocably become the currency of the terrorists.

Our security response to the incident should be comprehensive and address all direct and indirect issues that enable such terror threats to be held out even in future.

We may try to understand the full details of information available in public domain through this  news report

According to this report,

The anonymous email has been sent to multiple recipients, including senior officials of the firm, on 5th May 2017 and claimed that if the Rs 500-crore payment was not made within May 25, the sender would attack Wipro offices in the city using Ricin. The email has reportedly stated that Ricin would be used through food served at the cafeteria, disperse it using a flying drone or even on the toilet seat or the toilet paper etc”

The sender has also reportedly claimed that he has isolated 1 kg of high-quality Ricin and would be sending 2 grams in envelopes to one of Wipro’s offices in the city in the coming days to prove that he was not bluffing. He has also cautioned the firm to be careful while dealing with his ‘sample dose’.

The email according to the report also contained the link to a news item about the mysterious death of 22 stray dogs at Baranagar in Kolkata, uploaded on the portal of a leading English news daily. The incident occurred on January 21 in Baranagar locality where the carcasses of 22 dogs were found on the road near a construction site. The sender claimed that he had isolated a high-quality, beta strain of the toxin and had tested it on those dogs.

Now it is reported that a case has been registered by Bangalore Police under as a “Cyber Terrorism” (Section 66F of ITA 2000/8).The threat to use  a Drone to sprinkle RICIN is interesting as it amounts to use of a “Cyber Tool” to intrude into  WIPRO territory without authorization. Additionally, the threat will also be considered as a “Terrorist Act committed with the use of electronic documents” under other Acts. However there is a need to ensure that the Police donot stop serious action after the registration of the complaint.

Considering the complexity of the investigations, there is a need to declare a “Serious Terror Threat Alert” across Bangalore, and a massive effort to be launched to identify the root of this e-mail threat.

In my opinion, the threat is serious enough to call the NIA and also invoke international cooperation forthwith.

It is recognized that the e-mail is a “Terror Threat” and those who have sent the e-mail and all their accomplices would face a “Life Imprisonment”. If even one person dies from RICIN poison, then the sender of the e-mail and all his accomplices would face “Death penalty”.

In this context, there are several initiatives that the Bangalore Police need to take, some of which I try to list here.

  1. Police should first declare the implication of the case being registered as a terrorist act through a public notice in all TV channels and Press. It should be made clear in this notice that the e-mail threat is being considered as a “Terror Threat” and the perpetrators face the prospect of “Life Imprisonment” and “Death Penalty”.
  2. Police should also make it clear that any person who has information leading to the detection of the sender of the e-mail would be rewarded if he comes up with the information and shares it with the Police.
  3. Police should also make it clear that those who may have information about the sender of the e-mail and does not share it with the Police voluntarily will be considered as “Co-Conspirators”, “Preventing Law Enforcement from catching terrorists” and would be considered as guilty of the same offence which has “Life Imprisonment” and “Death Penalty” as possible punishments.
  4. Police should also make it clear that “Persons who may have information about the sender of the e-mail” could be his friends, colleagues, family members and even the several service providers involved in sending of the e-mail which could include Protonmail.com since the e-mail is said to have been sent from an address “Ramesh2@protonmail.com”
  5. It is possible that the sender of the e-mail could be an “Insider” and there is a reasonable probability that the threat might have come from one of the frustrated dismissed employee or any of the current employees who is disgruntled in some way.
  6. It is possible that it is only to create panic and the threat may not be executed.
  7. If the perpetrators are only disgruntled employees and not hard core terrorists, Police clarification that this is a “Cyber Terrorism” may make them realize the enormity of the problem that they have unleashed on themselves.(May be by ignorance)
  8. If the Police promise that any person who voluntarily gives himself up may be considered as “Not having the malicious intention to carry out the threat”, and therefore charges under Cyber Terrorism would not be pressed, perhaps the persons who have committed the offence or any of their friends and family members who wish that the person would at least not be tried for a “Life Imprisonment” or “Death Sentence” even if they have to face the charge for a financial crime involving “Extortion Threat”, may be willing to surrender with information.

If the above strategy fails to make the sender of the e-mail come out within the next 24 hours, we should escalate the issue from local police to NIA and treat is as a national emergency.

The CERT-In should also walk in today voluntarily to assist WIPRO information security team, the local Police team as well as the NIA and help forming a multi disciplinary “Crisis Management Team”.

If the matter is left to the Police alone, there is a possibility that the investigation would drift. There will also be inter agency rivalry and other issues that may interfere in quick resolution of the problem. Country cannot afford any such inefficiencies to affect this investigation.

Some of the actions that need to be taken in the context of this threat could be…

  1. We should recognize that though the threat has now been made to WIPRO as a financial ransom call,  this could be used by a terror organziation (Such as ISIS) without a financial motive to cause indiscriminate loss of life.
  2. If so, this threat to WIPRO could be a diversion and the real attack may come elsewhere..could be another IT company, another industry or a five star hotel or any other large congregation of people.
  3.  Action should be initiated to ensure that any such organization of large gatherings where there would be central food distribution is aware of the threat.
  4. Advisory should be selectively issued to all organizations managing centralized kitchens serving food to a large number of persons. The food managers of these establishments have to be called for an awareness briefing and security hardened across the State.
  5. The medical community in Bangalore and hopefully across the State should be alerted about the “Symptoms” and “Response to a suspected RICIN poisoning case”. It is generally understood that if a lethal dose of RICIN is ingested either through food or through air or skin, there is no antidote. However according to some medical advisory, an immediate attempt to remove the poison from the body could help. (Refer here for more details)
  6. We should be alert to other forms of RICIN attacks through letters etc which have been reported earlier in USA (Refer article in slate.com)
  7. India should immediately make a firm declaration that “Bitcoin” is a “commodity” that is banned in India and anyone who is in possession thereof must surrender it to the Government for exchange or face criminal action for possessing a “Banned Tool of Crime”.
  8. Police should alert all Castor oil processors to account for waste disposal and also identify if any large stock of Castor Oil waste having been bought by any person and if so whether such purchase is linked to this threat. (Or could in future become another threat unconnected with this).
  9. There is a report that antidote has been developed by UK and US Military though they might not have been tested on humans properly. Indian Government should get in touch with these authorities and invite them to join the disaster management team with some stock of sample antidotes so that they can be used if necessary.
  10. There are many leads that the reported incident provides from which it should be possible to identify the sender of the e-mail even if he has used a proxy server. These cannot be discussed in a public forum. Also the Police investigators are much more intelligent than what observers like us can ever be and they should be already on their job. The only thing required is to give them a free hand in the investigation.
  11. I therefore reiterate that giving assistance to Cyber Police of Bangalore in all manner is the prime responsibility of any citizen of Bangalore who is alarmed by the threat.

There could be many other angles that need to be explored. But the key evidence lies with WIPRO which is reportedly is “Tightlipped” about the incident. While being “tightlipped” with the media is fine, WIPRO should voluntarily invite CERT IN and NIA to join the probe immediately and share the evidence available with it. It should be ensured that no evidence is destroyed during the internal investigation either by mistake or deliberately.

It would help the investigation if all available resources national and international are gathered for effective investigation. I call upon the PMO to advise the necessary agencies to set up a “Serious Cyber Incident Management Team” and proceed for investigation.

As regards trying to persuade the offenders to surrender, even if the Police fail to issue their own public notification as I have suggested,

this article published on the internet is a public notice. Hence any person having a knowledge of the crime should consider themselves notified that they would be considered accomplices of the terrorist act if they donot immediately disclose information within their knowledge to the appropriate authority.

This is also a friendly advise to the person who has sent the e-mail and his friends and relatives, that if any of them come out voluntarily and disclose useful information, and/or surrender, the charges on “Cyber Terrorism” may either be dropped or may not easily sustain in further trials and they will face a lesser charge and lesser punishment than life imprisonment  or death penalty.

In particular, I request the family members and friends of the sender of the e-mail to either persuade him/her to surrender or voluntarily disclose his identity for his/her own good. If they have any difficulty contacting the Cyber Crime Police of Bangalore for this purpose, they are welcome to contact me for guidance.

Hope this incident will not materialize in all its ugly manifestations that it threatens. But there should be no complacency either by WIPRO, CERT IN or other establishments including the State and Central Governments.

I am forwarding a copy of this article to the new CERT IN Director General and hope he would swing into action before the end of the  day if he has not already done.

Naavi

Also Refer:

Regarding the stray dogs killed

Beware of Cyber Stone Pelters

Update: 8th May 2017

The complaint has now been transferred from the Cyber Crime Police Station to Bellandur Police Station and the investigation is likely to continue as a terror threat in the physical space. It is likely to be treated as one of the many e-mail threats that float around.

The charges under Section 66F are likely to be replaced with Section 66C/66D along with sections from IPC and Unlawful Activities Prevention Act. There is no indication at present of the incident being treated seriously and hence no NIA angle is likely to be there.

Let’s hope that the threat remains a prank and does not escalate.

 Update: 11th May 2017

Also see report in ISMG

Posted in Cyber Law | Leave a comment

Mr Jaitely should introduce tax reforms in ” Pricing of Body shopping contracts” to counter US and Australian VISA restrictions

Posted on May 3, 2017 by Vijayashankar Na

US and Australia are talking of tightening their VISA rules to protect their domestic employment and in the process are hurting the profitability of Indian companies.

At this time it is necessary for Indian Government to come to the assistance of Indian companies in such a manner that the Indian companies are not unduly hurt by the unfair policies followed by the foreign Governments.

While US and Australia will hurt India through the VISA policies, EU will hurt India through its GDPR imposition which will increase the cost of data processing in India. Cumulatively, Indian IT industry is facing a challenge ahead which will reflect in lower employment in the Engineering sector in the immediate future.

Initially, I was under the impression that the Indian IT companies may be able to convince their customers to “Work from India” which would have actually increased the employment potential here. It would also prevent the brain drain and hence I considered that the Trump measures would actually benefit India.

However, from my preliminary interaction with some software professionals, it appears that the existing clients in US or elsewhere are unlikely to agree for the work to be shifted to Indian centers as an outsource contract so that the cost structure can be preserved in the existing contracts. They would like the work to be done at the existing cost parameters absorbing the higher costs of VISA or higher cost of local employment.

This is unfair but is a factor which industry competition alone can resolve. But Indian Companies donot seem to have the courage to take on their clients and would prefer to buckle under pressure. Considering the recent announcement that INFOSYS would create 10000 jobs in US, it appears that these IT companies will not use this opportunity to increase the employment opportunities in India. Instead they will become employment creating agencies for the US and Australia.

It is therefore necessary for Mr Arun Jaitely to find some means by which incentives are created for Indian companies to create jobs in India and disincentives for the IT companies preferring to work as job creating agents for foreign Governments.

At the same time, we need to create incentives so that foreign companies interested in creating employment in India are encouraged.

If the objective is recognized and accepted, I am sure that Mr Jaitely can find the means of incentivisation and disincentivisation through his next budget to ensure that more IT jobs are created in India than what is lost through the new immigration policies in USA and Australia.

The EU has indicated a new principle where by the “Global Turnover” is taken as a basis for imposing penalty for data breach or non compliance of GDPR regulations. If EU can dip into global activities of a company for data breach affecting the privacy of EU citizens, we should take a cue and take cognizance of companies both Indian and foreign making profits by creating jobs in India or in their own country in a proportion that shows discrimination.

In general, if a Company enters into a contract where by a work which can be done by a work force X of which x1 is employed in India and x2 is employed in another country of the contractor’s choice, the global employment potential of a contract and how it is distributed between the two countries should be taken note of in imposing a “Balancing Tax” so that the profitability of the contract is neutral to the distribution of employment expenditure between the two countries. If the global manpower expense under the contract is N and n1 and n2 are the expenses in each country, then the “Employment Balancing Tax” should be levied on the company in the proportion in which the manpower productivity is distributed.

I am aware that the proposal may be considered bizarre, complicated and even be questioned under the international treaties. But  we need to make US and Australia realize that we want to be fair in promoting free trade and only want freedom to shift the work to India if it is technically and functionally feasible.

Obviously, we cannot shift physical construction work from one country to another but the IT work can be shifted since today Virtual Workers can be as effective as physically present workers.  The proposal is therefore more directed towards IT companies and IT contracts.

Hence I suggest that “Anywhere Employment” should be the basic theme of all international contracts and any contract which forces a skewed distribution of manpower should be considered as a violation of free trade principles.

All contracts will have a “Body shopping” component where it can create jobs in either country without affecting the functionality of contract execution. We can therefore consider as in the case of “Transfer Pricing”, subjecting all International contracts of “Body shopping” to some taxation based control that brings a balance in the employment creation in both India and the contracting country.

Comments are welcome….

Naavi

Posted in Cyber Law | Leave a comment

Can Evidence be admitted even if obtained through illegal or improper means?

Posted on May 1, 2017 by Vijayashankar Na

Recently, a question was posed to the undersigned about the acceptability of evidence when there is a challenge that the evidence was obtained through illegal means. Following is my reaction to the query.

There have been many occasions in which an Indian Court had to debate whether an evidence can be admitted when it is brought to its notice that the evidence was obtained illegally. Most of these cases in the past have arisen on account of the Government tapping the telephone conversations and it has been challenged either as “Improper” or “Illegal”.

Illegality arises when the person has obtained an evidence by deceit, stealing or in the case of Cyber Evidence, by “hacking”. Impropriety may arise when there was a legal means and a procedure for collection of evidence which was not followed.

Obviously, it is easy to assume that “Procedural Irregularities” can be condoned but human rights activists often raise objection when evidence has been obtained through illegal means.

The opposition to the Courts accepting an illegally obtained evidence stems from the fact that it may violate the “Constitution of India”, the “Right to Privacy” and such other principles which are dear to some activists and even some Judges.

In many cases of matrimonial disputes, the spouses often plant spyware in the other spouse’s phone or computer and gather incriminating evidence. We had recently reported a West Bengal Adjudication verdict  in which a husband was fined for violating the privacy of his wife when he extracted evidence supportive of his matrimonial dispute case by means which were held violative of the privacy of his wife.

There are also instances when some resort to hacking of face book or gmail accounts to extract evidence.

In all such cases the counter party has a case against the party which has obtained evidence that it was obtained illegally and hence should not be admitted.

However, a series of Indian judicial decisions have held that an evidence is admitted if it is “relevant” though it was obtained improperly or illegally.

Hopefully the matter is considered a settled view since according to this Business Standard Report, the Bench headed by Justice B.S. Chauhan has stated,

“It is a settled legal proposition that even if a document is procured by improper or illegal means, there is no bar to its admissibility if it is relevant and its genuineness is proved. If the evidence is admissible, it does not matter how it has been obtained,”

It must however be noted that once a person adduces some evidence, it is an admitted evidence  against him and  can be used against him if required.

Hence when an evidence is presented which has been obtained illegally, it is open to the Court to accept it and proceed with the trial in the subject case where it was presented as evidence. At the same time  a separate action may lie against the person who obtained the evidence in violation of some law.

Hence parties should weigh the pros and cons of presenting an evidence obtained illegally before a Court. Police may however use the evidence during the preliminary investigation and for interrogation so that they may be able to unearth further evidence through legal means which can be used in the Court.

Considering the inconsistency that prevails in the Judicial system and the views of different judges, it cannot however be ruled out that Judges may selectively accept or reject evidence based on whether it was obtained improperly or illegally and the degree of illegality involved.

In some of the matrimonial cases as was referrred to earlier (West Bengal Adjudication) the illegality was only restricted to using of a shared password between husband and wife or “access to a system exceeding the authority provided by the owner” (Section 43). Such contraventions may be considered as “Technical Overreach” by one party and is unlikely to be strong enough a reason for rejecting the evidence (if it is relevant).

However, an operation like a “Sting Operation” where inducements are thrown out to tempt a party to transgress law (eg: corruption cases) which are similar to operating “Honey Pots” or policemen trapping sex predators on the chat rooms, could be falling in the grey area of whether the evidence should be accepted or not since these could be “evidence that is created by the person when it did not exist in the first place”.

Again, when an evidence which is present some where (say a Computer or Mobile or Private page of a Facebook, Encrypted Message etc) is extracted for presentation in a Court  as defense in a case brought on the person who is presenting the evidence, it should be considered as a legitimate reason where the evidence should be admitted even if the manner in which it was obtained was not entirely above board.

In the case of offensive action based on such evidence, Court may exercise its discretion whether the evidence was collected as it was present and not created out of an inducement and therefore there was a duty to bring out truth before the Court of an offence already committed by the accused for which the evidence was collected.

Comments welcome

Naavi

Also Read :

A Research report  on 2013 Law Commission report 

1983 Law Commission report

Reference Article-1

Reference Article-2

Reference Article-3

Delhi High Court Judgement-2012 (Digambar Khattar Vs Union of India)

Posted in Cyber Law | 3 Comments