Header image alt text


Building a Responsible Cyber Society…Since 1998

Cyber Laws have been in discussion in India since around 1998 when the first draft was published. After the passage of Information Technology Act 2000, the laws came into existence and started affecting every one of our activities on computer including personal activities such as E Mails, Web activities, Mobile phone communication, etc as well as commercial activities such as  E banking, E Commerce, E Governance etc.

However after 20 years since the draft E Commerce Act 1998 was released by the Government of India, our Courts and Police as also the Lawyers are still struggling to understand and interpret the law. We therefore have difficulties in understanding Section 65B certification of electronic evidence, the legal implication of digital and e-sign, understanding certain crimes such as hacking,  the man in the browser attacks, Viruses, Trojans etc.

Indian judicial system however being an adversarial system, is capable of absorbing inadequate understanding and interpretation of law since the responsibility of the judge is to interpret evidence and arguments as presented by the parties. . At higher levels, Judiciary is comfortable with a state of inconsistency so that every judge takes his own decision based on what he understands of the law and leaves it to the higher judicial authority to correct mistakes if required.

This means, Garbage in Garbage out principle is applicable for our Judicial verdicts. This is acceptable to the Judicial system. But should it be also acceptable to the victims of bad judgements?…a point to ponder

In some strange way, being a country where citizens are tolerant of inefficiency and corruption in all affairs of the Government, Police and Judiciary, we simply shrug off a bad decision and move on.

But one thought comes across my mind when we observe some of the latest developments in technology around us.

First is the advent of  Big Data, Data Analytics, IoT, Artificial intelligence etc which are common discussion points today in the IT industry. We have been discussing what happens to the concept of “Privacy” when “Aadhar” is used as an Universal ID as if it is the biggest challenge before humanity. Silently however, Artificial Intelligence and humanoid robots have made their appearance which will create many new challenges to the Cyber Law makers and Cyber Law interpreters.

Some of the challenges in application of Cyber Law to the current technological developments have manifested in the domain of Banking and Finance. The debate on Block Chain technology Bitcoins, etc are issues that have presented the complications that the new technologies may be creating in the economic world. If a simple negligence in technology implementation in Banking such as not linking SWIFT messaging system to the CBS system, and providing access without robust security  in Banks can give raise to frauds worth thousand of crores and destabilize our economy and stock markets, we can imagine what kinds of upheavals may be caused in the society when the new technology developments such as Artifical Intelligence and humanoid robots take over key decision making process in say our Governance and Military operations.

Parellelly the manufacturing industry is also transforming itself into the Industry 4.0 state where Cyber Physical systems take over manufacturing processes with Artificial Intelligence and Data Analytics supporting the back end decision making process. The manufacturing industry is much less Cyber Law aware than the Banking and IT industry and hence the legal implications of frauds as well as the probability of frauds and crimes occurring in the manufacturing sector is much higher than in the Banking and IT industries.

I therefore anticipate a higher level of problems in the Manufacturing industry in India when the IT professionals try to push through “Disruptive Innovations” unmindful of the “Destructive Impact” on the society.

The Information Security focus therefore needs to be re-directed to address the requirements of the manufacturing industry even while we tackle the issues in the IT and Banking/Finance domains.

The fact that even after 20 years of introduction of Cyber Laws in India, our Legal and Judicial system is yet to understand the law and implement it in a consistent manner makes me wonder, how the Cyber law creators and Cyber Law interpreters would react when the new developments such as “Quantum Computing” becomes a reality.

A few month’s back, I remember that one technologist did ask me in a meeting if Indian Cyber Law is ready to face the challenges posed by Quantum Computing. Though I did state that a “Proper Interpretation” of the current laws could help us interpret the laws whether the information is processed in a classic computer system where data is stored in “Binary” language or in Qubits where the data is stored or processed differently, considering the inability of the system to understand even the current system of laws, it appears as if my optimism may perhaps be misplaced.

For those who struggle to interpret an electronic document created as a sequence of binary interpretation of the state of a transistor, it would almost be impossible to even imagine that a “Transistor” will now be replaced by a “Quantum Energy State” which can take the uncertain  value  of one or zero or both. In such a situation if a hacker has manipulated the back end process and generated a fraudulent output, how do we recognize the “Unauthorized Manipulation of data”, “how do we produce forensic evidence of the manipulation” etc will be a challenge that is not easy to solve.

Add to this “Super positioning” prospect in Quantum computing to the “Entanglement” concept where two states of a data holder can be in physically separated but the state of one could be modified by changing the other, the problem becomes more fuzzy.

If nothing else is certain, the quantum increase in the computing powers of the future generation of computers (working as back end systems driven by quantum computing processing) would need a change in our perception of “Probability of a Cryptographic key being broken”. If the current key strengths become unreliable, we may need to re-think on many of the concepts of information security and make corresponding changes in out laws.

Even today, the Criminal Jurisprudence principle that all evidence should be “Proved  beyond Reasonable Doubt” poses huge challenges when applied to Electronic Evidence. In the Quantum computing era, such issues would be even more challenging.

If therefore we want to upgrade our Cyber Laws from the current state of Cyber Law 1.0 to the era of Artificial intelligence which could be Cyber Law 2.0 and subsequently to the era of  Quantum Computing which could be called Cyber Law 3.0, then our Cyber Law makers need to start acting today in understanding the problems that the new technologies will pose to our Judges who are now in the very initial stages of appreciating the current version of Cyber Law.

Will the Government understand the challenge that the emerging technology in Computer software and hardware will pose?… if so…. when? ….is the question that remains unanswered in my mind.

I welcome the view of the readers… if any


A report in Economic Times today suggests that the IT Department of Bangalore has issued a notice to the E Commerce players Amazon and Flipkart that the customer discounts given by them should be considered as “Capital Expenditure” and not a revenue expenditure.

The move is highly disappointing and will affect Consumer interests adversely besides hitting on Start ups and innovation.

It is a common accounting practice to consider some expenditure as “Revenue Expenditure” and some as “Capital Expenditure” based on the accountant’s perspective of the period in which the benefit would accrue to an entity.

Accounting is always done on a “Going Concern Basis” where it is expected that any expenditure made today is an investment for the long term benefit of the company as an ongoing business. In a “Gone Concern” approach, expenditure is written off immediately since the company is not expected to survive over the long run. Even as a “Going Concern”, certain expenditure particularly of small value is always written off as a revenue expenditure.

In most other expenditure, it is the discretion of the accountant to consider whether the expenditure should be recognized immediately or deferred.

Similarly even an income may be recognized immediately or deferred. Conservative accountancy recognizes expenditures ahead of time and spreads out the income over a longer period.

Deferment of income reduces the current profit in the P&L account while deferment of expenditure increases the current profit.

Taxation authorities are not concerned about the survival of business in the long run and try to maximize their revenue collection by squeezing out as much tax as possible from an entity. In the process, they often “kill the Goose that lays Golden eggs.”. History of many business failures in India can be traced to such irrational action by the taxation authorities in the past.

While certain assesses escape tax liability when they should not, many innocent and honest businesses often end up paying tax when there is no income. (P.S: This is not related directly to either Flipkart of Amazon but is quoted only as a general observation).

The E Commerce Companies are now caught in this battle between the Taxation official’s need to maximize the tax collections and the needs of business to grow.

By asking the E Commerce companies to treat the “Customer Discounts” as a “Capital Expenditure”, the tax authorities are forcing the companies to reduce their write offs during the current year and spread it over 4-10 years. This will increase the profits for the current year and increased tax liabilities.

As a result, the E Commerce companies may reduce the discounts and this will increase the prices to the detriment of the consumers.

The “Discounts” are real reduction of cash profits of the E Commerce companies and not merely a matter of “Discretion”. Hence, the current move is a move to disallow cash expenses and collect tax on profits which are not there.

The argument that the “Discounts” build “Brand” is untenable since the value addition to the “Brand” is only notional and does not convert into revenue unless the business is valued on a “Gone Concern” basis.

In the “Going Concern” basis, the “Brand Value” is only a means of raising capital in the form of equity at higher levels from investors or for better negotiation during mergers and acquisitions.

If “Notional Brand Value” is taxed, then every other expenditure including salaries paid, advertisements etc can also be deferred and current profits inflated.

If the decision to defer is taken by the management to increase the current profits and declare it in their balance sheets, it would be appropriate for the tax authorities to collect tax. But Tax authorities should not become “Accountants” who determine whether an expenditure has to be written off in one year or in 10 years. This is a gross abuse of the powers available to the tax authorities.

By increasing the immediate profit for taxation purpose and penalizing the companies, the cash availability in business will be reduced and this will hurt many start ups and make their business unviable.

We need to remember that E Commerce is not like the old brick and mortar business where there is land and building which keep appreciating over a period though valued only at costs and keep adding secret reserves to the companies. The E Commerce business lasts only for a few years and hence it is not possible to write off expenditure over a long period. Most companies donot exist for 10 years since the business model would become redundant within  3 to 5 years.

The society has migrated in social values and replaced “life long marriage” commitments with  “marriage until divorce” concept. Similarly, business has also re-defined its principles from building an “Institution” to “Creating innovative idea houses”. These idea houses do spend as much as possible now to acquire customers and make hay while the sun shines.

Government anyway earns indirect taxes by way of all the E Commerce sales and the GST ensures that all transactions are accounted and taxed. Hence the Government should not be mean in looking at direct taxation to further squeeze the industry.

There is no doubt a pressure from Offline traders that E Commerce players are providing unreasonable discounts.  These offline traders often conduct part of their business in cash and evade on the taxes. But the E Commerce players account every transactions since not only the sales but also the payments are all made through digital means and Government will get full revenue on the sales without any tax evasion.

Of course, because E Commerce cannot generate black money, they cannot also pay black money to get their liabilities reduced during assessments or bribe the politicians to get favourable policy formulations.

In the “Congress Culture” which Mr Modi wants to get rid off, the policy is to assist more dishonesty in the system because that generates money to the politicians. We suppose that the present Government wants a “Congress Mukta Bharath”. If that is so, the current move on the E Commerce players is considered regressive.

I request Mr ArunJaitely to look into the matter and set the priorities right.