Friday, November 6, 2015

Perry4Law Leads In Cyber Forensics And Cyber Security Legal Practice Worldwide

When we hear of fields like cyber security and cyber forensics, technology companies come to our mind. As the demands of clients have significantly increased, many non traditional professionals have also started providing services in these areas. One such professional branch is legal fraternity that has started providing services for areas like forensics audit, cyber forensics, cyber security, e-discovery, etc.

In the year 2002, Perry4Law Organisation (P4LO) was established and its segment Perry4Law Law Firm is the first and exclusive techno legal law firm of India. With more than a decade experience, P4LO and Perry4Law Law Firm have catered the needs of national and international clients in various techno legal fields.

Perry4Law has set a trend for cyber forensics and cyber security legal practice worldwide through its domain specific and highly specialised techno legal services. Its research works are frequently cited by scholars at national and international levels. What is more amazing is the establishment of dedicated online resources in the fields of Cyber Law, Cyber Security, Cyber Forensics, E-Discovery, Telecom Laws,  Intellectual Property Rights (IPRs), Corporate Laws, etc.

Praveen Dalal, managing partner of Perry4Law Law Firm and P4LO and leading techno legal expert of Asia, is a strong advocate of Civil Liberties Protection in Cyberspace. He believes that Human Rights Protection in Cyberspace must be Internationally Recognised. He also believes that E-Surveillance Projects of India need Parliamentary Oversight and Judicial Scrutiny.

Dalal is also a strong advocate of cyber and data security.  No Client would be happy if its/his/her confidential and sensitive documents are obtained through cracking/hacking the Law Firm Website or Database, opines Dalal. Perry4Law Law Firm uses the “Best Cyber Security Practices” recommended by International Organisations, informs Dalal.

With international level of techno legal expertise, P4LO and Perry4Law Law Firm are class apart and world leaders in techno legal services. Other Law Firms of India must also start providing services in techno legal fields if they have the requisite expertise in this regard.

Global Techno Legal News And Views By Perry4Law Organisation (P4LO)

Merging of technology and law raises interesting techno legal issues that are not easy to handle. There are very few organisations or individuals that can manage techno legal issues in India and world wide. Perry4Law Organisation (P4LO) is one such organisation that handles unique and qualitative techno legal services in fields like cyber law, cyber security, cyber forensics, e-discovery, etc. One such initiative is known as Global Techno Legal News and Views.
Some of the interesting post of the blog are:

(1) Non Mandatory Aadhaar: The matter pertaining to legality and constitutionality of Aadhaar project is pending before the Supreme Court of India. The Central Government has been maintaining that Aadhaar is not mandatory but for all practical purposes it has been made mandatory by Indian Government.

(2) Digital India: Digital India project of India is an ambitious but troublesome initiative as it is suffering from numerous shortcomings. This is the reason that the Digital India project is heading towards rough waters. In fact, Digital India is the biggest digital panopticon of India so far. There is an urgent need to make it legal and constitutional.

(3) Carbanak Malware: The notorious malware Carbanak was instrumental in stealing about a Billion US Dollars from financial institutions worldwide. Vskimmer Trojan, capable of stealing credit card information from Windows systems, was already in circulation. Similarly, the Malware Dump Memory Grabber was also targeting POS systems and ATMs of major U.S. banks. These malware were creating havoc in India and international levels.

(4) Censorship By Twitter: In an unexpected move, Twitter has been censoring tweets relating to topics like Aadhaar, Digital India, etc. Till the time of writing of this post, Twitter is still censoring topics like Aadhaar, Digital India, etc.

(5) Hardware Spyware: Kaspersky has revealed that intelligence agencies have been using hardware based stealth spyware. These hard drives are manufactured by Western Digital, Seagate, Toshiba and other top manufacturers, thereby making their use a potential cyber hazard.

(6) FBI Search Warrants: Recently a proposal was made to expand the search warrant powers of FBI. Google opposed the same and openly conveyed its dissent for the proposed US Justice Department proposal to expand federal powers to search and seize digital data, warning that the changes would open the door to US “government hacking of any facility” in the world.

(7) Lenovo Adware: Lenovo has been accused of pre installing Adware in laptops thereby compromising their security. Users have complained that a programme called Superfish pre-installed by Lenovo on consumer laptops was “Adware”, or software that automatically displays adverts.

(8) Microsoft Cloud Computing: It has been reported that Microsoft has adopted a new standard for cloud privacy that commits the company to protect the privacy of customers’ data, not to use it for advertisement purposes, and to inform the customer of legal requests for personal data. Google along with other companies has been fighting against e-surveillance activities of U.S. agencies.

(9) Mobile Communications Security: Intercept has recently published an article describing that U.S. and British spies hacked into the internal network of Gemalto in 2010 that is one of the largest manufacturers of SIM cards in the world. They stole the encryption keys used to protect the privacy of mobile cellular communications across the globe. These spies mined the private communications of Gemalto engineers and employees in multiple countries, including India. However, the most interesting revelation comes in the form that GCHQ could not intercept keys used by mobile operators in Pakistan, even though Pakistan is a priority target for Western intelligence agencies. This is because Pakistanis used more secure methods to transfer the encryption keys between the SIM card manufacturers and Pakistani mobile operators.

(10) Lawyers Communications: Recently a British court ruled that the U.S. – U.K. surveillance regime was unlawful for seven years. This means that the regime has also failed to comply with the European convention on human rights. U.K. government is already facing a trial where it has been accused of unlawfully intercepted conversations between lawyers and their clients.

(11) Online Card Games: Some online gaming stakeholders in India have approached the Supreme Court of India to get clarity on the legality of online games like rummy, poker, etc. In response of the same, the Supreme Court asked the opinion of Central Government in this regard but the same has been informally denied by the Central Government. This means that till the time Supreme Court actually says that online rummy, online poker and online card games are legal in India, majority of these gaming stakeholders may be exposing themselves to legal risks and civil and criminal liabilities. Now that the Supreme Court of India has finally refused to decided legality of online poker and online rummy in India, online card games websites may be legally risky if not properly drafted and managed.

(12) Internet Safety Campaign: Indian government has announced that an Internet safety campaign would be started very soon in India. From the media reports it seems that the awareness drive would cover all stakeholders ranging from school level to government departments.

(13) Google Timestamps: In a bizzare manner, Google has manipulated the timestamp of the news titled Digital India, Aadhaar and digital panopticon of India and put the date 27-02-2015 instead of 02-03-2015. This means that news surfers looking for latest news would not get the same and after some time the news would be removed from the relevance search as well. We have also checked the date results and the news was lying on 4th page with other news of 27th February 2015 date. This is a strange behaviour on the part of Google and all such behavioursa of Google are catalogued at the blog titled “Unofficial Websites, News, Blogs And SERPs Censorship By Google“. A mirror of this blog is also available here.

(14) E-Mail Policy: Indian government has been struggling long to formulate and implement the e-mail policy of India. This is important for India as sensitive documents cannot be transferred out of India as per Indian laws like Public Records Act, 1993. Even Delhi High Court is analysing the e-mail policy of India and has shown its displeasure over slow action on the part of Indian government in this regard. It has now been reported that Indian government has decided to ban the use of Gmail or any other private email for official communication across all its organisations, and make it mandatory for them to migrate to email services provided by the National Informatics Centre (NIC).

(15) CISO Of India: In a significant move, the Prime Minister’s Office (PMO) has appointed Dr. Gulshan Rai as the first Chief Information Security Officer (CISO) of India. This would go a long way in ensuring critical infrastructure protection in India (PDF). We also strongly recommend that a revised Cyber Security Policy of India 2015 must be drafted by Modi Government that must address cyber security issues in a more comprehensive and holistic manner. Further, international legal issues of cyber attacks must also be considered well in advance by Indian Government. Perry4Law Organisation (P4LO) has released a research paper on international legal issues of cyber security and cyber attacks and the same can be considered by Indian Government while strengthening Indian cyber security capabilities.

(16) Anti Bullying Committee: Cyber bullying in India is a big nuisance with practically no remedies. However, things would be changed very soon with the issuance of CBSE Guidelines for Prevention of Bullying and Ragging in Schools 9th March 2015, Reg: (D.O. No. 12-19/2012-RMSA-I) (PDF). Due to increasing cases of physical and cyber-bullying of students, Central Board of Secondary Education (CBSE) has directed all its affiliated schools to form an anti-bullying committee. The committee should comprise of vice-principal, a senior teacher, school doctor, counsellor, parent-teacher representative, school management representative, legal representative and peer educators. CBSE also directed the schools to tackle sexual abuses and strictly implement POCSO Act 2012.

(17) Technology Companies Regulations: Dealing with technology and foreign companies is a big challenge for Indian government. Whether it is taxation aspects or applicability of Indian laws to such companies, India has not been able to achieve a success in this regard so far. There is also a lack of legal framework to govern such technology and foreign companies in India as on date. At Perry4Law Organisation (P4LO) and Perry4Law’s Techno Legal Base (PTLB) we have been suggesting techno legal frameworks in this regard from time to time. We at P4LO and PTLB welcome this support of Indian Government and various stakeholders to our suggestions and recommendations from time to time. However, we strongly recommend that we need a comprehensive techno legal framework in this regard especially if we have to make the “Made in India” and “Digital India” projects successful.

(18) Killer USB: A Russian hacker/researcher created a killer USB that can crash the victim system once the modified/hacked USB is plugged into it. The basic idea of the USB drive is quite simple. When we connect it up to the USB port, an inverting DC/DC converter runs and charges capacitors to -110V. When the voltage is reached, the DC/DC is switched off. At the same time, the filed transistor opens. It is used to apply the -110V to signal lines of the USB interface. When the voltage on capacitors increases to -7V, the transistor closes and the DC/DC starts. The loop runs till everything possible is broken down.

(19) Traffic Routing: Networks and systems need to trust each other to make the Internet function in a speedier manner. If one system or service provider falters, the services of other may be hampered. In one such incidence, users around the world were not able to access Google’s service for a short period of time due to a technical glitch. Users were cut off due to the routing leak from Indian broadband Internet provider Hathway. The leak is similar to a 2012 incident caused by an Indonesian ISP, which took Google offline for 30 minutes worldwide.

(20) Grid Security Expert System (GSES): A Grid Security Expert System (GSES) of India has been proposed to be developed by Powergrid. Cyber security of automated power grids of India is need of the hour. It is only after a massive power blackout in 2012 that Indian government has woken up to the dangers of cyber attacks against Indian power sector. GSES would involve installation of knowledge based Supervisory Control and Data Acquisition (SCADA) system, numerical relays and Remote Terminal units upto 132 kV stations and the reliable Optical fibre Ground wire (OPGW) communication system at an estimated cost of around Rupees 1200 crores. The objective of the GSES is implementation of the Automatic Defense mechanism to facilitate reliable and secure grid operation.

(21) Cyber Law Due Diligence: Cyber law due diligence received a major jolt when the Supreme Court of India read down the internet intermediary due diligence requirements. The main problem seems to be reading down of Section 79(3) (b) and Rule 3(4) By Supreme Court in a manner that would be counter productive in the long run. In fact, reading down of Section 79(3) (b) and Rule 3(4) is more problem than solution as the Supreme Court erred in adopting this approach.

(22) SEBI And Cyber Security: It has been reported that SEBI has expanded the ambit of its Technical Advisory Committee (TAC) to include cyber security of the markets. CECSRDI welcomes this move of SEBI and is committed to help it in every possible manner to achieve this benign cyber security objective.

(23) E-Police Station: An e-police station in Delhi would register online FIR for motor vehicle theft cases. The pilot project of the “Motor Vehicle Theft (MVT) Application” is now accessible on mobiles and computers. Presently this facility is available only for police stations in South Delhi and the same will be extended to entire Delhi after sorting out technical glitches and other problems.

(24) Social Media Compliances: Social media websites are not complying with laws of India. India’s struggle against social media websites to fall in line with Indian laws continues even in Narendra Modi’s regime. To make the matter worst we have no social media laws in India or any effective and implementable social media policy of India. Of course, a new framework for use of social media by governmental organisations has been suggested by Indian government in the past but that is of little help in solving the present problem at hand. The real solution, according to Praveen Dalal, is formulation of a techno legal framework that can address the diverse and complicated issues of cyberspace in India. In short, social networking laws in India need clarity and codification.

(25) MPPEB Scam: MPPEB scam has become an investigation nightmare for the law enforcement agencies of India. The credibility and reliability of evidence is in question on the one hand and unresolved cyber forensics issues are on the other hand. Scientific investigation methodology is still to be used in the investigation of MPPEB scam.

(26) IT Subsidiary Of RBI: The Reserve Bank of India (RBI) has showed its commitment to fight against cyber crimes and financial frauds by declaring that an information technology driven subsidiary would be established by it to deal with cyber nuisances. This IT subsidiary of RBI would also deal with cyber security and related issues with a special focus upon banking related technology issues. The IT subsidiary of RBI would also evaluate the technical capabilities of banks that is almost missing as on date.

(27) Privacy Invasive Software: The Supreme Court of India has asked the Indian Government to clarify upon privacy invasive software and mobile applications. Supreme Court of India has taken a serious note of the software and mobile applications that can be used to extract private information from smartphones.

(28) Smart Cities In India: Smart cities in India have been proposed to be established in near future. However, smart cities in India may face cyber security and civil liberties issues that are left unresolved by Indian Government.

(29) Protection Of Good Samaritan: In a welcome move, the Narendra Modi led Government has issued Guidelines on Protection of Good Samaritan While Saving Lives of Road Accident Victims (2015) (PDF). This shows the sensitivity of Indian Government towards the precious lives that can be saved if road accident victims can be taken to hospitals as soon as possible.

We hope our readers would find this post and blog useful.

Source: P4LO.

Cyber Security Law Firms In India

About four years back, India's leading techno legal ICT law firm Perry4Law wrote about cyber security legal practice in India. The article was very clear in its message that techno legal fields like cyber law, cyber security, cyber forensics, cyber warfare, cyber terrorism, etc are not the preferred field of legal practice for law firms and lawyers in India and other countries. The main reason for avoiding cyber security legal practice was lack of expertise to manage complicated cyber security related issues. Only law firms like Perry4Law have been managing techno legal issues of cyber security, cyber law, cyber forensics, e-discovery, etc in India so far.

Then came the positive development and lawyers and law firms
started exploring the areas like cyber law, cyber security, cyber forensics, etc. Although the number of such lawyers/law firms is negligible yet the growing interest in the techno legal fields would increase such numbers in future. Further, techno legal issues would also change the way traditional businesses and transactions would be carried out in future. For instance concepts like cyber insurance, online dispute resolution, e-courts, digital evidencing and e-discovery, media forensics, cyber forensics, etc would be very much used in future.

However, technology laws have their own peculiar problems. Cyber laws are generally curative in nature as against the desirable preventive requirements. They are formulated keeping in mind the crimes/cyber crimes that have already taken place instead of what cyber crimes can possibly happen in future. In short, cyber laws must be “futuristic” in nature as against “historical” in their applicability. This brings novel legal challenges before lawyers and law firms as cyber security legal practice becomes very challenging and research oriented field.

Cyber crimes and cyber attacks have increased tremendously world over. No country is safe from cyber crimes and sophisticated cyber attacks. Despite this position there is no method or procedure to asertain international legal issues of cyber attacks. Perry4Law Organisation (P4LO) has been managing the exclusive techno legal blog on international legal issues of cyber attacks and the same can be accessed here. Further, to spread public awareness in the techno legal fields, P4LO has also been providing global techno legal news and views and the same can be accessed here. A virtual law campus (VLC) has also been launched by Perry4Law's Techno Legal Base (PTLB) so that skills developments in the fields like cyber law, cyber security, e-discovery, cyber forensics, etc can be ensured for various stakeholders including lawyers.

With issues like cyber espionage and cyber warfare, the traditional armed forces and legal fraternity are now collaborating upon a very unique platform where lawyers need to have a sound knowledge of both law and technology. It seems the techno legal community alone would be able to dare to explore issues like cyber law, cyber security, etc in future.