Indians Must Block And Destroy Their Biometric And Deseed Aadhaar From All Services Opines Praveen Dalal

Aadhaar has created serious constitutional, civil liberties and cyber security problems in India. Indian government and Supreme Court are not interested in rescuing Indians from this precarious situation. Clearly India is heading towards dystopian and totalitarian state and something has to be done right now to counter this position.

We have suggested few strategies to Indians so that they can escape from being digital slaves forever. These include:

(a) Blocking of your biometric at UIDAI website and never using Aadhaar again for KYC or EKYC purposes in future,

(b) Deseeding of Aadhaar from all services, whether government or private, where you have seeded the Aadhaar, and

(c) Asking the UIDAI and Supreme Court to delete your biometric database from UIDAI registry and any and all other places where your biometric have been stored.

According to Praveen Dalal, it is pertinent that you must go for biometric blocking and Aadhaar deseeding together and not in isolation. Neither blocking of biometric nor deseeding of Aadhaar from all services without blocking of the biometric is sufficient in itself.

Once the biometric have been blocked and Aadhaar is deseeded from all government and private services, ask UIDAI, Indian government and Supreme Court to destroy your biometric to prevent any future misuse of the same.

Cyber security of Aadhaar and its biometric database is very poor by design and implementation. It is better to safeguard you interests, including your civil liberties, than being sorry in future. So start blocking your biometric at UIDAI, deseed Aadhaar from all services and demand for destruction of biometric from all places.

The Constitution of India and your Fundamental Rights empower you to take all these actions. Neither Indian government nor Supreme Court of India can restrict you from doing above mentioned three activities of blocking, deseeding and destruction of biometric database of Aadhaar.


General Guidelines For Securing Identity Information And Sensitive Personal Data Or Information In Compliance To Aadhaar Act, 2016 And Information Technology Act, 2000

Recently the Meity released guidelines pertaining to data security for various government departments. The guidelines intend to assist government departments that collect, receive, possess, store, deal or handle personal information including sensitive personal information or identity information to implement the reasonable security practices and procedures and other security and privacy obligations under the IT Act, 2000 and Aadhaar Act, 2016.

While the IT Act 2000 has become grossly outdated yet the constitutionality of Aadhaar Act, 2016 is already questioned before the Supreme Court of India. Further, the guidelines are general guidelines meant for guiding the government departments and lack enforceability capability. In any case, enforcement of laws in India is very poor especially when it comes to enforcement of cyber law and cyber security related norms.

Some people have already started celebrating as if these guidelines have brought something magical. Truth is these guidelines are neither effective nor enough to cover even the basic concepts of data protection and cyber security as per international standards. So the fact remains that India has no dedicated privacy, cyber security and data protection laws and cyber security of sensitive information, including Aadhaar and its CIDR, is at great risk.

The guidelines are just suggestions with no binding legal obligations for data breaches. They are simply telling the government departments to use common sense while dealing with sensitive data of Indians. They have not put any onerous obligations upon government departments the violation of which would be subject to prosecution. Indians have no right even if their data and information is leaked by such government departments.

Government departments are even free to ignore these guidelines as non-existent by simply not acting upon them. There is no time line within which the government departments are required to ensure even basic cyber security practices. Saying that government departments must do this and that does not make any sense if there is no time bound obligations coupled with imposing sanctions against non compliance.

In short, these guidelines are just eyewash to fool Indians and Supreme Court by claiming that some magical data security and cyber security remedy has been put at place. In reality, the guidelines are nothing more than a façade to keep Indians in dark.

Supreme Court’s Proceedings Under Aadhaar Act, 2016 On 19-05-2017

Aadhaar remained optional till 19-05-2017 due to interim order of the Constitution Bench (CB) that is still in force despite Aadhaar Act, 2016 and Finance Act, 2017. CB of Supreme Court (SC) has not modified that order so it still binds Parliament, Executive and government agencies/departments.

Today the Supreme Court briefly heard Petitioner(s) and posted the case for further hearing on 27-06-2017. However, some significant observations were made by the Attorney General (AG) regarding last date of/for seeding/enrolling Aadhaar. The position that emerged is as follows:

(1) The last date imposed by govt to seed Aadhaar or enroll or take step to enroll for the same is 30-06-2017. That can be extended as suggested by the AG.

(2) SC would hear the case on 27-06-2017. This still leaves 3 full days to explore various options, including enrolling or showing intention to enroll for Aadhaar. Actual enrollment is not required as hinted by AG.

(3) The Division Bench (DB) of SC cannot overturn the interim orders of the CB. So Aadhaar remains optional till CB decides otherwise.

(4) Either DB would say Aadhaar is optional due to CB interim orders or govt would extend the date to escape this conclusion on 27-06-2017.

(5) The DB cannot postpone the matter beyond 27-06-2017 except if one of the eventualities occurs as specified in point (4) above. So petitioners would not be required to get an Aadhaar or enroll for the same till 27-06-2017 or even 01-07-2017.

In short, after 27-06-2017, requirement of Aadhaar would be either rejected by the DB citing CB interim orders or postponed due to extension of date by Govt.

So relax and demand government services, whether welfare or non welfare, as a matter of right and without any Aadhaar or its enrollment.

Indian Government Must Use Techno Legal Methods To Eliminate Child Pornography In India: Praveen Dalal

Praveen-DalalIndian government has been struggling to deal with the menace of child pornography in India. On the one hand, the Supreme Court of India is asking it to comply with its directions whereas on the other hand Internet service providers (ISPs) of India have communicated their inability to help Indian government unilaterally in this regard.

There is no clear cut and simple solution to this problem and as per Praveen Dalal, CEO of Perry4Law Organisation (P4LO), we need techno legal methods to deal with child pornography in India. This statement is based upon the techno legal experience that the Exclusive Techno Legal Centre of Excellence for Cyber Crimes Investigation in India (TLCOECCII) has acquired since 2012 while dealing with national and international cyber crimes and related cases.

For some time, Indian government has been trying very hard to find solution to curb child pornography in India. The patience of Supreme Court is also fading away as there is no concrete solution that central government has prescribed so far before the Supreme Court. This is understandable as there is no simple and ready to use solution for this problem.

At Perry4Law Organisation (P4LO) we believe that there must be an optimum mix of technological and legal measures that Indian government must adopt in this regard. This is so because neither technological solutions nor legal remedies alone would be sufficient.

Similarly, Indian government would also be required to analyse the laws of different jurisdictions before approaching a company or individuals hosting an offending website in a particular jurisdiction. If we simply block a website in India, that does not solve the problem as it is just clocking the same. But the website is still available to world at large and even in India with the help of proxy servers, VPN and software.

Indian government and judiciary need to understand how Internet works and what problems can arise due to conflict of laws in cyberspace as Indian government and Supreme Court cannot kill a fly with a sledgehammer. This is exactly what they are doing at this moment by relying exclusively upon blocking of offensive websites. We have communicated with thousands of websites carrying offensive and copyright violating contents and have been successful to a great extent in getting those offensive contents removed. It is true that not in all cases the contents can be removed but in vast majority of cases the offensive contents can be removed in a better manner than merely blocking the website carrying the offensive materials and contents.

We at Perry4Law Organisation (P4LO) firmly believe that Indian government and Supreme Court must work at the “micro level” rather than at the “macro level” to reduce the menace of child pornography in India. They must also understand and accept that child pornography cannot be eliminated completely from the Internet and their focus must be more on reducing the same to maximum possible extent. This exercise requires tremendous techno legal expertise on the one hand and a “dedicated team” on the other.

According to Praveen Dalal, “The starting point for the Indian Government and Supreme Court is to ascertain whether they have done anything beyond blocking of child pornography websites in India. If the answer is in negative, we have already lost the battle against child pornography in India”.

Perry4Law Organisation (P4LO) believes that it is high time for the Indian government and Supreme Court to give the issue pointed above serious considerations and come up with a techno legal policy to fight against child pornography in India.

Center Of Excellence (CoE) For Internet Of Things (IoT) In India By Perry4Law Organisation (P4LO)

Praveen-DalalInternet of things (IoT) is the new buzz word these days. Everybody is talking about IoT because it has great business, commercial and personal use potential. IoT combines software, hardware and a communication infrastructure so that systems/devices can contact and communicate with each other in a non intrusive and automatic manner.

Like any other technology, IoT has its own used and challenges.  For instance, IoT can be used for smart grids, smart cities,  e-health, etc and thereby reduce their cost of operation and improve their productivity. However, IoT also has civil liberties and cyber security challenges to manage. Cyber criminals have already started abusing IoT controlled devices for launching malicious cyber attacks. As the technology protocols for IoT are still evolving, it is very difficult to avoid such cyber attacks.

Similarly, on the legal framework front, IoT has yet to be suitably regulated around the world. India has no dedicated law for IoT and some guidance can be found from the Information Technology Act, 2000 (IT Act, 2000). Indian government has issued the draft IOT Policy of India (pdf) and Revised Draft IOT Policy of India (pdf) but they are not sufficient to manage the complicated techno legal issues of IoT.

IoT is essential part of Digital India project of Indian government that is already heading towards rough waters in the absence of adequate cyber security and civil liberties protections. For instance, ensuring of cyber security for smart grids and smart cities is still a distant dream for Indian government. Similarly, IoT and Smart cities have to manage civil liberties issues as well that are presently ignored by Indian government.

Perry4Law Organisation (P4LO) has launched a dedicated and exclusive techno legal centre of excellence (CoE) for Internet of things (IoT) in India. We have covered many techno legal issues there that Indian government is required to manage in near future. We have been managing these issues for long and we would discuss the same at our CoE-IoT website in more details in our subsequent posts.

P4LO would help national and international IoT stakeholders in formulation and implementation of techno legal frameworks so that adoption and use of IoT can be as smooth and hassle free as possible.

Source: Perry4Law Blog.

Foreign Direct Investment (FDI) In E-Commerce Sector Of India 2016 Series

Foreign Direct Investment (FDI) In E-Commerce Sector Of India 2016 SeriesIndia is presently witnessing an e-retailing era. This is a golden time for e-retailing entrepreneurs who have multiple domains to explore. This is also a challenging period for the Indian government that is clearly struggling to deal with technology related issues. Some of these issues include taxation of online transactions by companies like Google, foreign direct investment (FDI) regulations for e-retailing companies, techno legal framework for online businesses, cyber security issues of e-retailing businesses in India, e-commerce dispute resolutions, etc.

As per the existing FDI policy, contained in the “Consolidated FDI Policy Circular 2015” (pdf) (FDI Policy) as amended from time to time, FDI up to 100% under automatic route is permitted in Business to Business (B2B) e-commerce. No FDI is permitted in Business to Consumer (B2C) e-commerce. However, FDI in B2C e-commerce is permitted if certain conditions are fulfilled.

However, companies are violating these norms by accepting FDI by citing different purposes for the use of such FDI money. Both the Reserve Bank of India (RBI) and Enforcement Directorate (ED) are aware of these issues but none of them has taken any action against the guilty individuals and companies. RBI is also maintaining a vigil over e-commerce gateway operators, many of whom store financial information about Indians on overseas servers, but is not imposing new stringent regulations on new form of transactions.

In other such developments, the Maharashtra’s FDA ordered filing of FIR against Snapdeal, its CEO Kunal Bahl, Directors and distributors for online sale of prescription drugs. There are many techno legal requirements to open online pharmacy stores in India that almost all e-retailing fail to adhere to. To deal with this nuisance, a dedicated online pharmacy law is needed for India. For some time it was believed that the Telecom Regulatory Authority of India (TRAI) may be given the task to regulate e-commerce in India. However, TRAI refused to take the additional responsibility in this regard.

As far as FDI is concerned, the documents titled Consolidated FDI Policy Circular Of 2015 By DIPP (pdf) and Guidelines For Foreign Direct Investment (FDI) On E-Commerce 2016 Series (pdf) would be helpful for detailed insight. However, Indian government must be ready for new challenges from global players. For instance, recently US sought trade rules for e-commerce and cloud computing under the WTO banner. Similarly, deep discounting and predatory pricing issues are also required to be resolved by Indian government. Taxation issues are already vexing Indian government for long. We hope that these issue would be resolved by Indian government very soon.

Source: E-Commerce Laws In India.

Domicile Laws In India

Domicile Laws In IndiaDomicile related issues are frequently involved while dealing with employment, succession, education, marriage and divorce and similar issues. Domicile is particularly relevant when legal rights and liabilities have to be decided that involve more than one legal jurisdictions.

Despite being such an important aspect, there is no set procedure to get a domicile certificate in India. In fact, there is no dedicated law of domicile in India as on date and legal issues of domicile are governed by different statutes, conflict of laws and common laws principles.

The basic principles regarding domicile are that:

(1) No person can be without a domicile.

(2) No person can at the same time for the same purposes have more than one domicile.

(3) An existing domicile is presumed to continue until it is proved that a new domicile has been acquired.

The law of domicile in India can be traced under the Indian Succession Act, 1925. The domicile under the provisions of the Act can be classified under the following categories:

(i) Domicile of origin,

(ii) Domicile of choice, and

(iii) Domicile by operation of law.

The domicile of origin cannot be lost as such. Even when a domicile of choice is acquired, the domicile of origin will remain in a suspended state. A domicile of choice can be abandoned by a person when he or she ceases to reside in a country and ceases to intend to reside there permanently

or indefinitely. When a domicile of choice is abandoned either a new domicile of choice is acquired, or the domicile of origin revives by operation of law.

Perry4Law Law Firm hopes that our readers would find this article and related links worth reading