Introduced by the moderator as legal luminary who is the designated consultant to the IT Ministry, I heard Rodney’s riders with deep interest.

Rodney started off with a great ice breaker – how the New Yorker updated a prior cartoon’s tagline “Dog: [Don't worry..] On the Internet, no one knows you are a dog”,  morphing into a new cartoon with the new tagline “on the Internet, EVERYONE knows you are a dog”.  There has been a sea change, from pervasive anonymity to what seems like complete openness and transparency, with the challenges of privacy, to go with it as par for the course.

Rodney then pointed out that technology vis-a-vis law enforcement is one big theme today. The other big theme on this topic is the business perspective on it. Case in point is the Google saga in China which continues to play out. Google turning around to China, with the message that Tinanmen Square will be shown as it really happened years ago, and not as shown in tourist brochures today. Very aptly put, IMHO. On the other hand, there’s Facebook’s perspective on privacy of its members regarding the content posted, and the way the privacy permissions have been tweaked lately.

Rodney parting shot was: The moot question, from the citizen at large, is that if I find that my online privacy rights have been violated, where do go? How do I handle it?

Something that  eminent members of the panel and thought leaders among the audience should delve into….

Speaker Profile:
Rodney D. Ryder is a partner with Kochhar & Co.; where he is a member of the Technology, Media, Intellectual Property and Communications Law Practice. He is the author of Guide to Cyber Laws: the Information Technology Act, 2000, E-Commerce, Data Protection and the Internet, the first section-wise analysis of the Indian Information Technology Act, 2000. He is presently Advisor to the Ministry of Communications and Information Technology, Government of India on the implementation of the Information Technology Act, 2000. Mr. Ryder has been nominated as a ‘Leading Lawyer’ in intellectual property, technology, communications and media law by Asia Law, Who’sWhoLegal, Asia Legal 500, amongst other International publications. Mr. Ryder is also advisor to the Data Security Council of India [a NASSCOM initiative] on the structuring of industry data privacy and information security policies and contractual standards

Ravi V S Prasad analysed Cyber security threats, from international aspect.

Several militant organizations were early adopters of new communication technologies for propaganda warfare and for efficient communications, before we framed the word cyber terrorism.

Stealing information, hacking govt websites, planting their own propaganda started later. Cyber warfare and Cyber Terrorism are converging now. CCCI (Command Control, Communications and Intelligence) is now CCCI (Command Control, Communications and Computer Intelligence)

1991 Gulf war was the first incident where Cyber warfare was used very effectively, next was by China to invade Taiwan, to disrupt command and control systems of enemy defence facilities (warships and air force) so that they won’t be able to offer enough resistance.

Diplomatic warfare aims to immobilize state’s infrastructure. This is where Cyber terrorism is heading at. Kill with a borrowed sword- routed through servers of foreign countries, making it very difficult to trace it back to original source.

Protection of critical infrastructure again depends on technology and communication. Stock exchanges, banks, power grids and many other facilities are prone to cyber threats. We need to be prepared for such threats and also be sure to counter Cyber Espionage by both friendly countries and potential threats.

An international legal frame needs to be in place to evaluate the cyber threats and plan counter measure. Opening the discussion to panel for further thoughts on this

Summary of talk given by Meenakshi Arora, Advocate, Supreme Court.

I tried to work on balancing security with rights of a citizen. Advancements in technology have given us immense benefits, but at the same time, they’ve acquired tremendous potential to do both good and bad. So we need to strike a balance between rights citizen and that of a state to intrude into our mails and other personal data in the interest of national security.

It is impossible to do away without enforcing some sort of monitoring of the internet. This policing are to ensure that National security is not compromised into bad hands. But difference comes in who does it and how it is done. There’re countries like China which control internet in extreme manors, while other countries have more liberal laws and slower implementation.

Right to privacy is a tortuous act and not a criminal act. There’re four factors of privacy: Intrusion of a person’s solitude, public disclosure of individual’s private facts, publicity which puts the individual in false light and misuses of someone else’s identity/creativity and IPR.

Before privacy intrusion happens Information passes through multiple steps. Information has to be available, collected, disseminated and eventually intruded into privacy.

In India we started talking about privacy from as early as 1960s. Courts have taken privacy in a larger picture. Article 21 recognizes privacy of a citizen and right to be let alone. The Auto Shankar case and many other cases give detailed views as to how judiciary upholds privacy rights.

Phone tapping: Courts allow phone tapping after following certain procedures or secure permission from officer of certain level. But this is not seriously enforced. There have been instances where phone tapping done without prior approval/procedure are being allowed as evidence, which is prone to misuse. The implementation needs to be stricter.

Intrusion of personal Privacy is made a criminal act, but it has lot of drawbacks. Trials can be long, sentences not severe enough to deter someone else from committing similar crime. We need to work on these factors.

Amitabh,  general counsel, Yahoo! India, began by asserting that  he will focus his talk on the world of online or internet privacy laws, as different from data protection rights. He explained that the latter pertain to the rights about processing personally identifying information.

Online privacy rights include the rights to send and receive emails, interact via instant messaging, etc. and not have the contents be visible to un-intended parties. he referred to the panelist – Meenakshi Arora’s example of with reference to Auto Shankar case, that privacy means the right “to be left alone”.

He quoted a Court judgment that defined privacy of phone conversations in great detail, making an analogy to email and other digital conversations, that ought to have similar sanctity before upholders of law.

Amitabh, as a representative of internet content company on the panel, stressed the importance of balance between power to enforce law and the importance of privacy and rights of citizens online.  Yes, Amitabh, procedural safeguards are very important.

Surjan Singh is doing a splendid job of master of ceremony.I missed him in the earlier post on people behind the event. He deserves equal credit.

Kiruba Shankar conducting podcast

A close up on the music system

Vivek Sood, Advocate, Supreme Court gave useful insights on 2 major topics:

Necessity for constructing legal framework
Is the Traditional legal framework workable?

Technology has brought in lot of changes, some not so good ones too. People are forgetting the art of writing, the way of meeting and dating has changed, and youngsters are opting for digital nirvana and are not doing much for society. They are happy with computer, internet and so on.

Crime is a part of society we live in, which is a human act that sovereign aims to prevent. Electronic evidence can’t be ignored.

There’re some characteristic features of Cyber crime-it is done in cyberspace, without physical presence, lot of anonymousness is attached to it granted by computer world. Impersonation is made easy, mobility is provided by technology.

The question is, is the traditional legal framework (where law enforcers chased a physical convict) workable in the above scenario? No. It is unworkable, it is impractical, redundant.

Earlier, criminals were limited in number and were fairly identifiable by physical boundaries. There is great flow of knowledge, information. Every individual has its own identity and presence, runs his own media. Internet is a multi layered structure. Between criminal and law enforcement agencies there’re so many intermediaries- web hosting companies, network provider, ISP, search engine,

The new framework strives to overcome these hindrances and puts some gate keeping guidelines on intermediaries. (Intermediaries are carriers or service providers who provide the platform) Section 67C talks of preservation and retention of materials, Section 69 69A (block access), 69B, 70 and 43A give more insights into this) Criminal liabilities range from 3 to 7 years for not being able to comply with this gate keeping obligations. The flip side of the coin is that too much obligation on intermediaries kills article 19, the privacy of public. Intermediaries will have a tendency to block much more than what is required. Secondly, there’s no review, wherever there’s a censorship by proxy. It is more economical for intermediary to block entire content than block selective content.

As a society we’re yet to understand the role of intermediaries. There’re reasons why service providers are held responsible. But this understanding has to evolve over time than being enforced with rigorous punishments. I feel IT amendment act is a bit over legislated…

When the session started, Manoj Mitta’ name-plate was forlorn without the gentleman himself.  Shyamal Ghosh, the eminent moderator assured that he will be joining shortly. In any event, he rushed in while Mr Ghosh’s opening words were hitting home, and on being offered his first spot as the first panelist to take strike, Mr Mitta came out like a T20 player slogging it out from the get go.

Manoj began with a disclaimer, that when among journalists, he pretends to be a lawyer. Among lawyers, he declares himself to be a journo with no legal pretensions!

Anyway, from the media community’s perspective, Manoj reflected on how the media got very interested into IT Law issues in the context of a couple of major scams/scandals, which had a role in shaping the discussion leading to the 2003 amendments, that Mr. Ghosh had referred to during his panel presentation. The scandal – of the MMS clip of DPS, and the subsequent impact on Baazee.com/eBay India web site was a cornerstone in that saga.

The manner in which IT issues affect common culture is now quite mainstream. A movie that was released in recent weeks – Love, Sex aur Dhokha (LSD), Manoj described, is quite a treatise on the way in which digital technology is intruding into our daily lives. It has 3 stories interwoven – one thread points to the incongruity of honor killings, given how we as a society have embraced digital technologies. Secondly, Youngistan has blurred the line between private and public domains. Not mentioning the last thread, as i don’t myself want to blur the line that says “spoiler alert”. I myself haven’t seen the movie, but now, as Shyamal joked after Manoj’s spiel, I too have some intellectual reasons to convince my wife that we should watch this movie, and I hope so have you.

Anyway, Manoj continued with the anecdote, adding that this was the second recent movie by which Bollywood tried to highlight this issue – the previous one being DevD where the MMS clip incident was a core theme.

Sting journalism, he said, has pre-dated this challenge of walking the thin line. The USA and UK today have evolved  much further in this matter, having legislated regulations that are clearer and more unambigous. UK for example has what he called the Unexceptional Opportunity Test – to distinguish clearly from entrapment which is clearly not legal.

Manoj used this comparison to highlight his point that we in India need to look deeply into these issues, and these checks and balances to structure ours.

The increased quantum and sophistication of threat, both perceived and actual, requires a comprehensive and synergized approach to secure the Nation’s critical infrastructure and sensitive data. Managing legal and
Governmental issues in an effort to guarantee a free and secure cyber space.

• International and local practices of cooperation
• National and international legal issues raised by the struggle against international and domestic threats.
• Do we have appropriate laws in place?
• Implementation of laws by security agencies:
• Legal aspects of National Security issues involving means of international dispute resolution.

Session Chair: Ravi V S Prasad, Founder & Chief Executive C4ISRT Group,

Address by:
P K Malhotra, Addl Secretary, Ministry of Law and Justice.
Vivek Sood, Advocate, Supreme Court
Vakul Sharma, Advocate, High Court.
Rajendra Punde, Head-Legal & Compliance, eBay India
Sanjay Bahl, Chief Security Officer, Microsoft

16:30-16:45 hrs: Q&A Session conducted by Session Moderator
16:45-16:50 hrs: Closing remarks by Session Moderator
16:50 hrs: End of the conference

Amitabh Singhal, the last member of the panel (of session 2), made a great cameo considering that he was a late un-announced addition to the panel, and his thoughts were, candidly, extempore.

Amitabh harked back to the days way back to circa 1994, when he worked with Mr. R. Ramaraj, now of iCANN, also the moderator of the session. He recalled how, when as one of just 4-5 vendors applying for license to be email providers for the average citizen, was mandated by the government that they will use 40-bit encryption, and that kind of regime continued for a long time, way past the time that the Western world had moved away from public-key based means of securing access, as it was realized that it was an unreliable method.

Even later, around the year 2000, Amitabh mentioned of the time we were connecting digitally whole-heatedly with the outside world, a team of Israeli consultants who were working on a brief to validate the security scenario demonstrated their ability to replicate chat sessions that had taken place 6 months prior, with all its content, participant details, and interaction.

Amitabh mentioned that it is due to the inherent “open” nature of the internet that security will always be a concern and area of focus. Now with the proliferation of use of social networking, which he stressed, need to be looked at as the source or domain of new forms of cyber-attacks. In closing,

Amitabh ended by saying that both telecom carriers as well as content providers have their responsibilities in this regard, the expensive aspect of  monitoring systems notwithstanding.

Shyamal Ghosh is Chairman, DSCI and also an Independent Expert for ICT related promotional and regulatory matters and management consultant.

Mr. Shyamal Ghosh belonged to the Indian Administrative Service (Gujarat Cadre1965 batch). He was the Chairman of Telecom Commission & Secretary, Department of Telecommunications, Government of India from 7th February, 2000 to 31st May, 2002 when he retired from Civil Service. He was Administrator, Universal Service Obligation Fund, Department of Telecommunications during May 2002 to May 2005. He is at present Chairman of the Data Security Council of India, a Self Regulatory Organization promoted by NASSCOM.

Here’re excerpts from Shyamal’s talk on Balancing Security and Rights of the Citizen, wherein he set the stage for panel discussion, giving an overview of what all constitute privacy…

Security and Rights of citizen is an important topic that needs to be debated extensively…

Privacy is a cultural issue. What is private in west may not be so in India and vice versa. India is more open society unlike in Europe where all PII (personally identifiable information) is treated private.

Individual privacy is different from community privacy.

Political orientations, religious beliefs, personal activity details, financial data are some of the issues which are believed to be private. Details of top 10 tax payers are announced. Isn’t it a privacy issue? Online advertising is customized to the extent possible. Medical information are again sensitive.

Section 43A of amended IT act 2008 refers to sensitive personal information that needs to be protected. The more Information Technology is used, more intrusive it becomes. Emerging technologies become challenge to those trying use technology but at the same time defend their interests.

Cyber stalking, hacking, Nigerian spams and the phenomenon of social network opens whole new level of security issues.

At the corporate levels, they need to comply with regulatory requirements, defend their service, data from DOS and other attacks. Privacy, security and RTI ultimately boils down to people, process and technology.

Is CCTV intrusive? Some companies put restrictions on employees in the name of security. Is UID is an intrusion to security? These are few of the issues we’ll try to debate over the session and find some insights.