Thursday, July 28, 2011

Patents Applications In India Are Declining

The number of Patents applications and the corresponding number of their grants determine the innovative and intellectual property regime of a nation. While a very liberal Patent regime is also not desirable yet it must also not be too restrictive. Indian Patent regime is a balance one but some signs of decline are now apparent.

Patent law of India has been in existence for a considerable long period of time. It has also been amended from time to time to incorporate the requirements of contemporary times, technology and international treaties.

While patent law of India is well established, India is lagging behind in the field of innovation and administrative efficiencies. This is resulting in a declining numbers of patents applications in India.

As per the latest annual report 2009-10 of the intellectual property office India, the number of patents applications filed has decreased as compared to previous years’ applications. India has also slipped to the 62nd position in the global innovation index. Further, although India is a member of patent cooperation treaty (PCT) yet it has still not been able to utilise it to maximum possible extent.

Some other issues that have to be taken care of by Indian patent office (IPO) pertains to software patents, challenges from software patents trolls, working of pharmaceuticals patents, regulation of patents trolls, etc.

On the positive side, India is planning to confer utility models protection to Indian innovators. Similarly, the efforts to digitalise the patent documents by IPO, recognition of the IPO as an International Search Authority (ISA) and International Preliminary Examining Authority (IPEA), etc are also positive developments.

Let us see how Indian patent regime would proceed from this juncture.

Wednesday, July 6, 2011

Mobile Governance Policy Of India

Mobile governance (m-governance) is an innovative method of using mobile technologies for effective governance and public services delivery. M-governance facilitates many public services in almost real time and without hassles. However, along with the benefits of m-governance it has many drawbacks as well.

Firstly, we have no implementable m-governance policy in India. In the absence of proper planning and a sound m-governance policy it is not a wise option to utilise m-governance services in India.

Secondly, we have no dedicated legal framework for m-governance in India. This may create problems in cases of mobile banking, m-governance, m-commerce, etc. Of course, we have information technology act 2000 (IT Act 2000) as the cyber law of India yet it is far from perfect for even e-governance purposes and it is not at all applicable to m-governance environment.

Another issue pertains to the exercises of e-surveillance and phone tapping by Indian government and its agencies. Till now we have no lawful interception law in India. Phone tapping is done under the colonial and outdated Indian telegraph act 1885 and e-surveillance is done under the IT Act 2000. Both these acts are violating the letter and spirit of Indian constitution and have incorporated many unconstitutional provisions that are well beyond the parliamentary and judicial scrutiny.

Recently, the ministry of communication and information technology (MCIT) has launched the central monitoring system project of India. It has the capabilities to monitor all sorts of telecommunication and electronic communications. However, it is a pure executive exercise with no legal framework, civil liberty safeguards and parliamentary and judicial scrutiny.

At the international level some development for safeguarding the human rights in cyberspace has been taking place. United Nations has declared that access to Internet is a human right. This shows that human rights protection in cyberspace cannot be ignored by nations in future.

Finally, m-governance cannot succeed till we ensure cyber security for m-governance in India. Till now even the basic level cyber security is missing in India and we have no cyber security policy in India. Further, the IT Act 2000 need to be suitably amended or a dedicated legislation for m-governance must be enacted in India.

All these issues are integral part of the m-governance policy of India. Before jumping upon the fancy idea of m-governance we must ensure that it can operate and flourish in India.

Monday, July 4, 2011

International Cyber Security Policy Framework And Indian Response

International Organisations are not taking much interest in the field of Cyber Security and prevention of Cyber Crimes. Of course, at the National level countries like US have laid down their International Strategy for Cyberspace.

The Government Departments in US have also shown an increased Cooperation in the field of Cyber Security. Now US Department of Defense (DOD) and Department of Homeland Security (DHS) would share their respective Cyber Security Expertise.

Further, US has also started strengthening its Cyber Security ties with other Nations and India US Homeland Security Dialogue was a part of the same. In fact, India and US have also signed a Cyber Security Cooperation Agreement. Meanwhile International Organisations have also shown their seriousness towards Cyber Crimes and they have started working in this direction.

However, Cyber Security in India is not upto the mark. We have no Cyber Security Strategy in India. Despite the importance of this issue, we have no “Effective and Implementable” Cyber Security Policy in India.

Further, we have no Cyber Warfare Policy of India, Critical ICT Infrastructure protection Policy in India, Data Protection Laws in India, Cloud Computing Policy in India, Cyber Security Laws in India, etc. Important issues like Cyber Crisis Management Plan of India, Cyber Forensics Laws in India, Legal Enablement of ICT Systems in India, etc are still not part of National Policies and Strategies of India.

At the International level we have no International Cyber Law Treaty and International Cyber Security Treaty that are “Universally Acceptable”. Further, the United Nations and other countries have still to Protect Human Rights in Cyberspace that are blatantly violated World over.

Cyber Security is essentially an International Issue and regional efforts are not conducive for the long term security of Cyberspace. For instance, EU has set up a Cyber Crimes Fighter Team, Seoul has formulated its Cyber Security Plan, Scotland Yard established its own Cyber Flying Squad, EU formed CERT Group to fight Cyber Attacks, etc. While these initiatives are timely and praiseworthy yet they are “Regional” in nature and Cyberspace and Cyber Security are International in nature.

Recent Cyber Attacks on Multinational Firms and Institutions ranging from Google and Citigroup to the International Monetary Fund, have raised fears that Governments and the Private Sector are not well equipped to deal with Cyber Attacks. It is high time that we must ensure not only an “International Harmonised Legal Framework” but also a Robust and Effective International Cyber Security Cooperation that is presently missing. India must also prepare itself for the bigger and unforeseen challenges that are waiting for it.

Friday, July 1, 2011

Microsoft And Skype Are Playing Lawful Interception Card

World over Lawful Interception Laws are cited as the reason for E-Surveillance and Eavesdropping. However, almost all of these so called Lawful Interception Laws are themselves “Unconstitutional”.

Take the example of Indian Cyber Law the Information Technology Act 2000 (IT Act 2000) that carries many draconian E-Surveillance provisions without any “Procedural Safeguards”. These provisions and laws are pressed to further the causes of e-surveillance and eavesdropping.

Research in Motion’s (RIM) Blackberry has already allowed a backdoor entry to Indian Intelligence Agencies for its cloud based Messenger Services. Now it has been reported that Skype and Microsoft have build a backdoor into the VOIP application. It is called Lawful Interception and is part of a new patent which Microsoft filed back in 2009, but is now preparing to unleash itself into our world due to its recent approval.

The US law set by CALEA (Communications Assistance for Law Enforcement Act) states that all telecommunications operators must enable their hardware and software for surveillance tracking. What is hard to understand is why Microsoft is so willing to open up its software for backdoor exploits. This creates a situation which welcomes exploits and willingly turns your computer into a revolving door for hackers.

While following a Law is not per se wrong but following an “Unconstitutional Law” is definitely wrong. Similarly following a Constitutional Law is the “Duty” of all people but following draconian, Unconstitutional and Inhumane Laws is definitely not required.

Let see who would win the battle between E-Surveillance and Human Rights Protection in Cyberspace. However, with the growing e-surveillance and eavesdropping, Self Defence Measures in Cyberspace would definitely increase in future.

Online Cyber Law Education In India

Online education is in its infancy stage in India. This is more so for techno legal courses like cyber law, cyber forensics, cyber security, professional techno legal courses, etc where neither the traditional education and training institutions nor the contemporary education and training institutions are well versed.

Here comes the importance of online cyber law education in India. Cyber law is a complicated field that requires good knowledge of both technical and legal aspects. Further, cyber law is an area that requires good skills not only to learn it but also to apply it in real life.

Presently, whatever limited cyber law education that exists in India, it is devoid of this skill development and training aspect. For instance, most of the education institutions, both traditional as well as online one, are providing basic level cyber law courses and trainings. However, in the name of courses and trainings mere diplomas or degrees are offered and granted. This does not ensure that such diploma or degree holders do have necessary skills and training to excel in real life and in a professional environment.

We at Perry4Law Techno Legal Base (PTLB) do not endorse this approach and we have taken a very radical stand. We have deviated from the academic nature of cyber law education and are offering techno legal training and skill developments for cyber law. To make it more effective, PTLB has been providing online cyber law education and training in India.

The stakes are high and so are the quality standards for the cyber law education and training courses of PTLB. Further, we also understand that not everybody can come to a physical location hence we have also been providing online cyber law education and trainings in India, Asia and other places.

Interested institutions and organisations may contact us with their proposals if they wish to engage in this initiative of PTLB. Further, professionals desiring of having good and qualitative techno legal cyber law education and training may also contact us. We hope this initiative of ours would prove beneficial to all concerned.

Online Legal Training In India Rejuvenated

Legal training is not an easy task to achieve. This is more so in the contemporary era where information technology (IT) has changed the entire landscape of legal education and training.

For instance, few years back law colleges and universities were not aware about the concept of cyber law. Now law colleges and universities have started offering courses in cyber law and similar topics. Although they are still of basic level yet a beginning has taken place.

However, legal training is not an easy task. As law is increasingly being used in conjunction with other streams, especially computer science, it has become imperative to take care of both technical and legal aspects at the same time.

Many computer science institutions have started teaching law along with computer science and many law colleges are teaching computer science with law. Of course, this is happening at the basic level and highly specialised legal education and training is still missing.

The fact is that we do not have techno legal training institutions in India or elsewhere. At Perry4Law Techno Legal Base (PTLB) we provide highly specialised techno legal research, education and training in India, Asia and other places.

PTLB is also the exclusive techno legal training provider of the world that is providing research, education and training through e-learning and online education platform. PTLB is also providing techno legal skills development education and courses for stakeholders like lawyers, judges, police officers, public prosecutors, law graduates, corporate executives, law professors, faculty teachers, etc.

PTLB is committed to bring legal education reforms in India through use of cutting edge technology and providing education and training for the most contemporary techno legal fields like cyber law, cyber security, e-discovery, digital evidencing, etc. Governmental and non governmental institutions and individuals desiring to have a collaboration or partnership with us may contact us with their proposals.

Best Legal Training Providers In India And Asia

Legal education and legal training are two different things. While the former is on the side of acquiring academic qualification the latter is more important as it provides workable skills to the manpower. In other words, legal training helps in the development of necessary skills that help in the growth of a person’s career and profession.

Legal training and skill development has not received much attention of Indian government in general and law ministry in particular. Of course, recently some good initiatives have been started by law minister Veerappa Moily but they are in their infancy stage and would take some time to materialise.

Information technology (IT) related legal research, education and training is still missing from India. Further, benefits of innovative methods like e-learning and online education are not utilised by law ministry. Traditional education and training methods must be supplemented by e-learning and online education methods.

At Perry4Law Techno Legal Base (PTLB) we recommend an active use of IT for providing legal education and training in India. We have been managing techno legal online legal research, education and training institutions that are providing techno legal trainings to lawyers, law graduates, judges, police officers, public prosecutors, etc.

Further, PTLB is also providing techno legal skill development education and trainings to various stakeholders.

Legal education of India needs urgent reforms as it is not producing qualitative lawyers and professionals. PTLB recommends that law ministry must pay more attention to education and training in the fields like cyber law, cyber forensics, e-courts, intellectual property rights (IPRs), international trade law, international treaties and conventions, etc.

Further, lawyers and judges must also consider using continuing legal education in India (CLE in India) and legal lifelong learning in India. Education and training is a continuous process and it must not be considered to be a one time phase.

We hope Indian government in general and law ministry in particular would consider these suggestions of PTLB and ensure that we have enough number of legal training providers in India.

Similarly, legal training providers of India also need to change their focus from traditional to contemporary topics and technology. The sooner they shift to the new paradigm, the better it would for all concerned.

Online Lawyers Professional Trainings In India And Asia

Indian government has been taking information and communication technology (ICT) seriously these days and the same applies to law ministry as well. Law ministry has been planning to use ICT for multiple legal and judicial purposes. From legal education and training to establishment of e-courts in India, law ministry of India has plans for all.

Lawyers play the central role in all legal and judicial reforms. However, legal fraternity is also the one that is most neglected and most indifferent towards ICT and professional education and trainings. Once the basic law degree is acquired, the quest for education and training of lawyers ends. They cannot be blamed for this due to their hectic schedule. However, continuous legal education and professional trainings are too important to be ignored.

At Perry4Law and Perry4Law Techno Legal Base (PTLB) we understand the importance of good professional education and training for lawyers. We also appreciate that lawyers do not have a free schedule to attend regular classes. That is why we have devised the medium of e-learning and online education and learning in India, Asia and other parts of the world.

While basic level courses of are managed by PTLB, highly specialised courses are undertaken by Perry4Law Techno Legal ICT Training Centre (PTLITC). Further, techno legal skills development initiatives are also undertaken by PTLB. Further, crucial areas like continuing legal education in India (CLE in India) and legal lifelong learning in India are also taken care of by PTLB.

If you are a lawyer, whether a litigation lawyer or a corporate one, consider enrolling with PTLB to enhance your skills and expertise.

Digital Preservation Mandates Of Public Records Act 1993

Digital Preservation in India and Digitilisation of traditional records are in the infancy stage. This is so because we have no Legal Framework for E-Governance in India. We have no law that mandatorily requires creation of Electronic Records. Of course, very soon such law may be required due to International pressure and National requirements.

Information Technology Act, 2000 (IT Act, 2000) is the sole Cyber Law of India. It deals with E-Commerce, E-Governance, Cyber Crimes, etc. It also provides a “Digital Framework” for ensuring Digitilisation, Electronic Documents Creation and their use in Government Departments. This “Research Report” of Perry4Law and Perry4Law Techno Legal Base (PTLB) is briefly analysing the relationship between IT Act, 2000 and Public Records Act, 1993 (PRA 1993).

Section 2 of IT Act, 200 deals with definitions that are relevant for PRA 1993 purposes. Section 2(1) provides that in this Act, unless the context otherwise requires:

(i) "Access" with its grammatical variations and cognate expressions means gaining entry into, instructing or communicating with the logical, arithmetical, or memory function resources of a computer, computer system or computer network.

(ii) "Affixing Electronic Signature" with its grammatical variations and cognate expressions means adoption of any methodology or procedure by a person for the purpose of authenticating an electronic record by means of Electronic Signature.

If documents are issued by NIA in electronic form, they have to be authenticated by using electronic signatures. Unauthenticated electronic documents would not create any right or liability either under the IT Act, 2000 or under the PRA 1993.

(iii) "Asymmetric Crypto System" means a system of a secure key pair consisting of a private key for creating a digital signature and a public key to verify the digital signature.

Digital Signatures are based upon Asymmetric Crypto System and they can be used for “Authentication Purposes” by NAI.

(iv) "Computer" means any electronic, magnetic, optical or other high-speed data processing device or system which performs logical, arithmetic, and memory functions by manipulations of electronic, magnetic or optical impulses, and includes all input, output, processing, storage, computer software, or communication facilities which are connected or related to the computer in a computer system or computer network.

(v) "Cyber Security" means protecting information, equipment, devices, computer, computer resource, communication device and information stored therein from unauthorised access, use, disclosure, disruption, modification or destruction.

Cyber Security is an issue that is of “Paramount Importance” for the NAI. When Digitilisation and Digital Preservation would be adopted by NAI, Electronic Documents and Digital Resources would be required to be protected from Cyber Attacks. A Techno Legal Strategy must be formulated by NAI in this regard.

(vi) "Data" means a representation of information, knowledge, facts, concepts or instructions which are being prepared or have been prepared in a formalised manner, and is intended to be processed, is being processed or has been processed in a computer system or computer network, and may be in any form (including computer printouts magnetic or optical storage media, punched cards, punched tapes) or stored internally in the memory of the computer.

(vii) "Digital Signature" means authentication of any electronic record by a subscriber by means of an electronic method or procedure in accordance with the provisions of section 3.

(viii) "Electronic Form" with reference to information means any information generated, sent, received or stored in media, magnetic, optical, computer memory, micro film, computer generated micro fiche or similar device.

(ix) "Electronic Record" means data, record or data generated, image or sound stored, received or sent in an electronic form or micro film or computer generated micro fiche.

(x) "Electronic signature" means authentication of any electronic record by a subscriber by means of the electronic technique specified in the second schedule and includes digital signature.

(xi) "Information" includes data, message, text, images, sound, voice, codes, computer programmes, software and databases or micro film or computer generated micro fiche.

(xii) "Intermediary" with respect to any particular electronic records, means any person who on behalf of another person receives, stores or transmits that record or provides any service with respect to that record and includes telecom service providers, network service providers, internet service providers, web hosting service providers, search engines, online payment sites, online-auction sites, online market places and cyber cafes.

(xiii) "Key Pair", in an asymmetric crypto system, means a private key and its mathematically related public key, which are so related that the public key can verify a digital signature created by the private key.

(xiv) "Private Key" means the key of a key pair used to create a digital signature.

(xv) "Public Key" means the key of a key pair used to verify a digital signature and listed in the Digital Signature Certificate.

(xvi) "Secure System" means computer hardware, software, and procedure that-

(a) Are reasonably secure from unauthorised access and misuse;

(b) Provide a reasonable level of reliability and correct operation;

(c) Are reasonably suited to performing the intended functions; and

(d) Adhere to generally accepted security procedures.

(xvii) "Security Procedure" means the security procedure prescribed under section 16 by the Central Government.

(xviii) "Verify" in relation to a digital signature, electronic record or public key, with its grammatical variations and cognate expressions means to determine whether:

(a) The initial electronic record was affixed with the digital signature by the use of private key corresponding to the public key of the subscriber;

(b) The initial electronic record is retained intact or has been altered since such electronic record was so affixed with the digital signature.

Section 2 (2) of the IT Act, 2000 provides that any reference in this Act to any enactment or any provision thereof shall, in relation to an area in which such enactment or such provision is not in force, be construed as a reference to the corresponding law or the relevant provision of the corresponding law, if any, in force in that area.

Section 4 of the IT Act, 2000 provides Legal Recognition to Electronic Records. It says that where any law provides that information or any other matter shall be in writing or in the typewritten or printed form, then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied if such information or matter is

(a) Rendered or made available in an electronic form; and

(b) Accessible so as to be usable for a subsequent reference

Section 5 of the IT Act, 2000 provides legal recognition to Electronic Signature. It says that where any law provides that information or any other matter shall be authenticated by affixing the signature or any document should be signed or bear the signature of any person then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied, if such information or matter is authenticated by means of digital signature affixed in such manner as may be prescribed by the Central Government.

Explanation to section 5 provides that for the purposes of this section, "Signed", with its grammatical variations and cognate expressions, shall, with reference to a person, mean affixing of his hand written signature or any mark on any document and the expression "Signature" shall be construed accordingly.

Section 6 of the IT Act, 2000 deals with use of Electronic Records and Electronic Signature in Government and its agencies. Section 6(1) of the Act provides that where any law provides for

(a) The filing of any form, application or any other document with any office, authority, body or agency owned or controlled by the appropriate Government in a particular manner;

(b) The issue or grant of any licence, permit, sanction or approval by whatever name called in a particular manner;

(c) The receipt or payment of money in a particular manner, then, notwithstanding anything contained in any other law for the time being in force, such requirement shall be deemed to have been satisfied if such filing, issue, grant, receipt or payment, as the case may be, is effected by means of such electronic form as may be prescribed by the appropriate Government.

Section 6(2) of the Act provides that the appropriate Government may, for the purposes of sub-section (1), by rules, prescribe -

(a) The manner and format in which such electronic records shall be filed, created or issued;

(b) The manner or method of payment of any fee or charges for filing, creation or issue any electronic record under clause (a).

Section 6A (1) of the IT Act, 2000 provides that the appropriate Government may, for the purposes of this Chapter and for efficient delivery of services to the public through electronic means authorise, by order, any service provider to set up, maintain and upgrade the computerised facilities and perform such other services as it may specify, by notification in the Official Gazette.

The Explanation to Section 6A (1) of the IT Act, 2000 provides that for the purposes of this section, service provider so authorised includes any individual, private agency, private company, partnership firm, sole proprietor form or any such other body or agency which has been granted permission by the appropriate Government to offer services through electronic means in accordance with the policy governing such service sector.

Section 6A of the IT Act, 2000 reflects the intention of Indian Government to provide Electronic Services Delivery in India. In fact, Electronic Services Delivery Bill, 2011 has already been proposed and if implemented would ensure many Electronic Services to Indians.

NAI must start working in the direction of providing its Service Online, if not already done. Even the non-service related matters and matters pertaining to the NAI are already required to be provided online in an Electronic Form as per the requirements of Section 4(1) of the RTI Act, 2005.

Section 7 of the IT Act, 2000 deals with retention of electronic records. Section 7(1) of the Act provides that where any law provides that documents, records or information shall be retained for any specific period, then, that requirement shall be deemed to have been satisfied if such documents, records or information are retained in the electronic form, if-

(a) The information contained therein remains accessible so as to be usable for a subsequent reference;

(b) The electronic record is retained in the format in which it was originally generated, sent or received or in a format which can be demonstrated to represent accurately the information originally generated, sent or received;

(c) The details which will facilitate the identification of the origin, destination, date and time of dispatch or receipt of such electronic record are available in the electronic record.

The Proviso to Section 7 (1) provides that this clause does not apply to any information which is automatically generated solely for the purpose of enabling an electronic record to be dispatched or received.

NAI can convert its Records and Public Records into Electronic Form. Digital Preservation of Records or Public Records can also be done by NAI. While current records can be digitilised non current records can be digitilised and made available to public and researchers as the Electronic Services by NAI.

Section 7(2) of the Act provides that nothing in this section shall apply to any law that expressly provides for the retention of documents, records or information in the form of electronic records.

For instance, the RTI Act, 2005 provides for creating of many records in digital form and available to the public in an online environment. Similarly, the proposed Electronic Services Delivery Bill 2011 also requires providing of Services in online environment. This would also require digitilisation of Records and Public Records by NAI.

Section 7A of the IT Act, 2000 provides that where in any law for the time being in force, there is a provision for audit of documents, records or information, that provision shall also be applicable for audit of documents, records or information processed and maintained in electronic form.

Audit of Electronic Documents would also be undertaken in future. Just like NAI has to maintain proper paper based documents, it would be required to main proper Electronic Records as well.

Section 8 of the IT Act, 2000 provides that where any law provides that any rule, regulation, order, bye-law, notification or any other matter shall be published in the Official Gazette, then, such requirement shall be deemed to have been satisfied if such rule, regulation, order, bye-law, notification or any other matter is published in the Official Gazette or Electronic Gazette.
The proviso to section 8 provides that where any rule, regulation, order, bye-law, notification or any other matters published in the Official Gazette or Electronic Gazette, the date of publication shall be deemed to be the date of the Gazette which was first published in any form.

NAI can publish its Rules, Regulations, etc in Electronic Gazette.

Section 9 of the IT Act, 2000 provides that Sections 6, 7 and 8 would not to confer right to insist document should be accepted in electronic form. Section 9 says that nothing contained in sections 6, 7 and 8 shall confer a right upon any person to insist that any Ministry or Department of the Central Government or the State Government or any authority or body established by or under any law or controlled or funded by the Central or State Government should accept, issue, create, retain and preserve any document in the form of electronic records or effect any monetary transaction in the electronic form.

This is a real “Disabling Provision” that is preventing the actual accomplishment of Electronic Services Delivery in India. By making it “Discretionary” India Government has kept at bay for long the Electronic Delivery of Services to Indians. The latest proposed Electronic Services Delivery Bill 2011 addresses a very small and insignificant portion of the Electronic Delivery of Services in India and till now Electronic Services cannot be claimed as a “Matter of Right”.

However, by virtue of RTI Act, 2005 “Providing Information” about Governmental Departments in Electronic Form has been made “Compulsory”. But till now there is no Law or Provision that makes Delivery of Electronic Services Mandatory in India. This is a “Serious Issue” that must be resolved as soon as possible.

Section 11 of the IT Act, 2000 deals with attribution of Electronic Records. Section 11 says that an electronic record shall be attributed to the originator

(a) If it was sent by the originator himself;

(b) By a person who had the authority to act on behalf of the originator in respect of that electronic record; or

(c) By an information system programmed by or on behalf of the originator to operate automatically.

There may be other provisions of IT Act, 2000 that may be relevant for NAI and PRA 1993 purposes. But for the time being, they are not mandatory in nature. We hope this “Research Report” by Perry4Law and PTLB would be useful for Government Departments in general and national archives of India in particular.