Offensive And Defensive Cyber Security Capabilities Of India Must Be Established

Cyber security in India has always remained an ignored world whether it is Congress or BJP govt. Neither Congress nor BJP has the vision to ensure a safe and robust cyber security in India and till October 2022 the position of Indian cyber security is very bad.

In 2012, Visionary Praveen Dalal suggested many far reaching and reformative cyber security measures but both Congress and BJP failed to act upon them. One of the suggestions of Visionary Praveen Dalal in 2012 was that Offensive And Defensive Cyber Security Capabilities Of India must be developed as soon as possible. However, even in October 2022 that has remained a distant dream.

Even Cyber Warfare against India and its defenses have remained an illusive dream and till October 2022 India is a sitting duck in cyber security field. India has focused upon illegal and unconstitutional e-surveillance instead of strengthening of Rule of Law, Privacy, Civil Liberties in Cyberspace and cyber security. As a result, India is facing tremendous cyber attacks and cyber crimes in the year 2022.

In the year 2014, Visionary Praveen Dalal brought to the attention of Modi Govt the challenges of cyber security but it failed to act upon them even in October 2022. Now Indians are bearing the consequences of the same and cyber crimes, cyber frauds and digital payment related crimes have increased significantly in India. This all is well attitude of Indian govt is not good for the national interests of India and that is why we have ensured a robust and effective cyber crimes reporting system in India.

So bad is the situation that even cyber security breach reporting in India has failed to take off since 2014. Except chasing away cryptocurrencies and VPN service providers from India, this norm has not done anything. MSMEs and small companies in India openly declared that they would not comply with such rules and this forced the govt to further extend the deadline. So one can simply refuse to comply with cyber security related norms and Indian govt cannot do anything in this regard.

To develop robust Offensive and Defensive Cyber Security Capabilities of India, we need a 360 degree view of the cyber security landscape of India says Visionary Praveen Dalal. But what we have is lack of political will, unwillingness of stakeholders to ensure cyber security and lack of cyber law and cyber security skills in India. We at Perry4Law Organisation (P4LO) and PTLB have been working on all these aspects and techno legal online skills development from K12 to lifelong learning stages in one of our priority areas.

For instance, Streami Virtual School is the only school of the world that is teaching cyber law and cyber security to school students. Streami Virtual School is the first virtual school of India and first techno legal virtual school of the world. This is the approach that we need for India but political parties like Congress, BJP, AAP, etc are engaging in rhetoric and drama instead of actually working upon reforming education and ensuring skills development of Indians.

Till we have a capable govt and capable and skilled workforce, ensuring offensive and defensive cyber security capabilities of India is not possible. We at P4LO and PTLB have done our part and now those stakeholders who believe in same cause must do their part.

Cyber Crimes In India Have Increased Significantly But Indian Authorities Are Ill Prepared To Deal With It

This is part of cyber law tutorial of Streami Virtual School that is posted at the Cyber Law For Kids blog of Streami Virtual School and PTLB Virtual School. See the blog for more details. Also see the YouTube channel of Streami Virtual School named Cyber Law Skills Development By Streami School.

Cyber crimes in India are not new. Despite having cyber law of India in the form of Information Technology Act, 2000, there is little help for Indians who have become victims of various cyber crimes.

Firstly, we have a very weak and ineffective cyber law of India that needed overhaul even in 2008. We at Perry4Law Organisation (P4LO) and PTLB have repeatedly recommended enactment of a better and strong law for more than a decade but successive govts have failed to take any action in this regard.

Secondly, law enforcement agencies of India are not at all prepared to handle cyber crimes. Although we have cyber crimes cells in India, but they are totally useless. We undertook an exercise to check their readiness and capabilities, and no cyber crime cell of India was found even responsive. So cyber crime victims are on their own in India.

There is no mechanism to report cyber crimes in India as any matter that is reported at any govt portal is just a formality. No agency or govt office take any action on such complaints unless you have links and resources to pursue the same.

The cyber crime reporting portal of Indian govt is equally useless as it allows only selective filing of complaints that too without any feedback and action. All projects and initiatives of Indian govt are one way street only.

But online dispute resolution (ODR) portal of Perry4Law Organisation is resolving various cyber contraventions within 3 months of initial complaint. And ODR India Portal covers all areas unlike govt portal that only allows selective complaints.

Students of Streami Virtual School are also taught about the ODR process so that they can act as ODR experts in future and help Indians to resolve their cyber issues.

Cyber Law Due Diligence For VPN Service Providers In India

VPN service providers in India are in a tight spot as they have to face legal consequences one way or the other. If they comply with the e-surveillance demands of Indian govt, they would be liable for prosecution for violating privacy, data protection and other rights of Indians.

If they do not comply with such e-surveillance demands of Indian govt, they would be prosecuted by the govt for violating some arbitrary and unconstitutional rules framed by Indian govt. We do not have a constitutionally valid e-surveillance policy of India as on date and there is no intention of either Congress or BJP to do so as well in future.

From 26-09-2022, VPN service providers are required to comply with the data and e-surveillance related provisions of cyber law of India and rules made under it. That carries a host of complicated techno legal regulatory compliance that are not easy to manage. Add the complexities of illegalities and conflict of laws to this situation and VPN service providers in India are in serious trouble.

Many VPN service providers have already pulled physical servers from India as they consider the mandate to collect customer data violative of their privacy and data protection rights. This is a correct assessment to a great extent if the rules are implemented blindly. What VPN service providers in India need is a techno legal cyber law due diligence that can maintain a balance between rights of their customers and demands of Indian authorities.

The best option available to them is to use the online dispute resolution (ODR) portal of Perry4Law Organisation (P4LO) and PTLB. The ODR Portal of India is exclusive techno legal ODR portal of the world that is helping global stakeholders to manage global regulatory and legal compliance, including those from India. This way they would be insulated from both customer and govt side litigation and legal claims as all issues would be filtered through the this ODR Portal.

CERT-In has mandated VPN service providers to collect and maintain customer information including names, email addresses, and IP addresses for at least five years, even after they have canceled their subscription or account. Besides privacy violation, it carries additional burden to ensure data security and cyber security of such data and customers. The VPN and similar businesses would cease to become profitable in India now onwards unless they are managed through a techno legal cyber law due diligence.

Both VPN service providers and their customers can also lodge a complaint or grievance at the ODR Portal of India for violation of their privacy, data security and cyber security. We would investigate the same and take up the matter with concerned authorities or courts.

Any demand for data or details from the VPN service providers of India can be shared with us for techno legal analysis and we would provide a comprehensive and holistic solution for all such demands on a case to case basis.

However, this entire situation has created a difficult situation for VPN service provider of India for another issue. Now customers would not trust them anymore for their private, confidential and sensitive information, data, documents, etc. They have legitimate fears that such VPN service providers can sell them anytime to the govt at the drop of a hat. They would not resist the illegal and unconstitutional e-surveillance demands of Indian authorities.

To be on the safer side, Indian customers must check the terms and conditions, privacy policy, etc of all VPN service providers of India very carefully. If they do not carry strong privacy and data protection mechanisms, just avoid such VPN service providers altogether. The best option is to incorporate the ODR Clause of ODR Portal Of India and consult it whenever a demand is raised by any Indian authority.

It must also be kept in mind that proposed Indian Telecommunication Act, 2022 would further make the lives of VPN service providers and their customers more miserable. This proposed law is not only creating severe conflict of laws in cyberspace but it is also enforcing e-surveillance, eavesdropping and spying capabilities of Indian govt and its agencies in an unrestricted and unreasonable manner.

While many VPN service providers have already pulled their servers from India yet other VPN companies are looking for solutions that have minimal impact on their users while also maintaining their privacy. As stated above, there is just one solution and that runs through the ODR India Portal of P4LO.