Tuesday, May 2, 2017


Cybercrime :

Comprehensive guidelines referred to in Letter No. 55019/17/2017-Legal Cell, dated ______ of Internal security Division, Ministry of Home Affairs regarding service of summons/notices/judicial process on persons residing abroad. --

1. Section 105 of Criminal Procedure Code (CrPC) speaks of reciprocal arrangements to be made by Central Government with the Foreign Governments with regard to the service of summons / warrants / judicial processes. The Ministry of Home Affairs has entered into Mutual Legal Assistance treaty/Agreements with 22 countries which provide for serving of documents. These countries are Switzerland, Turkey, United Kingdom, Canada, Kazakhastan, United Arab Emirates, Russia, Uzbekistan, Tajikistan, Ukraine, Mongolia, Thailand, France, Bahrain, South Korea, United States of America, Singapore, South Africa, Mauritius, Belarus, Spain and Kuwait. In other cases the ministry makes a request on the basis of assurance of reciprocity to the concerned foreign government through the mission / Embassy. The difference between the two categories of the countries is that the country having MLAT has obligation to consider serving the documents whereas the non-MLAT countries does not have any obligation to consider such a request.Summons/notices/judicial processes issued by the Indian Courts.

2. The summons/warrants/judicial processes received by MHA are forwarded to the concerned Indian Missions/Embassies which in turn, takes up the matter with the designated authority in that country. In case of MLAT countries, the manner of communication is as laid down in MLAT and can be either directly between MHA and the Central Authority or can be through the diplomatic channel. The designated authority after considering the request directs its agency to serve the document on the concerned person and the report of the service, if any is also received through the same chain. This is broadly the system in majority of the countries. However, in some countries private companies/NGOs have also been entrusted with the service of judicial papers.

3. Based on the experience gained, some guidelines are given below which may be followed while making a request to MHA for service of judicial processes. It may, however, be noted that it is the discretion of the requested country to serve the documents and any time frame for a positive response cannot be predicted.

a) All requests for service of summons / notices / judicial processes on persons residing abroad shall be addressed to the Under Secretary(Legal), IS-II Division, Ministry of Home Affairs, 9th Floor, Lok Nayak Bhawan, New Delhi- 110003. 
All requests shall be forwarded through post only with a covering letter from the  Court official giving the following information: 
a) Material facts of the criminal matter including purpose of the request and the nature of the assistance sought. 
b) The offences alleged to have been committed, a copy of the applicable laws and maximum penalties for these offence. 
c) Name, designation, telephone and fax number of the person/officer who will be able to give any clarification, if required. 
d) The complete address of the issuing authority to which the judicial papers/service reports may be returned. 
e) Approval of the competent authority to bear any expenditure, which they be charged by the foreign government/agency for the service of the documents. 
f) Degree of confidentiality required and the reasons therefore(in case of confidentiality requirement). g) Any time limit within which the request should be executed. 
This will be subject to allowance of sufficient margin of time by the requesting agency, as indicated in para 3(iv) of the guidelines b) MHA, on receipt of request, will examine it in view of the provisions of treaty, if exists, with the requested country and as per the provision of CrPC in case of non-treaty country. 
c) MHA requires at least a period of 12 weeks times for service of such notices in the concerned countries. It is, therefore imperative that a date of hearing/appearance may be decided accordingly. 
d) In the case of non English speaking countries, the notices should be accompanied with the certified/authenticated translation(in duplicate) in the official language of the country where the notice is proposed to be served. 
e) Name and address of the individual/organization should be complete in all respect and PO BOX no. and Passport no. will not suffice as address of the individual. 
f) Ministry of Home Affairs responsibility to service the summons is only in Criminal Matters. Hence, summons in Criminal matters only may be sent to the Ministry for service abroad. 
g) MHA does not undertake service of the non-bailable warrants of arrest. The service of non-bailable arrest warrents amounts to the extradition of the individual. 
The request for extradition are based on certain legal procedures contained in applicable treaties negotiated on the basis of the International Principle of Extradition. 
Such requests are to be forwarded to the Ministry of External Affairs, CPV Division, Patiala House Annexe, Tilak Marg, New Delhi – 110001."

Cyber Security Questions for Board of Directors

Cyber Security Questions for Board of Directors.

Although Board of directors have added cybersecurity risk to their agendas, there is no standard way for boards to think about cybersecurity, much less time-tested guidelines to help them navigate the issue.
For boards, cybersecurity is an issue of enterprise risk. As with all enterprise risks, the key focus is mitigation, not prevention. This universally understood enterprise risk guideline is especially helpful in the context of cybersecurity because no one can prevent all cyber breaches. Every company is a target, and a sufficiently motivated and well-resourced adversary can and will get into a company’s network.
Consequently, terms like “cyber defense” are insufficient descriptors of an effective posture because they evoke the image that corporations can establish an invincible perimeter around their networks to prevent access by bad actors. Today, it’s more accurate to think of the board-level cybersecurity review goal as “cyber resilience.” The idea behind the cyber resilience mindset is that, because you know network breaches will happen, it is more important to focus on preparing to meet cyberthreats as rapidly as possible and on mitigating the associated risks.

1. How do we integrate Cybersecurity with the current business direction and planning? 
2. What are our main Cybersecurity risks? 
3. Is the right amount of Cybersecurity risk accepted? 
4. Is our process for identifying, assessing and managing Cybersecurity risks effective? 
5. Do we have Cybersecurity culture in our organisation ? Do people in this organisation have a common understanding of the term "Cybersecurity"? 
6. How do we ensure that Cybersecurity risk management is an integral part of the planning and day-to-day operations of individual business units? 
7. How do we ensure that the Board’s expectations for Cybersecurity risk management are communicated to and followed by the employees in the company? 
8. Do we have process to manage Electronic evidence? How do we ensure that our executives and employees act in the best interests of this organisation's Cybersecurity posture? 
9. How is Cybersecurity risk management coordinated across the organisation and vendors?
10. How do we ensure that the organisation is performing according to the business plan and within appropriate Cybersecurity risk tolerance limits? 
11. How do we monitor and evaluate changes in the external environment and their impact on the organisation's strategy and Cybersecurity risk management practices? 
12. What information about the Cybersecurity risks targeting the organisation does the Board get to help it fulfil its stewardship and governance responsibilities? 
13. How do we know that the information the Board gets on Cybersecurity risks or threats and vulnerabilities is timely, accurate and reliable? 
14. How do we decide what information on Cybersecurity risks we should publish? 
15. How do we take advantage of the organisational learning that results from the Cybersecurity risk management corrective actions and/or preventive action plans? 
16. What are our priorities as a Board in the oversight of Cybersecurity risks? 
17. How does the Board handle its responsibility for the oversight of opportunities that introduce Cybersecurity risks to the organisation? 
18. How does the Board ensure that at least some of its members have the requisite knowledge and experience to address Cybersecurity risks and one of the member serves as an expert ?
19. How do we, as a Board, help establish the "tone at the top" that reinforces the organisation's values and promotes a "Cybersecurity culture"? 
20. How many grades the Board wish to give itself for overseeing Cybersecurity risk? 
The board is accountable for the organisation’s investment strategy. In years past, information security spending was part of a larger IT-related budget. Not anymore. Gartner estimates that by 2020, IT security spending will grow from $75 billion to $170 billion. With such levels of spending, boards will be more apt to scrutinize investments and actively manage budgets. 
To manage the risk associated with a cyber attack, leadership must bring together key components of an organisation to develop joint ownership of risks and a comprehensive approach to cybersecurity. Having a policy isn’t enough. Companies also need tools, processes, and up-to-date information on the ever changing threats to their enterprises. 

The Author is Chevening Cyber Security Fellow (UK) and participant of IVLP (USA) on Linking Digital Policy Cyber Crime Law Enforcement Program. He is a Practising Lawyer of Bombay High court. 
He regularly Advices Top Corporate Companies and Government Agencies on Cybersecurity Technical and Legal Issues.

Navy man in Jail for 2 years for Child Pornography, cyber crime in India

Navy man gets 2 years Jail for Child Pornography, cyber crime in India : Cyber crime conviction By Prashant Mali In the case of D...