Thursday, July 27, 2017

What do we mean by a “right of privacy” in India?

What do we mean by a “right of privacy” in India?

Justice Cooley in 1888 defined it simply as a right to be left alone. Alternatively, it may be defined as a right to be anonymous. The two definitions are quite different but both are important, and the right to be anonymous is a form of privacy that has particularly significant implications in cyberspace. In legal terms, our right of privacy amounts to a right to be free from government intrusion into certain areas of our lives and a right to be free from intrusion by other individuals into our “private” lives. The former is protected largely through Constitutional interpretation and a number of statutes; the latter is protected largely through the common law under tort principles.
Before 1890 no English or American court had ever granted relief based on such a claim as “invasion of privacy.” 
However, in 1890 a Harvard Law Review article by Samuel Warren and Louis Brandeis examined a number of cases ostensibly decided on other grounds, and concluded that these decisions were actually based on a broader principle, a right of privacy. Warren and Brandeis claimed such a principle was in fact necessary to deal with what was seen as the growing problem of excesses of the press. New York was the first state to confront this issue head on in the wake of the article. Several lower courts had held the existence of a right of privacy.
The New York State Court of Appeals (which is, oddly, the State’s highest court – the “Supreme Court” is the State’s entry level court) got to review the matter in the case of Roberson v. Rochester Folding Box Company in 1902. In this case, the defendant had used a picture of an attractive young woman to advertise its flour without her consent. In a 4–3 decision, the Court of Appeals held that there was no legal precedent for such “right of privacy.” Furthermore, the Court felt that recognizing a right of privacy was a poor idea because, first, the alleged harm was of a purely mental character and would thus be difficult to prove or disprove; second, recognizing a right of privacy would lead to a flood of litigation; third, there would be difficulty in distinguishing between “public” and “private” figures, whose protections under a right of privacy would differ; and finally because it might lead to undue restrictions on the freedom of the press.
A public outcry followed the decision and, in its next session, the New York State Legislature passed a law banning the use of a person’s name or picture “for advertising purposes or for the purposes of trade” without the person’s written consent. By the 1930s “virtually” all jurisdictions had recognized the Right of Privacy, either by statute or through the common law.
Man’s house is his castle.a well-known proverb is also getting legal recognition as Right to Privacy. Human beings have a natural need to autonomy or control over confidential part of their. This need is inherent in human behaviour  and now this has been recognized as fundamental right to privacy. It is not a right against physical restrains but it is a right against psychological restrain or encroachment of right . USA, UK, India, and at International level UDHR, ECHR, ICCPR has recognized this right as fundamental right.
Position in India
Right to Privacy is not explicit in the Constitution of India, so it is a subject of judicial interpretation. The judicial interpretations of fundamental right bring it within the purview of fundamental right. The journey of this project would start from the search of answer of issue that whether the right to privacy is a fundamental right, through analysis of cases and some pioneering work of scholars.
In India, after the case of R. Rajagopal alias R. R. Gopal v State of Tamil Nadu and People s Union for Civil Liberties (PUCL) v Union of India , the right to privacy is well recognized as Right to Life. In the case of People s Union for Civil Liberties (PUCL) v Union of India (Telephone Taping Case) Supreme of India also observed Article 17 of ICCPR and Article 12 of UDHN.
The apex court is hearing the Aadhaar card privacy issue.The Government is of a view and has argued before Supreme Court that “there is a fundamental right to privacy, but it is a wholly qualified right”.  The constitution bench of Supreme Court in the same case have said "Can this court define privacy? You can't make a catalogue of what constitutes privacy. Privacy is so amorphous and includes everything... if we make any attempt to catalogue privacy it will have disastrous consequences," 
What now evolves remains to be seen, but i agree that Privacy cannot be an absolute right. I also agree that Data Privacy is bigger than Right to Privacy in this cyber age. India definitely needs Data Privacy or Data Protection Act.

Sunday, July 23, 2017

Why does India need Data Privacy or Protection Law ?

Why does India need a Data Protection Law?
Apart from appeasing European Union for sharing data with Indian companies, One of the reason is
presently all Data of ours -Search, Emails, Chats of Google, FB, Hotmail, Whatsapp are stored in Californian Servers, USA Jurisdiction.

US Foriegn Intelligence Survivelenace Court (FISA) with a single penstroke court gag order can take all Indian MPs, PMO, Home Minister,MEA's etc Email data and Analyse them for leverage in Intl' Affairs, Thats a severe Threat, #privacy intrusion. 

Not to mention even the Locations of each Citizen,Official in India can be monitored by US NSA analysts as of now with #Whatsapp, Android Phones relaying data back to USA servers. 
Hence a Data Protection Law in India is a need of the Hour.

Monday, July 3, 2017

Prashant Mali Interview in Business Standard Newpaper

Ransom-payers are also the cause of ransomware proliferation: Prashant Mali

The ransom to retrieve files was reportedly $300, to be paid in virtual currency bitcoins

Nikita Puri 
Operations at a terminal of the country’s largest container port, in Mumbai, came to a standstill earlier this week. The process of loading and unloading containers was halted as the port’s computers shut down after a major that swept across the globe. The aggressiveness of the malware showed that such attacks were capable of bringing both corporate and government networks to a sudden halt. The ransom to retrieve files was reportedly $300, to be paid in virtual currency bitcoins. expert Prashant Mali, also an advocate at the Bombay High Court, tells Nikita Puri how to prevent mass-scale civil disruptions that future cyber attacks can result in. Edited excerpts:
First we had individual companies and high-networth individuals who were targets of ransomware, then WannaCry hit servers across the globe. Now another malware, which some are identifying as Petya, has sent corporations into a tizzy. Do you foresee more such threats?

To date, financial cyber crime has only grown and it is yet to peak, so I would say it’s written on the wall that many more such attacks are expected in the near future. Such threats loom large as the ransom is paid in bitcoins, so the criminals aren’t caught. One thing the police and the government can do is to ensure that citizens make compulsory declarations of purchase of bitcoins and other (like ethereum) when they file their income tax returns. This can help the government see who pays and how much because, I feel, ransom-payers are also the cause of ransomware proliferation.
confirm that the malware isn't really a ransomware, but a wiper designed to destroy data. Reportedly, because of “ its aggressive features,” the malware makes it impossible to retrieve certain files leading many to believe that this attack may not have been for money. Can this be seen as an attempt to test how far companies will go to protect data?
Even if cyber attacks don’t cause financial damage, they definitely throw open defences. Identifying fortresses that have holes in their system can be of interest to the state and non-state actors. This data of the number of loopholes is in demand and is sold at a premium price. There are different types of involved in the dark world: many a time those who look for such holes, those who attack, and those who intend to get ransoms are all different.
Companies are often wary of making such attacks public. Security firm Symantec has said that India is the worst hit in Asia, but we have confirmation only from Mumbai’s Do you think information sharing could actually help build a better defence against such attacks?
By not reporting such attacks, companies are depriving the nation of a knowledge database that can help other companies develop better defences. Symantec and other (security) vendors also cannot be fully relied upon because fear is what they harp on. The more fear they put in Indians, the more they sell security products. The Insurance Regulatory and Development Authority of India and insurance companies should make it compulsory for clients to file a First Information Report (FIR) before claiming cyber insurance. Once reporting to some government agency becomes mandatory to claim insurance, companies would be motivated.
What are the security measures that one must take to avoid such attacks? 
No one can be immune in cyber space and that's the reality. Only cyber awareness in organisations can bring in cyber resilience. I would advise organisations to have multi-prong policies to establish a cyber security culture. I feel the highest level of cyber safety can be achieved by establishing a cyber security culture in the company, and a country can be cyber resilient by cultivating a culture of cyber security in society. Government should quadruple its budget for digital literacy programmes. For the government to be ahead of hackers, we need cyber spies: our law and enforcement agencies should implant cyber spies among cyber criminals. The chatter within their group helps the state to be ready for what is coming: we need cyber intelligence. 
Do you think companies should have ethical hackers on their pay rolls
I have an issue with the term “ethical hackers” because legally this isn’t right: those are two contradictory terms put together. who use these terms are either doing it for branding purpose or are students. Companies should opt for services by cyber security researchers. 
Are India’s cyber laws equipped to handle such large-scale attacks?
No. Laws can be invoked when prima facie evidence is found against criminals and investigation can be completed if attribution to a criminal is possible. The legal framework to help enforcement agencies in India has serious flaws. Large-scale cyber attacks need multiple law and enforcement agencies to work together along with CERT-In (Indian Computer Emergency Response Team), but the protocol for this is yet to be developed. 
In the future, cyber attacks are going to affect government facilities meant for citizens: like centres for health, water etcetera. Even municipalities should coordinate with the aforementioned agencies to avoid mass scale civil disruption from cyber attacks.

Navy man in Jail for 2 years for Child Pornography, cyber crime in India

Navy man gets 2 years Jail for Child Pornography, cyber crime in India : Cyber crime conviction By Prashant Mali In the case of D...