In this blog post, Yamini Sharma, a student pursuing a Diploma in Entrepreneurship Administration and Business Laws by NUJS, critically analyses the various benefits specified for MSMEs under the Micro, Small and Medium Enterprises Development Act, 2006. 

Introduction

The Micro, Small and Medium Enterprises Development Act, 2006 (“MSMED Act”), was enacted by the Government of India on June 16, 2006, primarily for the promotion, development, and enhancement of the competitiveness of Micro, Small, and Medium Enterprises (“MSME”). In the recent years, MSME has emerged as a dynamic sector of the Indian economy. The MSMED Act provides a legal framework to the concept of Enterprise, which includes manufacturing as well as service sectors. The MSMED Act also provides  for the establishment of a National Board for Micro, Small, and Medium Enterprises, measures for promotion, development and enhancement of competitiveness of micro, small and medium enterprises, procedure for filing of memoranda, credit facilities, procurement preference and provisions related to delayed payments to micro and small enterprises, preference in Government procurements to products and services of the micro and small enterprises.

Definition of Micro, Small and Medium Enterprises

Under the MSMED Act, Enterprises have been classified broadly into two categories, namely enterprises engaged in the manufacture/production of goods about any industry; and enterprises involved in providing/rendering of services. Enterprises have been defined regarding investment in plant and machinery/equipment (excluding land & building), as per the below table:

Furthermore, in calculating the investment in plant and machinery, the cost of pollution control, research and development, industrial safety devices and such other items as specified by notification shall be excluded.

Benefits to the MSME’s

The Government of India through its various subsidies, schemes, and incentives promote MSMEs through the MSMED Act. To avail these benefits, Registration under the MSMED Act is required. The act provides the following benefits/incentives to the MSME’s:

• Preference in procuring Government tenders: The Government of India, through its Public Procurement Policy for Micro and Small Enterprises Order, 2012 (“Public Procurement Policy”) provides that all Central Government Ministries, Departments, and Public Sector Undertakings shall procure minimum of 20 percent of their total annual value of goods or services from Micro and Small Enterprises, which has become mandatory from April 1, 2015. As per the Public Procurement Policy, Micro and Small Enterprises having registration with District Industries Centre or Khadi and Village Industries Commission or Khadi Village and Industries Board or Coir Board or National Small Industries Commission or Directorate of Handicrafts and Handlooms or any other body specified by Ministry of MSME (“Ministry”) are provided certain benefits under the Public Procurement Policy. However, vide Press Release dated 18^th February 2016, for ease of registration of MSMEs, the Ministry has started Udyog Aadhar Memorandum which is an online registration system and all Micro and Small Enterprises having Udyog Aadhaar Memorandum shall be provided all the benefits available for Micro and Small Enterprises under the Public Procurement Policy.

• Protection against the delay in payment from Buyers: The MSMED Act provides protection to Micro and Small Enterprises from delayed payments. It specifically provides that where a Micro and Small Enterprise supplies any goods or renders any services to a buyer, the buyer is required to make the payment on or before the date agreed upon by them and in no case, the period can exceed 45 days from the date of acceptance.

• Right of interest on delayed payment: In the case where the buyer fails to make the payments, he shall be liable to pay compound interest with monthly rests to the supplier on that amount from the date falling after the due date, at three times of the bank rate notified by the Reserve Bank of India.

• Time-bound resolution of disputes with Buyers through conciliation & arbitration: MSMED Act provides that in case of any dispute arising out of non-payment of dues, Micro and Small Enterprises may refer the dispute to the Micro and Small Enterprises Facilitation Council, which shall conduct conciliation in the matter and where such conciliation does not give fruitful results and is terminated without any settlement thereof, the Council may itself take up the dispute for arbitration or refer it to any institution or centre providing alternate dispute resolution services.

Further, the MSMED Act also provides for the constitution of National Board for Micro, Small, and Medium Enterprises, which is an apex advisory body constituted to render advice to the Government on all issues about the MSME sector. The Minister of MSME is the Chairman, and the Board comprises among others, State Industry Ministers, some Members of Parliament, Secretaries of various Departments of Government of India, financial institutions, public sector undertakings, industry associations and eminent experts in the field. The board meets periodically to take stock of the issues about policy matters.

Registration

The Registration process of an MSME requires the filing of an Entrepreneurs Memorandum (“EM”) with the District Industries Centre (“DIC“) of the concerned area, after which, DIC shall issue an acknowledgment along with an EM number.

As a part of its recent initiatives, for the ease of registration of MSMEs, the Ministry vide Press Release dated 18^th February 2016, has started Udyog Aadhar Memorandum which is an online registration system.

References:

1. http://msme.gov.in/
2. http://dcmsme.gov.in/notification.pdf
3. Office memorandum, Ministry of Micro, Small & Medium Enterprises, Press Release dated 18^th February 2016.
4. The Micro, Small and Medium Enterprises Development Act, 2006

In this blog post, Ashutosh Singh, a student of Department of Law, University Of Calcutta, who is currently pursuing a Diploma in Entrepreneurship Administration and Business Laws from NUJS, Kolkata, deliberates on whether a minor can apply for a Digital Signature.

Brief introduction and object

This article tries to explain digital signatures and whether a minor can apply for it under Indian law? We all are familiar with signatures we put using our hand and sometimes our signatures are embossed on rubber or metallic stamps when a large number of signatures are to be affixed. The term ‘sign’has been defined under Section 3 of the General Clauses Act, 1897 as “sign” with its grammatical variations and cognate expressions, shall with reference to a person who is unable to write his name include mark with grammatical variations and cognate expressions” thus even though the Act does not specifically define the term it states that it would also refer to a mark in case a person is unable to write his name. The Webster dictionary defines it as sign means “to write one’s name on as in acknowledging authorship, authorizing action, etc.”

Now we shift our focus to digital signatures which came into being with the passing of the Information Technology Act 2000.The Act applies to India and also to the offenses committed outside the country. The Act validates the use of Digital Signature as provided under Section 3 of the IT Act which states that subject to the provisions of this Section, any subscriber may authenticate an electronic record by affixing his digital signature. It must here be mentioned that the provisions contained in Sections 4 and 5 are also applicable regarding digital signatures.

Digital signature refers to the creation of a signature using the Public Key Infrastructure technology which requires two keys that are a public key and a private key for encrypting and decrypting information. The message encrypted by a key can only be decrypted by the other key and standard rules related to cryptography apply in the case of digital signatures i.e. the format is unreadable to the person who does not have the key.

Here, we must specify two terms which are used i.e. digital signature and electronic signature interchangeably, though used commonly, they both differ in their scope. The term electronic signature has a very wide scope whereas the term digital signature only defines a particular form of electronic signature. Electronic signature defined under Section 2(ta) of the IT Act 2000 (as included in the Information Technology Amendment Act 2006) is as follows -Electronic signature means authentication of any electronic record by a subscriber using the electronic technique specified in the second schedule and includes a digital signature. Digital Signature as defined in Section 3 of the IT Act 2000 states that it means authentication of any electronic record by a subscriber using an electronic method or procedure in accordance with the provisions of Section 3.

The object and purpose of the electronic signature are similar to that of a traditional signature. In the cyber world, electronic signature ensures that the electronic records are authentic and legitimate as electronic signature are safer and cannot be forged and is convenient as the sender himself does not have to be present personally at the place to contract to sign the document. For example, a person can sign a contract in India and send it to any part of the world to complete the transaction.

Digital Signature Certificates are the electronic equivalents of other certificates like driving licenses and can be used to establish one’s identity and access information online. Although the Act does not contain the definition of the term Digital Signature Certificate (DSC), it is mentioned under Section 35 of the Act as to how can a DSC be applied for. If all the conditions contained therein are satisfied only then, the Certifying Authority grants the DSC.

Types of Digital Signature

There are three types of digital signatures based on security like class 1, class 2, and class 3 based on the level of security sought for. Class 1 signature do not have any legal verification associated with them as they are granted via email verification.In the case of class 2 signature, the identity of the applicant has to be verified by a pre-verified database and this type of signature is preferred for all filings. Class 3 signature is considered to be the most secured where the applicant has to be present in person before the Registration Authority to prove his identity. MCA 21 insists the presence of class 2 certificates for all filings under the Companies Act and Limited Liability Partnership Act. Other authorities also ask for class 2 signatures for filing. Under the Companies and LLP Act the directors, auditors and company secretaries require the DSC to file various returns and documents. The DSC once issued is usually valid for 1 to 2 years depending on the service provider’s terms of service and can be renewed on expiry.

Minor’s application for Digital Signature

Now, it has been clearly stated under Section 11 of the Indian Contract Act, 1872 that any contract entered into with a minor is void ab- initio and no liability arises on the minor in respect to such a contract. This principle has been dealt with in various cases, the most prominent among them being Mohiribibi v. Dharmodas Ghoshe decided by the Privy Council.

A person is said to be a minor if he has not attained the age of 18 years as provided under Section 3 of the Indian Majority Act, 1857.  However, if his property is under the supervision of the Court of Ward’s,  majority is to be attained at 21 years. Now since a minor can’t enter into any valid contract before he attains majority hereby falls out of contention his obtaining a DSC from the service provider  even the simplest of digital signature because in order to avail such a service the applicant must enter into a contract and agree to the terms of service with the service provider. A prominent service provider like E-mudra has very specifically declared on their website that in the case of any misrepresentation made by the applicant in obtaining a digital signature the service provider will not be liable in any respect. This statement in itself is self-explanatory and makes it clear that any misrepresentation as to the age of the applicant shall also not be a liability of the service provider. Thus, even if the applicant falsely states his age to obtain such a certificate he would not be able to use it to enter any legally binding contracts, moreover, this is only applicable in the case of class1 signatures because the other two types have strict verification and involve submission of documents about proof of residence and majority.

To know more about Digital signature please visit 

Amendments to other statutes related to Digital Signature

Earlier, the Indian Evidence Act, 1872 had no provisions as to electronic signature being produced as evidence. But now taking into account the modern day situation and increase in the number of cyber-crimes, an addition of Section 47A provides that the Court has to establish the opinion of the validity of the digital signature and in doing so the opinion of the certifying authority has great relevance. Similar amendments to the code have been made to other Sections like Sections 67A, 73Aand 85B.

Even the Indian Penal Code, 1860 has been amended to incorporate the provisions relating to digital signatures. Section 466 contain the provisions relating to forging of electronic records whereas section 464 deals with the situation where a man is said to false document or electronic record.

Conclusion

It can hence be concluded that in this growing age of online transactions, the contracts being executed require strong security provisions which are currently being met with the digital signature. Although encryption was considered safe till the recent past, it is not so now; new methods have arisen which prove that a user can now access the encrypted code without the key. Thus, this is where the government needs to step in and provide better online security to businesses as cases of cyber fraud including siphoning of funds have taken massive proportions in our country. What is required is that these signatures be linked to Adhaar card and other forms of biometric identification which would provide a more secure methodology for conducting business and filing compliance. Now, coming back to the question as to a minor applying for a digital signature, the answer in this respect stands that no, a minor can’t apply for such a signature as any contract entered into by him is void ab-initio.

In this blog post, Dhiren Sehgal, who is currently pursuing a Diploma in Entrepreneurship Administration and Business Laws from NUJS, Kolkata, explains how cyber-crime cells work in India. He also goes on to discuss the powers and functions of such cyber-crime cells.

Cyber-crime cells are the one track solution towards combatting and tackling cyber-crime. Now an act of cyber-crime is a punishable criminal act which may include acts of online stalking, online banking or credit card scams, hacking and proliferating software viruses. These cyber crime cells are the brainchild of the criminal investigation departments of cities in India and have been opened under these departments only to handle the issue of Internet related criminal activity. This computer and internet based crimes are governed under the Information Technology Act, 2000 and the Act further penalizes such acts.

We can arrange cyber-crime activities in two different categories:

The Computer as a target: utilizing a PC to assault different PCs. For example, Hacking, Virus/Worm assaults, DOS assault and so forth.

The PC as a weapon: utilizing a PC to perpetrate and commit actual and real world criminal activities. For example, Digital Terrorism, IPR infringement, credit card scams, EFT cheats, pornography and so on.

According to The Information Technology Act of India, when a cyber crime has been carried out, it has a worldwide purview and jurisdiction. Furthermore, a complaint or a grievance can be recorded at any cyber-crime cell in any of the cities. A person may need to give a name, street address and a phone number alongside an application letter headed to the respective person heading the cyber-crime cell when recording a complaint with the cyber-crime cell. A person must give specific documentation with a specific end goal to enroll a complaint with cyber-crime cell. List of records change with the kind of cyber-crime activity and differs from crime to crime basis.

In the event of hacking, the accompanying data ought to be given:

• Logs recorded in the server to look for evidence.
• A duplicate of the hacked site page in a soft copy format and in addition printed version format, if casualty’s site is destroyed. If information and data are lost or traded off on the casualty’s server or PC or another system network, then a soft copy of the original information and a soft copy of the lost information.
• Subtle details and information regarding access and control of the component hacked i.e. who had access to the PC or email of the casualty?
• List of suspects if the casualty is having any suspicion on anybody.
• All applicable and relevant data prompting the responses after inquiries leading to the following questions:

1. What is lost or compromised?
2. Who may have hacked the framework?
3. At the point when was the framework hacked?
4. Why may have been the framework or system hacked?
5. Where is the effect or impact of the assault distinguishing the targeted framework from the network?
6. What number of frameworks have been lost by the assault?
7. If there should be an occurrence of email misuse, obscene email, and so forth the accompanying data ought to be given: The augmented headers of culpable email and the culpable email.

To combat cyber crimes, the CBI has in place the following special units and structures:

(i) Cyber Crimes Research and Development Unit (CCRDU); (ii) Cyber Crime Investigation Cell (CCIC); (iii) Cyber Forensics Laboratory; and (iv) Network Monitoring Centre.

The CCIC which was established in September 1999 is an integral part of the economic offenses division, the cell enjoys its jurisdiction all over the country and has investigative powers for criminal offenses under the information technology act, 2000.

After the preliminary complaint filing, the investigation by the cell begins with search and seizure of digital evidence, which refers to an intangible form of data in the virtual world. The investigating officer has to look for a place where lies a suspicion that the computer or networks of different computers are likely to be found, and the help of computer forensic scientists may be required in such operations.

The advice of technical experts should be relied on and availed wherever necessary. The investigating officer needs to survey the equipment and needs to take precautionary steps before dismantling the system or the network so that no important data is lost. The next step is labeling and picturing the entire network site before the dismantling begins. Each and every part of the network system needs to be labeled correctly so that the reassembly is accurately done.

Also, in case a computer system is down, try not to turn it back on as it might lead to the eradication of the entire data in the system, likewise if a system is up and running then it shouldn’t be turned off before consulting or checking. Once everything is labeled and powered down, then the dismantling can be started, and a proper procedure should be taken while dismantling the system. Along with dismantling, all the documents related to the system or the working of the system should be seized as well as the manuals seized might be referred by the examiners at the forensic lab.

The Information Technology Act, 2000 provides any police officer who isn’t below the rank of deputy superintendent of police to investigate any offense under this Act. Also, according to the provisions of the Act, the central government shall appoint an officer, not below the rank of a Director to the Government of India or an equivalent officer of a state government to adjudicate and inquire the matter. Also, any police officer not below the rank of a deputy superintendent shall have the powers to enter and search.

In this blog post, Rajan S, a Contract Engineer with Amec Foster Wheeler Group, who is currently pursuing a Diploma in Entrepreneurship Administration and Business Laws from NUJS, Kolkata, discusses how cyber crime affects the sports industry.

Cybercrime targets almost every big sporting event. Though the crime is not life-threatening, it leads to threats like identity theft, statistics theft, financial loss and reputation damage. Major national and international sports event is a place for spectators, substantial fan follows, organizations investments regarding sponsorships and even governments and this attracts cybercrime to take advantage of fans’ excitement and their trust in technology and other online threats.

The advancement of technology and its influence among the users is the main reason for the evolvement of cyber crime. Even international reputed sports event like Olympics is a victim of such crime where a large number of fans lost their money to purchase the tickets through fraudulent merchant websites. Those victims not only lost their money but they lost the opportunity of witnessing their favorite games, and most of them have been victimized for stolen credit card information and other personal information.

Spam is a one of the common methods used by attackers in sports events. In one of the Olympic event, fans were targeted by spam emails that they won a lottery contest and to claim their prize money, such fans were provoked to reply to the phishing e-mails with their bank account details. And some attackers had campaigned to fans that they have won tickets and to claim that, recipients were prompted to give out their details, thus allowing cybercriminals to steal their online banking details.

A similar type of cybercrime techniques was used in one of the FIFA world cups, a spam email circulated to targeted fans referring to fake lucky draw contest, and the victim was prompted into giving out personal information for a fund transfer transaction wherein recipients are convinced to send certain money by promising a large amount of money in return for that.

These types of cybercriminals steal sensitive details from fans like financial and personal information via phishing websites, search engines, and even fake apps. Highly famous international events are frequently targeted by cybercriminals to lure the fans for into their online traps. Cybercriminals are aware that fans tend to take security for granted, particularly during the rush to witness their favourite sporting events. Such cyber crime is not only dangerous to fans and also damages the reputation of that particular sports organization and even the hosting country.

To stay away from these kinds of cyber crimes, always stick to the official website when purchasing the tickets, and ensure that merchant payment website is secured and needless to say, not replying in any form to any spam emails.

In this blog post, Priyasa Patnaik, an advocate who is currently pursuing a Diploma in Entrepreneurship Administration and Business Laws from NUJS, Kolkata, discusses the laws related to telemarketing in India.

In this blog post, Rohan Chawla, a student of Delhi University who is currently pursuing a Diploma in Entrepreneurship Administration and Business Laws from NUJS, Kolkata, discusses the importance of cyberspace for economic growth and development.

There seems to be a ‘cyber’ version of everything today. Cyberlife, cyberadvocacy, cyberbullying, cybercrime, cyberwar, cyberculture, cyberlawyer, cybereconomy, cyberethics, et al. Even as we are increasingly coining terms, there is very little clarity as to what these terms exactly mean. Does the word cyberspace refer only to the internet? Or does it also include spectrum and airwaves? Is the term cyberspace country specific? Through this article, I shall first attempt to clarify what is ‘cyberspace’ and then go and show its impact on economic growth and development.

The Oxford Dictionary defines ‘cybersapce’ as the notional environment in which communication over computer networks occurs^[1]. India’s National Cyber Security Policy, 2013^[2] defines ‘cyberspace’ as a complex environment consisting of interactions between people, software, and services, supported by worldwide distribution of information and communication technology (ICT) devices and networks^[3]. The UK Cyber Security Strategy defines ‘cyberspace’ as an interactive domain made up of digital networks that are used to store, modify and communicate information. It includes the internet, but also the other information systems that support our businesses, infrastructure and services^[4].

Thus, in layman’s terms, ‘cyberspace’ would refer to the interaction and communication through/on the internet (or other shared network). The space referred therein is the Internet or other shared network^[5].

What is the impact of cyberspace on economic growth and development? For starters, cyberspace has no physical barriers and hence is not restricted by territorial limits. A service provider in one part of the world can freely provide his services to a person sitting in a different part of the world. If the goods/services are in electronic form, then the trade between the two persons can be conducted without any physical exchange^[6]. Outsourcing boom in India is a testimony to the fact that services can be effectively outsourced across oceans. Even though the parties are geographically removed, they are connected via cyberspace. Regarding economics, this helps bridge demand and supply inefficiencies.

Cyberspace is also a leveling medium. Each connected to the internet can avail everything that the internet has to offer (freely and fairly). The rules of the game are equal for everyone. Cyberspace provides an opportunity for everyone to reap its benefits. Million Kitchen^[7] is a technology driven home food discovering and ordering platform. It connects home-based chefs with customers seeking home cooked food through the medium of cyberspace. It allows any individual who can cook a clean and healthy meal to earn his/her living. Technology reduces the number of barriers and allows for entrepreneurship. A similar story follows in case of application driven cab services such as Ola and Uber. These startups have enabled car drivers to be entrepreneurs and given them a chance to own a car and run a car service^[8]. Through these mechanisms, cyberspace enables promotion of entrepreneurship, creation of wealth and employment and inclusive growth.

Additionally, cyberspace allows for free flow of information and knowledge, enabling all persons to access material across subject areas thereby enhancing their skills and expertise. The advent of online education platforms such as Udemy, Coursera, Khan Academy et al., have enabled people to access knowledge which was earlier localized in universities and schools^[9].

Improvement in literacy rates has various follow-up benefits such as improved health, sanitation, cleanliness, gender equity, improved employability, reduced crime, etc. In a modern welfare state, the Government engages in a plethora of activities. Cyberspace promises several benefits in Government to Citizen Transactions. For instance, the Government of India provides for online tax filing, online requests for RTIs (for certain departments), complaint registrations (for some departments), passport application, forest clearance, admission process in some universities, etc. The citizen can access government services at his convenience. However, the greater benefit is that in countries like India, where corruption is rampant, cyberspace is a fair and transparent alternative which is hard to scheme/beat. The government official’s discretion decreases the interaction with the official decreases and hence so does chances of bribery. Leakages are plugged, and the wastage of resources decreases^[10]. There are also cost savings that accrue to the government from decreased face to face transactions. The interaction of the Railway Minister^[11] and External Affairs Minister^[12] with the public through Twitter has saved lives as well.

A word may also be said about online marketplaces. Online marketplaces (such as Flipkart, Amazon, Snapdeal, etc.) allow consumers to compare prices of various commodities and allows them to choose the best deal. It offers products to consumers that may not otherwise be available in the physical marketplace around the consumer’s geography. Additionally, there are specialized  B2B platforms that enable purchase and sale of industrial products (such as Industry Buying, Construction Bazaar) and some that enable SMEs to club together and place a large order for their needs (such as Power2SME). The consumer is now spoilt for choice, and that enables better selection in the consumer’s basket.

Payment banks deserve a mention too. Payment banks ensure that money leaves a trail and that the dependence on physical cash decreases. These banks provide incentives to users to pay for services electronically. Not only does that reduce paperwork, but it also enables the government to track transactions. While it is ambitious to say that this will help tackle the menace of black money, but it is a good beginning and deserves mention.

In the end, social media may also be mentioned. Social media has helped in the exchange of ideas and views. A vibrant democracy is crucial for economic growth and development. The concept in itself is a bit fluffy, but there are long-term benefits of idea sharing.

However, cyberspace is not without blemishes. Cyber crime and cyber fraud are commonplace now. Criminals are using the cyberspace to further their nefarious designs. Cyberprivacy is also becoming an increasing issue with identities of persons being stolen. There is a constant attack on government websites and servers, threatening crucial infrastructure that runs the country. There are also instances of cyberwar and cyberterrorism. It appears that the ‘cyber’ prefix has a long way to go. The benefits of cyberspace are several (economic and otherwise), and it does not seem that its end is near.

Footnotes:

^[1]http://www.oxforddictionaries.com/definition/english/cyberspace

^[2]http://deity.gov.in/sites/upload_files/dit/files/National%20Cyber%20Security%20Policy%20(1).pdf

^[3] This definition uses a conjoint version of the term. According to Towards better understanding Cybersecurity:or are “Cyberspace” and “Cyber Space” the same?By Madnick, Choucri, Camiña and Woon (MIT, Nov 2012), there might be certain differences between the terms ‘cyberspace’ and ‘cyberspace’. For this article, we keep aside such differences and use the two terms with reference to the internet.

^[4]https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/60961/uk-cyber-security-strategy-final.pdf

^[5]For a detailed review of definitions, see the Cisco Blog (July 2012) – Cyberspace – What is it?: http://blogs.cisco.com/security/cyberspace-what-is-it

^[6]For more information, see electronic freelance websites such as Up work

^[7] http://www.millionkitchen.com/how-it-works/

^[8]The Uber and Ola experience is not limited to cab/taxi service. Read Deepak Shenoy’s brilliant article on the varied possibilities and the economics – http://capitalmind.in/2014/11/what-to-make-of-the-richly-funded-taxi-services-uber-and-ola/

^[9]You can read a detailed report by SRI Education (March 2014) on the Use of Khan Academy in Schools: https://www.sri.com/sites/default/files/publications/2014-03-07_implementation_briefing.pdf

^[10]Estonia is a great example to show how the cyberspace can be leveraged to provide government services. Read this interesting piece for more details – http://www.theatlantic.com/international/archive/2014/01/lessons-from-the-worlds-most-tech-savvy-government/283341/

^[11]http://www.ndtv.com/india-news/sos-on-twitter-get-railway-minister-suresh-prabhus-express-attention-1249141

^[12] http://indianexpress.com/article/india/india-news-india/sushma-swaraj-does-it-again-helps-out-distressed-indian-woman-in-germany/

In this blog post, Aditi Sampat, Advocate at Nabco Enterprises Pvt Ltd and a student of the Diploma in Entrepreneurship Administration and Business Laws by NUJS, describes the concept of spamming and analyses the laws against spamming in India.

What is Spamming

Spamming most commonly relates to Electronic spamming. It is the use of electronic messaging systems to send unsolicited messages, especially advertising as well as sending messages repeatedly on the same site. The most widely recognized form of spam is email spam. However, the term is applied to similar abuses in other media such as instant messaging spam, Usenet newsgroup spam, Web search engine spam, spam in blogs, wiki spam, online classified ads spam, etc.

However, what constitutes ‘unsolicited messages’ could be subject to diverse opinions. One opinion suggests that unsolicited messages are ‘advertisements for products and services.’ This possibly could be the most common definition of spam. However, it could be misleading. Spam would be much more than merely an advertisement for products and services since it could be possible that there could be unsolicited messages that do not advertise a product or service.

The word “Spam” is named after a luncheon meat, by way of a Monty Python sketch about a menu that includes Spam in every dish. The food is stereotypically disliked and unwanted and hence the word came to be transferred by analogy.

Spamming remains economically viable for advertisers since they have no operating costs beyond the management of their mailing lists, servers, infrastructures, IP Ranges and domain ranges. Due to this reason, it becomes difficult to hold senders accountable for their mass mailings. Another important reason for the non-accountability of the senders is that the barriers to entry are low which is why there are numerous spammers who have led to a high volume of unsolicited mail.

In the year 2011, the estimated figure of spam messages was around seven trillion. The costs, such as loss of productivity and fraud, are borne by the public and the Internet Service providers.  Spamming has been a subject of legislation in many jurisdictions all over the world.

Brief History of Spamming

The history of spamming dates back to the late 19^th century when the Central Western Union allowed telegraphic messages on its network to be sent to multiple destinations. However, the first recorded instance of a mass unsolicited commercial telegram is in May 1864 when some British politicians received an unsolicited telegram relating to the advertising of a dentistry shop.

The first known history of email spam dates back to 1978 when a message advertising the availability of a new model of Digital Equipment Corporation was sent to 393 recipients on ARPANET. A single mass email was sent rather than a separate message to each person. Though the reaction from the net community was negative, the spam did manage to generate some sales.

Spamming was being practiced as a prank by participants to fill their rivals’ account with unwanted junk emails. The first known electronic chain of unwanted junk emails was titled ‘Make Money Fast’ which was released in 1988.

Till the early 1990s, virtually electronic spamming was ignored in major States of the world. The first major commercial spam incident was when a team of lawyers started using the bulk Usenet to advertise immigration law services. This event was commonly termed as the ‘Green Card Spam’ as it is related to the subject line of the posting. In the wake of widespread criticisms, the lawyers claimed that they had the right to free speech which included the right to send unwanted commercial messages.

Within a few years, the focus of spamming remained around the area of email and until today, it remains in that area. The aggressive email spamming by some high profile spammers from mid to the late 1990s contributed to making spam predominantly an email phenomenon in the public mind.

By 2009, the majority of the email spam sent around the world was in English and hence spammers began using automatic translation services to send spam in other languages.

Whether Spamming is a Crime?

Having defined Spam and Spamming, primarily now, the concern should be that what are the constituents of cybercrime and whether spamming can be considered as an offense in law.

There is a broad consensus that the definition of cybercrime primarily constitutes ‘a criminal activity committed on the Internet’. The element of criminal activity in the definition of cybercrime is a deciding factor as to whether spamming constitutes a cyber crime or is merely a time massacre.

The main problem is how to criminalize email spamming in case it is considered as a cyber crime. In other words, how would it be possible to decide whether a criminal activity has taken place in the case of email spamming?

Many of the old legislations put forth the proposition that email spam should be treated in the same manner as junk mail since they share similar elements. However, one must note the important distinction which is in the case of junk mail, the sender bears the cost of sending the email whereas in the case of a spam email, it is the recipient who bears the cost through higher operating costs from their Internet Service Provider.

Criminal law, while encountering the problem of categorizing of offenses, usually refers to antiquated legislations that fit the modern crime. Hence, in the case of email spam, the line of attack is to label spam emails as an offense of trespass. However, the offense of trespass would hold good as far as the Internet Service Provider is concerned, and not the recipient of spam and junk email stands on the same footing as far as the recipient is concerned.

A group of lawyers who support to include spamming with the realms of criminal law advocate that not only is a business losing billions of dollars every year, but also has been very dangerous commonly in the form of phishing emails whose intent is to defraud innocent people.

Most opponents not favoring criminal law legislation argue that to criminalize spamming would be restricting the right to free speech. The argument put forth is that primarily the use of Internet is for sending and receiving emails and since it is an unregulated domain and hence there is a right to free speech. This contention is also cannot be ignored.

There are two cornerstone issues that form part of spamming and free speech:

1. The content of the spam mail.
2. Forum by which the spam email has been disseminated.

It should be noted that the right to free speech is not an absolute one since it is evident that there are certain limitations on the right to the freedom of expression. Hence, any spam email containing content which is sexist, racist or inflammatory remark would be in breach of criminal law. However, 90% of the spam emails contain none of such content. Hence no crime has been committed. 

One must also note that the forum by which spam email has been sent is also important as is its content. Here the focus would be whether the spam message constitutes public message or private message.

The established law clearly states that the forum is public if:

1. The forum is used for assembly and expression.
2. The principle purpose of the forum is to allow the exchange of ideas.

A website would be a public forum. On the other hand, email accounts would not qualify the above two criteria. Hence they are designated as a private forum.

One could say that the existing legislation would differ as to whether email spam qualifies as a public forum or private forum since it is not necessarily an offense against the recipient, but an offense against the internet service provider who qualifies as a public forum. This is the fundamental bone of contention between the supporters and opponents of a campaign to legislate spam email under criminal law wherein the contentions are based on very strong fundamental beliefs.

Laws against Spamming in India

Presently, the Indian Government is yet to legislate a law that directly addresses the issue of spam. The existing law in the form of the Information Technology Act 2000 does not contain any provision concerning regulation of spamming, though it does regulate obscenity which covers publishing, transmitting or causing to be published in electronic form any material which is lascivious or appeals to the prurient interest.

There are many reasons for having a comprehensive legislation on curbing, controlling and penalizing spammers –

1. The Honourable Delhi High Court acknowledged the absence of appropriate legislation concerning spam wherein it was held that in the absence of statutory provisions to check spam emails, the traditional principles of tort, trespass and nuisance would have to be used.
2. The ever increasing number of Internet users in combination with the increasing proportion of junk email makes it necessary to curb spam before it assumes huge proportions like in the United States.

The Ministry of Information Technology has initiated discussions to incorporate provisions against spammers. However, the Ministry is yet to decide whether the punishment against spammers should be meted out after verifying the nature of the spam, that is, whether the act of spamming was done inadvertently or on purpose.

The Government is looking to set up a Centre for Communication Security Research and Monitoring to monitor the activities of criminal elements online. The Nodal implementation agency for the same would be Centre for the Development of Telematics. The Research, wing of the Centre, would focus on multiple communication technologies and would monitor all traffic types such as satellite, wireline, wireless, the Internet, email, VoIP, encrypted communication for de-encryption of net-based encryption methods, regulatory standards to be adopted by telecom operators and system design.

In addition to the above effort, the Indian arm of the Coalition Against Unsolicited emails has been established to make efforts to combat the spam menace. However, in the absence of stringent laws and technical advancements, all the efforts to fight spam would be tough.

Sources

1. https://en.wikipedia.org/wiki/Spamming
2. http://www.criminallawyergroup.com/the-email-spamming-a-cybercrime-a-time-massacre/
3. http://www.karnikaseth.com/legislation-against-spammers-soon-computer-networking-news.html
4. http://www.legalservicesindia.com/articles/spamli.htm

In this blog post, Abhijeet Anand, Technical Sales Support Engineer,  Schlumberger, and a student pursuing a Diploma in Entrepreneurship Administration and Business Laws by NUJS, lists and describes the steps that companies can take to avoid data theft. 

With the boom of the  IT industry and virtual technology, the technology for hacking and data theft has increased proportionately as well. Data theft, put in context, is the unauthorized copying or removal of confidential or personal information from a business or other large enterprise. As a matter of fact, the theft of trade secrets and customer information cost companies an average of $2 million every year, according to research conducted by security software maker Symantec Corp. This is the largest data theft that has occurred in history, where:

• Two billion internet profiles (usernames and passwords) have been compromised.
• More than 420,000 websites have been affected.
• Well, renowned international, national, as well as small companies, have been impacted.

When compared to data loss, data theft is a more extensive threat as it’s clearly malicious, and statistics suggest through this intuitive theory that data which is stolen is 12 times more likely to be used in fraud than data simply lost. This article will help understand data theft, in brief, whether the actual enemy is involved in the system or outside, suggest preventive steps, and later advice for legal support.

What kind of data theft?

Before reaching the conclusion to prevent or mitigate data theft, it is necessary to evaluate the kind of data theft you need to work on. There are broadly two types of data theft that companies or businesses encounter: identity (ID) data theft (the theft of customer records) and the theft of a company’s business strategy or proprietary information or intellectual property.

ID or identity data theft: ID-related data theft occurs when the customer records or data are stolen or illegally copied. The information stolen typically includes customers’ names, contact details, addresses, usernames, passwords, and PINS, account and credit card numbers. This is a serious breach of personal details of the customers and at worse affects the overall business of the organization especially in IT and banking industry. A single data theft from a company or organization can affect a large number of individual victims.

Non-ID data theft: This type of data theft relates to any compromise other than customer records. This occurs when the company’s confidential or proprietary information, intellectual property is stolen or copied and passed on to the benefit of competitors and loss to the business or company. A company’s confidential information includes its financial reports, marketing plans, and contracts with other firms, employee records, and new product specifications and so on.

Who is the actual enemy?

After identifying the type of data theft, it is necessary to ascertain the people who may have indulged in this malicious activity. Broadly the perpetrators of data theft can be divided into three groups:

• Internal employees (company staff)
• External competitors or hackers
• Contractors or temporary employment employees who move in and out of the company

Interestingly, the latter, i.e., the breach from contractors seldom happens (which may show that they are more honest than the average employee, or don’t know to steal the data or, just don’t get caught or maybe they are not aware of the same at all). Either way, contractors can be treated as being internal or external, from a network perspective. Equally, internal employees could use the knowledge of the network to attack the system externally.

• Internal Network or employees: A full-time employee has access to network and server files or folders, knows to enter the system and can liaise with multi-department people to carry on the malicious activity. They do not have to defeat passcodes, breach database security system or go through firewalls. All the data is available to them and can be taken out from the network through a variety of different methods including, email, USB or printing.
• External Network Attacks or hackers: The Company’s database security if not secured well from external threats is vulnerable for hackers to enter into the system and get the requisite details. This has been a very common incident repeatedly reported worldwide. They have to take a much harder route, but it is frequently done by identifying a weak link in the security or liaison with an internal employee.

Preventing the vulnerability of data to thieves

Having identified the type and enemy which may be involved in the data theft, it is necessary to build a robust security system to prevent both the internal and external networks to take the data from the company. This can be done by a variety of preventive measures which is discussed briefly as under:

Data Access and Storage: This is a major step to prevent data theft or the threat from the internal network. Only necessary data should be given access to concerned people and should be based on NEED TO KNOW basis.

• Hard copies or paper document: Abolish or primarily lock in safeguards. The paper files should be shredded as soon as they are no longer needed or a server has been created. According to John Rowan of Advantage Business Equipment, the following nine things businesses should shred are:
  • Any mail with a name and address
  • Luggage tags
  • Trip itineraries
  • Extra boarding passes
  • Credit offers
  • Price lists
  • Vendor payment stubs and paid invoices.
  • Cancelled checks
  • Receipts
• Restricted access to sensitive or important data: The data access should be on a “Need to Know” basis and the concerned person should be given access only to that relevant data. This implies that the data should be well segregated and organized with an adequate level of security associated with each of them.
• Segregation and organization of data: Every company or business is different based on its fields or area of operation. It is necessary that the data associated with them is well segregated, and the internal employees can very well do this. The data organization should be well audited and assessed by  hiring an external expert for the external advice.

Technology:

• Encrypt or protect all computers, devices, and systems: The access to a company’s and employees’ devices and computers should be restricted, and necessary encryption with passcodes should be present. This makes it difficult for external networks to intrude into the internal network easily. The system should be protected with restricted user access and enabling remote wipe on all devices.
• Install or enable a firewall: This prevents outsiders from entering into the company network.
• Protect Wireless network in the company premises: Using a strong password with employee authentication and using encryption will prevent any external sources from using the internal Wi-Fi system.
• Restrict of physical movement of information: This necessarily includes the check on the transfer of information from company devices to USB, CD, mobile or any other portable media. This is the most important check that needs to be in place to prevent the threat from the internal network.
• Use of anti-virus software, anti-spyware: This is almost mandatory to any cyber transaction or information storage. The selected anti-virus should be well equipped for dynamic virus identification and handling.

People:

• Authentication and password: A strict guideline in place of the use of strong passwords should be in place and the two-factor employee authentication system in place will make way for proper identification of employees.
• IT and data security policy: This, however, is a mandatory policy of both IT and non-IT related companies nowadays but lacks implementation at several occasions. This needs to be strengthened with adequate measures for breach of the policy and must include clauses for protecting the company’s data both in hard and soft forms.
• Training: This is the most important part of people’s preparation to the threat from external networks on their systems or devices. Regular awareness programs, sample phishing exercises should be conducted to make the employees aware of the threats that they face.
• Social media policies and employee management: The company management should be in line to create and enforce social media policies so that employees are well aware of the importance of data and their role and responsibilities when sharing data with an external network. To achieve this, it is the company’s top management responsibility to enable them to be enacted to the roots of the company and treat the most important asset of the company, i.e., the people well.

Mitigation or legal support framework in India

A company or business should be prepared for any potential data breach as they are a simple result of employee negligence or mistake which is very difficult to negate completely. India specifically has been proactive to react to the data theft globally, however,  it does not have a specific legislation in place likes UK’s The Data Protection Act, 1984. India boasts of its Information Technology Act, 2000 to address the over growing cyber-crime, including data theft. In reality, this Act is not well equipped to tackle such extensive situations and does need a new look by the Indian Government to prevent any such malicious activity or attempt.

Conclusion

Data theft is one of the most concerning issues for any company or business in the present era and poses the threat of completely washing out businesses as well.  It is very important for any business to identify the type of data threat it can encounter, people that may potentially affect it and take necessary actions to prevent them and in worst cases mitigate with the latest available legal framework.

[divider]

References:

1. http://www.legalserviceindia.com/article/l267-Data-Theft-in-Cyber-Space.html
2. http://www.itbusinessedge.com/
3. https://whereismydata.wordpress.com
4. http://www.businessidtheft.org/

In this blog post, Sakshi Samtani, a student of K.C. Law College, Mumbai, who is currently pursuing a Diploma in Entrepreneurship Administration and Business Laws from NUJS, Kolkata, explains the concept of deputation of employees.

Deputation is a type or form of recruitment. Officers and employees of the Central Government, State Government, and Union Territories from beyond are appointed or elected to posts within the Central Government for a specified period, which on that period ending the employees must/have to go back to their previous positions at the parent company or body.

If the position is an isolated one, it is much preferred to make the type of recruitment a short-term contractual agreement, or else the officials holding these posts, if recruited directly, won’t have any medium of moving up or making career progress.

It must be noted that Deputation is not the same as Absorption. There is a considerable distinction between the two terms. With regards to Absorption, the officer who at the onset begins in Deputation, might be absorbed into a permanent position, if the rules of recruitment impose that absorption can be given due recognition as the prescribed procedure of recruitment. Such mode can only be brought about in the circumstances of those Central or State Government officers/ officials who are already on deputation.

In the event where the field of promotions or grades has only one posting, the mode of recruiting by promotion by deputation, such promotion which includes short–term contracts is recommended in such a manner that the officer who is deemed eligible for that department is contemplated alongside other potential candidates who are outsiders. If such departmental nominee gets selected to adorn the post, such office is to be treated as one that has been filled by a promotion – on the other hand, if such post is to be filled via deputation or short – term contract for the decided period of such deputation, which on the conclusion, the designated departmental officers will be given an opportunity to be contemplated for election to the post, once again.

It is to be decided that officials holding equivalent positions on a routine basis as well as officers who work in the next/lower grade along with means of qualifying on a regular basis which has been made the norm for promotion, all come under the field for such deputation or absorption or short – term contracts as much as is possible.

It is of utmost importance to decide or determine the eligibility of an officer or official for deputation in the event of  (a) an opening or vacancy which is already in existence at the time issuing a notice of communication that nominations are invited  – where such eligibility may be decided upon with regards to the last date for receiving such nominations in such Organization or Department or Ministry which are bound to make a decision regarding the appointment to an existing post. And in the occurrence of (b) where the Department anticipates a looming vacancy, it is important to determine such eligibility of potential contenders on the very date at which they expect the vacancy to come to light.

There are certain circumstances where the Union Public Service Commission or the UPSC are brought in to consult or advise where recruitment is taking place. The UPSC is brought in to consult on the matters of recruitment to all the Central Civil Services and Central Civil Posts. Exemption from such consultation is administered by the Union Public Service Commission themselves under the Union Public Service Commission (Exemption from Consultation) Regulations, 1958 as amenable to changes as and when. Also, governing the recruitment is the Central Civil Services Posts (Consultation with Union Public Commission) Rules, 1999 as changes have been amended. The circumstances in which the Union Public Service Commission are to be brought in to consult with regards to deciding on recruitments to positions are in the matters of (a) Direct Recruitment, (b) Re – employment, (c) Absorption, (d) Composite methods of recruitment – where the nominee to such Department is to be taken into consideration along with outsider nominees. And in the event of deputation where such field under consideration involves State Government Officers or Group ‘A’ & ‘B’ officials of the Central Government at the same time and if such field includes officers from the Central or State Government as well as the officers from non – Governmental institutions. Lastly, UPSC is also to consult on any of the rules of Recruitment, which are to be subject to relaxation or amendment as the case may be.

There are a couple of recognized cases, which illustrate the definition of Deputation with clarity:

In the matter of State of Punjab and others v. Inder Singh and others, it is stated that the idea behind the term ‘Deputation’ is commonly understood in service law and the meaning behind it is well recognized. It is simply stated that Deputation means service outside the cadre or originating/ parent department. To depute is to transfer an employee to a post outside his original position, perhaps to a new department or new position for a temporary period. On expiration of the period of deputation, the employee must return to his original department and continue to hold the same position as held before his temporary post, unless he has during that time earned a promotion to a higher position within his parental department in accordance with the Recruitment Rules. Now whether such an assignment is to be outside the regular field of recruitment or within the normal field is to be determined by the relevant official having the jurisdiction to control such position or service from which such employee is shifted or assigned as the case may be. It is to be noted that deputation cannot take place unless the person who is to be deputed has given consent. And on being deputed to a new position much know his rights and his privileges with come along with such a post.

In another case decided by the Supreme Court, in Umapati Choudhary v. State of Bihar and Another, deputation can be appropriately defined as an assignment of the deputations(another word for an employee ) from one office or department more known as the lending authority or parent body, to a different organization or department also commonly known as the borrowing authority. The importance of deployment by deputation is recognized in the interest of the public to meet the predicament of public service. Deputation as a concept in one that is of a consensual nature, which requires a decision of a voluntary nature of the employer to lend the services of the officer working under him, and there must be an acceptance that follows voluntarily by the employer who is borrowing such service. The officer must also have given his consent to proceed with such deputation or not.

Recently, the good news was given to corporate employees and executives to travel abroad frequently for work. The Authority of Advance Ruling (AAR) made a judgment saying that if employee is deputed abroad for a period of six months (180 days) or more than six months, such corporate employee would be categorized as a Non – Resident India (NRI) and would be able to avail of a tax – free benefit on his Indian salary.

This means that usually, for international work or assignments, the corporate employee/ executive will continue to get his Indian remuneration in his Indian bank account. Usually, such executives are also allowed a daily allowance for his tenure abroad. Now, as per the old norms, when you apply the Indian Tax Act, the remuneration, and the daily allowance both are to be taxable. Now, with the new ruling of AAR, the employee is going out of the country for work reasons, so if he has not resided in India for at least 182 days or more than the minimum number prescribed, he is eligible to acquire the status of NRI and hence his earnings would be tax – free.

LawSikho has created a telegram group for exchanging legal knowledge, referrals and various opportunities. You can click on this link and join:  

https://t.me/joinchat/J_0YrBa4IBSHdpuTfQO_sA