Monthly Archives: April 2016

Trans Border Hacking And Search Activities Of FBI Would Violate Civil Liberties And Cyber Laws Of Different Nations

PRAVEEN DALAL MANAGING PARTNER OF PERRY4LAW AND CEO OF PTLBInternet is full of news and discussions about the recent expansion of the Rule 41 of the Federal Rules of Criminal Procedure by US Supreme Court. While the Department of Justice of US is trying to pass the amendment as a simple modification yet its ramifications are global in nature. To put it straight, the proposed Rule would allow the FBI to access, search and hack any computer, device or equipment remotely while sitting at the home.

Even worst, FBI can hire the services of hackers who can get the job done on behalf of FBI or any other law enforcement agency. State sponsored hacking is not a new concept and almost all the countries are engaging in such activities. Not only this the hackers who work on behalf of a country are also granted legal immunity against cyber deterrent acts by these countries. Even the intelligence agencies of India have demanded such legal immunity in the past and the result of such demand is still not clear.

In these circumstances, it would be naive to suggest that the proposed amended Rule would not violate privacy and cyber laws of different jurisdictions where FBI would use its newly acquired hacking power under the proposed Rule.

All individuals have a right to privacy and this right includes their digital properties, computers and information stored in these computers. Just like you cannot enter into my home without a justified reason and court warrant similarly there is no reason why FBI should intrude into my privacy by some self assumed powers under a US Rule. Further, it is very difficult to understand how can a search warrant issued by a US court empowers the FBI or US law enforcement agencies to access my computer in an unauthorised, illegal and unconstitutional manner? When even Indian government cannot do so how can a foreign government commit such an act?

Clearly, privacy is at grave danger with such attitude and Rules and this would also affect the cloud computing industry as well. Who would like to store their sensitive documents on clouds managed by US companies in such disturbing circumstances? Similarly, the proposed Rule would also flare up the cyber espionage and cyber warfare race among the nations. All this because a vague and unconstitutional US rule empowers FBI and other law enforcement agencies of US to violate civil liberties and digital rights of netizens around the world.

This is a situation where even the self defence would not sufficient and nations and individuals would try their hands upon aggressive defence. There would be a sudden change from the defensive cyber security strategy to an offensive cyber security strategy around the world. The limits to legitimate exercise of self defence would ceases to exist. In the absence of international cyber law treaty and international cyber security treaty (PDF), this limit has to be judged and guided by the principle of private international law.

The proposed Rule would further increase the conflict of laws in cyberspace and negate civil liberties protection in cyberspace. Use of malware would further increase that would make the Internet and cyberspace a more insecure place. Malware are already defeating the cyber security safeguards and this global cyber espionage, cyber warfare and hacking power of FBI is only going to make the scenario more complicated.

Civil liberty activists need to come up with innovative ideas and products to safeguard privacy of netizens. When the Tor system is already been compromised, even the Tor community need to have a relook at their product. Similarly, smart phones encryption is widely targeted these days and the same can be cracked by the law enforcement agencies. Smart phone companies are also required to make their encryption protection stronger otherwise consumer would loose faith in their products and services. Telecom companies are also required to fight against illegal e-surveillance activities of governments around the world.

It is imperative on the part of Indian government to clarify its stand on the proposed Rule and ask its US counterpart for an explanation in this regard. Similarly, other countries should also ask US by what authority they can access the computers and devices located in foreign jurisdictions? As on date, the trans border hacking and search activities of FBI would violate civil liberties and cyber laws of different nations.

Contemporary Malware Are Defeating Cyber Security Products And Services

Perry4Law-Organisation-P4LOInfection and compromise of systems and devices is not a recent phenomenon. However, malware in the contemporary times are highly sophisticated in nature. In fact, as per a report, malware nuisance would significantly increase in the year 2016.

Malware writers are no more script kiddies who hack for the sake of fun. Now the motive of these hackers ranges from cyber espionage, financial gains to cyber warfare. Naturally, malware play a key role in achieving these objectives.

Malware are a big cyber security nuisance for long. Cyber security vendors have been trying to contain various sophisticated malware that come up from time to time. As the nations and state actors have become interested in these malware and some of them are even funding their development and exploitation, cyber security products and services are finding it difficult to match their capabilities.

Till the time a cyber security product or service is launched to contain a sophisticated malware, the havoc and damage is already done. In this article titled “Malware Are Defeating Cyber Security Safeguards With Ease“, this fight between malware and cyber security products has been aptly described.

Presently malware are clearly winning the fight between security and system infections as security products are inherently incapable of tackling zero day vulnerabilities and state sponsored cyber attacks.

In the research article titled “Prospective Cyber Security Trends In India 2015“, Perry4Law Organisation (P4LO) predicted that state sponsored cyber attacks would increase. This actually happened and even Twitter and Google issued warnings that state sponsored cyber attacks may be there for their products and services. The “Cyber Security Trends In India 2016” have also predicted the rise of botnet, malware and cyber attacks against critical infrastructures around the world.

It is a wake up call for the cyber security vendors to either improve their security products and services or become redundant and ready to be exiled. What is the purpose of an anti virus that cannot detect and remove a malware?

At the same time there is a need to change the attitude towards cyber security by individuals, companies and governments. At the organisation level, there must be a techno legal policy for cyber security that should be religiously followed. Any lapse in the policy may be lethal for the financial and brand value of the organisation.

As far as India is concerned, India is still struggling to establish the Chief Information Security Officer (CISO) culture. Even at the government level, CISO culture is still missing. For instance, recently the Prime Minister Office (PMO) of India appointed Dr. Gulshan Rai as the first CISO of India. Although this is a very good and pro active move yet we have seen little development in this regard so far. Similarly, appointing the Chief Information Officers (CIOs) was made mandatory for all banks in India in 2012 yet till 2016 banks have not done so. In fact, cyber security of banks in India is in a very poor condition.

Even the government projects like National Critical Information Infrastructure Protection Centre (NCIIPC), National Cyber Coordination Centre (NCCC), etc have failed to achieve for what they were contemplated. There are no cyber breach disclosure norms in India as well. As a result we have almost missing cyber security infrastructure in India that needs to be revamped and strengthened immediately. This is more so when India has introduced the “Digital India” project that would make Indian infrastructure vulnerable to sophisticated cyber attacks from around the world. When everybody is passing the buck who is going to bell the cat named malware.