Best Cyber and Privacy Lawyer 2022 awarded to Adv Prashant Mali

Prashant Mali receiving award from Actor Makrand Deshpande 

Advocate Prashant Mali Got Best Cyber and Privacy lawyer of the year by the hands of Makrand Deshpande , other awardees include Mumbai Mayor Kishori Pednekar, ex Mumbai Police Commissioner Hemant Nagrale , VC of University of Mumbai, Hon. Sharad Pawar  n others . Lop Devendra Phadnavis and MP Sanjay Raut were chief guests 

Earlier Lt. Balasaheb Thakre and Lt. Lata Mangeshkar we’re also recipients of the same award. 

#award #cybercrime #privacy #lawyer #law #follow #media #mumbai #cybersecurity #publicpolicy #IamChevening #IVLP #media #news

Ecommerce Online Consumers can file a case anywhere on Sellers in India

Landmark Decision for Online Marketplaces: Online buyers can register a case on sellers anywhere in India.

By Prashant Mali     

Spicejet Ltd Vs Ranju Aery      

The issue of jurisdiction has made a lot of people sweat in the recent past since the Internet has come into play. With the nation recognizing different forms of businesses that are Internet-dependent, the law has definitely had some catching up to do. I have personally utilized this independence day holiday to research all important legislation and case law in this matter and through this blog, I would like to make my research available for everyone to study.

As a practicing Ecommerce Lawyer and Cyber thought leader of the country, I feel that this recent decision of Supreme Court dated 4th August 2017 in the case of Spicejet Ltd is krantikari or as it is referred to in Law, a landmark decision. As per the case law deduced from this decision, it will be apt to say that an online buyer may sue a seller at any place. For the purpose of clarification, an online buyer here means any person who has purchased any goods via a seller online.

In my opinion, this will affect all ecommerce buyers like all of us and give them a much needed relief freeing them of the bounds of local jurisdictions but simultaneously, it will also increase the sellers’ overhead now as lawyers will need to appointed across all consumer forum jurisdictions that they have customers in. This observation lays emphasis on my earlier thoughts about ensuring Online Dispute Resolution (ODR) in cases involving Mobile wallets and E-Commerce.

In over-the-counter purchases, a consumer can file a complaint in the consumer court only within the local limits where the company/ opposite party resides, carries on business or where the transaction takes place (by the bare reading of the CPC). However, now the law says that online consumers can sue a company for deficiency in services at any consumer court of their choice. In these times, when E-Commerce trading is growing rapidly, this ruling from the Supreme Court has brought a big relief for consumers purchasing goods through websites and E-Commerce apps. 

A bench of Justices Adarsh K Goel and S Abdul Nazeer on 4^th August 2017 upheld a six month old ruling of the National Consumer Dispute Redressal Commission (NCDRC). The NCDRC had ordered Spicejet Ltd. to pay Rs 1.25 lakh compensation to Ms. Ranju Aery for cancellation of a flight. She had booked a ticket (Chandigarh to Delhi via Bagdodra and Kolkata) on yatra.com on June 23, 2015. The airline cancelled her return flight from Kolkata to Delhi without any reason and provided her no alternative. She approached the consumer court in Chandigarh and secured an order against Spicejet. In the appeal, the airline claimed that the Chandigarh court did not have jurisdiction to hear the case as the place of business of the company was at Gurugram. The airline relied on Section 11 of Consumer Protection Act which allows a complaint to be instituted by a consumer within the local limits of where the opposite party resides or carries on business or where cause of action arises.

Rejecting this argument, the NCDRC in its order of February 7, 2017 found the company guilty of cancelling her flight without reason when on that day 128 flights took off from Kolkata without any delay. The NCDRC noted that the airline gave no explanation for cancellation and failed to make any alternative arrangements. The consumer also stated her grief wherein she discloses that she purchased the ticket at a cost of Rs 80,855 after borrowing money from her relatives at Kolkata. Besides the compensation, the NCDRC directed the airline to refund the consumer Rs 80,855 with interest at the rate of nine per cent after deducting the airfare between Kolkata and Delhi. The company was also to compensate Rs 10,000 towards litigation cost. It has also been reported via news houses that the Supreme Court found no reasons to interfere with the National Commission’s order.

By reading the provisions of Consumers Protection Act, 1986 and I.T. Act, 2000 and with the help of the ratio of the judgement in A.B.C. Laminart Pvt. Ltd. and anr.'s case, we can safely hold that, where contracts for services and/or goods are entered into over the internet (or online as such transactions are commonly referred to), for the purposes of consumer complaints, part of the cause of action arises interalia, at the complainant’s place of business, if acceptance of the contract is communicated to her through the internet, including the medium of email. Further, irrespective of the fact, whether or not the contract is one made over the internet, cause of action would also continue to arise at any of the places

(a) where the contract is performed or is to be performed or

(b) where money under the contract is either payable or paid or

(c) where repudiation of the contract is received, if any.

As such, it cannot be disputed that a consumer forum is competent to entertain a consumer complaint, even if only an infinitesimal part of cause of action arises within its territorial jurisdiction. As a result, territorial jurisdiction over a consumer complaint would lie with the consumer forum situated at any place, where any of the aforementioned causes of action arises. This, of course, is in addition to the other places, where a consumer may choose to file a complaint in accordance with the other provisions of Section 11 (2) of the CPA, 1986. It was reiterated in the case of M.D.Air Deccan vs Shri Ram Gopal Agarwal where the State Consumer Disputes Redressal Forum interpreted Section 13 of the IT Act along with Section 11 of the CPA.

Conclusion:

To cope up with the technology law has to take the help of technology; as Charles Clark once remarked ‘The answer to the machine is in the machine’. Indeed, the perfect reply to the technological abuses is the application of technological innovation.

This is a landmark case in ecommerce dispute resolution and jurisdiction issues. This is a big relief for ecommerce buyers such as of Amazon, Flipkart, Naaptol, Myntra, online insurance providers, Travel portals etc. I feel online consumers have got clarity now that a case can be filed against online sellers sitting in their own homes as all consumer disputes also can be filed online with or without lawyers help. I feel the ratio held in the above case can safely be included in the next scheduled amendment of The IT Act, 2000 

The Court Orders for Download are available on following links below

District Forum  State Commission Order   National Commission Order  SC Order

Prashant Mali Interview in Business Standard Newpaper

Ransom-payers are also the cause of ransomware proliferation: Prashant Mali

The ransom to retrieve files was reportedly $300, to be paid in virtual currency bitcoins

Nikita Puri July 1, 2017 Last Updated at 21:20 IST

Operations at a terminal of the country’s largest container port, Jawaharlal Nehru Port Trust in Mumbai, came to a standstill earlier this week. The process of loading and unloading containers was halted as the port’s computers shut down after a major cyber attack that swept across the globe. The aggressiveness of the malware showed that such attacks were capable of bringing both corporate and government networks to a sudden halt. The ransom to retrieve files was reportedly $300, to be paid in virtual currency bitcoins. Cyber law expert Prashant Mali, also an advocate at the Bombay High Court, tells Nikita Puri how to prevent mass-scale civil disruptions that future cyber attacks can result in. Edited excerpts:
 
First we had individual companies and high-networth individuals who were targets of ransomware, then WannaCry hit servers across the globe. Now another malware, which some are identifying as Petya, has sent corporations into a tizzy. Do you foresee more such threats?

 
To date, financial cyber crime has only grown and it is yet to peak, so I would say it’s written on the wall that many more such attacks are expected in the near future. Such threats loom large as the ransom is paid in bitcoins, so the criminals aren’t caught. One thing the police and the government can do is to ensure that citizens make compulsory declarations of purchase of bitcoins and other cryptocurrencies (like ethereum) when they file their income tax returns. This can help the government see who pays and how much because, I feel, ransom-payers are also the cause of ransomware proliferation.
 
Security experts confirm that the malware isn't really a ransomware, but a wiper designed to destroy data. Reportedly, because of “ its aggressive features,” the malware makes it impossible to retrieve certain files leading many to believe that this attack may not have been for money. Can this be seen as an attempt to test how far companies will go to protect data?
 
Even if cyber attacks don’t cause financial damage, they definitely throw open defences. Identifying fortresses that have holes in their system can be of interest to the state and non-state actors. This data of the number of loopholes is in demand and is sold at a premium price. There are different types of people involved in the dark world: many a time those who look for such holes, those who attack, and those who intend to get ransoms are all different.
 
Companies are often wary of making such attacks public. Security firm Symantec has said that India is the worst hit in Asia, but we have confirmation only from Mumbai’sJawaharlal Nehru Port Trust. Do you think information sharing could actually help build a better defence against such attacks?
 
By not reporting such attacks, companies are depriving the nation of a knowledge database that can help other companies develop better defences. Symantec and other (security) vendors also cannot be fully relied upon because fear is what they harp on. The more fear they put in Indians, the more they sell security products. The Insurance Regulatory and Development Authority of India and insurance companies should make it compulsory for clients to file a First Information Report (FIR) before claiming cyber insurance. Once reporting to some government agency becomes mandatory to claim insurance, companies would be motivated.
 
What are the security measures that one must take to avoid such attacks? 
 
No one can be immune in cyber space and that's the reality. Only cyber awareness in organisations can bring in cyber resilience. I would advise organisations to have multi-prong policies to establish a cyber security culture. I feel the highest level of cyber safety can be achieved by establishing a cyber security culture in the company, and a country can be cyber resilient by cultivating a culture of cyber security in society. Government should quadruple its budget for digital literacy programmes. For the government to be ahead of hackers, we need cyber spies: our law and enforcement agencies should implant cyber spies among cyber criminals. The chatter within their group helps the state to be ready for what is coming: we need cyber intelligence. 
 
Do you think companies should have ethical hackers on their pay rolls? 
 
I have an issue with the term “ethical hackers” because legally this isn’t right: those are two contradictory terms put together. People who use these terms are either doing it for branding purpose or are students. Companies should opt for services by cyber security researchers. 
 
Are India’s cyber laws equipped to handle such large-scale attacks?
 
No. Laws can be invoked when prima facie evidence is found against criminals and investigation can be completed if attribution to a criminal is possible. The legal framework to help enforcement agencies in India has serious flaws. Large-scale cyber attacks need multiple law and enforcement agencies to work together along with CERT-In (Indian Computer Emergency Response Team), but the protocol for this is yet to be developed. 
 
In the future, cyber attacks are going to affect government facilities meant for citizens: like centres for health, water etcetera. Even municipalities should coordinate with the aforementioned agencies to avoid mass scale civil disruption from cyber attacks.

Navy man in Jail for 2 years for Child Pornography, cyber crime in India

Navy man gets 2 years Jail for Child Pornography, cyber crime in India : Cyber crime conviction
By Prashant Mali

In the case of Dilip Kumar Vs State of Telangana 

the accused (who is working in Navy then) is convicted for two years rigorous imprisonment and Rs 15,000 fine.

The story:

Accused has same Family name "Sinha" as the Victim from Hyderabad. Accused, a Navy Personnel belong to State of Bihar and was posted on INS Shikra, Mumbai. Accused had sent a facebook request to this victim minor girl, who also happens to be a child of high ranking defence personnel . The victim after finding the same surname was obliged to accept the facebook friend request. Accused then proposes the victim minor girl for a online relationship, to which she refuses. Accuses starts enticing and harassing the victim by sending her obscene, vulgar, abusing and insulting chat messages. Victim then confides this to her parent, who also tries to persuade the accused not to repeat such actions, but the accused remains adamant. The complaint is filed with the police and the cyber crime wing, CID of Telangana Police (Then AP Police) investigates the crime, to find the accused to be an Indian Navy man.

The Court Proceedings and Order :

Pronouncing judgment today, after examining 11 prosecution witnesses, including outstation witnesses, FSL experts etc., Hon,ble I^st Addl Chief Metropolitan Magistrate, Hon’ble Moka Suvarna Raju (I/c VI ACMM Court) at Nampally convicted the accused to undergo rigorous imprisonment (RI) for 2 years concurrently and Rs. 15,000/- fine for the offences punishable under Sections 67, 67-B (c) (d) of The Information Technology Act 2000 (Cyber Law) and Section 509 of The Indian Penal Code.The case was investigated and trial was monitored by B. Ravi Kumar Reddy, Inspector of Police, Cyber Crimes, CID.

Other Facts of the Case :

1. Certificate under Section 65B was not used in the said case, instead of this prosecution an court relied on confession of accused under section 313 of CRPC. The confession was that the facebook account belongs to himself.

Prosecution relied on forensics report of Victims computer where enticing and abusing text was found in the facebook conversation.

2. There was sexually explicit pictures or videos sent (transmitted), it was pure text messages.

3. Accused by himself went to High Court and got a order to expedite the matter, it was his mistake and why was he misguided ? still remains the Question.

4.This was a rare case where in 2010, evidence was asked from California office of Facebook and they had responded positively to Indian police.

5. This is 24th conviction in a cyber crime matter, in the state of Telangana in India.

My comments & Analysis of the Judgement :

I congratulate the team of Telangana police and Government Lawyers for the conviction, as getting more convictions in cyber crime matter is the need of the hour. I would also congratulate Mr. U.Ramamohan Superintendent of Police, Cyber Crimes in CID AP Hyderabad.  As a defence lawyer, i would say that if lower judiciary only has acted under pressure of the higher courts order, then appreciation of the evidence would not have been done satisfactorily and the accused can be left scot free if he goes in appeal. I also see this is not an isolated case from defence forces, where some sexually frustrated defence personnel try to find relationships online. They feel they are behind the secure wall of defence organisations. An awareness training in the defence induction with example of such cases is the need of the hour. Personnel from Navy may be separated on a high sea from civilians on land, but they should remember cyber space has no boundary and cyber crimes today are investigated by sophisticated police officers. So Janata should not go on their uniform or the old perception about them.
Advice for Common Man : Don't talk Dirty Online with Girls below age of 18 Years.

Analysis of The Judgement Delivered : (This Para added on 6th April)
While Analysing the judgment some startling revelations happened to me about the judge being naive or not updated.
1. The Hon. Court has erred in punishing the accused under a section 66A of The IT Act,2000 which was stuck down by the Hon. Supreme Court in Shreya Singhal v. Union Of India [AIR 2015 SC 1523]
2. The Hon. Court has not appreciated the fact that prosecution 
had failed to confiscate Hard Disk from the computer allegedly 
used by the accused in the cyber cafe and thus was not 
available for further digital forensics examination.
3. The Hon. Court in order to ascertain the location of the 
accused on the date of crime has not appreciated the evidence
of "Call Data Record" of the accused mobile phone number , 
which the prosecution has failed to produce 
4. The Hon. Court has failed to appreciate the fact the facebook 
thou have replied to prosecution, but have not revealed 
the ip address, which binds the computer to the accused 
or his location.
5. Certificate under Section 65(B) as required by The Indian 
Evidence Act was not furnished by the prosecution. 
The effect of the same on the evidence thus produced 
was not appreciated the Hon. Court.
6. In my personal view in the age of Information Technology
concluding that the accused was present on the crime location 
only based on statements of witness doesnt sound fair and 
still raises doubts,
7. Accused agreeing that the profile and email belongs to him 
doesn't bind to crime, it just binds him to the weapon of crime.
8. Hon. Court has failed to appreciate the fact that The screenshot of the girl's Facebook profile shows the birthday written there is 19 Aug 1990, which makes her Adult at the time of Crime, whoever wants to send her friend request or chat. She May have faked her Birthday. This gives benefit of doubt in the favour of the accused 
Laws and Sections used
Offences under Information Technology Act 2000.

 67A. Punishment for publishing or transmitting of material containing sexually explicit act, etc. in electronic form. – Whoever publishes or transmits or causes to be published or transmitted in the electronic form any material which contains sexually explicit act or conduct shall be punished on first conviction with imprisonment of either description for a term which may extend to five years and with fine which may extend to ten lakh rupees and in the event of second or subsequent conviction with imprisonment of either description for a term which may extend to seven years and also with fine which may extend to ten lakh rupees.

67B. Punishment for publishing or transmitting of material depicting children in sexually explicit act, etc. in electronic form.- Whoever,-

(a) publishes or transmits or causes to be published or transmitted material in any electronic form which depicts children engaged in sexually explicit act or conduct or

(b) creates text or digital images, collects, seeks, browses, downloads, advertises, promotes, exchanges or distributes material in any electronic form depicting children in obscene or indecent or sexually explicit manner or

(c) cultivates, entices or induces children to online relationship with one or more children for and on sexually explicit act or in a manner that may offend a reasonable adult on the computer resource or
(d) facilitates abusing children online or
(e) records in any electronic form own abuse or that of others pertaining to sexually explicit act with children, shall be punished on first conviction with imprisonment of either description for a term which may extend to five years and with a fine which may extend to ten lakh rupees and in the event of second or subsequent conviction with imprisonment of either description for a term which may extend to seven years and also with fine which may extend to ten lakh rupees:
Provided that the provisions of section 67, section 67A and this section does not extend to any book, pamphlet, paper, writing, drawing, painting, representation or figure in electronic form-

(i) The publication of which is proved to be justified as being for the public good on the ground that such book, pamphlet, paper writing, drawing, painting, representation or figure is in the interest of science, literature, art or learning or other objects of general concern; or
(ii) which is kept or used for bonafide heritage or religious purposes
Explanation: For the purposes of this section, “children” means a person who has not completed the age of 18 years.

Section 509 of The IPC.  Word, gesture or act intended to insult the modesty of a woman

Whoever, intending to insult the modesty of any woman, utters any word, makes any sound or gesture, or exhibits any object, intending that such word or sound shall be heard, or that such gesture or object shall be seen, by such woman, or intrudes upon the privacy of such woman, shall be punished with simple imprisonment for a term which may extend to three years, and also with fine

Section 313 of The Code Of Criminal Procedure, 1973

313. Power to examine the accused.

(1) In every inquiry or trial, for the purpose of enabling the accused personally to explain any circumstances appearing in the evidence against him, the Court-

(a) may at any stage, without previously warning the accused, put such questions to him as the Court considers necessary;

(b) shall, after the witnesses for the prosecution have been examined and before he is called on for his defence, question him generally on the case: Provided that in a summons- case, where the Court has dispensed with the personal attendance of the accused, it may also dispense with his examination under clause (b).

(2) No oath shall be administered to the accused when he is examined under sub- section (1).

(3) The accused shall not render himself liable to punishment by refusing to answer such questions, or by giving false answers to them.

(4) The answers given by the accused may be taken into consideration in such inquiry or trial, and put in evidence for or against him in any other inquiry into, or trial for, any other offence which such answers may tend to show he has committed.

Old headless CAT Going TDSAT Coming, The IT Act, 2000 is amended

Old headless CAT Going TDSAT Coming, The IT Act, 2000 is amended

By Advocate Prashant Mali, Cyber Law Expert

The government’s in response to a February 2015 report of a parliamentary standing committee that noted the absence of uniformity in the conditions of service of tribunals.  Government planned a large-scale reshuffle of tribunals, the government sought to reduce the number of these tribunals and bring parity in the service conditions of their officials.

CAT (Cyber Appellate Tribunal) From 2011, has barely been functioning. It still pays out salaries to its employees but no judicial order has been passed nor has any case been heard for the last five years. A CAG audit had noted that after the retirement of the CAT’s last chairperson in June 2011, there has been no replacement appointed as of June 2016. However, members  and other staff continued to render services in the CAT since then and expenditure of Rs. 27.64 crore were incurred on its establishment for the period from 2011-12 to 2015-16 without carrying out its primary business of hearing and disposal of appeals. After a huge big GAP the matters now are transferred to National Lok Adalat on 8th April 2017 from the Cyber Appeallate Tribunal.

The IT Act, 2000 is getting amended by The Finance Bill 2017, following are the changes

A new clause (da) is added under Section 2, in sub-section(1) (da) “Appellate Tribunal” means the appellate tribunal referred to in sub-section(1) of section 48

2.  The definition of “Cyber Appellate Tribunal” clause(n) under Section 2, in sub-section(1) is omitted

In section 48 of The Information Technology Act,2000

(i)            For the marginal heading, the following marginal heading shall be substituted, namely:-

“Appellate Tribunal”;

(ii)          For sub-section (1), the following sub-section shall be substituted, namely:-

“(1) The Telecom Disputes Settlement and Appellate Tribunal established under section 14 of the Telecom Regulatory Authority of India Act, 1997 shall, on and from the commencement of Part XI of Chapter VI of the Finance Act, 2017, be the Appellate Tribunal for the purposes of this Act and the said Appellate Tribunal shall exercise the jurisdiction, powers and authority conferred on it by or under this Act.”

(iii)         In sub-section (2), for the words, brackets and figure “shall also specify, in the notification referred io in sub-section (1)”, the words “shall specify, by notification” shall be substituted;

(d)      Sections 49, 50, 21, 52, 51A, 52B, 52C, 53, 54 and 56 shall be omitted.

(e)      for section 82, the following section shall be substituted, namely:-

“82.    The controller, the Deputy Controller and the Assistant Controllers shall be deemed to be public servants within the meaning of section 21 of the Indian Penal Code”;

(f)        in section 84, for the words “the Chairperson, Members, adjudicating officers and the staff of the  Cyber Appellate Tribunal”, the words “and adjudicating officers” shall be substituted;

(g)      in section 87, in sub-section (2), clauses (r), (s) and (t) shall be omitted;

Four important changes in Finance Bill 2017 with regards to Tribunals are:

1.    The Competition Appellate Tribunal will now be merged with the National Company Law Appellate Tribunal.

2.    The Cyber Appellate Tribunal and the Airports Economic Regulatory Authority Appellate Tribunal will be merged with the Telecom Disputes Settlement and Appellate Tribunal.

3.    The Industrial Tribunal is to also perform the functions of the Employees’ Provident Funds Appellate Tribunal.

4.    The Copyright Board will be merged with the Intellectual Property Appellate Board.

My Comments & Suggestions for TDSAT:

I welcome the move as the dud “Cyber Appellate Tribunal” never worked and was a black spot on cyber related litigation's. I suggest changes would be

A.   Having a Cyber expert as a full time member in the tribunal or atleast as amicus curae.

B.   Having a fixed date for the bench to sit

C.   Having the bench of TDSAT sitting in cities like Mumbai, Bangalore, Hyderabad e.t.c

D.   TDSAT should use the same online platform which Cyber Appellate Tribunal was using for filing of online appeals with documents.

E.   TDSAT should do some extra work to be a vigilante on all the state Adjudication officers, which are as of date in deep lumbar state.

F.    TDSAT should lead the training and awareness initiative in the cyber area across the country.

G. There should be clarity of appeals which lie from the TDSAT, whether to a High Court or directly Supreme Court