O C TO B E R 2 0 1 1

Regulation of the Cloud in India
By Patrick S. Ryan, Ronak Merchant, and Sarah Falvey


t is popular to make claims that the “new” movement of data to the “cloud” requires heightened attention from lawmakers and regulators. These calls for attention are based on beliefs that people are entrusting their information to third parties in ways that were never previously contemplated, and that new laws must be enacted in order to protect everyone’s privacy. The theory is often stated this way: without swift action, cloud computing will result in significant privacy breaches that will harm consumers. While it is reasonable for regulators to be wary of the increased reliance on third parties as the world becomes more digital, it is a mistake for regulators to assume that cloud computing (and its privacy and security challenges) are new. It also is a mistake to assume that cloud computing is inherently less secure than data stored on individual computers. In fact, cloud computing has been the aspiration of leading thinkers since the 1950s, and the development of the cloud has taken a similarly

progressive path as the development of the Internet itself. It is risky to attempt to regulate the cloud separately as well as to assume that the “cloud” can be controlled in a different manner from the flow of data on the Internet. Because computation in the cloud is no different from use of the Internet itself, it is not readily feasible or practical to cage and confine data flows within the cloud in a way that is substantially different from the flow of worldwide information generally. For this reason, regulatory frameworks should not be sui generis or custom tailored for the cloud and, instead, should leverage or update existing laws that are already in place. This article proposes a regulatory model for the cloud and shows how this model can be applied to India. Continued on page 7
REGULATION OF THE CLOUD IN INDIA . . . . . . . . . 1 By Patrick S. Ryan, Ronak Merchant, and Sarah Falvey PROTECT IP ACT: ONE APPROACH TO DEALING WITH INTERNET PIRACY . . . . . . . . . . . .3 By Michelle Sherman VARIOUS COURT RULINGS ON INTERNET COMMERCE TAXATION. . . . . . . . . . . . . . . . . . . . . . . . . . 18 By James G. S. Yang

Patrick S. Ryan, PhD, is Policy Counsel, Open Internet at Google Inc. and Adjunct Professor in the Interdisciplinary Telecommunications Program at the University of Colorado at Boulder, CO. Ronak Merchant is a research assistant at the Interdisciplinary Telecommunications Program at the University of Colorado at Boulder, CO and holds a B.E. from the University of Mumbai, and an MS from the University of Colorado at Boulder. Sarah Falvey is Senior Policy Analyst at Google Inc, and holds a BA from Hamilton College and an MA in International Relations and an MPA from Syracuse University. The authors are grateful for comments and input to earlier versions of this draft from Venkatesh Hariharan, Raman Jit Singh Chima, Pradeep Agarwal, and Nicklas Lundblad.

Electronic copy available at:

Davidson Leonard. NY 10011. London. If legal advice or other professional assistance is required. of Ottawa Law School Goodman Phillips & Vineberg. the services of a competent professional person should be sought. CA Hilary Pearson Bird & Bird London. LLP Beverly Hills. Saffer Asst. New York. Lease EDITORIAL OFFICES 400 Hamilton Avenue Palo Alto. Spelman Steinhart & Falconer. Linder Wiley. CA Roszel Thomsen. CA Ronald S. LLP San Francisco. NY Prof. CA Jeffrey S. MN Postmaster: Send address changes to JOURNAL OF INTERNET LAW. LLP New York. please contact Wright’s Media at 1. CA Eric J. Scholer. This publication is designed to provide accurate and authoritative information in regard to the subject matter covered. Judith M. D. Dick C. WA Joel R. CA Executive Managing Editor Robert V. Slate. NY Thomas Raab Wessing Berenberg-Gossler Zimmerman Lange Munich. Cook. CA Katherine C. NJ Christopher Millard Clifford Chance London. All rights reserved.877-652-5295 or go to the Wright’s Media Web site at . General Counsel Broadcast Music. Laurie Skadden. Mountain View. Telephone: 212-771-0600.JO U R N A L O F Internet Law EDITORIAL BOARD Constance Bagley Associate Professor of Business Administration. van Engelen Stibbe Simont Monahan Duhot New York. France Stephen J. Fierman. CA Jon A. Barry Wilson. To subscribe. Goodrich & Rosati Palo Alto. Hertz & Béjot Paris. DC David Phillips CEO. Sinrod Duane. NY Allen R. Phelps & Phillips Palo Alto. Gervaise Davis III Davis & Schroeder. New York. Hergott. Inc. Purchasing reprints: For customized article reprints. CA 94301 (650) 328-6561 76 Ninth Avenue New York. Tanenbaum Kaye. II Thomsen and Burke. Inc. England MaryBeth Peters U. Wolfson Assoc. Gray Cary or its attorneys or clients. The opinions expressed are for the purpose of fostering productive discussions of legal issues. Electronic copy available at: http://ssrn. Frederick. Hayes Fenwick & West LLP Palo Alto. Arps. Radcliffe DLA Piper Palo Alto. Thompson Bloom. Redmond.J. Diemer & Klein. CA Morton David Goldberg Schwab Goldberg Price & Dannay New York. Trotter Hardy School of Law The College of William & Mary Peter Harter Security. French Vicky Lee Peter Leal Jim Nelson Scott Pink Allyn Taylor Vincent Sanchez Patrick Van Eecke Jim Vickery DLA Piper Thomas Jansen Nils Arne Gronlie Kit Burden Mark O' Connor Hajime Iwaki Mark Crichard Director. Sonsini. Pamela Samuelson Boalt Hall School of Law University of California at Berkeley William Schwartz Morrison & Foerster San Francisco. call 1-800-638-8437. P. Ballen Schwartz & Ballen Washington. Nimmer Univ. Orange. Katz Manatt. iCrunch Ltd. DC Charles R. or other professional services. call 1-800-234-1660. —From a Declaration of Principles jointly adopted by a Committee of the American Bar Association and a Committee of Publishers and Associations. Single issue price: $55. accounting. NY Richard D. DC Ian C. Hays & Handler. Street and Deinard Minneapolis. D. Ray T. Rockower Editor-in-Chief Mark F. DC Copyright © 2011 CCH Incorporated. Viacore. General Counsel Blank Rome Comisky & McCauley LLP Washington. Baumgarten Proskauer Rose Washington.A.S. Ballon Greenberg Traurig. CA Prof. Aspen Publishers. LLP Palo Alto. CA David L. Toronto. CA Ronald S. LLP Washington. Dorney DLA Piper Associate Editors Gigi Cheah Elizabeth Eisner Ann Ford Thomas M. Germany Lewis Rose Collier Shannon Scott PLLC Washington. Rein & Fielding Washington. Newsletters Susan Gruesser Managing Editor Jayne K. 7201 McKinney Circle. Michael Geist U.wrightsmedia. England Prof. England Michael Pollack General Counsel Elektra Entertainment New York. LLP Santa Monica Henry V. NY Colette Vogele Microsoft Corp.C. NY 10011 (212) 771-0600 JOURNAL OF INTERNET LAW (ISSN# 1094-2904) is published monthly by Aspen Publishers. Sunnyvale. In no event may these opinions be attributed to the authors’ firms or clients or to DLA Piper Rudnick. CA Edmund Fish General Counsel Intertrust. It is sold with the understanding that the publisher is not engaged in rendering legal. Harvard Business School Robert G. CA William A. MD 21704. CA Prof. Register of Copyrights Washington. BOARD OF EDITORS Founder David B. Monterey.C. Meagher & Flom. Morris & Hecksher LLP San Francisco. Hale Executive Editor Maureen S. of Houston Law Center Lee Patch General Counsel Sun Microsystems’ JavaSoft Division Mountain View. 76 Ninth Avenue. One year subscription (12 issues) price: $552.C. Merrill McCarter & English Newark. Grogan General Counsel. Inc. DC Michel Béjot Bernard. For customer service.

the French had laws and codes that governed publications in the press and certain audio-visual communications.6 Because the Minitel was a “pay for use” cloud-based system. As with any good thinker who is ahead of his time. Grosch was partially wrong. that migration to centralized computing would happen because of the need to leverage economies of scale coupled with the need to invest in massive data processing centers. Mr. For example. The terminals were inexpensive to manufacture and maintain and so consumers shared these costs among themselves and therefore were given to consumers for little or no capital expense. because rather than passing new laws to control or contain the type of information that was exchanged on the Minitel cloud.5 his theory of supercomputing with dumb terminals. government-controlled cloud) would prevail.2 Grosch expressed his theory as follows: “I believe that there is a fundamental rule…giving added economy only as the square root of the increase in speed—that is to do a calculation ten times as cheaply you must do it one hundred times as fast. essentially. the French chose to leverage existing laws. So. The Minitel was widely adopted and used.7 It is one of the first examples of mass deployments of cloud services (also called “utility computing. centralized data centers rather than an over-reliance on storage in end units. and there was no accompanying 7 . for the past 30 years. is the root of cloud computing.1 For nearly two decades. His law held rein for nearly three decades. he was correct in his assumption that significant economies of scale and efficiencies could be achieved by relying on massive. and broad exchanges of information in large data centers.11 Naturally. essentially. THE MINITEL The Minitel was designed in the 1970s and allowed the public in France to use their telephone network to access a number of interactive databases. Indeed.” in this case because of its link to France Telecom—the telephone utility. while governments will always be faced with new issues and challenges. Indeed. While Grosch was wrong about the cost model of cloud computing. Grosch’s observations highlight that the debate around the theories of cloud computing have been taking place for more than 50 years.”3 This argument has been interpreted to mean that the natural technological evolution would lead to “supercomputing” as a norm and. it enabled France to be wired much earlier than the rest of the world. like modern cloud computing. the French consumer has been involved in significant use of cloud services that included bank transactions.4 Those that claim that Grosch was wrong called for the “repeal” of Grosch’s Law as other more accurate cost models came to light. and to provide offers. and partially right. and other details. because the unanticipated “killer app” for the Minitel was erotic chats (which made the government uncomfortable as the system’s sponsor).8 As late as 1995. there were some hiccups when the exchange of certain kinds of information became controversial. there was considerable debate as to whether the Internet (a decentralized cloud-based system) or the Minitel (a centralized.” Herbert Grosch developed this “law” more than 60 years ago based on an assumption that computing increased by the square of its cost.October 2011 J O U R N A L O F I N T E R N E T L AW Regulation of the Cloud in India Continued from page 1 G R O S C H ’ S L AW The development of cloud computing is as old as computing itself. a number of “dumb” Minitel terminals are still available for installation and use in France.12 However. the world’s leading thinkers within the area of cloud computing are just as old as the theories of computing themselves. this theory was enshrined and endowed with the character of a law of nature in a concept known as “Grosch’s Law. interactive databases. it is important that when contemplating any regulatory framework to step back and examine how the specific technology has evolved in relation to other industries. and the cases that dealt with civil and criminal liability issues within the Minitel cloud relied on these rules to ensure consumer protection while at the same time allowing the service to flourish.10 The French adoption of the Minitel is illustrative for modern cloud-computing. chat fora. the Minitel cloud brought tremendous value to the French economy due to the ability for small and medium-sized businesses to exchange information. while Grosch’s cost model was wrong (now replaced by Moore’s Law).) Although the Minitel largely has been replaced by the Internet.9 Thus. directions.

weddings. today this is often done as a complement to the storage of the same email in the cloud. Evernote is a service that allows users to “capture anything. it is worth exploring the various manifestations of offerings to show how widespread the adoption has been. Simply stated. the term is still used because it is entrenched in the common of the technology. AOL. T H E C L O U D I S E V E RY W H E R E Governments. to make vacation plans. that is not the way that the architecture of the Internet was developed. sharing. SaaS along with other categories not yet defined. including Gmail. Computer programmers and entrepreneurs have turned the cloud into a vast offering of very real products. and real-time collaboration tools for small businesses. there is simply no way to impose such a requirement on the thousands of other cloud-based email providers. thus making these distinctions essentially irrelevant. the cloud computing space is too dynamic to divide into three neat categories. etc.14 All a company needs to do is to purchase a simple Linux computer and an Internet connection—and that company is now a cloud-based email provider. and compartmentalize the three relatively abstract concepts of Infrastructure as a Service (IaaS).15 For example. such as Hotmail. and this is why several global providers are popular. Gmail.”13 So.17 Similarly. contacts. cloud computing is not a single. 37Signals. Most services that businesses and consumers use cut across all categories to some extent. because of these varying models and platforms. Platform as a Service (PaaS) and Software as a Service (SaaS) that make up the cannon of cloud computing offerings. The methodology that 37Signals employs (espousing cloud-based tools to empower businesses) has lead to two best-selling business books. were to comply by hosting some of its servers in a given country. In other words. there is no effective way to require. While it is of course still possible for companies and consumers to place their email on their laptops or desktops. There is no “the cloud. As the Software & Information Industry Association has recently described in its White Paper for Policymakers (SIIA Cloud White Paper). which means that the core software to run an enterprise-class Web-mail server can be obtained for no cost. With so many offerings available. Rediff Mail. Lycos Mail. or AOL. For example. even if a large cloud-based email provider. For purposes of elucidation. Therefore regulations (such as those in Europe) that require data be stored within certain geographical boundaries are not practically enforceable. to make business plans. that all the world’s cloud services store their data in any given country. while the concept of the “cloud” has been blurred with the Internet for some time (arguably long before the concept of the Internet even existed). Getting Real and ReWork. and such. CLOUD EMAIL There are thousands—if not millions—of companies that provide separately branded cloudbased email services. unitary thing. Hotmail. PaaS. Literature and papers on cloud often go to great lengths to describe. and contrary to the common term.16 offers project-management software. and it is not the way that email and other cloud-based services work. Still.” and “access anywhere. “cloud computing” resists practical definition for common treatment by law and regulation. parties. there are economies of scope that can apply to large email hosting companies. across-the-board. There is currently a very low 8 barrier-to-entry for this market because web-based email is now available as an open-source platform. CLOUD-BASED BUSINESS AND PERSONAL ORGANIZATIONAL TOOLS Thousands of cloud-based opportunities are available in order to help individuals and businesses aggregate their use of the Web. users. users can sign up for multiple email accounts from any email service around the world. and regulators often think of cloud computing in a very narrow way. segregate. While these concepts once served the purpose of providing a framework for thought. the small-business collaborative suite. Yet. remember everything. often integrating unique and novel combinations of IaaS.”18 This service aggregates information from .J O U R N A L O F I N T E R N E T L AW October 2011 set of cloud-based regulations that accompanied that use. it is useful to provide a brief illustrative survey of cloud offerings in order to illustrate width and depth of the ecosystem in the discussions below.

hosting. Google Apps. work on mobile devices such as BlackBerry and iPhone. plane tickets. Xero. allows people to plan parties. In addition to the value-added services. Evite. E-COMMERCE The cloud can enable businesses to set up a completely virtual business presence without the need for any infrastructure.” Cloud-based banking products include Quicken. Amazon S3. for example. Wesabe. social gatherings of all kinds. Almost all banks offer users the opportunity to complete online payment transfers. and many others.22 SOCIAL NETWORKING.0. they are in the cloud.23 The rationale for this valuation is not just based on consumer usage it’s the vast amount of information contained within the Facebook cloud—and the value that businesses and users place on it. Recent market valuations of the well-known site Facebook have cited the value of the upcoming IPO as high as $100 Billion. and in many cases. there are a number of services that offer “hard-drive replacement” in the cloud.0” services that empower people to compute from any device. Google Calendar (shared calendaring). there simply isn’t a need to maintain paper banking records at all. there are several more excellent cloud-based collaboration suites that offer the opportunity for companies to share their most important data with each other and with customers. with virtual opportunities for file sharing. and other materials. weddings. Flickr.21 If it appears that the lines are blurred between cloud-based services as those described above and the Internet itself—that’s because there are no lines! The “Web 2. it has completely replaced the need to either visit a physical bank branch or to keep paper-based transactions—in many countries.October 2011 J O U R N A L O F I N T E R N E T L AW users and businesses. MoneyStrands. taxes. Google Sites (team site creation and publishing). user support) to artisans and Small and Medium Enterprises (SMEs) worldwide that includes catalogs managed by Google spreadsheets. The most valuable family photos are no longer stored away in an album or shoe box. for example. Apple Mail.24 9 .19 One of the most popular travel/organization tools is Tripit. and more. pay bills. BANKING AND MONEY MANAGEMENT Most banking happens in the cloud. Expensr.20 Finally. Many of these suites either integrate data with or share data in some way with other cloud-based suites that can help with tax preparation and filing. and to interact with any business and with each other bring tremendous value to businesses and individuals. in a trend that has been called “Banking 2. which helps travelers organize and track travel. AND STORAGE Social networking is big business. Additionally. such that individuals and businesses can practically maintain all of their records—daily transactions. Apples’ iCloud. is an enterprise-ready suite of applications that includes Gmail. discussion boards. Dropbox. Egnyte. through services such as Yelp. JungleDisk. Amazon and Ebay offer “virtual storefronts” that enable cloud-based presentation. and others. These Web-based services can be securely accessed from any browser. notes. including photos. and other activities. and integrate with other popular email systems such as Microsoft Outlook. Geezeo. images stored on Picasa Web Albums and payments by Google Checkout. One of the best known invitation-services. purchase and sell stocks. Additionally. such as TurboTax. work spaces and other collaborative tools. research. stored on sites such as Picasa. stock trades—all via the cloud. the banking and financial ecosystem has completely moved to the cloud. users and businesses collaborate in the cloud to rate and share information on businesses. all on Evernote’s servers. PHOTOS. secure sharing of video content). such as Huddle. In sum. search. and boasts more than 25. Mint. and Google Video (easy. OFFICE SOFTWARE TOOLS Companies such as Google offer a broad base of business productivity tools and office-software replacements in the cloud. Google Docs and Spreadsheets (online document hosting and collaboration). there are several suites of cloud-based services that help individuals and businesses manage their money. Products such as Google Apps have powered companies such as OpenEntry. anywhere. and payment processing and delivery. advertising. which offers free e-commerce catalogs (software. financial planning.000 invitations sent each hour. Snapfish and many other locations.

which seeks to set specific security and privacy measures. hurt users and risk creating multiple bifurcated Internets. and matters of privacy. or reducing the quality of their services. One striking example is the • • • adoption of important eBusiness applications in the United States which was greatly hampered in the European Union due to their desire to introduce technology-specific mandates. Governments should avoid requirements for in-country servers. often citing national security. and freedom from vendor lock-in. specific legislation that purports to cover “the cloud. Some companies have worked actively to develop principles that would single out cloud computing as a unique area within broader Internet legislation. In order to avoid these problems. However.27 Vendor lock-in quells competition and enables a system. India seems to be at the forefront of most 10 . The genius of the Internet has always been its open infrastructure. legislation typically prescribes a type of technology (such as encryption) rather than a particular end (protection of data). as described previously. Additionally. Interoperability. and focuses efforts on developing or deploying at the standards level in order to disadvantage cloud services. Ensuring that any legislation remains technology neutral is essential to ensure the continued development of any burgeoning technology space or market and there are many examples of situations where a counter approach actually quells the evolution of the technological space. ranging from desires to control the environment. Data Portability. where government procurement contracts favor legacy software providers. consumer protection. these authors support the increasing consensus from industry that existing legislation should be leveraged rather than enacting new. One example in the United States of potentially prescriptive legislation is the proposed Cloud Computing Act of 2011. the cloud ecosystem is a complex one that features many new players and opportunities for the market.S. Cybersecurity Standards.28 I M P O RTA N C E O F T H E CLOUD FOR INDIA As one of the fastest growing economies in the world. while the U. thus ensuring portability. The interoperability of the Internet itself has allowed for its growth and evolution to be global and ubiquitous and cloud computing is no different. resulting in favoring proprietary standards.J O U R N A L O F I N T E R N E T L AW October 2011 L E G I S L AT I V E A P P R OAC H Legislators and regulators have myriad concerns. and transparency mandates that would apply only to a cloud environment and not to other forms of computing. the ability to exchange and use information between cloud computing products and services. Governments should embrace a global approach to cybersecruity that seeks international consensus on standards and that recognize that data can be protected and safe regardless of where it is located. which caused the eSignatures market in Europe to flat line for close to a decade. which allows anyone with a connection to communicate with anyone else on the network.25 For this reason. cloud legislation should have the following characteristics: • Technology Neutrality. Measures that force Internet companies to choose between taking actions that harm the open web. interoperability. This can only be achieved through the development and implementation of open standards.”26 The problem with new legislation is that it tries to ascribe a one-size fits all approach to cloud and Internet regulation. legislation should avoid: • Localization Requirements. in other words. for example. market continued to grow and innovate. which could impede competition in this area. Interoperability. Cloud computing services should make use of open standard protocols and formats such that users have unfettered access to their data and meta-data. Legislation should not allow for the creation of private and/or isolated clouds where user data cannot be moved to another platform. definitions. It also provides for patent and copyright protections that disproportionately benefit software-based products. is necessary for the development of unfettered competition between vendors and unrestricted choice for users. This often leads to vendor lockin for large companies. Any legislation should treat cloud computing as any other form of computing and not specifically regulate it based on the premise that cloud computing is something new or threatening.

cloud computing has a particular advantage for a growing economy like India. UTV signed a five year deal with IBM wherein IBM would provide various business transformation initiatives to UTV. Indian Enterprises have been faced with ebbs and flows in workflow for the past few years and this trend is expected to continue for the foreseeable future. The Government of India estimates that the use of the private cloud model by two or more states could result in savings of up to 50 percent in the 1.31 ADOPTION OF CLOUD BY THE INDIAN PUBLIC SECTOR One of the striking features about cloud computing is that it presents benefits to every aspect of India’s economy including but not limited to SMEs. 2010. For this reason.30 One recent article in Dataquest hailed cloud computing as one of the most significant and important areas for investment in India. the trend is on the rise. the Delhi Public School has over five thousand students and three hundred staff members.378 crore rupees allocated for state data center projects. IYC opted to move its more than 28.33 The IYC plans to use this service to replace customized messaging solutions in its 300 locations across the country.36 In January. it balances the ebbs and flows in the workflow without significant impacts to the company’s bottom line. there were practically zero initial costs incurred. Indian Youth Congress The Indian Youth Congress (IYC) is the official youth wing of the Indian National Congress and one of the largest youth organizations in the world. a broadcasting company in India that combines television and game content. storage. Delhi Public School One of oldest schools in the country. After evaluating a number of solutions for email and collaboration. Going forward the organization will integrate its existing proprietary applications with Google Apps along with using it for routine reporting and communication. and the Government of India. and upgrades of business applications.35 However.000 elected officials and volunteers to Google Apps for Business. First.34 The collaborative capabilities of Google Apps will help IYC deliver on its mission of transparent and democratic participation and empower its members to work for local development in India using technology. For these reasons. State of Jammu & Kashmir The State Government of Jammu & Kashmir has adopted cloud computing for its e-governance services. and are based on much of the good work that the Telecom Regulatory Authority of India (TRAI) has completed by promoting strong broadband policies. and recruitment services for citizens. birth/death certificates.29 The adoption rates of cloud computing technologies in India are fast. Second. In order to roll out these services. In addition. this was accomplished when the school started using Microsoft’s Live@edu service. the cloud allows an enterprise to focus on its core competencies by allowing the cloud provider to deal with all of the hassles involved with the development. Although there has been very limited adoption of the cloud technology in the Indian public sector.October 2011 J O U R N A L O F I N T E R N E T L AW technological developments and cloud computing is no exception. Broadcasting Another example of the use of cloud computing in India is by UTV Software Communications. There are a few notable adoptions of cloud systems from various entities that are worth mentioning.32 These services include cloud based ration cards. the education system (such as schools and universities). The use of this cloud computing model allowed the Government to actually implement these services in the extremely small time frame of just 60 days. 11 . maintenance. the spare infrastructure from the data centers in Madhya Pradesh was used. citing a Gartner study that states that cloud computing will account for 5 percent of the total investments in India by 2015. experts predict that the cloud computing market in India will grow at a compound annual growth rate of 40 percent by 2014. a major part of which was the iNotes cloud email service. The use of this cloud service has not only enabled easier and faster intra-school communication but also improved parent teacher interaction. The landscape is a competitive one and many companies are competing for the business. Implementations such as the one in Jammu and Kashmir are indicative of adoptions in the future. and the cost of deploying a school wide messaging solution seemed to be a distant goal.

governments. Additionally.41 Sterlite decided to move to a cloud service because manageability and cost value for an on premise messaging solution were a major concern. no industry.7 million persons over 26. lower capital expenditure on hardware and software make cloud computing an extremely viable option for most SMEs.” These online platforms have allowed Indian SMEs to tap International customers in an extremely convenient. integral ways to do business and communicate in India. A review of a few short cases in India in related contexts that involve cybercrime show that the investigative and judicial system has been quite effective at prosecuting criminals without the need for new laws. and Voice over Internet Protocol (VoIP) telephony. Sterlite is not an SME rather it is quite large and is one of three global manufacturers of power conductors and among the top five global manufacturers of optical fiber and cables. and France. and profitable way. on-premise solution for the majority of their employees. These applications have become. which was designed to shed light on the online selling and buying behavior in India. or even their homes. any remote offices. SMEs contribute towards 45 percent of the manufacturing output and 40 percent of the total export of the country. A brief review of three applications of cloud computing outside of the office/productivity context will give a better understanding of how the regulatory framework in India has previously worked for cloud computing.40 SMEs IT requirements are oftentimes not as complicated and extensive as those of large enterprises. business. or person is completely safe from crime. craftsmen in Ludhiana regularly export golf clubs to international eBayers in the United States. the ecosystem is both wide and deep: there are many different providers of cloud-based services. and companies with multiple locations to use cloud based services as employees can then operate from the main office. Sterilite moved more than 1000 employees to the Google cloud solution. minimum risk. SMEs are one of the most aggressive segments in India to adopt cloud computing.42 The Indian call center market is another industry segment that has benefited from the use of cloudbased services. . Germany.1 million enterprises. SMEs usually find it easier to outsource these functions to a cloud provider and focus on their core business. cloud computing and its applications such as VoIP have a key role to play in this market. The low barrier to entry. and fax queries using the same portal. facilitation of teleworking for the local call center staff. or are in the process of becoming. including several well-recognized names.J O U R N A L O F I N T E R N E T L AW October 2011 A compelling explanation for why cloud based services are a boon for the public sector in India is that it is a “pay as you use” model. instant messaging. meaning that they are more flexible enhancing their ability to leverage emerging technologies more readily than larger enterprises.39 One of the chief reasons that SMEs look at e-commerce offerings through such portals is because of business convenience. such as low personnel costs. ADOPTION OF CLOUD BY SMES SMEs play a very important role in developing the overall industrial economy of a country. They had been using a non-cloud. Because of this. OTHER CLOUD EXAMPLES The cloud is ubiquitous and is not just limited to office-based applications or remote storage. The Fourth Census of the SME Sector indicates that this sector employs 59. as noted above. According to the 2009 eBay census guide. cost-effective. and the handling of email. With the development of India as the call center hub for some of the biggest US and European companies. the eBay platform enables “product availability to anywhere.38 SMEs in India are now using online portals such as eBay and Amazon to sell their products domestically and abroad. the cloud is not 100 percent safe.43 Such a model provides numerous advantages. However. To be clear. 12 ADOPTION OF CLOUD BY LARGE COMPANIES Sterlite Technologies is a leading global provider of transmission solutions for the power and telecom industries. Credit Cards. There are many other large companies that have moved to Google’s cloud. These are Automated Teller Machines (ATMs).37 It also is advantageous for organizations. thus offering the public sector opportunities to put proposals out for competitive bids in order to obtain the best value for taxpayers. For example.

and they enable people to withdraw money from banks without going to the bank (i. and has generally enabled the Indian outsourcing economy. Credit Cards Credit cards are another form of cloud computing. VoIP has a hassle free process from setting up to actually using the service. The following two cases of ATM theft indicate that no new regulations actually are needed for cloud computing crimes. It also enables anytime. the Indian police were able to make their arrests based on very old laws of theft. A Chennai based MBA graduate had used International contacts to develop 30 dummy cards that allowed him access to ATMs. the Ludhiana Police arrested the three after close evaluation of the images from a CCTV installed inside the ATM. in turn can save on capital expenditure as they can just set up ATMs at convenient banking locations instead of opening new branches.3 lakh Indian Rupees in the state of Punjab. setting values for QoS 13 .51 Thus.45 The three persons involved were the security guard and two of his friends. Credit card companies such as Visa. Not surprisingly. The use of cloud-based VoIP technology offers advantages of cost savings from avoiding long distance calls. the TRAI issued a regulation on Quality of Service (QoS) for VOIP Based International Long Distance Service in 2002. MasterCard. and have played a key role in the online shopping boom seen in India in the last decade. anywhere shopping and saves the consumer the hassles and security issues of carrying large amounts of cash. which has been dubbed as one of the first major “cybercrimes” in India. Anecdotally. The Chennai police believed that his arrest was the first step in solving the cybercrime ATM racket in Chennai. and the convenience of user-friendly Skype and Gmail portals.October 2011 J O U R N A L O F I N T E R N E T L AW Automated Teller Machines ATMs are an early version of cloud computing. like cloud computing.49 Credit cards rely on transnational data flows. and by leading financial institutions in India for their core services. One reason for VoIP’s astonishing uptake in India in the past decade is the affordable pricing. for more than two decades. the Indian financial sector has aggressively moved to the cloud. loved ones can attest to the importance of using VoIP to keep in touch with their family while studying in foreign countries such as the United States and the United Kingdom. The first case is that of an ATM robbery worth 7. Additionally. and credit-card companies are.4 million debit cards in the Indian market in 2009–2010. Like many other applications of cloud computing.46 Similarly. via the cloud. in another ATM theft in the state of Chennai. essentially. Banks.. the thieves were found guilty under Section 407 of the Indian Penal Code. there was no need for any particular cloud-based legislation in order to solve these crimes. and instead. It is an important way for Indians to keep in contact with loved ones in India and abroad. “from the cloud”). First. The TRAI is one of the key players in the regulation of VoIP services and in assuring quality for Indian consumers. in the data transfer and information-sharing business. Add to this the security of withdrawing money from accounts anytime and anywhere. ATMs are miniature computers that connect to the cloud either by a dial-up connection or by a broadband connection.3 million credit cards and 181.44 ATMs make banking much more convenient as consumers are no longer forced to deal with banks that are close to them. The first ATM was launched in India in 1987 by HSBC Bank. These advantages are reflected in statistics that indicate there were 18. According to the Times of India. Voice over Internet Protocol Voice over Internet Protocol (VoIP) is basically telephony over the Internet and because of the processing and switching required.52 This is especially true in Indian regions where high speed Internet connections are available. credit cards have an increased importance in the present Indian economy. the cloud is used both for the exchange of information between databases to enable the credit-based economy.e.48 Again. Thus. ability to see each other. cloud computing in the form of ATMs has been part of the Indian economy. and American Express have allowed for convenient business transactions within the Indian market. no new “ATM law” or “cloud” law was required. The TRAI has taken two major steps in the regulation of VoIP services.50 Because of these distinct benefits.47 was solved by the combined efforts of the Federal Bureau of Investigation (FBI) and the Central Bureau of Investigation (CBI).

Information Technology Act of 2000—The Information Technology Act of 2000 has explicitly stated penalties for the breach of data and privacy. governance of interconnection agreements between the ISPs and National Long Distance (NLD) carriers by the TRAI. 1997. imposes duties on credit information companies and credit institutions for any unauthorized sharing of an individual’s credit information with external sources.J O U R N A L O F I N T E R N E T L AW October 2011 parameters and a testing procedure. the existing regulatory framework does not offer complete protection from data breaches. quoted in India as a data protection provision. 3. deals with computer hacking and protects data users from intentional alteration/misuse of data on their computers diminishing the value of the data in the process. the Government delayed the decision on regulations for VoIP services in the country. destroying. Indian Contract Act—The Indian Contract Act basically deals with requiring Indian importers to pay a duty if they are unable to protect data coming in from other countries. On the other hand. on the other hand. PRIVACY AND THE CLOUD IN INDIA Every country in the world individualizes privacy concepts to match history and culture. new regulations could pose definite and serious challenges for cloud 14 . Although there is no right specifically focused on personal data protection in India. 2009. The Department of Telecommunications found these recommendations to be helpful but on February 20. A majority of Indians believe that the concept of privacy is about their own personal space rather than information privacy or identity theft.55 Importantly. The sources are: 1. India has taken a sophisticated view toward privacy and has adopted regulations that are meant to protect a set of resources and to prevent its misuse. 2008. To be clear. For instance. It foresees civil liability for actions including but not limited to unauthorized copying. numbering scheme for ISPs providing Internet Telephony services. database theft. 65. Article 21—Article 21 of the Indian Constitution is about the general Right to Privacy. Section 43 protects the consumer from damages to the computer or the computer system. The penalty is the same as that for Section 65. and digital profiling. It is applicable to intentional actions such as concealing. the regulations that were adopted by TRAI took vital steps to facilitate and promote the technology and its adoption rather than to impede it. The Credit Information Act of 2005. extraction. The same penalty is applicable to anyone who is involved with hacking a computer system to cause wrongful loss of property. it issued a set of recommendations for regulation of VoIP services in August. however it is comprehensive enough to resolve a majority of the concerns in the Indian market. Intentional tampering with a computer system’s source code is punishable by up to three years imprisonment or a fine of up to two lakh rupees.54 These recommendations included the development of a level playing field for Internet Service Providers (ISPs).53 Secondly. and 72. Section 66. 2. Four sections of the Information Technology Act specifically deal with penalties against breach and misuse of data in India. emergency numbers. These are Sections 43. 66. Section 65 protects consumers against the tampering of computer source documents. or altering of computer source code and is punishable by either or combination of a fine of up to two lakh rupees and imprisonment of up to three years.56 This right covers the first generation of rights for Indian Citizens. and interoperability between providers. a person gaining access to or downloading/changing information from a computer system without prior permission from the owner is subject to civil liability. The introduction of new regulations does not show any distinct benefits. This act is focused on e-commerce and cybercrime in general. there are several primary sources of Indian legislation that refer to this right for Indian citizens. Section 72 imposes a fine of one lakh rupees and an imprisonment term of up to two years for any breach of confidentiality and privacy of a person’s material. The regulations are primarily aimed at discouraging people from being involved in such behavior. The Information Technology Act of 2000 is based on a resolution that was adopted by the United Nations on January 30. at least in the domain of computers and cybercrime.

it is telecom infrastructure that “powers” the cloud.15 However.57 and (3) extend the smallest possible subset of these rules to the world of cloud computing and to utilize regulatory restraint so that the market may still develop. Sharma mentioned that there was definitely concern over sections of content present on the Internet and these would be carefully studied over the next few months. Research indicates that there are many laws and regulations in India that sufficiently protect consumers from breach of data. some of its core functions include recommending the need and timing of a new ISP. to facilitate competition between service providers. It will not only slow down the adoption rate for cloud computing and prolong the time to gain its benefits but also give rise to a feeling of confusion and panic in the Indian economy. granting. It also respects the sentiment of the Indian Government of having some sort of regulatory oversight over cloud computing applications. The new privacy law is very new. and develop 15 . from breach of contract. and the continued growth of cloud services depends on ongoing investment in infrastructure so that the growth can continue. 2011. to monitor quality of service provided. monitoring. revoking of licenses to ISPs. For these reasons. data portability. energy.60 The extensive requirements of the new rules are likely to increase the overhead of time. Per the Telecom Regulatory Authority of India Act of 1997. and the government. it will be important for its interpretation and enforcement to be measured so as to allay the fears that have already been expressed by many multinational businesses. and from misuse of data. These laws make Internet Intermediaries responsible for harmful content on the Internet. A key component of these rules was that any organization processing personal information in India requires written consent before undertaking certain activities and must implement reasonable security policies and procedures. we suggest a three-pronged approach: (1) clarify the nature and scope of existing data protection rules. educational institutions. quality of equipment used in the network and make appropriate recommendations. raise legal concerns over past decisions. THE NEW INDIAN PRIVACY LAW The most recent development by the Indian Government with respect to data privacy came in June. broadcasting and cable services in a manner and at a pace which will enable India to play a leading role in the emerging global information society.62 Its mission is “To ensure that the interests of consumers are protected and at the same time to nurture conditions for growth of telecommunications.58 These rules apply to organizations operating in India and are independent of whether the data originates in India or if it pertains to Indian citizens.59 The intention of the Indian Government is to enhance the data security and privacy in the country and it feels that this is a crucial step to promote offshoring in India.63 The role of the TRAI is centered on ISPs and their customers. This article endorses the general opinion that cloud computing is very important for multiple sectors of the Indian economy including SMEs.October 2011 J O U R N A L O F I N T E R N E T L AW computing and the functioning of the Internet itself. Such an untested set of regulations would slow down the momentum of future cloud-services adoption. (2) promulgate rules that promote open standards. It also enforces a disclosure obligation for privacy policies wherein an organization must clearly explain the purposes of processing the involved personal information. Indeed. and market-based mechanisms like those promoted by the SIIA Cloud White Paper for policymakers.” One of the most important things that TRAI can do is to leverage the unique perspective that TRAI has on infrastructure. when it passed the 2011 Information Technology Rules (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information). forming the conditions of. It recommends further clarification of existing regulation and its extension to cloud computing in a subtle way rather than developing an untested set of new regulations. and money to be spent by companies when offshoring to India. S. and ultimately. TRAI chief J. At the CII Content Summit. and to resolve disputes between ISP’s or between an ISP and a customer.61 R E C O M M E N DAT I O N S TO T H E T E L E C O M R E G U L ATO RY AU T H O R I T Y O F I N D I A The TRAI was created by the Telecom Regulatory Authority of India Act of 1997. the actual nature of these rules does not completely solve the original purpose.

See Dan Salcedo. February 3. See “Microsoft Office 365 Launch: Zimbra Scores Surprise PR Win. the European Parliament and Council adopted Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data. available at http://goo.” 9 Comm.tripit. a return to scale approximated by Grosch’s Law”).. Jason Fried. The World Almanac and Book of Facts (Ken Park ed.. See www. 25. 2010) 18. June 28.” RAND Europe Technical Report (2009). yet wonderful technology. stated in the 1940s. Built by IBM and Harvard professor Howard Aiken.”) 13. See Jack Kessler. See See Maite Selignan. VMWare’s Several sources have noted that the Directive has significant weaknesses and that many aspects of it are ineffective. 27. Ken Pottinger. that makes web pages look like dynamic software applications that traditionally run only on personal computers.J O U R N A L O F I N T E R N E T L AW October 2011 a negative sentiment in the minds of the Indian people towards this new.” Id. See www. (Crown. 16. Getting Real (2009). al. See SIIA Cloud White Paper. holds that the microprocessor’s performance will double every 18 months. Grosch’s law was still highly regarded by scientists and policy analysts. it forced the adoption of a specific technology standard (a PKI-focused provision) into the regulatory framework. the scientific community on the whole still had great faith in them. “Standards of Liability for Internet Service Providers. 2003. 22. 2006 (describing the interactive Web as follows: “But what is Web 2. ACM 94 (1972) (“In addition to increases in the level of technology. .com.J.” D-Lib December 1995. March 27. took a more technology-neutral. David Heinemeier Hansson. George Simpson. supra n. ACM 779 (1986) In the 1960s and 1970s.. many businesses resisted PKI adoption because it was deemed more expensive and difficult to use and instead adopted alternative solutions. “Comments on Grosch’s Law Re-Visited: CPU Power and the Cost of Computation. á la Française. 26.” The Economist. Martin B. policymaker concerns about specific issues can and are being addressed through industry-led voluntary action. 24. Terminals available for sale by France Telecom today can be viewed at http://goo.0? It began with a specific and useful definition. 2002). 189. 2011). ACM 435 (1966) (concluding that larger computers offer the greatest economies of scale and indicating that “Grosch’s Law.” 54 Federal Communications. unable to use another vendor without 2. 21. As the eSignatures market developed post legislation. “Guide to Cloud Computing for Policymakers. Known in the European Union as the Electronic Signatures Directive. We highly recommend future research in this regard but strongly believe that minimum regulation is the primary factor to preserve the growth and innovation of cloud computing in India. The United States. See Russel Carlberg. In the United States.” Online Media Daily. “Wireless Communications and Computing at a Crossroads: New Paradigms and Their Impact on Theories Governing the Public’s Right to Spectrum Access. Hans Graux. the Mark I was 55 feet long and eight feet high. N OT E S 1. 7. Ryan. . Patrick S. drawing the attention of the national news media. 4. one can expect for any given level. appears to be prophetic”). See www. available at http://goo.huddle. “Le Minitel Still France’s Preferred ‘Internet. In contrast to the static web pages of the 1990s. at 247.” While some challenged his theories. at 2. In addition. A. Matthel Linderman. a rule that might apply to a public cloud offering might not work as applied to a private cloud offering. The Directive applies to all 27 member states of the European Economic Area (EEA). But see Charles W. January 9.g. See Neil Robinson. the Electronic Signatures in Global and National Commerce Act did not provide any guidance with regard to specific technology primarily because the PKI market was at that point in its infancy. but the public retained the impression that the Minitel was mostly about sex. See In 1944. heavy traffic generated by these sex lines caused what remains the system’s only large-scale crash. . html. 5. 17. on Telecomm. .” 35 Cornell Int’l L. public private partnerships and best practices enforced through contracts and existing legislation.” Software & Information Industry Association White Paper. July 1. E. Jr. Lock-in occurs when a customer is uniquely dependent on a vendor for products and services. cited supra n. “Grosch’s Law 2011. it is imperative that the free flow of information be preserved. “Free e-commerce catalogs managed with Google Docs. 19. See “Caught in the Net. “France’s Precursor to the Internet Lives On. for example. available at http://www. 1997. Adams’ work was part of an early movement that ultimately led to the so-called “repeal” of Grosch’s law. See Xavier Amadei. Adams. “Maximum Computing Power and Cost Factors in the Centralization Problem. available at http://goo. 2010. 3.” Google Docs Blog. Miniaturization is most often associated with the growth of personal computers that took place from the 1970s through the 1980s. & High Tech. Solomon. 16 .”) 23. “The Persistence of the Dirigiste Model: Wireless Spectrum Allocation in Europe. available at http://goo. Kang et al. In 1995.” The “The enzyme that won.10 (describing the phenomenon as follows: “in 1985. and it is most often expressed in terms of “Moore’s law.” 15 Comm.’” French News Online.37signals. is an open-source product that has been widely adopted by enterprises.” 8 Datamation 38 (1962) (Adams suggests that Grosch’s law may not be accurate. however. “A Billion Here and a Billion There. 195 (2002). 2011.6. See Selignan.evernote. 14. Although announcements claim that the Minitel terminals finally will be discontinued on September. See e. June 2011 at 5. The technical problem was quickly solved. (last accessed June 20. et. Halstead. . developed by Intel founder Gordon Moore in the 1970s. the second wave of websites would use software . market-driven approach. 129. May 11.evite. gl/gyO6. Young M.13. Jason Fried & David Heinemeier Hansson. which helped foster the eSignatures market. “The French Minitel. September 25.). available at http://goo. supra n. at S16 (describing Moore’s law and indicating that it has so far proven to be correct).. 3. 10. 2011. In the second largest democracy in the world.” Moore’s law. 136 (2001). 6. “Review of the European Data Protection Directive. 11. 9. available at: http://goo. and respected papers continued to espouse his centralized computing “law. L. Oldehoft & M.dlib. “Economies of Scale and the IBM System/360. at 13. the first large-scale automatic digital computer began operation.. It also is seen as a competitor to Microsoft Office 365 and to Google Apps.” 240 J. 15.” Washington Post. 12. See www.” The VAR Guy.J.” 29 Comm.. ReWork. stating that “a rule that makes sense when applied in a business-to consumer context might be inappropriate when applied in a business-to-business context.

available at http://goo. IIFL owns and manages www. “Going Google in India: Indian Youth Congress & Punjilloyd move to Google Apps for “Unwanted Plastic?. but that are also still needed. 2011 at 22. May Source: interview. and thus vitally important to a liberalized regime for transnational data flows. 41. Also see Joshi. See Bill Coughan. commodities. gl/fTkrx. 2006. available at wharfinger or warehouse. etc. Delhi Public School. Neelkamal and many others. available at http://goo. Basant Singh.” Microsoft Contributory Articles. shall be punished with imprisonment of either description for a term which may extend to seven years.”) 29. 2011. June 1. Powers and Functions of the Authority. available at http://goo. 28. “Emerging from the Shadows. infra n. 57. October 20. 45. See SIIA Cloud White Paper. Interview with CIO Sankarson “Changes to the open Internet in Kazakhstan. 33. 42. Forbes Marshall. For example.” The Economist. cited supra n.” The Wall Street 36. (Noting that Indian “offices and individuals are switching to Web-based suites that are not only cheaper—because they do away with software costs—but are also accessible from any place with a decent internet connection”). available at http://goo.keeper. “IBM inks five year business transformation deal with India’s UTV Software Communication. See India Infoline’s Google Journey.” CRID. See Carl Shapiro and Hal Varian. University of Namur. 55. 43. one of India’s leading online destinations for personal finance.” Google Enterprise Blog. 37. available at http://goo.wikipedia. August 12 2010. Downloaded Cloud Computing. “ATM theft: Security guard. 2010. Cosmo Films. May 21. (describing the many improvements that have happened.” 47.” SmallEnterpriseIndia. supra n. available at http://goo. March 31 “A private Affair. and shall also be liable to fine.” Washington Post. See Pradeep Agarwal.” Information Week. to Indian infrastructure for the benefit of the IT sector). available at http://goo. The Mexican Secretary of Economy published a report that analyzed transnational data flows and identified India as one of the most significant locations for outsourcing of various services. See Rama Lakshmi. 51. See Wikipedia entry. Shipla Shanbag. 35. 2002. 18 August 2008. 52.” The Official Google Blog.” Cloud Computing.” Indiaforensic. Small and Medium Enterprises (Government of India). Indiamart. IIFL offers advice and execution platform for the entire range of financial services covering products ranging from equities and derivatives. available at http://goo. 2010. available at http://goo. A few companies that have “gone Google” (meaning that they have moved to the Google cloud) include: Saurashtra Cements (Mehta Group).13. or to switch telephone providers in areas where the market is limited or where barriers to entry are high.” Law Without Borders. gl/zGY5l. 48.October 2011 J O U R N A L O F I N T E R N E T L AW substantial switching costs. Ministry of Micro. June 9. Microsoft Case Studies. available at http:// goo. Flipkart. June 10 available at http://goo. Mayur Sharad Joshi. commits criminal breach of trust. 2009. available at http://goo. the IIFL group. stock markets. available at http://goo. gl/Qm1et. June 10 2010. How can VoIP reduce call center costs. January 2010. 32. easiptionBPO. North American Leaders Summit. Credit Card Service in India. at http://en. TRAI issues Regulation on Quality of Service for VOIP Based International Long Distance Service. “Indian Youth Congress moves See CRID India Privacy Technologies. Also see Alan Cullison. February 20. available at “eBay: The E-way of Doing and other instruments. “Google Sidesteps Edict. “4+1 Reasons Companies are Moving to Cloud. June 20.—Whoever. Section 407 in The Indian Penal Code. being entrusted with property as a carrier. “Cloud Computing: The Next Big Wave in SME Market.” Dataquest. Also see “Credit Card and Debit Card Users in May 31. Telecom Regulatory Authority of India. companies.” Outsource Portfolio. 38. 44. gl/v5eKn. gl/Y39qW. Team Computers.” 53. November (hereinafter. 1860: “Criminal breach of trust by carrier. June 7 2010. 2011.48. available at http://goo. Haier Mobile. 31.” The Times of India. 2011.” IndiaFacts. About Us. 2002. Recommendations on Issues related to Internet Telephony. 62. two others arrested. Which VoIP. See Report on the Trilateral Committee on Transborder Data Flows.000 members to Google 50. available at http://goo. available at India in the Cloud Computing Arena.” The Times of gl/ 2011 available at http://goo. available at http://goo. Pheji Phalghunan. Rustomjee (part of Keystone Group). 63. BSE: 532636. August 18 2009. “First Analysis of the Data Protection Law in January 14 2010. Information Rules (HBS Press 1999). India Infoline Ltd (NSE: INDIAINFO. Telecom Regulatory Authority of India. 30. Celebrating 150 years in India. available at http://goo. available at http://goo. available at http://goo. “India’s First ATM Card Fraud. quoting Eric Schmidt‘s statement the doing so makes him “very concerned that we will end up with an Internet per country. 56. “India’s New Data Privacy Rules: Will They Help or Hurt Legal Outsourcing?. (describing the requirement from Kazakhstan for local servers and Google’s withdrawal from the market as a result.” Outlook 39. HSBC Website: The Worlds Local Bank. Shalini Singh. economy and business. May 24. June 16 2011. “Another giant leap. IIFL has moved to the Google cloud and has almost 18. “India data privacy rules may be too strict for some U. 34. Faiz Askari. 59. comprising the holding company.000 users. 49. available at http://goo. Mani Malarvannan. available at http://goo. 58. available at http://goo. available at http://goo. May 23 2011. “No tariff cut now as VOIP gets delayed. available at http://goo. Examples of lock-in include the difficulty in switching from one office-based provider to another. “New Privacy Laws To Impact Outsourcing to India. in respect of such property. Karan Bajwa. India Pistons. available at http://goo. June 7. Javed Anwer. available at http:// goo.S.” The Times of India. at “Office in the Cloud. is one of the leading players in the Indian financial services” VarIndia. Compro Technologies. 54. Bloomberg: IIFL) and its subsidiaries.” Proactive Investors. available on YouTube at http://goo. 17 . Russell Smith. “CRID India Privacy Paper”). “Black Cards Forensics. TRAI Act 1997.