O C TO B E R 2 0 1 1

Regulation of the Cloud in India
By Patrick S. Ryan, Ronak Merchant, and Sarah Falvey


t is popular to make claims that the “new” movement of data to the “cloud” requires heightened attention from lawmakers and regulators. These calls for attention are based on beliefs that people are entrusting their information to third parties in ways that were never previously contemplated, and that new laws must be enacted in order to protect everyone’s privacy. The theory is often stated this way: without swift action, cloud computing will result in significant privacy breaches that will harm consumers. While it is reasonable for regulators to be wary of the increased reliance on third parties as the world becomes more digital, it is a mistake for regulators to assume that cloud computing (and its privacy and security challenges) are new. It also is a mistake to assume that cloud computing is inherently less secure than data stored on individual computers. In fact, cloud computing has been the aspiration of leading thinkers since the 1950s, and the development of the cloud has taken a similarly

progressive path as the development of the Internet itself. It is risky to attempt to regulate the cloud separately as well as to assume that the “cloud” can be controlled in a different manner from the flow of data on the Internet. Because computation in the cloud is no different from use of the Internet itself, it is not readily feasible or practical to cage and confine data flows within the cloud in a way that is substantially different from the flow of worldwide information generally. For this reason, regulatory frameworks should not be sui generis or custom tailored for the cloud and, instead, should leverage or update existing laws that are already in place. This article proposes a regulatory model for the cloud and shows how this model can be applied to India. Continued on page 7
REGULATION OF THE CLOUD IN INDIA . . . . . . . . . 1 By Patrick S. Ryan, Ronak Merchant, and Sarah Falvey PROTECT IP ACT: ONE APPROACH TO DEALING WITH INTERNET PIRACY . . . . . . . . . . . .3 By Michelle Sherman VARIOUS COURT RULINGS ON INTERNET COMMERCE TAXATION. . . . . . . . . . . . . . . . . . . . . . . . . . 18 By James G. S. Yang

Patrick S. Ryan, PhD, is Policy Counsel, Open Internet at Google Inc. and Adjunct Professor in the Interdisciplinary Telecommunications Program at the University of Colorado at Boulder, CO. Ronak Merchant is a research assistant at the Interdisciplinary Telecommunications Program at the University of Colorado at Boulder, CO and holds a B.E. from the University of Mumbai, and an MS from the University of Colorado at Boulder. Sarah Falvey is Senior Policy Analyst at Google Inc, and holds a BA from Hamilton College and an MA in International Relations and an MPA from Syracuse University. The authors are grateful for comments and input to earlier versions of this draft from Venkatesh Hariharan, Raman Jit Singh Chima, Pradeep Agarwal, and Nicklas Lundblad.

Electronic copy available at:

Goodrich & Rosati Palo Alto. Meagher & Flom. All rights reserved. NJ Christopher Millard Clifford Chance London. Dick C. One year subscription (12 issues) price: $552. The opinions expressed are for the purpose of fostering productive discussions of legal . Hayes Fenwick & West LLP Palo Alto. Rockower Editor-in-Chief Mark F. CA 94301 (650) 328-6561 76 Ninth Avenue New York. CA Jon A. LLP New York. DC Michel Béjot Bernard. Judith M. This publication is designed to provide accurate and authoritative information in regard to the subject matter covered.wrightsmedia. Germany Lewis Rose Collier Shannon Scott PLLC Washington. LLP Santa Monica Henry V. Davidson Leonard. Single issue price: $55. Gervaise Davis III Davis & Schroeder. MD 21704. Barry Wilson. NY Prof. CA William A. Sonsini. French Vicky Lee Peter Leal Jim Nelson Scott Pink Allyn Taylor Vincent Sanchez Patrick Van Eecke Jim Vickery DLA Piper Thomas Jansen Nils Arne Gronlie Kit Burden Mark O' Connor Hajime Iwaki Mark Crichard Director. Linder Wiley. General Counsel Broadcast Music. Tanenbaum Kaye. For customer service. NY Allen R. NY Richard D. Laurie Skadden. Wolfson Assoc. If legal advice or other professional assistance is required. CA Ronald S. Redmond. Spelman Steinhart & Falconer.C. CA Edmund Fish General Counsel Intertrust. Saffer Asst. van Engelen Stibbe Simont Monahan Duhot New York. Hays & Handler. CA Hilary Pearson Bird & Bird London. call 1-800-234-1660. France Stephen J. Morris & Hecksher LLP San Francisco. Ballen Schwartz & Ballen Washington.J. of Houston Law Center Lee Patch General Counsel Sun Microsystems’ JavaSoft Division Mountain View. Rein & Fielding Washington. D. iCrunch Ltd. Purchasing reprints: For customized article reprints. Electronic copy available at: http://ssrn. Viacore. NY 10011. 76 Ninth Avenue. England Michael Pollack General Counsel Elektra Entertainment New York. It is sold with the understanding that the publisher is not engaged in rendering legal. P. Gray Cary or its attorneys or clients. please contact Wright’s Media at 1. Hale Executive Editor Maureen S. LLP Palo Alto. Thompson Bloom. Aspen Publishers. Orange. Newsletters Susan Gruesser Managing Editor Jayne K. General Counsel Blank Rome Comisky & McCauley LLP Washington. NY Colette Vogele Microsoft Corp. Trotter Hardy School of Law The College of William & Mary Peter Harter Security. In no event may these opinions be attributed to the authors’ firms or clients or to DLA Piper Rudnick. CA Executive Managing Editor Robert V. 7201 McKinney Circle.877-652-5295 or go to the Wright’s Media Web site at www. Mountain View. Merrill McCarter & English Newark. Cook. Phelps & Phillips Palo Alto. CA Morton David Goldberg Schwab Goldberg Price & Dannay New York. MN G. —From a Declaration of Principles jointly adopted by a Committee of the American Bar Association and a Committee of Publishers and Associations. LLP Beverly Hills. England Prof. Fierman. Arps. To subscribe.A. CA Prof. Register of Copyrights Washington.S. CA Roszel Thomsen. DC Charles R. Inc. Baumgarten Proskauer Rose Washington. Lease EDITORIAL OFFICES 400 Hamilton Avenue Palo Alto. CA Jeffrey S. Dorney DLA Piper Associate Editors Gigi Cheah Elizabeth Eisner Ann Ford Thomas M. Diemer & Klein. CA Ronald S. D. Hertz & Béjot Paris. CA Prof.JO U R N A L O F Internet Law EDITORIAL BOARD Constance Bagley Associate Professor of Business Administration. Street and Deinard Minneapolis. New York. Radcliffe DLA Piper Palo Alto. Sinrod Duane. the services of a competent professional person should be sought. NY 10011 (212) 771-0600 JOURNAL OF INTERNET LAW (ISSN# 1094-2904) is published monthly by Aspen Publishers. Pamela Samuelson Boalt Hall School of Law University of California at Berkeley William Schwartz Morrison & Foerster San Francisco. Inc. Toronto. call 1-800-638-8437. London. Ballon Greenberg Traurig. CA Eric J. Hergott. WA Joel R. Katz Manatt. of Ottawa Law School Goodman Phillips & Vineberg. Harvard Business School Robert G. CA Katherine C. BOARD OF EDITORS Founder David B. Sunnyvale. accounting. New Postmaster: Send address changes to JOURNAL OF INTERNET LAW. II Thomsen and Burke. NY Thomas Raab Wessing Berenberg-Gossler Zimmerman Lange Munich. LLP Washington. Inc. DC Ian C. LLP San Francisco. or other professional services.C. Monterey. Ray T. Frederick. DC David Phillips CEO. England MaryBeth Peters U. Scholer. Michael Geist U. Slate. CA David L. Grogan General Counsel. DC Copyright © 2011 CCH Incorporated. Nimmer Univ.C. Telephone: 212-771-0600.

The Minitel was widely adopted and used. that migration to centralized computing would happen because of the need to leverage economies of scale coupled with the need to invest in massive data processing centers.1 For nearly two decades. while Grosch’s cost model was wrong (now replaced by Moore’s Law). interactive databases.6 Because the Minitel was a “pay for use” cloud-based system. and there was no accompanying 7 . Grosch was partially wrong. While Grosch was wrong about the cost model of cloud computing. because rather than passing new laws to control or contain the type of information that was exchanged on the Minitel cloud. government-controlled cloud) would prevail.8 As late as 1995. For example. the Minitel cloud brought tremendous value to the French economy due to the ability for small and medium-sized businesses to exchange information. the French consumer has been involved in significant use of cloud services that included bank transactions.October 2011 J O U R N A L O F I N T E R N E T L AW Regulation of the Cloud in India Continued from page 1 G R O S C H ’ S L AW The development of cloud computing is as old as computing itself. directions.11 Naturally. and other details. there were some hiccups when the exchange of certain kinds of information became controversial.” in this case because of its link to France Telecom—the telephone utility. like modern cloud computing.4 Those that claim that Grosch was wrong called for the “repeal” of Grosch’s Law as other more accurate cost models came to light.2 Grosch expressed his theory as follows: “I believe that there is a fundamental rule…giving added economy only as the square root of the increase in speed—that is to do a calculation ten times as cheaply you must do it one hundred times as fast. Indeed. while governments will always be faced with new issues and challenges. because the unanticipated “killer app” for the Minitel was erotic chats (which made the government uncomfortable as the system’s sponsor). So.9 Thus. for the past 30 years. and partially right. and to provide offers.7 It is one of the first examples of mass deployments of cloud services (also called “utility computing. Mr. and the cases that dealt with civil and criminal liability issues within the Minitel cloud relied on these rules to ensure consumer protection while at the same time allowing the service to flourish.12 However. and broad exchanges of information in large data centers. it enabled France to be wired much earlier than the rest of the world. the world’s leading thinkers within the area of cloud computing are just as old as the theories of computing themselves.10 The French adoption of the Minitel is illustrative for modern cloud-computing. a number of “dumb” Minitel terminals are still available for installation and use in France. The terminals were inexpensive to manufacture and maintain and so consumers shared these costs among themselves and therefore were given to consumers for little or no capital expense.5 his theory of supercomputing with dumb terminals. the French had laws and codes that governed publications in the press and certain audio-visual communications.”3 This argument has been interpreted to mean that the natural technological evolution would lead to “supercomputing” as a norm and.) Although the Minitel largely has been replaced by the Internet. As with any good thinker who is ahead of his time. chat fora. essentially. THE MINITEL The Minitel was designed in the 1970s and allowed the public in France to use their telephone network to access a number of interactive databases. His law held rein for nearly three decades. there was considerable debate as to whether the Internet (a decentralized cloud-based system) or the Minitel (a centralized. this theory was enshrined and endowed with the character of a law of nature in a concept known as “Grosch’s Law.” Herbert Grosch developed this “law” more than 60 years ago based on an assumption that computing increased by the square of its cost. Grosch’s observations highlight that the debate around the theories of cloud computing have been taking place for more than 50 years. is the root of cloud computing. Indeed. essentially. it is important that when contemplating any regulatory framework to step back and examine how the specific technology has evolved in relation to other industries. he was correct in his assumption that significant economies of scale and efficiencies could be achieved by relying on massive. centralized data centers rather than an over-reliance on storage in end units. the French chose to leverage existing laws.

across-the-board. and compartmentalize the three relatively abstract concepts of Infrastructure as a Service (IaaS). remember everything. because of these varying models and platforms. users. there is no effective way to require. Getting Real and ReWork.”18 This service aggregates information from . even if a large cloud-based email provider. Computer programmers and entrepreneurs have turned the cloud into a vast offering of very real products. it is useful to provide a brief illustrative survey of cloud offerings in order to illustrate width and depth of the ecosystem in the discussions below. Still.15 For example. thus making these distinctions essentially irrelevant. that all the world’s cloud services store their data in any given country. CLOUD EMAIL There are thousands—if not millions—of companies that provide separately branded cloudbased email services. Simply stated. Platform as a Service (PaaS) and Software as a Service (SaaS) that make up the cannon of cloud computing offerings. Yet.14 All a company needs to do is to purchase a simple Linux computer and an Internet connection—and that company is now a cloud-based email provider. and contrary to the common term. there is simply no way to impose such a requirement on the thousands of other cloud-based email providers. For purposes of elucidation.”13 So. Rediff Mail. Evernote is a service that allows users to “capture anything. Gmail. and it is not the way that email and other cloud-based services work. AOL. users can sign up for multiple email accounts from any email service around the world. the small-business collaborative suite. PaaS.” and “access anywhere. SaaS along with other categories not yet defined. it is worth exploring the various manifestations of offerings to show how widespread the adoption has been. sharing. to make vacation plans. etc. often integrating unique and novel combinations of IaaS. While it is of course still possible for companies and consumers to place their email on their laptops or desktops. In other words. T H E C L O U D I S E V E RY W H E R E Governments. which means that the core software to run an enterprise-class Web-mail server can be obtained for no cost. Most services that businesses and consumers use cut across all categories to some extent.17 Similarly. parties. the term is still used because it is entrenched in the common of the technology. Therefore regulations (such as those in Europe) that require data be stored within certain geographical boundaries are not practically enforceable. There is currently a very low 8 barrier-to-entry for this market because web-based email is now available as an open-source platform. the cloud computing space is too dynamic to divide into three neat categories. Literature and papers on cloud often go to great lengths to describe. unitary thing. while the concept of the “cloud” has been blurred with the Internet for some time (arguably long before the concept of the Internet even existed).J O U R N A L O F I N T E R N E T L AW October 2011 set of cloud-based regulations that accompanied that use. CLOUD-BASED BUSINESS AND PERSONAL ORGANIZATIONAL TOOLS Thousands of cloud-based opportunities are available in order to help individuals and businesses aggregate their use of the Web. there are economies of scope that can apply to large email hosting companies. and this is why several global providers are popular. 37Signals. and such. cloud computing is not a single. With so many offerings available. Lycos Mail. and regulators often think of cloud computing in a very narrow way. were to comply by hosting some of its servers in a given country. and real-time collaboration tools for small businesses. today this is often done as a complement to the storage of the same email in the cloud. such as Hotmail. The methodology that 37Signals employs (espousing cloud-based tools to empower businesses) has lead to two best-selling business books. As the Software & Information Industry Association has recently described in its White Paper for Policymakers (SIIA Cloud White Paper). including Gmail. that is not the way that the architecture of the Internet was developed. segregate. or AOL. contacts. Hotmail. “cloud computing” resists practical definition for common treatment by law and regulation. weddings. For example. There is no “the cloud. to make business plans.16 offers project-management software. While these concepts once served the purpose of providing a framework for thought.

such that individuals and businesses can practically maintain all of their records—daily transactions. secure sharing of video content). which offers free e-commerce catalogs (software. users and businesses collaborate in the cloud to rate and share information on businesses. search. Evite. Mint. user support) to artisans and Small and Medium Enterprises (SMEs) worldwide that includes catalogs managed by Google spreadsheets.October 2011 J O U R N A L O F I N T E R N E T L AW users and businesses. such as TurboTax. The most valuable family photos are no longer stored away in an album or shoe box. Google Sites (team site creation and publishing). OFFICE SOFTWARE TOOLS Companies such as Google offer a broad base of business productivity tools and office-software replacements in the cloud. all on Evernote’s servers.000 invitations sent each hour. anywhere.19 One of the most popular travel/organization tools is Tripit. there are a number of services that offer “hard-drive replacement” in the cloud.23 The rationale for this valuation is not just based on consumer usage it’s the vast amount of information contained within the Facebook cloud—and the value that businesses and users place on it. there are several suites of cloud-based services that help individuals and businesses manage their money. social gatherings of all kinds. Amazon S3. Products such as Google Apps have powered companies such as OpenEntry. advertising. In sum. and boasts more than 25. and payment processing and delivery. Apple Mail. In addition to the value-added services. BANKING AND MONEY MANAGEMENT Most banking happens in the cloud. such as Huddle. Google Docs and Spreadsheets (online document hosting and collaboration). Egnyte. Dropbox. E-COMMERCE The cloud can enable businesses to set up a completely virtual business presence without the need for any infrastructure. which helps travelers organize and track travel. stock trades—all via the cloud. AND STORAGE Social networking is big business.22 SOCIAL NETWORKING. financial planning. in a trend that has been called “Banking 2. PHOTOS. One of the best known invitation-services. pay bills. research. Google Apps.0” services that empower people to compute from any device. allows people to plan parties.” Cloud-based banking products include Quicken. there are several more excellent cloud-based collaboration suites that offer the opportunity for companies to share their most important data with each other and with customers. Many of these suites either integrate data with or share data in some way with other cloud-based suites that can help with tax preparation and filing. taxes. Wesabe. work on mobile devices such as BlackBerry and iPhone. Additionally. with virtual opportunities for file sharing. MoneyStrands. Recent market valuations of the well-known site Facebook have cited the value of the upcoming IPO as high as $100 Billion. JungleDisk. hosting.24 9 .0. for example. there simply isn’t a need to maintain paper banking records at all. stored on sites such as Picasa. and more. Google Calendar (shared calendaring). it has completely replaced the need to either visit a physical bank branch or to keep paper-based transactions—in many countries. and Google Video (easy. Xero. and others. and many others. Geezeo. These Web-based services can be securely accessed from any browser. is an enterprise-ready suite of applications that includes Gmail. and in many cases. for example. and other materials. Additionally. and to interact with any business and with each other bring tremendous value to businesses and individuals. Amazon and Ebay offer “virtual storefronts” that enable cloud-based presentation. purchase and sell stocks. plane tickets. and other activities. work spaces and other collaborative tools. they are in the cloud. discussion boards.20 Finally. Snapfish and many other locations. images stored on Picasa Web Albums and payments by Google Checkout. notes. weddings. Apples’ iCloud.21 If it appears that the lines are blurred between cloud-based services as those described above and the Internet itself—that’s because there are no lines! The “Web 2. Almost all banks offer users the opportunity to complete online payment transfers. and integrate with other popular email systems such as Microsoft Outlook. through services such as Yelp. Expensr. Flickr. including photos. the banking and financial ecosystem has completely moved to the cloud.

J O U R N A L O F I N T E R N E T L AW October 2011 L E G I S L AT I V E A P P R OAC H Legislators and regulators have myriad concerns. resulting in favoring proprietary standards. Additionally. Legislation should not allow for the creation of private and/or isolated clouds where user data cannot be moved to another platform. The genius of the Internet has always been its open infrastructure. and focuses efforts on developing or deploying at the standards level in order to disadvantage cloud services. legislation typically prescribes a type of technology (such as encryption) rather than a particular end (protection of data).”26 The problem with new legislation is that it tries to ascribe a one-size fits all approach to cloud and Internet regulation.27 Vendor lock-in quells competition and enables a system.28 I M P O RTA N C E O F T H E CLOUD FOR INDIA As one of the fastest growing economies in the world. Interoperability. It also provides for patent and copyright protections that disproportionately benefit software-based products. India seems to be at the forefront of most 10 . for example. Data Portability. Ensuring that any legislation remains technology neutral is essential to ensure the continued development of any burgeoning technology space or market and there are many examples of situations where a counter approach actually quells the evolution of the technological space. thus ensuring portability. The interoperability of the Internet itself has allowed for its growth and evolution to be global and ubiquitous and cloud computing is no different. hurt users and risk creating multiple bifurcated Internets. Cloud computing services should make use of open standard protocols and formats such that users have unfettered access to their data and meta-data. consumer protection. where government procurement contracts favor legacy software providers. and transparency mandates that would apply only to a cloud environment and not to other forms of computing. in other words. This can only be achieved through the development and implementation of open standards. Governments should embrace a global approach to cybersecruity that seeks international consensus on standards and that recognize that data can be protected and safe regardless of where it is located. the ability to exchange and use information between cloud computing products and services. specific legislation that purports to cover “the cloud. ranging from desires to control the environment. Interoperability. and freedom from vendor lock-in. which allows anyone with a connection to communicate with anyone else on the network. which seeks to set specific security and privacy measures. while the U. Some companies have worked actively to develop principles that would single out cloud computing as a unique area within broader Internet legislation. In order to avoid these problems. However. is necessary for the development of unfettered competition between vendors and unrestricted choice for users. This often leads to vendor lockin for large companies. Cybersecurity Standards. these authors support the increasing consensus from industry that existing legislation should be leveraged rather than enacting new. which caused the eSignatures market in Europe to flat line for close to a decade. or reducing the quality of their services. which could impede competition in this area. definitions. legislation should avoid: • Localization Requirements. Measures that force Internet companies to choose between taking actions that harm the open web. and matters of privacy. One example in the United States of potentially prescriptive legislation is the proposed Cloud Computing Act of 2011. often citing national security.25 For this reason. the cloud ecosystem is a complex one that features many new players and opportunities for the market. market continued to grow and innovate. interoperability. as described previously. One striking example is the • • • adoption of important eBusiness applications in the United States which was greatly hampered in the European Union due to their desire to introduce technology-specific mandates. Governments should avoid requirements for in-country servers. cloud legislation should have the following characteristics: • Technology Neutrality.S. Any legislation should treat cloud computing as any other form of computing and not specifically regulate it based on the premise that cloud computing is something new or threatening.

11 . In addition.000 elected officials and volunteers to Google Apps for Business. There are a few notable adoptions of cloud systems from various entities that are worth mentioning. For this reason. The Government of India estimates that the use of the private cloud model by two or more states could result in savings of up to 50 percent in the 1. the trend is on the rise. and the Government of India. Implementations such as the one in Jammu and Kashmir are indicative of adoptions in the future. First.29 The adoption rates of cloud computing technologies in India are fast. Delhi Public School One of oldest schools in the country.378 crore rupees allocated for state data center projects. IYC opted to move its more than 28.32 These services include cloud based ration cards. and are based on much of the good work that the Telecom Regulatory Authority of India (TRAI) has completed by promoting strong broadband policies. maintenance. experts predict that the cloud computing market in India will grow at a compound annual growth rate of 40 percent by 2014. the Delhi Public School has over five thousand students and three hundred staff members. the education system (such as schools and universities).35 However. birth/death certificates. the cloud allows an enterprise to focus on its core competencies by allowing the cloud provider to deal with all of the hassles involved with the development. Going forward the organization will integrate its existing proprietary applications with Google Apps along with using it for routine reporting and communication. For these reasons. cloud computing has a particular advantage for a growing economy like India. citing a Gartner study that states that cloud computing will account for 5 percent of the total investments in India by 2015. it balances the ebbs and flows in the workflow without significant impacts to the company’s bottom line. In order to roll out these services. storage. this was accomplished when the school started using Microsoft’s Live@edu service.34 The collaborative capabilities of Google Apps will help IYC deliver on its mission of transparent and democratic participation and empower its members to work for local development in India using technology. and upgrades of business applications. and recruitment services for citizens. The use of this cloud computing model allowed the Government to actually implement these services in the extremely small time frame of just 60 days. Broadcasting Another example of the use of cloud computing in India is by UTV Software Communications. After evaluating a number of solutions for email and collaboration. State of Jammu & Kashmir The State Government of Jammu & Kashmir has adopted cloud computing for its e-governance services. The landscape is a competitive one and many companies are competing for the business.30 One recent article in Dataquest hailed cloud computing as one of the most significant and important areas for investment in India. Indian Youth Congress The Indian Youth Congress (IYC) is the official youth wing of the Indian National Congress and one of the largest youth organizations in the world. 2010. there were practically zero initial costs incurred. Second. The use of this cloud service has not only enabled easier and faster intra-school communication but also improved parent teacher interaction. Although there has been very limited adoption of the cloud technology in the Indian public sector. and the cost of deploying a school wide messaging solution seemed to be a distant goal. Indian Enterprises have been faced with ebbs and flows in workflow for the past few years and this trend is expected to continue for the foreseeable future. a major part of which was the iNotes cloud email service. a broadcasting company in India that combines television and game content.33 The IYC plans to use this service to replace customized messaging solutions in its 300 locations across the country.31 ADOPTION OF CLOUD BY THE INDIAN PUBLIC SECTOR One of the striking features about cloud computing is that it presents benefits to every aspect of India’s economy including but not limited to SMEs. the spare infrastructure from the data centers in Madhya Pradesh was used.October 2011 J O U R N A L O F I N T E R N E T L AW technological developments and cloud computing is no exception. UTV signed a five year deal with IBM wherein IBM would provide various business transformation initiatives to UTV.36 In January.

For example. Sterilite moved more than 1000 employees to the Google cloud solution. no industry. which was designed to shed light on the online selling and buying behavior in India. cost-effective. minimum risk.39 One of the chief reasons that SMEs look at e-commerce offerings through such portals is because of business convenience. Sterlite is not an SME rather it is quite large and is one of three global manufacturers of power conductors and among the top five global manufacturers of optical fiber and cables. These applications have become. the cloud is not 100 percent safe. and Voice over Internet Protocol (VoIP) telephony.1 million enterprises. and companies with multiple locations to use cloud based services as employees can then operate from the main office. cloud computing and its applications such as VoIP have a key role to play in this market. meaning that they are more flexible enhancing their ability to leverage emerging technologies more readily than larger enterprises. and France. on-premise solution for the majority of their employees. ADOPTION OF CLOUD BY SMES SMEs play a very important role in developing the overall industrial economy of a country. instant messaging. Because of this. They had been using a non-cloud. the ecosystem is both wide and deep: there are many different providers of cloud-based services. or are in the process of becoming. A review of a few short cases in India in related contexts that involve cybercrime show that the investigative and judicial system has been quite effective at prosecuting criminals without the need for new laws.J O U R N A L O F I N T E R N E T L AW October 2011 A compelling explanation for why cloud based services are a boon for the public sector in India is that it is a “pay as you use” model. These are Automated Teller Machines (ATMs). governments. OTHER CLOUD EXAMPLES The cloud is ubiquitous and is not just limited to office-based applications or remote storage. According to the 2009 eBay census guide. integral ways to do business and communicate in India. 12 ADOPTION OF CLOUD BY LARGE COMPANIES Sterlite Technologies is a leading global provider of transmission solutions for the power and telecom industries. The Fourth Census of the SME Sector indicates that this sector employs 59. thus offering the public sector opportunities to put proposals out for competitive bids in order to obtain the best value for taxpayers.41 Sterlite decided to move to a cloud service because manageability and cost value for an on premise messaging solution were a major concern.43 Such a model provides numerous advantages. and profitable way. SMEs usually find it easier to outsource these functions to a cloud provider and focus on their core business. including several well-recognized names. or even their homes. To be clear.37 It also is advantageous for organizations. lower capital expenditure on hardware and software make cloud computing an extremely viable option for most SMEs. Credit Cards. business. the eBay platform enables “product availability to anywhere. as noted above.40 SMEs IT requirements are oftentimes not as complicated and extensive as those of large enterprises. There are many other large companies that have moved to Google’s cloud. or person is completely safe from crime. SMEs contribute towards 45 percent of the manufacturing output and 40 percent of the total export of the country. Germany. However. A brief review of three applications of cloud computing outside of the office/productivity context will give a better understanding of how the regulatory framework in India has previously worked for cloud computing. The low barrier to entry. facilitation of teleworking for the local call center staff. and fax queries using the same portal.” These online platforms have allowed Indian SMEs to tap International customers in an extremely convenient. .42 The Indian call center market is another industry segment that has benefited from the use of cloudbased services. any remote offices. With the development of India as the call center hub for some of the biggest US and European companies. Additionally.7 million persons over 26. SMEs are one of the most aggressive segments in India to adopt cloud computing.38 SMEs in India are now using online portals such as eBay and Amazon to sell their products domestically and abroad. and the handling of email. craftsmen in Ludhiana regularly export golf clubs to international eBayers in the United States. such as low personnel costs.

52 This is especially true in Indian regions where high speed Internet connections are available. Anecdotally. The use of cloud-based VoIP technology offers advantages of cost savings from avoiding long distance calls. like cloud computing.October 2011 J O U R N A L O F I N T E R N E T L AW Automated Teller Machines ATMs are an early version of cloud computing.51 Thus.. MasterCard. ability to see each other. Additionally. The following two cases of ATM theft indicate that no new regulations actually are needed for cloud computing crimes. the thieves were found guilty under Section 407 of the Indian Penal Code. and American Express have allowed for convenient business transactions within the Indian market. Not surprisingly. in another ATM theft in the state of Chennai. and have played a key role in the online shopping boom seen in India in the last decade. the Indian police were able to make their arrests based on very old laws of theft. and by leading financial institutions in India for their core services. Add to this the security of withdrawing money from accounts anytime and anywhere. Banks. It is an important way for Indians to keep in contact with loved ones in India and abroad. cloud computing in the form of ATMs has been part of the Indian economy.44 ATMs make banking much more convenient as consumers are no longer forced to deal with banks that are close to them. there was no need for any particular cloud-based legislation in order to solve these crimes. anywhere shopping and saves the consumer the hassles and security issues of carrying large amounts of cash. and credit-card companies are. the Ludhiana Police arrested the three after close evaluation of the images from a CCTV installed inside the ATM. in the data transfer and information-sharing business. and has generally enabled the Indian outsourcing economy. Credit card companies such as Visa.3 million credit cards and 181.46 Similarly. The TRAI is one of the key players in the regulation of VoIP services and in assuring quality for Indian consumers. which has been dubbed as one of the first major “cybercrimes” in India. Thus. VoIP has a hassle free process from setting up to actually using the service. One reason for VoIP’s astonishing uptake in India in the past decade is the affordable pricing. Credit Cards Credit cards are another form of cloud computing. According to the Times of India.3 lakh Indian Rupees in the state of Punjab. setting values for QoS 13 .48 Again. Voice over Internet Protocol Voice over Internet Protocol (VoIP) is basically telephony over the Internet and because of the processing and switching required. The first ATM was launched in India in 1987 by HSBC Bank. loved ones can attest to the importance of using VoIP to keep in touch with their family while studying in foreign countries such as the United States and the United Kingdom. A Chennai based MBA graduate had used International contacts to develop 30 dummy cards that allowed him access to ATMs.4 million debit cards in the Indian market in 2009–2010. credit cards have an increased importance in the present Indian economy.49 Credit cards rely on transnational data flows. and they enable people to withdraw money from banks without going to the bank (i. ATMs are miniature computers that connect to the cloud either by a dial-up connection or by a broadband connection. It also enables anytime. essentially. the TRAI issued a regulation on Quality of Service (QoS) for VOIP Based International Long Distance Service in 2002.50 Because of these distinct benefits. These advantages are reflected in statistics that indicate there were 18. The Chennai police believed that his arrest was the first step in solving the cybercrime ATM racket in Chennai.47 was solved by the combined efforts of the Federal Bureau of Investigation (FBI) and the Central Bureau of Investigation (CBI). the cloud is used both for the exchange of information between databases to enable the credit-based economy. for more than two decades.45 The three persons involved were the security guard and two of his friends. First. and instead. The TRAI has taken two major steps in the regulation of VoIP services. and the convenience of user-friendly Skype and Gmail portals.e. “from the cloud”). Like many other applications of cloud computing. the Indian financial sector has aggressively moved to the cloud. via the cloud. no new “ATM law” or “cloud” law was required. The first case is that of an ATM robbery worth 7. in turn can save on capital expenditure as they can just set up ATMs at convenient banking locations instead of opening new branches.

The Information Technology Act of 2000 is based on a resolution that was adopted by the United Nations on January 30. a person gaining access to or downloading/changing information from a computer system without prior permission from the owner is subject to civil liability. the Government delayed the decision on regulations for VoIP services in the country. On the other hand. This act is focused on e-commerce and cybercrime in general. and interoperability between providers. there are several primary sources of Indian legislation that refer to this right for Indian citizens. The sources are: 1. deals with computer hacking and protects data users from intentional alteration/misuse of data on their computers diminishing the value of the data in the process. database theft. imposes duties on credit information companies and credit institutions for any unauthorized sharing of an individual’s credit information with external sources. Although there is no right specifically focused on personal data protection in India. These are Sections 43. 2.53 Secondly. 66. The penalty is the same as that for Section 65. numbering scheme for ISPs providing Internet Telephony services. Section 65 protects consumers against the tampering of computer source documents. Article 21—Article 21 of the Indian Constitution is about the general Right to Privacy. or altering of computer source code and is punishable by either or combination of a fine of up to two lakh rupees and imprisonment of up to three years. however it is comprehensive enough to resolve a majority of the concerns in the Indian market. Four sections of the Information Technology Act specifically deal with penalties against breach and misuse of data in India. For instance. Information Technology Act of 2000—The Information Technology Act of 2000 has explicitly stated penalties for the breach of data and privacy. India has taken a sophisticated view toward privacy and has adopted regulations that are meant to protect a set of resources and to prevent its misuse. 1997. 65. extraction. quoted in India as a data protection provision. and 72. Section 72 imposes a fine of one lakh rupees and an imprisonment term of up to two years for any breach of confidentiality and privacy of a person’s material. the existing regulatory framework does not offer complete protection from data breaches. The Credit Information Act of 2005. Section 43 protects the consumer from damages to the computer or the computer system. 2009. It foresees civil liability for actions including but not limited to unauthorized copying. destroying. new regulations could pose definite and serious challenges for cloud 14 . it issued a set of recommendations for regulation of VoIP services in August. at least in the domain of computers and cybercrime. Intentional tampering with a computer system’s source code is punishable by up to three years imprisonment or a fine of up to two lakh rupees. emergency numbers. the regulations that were adopted by TRAI took vital steps to facilitate and promote the technology and its adoption rather than to impede it. Section 66. PRIVACY AND THE CLOUD IN INDIA Every country in the world individualizes privacy concepts to match history and culture.54 These recommendations included the development of a level playing field for Internet Service Providers (ISPs). The Department of Telecommunications found these recommendations to be helpful but on February 20. The introduction of new regulations does not show any distinct benefits. 2008. on the other hand. and digital profiling. 3.55 Importantly. The same penalty is applicable to anyone who is involved with hacking a computer system to cause wrongful loss of property. It is applicable to intentional actions such as concealing. The regulations are primarily aimed at discouraging people from being involved in such behavior. governance of interconnection agreements between the ISPs and National Long Distance (NLD) carriers by the TRAI. To be clear.J O U R N A L O F I N T E R N E T L AW October 2011 parameters and a testing procedure. Indian Contract Act—The Indian Contract Act basically deals with requiring Indian importers to pay a duty if they are unable to protect data coming in from other countries. A majority of Indians believe that the concept of privacy is about their own personal space rather than information privacy or identity theft.56 This right covers the first generation of rights for Indian Citizens.

TRAI chief J. and the government. It recommends further clarification of existing regulation and its extension to cloud computing in a subtle way rather than developing an untested set of new regulations. and to resolve disputes between ISP’s or between an ISP and a customer.15 However.60 The extensive requirements of the new rules are likely to increase the overhead of time. it will be important for its interpretation and enforcement to be measured so as to allay the fears that have already been expressed by many multinational businesses. to monitor quality of service provided. and ultimately. from breach of contract. A key component of these rules was that any organization processing personal information in India requires written consent before undertaking certain activities and must implement reasonable security policies and procedures. and develop 15 . It also enforces a disclosure obligation for privacy policies wherein an organization must clearly explain the purposes of processing the involved personal information.October 2011 J O U R N A L O F I N T E R N E T L AW computing and the functioning of the Internet itself. the actual nature of these rules does not completely solve the original purpose. revoking of licenses to ISPs. THE NEW INDIAN PRIVACY LAW The most recent development by the Indian Government with respect to data privacy came in June. It will not only slow down the adoption rate for cloud computing and prolong the time to gain its benefits but also give rise to a feeling of confusion and panic in the Indian economy. Per the Telecom Regulatory Authority of India Act of 1997. Indeed. The new privacy law is very new. and money to be spent by companies when offshoring to India. 2011. and the continued growth of cloud services depends on ongoing investment in infrastructure so that the growth can continue. These laws make Internet Intermediaries responsible for harmful content on the Internet.57 and (3) extend the smallest possible subset of these rules to the world of cloud computing and to utilize regulatory restraint so that the market may still develop. broadcasting and cable services in a manner and at a pace which will enable India to play a leading role in the emerging global information society.59 The intention of the Indian Government is to enhance the data security and privacy in the country and it feels that this is a crucial step to promote offshoring in India. we suggest a three-pronged approach: (1) clarify the nature and scope of existing data protection rules. forming the conditions of.58 These rules apply to organizations operating in India and are independent of whether the data originates in India or if it pertains to Indian citizens. (2) promulgate rules that promote open standards.62 Its mission is “To ensure that the interests of consumers are protected and at the same time to nurture conditions for growth of telecommunications. Research indicates that there are many laws and regulations in India that sufficiently protect consumers from breach of data. At the CII Content Summit. and market-based mechanisms like those promoted by the SIIA Cloud White Paper for policymakers. quality of equipment used in the network and make appropriate recommendations. granting.63 The role of the TRAI is centered on ISPs and their customers. raise legal concerns over past decisions. This article endorses the general opinion that cloud computing is very important for multiple sectors of the Indian economy including SMEs. For these reasons. data portability. Such an untested set of regulations would slow down the momentum of future cloud-services adoption. to facilitate competition between service providers. Sharma mentioned that there was definitely concern over sections of content present on the Internet and these would be carefully studied over the next few months. educational institutions.61 R E C O M M E N DAT I O N S TO T H E T E L E C O M R E G U L ATO RY AU T H O R I T Y O F I N D I A The TRAI was created by the Telecom Regulatory Authority of India Act of 1997. S. when it passed the 2011 Information Technology Rules (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information). It also respects the sentiment of the Indian Government of having some sort of regulatory oversight over cloud computing applications. monitoring. energy. and from misuse of data.” One of the most important things that TRAI can do is to leverage the unique perspective that TRAI has on infrastructure. it is telecom infrastructure that “powers” the cloud. some of its core functions include recommending the need and timing of a new ISP.

37signals. that makes web pages look like dynamic software applications that traditionally run only on personal computers. on Telecomm. supra 2003. . one can expect for any given level.” Id. a rule that might apply to a public cloud offering might not work as applied to a private cloud offering. “Guide to Cloud Computing for Policymakers. 16 .’” French News Online. 22. but the public retained the impression that the Minitel was mostly about sex. Lock-in occurs when a customer is uniquely dependent on a vendor for products and services. In the United 2011). “Free e-commerce catalogs managed with Google Docs. We highly recommend future research in this regard but strongly believe that minimum regulation is the primary factor to preserve the growth and innovation of cloud computing in India. the scientific community on the whole still had great faith in them. September 25. “The enzyme that won. VMWare’s 7. 2011. at S16 (describing Moore’s law and indicating that it has so far proven to be correct). many businesses resisted PKI adoption because it was deemed more expensive and difficult to use and instead adopted alternative solutions. 4. the second wave of websites would use software .J. “Standards of Liability for Internet Service Providers. See www. See Xavier “The French Minitel. . 16. 6.. (Crown. at 2. .” The Economist. 17. 136 (2001). “Grosch’s Law Repealed. stated in the 1940s. 11. and it is most often expressed in terms of “Moore’s law. Adams. Grosch’s law was still highly regarded by scientists and policy See www. Ryan. Several sources have noted that the Directive has significant weaknesses and that many aspects of it are ineffective. holds that the microprocessor’s performance will double every 18 months. Terminals available for sale by France Telecom today can be viewed at http://goo. Kang et al. “A Billion Here and a Billion There.” The Economist.” D-Lib Magazine. available at http://goo. The technical problem was quickly solved. Jason Fried. June 28. See www. But see Charles W.dlib. George Simpson. “France’s Precursor to the Internet Lives On. In the second largest democracy in the world. html.” Washington Post. market-driven approach. Ken Pottinger. Built by IBM and Harvard professor Howard Aiken. 15.” 240 J. The World Almanac and Book of Facts (Ken Park ed. 3.13. Hans Graux. 14. 10. See Amadei. See Maite (last accessed June 20. A. a return to scale approximated by Grosch’s Law”).” 29 Comm. available at http://goo. cited supra n.g. supra n. 19.. Known in the European Union as the Electronic Signatures Directive. stating that “a rule that makes sense when applied in a business-to consumer context might be inappropriate when applied in a business-to-business context.” Software & Information Industry Association White Paper. 21.” Moore’s law. drawing the attention of the national news media. 24. December unable to use another vendor without 2. “The Persistence of the Dirigiste Model: Wireless Spectrum Allocation in Europe. See Neil Robinson.” Online Media Daily.” 54 Federal Communications. “Review of the European Data Protection Directive. In 1944. 25. “Comments on Grosch’s Law Re-Visited: CPU Power and the Cost of Computation. H. Getting Real (2009).” 15 Comm. 3.J. January 9. “Wireless Communications and Computing at a Crossroads: New Paradigms and Their Impact on Theories Governing the Public’s Right to Spectrum Access. available at http://goo. In addition. May 11. “Economies of Scale and the IBM System/360. 9.. the European Parliament and Council adopted Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data. 2011. See Russel Carlberg.” While some challenged his theories. 2010) 18.” Google Docs Blog. Oldehoft & “Le Minitel Still France’s Preferred ‘Internet.6.). ACM 435 (1966) (concluding that larger computers offer the greatest economies of scale and indicating that “Grosch’s Law.” 8 Datamation 38 (1962) (Adams suggests that Grosch’s law may not be accurate. ReWork. the first large-scale automatic digital computer began operation. available at http://goo. See www. it forced the adoption of a specific technology standard (a PKI-focused provision) into the regulatory framework. at 13. In contrast to the static web pages of the 1990s. See Jack Kessler. The Directive applies to all 27 member states of the European Economic Area (EEA). June 2011 at 5. available at: http://goo. ACM 779 (1986) In the 1960s and 1970s. As the eSignatures market developed post legislation. which helped foster the eSignatures market.” 35 Cornell Int’l L. 2002). at 247. 20. Solomon. 129. it is imperative that the free flow of information be preserved. Young M.evernote. á la Française. took a more technology-neutral. July See SIIA Cloud White Paper.” The VAR Guy. is an open-source product that has been widely adopted by enterprises. See Dan Salcedo.. and respected papers continued to espouse his centralized computing “law. See “Caught in the Net.. E. Jr.” RAND Europe Technical Report (2009). & High Tech.evite. David Heinemeier Hansson. 12. 27. available at http://goo. Adams’ work was part of an early movement that ultimately led to the so-called “repeal” of Grosch’s law. See Selignan. See “Microsoft Office 365 Launch: Zimbra Scores Surprise PR Win. 195 (2002). February 3.tripit.0? It began with a specific and useful definition. The United States.huddle. al. however. Halstead. March 27. 2011. 26. Miniaturization is most often associated with the growth of personal computers that took place from the 1970s through the 1980s. 5. L. appears to be prophetic”).gl/d9OUM. “Maximum Computing Power and Cost Factors in the Centralization Problem. L. Jason Fried & David Heinemeier Hansson. gl/gyO6.”) 13. policymaker concerns about specific issues can and are being addressed through industry-led voluntary action. 2010. 189. heavy traffic generated by these sex lines caused what remains the system’s only large-scale crash.” 9 Comm. public private partnerships and best practices enforced through contracts and existing legislation. et. It also is seen as a competitor to Microsoft Office 365 and to Google Apps. .10 (describing the phenomenon as follows: “in 1985. 2011. Matthel Linderman. ACM 94 (1972) (“In addition to increases in the level of technology. 2006 (describing the interactive Web as follows: “But what is Web 2. See www. Martin B. available at http://www. for example. N OT E S 1. Patrick S. See e. 8.J O U R N A L O F I N T E R N E T L AW October 2011 a negative sentiment in the minds of the Indian people towards this new. yet wonderful technology. the Electronic Signatures in Global and National Commerce Act did not provide any guidance with regard to specific technology primarily because the PKI market was at that point in its infancy. the Mark I was 55 feet long and eight feet high. In 1995. Although announcements claim that the Minitel terminals finally will be discontinued on September. 1997. developed by Intel founder Gordon Moore in the 1970s.”) 23.

supra n. 56. University of Namur.56. at http://en. and other January 14 “eBay: The E-way of Doing Business. available on YouTube at http://goo. Team (describing the many improvements that have happened. May 23 2011. “4+1 Reasons Companies are Moving to Cloud. 54. 40. Shipla Shanbag.—Whoever. HSBC Website: The Worlds Local Bank. available at http:// goo. quoting Eric Schmidt‘s statement the doing so makes him “very concerned that we will end up with an Internet per country. available at http://goo. to Indian infrastructure for the benefit of the IT sector). 2010. “Another giant leap. May companies.keeper. “Emerging from the gl/v5eKn. and shall also be liable to fine.” The Times of India.October 2011 J O U R N A L O F I N T E R N E T L AW substantial switching costs. one of India’s leading online destinations for personal finance. Credit Card Service in” Outsource Portfolio. See CRID India Privacy Paper. 2011. is one of the leading players in the Indian financial services “A private Affair. 61. Pheji August 12 2010. Javed Anwer. 2006. available at “ATM theft: Security guard. Indiamart. “India’s First ATM Card Fraud. 2002. “CRID India Privacy Paper”). “Changes to the open Internet in Kazakhstan.” IndiaFacts.” The Economist. 36. 44. etc. “Office in the Cloud.” Law Without Borders. 60. 2009. 39. See Wikipedia entry. gl/2cvAZ. January 2010. 2011 at 22.000 users. Cosmo economy and business. Recommendations on Issues related to Internet Telephony. available at http://goo.”) 29. India Pistons. See Rama Lakshmi. 17 . February See India Infoline’s Google Journey. Also see Alan Cullison.” Information Week. Karan Bajwa. 62. Shalini Singh. See Pradeep Agarwal. India in the Cloud Computing Arena. available at http://goo. October 20. “IBM inks five year business transformation deal with India’s UTV Software Communication. Powers and Functions of the Authority. 1860: “Criminal breach of trust by carrier. Delhi Public School. 38. March 31 2011. August 18 IIFL has moved to the Google cloud and has almost 18. Compro Technologies. available at http://goo.13. (Noting that Indian “offices and individuals are switching to Web-based suites that are not only cheaper—because they do away with software costs—but are also accessible from any place with a decent internet connection”). 37.”” Proactive Investors. See Carl Shapiro and Hal Varian. available at http://goo. 28. 46. June 10 Flipkart. available at http://goo. 30. “Going Google in India: Indian Youth Congress & Punjilloyd move to Google Apps for Business. Examples of lock-in include the difficulty in switching from one office-based provider to another.” Dataquest. BSE: 532636. Also see Joshi.” The Times of India. Haier Mobile. 49. Telecom Regulatory Authority of India. June 16 2011. 2011.S. IIFL offers advice and execution platform for the entire range of financial services covering products ranging from equities and derivatives. Source: interview.wikipedia. 2011. “New Privacy Laws To Impact Outsourcing to India. available at http://goo. For example. “Unwanted Plastic?.” Cloud Computing. available at http://goo. available at http://goo. “Google Sidesteps Edict. available at http://goo. at 34. November 18. Faiz Askari. Basant Singh. available at http://goo. “Indian Youth Congress moves 28.” The Times of India. but that are also still needed. 18 August 2008. India Infoline Ltd (NSE: INDIAINFO. 32. Mani Malarvannan.indiainfoline. Ministry of Micro.” Microsoft Contributory Articles. gl/Y39qW.” The Official Google Blog. 41. A few companies that have “gone Google” (meaning that they have moved to the Google cloud) include: Saurashtra Cements (Mehta Group). “First Analysis of the Data Protection Law in India. available at Celebrating 150 years in India. stock markets.000 members to Google Apps. Russell Smith. How can VoIP reduce call center costs. Which VoIP. being entrusted with property as a carrier. IIFL owns and manages www.” Indiaforensic. May 24. Neelkamal and many Technologies. available at http:// goo. 2011. Small and Medium Enterprises (Government of India). The Mexican Secretary of Economy published a report that analyzed transnational data flows and identified India as one of the most significant locations for outsourcing of various services.” CRID. available at http://goo. “India data privacy rules may be too strict for some U. 55. Information Rules (HBS Press 1999).gl/YFft2. commodities. 59. 50. 34. TRAI issues Regulation on Quality of Service for VOIP Based International Long Distance Service. June 7 2010. available at http://goo. (hereinafter. available at http://goo. 48. available at http://goo. available at http://goo. Section 407 in The Indian Penal Code. easiptionBPO. Telecom Regulatory Authority of India. shall be punished with imprisonment of either description for a term which may extend to seven years. commits criminal breach of North American Leaders Summit. See Bill Coughan. TRAI Act 1997. 2011. wharfinger or warehouse. 51. 33.” Google Enterprise Blog. Bloomberg: IIFL) and its subsidiaries. Forbes Marshall. “No tariff cut now as VOIP gets delayed. Also see “Credit Card and Debit Card Users in India. cited supra n.48. gl/ (describing the requirement from Kazakhstan for local servers and Google’s withdrawal from the market as a result. 63.” Washington Post. June 9. available at http://goo.” Interview with CIO Sankarson Banerjee. May 8. comprising the holding company.” The Wall Street Journal. 2002. gl/fTkrx. available at http://goo. 31. two others arrested. the IIFL group. and thus vitally important to a liberalized regime for transnational data flows. “Cloud Computing: The Next Big Wave in SME Market. Rustomjee (part of Keystone Group). June” Outlook Money. or to switch telephone providers in areas where the market is limited or where barriers to entry are high. available at http://goo. See SIIA Cloud White Paper. 52. available at http://goo. June 20.” SmallEnterpriseIndia. 43. 2011 available at http://goo. May 31.” VarIndia. available at http://goo. June 10 2011. available at http://goo. “India’s New Data Privacy Rules: Will They Help or Hurt Legal Outsourcing?. 45. available at http://goo. Downloaded Cloud Computing. 58. See Report on the Trilateral Committee on Transborder Data Flows. infra n. 35. Mayur Sharad Joshi. gl/ About available at http://goo. “Black Cards Forensics. available at http://goo. in respect of such property. 2010. Microsoft Case Studies. June 1.