You are on page 1of 13

JO U R N A L O F

INTERNET LAW
EDITED BY DLA PIPER

VOLUME 15 NUMBER 4

O C TO B E R 2 0 1 1

Regulation of the Cloud in India
By Patrick S. Ryan, Ronak Merchant, and Sarah Falvey

I

t is popular to make claims that the “new” movement of data to the “cloud” requires heightened attention from lawmakers and regulators. These calls for attention are based on beliefs that people are entrusting their information to third parties in ways that were never previously contemplated, and that new laws must be enacted in order to protect everyone’s privacy. The theory is often stated this way: without swift action, cloud computing will result in significant privacy breaches that will harm consumers. While it is reasonable for regulators to be wary of the increased reliance on third parties as the world becomes more digital, it is a mistake for regulators to assume that cloud computing (and its privacy and security challenges) are new. It also is a mistake to assume that cloud computing is inherently less secure than data stored on individual computers. In fact, cloud computing has been the aspiration of leading thinkers since the 1950s, and the development of the cloud has taken a similarly

progressive path as the development of the Internet itself. It is risky to attempt to regulate the cloud separately as well as to assume that the “cloud” can be controlled in a different manner from the flow of data on the Internet. Because computation in the cloud is no different from use of the Internet itself, it is not readily feasible or practical to cage and confine data flows within the cloud in a way that is substantially different from the flow of worldwide information generally. For this reason, regulatory frameworks should not be sui generis or custom tailored for the cloud and, instead, should leverage or update existing laws that are already in place. This article proposes a regulatory model for the cloud and shows how this model can be applied to India. Continued on page 7
REGULATION OF THE CLOUD IN INDIA . . . . . . . . . 1 By Patrick S. Ryan, Ronak Merchant, and Sarah Falvey PROTECT IP ACT: ONE APPROACH TO DEALING WITH INTERNET PIRACY . . . . . . . . . . . .3 By Michelle Sherman VARIOUS COURT RULINGS ON INTERNET COMMERCE TAXATION. . . . . . . . . . . . . . . . . . . . . . . . . . 18 By James G. S. Yang

Patrick S. Ryan, PhD, is Policy Counsel, Open Internet at Google Inc. and Adjunct Professor in the Interdisciplinary Telecommunications Program at the University of Colorado at Boulder, CO. Ronak Merchant is a research assistant at the Interdisciplinary Telecommunications Program at the University of Colorado at Boulder, CO and holds a B.E. from the University of Mumbai, and an MS from the University of Colorado at Boulder. Sarah Falvey is Senior Policy Analyst at Google Inc, and holds a BA from Hamilton College and an MA in International Relations and an MPA from Syracuse University. The authors are grateful for comments and input to earlier versions of this draft from Venkatesh Hariharan, Raman Jit Singh Chima, Pradeep Agarwal, and Nicklas Lundblad.

Electronic copy available at: http://ssrn.com/abstract=1941494

London. Dick C. Laurie Skadden. CA Jon A. CA Eric J. French Vicky Lee Peter Leal Jim Nelson Scott Pink Allyn Taylor Vincent Sanchez Patrick Van Eecke Jim Vickery DLA Piper Thomas Jansen Nils Arne Gronlie Kit Burden Mark O' Connor Hajime Iwaki Mark Crichard Director.A. Rockower Editor-in-Chief Mark F. CA Hilary Pearson Bird & Bird London. Electronic copy available at: http://ssrn. NY Thomas Raab Wessing Berenberg-Gossler Zimmerman Lange Munich. DC David Phillips CEO.JO U R N A L O F Internet Law EDITORIAL BOARD Constance Bagley Associate Professor of Business Administration. LLP New York. Diemer & Klein. Rein & Fielding Washington. Aspen Publishers. CA David L. Pamela Samuelson Boalt Hall School of Law University of California at Berkeley William Schwartz Morrison & Foerster San Francisco. Tanenbaum Kaye. Sinrod Duane. Register of Copyrights Washington. New York. Inc. Gervaise Davis III Davis & Schroeder. England MaryBeth Peters U. call 1-800-638-8437. England Michael Pollack General Counsel Elektra Entertainment New York. CA Prof. Single issue price: $55. Baumgarten Proskauer Rose Washington. NY Colette Vogele Microsoft Corp. All rights reserved. Judith M. LLP Santa Monica Henry V. Lease EDITORIAL OFFICES 400 Hamilton Avenue Palo Alto. LLP Palo Alto. For customer service. Hale Executive Editor Maureen S. DC Michel Béjot Bernard. CA 94301 (650) 328-6561 76 Ninth Avenue New York. of Houston Law Center Lee Patch General Counsel Sun Microsystems’ JavaSoft Division Mountain View. D. General Counsel Blank Rome Comisky & McCauley LLP Washington. —From a Declaration of Principles jointly adopted by a Committee of the American Bar Association and a Committee of Publishers and Associations. Scholer. Germany Lewis Rose Collier Shannon Scott PLLC Washington. It is sold with the understanding that the publisher is not engaged in rendering legal. Frederick. General Counsel Broadcast Music. To subscribe. Hertz & Béjot Paris. MD 21704. DC Charles R. Orange. CA Prof. NY 10011 (212) 771-0600 JOURNAL OF INTERNET LAW (ISSN# 1094-2904) is published monthly by Aspen Publishers. Thompson Bloom.C. CA Ronald S. LLP San Francisco. CA Jeffrey S.wrightsmedia. New York. Monterey. Cook. Grogan General Counsel. Saffer Asst. MN G. The opinions expressed are for the purpose of fostering productive discussions of legal issues. van Engelen Stibbe Simont Monahan Duhot New York. Inc. CA Edmund Fish General Counsel Intertrust. LLP Washington. Toronto. Newsletters Susan Gruesser Managing Editor Jayne K. Katz Manatt. the services of a competent professional person should be sought. P. Slate. CA Ronald S. Sonsini. Goodrich & Rosati Palo Alto. Dorney DLA Piper Associate Editors Gigi Cheah Elizabeth Eisner Ann Ford Thomas M. CA Morton David Goldberg Schwab Goldberg Price & Dannay New York. Meagher & Flom. Ray T. Radcliffe DLA Piper Palo Alto. Ballon Greenberg Traurig.com Postmaster: Send address changes to JOURNAL OF INTERNET LAW. CA Katherine C. One year subscription (12 issues) price: $552. Inc. Morris & Hecksher LLP San Francisco.com/abstract=1941494 . This publication is designed to provide accurate and authoritative information in regard to the subject matter covered. Spelman Steinhart & Falconer. Hergott. Mountain View. D. Linder Wiley. NY 10011.S. CA William A.877-652-5295 or go to the Wright’s Media Web site at www. LLP Beverly Hills. Harvard Business School Robert G. please contact Wright’s Media at 1. Wolfson Assoc. 7201 McKinney Circle. or other professional services. Ballen Schwartz & Ballen Washington. England Prof. Telephone: 212-771-0600. Sunnyvale. France Stephen J. Viacore. call 1-800-234-1660. NY Allen R. Redmond. NJ Christopher Millard Clifford Chance London. If legal advice or other professional assistance is required. NY Richard D. Purchasing reprints: For customized article reprints. Barry Wilson. Hays & Handler. WA Joel R.J. II Thomsen and Burke. Street and Deinard Minneapolis. Davidson Leonard. Arps. DC Ian C. 76 Ninth Avenue.C. Trotter Hardy School of Law The College of William & Mary Peter Harter Security. BOARD OF EDITORS Founder David B.C. accounting. NY Prof. CA Executive Managing Editor Robert V. iCrunch Ltd. Fierman. Phelps & Phillips Palo Alto. Michael Geist U. CA Roszel Thomsen. Hayes Fenwick & West LLP Palo Alto. Gray Cary or its attorneys or clients. of Ottawa Law School Goodman Phillips & Vineberg. DC Copyright © 2011 CCH Incorporated. Nimmer Univ. Merrill McCarter & English Newark. In no event may these opinions be attributed to the authors’ firms or clients or to DLA Piper Rudnick.

essentially.October 2011 J O U R N A L O F I N T E R N E T L AW Regulation of the Cloud in India Continued from page 1 G R O S C H ’ S L AW The development of cloud computing is as old as computing itself.” in this case because of its link to France Telecom—the telephone utility.” Herbert Grosch developed this “law” more than 60 years ago based on an assumption that computing increased by the square of its cost. there were some hiccups when the exchange of certain kinds of information became controversial. directions. and other details. a number of “dumb” Minitel terminals are still available for installation and use in France. it is important that when contemplating any regulatory framework to step back and examine how the specific technology has evolved in relation to other industries. the French chose to leverage existing laws. While Grosch was wrong about the cost model of cloud computing. For example.5 his theory of supercomputing with dumb terminals. essentially.2 Grosch expressed his theory as follows: “I believe that there is a fundamental rule…giving added economy only as the square root of the increase in speed—that is to do a calculation ten times as cheaply you must do it one hundred times as fast. Indeed.12 However. government-controlled cloud) would prevail. while Grosch’s cost model was wrong (now replaced by Moore’s Law).7 It is one of the first examples of mass deployments of cloud services (also called “utility computing. the Minitel cloud brought tremendous value to the French economy due to the ability for small and medium-sized businesses to exchange information. the French consumer has been involved in significant use of cloud services that included bank transactions. there was considerable debate as to whether the Internet (a decentralized cloud-based system) or the Minitel (a centralized. the world’s leading thinkers within the area of cloud computing are just as old as the theories of computing themselves. this theory was enshrined and endowed with the character of a law of nature in a concept known as “Grosch’s Law. because rather than passing new laws to control or contain the type of information that was exchanged on the Minitel cloud. he was correct in his assumption that significant economies of scale and efficiencies could be achieved by relying on massive. and to provide offers. and there was no accompanying 7 . His law held rein for nearly three decades.11 Naturally.6 Because the Minitel was a “pay for use” cloud-based system.9 Thus. and partially right. The Minitel was widely adopted and used. the French had laws and codes that governed publications in the press and certain audio-visual communications. chat fora. that migration to centralized computing would happen because of the need to leverage economies of scale coupled with the need to invest in massive data processing centers. while governments will always be faced with new issues and challenges. As with any good thinker who is ahead of his time. So. Grosch was partially wrong.10 The French adoption of the Minitel is illustrative for modern cloud-computing.”3 This argument has been interpreted to mean that the natural technological evolution would lead to “supercomputing” as a norm and.) Although the Minitel largely has been replaced by the Internet. interactive databases. for the past 30 years. is the root of cloud computing.4 Those that claim that Grosch was wrong called for the “repeal” of Grosch’s Law as other more accurate cost models came to light. because the unanticipated “killer app” for the Minitel was erotic chats (which made the government uncomfortable as the system’s sponsor). centralized data centers rather than an over-reliance on storage in end units. and broad exchanges of information in large data centers. The terminals were inexpensive to manufacture and maintain and so consumers shared these costs among themselves and therefore were given to consumers for little or no capital expense.1 For nearly two decades. Grosch’s observations highlight that the debate around the theories of cloud computing have been taking place for more than 50 years. it enabled France to be wired much earlier than the rest of the world.8 As late as 1995. Mr. like modern cloud computing. THE MINITEL The Minitel was designed in the 1970s and allowed the public in France to use their telephone network to access a number of interactive databases. and the cases that dealt with civil and criminal liability issues within the Minitel cloud relied on these rules to ensure consumer protection while at the same time allowing the service to flourish. Indeed.

Evernote is a service that allows users to “capture anything. Computer programmers and entrepreneurs have turned the cloud into a vast offering of very real products.” and “access anywhere. Lycos Mail. the cloud computing space is too dynamic to divide into three neat categories. to make vacation plans. even if a large cloud-based email provider. users. “cloud computing” resists practical definition for common treatment by law and regulation. and compartmentalize the three relatively abstract concepts of Infrastructure as a Service (IaaS). there is no effective way to require.14 All a company needs to do is to purchase a simple Linux computer and an Internet connection—and that company is now a cloud-based email provider. Most services that businesses and consumers use cut across all categories to some extent. Simply stated. Yet. while the concept of the “cloud” has been blurred with the Internet for some time (arguably long before the concept of the Internet even existed). it is worth exploring the various manifestations of offerings to show how widespread the adoption has been. In other words.15 For example. Hotmail. the small-business collaborative suite. CLOUD-BASED BUSINESS AND PERSONAL ORGANIZATIONAL TOOLS Thousands of cloud-based opportunities are available in order to help individuals and businesses aggregate their use of the Web. For example. today this is often done as a complement to the storage of the same email in the cloud. were to comply by hosting some of its servers in a given country. There is no “the cloud. and this is why several global providers are popular. and real-time collaboration tools for small businesses. and such. the term is still used because it is entrenched in the common of the technology. Literature and papers on cloud often go to great lengths to describe. because of these varying models and platforms.”18 This service aggregates information from . T H E C L O U D I S E V E RY W H E R E Governments. As the Software & Information Industry Association has recently described in its White Paper for Policymakers (SIIA Cloud White Paper). AOL. PaaS. SaaS along with other categories not yet defined. remember everything. Getting Real and ReWork. Therefore regulations (such as those in Europe) that require data be stored within certain geographical boundaries are not practically enforceable. or AOL. thus making these distinctions essentially irrelevant. it is useful to provide a brief illustrative survey of cloud offerings in order to illustrate width and depth of the ecosystem in the discussions below. CLOUD EMAIL There are thousands—if not millions—of companies that provide separately branded cloudbased email services. segregate. and contrary to the common term. With so many offerings available. there are economies of scope that can apply to large email hosting companies. to make business plans. across-the-board. and it is not the way that email and other cloud-based services work.J O U R N A L O F I N T E R N E T L AW October 2011 set of cloud-based regulations that accompanied that use.16 offers project-management software. parties. There is currently a very low 8 barrier-to-entry for this market because web-based email is now available as an open-source platform. contacts. While these concepts once served the purpose of providing a framework for thought. While it is of course still possible for companies and consumers to place their email on their laptops or desktops. cloud computing is not a single. Rediff Mail. For purposes of elucidation.17 Similarly. users can sign up for multiple email accounts from any email service around the world. including Gmail. unitary thing. and regulators often think of cloud computing in a very narrow way. Platform as a Service (PaaS) and Software as a Service (SaaS) that make up the cannon of cloud computing offerings. sharing. Still. which means that the core software to run an enterprise-class Web-mail server can be obtained for no cost. etc. there is simply no way to impose such a requirement on the thousands of other cloud-based email providers. The methodology that 37Signals employs (espousing cloud-based tools to empower businesses) has lead to two best-selling business books. often integrating unique and novel combinations of IaaS. that is not the way that the architecture of the Internet was developed. weddings.”13 So. Gmail. that all the world’s cloud services store their data in any given country. such as Hotmail. 37Signals.

MoneyStrands. notes. weddings. Google Apps. and integrate with other popular email systems such as Microsoft Outlook. users and businesses collaborate in the cloud to rate and share information on businesses. is an enterprise-ready suite of applications that includes Gmail. Amazon and Ebay offer “virtual storefronts” that enable cloud-based presentation. Additionally. Products such as Google Apps have powered companies such as OpenEntry. for example.” Cloud-based banking products include Quicken. for example. Amazon S3.19 One of the most popular travel/organization tools is Tripit. stock trades—all via the cloud. secure sharing of video content). work on mobile devices such as BlackBerry and iPhone. Apples’ iCloud. and in many cases. and other activities. there simply isn’t a need to maintain paper banking records at all. Expensr. In sum. and other materials. in a trend that has been called “Banking 2. all on Evernote’s servers. AND STORAGE Social networking is big business. there are several suites of cloud-based services that help individuals and businesses manage their money. user support) to artisans and Small and Medium Enterprises (SMEs) worldwide that includes catalogs managed by Google spreadsheets. Snapfish and many other locations. there are several more excellent cloud-based collaboration suites that offer the opportunity for companies to share their most important data with each other and with customers. Flickr. advertising. taxes.24 9 . Google Docs and Spreadsheets (online document hosting and collaboration). PHOTOS. Additionally. Many of these suites either integrate data with or share data in some way with other cloud-based suites that can help with tax preparation and filing. with virtual opportunities for file sharing. and boasts more than 25. the banking and financial ecosystem has completely moved to the cloud. Google Calendar (shared calendaring). Recent market valuations of the well-known site Facebook have cited the value of the upcoming IPO as high as $100 Billion. there are a number of services that offer “hard-drive replacement” in the cloud. stored on sites such as Picasa.20 Finally. which helps travelers organize and track travel. One of the best known invitation-services. Wesabe. Almost all banks offer users the opportunity to complete online payment transfers. discussion boards. Evite. In addition to the value-added services. through services such as Yelp. JungleDisk. they are in the cloud. images stored on Picasa Web Albums and payments by Google Checkout.000 invitations sent each hour. Mint. and payment processing and delivery. which offers free e-commerce catalogs (software. Geezeo. social gatherings of all kinds. and more. purchase and sell stocks. such as TurboTax. E-COMMERCE The cloud can enable businesses to set up a completely virtual business presence without the need for any infrastructure. plane tickets. The most valuable family photos are no longer stored away in an album or shoe box. hosting. and Google Video (easy. Dropbox. Google Sites (team site creation and publishing). pay bills. it has completely replaced the need to either visit a physical bank branch or to keep paper-based transactions—in many countries. These Web-based services can be securely accessed from any browser. search.23 The rationale for this valuation is not just based on consumer usage it’s the vast amount of information contained within the Facebook cloud—and the value that businesses and users place on it.0” services that empower people to compute from any device. Apple Mail. anywhere. and many others. Egnyte.21 If it appears that the lines are blurred between cloud-based services as those described above and the Internet itself—that’s because there are no lines! The “Web 2. financial planning. OFFICE SOFTWARE TOOLS Companies such as Google offer a broad base of business productivity tools and office-software replacements in the cloud. including photos. work spaces and other collaborative tools.October 2011 J O U R N A L O F I N T E R N E T L AW users and businesses. research. such that individuals and businesses can practically maintain all of their records—daily transactions.22 SOCIAL NETWORKING. allows people to plan parties. Xero. such as Huddle.0. and to interact with any business and with each other bring tremendous value to businesses and individuals. BANKING AND MONEY MANAGEMENT Most banking happens in the cloud. and others.

The genius of the Internet has always been its open infrastructure. interoperability. which seeks to set specific security and privacy measures. Legislation should not allow for the creation of private and/or isolated clouds where user data cannot be moved to another platform. the ability to exchange and use information between cloud computing products and services. thus ensuring portability. Data Portability. these authors support the increasing consensus from industry that existing legislation should be leveraged rather than enacting new. Governments should avoid requirements for in-country servers. Cloud computing services should make use of open standard protocols and formats such that users have unfettered access to their data and meta-data.”26 The problem with new legislation is that it tries to ascribe a one-size fits all approach to cloud and Internet regulation.S. Interoperability. Additionally. while the U. cloud legislation should have the following characteristics: • Technology Neutrality. and freedom from vendor lock-in. Cybersecurity Standards. which allows anyone with a connection to communicate with anyone else on the network. and focuses efforts on developing or deploying at the standards level in order to disadvantage cloud services. India seems to be at the forefront of most 10 .28 I M P O RTA N C E O F T H E CLOUD FOR INDIA As one of the fastest growing economies in the world.27 Vendor lock-in quells competition and enables a system. or reducing the quality of their services. resulting in favoring proprietary standards. market continued to grow and innovate. One example in the United States of potentially prescriptive legislation is the proposed Cloud Computing Act of 2011. as described previously. In order to avoid these problems. ranging from desires to control the environment. legislation typically prescribes a type of technology (such as encryption) rather than a particular end (protection of data). Any legislation should treat cloud computing as any other form of computing and not specifically regulate it based on the premise that cloud computing is something new or threatening. One striking example is the • • • adoption of important eBusiness applications in the United States which was greatly hampered in the European Union due to their desire to introduce technology-specific mandates. This often leads to vendor lockin for large companies. This can only be achieved through the development and implementation of open standards. Measures that force Internet companies to choose between taking actions that harm the open web.25 For this reason. Ensuring that any legislation remains technology neutral is essential to ensure the continued development of any burgeoning technology space or market and there are many examples of situations where a counter approach actually quells the evolution of the technological space. It also provides for patent and copyright protections that disproportionately benefit software-based products. which could impede competition in this area. where government procurement contracts favor legacy software providers. consumer protection. and matters of privacy. Interoperability. The interoperability of the Internet itself has allowed for its growth and evolution to be global and ubiquitous and cloud computing is no different. which caused the eSignatures market in Europe to flat line for close to a decade. often citing national security.J O U R N A L O F I N T E R N E T L AW October 2011 L E G I S L AT I V E A P P R OAC H Legislators and regulators have myriad concerns. Governments should embrace a global approach to cybersecruity that seeks international consensus on standards and that recognize that data can be protected and safe regardless of where it is located. the cloud ecosystem is a complex one that features many new players and opportunities for the market. and transparency mandates that would apply only to a cloud environment and not to other forms of computing. specific legislation that purports to cover “the cloud. hurt users and risk creating multiple bifurcated Internets. for example. However. is necessary for the development of unfettered competition between vendors and unrestricted choice for users. legislation should avoid: • Localization Requirements. in other words. definitions. Some companies have worked actively to develop principles that would single out cloud computing as a unique area within broader Internet legislation.

34 The collaborative capabilities of Google Apps will help IYC deliver on its mission of transparent and democratic participation and empower its members to work for local development in India using technology.October 2011 J O U R N A L O F I N T E R N E T L AW technological developments and cloud computing is no exception. 2010.31 ADOPTION OF CLOUD BY THE INDIAN PUBLIC SECTOR One of the striking features about cloud computing is that it presents benefits to every aspect of India’s economy including but not limited to SMEs. Second. State of Jammu & Kashmir The State Government of Jammu & Kashmir has adopted cloud computing for its e-governance services. and the Government of India. the education system (such as schools and universities).32 These services include cloud based ration cards. The use of this cloud computing model allowed the Government to actually implement these services in the extremely small time frame of just 60 days.378 crore rupees allocated for state data center projects. After evaluating a number of solutions for email and collaboration.33 The IYC plans to use this service to replace customized messaging solutions in its 300 locations across the country. Indian Youth Congress The Indian Youth Congress (IYC) is the official youth wing of the Indian National Congress and one of the largest youth organizations in the world.35 However. there were practically zero initial costs incurred. The use of this cloud service has not only enabled easier and faster intra-school communication but also improved parent teacher interaction. the spare infrastructure from the data centers in Madhya Pradesh was used. and upgrades of business applications. For this reason. 11 . UTV signed a five year deal with IBM wherein IBM would provide various business transformation initiatives to UTV. The landscape is a competitive one and many companies are competing for the business. For these reasons. experts predict that the cloud computing market in India will grow at a compound annual growth rate of 40 percent by 2014.000 elected officials and volunteers to Google Apps for Business. this was accomplished when the school started using Microsoft’s Live@edu service. Delhi Public School One of oldest schools in the country. a major part of which was the iNotes cloud email service. cloud computing has a particular advantage for a growing economy like India. Although there has been very limited adoption of the cloud technology in the Indian public sector. and the cost of deploying a school wide messaging solution seemed to be a distant goal. the trend is on the rise. Implementations such as the one in Jammu and Kashmir are indicative of adoptions in the future. Going forward the organization will integrate its existing proprietary applications with Google Apps along with using it for routine reporting and communication. In order to roll out these services. There are a few notable adoptions of cloud systems from various entities that are worth mentioning.30 One recent article in Dataquest hailed cloud computing as one of the most significant and important areas for investment in India. it balances the ebbs and flows in the workflow without significant impacts to the company’s bottom line. storage. citing a Gartner study that states that cloud computing will account for 5 percent of the total investments in India by 2015. maintenance. IYC opted to move its more than 28. First. a broadcasting company in India that combines television and game content. and are based on much of the good work that the Telecom Regulatory Authority of India (TRAI) has completed by promoting strong broadband policies.29 The adoption rates of cloud computing technologies in India are fast.36 In January. Broadcasting Another example of the use of cloud computing in India is by UTV Software Communications. The Government of India estimates that the use of the private cloud model by two or more states could result in savings of up to 50 percent in the 1. the cloud allows an enterprise to focus on its core competencies by allowing the cloud provider to deal with all of the hassles involved with the development. the Delhi Public School has over five thousand students and three hundred staff members. In addition. and recruitment services for citizens. birth/death certificates. Indian Enterprises have been faced with ebbs and flows in workflow for the past few years and this trend is expected to continue for the foreseeable future.

lower capital expenditure on hardware and software make cloud computing an extremely viable option for most SMEs. as noted above. To be clear.J O U R N A L O F I N T E R N E T L AW October 2011 A compelling explanation for why cloud based services are a boon for the public sector in India is that it is a “pay as you use” model. According to the 2009 eBay census guide. and profitable way. and fax queries using the same portal. With the development of India as the call center hub for some of the biggest US and European companies. any remote offices. cost-effective. cloud computing and its applications such as VoIP have a key role to play in this market.42 The Indian call center market is another industry segment that has benefited from the use of cloudbased services. For example. craftsmen in Ludhiana regularly export golf clubs to international eBayers in the United States. There are many other large companies that have moved to Google’s cloud. the ecosystem is both wide and deep: there are many different providers of cloud-based services. OTHER CLOUD EXAMPLES The cloud is ubiquitous and is not just limited to office-based applications or remote storage.40 SMEs IT requirements are oftentimes not as complicated and extensive as those of large enterprises. The Fourth Census of the SME Sector indicates that this sector employs 59. Because of this. instant messaging. or person is completely safe from crime. and France. the eBay platform enables “product availability to anywhere.37 It also is advantageous for organizations. Additionally.” These online platforms have allowed Indian SMEs to tap International customers in an extremely convenient. SMEs are one of the most aggressive segments in India to adopt cloud computing. or even their homes. Credit Cards. business. SMEs contribute towards 45 percent of the manufacturing output and 40 percent of the total export of the country. and the handling of email. However. which was designed to shed light on the online selling and buying behavior in India. no industry. and Voice over Internet Protocol (VoIP) telephony. ADOPTION OF CLOUD BY SMES SMEs play a very important role in developing the overall industrial economy of a country. These applications have become. They had been using a non-cloud.39 One of the chief reasons that SMEs look at e-commerce offerings through such portals is because of business convenience.43 Such a model provides numerous advantages. SMEs usually find it easier to outsource these functions to a cloud provider and focus on their core business. 12 ADOPTION OF CLOUD BY LARGE COMPANIES Sterlite Technologies is a leading global provider of transmission solutions for the power and telecom industries. meaning that they are more flexible enhancing their ability to leverage emerging technologies more readily than larger enterprises. the cloud is not 100 percent safe. Sterlite is not an SME rather it is quite large and is one of three global manufacturers of power conductors and among the top five global manufacturers of optical fiber and cables. and companies with multiple locations to use cloud based services as employees can then operate from the main office. minimum risk. . The low barrier to entry.38 SMEs in India are now using online portals such as eBay and Amazon to sell their products domestically and abroad. integral ways to do business and communicate in India. Sterilite moved more than 1000 employees to the Google cloud solution. thus offering the public sector opportunities to put proposals out for competitive bids in order to obtain the best value for taxpayers. on-premise solution for the majority of their employees. including several well-recognized names.1 million enterprises.7 million persons over 26. A review of a few short cases in India in related contexts that involve cybercrime show that the investigative and judicial system has been quite effective at prosecuting criminals without the need for new laws. These are Automated Teller Machines (ATMs). or are in the process of becoming. such as low personnel costs. Germany. A brief review of three applications of cloud computing outside of the office/productivity context will give a better understanding of how the regulatory framework in India has previously worked for cloud computing. facilitation of teleworking for the local call center staff. governments.41 Sterlite decided to move to a cloud service because manageability and cost value for an on premise messaging solution were a major concern.

in the data transfer and information-sharing business. essentially.47 was solved by the combined efforts of the Federal Bureau of Investigation (FBI) and the Central Bureau of Investigation (CBI). The Chennai police believed that his arrest was the first step in solving the cybercrime ATM racket in Chennai. and the convenience of user-friendly Skype and Gmail portals. It is an important way for Indians to keep in contact with loved ones in India and abroad. in turn can save on capital expenditure as they can just set up ATMs at convenient banking locations instead of opening new branches.44 ATMs make banking much more convenient as consumers are no longer forced to deal with banks that are close to them. ability to see each other.49 Credit cards rely on transnational data flows. The TRAI has taken two major steps in the regulation of VoIP services.e. Anecdotally.48 Again. no new “ATM law” or “cloud” law was required. and have played a key role in the online shopping boom seen in India in the last decade. These advantages are reflected in statistics that indicate there were 18. Thus. via the cloud. anywhere shopping and saves the consumer the hassles and security issues of carrying large amounts of cash. setting values for QoS 13 . Not surprisingly. Add to this the security of withdrawing money from accounts anytime and anywhere. cloud computing in the form of ATMs has been part of the Indian economy. Banks. and by leading financial institutions in India for their core services.51 Thus. Like many other applications of cloud computing. which has been dubbed as one of the first major “cybercrimes” in India. in another ATM theft in the state of Chennai. like cloud computing. “from the cloud”). and instead.45 The three persons involved were the security guard and two of his friends. MasterCard. the Indian police were able to make their arrests based on very old laws of theft. and American Express have allowed for convenient business transactions within the Indian market.4 million debit cards in the Indian market in 2009–2010. the thieves were found guilty under Section 407 of the Indian Penal Code. The following two cases of ATM theft indicate that no new regulations actually are needed for cloud computing crimes.52 This is especially true in Indian regions where high speed Internet connections are available. VoIP has a hassle free process from setting up to actually using the service. First. One reason for VoIP’s astonishing uptake in India in the past decade is the affordable pricing.3 million credit cards and 181. for more than two decades. The TRAI is one of the key players in the regulation of VoIP services and in assuring quality for Indian consumers. and they enable people to withdraw money from banks without going to the bank (i. It also enables anytime. Credit Cards Credit cards are another form of cloud computing.. the Ludhiana Police arrested the three after close evaluation of the images from a CCTV installed inside the ATM. The use of cloud-based VoIP technology offers advantages of cost savings from avoiding long distance calls. The first case is that of an ATM robbery worth 7. Voice over Internet Protocol Voice over Internet Protocol (VoIP) is basically telephony over the Internet and because of the processing and switching required. credit cards have an increased importance in the present Indian economy. there was no need for any particular cloud-based legislation in order to solve these crimes. Credit card companies such as Visa.50 Because of these distinct benefits. A Chennai based MBA graduate had used International contacts to develop 30 dummy cards that allowed him access to ATMs. the Indian financial sector has aggressively moved to the cloud. ATMs are miniature computers that connect to the cloud either by a dial-up connection or by a broadband connection. and credit-card companies are. the cloud is used both for the exchange of information between databases to enable the credit-based economy. Additionally. and has generally enabled the Indian outsourcing economy.3 lakh Indian Rupees in the state of Punjab. The first ATM was launched in India in 1987 by HSBC Bank.46 Similarly. loved ones can attest to the importance of using VoIP to keep in touch with their family while studying in foreign countries such as the United States and the United Kingdom. the TRAI issued a regulation on Quality of Service (QoS) for VOIP Based International Long Distance Service in 2002. According to the Times of India.October 2011 J O U R N A L O F I N T E R N E T L AW Automated Teller Machines ATMs are an early version of cloud computing.

the regulations that were adopted by TRAI took vital steps to facilitate and promote the technology and its adoption rather than to impede it. The penalty is the same as that for Section 65. 1997. numbering scheme for ISPs providing Internet Telephony services. Information Technology Act of 2000—The Information Technology Act of 2000 has explicitly stated penalties for the breach of data and privacy. Article 21—Article 21 of the Indian Constitution is about the general Right to Privacy. 65.J O U R N A L O F I N T E R N E T L AW October 2011 parameters and a testing procedure. The regulations are primarily aimed at discouraging people from being involved in such behavior. governance of interconnection agreements between the ISPs and National Long Distance (NLD) carriers by the TRAI. Section 66. Intentional tampering with a computer system’s source code is punishable by up to three years imprisonment or a fine of up to two lakh rupees. For instance.53 Secondly. and digital profiling. the existing regulatory framework does not offer complete protection from data breaches.56 This right covers the first generation of rights for Indian Citizens. The Information Technology Act of 2000 is based on a resolution that was adopted by the United Nations on January 30. This act is focused on e-commerce and cybercrime in general. Four sections of the Information Technology Act specifically deal with penalties against breach and misuse of data in India. PRIVACY AND THE CLOUD IN INDIA Every country in the world individualizes privacy concepts to match history and culture. database theft. The Department of Telecommunications found these recommendations to be helpful but on February 20. and interoperability between providers. Indian Contract Act—The Indian Contract Act basically deals with requiring Indian importers to pay a duty if they are unable to protect data coming in from other countries. Section 72 imposes a fine of one lakh rupees and an imprisonment term of up to two years for any breach of confidentiality and privacy of a person’s material. a person gaining access to or downloading/changing information from a computer system without prior permission from the owner is subject to civil liability. destroying. India has taken a sophisticated view toward privacy and has adopted regulations that are meant to protect a set of resources and to prevent its misuse. and 72. It is applicable to intentional actions such as concealing. On the other hand. 3. quoted in India as a data protection provision. 2009. emergency numbers. at least in the domain of computers and cybercrime. new regulations could pose definite and serious challenges for cloud 14 . on the other hand. The Credit Information Act of 2005. Although there is no right specifically focused on personal data protection in India. The sources are: 1. there are several primary sources of Indian legislation that refer to this right for Indian citizens.54 These recommendations included the development of a level playing field for Internet Service Providers (ISPs). or altering of computer source code and is punishable by either or combination of a fine of up to two lakh rupees and imprisonment of up to three years. it issued a set of recommendations for regulation of VoIP services in August. 66. imposes duties on credit information companies and credit institutions for any unauthorized sharing of an individual’s credit information with external sources. 2. To be clear. the Government delayed the decision on regulations for VoIP services in the country. The same penalty is applicable to anyone who is involved with hacking a computer system to cause wrongful loss of property.55 Importantly. These are Sections 43. The introduction of new regulations does not show any distinct benefits. however it is comprehensive enough to resolve a majority of the concerns in the Indian market. deals with computer hacking and protects data users from intentional alteration/misuse of data on their computers diminishing the value of the data in the process. 2008. It foresees civil liability for actions including but not limited to unauthorized copying. Section 65 protects consumers against the tampering of computer source documents. extraction. Section 43 protects the consumer from damages to the computer or the computer system. A majority of Indians believe that the concept of privacy is about their own personal space rather than information privacy or identity theft.

educational institutions. some of its core functions include recommending the need and timing of a new ISP. Research indicates that there are many laws and regulations in India that sufficiently protect consumers from breach of data. Sharma mentioned that there was definitely concern over sections of content present on the Internet and these would be carefully studied over the next few months.62 Its mission is “To ensure that the interests of consumers are protected and at the same time to nurture conditions for growth of telecommunications. At the CII Content Summit. It will not only slow down the adoption rate for cloud computing and prolong the time to gain its benefits but also give rise to a feeling of confusion and panic in the Indian economy. data portability. and the continued growth of cloud services depends on ongoing investment in infrastructure so that the growth can continue. THE NEW INDIAN PRIVACY LAW The most recent development by the Indian Government with respect to data privacy came in June. energy.63 The role of the TRAI is centered on ISPs and their customers. It also respects the sentiment of the Indian Government of having some sort of regulatory oversight over cloud computing applications. we suggest a three-pronged approach: (1) clarify the nature and scope of existing data protection rules.58 These rules apply to organizations operating in India and are independent of whether the data originates in India or if it pertains to Indian citizens. raise legal concerns over past decisions. to monitor quality of service provided. revoking of licenses to ISPs. 2011. forming the conditions of. A key component of these rules was that any organization processing personal information in India requires written consent before undertaking certain activities and must implement reasonable security policies and procedures. when it passed the 2011 Information Technology Rules (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information). quality of equipment used in the network and make appropriate recommendations.15 However. S. It recommends further clarification of existing regulation and its extension to cloud computing in a subtle way rather than developing an untested set of new regulations. the actual nature of these rules does not completely solve the original purpose. (2) promulgate rules that promote open standards. it is telecom infrastructure that “powers” the cloud. For these reasons. This article endorses the general opinion that cloud computing is very important for multiple sectors of the Indian economy including SMEs. from breach of contract. and money to be spent by companies when offshoring to India. These laws make Internet Intermediaries responsible for harmful content on the Internet. It also enforces a disclosure obligation for privacy policies wherein an organization must clearly explain the purposes of processing the involved personal information. and the government. to facilitate competition between service providers. monitoring.61 R E C O M M E N DAT I O N S TO T H E T E L E C O M R E G U L ATO RY AU T H O R I T Y O F I N D I A The TRAI was created by the Telecom Regulatory Authority of India Act of 1997.57 and (3) extend the smallest possible subset of these rules to the world of cloud computing and to utilize regulatory restraint so that the market may still develop. and from misuse of data. Such an untested set of regulations would slow down the momentum of future cloud-services adoption. Per the Telecom Regulatory Authority of India Act of 1997. Indeed.59 The intention of the Indian Government is to enhance the data security and privacy in the country and it feels that this is a crucial step to promote offshoring in India.60 The extensive requirements of the new rules are likely to increase the overhead of time. and to resolve disputes between ISP’s or between an ISP and a customer.October 2011 J O U R N A L O F I N T E R N E T L AW computing and the functioning of the Internet itself. The new privacy law is very new. broadcasting and cable services in a manner and at a pace which will enable India to play a leading role in the emerging global information society. granting.” One of the most important things that TRAI can do is to leverage the unique perspective that TRAI has on infrastructure. it will be important for its interpretation and enforcement to be measured so as to allay the fears that have already been expressed by many multinational businesses. TRAI chief J. and market-based mechanisms like those promoted by the SIIA Cloud White Paper for policymakers. and ultimately. and develop 15 .

. available at http://www. many businesses resisted PKI adoption because it was deemed more expensive and difficult to use and instead adopted alternative solutions. July 1..” Moore’s law. 8. “The enzyme that won.org/dlib/december95/12kessler. 189. Jason Fried. 2011. See www. the European Parliament and Council adopted Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data.” The Economist.” 35 Cornell Int’l L. public private partnerships and best practices enforced through contracts and existing legislation. See “Microsoft Office 365 Launch: Zimbra Scores Surprise PR Win.37signals. 2011. The World Almanac and Book of Facts (Ken Park ed. L.J. 25. at S16 (describing Moore’s law and indicating that it has so far proven to be correct). 195 (2002). is an open-source product that has been widely adopted by enterprises. ACM 779 (1986) In the 1960s and 1970s.”) 23. “France’s Precursor to the Internet Lives On.” The Economist. See www. a rule that might apply to a public cloud offering might not work as applied to a private cloud offering. Ryan. drawing the attention of the national news media. “Guide to Cloud Computing for Policymakers. “Review of the European Data Protection Directive. ReWork. 17. Known in the European Union as the Electronic Signatures Directive. 3. 2010.dlib. “Grosch’s Law Repealed. ACM 94 (1972) (“In addition to increases in the level of technology.” 15 Comm.” 9 Comm. available at http://goo.gl/ipUKr. but the public retained the impression that the Minitel was mostly about sex. which helped foster the eSignatures market. 129. at 247. We highly recommend future research in this regard but strongly believe that minimum regulation is the primary factor to preserve the growth and innovation of cloud computing in India.” While some challenged his theories.). See www. Jason Fried & David Heinemeier Hansson. for example.10 (describing the phenomenon as follows: “in 1985. In 1995. policymaker concerns about specific issues can and are being addressed through industry-led voluntary action.huddle. Oldehoft & M. 4. “Wireless Communications and Computing at a Crossroads: New Paradigms and Their Impact on Theories Governing the Public’s Right to Spectrum Access. supra n. the Mark I was 55 feet long and eight feet high. In the United States. 22.” Google Docs Blog. et. “Standards of Liability for Internet Service Providers. and respected papers continued to espouse his centralized computing “law. A. 3. See SIIA Cloud White Paper. 2006 (describing the interactive Web as follows: “But what is Web 2. Several sources have noted that the Directive has significant weaknesses and that many aspects of it are ineffective. that makes web pages look like dynamic software applications that traditionally run only on personal computers. See “Caught in the Net. 2003.” Washington Post. 16 . the first large-scale automatic digital computer began operation. the second wave of websites would use software . cited supra n. took a more technology-neutral.com. available at http://goo. Matthel Linderman.. 20. The Directive applies to all 27 member states of the European Economic Area (EEA). 9. holds that the microprocessor’s performance will double every 18 months. 5. á la Française.com. 15. 14. yet wonderful technology. See Selignan. al.” 240 J. appears to be prophetic”). David Heinemeier Hansson. .” 54 Federal Communications.” Online Media Daily. one can expect for any given level. Jr. 21. “Economies of Scale and the IBM System/360. In addition. Patrick S.. stated in the 1940s. March 27.” 8 Datamation 38 (1962) (Adams suggests that Grosch’s law may not be accurate. available at http://goo. it forced the adoption of a specific technology standard (a PKI-focused provision) into the regulatory framework.” RAND Europe Technical Report (2009). available at http://goo. 2011. 2010) 18. February 3.evernote.com. See Russel Carlberg. “A Billion Here and a Billion There. N OT E S 1. Lock-in occurs when a customer is uniquely dependent on a vendor for products and services. Grosch’s law was still highly regarded by scientists and policy analysts.com. the scientific community on the whole still had great faith in them. See Neil Robinson. E. The technical problem was quickly solved. May 11. . “Maximum Computing Power and Cost Factors in the Centralization Problem. and it is most often expressed in terms of “Moore’s law.13.0? It began with a specific and useful definition. Although announcements claim that the Minitel terminals finally will be discontinued on September.” D-Lib Magazine. 12. available at http://goo. In 1944. the Electronic Signatures in Global and National Commerce Act did not provide any guidance with regard to specific technology primarily because the PKI market was at that point in its infancy. “Comments on Grosch’s Law Re-Visited: CPU Power and the Cost of Computation. See www.J. market-driven approach. at 13. “The Persistence of the Dirigiste Model: Wireless Spectrum Allocation in Europe. Martin B. Kang et al.gl/TZDC3 (last accessed June 20. See Jack Kessler. 2002). & High Tech.gl/CLohp. available at: http://goo.g. September 25. stating that “a rule that makes sense when applied in a business-to consumer context might be inappropriate when applied in a business-to-business context. at 2. But see Charles W.” Software & Information Industry Association White Paper. “Free e-commerce catalogs managed with Google Docs. In the second largest democracy in the world.gl/d9OUM.” 29 Comm. however. 7. See www. The United States. 16. June 2011 at 5.” Id. 19.J O U R N A L O F I N T E R N E T L AW October 2011 a negative sentiment in the minds of the Indian people towards this new.gl/1LKOQ. December 1995. 24. VMWare’s Zimbra. Hans Graux. Miniaturization is most often associated with the growth of personal computers that took place from the 1970s through the 1980s. January 9. Getting Real (2009). it is imperative that the free flow of information be preserved. Ken Pottinger. George Simpson. 2011. gl/gyO6. June 28. Halstead.. supra n. Adams. See Amadei. a return to scale approximated by Grosch’s Law”). developed by Intel founder Gordon Moore in the 1970s. 6. L. Adams’ work was part of an early movement that ultimately led to the so-called “repeal” of Grosch’s law. “The French Minitel. 27. It also is seen as a competitor to Microsoft Office 365 and to Google Apps.. (Crown. 136 (2001). As the eSignatures market developed post legislation. . . Built by IBM and Harvard professor Howard Aiken.. Terminals available for sale by France Telecom today can be viewed at http://goo. 26. 1997.gl/cLqu0. 10.”) 13. See Maite Selignan. See e.6.” The VAR Guy. heavy traffic generated by these sex lines caused what remains the system’s only large-scale crash.tripit. Young M.evite.’” French News Online. In contrast to the static web pages of the 1990s. html. See Xavier Amadei. on Telecomm. ACM 435 (1966) (concluding that larger computers offer the greatest economies of scale and indicating that “Grosch’s Law. 11. See Dan Salcedo.com. unable to use another vendor without 2. H. “Le Minitel Still France’s Preferred ‘Internet. 2011). Solomon.

March 31 2011. “Black Cards Forensics. “No tariff cut now as VOIP gets delayed. available at http://goo. 2011 at 22. Russell Smith.” The Times of India. 2011 available at http://goo. 46. 54. in respect of such property. available at http://goo. available at http://goo.” Cloud Computing.keeper. commits criminal breach of trust. 30. gl/fTkrx.” Information Week. HSBC Website: The Worlds Local Bank. available at http://goo.gl/TT7HU.” The Wall Street Journal. but that are also still needed. to Indian infrastructure for the benefit of the IT sector).” 47. Shalini Singh. May 24. 37.gl/gUcfA. 2011. “Another giant leap. See Carl Shapiro and Hal Varian. 60. available at http://goo.48. 62. Also see Joshi. and shall also be liable to fine. June 7. Cosmo Films. Downloaded Cloud Computing. 1860: “Criminal breach of trust by carrier. 31. See Wikipedia entry. India in the Cloud Computing Arena. May 21. November 18. available at http://goo. Also see Alan Cullison. two others arrested. available at http://goo.” Google Enterprise Blog. BSE: 532636.gl/dWtpm. 2011. For example. the IIFL group. Bloomberg: IIFL) and its subsidiaries. available at http:// goo. “New Privacy Laws To Impact Outsourcing to India. 38. available at http://goo.gl/lO4yY.gl/rpQWw. Javed Anwer. available at http://goo. Examples of lock-in include the difficulty in switching from one office-based provider to another.” Law Without Borders.gl/VO2wR. 2010. See CRID India Privacy Paper. “Unwanted Plastic?. and thus vitally important to a liberalized regime for transnational data flows. “ATM theft: Security guard. January 14 2010.gl/VyChL. TRAI issues Regulation on Quality of Service for VOIP Based International Long Distance Service. at http://en. Mayur Sharad Joshi. June 16 2011. Recommendations on Issues related to Internet Telephony. A few companies that have “gone Google” (meaning that they have moved to the Google cloud) include: Saurashtra Cements (Mehta Group). See SIIA Cloud White Paper.” Outlook Money.com. Neelkamal and many others.” SmallEnterpriseIndia.—Whoever. available at http://goo.S.”) 29. “Cloud Computing: The Next Big Wave in SME Market. Haier Mobile.000 members to Google Apps. IIFL offers advice and execution platform for the entire range of financial services covering products ranging from equities and derivatives. Shipla Shanbag. Microsoft Case Studies. Team Computers. gl/zGY5l.” Proactive Investors. 61. 41. available at http://goo. Powers and Functions of the Authority. at 34. 2011. 43.gl/adRgg. See Bill Coughan.” VarIndia.56.000 users. North American Leaders Summit.gl/yNMoe. 42. available on YouTube at http://goo. Source: interview. available at http://goo. Section 407 in The Indian Penal Code. etc.gl/l4ib0. Credit Card Service in India.gl/Hj3Ia.gl/JZm0x. “Changes to the open Internet in Kazakhstan. Celebrating 150 years in India. being entrusted with property as a carrier. India Infoline Ltd (NSE: INDIAINFO. infra n. “Google Sidesteps Edict. supra n. “India data privacy rules may be too strict for some U. comprising the holding company. 40. available at http://goo.” Dataquest. “Indian Youth Congress moves 28.” Washington Post.” The Economist. See India Infoline’s Google Journey. Interview with CIO Sankarson Banerjee. June 1. 53. “Going Google in India: Indian Youth Congress & Punjilloyd move to Google Apps for Business. gl/Qm1et. or to switch telephone providers in areas where the market is limited or where barriers to entry are high. 59. available at http://goo. Flipkart. 2011. February 20.” The Official Google Blog. Information Rules (HBS Press 1999). Delhi Public School. 2009. Telecom Regulatory Authority of India.” IndiaFacts. 52. June 20. stock markets. May 31. Ministry of Micro. one of India’s leading online destinations for personal finance. University of Namur. May 23 2011. available at http://goo.gl/j24VA. 51. Also see “Credit Card and Debit Card Users in India. “IBM inks five year business transformation deal with India’s UTV Software Communication. gl/Y39qW.gl/vGMWU. See Report on the Trilateral Committee on Transborder Data Flows. “Emerging from the Shadows. Karan Bajwa. Small and Medium Enterprises (Government of India). “India’s First ATM Card Fraud. 63.gl/607hF. Faiz Askari.13.gl/YFft2. IIFL owns and manages www. 34. October 20. TRAI Act 1997.org/wiki/Sterlite_ Technologies. “4+1 Reasons Companies are Moving to Cloud. available at http://goo. June 10 2010. available at http://goo. commodities.gl/oQ8cJ (describing the many improvements that have happened. 2006.gl/GHjpa.indiainfoline.gl/9r20m. June 10 2011.” The Times of India. Compro Technologies. “A private Affair. 28. shall be punished with imprisonment of either description for a term which may extend to seven years. 2002. 44. “India’s New Data Privacy Rules: Will They Help or Hurt Legal Outsourcing?. 39. Which VoIP.” Indiaforensic. available at http://goo. 50. “Office in the Cloud. 2002. See Pradeep Agarwal. See Rama Lakshmi. quoting Eric Schmidt‘s statement the doing so makes him “very concerned that we will end up with an Internet per country. 55. 58.” Outsource Portfolio. June 9.gl/uzAXW. 36. available at http://goo. cited supra n.gl/jLznn. The Mexican Secretary of Economy published a report that analyzed transnational data flows and identified India as one of the most significant locations for outsourcing of various services. January 2010.com.” Microsoft Contributory Articles. gl/2cvAZ.wikipedia. August 18 2009. 57. “eBay: The E-way of Doing Business. 17 . available at http:// goo. Indiamart. Mani Malarvannan. 45.gl/a945s. “First Analysis of the Data Protection Law in India. Rustomjee (part of Keystone Group). 48. Forbes Marshall. 18 August 2008. available at http://goo.gl/4USqy.gl/vIOrG. 56. 49. Telecom Regulatory Authority of India. and other instruments. “CRID India Privacy Paper”). Pheji Phalghunan. available at http://goo. easiptionBPO. available at http://goo. How can VoIP reduce call center costs. Basant Singh. 2010. available at http://goo.gl/3dvWS (describing the requirement from Kazakhstan for local servers and Google’s withdrawal from the market as a result. gl/v5eKn. available at http://goo.in.” CRID.” Indiaforensic. May 8. wharfinger or warehouse.” The Times of India. August 12 2010. (hereinafter.October 2011 J O U R N A L O F I N T E R N E T L AW substantial switching costs. 33. 32. is one of the leading players in the Indian financial services space. June 7 2010. IIFL has moved to the Google cloud and has almost 18. 35. India Pistons. available at http://goo. (Noting that Indian “offices and individuals are switching to Web-based suites that are not only cheaper—because they do away with software costs—but are also accessible from any place with a decent internet connection”). companies. About Us. 2011. available at http://goo. economy and business. available at http://goo.