We are living in a brave new world today in which technology has progressed far ahead of our laws, and more troublingly, has even left our concepts of ethics and morality dated. We must shed our blinkers and squarely face the indubitable fact that privacy as we knew it till, say, the early 1980s, is dead. Nothing we say, do or write is hidden. Today, Big Brother is really watching – what George Orwell foretold in his book 1984, has come to pass, albeit a few decades late. What should our laws do about it? The following questions suggest that we need to drag our laws of evidence and criminal and civil procedure codes kicking and screaming into the 21st century.
Are social media posts reliable evidence?
Recently, in a tax case, the Income Tax Appellate Tribunal relied on evidence adduced in the form of profiles displayed on a social networking site to conclude that the company had a Permanent Establishment in India that justified taxation of its income earned from India sales to tax in India. This decision was promptly stayed by the high court. Currently, therefore, we are exactly where we were before the tax tribunal stirred this hornet’s nest. If profiles on social networking sites became evidence, can Facebook posts, tweets on Twitter and videos on YouTube be far behind?
Social media posts are voluntary – and we should stop kidding ourselves that the posts remain private because one has expressed the intention to keep them so that only ones “friends” can see them. And remember, if one’s tweet is retweeted, it no longer remains one’s own to delete. Deleting the original post will do nothing to the retweet. Similarly, once Google has indexed a page, it will remain forever on its servers (“cache”), waiting to be served whenever an appropriate search string is put in. Currently, Google’s search engine does not index Facebook posts – but Facebook stores them forever, even after one has deleted them from one’s “Timeline”. We need to go way beyond just exhorting our children, nieces and nephews to be discreet online. We really need to take a collective view (and see that it is reflected in the law) on whether, and to what extent, such posts can be relied on as evidence.
What about our mobile records?
In 2009, the Securities and Exchange Board of India convicted several people of insider trading and conspiring to manipulate prices of a particular scrip in 2008 based on mobile phone tower records that gave away the locations of the accused – and proved that they were in the same vicinity at the same time, when the plan was being hatched/implemented. One should be aware that such data gets recorded routinely – effectively tracking every move one makes. So we are not speaking only of data relating to text messages that we send and receive, the voice calls that we make or receive, and the websites and email accounts that we check out. Mobile companies can even record the websites we visit using the “incognito” mode on our mobile browsers.
Shocked? Don’t be. Again, the lesson is this: we must stop kidding ourselves that we can stop the telecom companies from collecting, storing and recording this information. We cannot. Nor can we stop our appearance on uncounted CCTV cameras. But we can, and do need to write much more robust laws and rules about who can access this kind of data/information, and punish violators or people who leak these records. The recent controversy over leaked telephone conversations in India was an excellent opportunity – alas, lost in the political waves it unleashed – for us to collectively debate on this issue, and build robust checks and balances into the protection of mobile data, and write into the law severe deterrent measures for violators.
Digital commerce and banking
Many of us today have virtually stopped writing cheques. We transact in myriad ways – at Points of Sale at merchant establishments, at ATMs, through electronic clearing services, automated bill payment services, National Electronic Funds Transfer, Real Time Gross Settlement, and we use debit/credit cards, over the internet using laptops/desktops and, increasingly, mobiles, with Wi-fi, Bluetooth, near field communication or mobile data network technologies. All these, doubtless, are protected by strong encryption – but one cannot wholly understand why a friend who knows all about banking technologies refuses to use any of these technologies but still writes cheques. Maybe, it has something to do with how familiar one is with these technologies – the digital equivalent of “no man is a hero to his valet“.
Recently, we know of a case where a person had to fight with the bank to refund amounts wrongly and inexplicably debited from her account due to two debit card transactions supposedly made from the Cayman Islands to book air tickets on Cayman Air. Such stories cause disquiet. If we have to leapfrog technology and promote inclusiveness in banking, we must consider strengthening our banking laws and cyberlaws – to some extent, this has to happen worldwide – to make it possible to track down, and crack down on, perpetrators of misuse of such payment systems, wherever they may be.
Kanchun Kaushal is Partner, Direct Tax Litigation, Price Waterhouse and Co, LLP and Rajesh Haldipur is Associate Director, Tax and Regulatory Services, PricewaterhouseCoopers Pvt Ltd