What is Phishing or Spoofing? Affixing legal liability through Indian Laws

Internet developed rapidly leaving little or no scope for its terminologies to develop. Most internet terms and phrases are English loanwords most analogous to the concept being described. Phishing as a concept is analogous to fishing where predators wait for unsuspecting victims to fall prey to fraudulent offers.


Phishing in English

Phishing requires three independent parties:

  • The victim whose computer system has been compromised
  • The offender who violates all privacy norms and causes disruption with losses
  • The Service Provider whose service to the victim has been affected by the offender

Phishing (as you might have already related it to fishing) is a fraudulent activity where offenders create websites or webpages replicating a popular third-party website.

After the creation of such similar content they wait for an unsuspecting user to mistake the fake website for the real one and enter sensitive data. Probability has it that 5% 1 of the people would fall for it and give their username and password details to the fake site.

Once the sensitive data is extracted from the user the offender would use the same data to login to the real site and make unauthorised requests resulting in either monetary loss or privacy lapse.

For e.g. if I had to login to your Facebook account, I would create a website which would look exactly like Facebook. I would then send the link of the new site to you. Once you receive the link, assuming it to be Facebook, you would be actually submitting your credentials to me. I would then use your username and password to login to your Facebook account.


How bad is it?

In 2009, a group of fraudsters (about 100 people, 53 from USA and 47 from Egypt) were sentenced to Twenty years imprisonment. FBI officials nabbed them in the operation named “Phish Phry” after a manhunt of almost two years. The fraudsters were charged of phishing $1.5 million through fake credit card and banking websites.

“This international phishing ring had a significant impact on two banks and caused huge headaches for hundreds, perhaps thousands of bank customers,”
– Acting US Attorney George S. Cardona, in a statement.

India has been a prime target of a plethora of phishing scams. Indian netizens being new and unaccustomed to the internet fall for these scams easily. India lost $53 million to phishing activities in the third quarter of 2013, and have been regularly in the top five countries by volume of scams.2


Different methods of phishing:

URL Obfuscation attacks

This is the most generic form of phishing. Where the victim has been taken to a misleading URL. For e.g.: https://gmail.co.pk instead of https://gmail.com

The offending website stands in the middle, accepts information from the user, stores the information and relays it to the original website. Therefore the user never gets to know if he is on the correct URL.

This is most easily done by sending fraudulent emails offering gifts or other incentives if the user clicks on a link. The user is then taken to a website which looks like the trusted entity and is asked to submit their username and password.

Man in the middle attacks

This is an advanced method where the attack is on the victim’s side. The virtual host file is a normal text file which has a list of URLs and their specific IP addresses:


So when we try to reach google.com, our computer first checks the list of IP Addresses in the virtual hosts file, if not found it looks up the internet to find their IP Addresses and then take us to the IP Addresses.

In this form of attack the virtual hosts file of the victims are targeted. A specialised malware can change the virtual host record of an user’s computer. If somehow this file can be changed by a malware, the computer can be fooled into visiting a different IP Address it never wanted to. These malware are mostly found on torrent sites and other free  download sites, the advertisements are of very low quality as they target unsophisticated users.

Once the change has been made by the malware, it is very difficult to notice the change. Good antivirus and anti malware softwares are recommended to deal with such attacks.

Cross Site Scripting (XSS) attack

As you might have noticed the X stands for Cross. This attack is done on the server’s computer. Specialised queries made to a server can make it reveal sensitive data.

This vulnerability especially is of a time when novice users would program servers and due to the vulnerable programming an advanced user could manipulate the server. However this is very rare and almost non-existent as of now.



There has been a litany of cases filed by victims of phishing scams mostly against their banks. The grounds are filed under the Sections 43, 43A and 72A of the Information Technology Act, 2008 (amended). Depending on where the phishing activity has taken place, IT Act provides for different liabilities.

Section 43 (Penalty and Compensation for damage to computer, computer system, etc).

Section 43 (a), (b), (c), (h) and (i) talk about different liabilities for the offender.

Section 43 A Compensation for failure to protect data (Inserted vide ITAA 2006)

This whole section was introduced to affix liability on the Service Provider whose services have been compromised due to the attack (for e.g. the bank). A compensation has also been fixed which is not exceeding five crore rupees.

Section 66 Punishment for violation of Section 43

This section provides for punishment which may extend to three years and fine of five lakh rupees.

Section 66A(c)

This can be attracted in case of fraudulent emails. The words ‘to deceive or to mislead the addressee’ would carry the same punishment as in Section 66.

Section 66B, 66C, 66D, 66E

These different sections cover for the entire aspect of Phishing, identity theft, cheating, impersonation, violation of privacy, etc.

Section 72 A Punishment for Disclosure of information in breach of lawful contract

This section provides for punishment of the Service Provider who had an obligation to observe safe practices and network systems in order to prevent such attacks.

and Section 420 of Indian Penal Code

Apart from the IT Act, Cheating under the IPC can also be considered.


What is digital information and how does the computer work? For a lawyer

The entire gamut of Indian Technology Law contains references to “digital information”, “digital signatures”, “cryptography”, “public key”, “private key”, etc.

And without clarity at the origin it gets much difficult at later stages to understand more technical and quirkier concepts like “blockchain”, “cryptocurrency”, etc.

This article therefore explains to you how information is actually stored on a physical hard drive and how it is used for functional equivalence with real world elements.

Forget everything you know about computers and read on..


What is so digital?

A machine

Have you ever thought that “the clock is so amazing, it knows the time and shows it to us”? This article is for all those who thought otherwise.

A machine does not know anything, it is designed in a way to return something of value when an input is submitted. The mechanical parts of a clock would act repeatedly in a certain way on being provided an electric source. Even after that, a clock can show us the correct time only when the starting time was correctly entered.

So in a mechanical clock, there are three ingredients, the machinery inside, the correct time as an input, and a constant energy supply (mechanical or electric).

The clock is designed to show a textual representation of information readable and useful to us.


Saving data

Imagine a clock which instead of numbers shows text and has 26 characters of the alphabet on the edges. You can store one character of English Alphabet on such a clock by using the hour hand to point toward the character.

So now if you want to store the word “INDIA”, you can store it as “9-14-4-9-1” pointed by hour hands of five such clocks. 

You can save the entire “The Ramayana of Valmiki, translated by Hari Prasad Shastri – 3 Volumes Combined” in upper case letters. It would take you only about 3.4 million similar clocks.

Save the data and stash the 3.4 million clocks somewhere, it will be data saved.


Binary Data

While it was difficult to store the data (3.4 million clocks) in such a way, it could be done so electronically in a very small space. But in order to take the advantage of electronic storage, we need to translate that data into Binary.

Electronics exist in only two states, ‘on’ or ‘off’. While ‘on’ can be represented by ‘1’, ‘off’ can be represented by ‘0’.

All you need to do now is change the data into their binary representations. 


Numbers in Binary

Decimal to Binary is quite simple, divide by two and write the remainder. Repeat this process until you cannot divide by 2 anymore, for example let’s take the decimal value 157:

157 ÷ 2 = 78
78 ÷ 2 = 39
39 ÷ 2 = 19
19 ÷ 2 = 9
9 ÷ 2 = 4
4 ÷ 2 = 2
2 ÷ 2 = 1
1 ÷ 2 = 0
with a remainder of 1
with a remainder of 0
with a remainder of 1
with a remainder of 1
with a remainder of 1
with a remainder of 0
with a remainder of 0
with a remainder of 1
<— to convert write this remainder first.

Therefore 157 = 10011101. Clear?


Text in Binary

There are multiple global conventions of translating letters into binary for storage. We will take the ASCII (American Standard Code for Information Interchange) convention for discussion. It is the most prevalent form of text encoding, and has also been a foundation for other conventions.


The ASCII chart has 127 characters including lowercase and uppercase alphabet, numbers and some special characters.1

Each character (a, b, g, z, etc.) is represented by a number from 0-127 (128 total).

Capital T is 084.


Each number is converted to a pair of hexadecimal digits. In mathematics and computing, hexadecimal (also base 16, or hex) is a positional numeral system with a radix, or base, of 16. It uses sixteen distinct symbols, most often the symbols 0–9 to represent values zero to nine, and A, B, C, D, E, F (or alternatively a, b, c, d, e, f) to represent values ten to fifteen.2

Do this by dividing the (decimal equivalent of the) left digit by 16, and placing the remainder.

For example for Capital T (084),
084 = (16*5) + 4
which is 54


Further each one of the hex digits in the pair would be changed to their final binary form.

Here’s a binary:hex conversion chart:

0001 = 1 
0010 = 2 
0011 = 3 
0100 = 4 
0101 = 5
1000 = 8

1001 = 9
1010 = a (the hex number a, not the letter a)
1011 = b
1100 = c
1101 = d
1110 = e
1111 = f

Therefore, 54 = 0101 0100


T = 01010100 in binary. Similarly you can find out the binary of all characters here.

For instance, the word ‘India’ in Binary is: 01001001 01001110 01000100 01001001 01000001

Each character on the right is called a ‘bit’. Eight of them make a ‘byte’. There are five bytes in the above line.


‘India’ would take 5 bytes if you write it on Notepad and save as a text file. For perspective, the Ramayana as mentioned earlier would take 3.5 MBs in text format.


What about Music, Pictures and Videos?

Now that you know how text is saved in binary. Let’s see how we can save music, picture and video files.


Ever opened a .jpg image file with Notepad? It looks like this:

All ASCII characters in an hellishly unreadable format. Pictures are stored as text which are then in turn stored as numbers, and finally in their equivalent binary format.


Sound is produced on vibration of a medium. This is how the waveform of a music file looks like:

Notice the crests and troughs, they can be plotted on a graph, and the corresponding numbers can be noted down. The numbers are then changed to their hex values and then further to the binary format.

A typical MP3 file plays at 128kbits per second, i.e. in one second the computer processes 32,000 hex values, to give us the effect of listening to a sound. This is what an MP3 file looks like in a hexadecimal editor. 


Videos are moving pictures with sound. A normal video file plays at 24 frames per second (fps) graphics and 128 kbits/sec sound. Therefore a second of video file would mean 24 image files, and one one second long sound file played together. Therefore video files take the most amount of space.


Storage Media

Now that it is clear that Data in the form of text, numbers, pictures or videos can be saved as 0s and 1s, let’s see how you can save the data for later use. Taking the case of USB Pen Drives.

USB Pen Drives are made up of a circuit board and a shell. The circuit contains a Flash memory chip which is made up of transistors. Typically there are about 32 billion transistors in an 8 GB USB Pen Drive.

Every transistor is arranged in such a way that it can hold electrical charges like a battery. Binary Data is stored on the transistors. If it is 1 a transistor will store the charge, if is 0 the transistor will not store charge.

Data can be retrieved by reading the charge distribution of the transistors. Data can be written by changing the charge value of the transistors.



Now that you know what are digital objects and digital information, it will be easier to understand that the computer is not a sentient being, but a super-machine which can read and process any kind of information digitally at a very high speed.

It might take you a second to read five binary characters ‘01011’, while any random smartphone can read at speeds of 25 billion binary characters in that same amount of time, and make sense out of such long strings of characters.

The whole Extended Volume of Oxford Dictionary would be only about 70 kilobytes in ASCII text format.

A computer continuously stores data and retrieves data from its storage media. This process is so fundamental about a computer that more frequently it does so more smarter it gets. The frequency of reading and writing on storage media could be as much as three gigahertz.

This high reaction rate of computers give us a perception of an artificial consciousness, whereas it is nothing more than an extremely fast clock with complex rules.


Denial of Service (DoS) attack and relevant Indian Laws

What is a DoS (Denial of Service) attack? And how is it committed?

To understand DoS, you will need to have an idea of what is the Service being provided, how someone can deny it to you, and how it can be counted as an attack.


What is the Service?

Every website you visit are made up of  files like the ones you have in your Downloads folder. Pictures, Word files, PDF files, MP3 files, Videos, etc. On any given website all these files are organised in a easy to use presentable format called HTML. HTML (Hyper Text Markup Language) is a convention which is used to structure data in a viewer-friendly manner.

You can also make HTML files by using softwares like Microsoft Frontpage (old legacy), Adobe Dreamweaver (contemporaneous), Sublime Text (for advanced users).

Whatever you are looking at right now, even this text, is organised in a specific format and saved as .html files (on my server) which you are accessing and reading now.

The Service part is yet not fully defined.

The other component of the Service is the operation of a server. Believe it or not you have operated at least fifty servers from the morning today.

A server is a highly specialised computer designed only to serve web content. The HTML files which we were discussing about, are stored on these servers and the servers are connected to the internet in the same way you are connected to the internet. This connection to the internet enables anyone else to access the files kept on a server computer.

So for example, if you are watching a video on YouTube, you are accessing an HTML file kept on YouTube’s servers which has an embedded video on it. YouTube lets you access and watch it because then YouTube can show you ads. This transaction is thus complete with a win-win situation for YouTube and you.

The Service is complete when the Server renders the data to an user, and the user is able to access it successfully.


How do you then deny it?

Denying it is actually easier than setting up the service. Remember the part where the server is nothing but a super specialised computer? Yes.

And just like all computers (like yours), servers also can slow down to a screeching halt and freeze to lifelessness. Once a server hangs, and until it is restarted, whoever visits the server through the internet will see either a 500 Internal Server Error, a 503 Service Unavailable, or any other error of the codes starting from 500 to 511. I am sure you must have seen quite a few of these.

The way forward then is to visit the target website as many times as possible in a short period of time. A flood of visits to the same website will get the server busier than normal, and slow it down by taking up all the server resources like RAM, CPU and internet bandwidth.

Therefore if your friend wants to deny your access to YouTube, he can do so by artificially bringing YouTube’s servers to a halt or slowing them down.

For him to be able to pull off that feat on a website of that scale, he will mostly need to visit it a whopping 500 million times in under an hour. Once he manages to get YouTube down, congratulations he has broken the law.


How is it an attack?

Well if you understood the Service part, the Denial part and the frustration emanating from it, you would not ever want this to happen to YouTube, had you owned it. Even one hour of downtime for YouTube would mean millions of lost business opportunities, and billions of losses ensuing due to lost user confidence. I would personally term any losses above the $100 mark as an attack.


How to do it?

There are multiple free, open source and premium softwares which can help you do exactly that. These can be installed on any laptop or computer and put to action in under a minute. The most popular of them all could be Low Orbit Ion Cannon (LOIC) and the High Orbit Ion Cannon (HOIC). Others are also available by the names: Locust, CloudTest, LoadRunner, etc.

If you do not want to dive into all the details, some very easy online softwares are also there by the names of Loader.io, blitz.io, etc.

You can find LOIC here: https://github.com/NewEraCracker/LOIC

The HOIC is the latest version of LOIC, and it is analogous to the Death Star as shown in Star Wars, it can launch parallel attacks on as many as 256 URLs at one go.


Why are the softwares freely available?

Just like every other things, softwares are also known to be abused. What started out as a network stress testing tool has quickly become an innovative way to attack and cause harm to others.

Softwares like Locust, CloudTest and LoadRunner and many other open source variants exist simply for use of network administrators who can test different flows of traffic on their networks.

And till the time you are doing it on your own network or on a network you are authorised to, it is totally legal. It is illegal only when it is done with lack of authorisation and with the intention to cause disruption.


Different types of attacks. Difference between DoS, DDoS and APDoS

If the offending computer is a single entity it is simply called Denial of Service (DoS), but when such an attack is orchestrated along with multiple other machines parallely  it is called Distributed Denial of Service or DDoS.

And when the attack is made through a large array of computers (tens of millions) and with very sophisticated and advanced methods, it can last for weeks. Such an attack is called advanced persistent DoS or APDoS.

It would be very foolish of anyone to try a DoS attack without adequate measures. The prime characteristic of a DoS attack is repeated similar requests from the same IP Address. It is then easy to block the offending IP Address. However, in the advanced versions of DDoS and APDoS, there are two classes of victims, one whose servers have been targeted and others whose computers have been used without their knowledge to pull off the offense.

In DDoS and APDoS, varieties of malwares and viruses are transferred over the internet to unsuspecting users, and then their computers are used to organise a massive attack on a third party.

The trickiest and the most difficult to diagnose are the Degradation of Service attacks. This type of attacks are highly advanced with algorithms which can detect the victim’s network capacity, on the basis of which attacks are perpetrated not to hang the servers but to increase error rates and slow down the network ingress and egress. This type of attacks can last for weeks before detection and cause the heaviest losses at the least cost.


Laws of India on this?

Whether it is a simple disruption, degradation, denial or distributed denial Indian Law has provisions for all of them.

Section 43 (e), (f) and (g) of the The Information Technology Act, 2008

provide for watertight provisions which as of now cover the entire gamut of DoS attacks.

If any person without permission of the owner or any other person who is incharge of a computer, computer system or computer network

  1. disrupts or causes disruption of any computer, computer system or computer network; (applicable in cases of disruption and degradation)
  2. denies or causes the denial of access to any person authorised to access any computer,
    computer system or computer network by any means; (applicable in cases of denial or distributed denial or advanced persistent denial)
  3. provides any assistance to any person to facilitate access to a computer, computer system or computer network in contravention of the provisions of this Act, rules or regulations made thereunder, (applicable in cases of denial or distributed denial or advanced persistent denial)

then such a person can be made liable under the act.

Moreover, there is another clause that covers cyber terrorism which is punishable with life imprisonment.

Section 66F. Punishment for cyber terrorism

  1. Whoever,
    1. with intent to threaten the unity, integrity, security or sovereignty of India or to strike
      terror in the people or any section of the people by –

      1. denying or cause the denial of access to any person authorized to access computer resource; or …
    2. … commits the offence of cyber terrorism.
  2. Whoever commits or conspires to commit cyber terrorism shall be punishable with
    imprisonment which may extend to imprisonment for life’.


Pertinent History

The first big ticket DDoS attack happened on the Church of Scientology in 2008. This was organised by the Anonymous group which is apparently the largest hackers’ network in protest to the philosophies and practices of the Church of Scientology.

In June 2014, the Occupy Central movement in Hong Kong was responsible for taking down multiple websites of the Chinese Government, this was too in protest of the Chinese voting system where they have a fixed 1200 member committee which elects new leaders to power.

In April 2015, TRAI released a list of over a million email ids who wrote to TRAI favoring NET Neutrality. TRAI was foolish enough to release the email ids along with the names of the users and their messages. A group of Hackers calling themselves Anonymous India saved the day by DDoSing TRAI’s website so that no one could download the list of email ids. It was supposedly a gold mine for spammers.

The supporters of Wikileaks have been attacking websites of the US Government and other Financial Institutions to the extent that Mr. Assange had to request everyone in a tweet to stop all such activities.

Software and Mathematical Algorithms: Is Mathematics discovered or invented?

In the early 1990s the U.S. Patent Office issued several patents that reawakened interest in the patentability of “pure” algorithms. The first, U.S. Patent No. 4,744,028, issued to one Dr. Karmarkar and was assigned to AT&T Bell Labs.

This patent covers a new linear algebra technique for allocating scarce resources in a large system such as a telephone network (AT&T’s obvious application of the invention). The Karmarkar algorithm describes an improvement on the well-known (to mathematicians) “simplex method” for solving a very large series of equations, which is how these resource allocation problems are set up mathematically.

The second patent issues on a “pure algorithm” covers a mathematical technique known as the Discrete Bracewell Transform in the field of signal processing. Bracewell’s advance was to create an algorithm that handles sophisticated signal processing without using what are known as “complex” numbers. (These are number which are based on the square root of negative one.)

These patents, which are expected to lead to applications by other mathematicians, raise anew the problems hinted at in the Benson and Diehr cases: what is the nature of mathematics? How do algorithms relate to laws of nature and natural products? Should patents be allowed on “this type” of subject matter?

In comparing computer algorithms to natural products and laws of nature, Justice Douglas states:

Phenomena of nature, though just discovered, mental processes, and abstract intellectual concepts are not patentable, as they are the basic tools of scientific and technological work

Benson, 409 U.S. at 67.

What view of algorithms, and mathematics as a whole is implicit in this statement?

The debate amongst mathematicians on the exact nature of what they do has taken many forms. However, it is possible to simplify the various positions by marshalling them into two main groups.

First are platonists, who believe that mathematics is a real phenomenon which is discovered by mathematicians in the course of their research. On this view, mathematicians simply discover the ordered relationships that nature has laid down.

The alternative view is that mathematics is simply a formal game, which mathematicians “make up” in accordance with strict rules. According to this “formalist” theory, mathematics does not describe any underlying reality. One must simply be careful to state mathematical assertions according to the accepted “rules of the game”. This view comes closer to the theory that math is “invented” by mathematicians.

One overview of the field states:

Most writers on the subject seem to agree that the typical working mathematician is a Platonist on weekdays and a formalist on Sundays. That is, when he is doing mathematics he is convinced that he is dealing with an objective reality whose properties he is attempting to determine. But then, when challenged to give a philosophical account of this reality, he finds it easiest to pretend that he does not believe in it after all.

P. Davis & R. Hersh, The Mathematical Experience 321 (1981).

But the view that math is invented is more starkly stated in the philosophy of Imre Lakatos. Lakatos, whose Proofs and Refutations was published in 1976, sets out a theory of mathematics which places it more properly within modern traditions of the history of science. That is, Lakatos believed that mathematics grows by the criticism and corrections of theories which are never entirely free of ambiguity or the possibility of error. According to Davis and Hersh:

Starting from a problem or a conjecture, there is a simultaneous search for proofs and counterexamples. New proofs explain old counterexamples, new counterexamples undermine old proofs. To Lakatos, “proof” in this context of informal mathematics does not mean a mechanical procedure which carries truth in an unbreakable chain from assumptions to conclusions. Rather, it means explanations, justifications, elaborations which make the conjecture more plausible, more convincing, while it is being made more detailed and accurate under the pressure of counterexamples.

P. Davis & R. Hersh, The Mathematical Experience, supra, at 347 (1981).

Note that in this passage, the authors are discussing Lakatos’ view of that part of mathematics which is in the process of growth and discovery, rather that “settled” mathematics. However, the authors point out that “informal” or unsettled mathematics “is of course mathematics as it is known to mathematicians and students of mathematics” – i.e., the most significant part of the field.

These two authors conclude that neither the Platonist nor the Formalist philosophy of mathematics is ultimately satisfying. They propose instead a view of mathematics that combines the objectivity of the Platonist view with the reliance on social consensus of the Formalist view:

Mathematics is not the study of an ideal, pre-existing non-temporal reality. Neither is it a chess-like game with made-up symbols and formulas. Rather, is is the part of human studies which is capable of achieving science-like consensus, capable of establishing reproducible results. The existence of the subject called mathematics is a fact, not a question. This fact means no more and no less than the existence of modes of reasoning and argument about ideas which are compelling and conclusive, “noncontroversial” when once understood.

P. Davis & R. Hersh, The Mathematical Experience, supra, at 410 (1981).

Mathematics, the authors conclude, has “conclusions [which] are compelling like the conclusions of natural science. They are not simply products of opinion, and not subject to permanent disagreement like the ideas of literary criticism.”

That is, while admitting that at any given time certain propositions at the frontiers of mathematics may be fallible or correctable, they deny that this makes mathematics a meaningless battle of symbols.

What does all this mean for the patent system? First of all, it sheds some light on the naive Platonism of the early Supreme Court opinions on algorithms. As Davis and Hersh point out, there is no consensus among mathematicians that they are in fact discovering a preexisting reality. Thus, the Supreme Court’s treatment of algorithms – as akin to other “found” natural objects, such as products of nature – conflicts with the views that many sophisticated mathematicians see to have of their field. Of course, these views are normally expressed only when “frontier” or pioneer mathematics is at issue; much of the applied mathematics which is the subject matter of algorithm claims would probably be considered outside the discussion of mathematical philosophy anyway. However, even these applied algorithms raise the same philosophical problems. It must be noted that since applied mathematics strives to emulate underlying physical relationships, there is much stronger pull toward the Platonist position when this branch of mathematics is under investigation.

Perhaps this explains some of the cases we have examined. For instance, the use of the Arrhenius Equation in the rubber-curing process at issue in the Diehr case is well within the realm of applied mathematics. That is, this equation tries to capture a physical relationship and state it as a “law”. For the variables stated in this equation, the relationship which it sets fort will always hold. On the other hand, consider the algorithm at issue in the Benson case. This was a “pure” mathematical algorithm which converts binary coded decimal numerals into their binary equivalents. Since numbers of a given base (e.g., base 2 or base 10, the decimal system) do not really correspond to any physical objects, this is an algorithm which states only an abstract relationship. (Compare this to the variables in the Arrhenius equation, which stand for physical properties – pressure, heat and so on.) Perhaps the differences between the Arrhenius equation in the Diehr case and the “pure” number conversion algorithm in the Benson case go a long way toward explaining the different outcomes of the two cases. In any event, the statements made in Benson about the nature of mathematics surely conflict both with the offhand treatment of the mathematical aspects of the Diehr process and the way in which mathematicians themselves view their field, or at least that part of it which deals with purely abstract matters.

The underlying view of mathematics contained in the Benson case may one day be tested when the new generation of mathematical algorithm patents – such as the Karmarkar patent discussed above – come under review.

In the meantime, the debate over the nature of mathematical algorithms is very much alive. Consider some recent comments on the Bracewell and Karmarkar patents, discussed above:

Unlike an industrial technology, an algorithm, the step-by-step recipe for carrying out a mathematical calculation, might seem more like something that is discovered than invented. But in the last few years, corporations have been patenting these abstract procedures, leading many mathematicians to complain that the free flow of ideas is in danger of being interrupted.
“The tradition in algorithms has been that they should be free,” said Ronald Rivest, a mathematician at the Massachusetts Institute of Technology, who said he had mixed feelings on the subject. “Research generally has proceeded on that basis.”
Michael Ian Shamos, a mathematician and computer scientist at Carnegie Mellon University in Pittsburgh and a lawyer in private practice, said that the patenting of important algorithms is contrary to the best interests of science.
“Mathematical facts are the building blocks of research,” he said. “I’m an intellectual property attorney. I like patents. But the patent law was never designed to apply to algorithms. The argument that you spent lots of money developing an algorithm and therefore you should be able to protect it is nonsense.”

G. Kolata, Mathematicians Are Troubled by Claims on Their Recipes, N.Y. Times, March 12 1989

For an argument that the entire software patent issue should turn on the invention/discovery distinction, see John A. Burtis, Comment, Towards a Rational Jurisprudence of Computer-related Patentability in Light of In re Alappat, 79, Minn. Law Review, 1995.

Burtis observes that “Mathematical expressions may be used to describe both discovered and invented subject matter and are therefore imperfect proxies for mathematical truths and other laws of nature.” He concludes by arguing that a “tightly-defined test built on a robust discovery and invention distinction” would improve on Alappat. He then tries to enunciate a test to identify whether an algorithm claim essentially encompasses a “natural truth,” in which case it is an unpatentable discovery, or whether it contains “an implicit, but real, use limitation,” i.e., is tied to a specific application or field of use. Id., at 1165.

In the end, the analysis is helpful because it focuses on the scope of software claims. Recall that in many ways this was the underlying concern in Benson – the case that caused most of the headaches that now plague the law in this area. This approach can be seen as implicitly arguing that software patent doctrine went awry when it rejected “field of use” limitation as a way of preserving patentability.


Digital Currency Regulator: the need to be set up in India

A lot of interesting concepts were discussed at the Global Technology Summit held recently in December 2016. It had been organised by the Indian Chapter of Carnegie Endowment for International Peace which is Carnegie India.

The Global Technology Summit is particularly important at this point of time as it holds relevance while we strive to move towards a cashless economy particularly: digital currency.

The topic of a Digital Currency Regulator (“DCR”) came up for discussion, and therefore we need to know more about the roles and regulations such a regulator would be involved in.

The Monetary Authority of Singapore (“MAS”) is a model to be learned from, specifically in this context.

What is the typical role of a DCR? What does it do differently?

Around the world it has been a convention to put out white papers inviting suggestions, advice and criticism from the general public and all stakeholders. While the needs and pace of the technology industry is quite different, traditional or conventional model of public participation do not serve to create efficient outputs.

MAS innovatively puts entrepreneurs, MNCs, Governmental Authorities and Regulators together in touch through different events and programmes. MAS organises safe virtual environments where softwares are allowed to run and mimic real life interactions. In a nutshell, MAS helps entrepreneurs test their ideas in a sandbox and makes it easier for regulators to approve or deny technology innovations when it comes to Digital Currency.

Here Banks and other big corporates regularly share the bottlenecks they want to overcome in their businesses and Developers and Entrepreneurs have ready access to an ecosystem where they can constantly solve problems.

The best part of such collaborations is that regulations can be effected instantly and before any new technological standard hits the market. The Government can keep a tab on all latest inventions and discoveries without investing a tonne of sweat.

MAS has effected a lot of changes recently, particularly on the rules of outsourcing, cloud hosting, Applications Programming Interface and Open Source Programming.

While developing new technologies startups have to face lack of incentives in terms of finance, growth prospect, regulatory interference, etc. While some technologies take governments by storm, some very innovative ideas are never heard of.

For e.g. no country still perfectly knows how to handle Uber, while alternative technologies for e-signatures like Blockchain could not find adoption in India yet.

Recently National Payment Corporation of India released advisory instructions to banks for enabling the Universal Payment Interface. Such recourse would not have been necessary if Banks and Regulators were kept in constant touch with Entrepreneurs and Developers.

The platform created by MAS invests in learning of disruptive technologies and constantly creates challenges and incentives for developers to explore more. But unlike Singapore, India does not have a regulator like MAS.