In 2017, the strange goings-on in the crypto world had caught the attention of Vijay Pal Dalmia, partner and head of the intellectual property and information technology laws division at Vaish Associates Advocates. The tough-as-nails lawyer based in Delhi had been reading about cryptocurrencies and was increasingly concerned about how they could be abused in the absence of any regulatory oversight.
The trigger came when he first read about the cyberattack on May 13, 2017, by WannaCry ransomware, a malicious ambush that targeted computers using Microsoft Windows across the world. WannaCry did so by either encrypting valuable files, such that users were unable to read them or by locking them out of their computers, so that they couldn’t use them at all. The cybercriminals then demanded payment of a ransom in bitcoin for releasing the data or freeing the computer.
Cybersecurity firm Kaspersky, set up by Yevgeny Valentinovich Kaspersky (who has helped identify instances of government sponsored cyberwarfare and has been a leading advocate for an international treaty prohibiting cyberwarfare), wrote that paradoxically, the criminals who mounted the attack took advantage of a flaw in the Windows operating system, using a hack that had been allegedly developed by the United States National Security Agency. Called EternalBlue, the hack was made public by a group of notorious hackers called the Shadow Brokers ahead of the WannaCry attack. In the past too, this group had exposed major vulnerabilities in Cisco routers and Linux mail servers. An alerted Microsoft did release a security patch to protect users against this exploit almost two months before the WannaCry ransomware attack began. Unfortunately, however, many individuals and organisations who hadn’t updated their operating systems, a fairly common occurrence, were left exposed to the horror.
The hackers in this case demanded payments ranging from 300 to 600 US dollars in bitcoins as ransom for unlocking the computers and affected devices. India was one of the countries most affected by the WannaCry ransomware, since many users had outdated computers and rarely updated their system software. While official figures stated that around 45,000 computers had been affected, the actual numbers were far greater. In fact, PC Haldar, former director of the Intelligence Bureau, later said India was affected far worse by the WannaCry ransomware attack than official statistics suggested. He placed the number of computers possibly affected at 2,50,000. In its aftermath, the RBI had to notify all banks to operate their ATMs only after updating software systems, to avoid being infected by ransomware. According to media reports, among those impacted most were the Andhra Pradesh Police and the West Bengal State Electricity Distribution Company.
The ransomware attack was a clear signal to Dalmia that cryptocurrencies had become the new medium of digital crime in countries like India. He was increasingly perturbed when further research told him that bypassing the traditional banking system, these currencies presented a real threat to society. Having handled many cases involving white collar crimes, he realised how easy it was to buy these coins in India and transfer them to a country of choice, thereby beating the Foreign Exchange Management Act, which mandates that all such transfers have to be accounted for and reported. For money launderers, these coins were the perfect option to hawala, the existing modus operandi for transferring cash to other parties, often in distant locations. Bitcoins or other such currencies were a cleaner, faster and completely anonymous alternative.
A controversial move by the BJP-led central government had only accelerated this trend. On November 8, 2016, the government of India announced the demonetisation of all Rs 500 and Rs 1,000 banknotes in the country, ostensibly to contain the flow of black money in the economy. The move had an immediate impact on hawala traders, those who transferred part payments to sellers of goods in countries like China in lieu of invoices that declared a lower value for them. The Indian importers in turn paid custom duty on this lower bill, which allowed them to sell the same at cheaper prices in India. It was a form of under-invoicing well known to Indian authorities, though there was only so much they could do about it.
Squeezed by the note ban, these traders now discovered the magic of virtual currencies, using them in payments to be made to China or other sources of import. Thus, an importer wanting to under-invoice his goods would buy bitcoins in India and use these to transfer payment to his Chinese counterpart’s wallet. There was little the tax authorities could do since there was no record of the transaction.
Along with his son Siddharth, an engineer and a law student, Dalmia filed a case under Public Interest Litigation (PIL) in the Supreme Court against the Union of India, the Ministry of Home Affairs, the Ministry of Finance and the Reserve Bank of India. Dalmia sought the top court’s intervention in directing the government to take “emergency and urgent steps” for restraining the sale and purchase of illegal cryptocurrencies, which, according to his detailed and carefully worded petition, were “being traded and invested-in openly and extensively within the knowledge and domain of the respondents anonymously over internet and otherwise for a host of anti-national, illegal and nefarious activities, such as funding of terrorism and insurgency, illicit trade of arms and drugs, recruitment of terrorists, bribery, corruption, money laundering, tax evasion, generation of black money, payment of ransom, human trafficking, transfer of money through hawala, hawala trade, illicit investments, avoidance of banking channels and surveillance of funds, online gambling resulting in negative impact on Indian currency, inflation, loss of control of government on financial discipline and illegal diversion of money, and all this happening without any border restrictions or geographical constraints by avoiding and violating laws, resulting in danger to the integrity and sovereignty of India causing harm and danger to the peace and tranquility of the society, the security of the state and the residents of India.”
In his PIL, Dalmia mentioned that several laws were being violated by the open dealings in illegal cryptocurrencies like bitcoin. These included the Foreign Exchange Management Act, 1999 (FEMA); the Reserve Bank of India Act, 1934 (RBI Act); the Coinage Act, 1906; the Securities Contracts (Regulation) Act, 1956 (SCRA); the Sale of Goods Act, 1930; the Payment and Settlement Systems Act, 2007 (Payment Act); and the Indian Contract Act, 1872. In his plea, he asked the court to issue a writ of mandamus or any other appropriate order under Article 32 of the Constitution of India, directing the respondents to “declare cryptocurrencies or decentralised digital currency or virtual currency (VCs), such as, bitcoins, litecoins, bbqcoins, dogecoins, etc, as illegal, besides restraining and banning their sale and purchase”. He also asked for the respondents to ascertain the actual figure of such illegal cryptocurrencies, and fix accountability and responsibility for the same. This last would continue to be a dark hole, with various government functionaries including senior ministers refusing to put an actual number to the scale of crypto trading in the country.
In a hearing on July 14, 2017, the bench of the Chief Justice of India JS Khehar and Justice DY Chandrachud disposed of the PIL in just 30 minutes, with Khehar saying: “I will not go into the technicalities.” However, the court gave four weeks to the RBI to examine all security-related issues about virtual currencies and respond to the petitioners.
The RBI did respond to Dalmia, but its reply was evasive, prompting him to file a second PIL. This time, a three-judge bench headed by Justice Chandrachud admitted his plea and issued a notice to the government.
An excerpt from Cryptostorm: How India Became Ground Zero of a Financial Revolution, Sundeep Khanna, HarperCollins India.