Legal Issues Surrounding Cloud Computing

With the explosive growth of innovations in the Information Technology industry, the Legal provisions are currently lagging behind and desperately looking for ways to cope up with the never-seen-before advancements. Cloud computing, being one of such recent advancements, have raised a number of legal issues including privacy and data security, contracting issues, issues relating to the location of the data, and business considerations.

The abovementioned issues are the primary ones faced by almost all the nations across the globe. However, when it comes to the Indian scenario, a number of additional complicated issues are faced by India owing to lack of awareness and lack of resources. With the ‘Digital India’ initiative in the news, it is obvious that more and more individuals and organisations will be using online services and infrastructure via the Cloud in the near future; and it is, therefore, necessary to analyse our position thereon and discuss whether our legal system is ready for such a revolutionary change.

The legal issues that frequently arise in the cloud are wide-ranging. However, attempting a broad generalisation, mainly four types of issues arise therein:

  1. Privacy of data and data security
  2. Issues relating to contractual relation between the cloud service provider and the customer
  3. Complex jurisdictional issues, or issues relating to the location of the data and the set of laws applicable
  4. Commercial as well as business considerations

At the outset, it may very well be clarified that though cloud computing enables the customer access to computing, networking, storage resources just like traditional outsourcing services and Application Service Providers (ASPs), it has a legal nature quite different from these two owing to its distinctive features like ‘on-demand access’, and ‘unit-based pricing’ (pay-per-use).

Privacy and data security issues:

Seemingly, the main privacy/data security issue relating to the cloud is ‘data breach’. Data breach may be in the generic sense defined as the loss of unencrypted electronically stored personal information (Buyya, Broberg, & Goscinski, 2015). A data breach can cause loss to both the provider as well as the customer in numerous ways; with identity theft and chances of debit/credit card fraud to the customer, and financial harm, loss of customer, loss of reputation, potential lawsuits et cetera for the provider.

The American law requires data breach notification to be issued of affected persons in such case of a data breach. Almost all the states in the United States now require notification of affected persons upon the occurrence of a data breach.

Talking about the Indian scenario, most of the providers are seen to attempt at lessening their risk liability in case of a data breach scenario. However, as more sensitive information is entering the cloud every passing day, businesses and corporations have started negotiating the contracts so as to insert terms that expand the contractual obligations of the providers.

Problem arises when the data is subject to more than one jurisdictions, and the jurisdictions have different laws regarding data privacy. For example, the European Union Data Privacy Directive clearly states that ‘Data cannot leave the EU unless it goes to a country that ensures an “adequate level of protection”.’ Now, although such statement makes the EU provisions easily enforceable, but it restricts the data movement thereby reducing the data efficiency.

Contracting Issues:

Clearly, licensing agreements are fundamentally different from Service agreements. Cloud essentially, in all its permutations (IaaS, PaaS, SaaS), is a service, and therefore is governed by a Service agreement instead of a Licensing agreement.

However, the main issue regarding the Cloud Service agreements is ‘contract of adhesion’. Owing to the limited expansion of Cloud Services in India, most of the time the ‘Click-wrap agreement’ model is used, causing the contract to be one of the contract of adhesion. It leaves no or little scope for negotiation on the part of the user/customer.

With the expansion of the Cloud computing, gradually the negotiation power of the large corporation will cause the Cloud Contracts to be standard and negotiated ones. However, at an individual level, this is still a far destination.

Legal provisions clearly cannot force the cloud providers to have a negotiating session with each and every customer. However, legal provisions may be made to ensure that the liability and risk responsibility clauses follow a standard pattern which compensates the user for the lack of negotiation during the formation of the contract.

Jurisdictional Issues:

Jurisdiction is the authority of a court to judge acts committed in a certain territory. Jurisdiction in case of legal issues relating to the Cloud services becomes difficult and critical because of the features of Cloud like ‘Virtualization’, and ‘Multi-tenancy’.

While virtualization ensures the requirement of less hardware and consumption of less power thereby ensuring computing efficiency, it also on the other hand makes it difficult for the cloud user or the cloud provider to know what information is housed on various machines at any given time.

Multi-tenancy refers to the ability of a cloud provider to deliver services to many individuals or organisations from a single shared software. The risk with this is that it makes it highly possible that the data of one user may be accessed in an unauthorised manner by another user since the data of various users are only virtually separated and not physically. Also, it makes it difficult to back up and restore data.

The cloud enables a great deal of flexibility in data location, which ensures maximum efficiency in data usage and accessibility. However, it creates a number of legal issues as well. It makes it quite possible a scenario that the same data may be stored in multiple locations at a given time. Now, if the multiple locations are subject to different jurisdiction and different legal system, there arises a possibility that there may be conflicting legal provisions regarding data in the two aforementioned different locations. This gives rise to most of the jurisdictional issues in Cloud computing.

Also, laws relating to confidentiality and Government access to data are different across different nations. While the Indian laws manage to strike a balance between national security and individual privacy, most of the nations do not prefer a balance and have adopted a biased view on this. Problem of conflict of laws arises herein, in such cases.

Commercial and Business Considerations:

Other commercial and business considerations like the urge to minimize risk, maintain data integrity, accessibility and availability of data as well as Service level Agreements have also significantly shaped the present as well as future of Cloud Computing in India. It also creates a number of foreseeable as well as unforeseeable issues that needs to be addressed by dedicated legislations therefor.

It is an accepted truth that Law always lags behind technical innovations, and the complexities of the Cloud innovations and related Cloud Services like Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS) will force the law and legislations to catch up in order for an effective legal system that provides legal remedies to prevent and redress the resultant harms.

Raising awareness, ensuring universal access to information, and resource mobilizing are complimentary solutions that’ll never go wrong for the Indian scenario in order to add to the effectiveness of an effective legal system.

Note: This post first appeared here.


Founder, Editor-in-chief


‘Passionate!’ That’s the only word he uses to describe himself. Questioning assumptions. Challenging hypocrisies. Making the planet a better place to live in. Can be found at


Deepening Roots of State-Sponsored Cyber Espionage

With a giant leap of technology, the concept of cyberspace emerged, demarcated by its virtual boundaries. These virtual boundaries are being penetrated through spying programmes like GhostNet, Trojan, logic-bombs or other associated malwares, shaping the concept of Cyber Espionage.

Various factors like extent and magnitude of damage caused by attacks, nature and identity of attacks and how much sensitive information is lost, play a leading role to define cyber espionage. That’s why, this concept is still devoid of any well accepted definition and different nations have their own version of cyber espionage. As per Tallinn Manual, “cyber espionage is an act undertaken clandestinely or under false pretences that uses cyber capabilities to gather information with the intention of communicating it to the opposing party.”

Increasing dependence on technology, where classified information finds its place in databases, the amount of state-sponsored espionage has also increased. Espionage is an age old state tacit, which also finds mention in Kautilya’s Arthasastra. Edward Snowden revelations in June 2013 and recent global cyber espionage incidents brought that issue on centre stage. These cyber stunts not only insult the sovereignty of a State but also lead to major economic drain.

Concerning the gravity of issue, it cannot be attached to mere incidents of technology misuse but revolves around serious politico-legal repercussions. Cyber espionage has the potential to steal trade secrets, valuable intellectual property as well as confidential information regarding a nation’s security system.  Leading members of world fraternity are being accused of crossing their red line in the virtual space. Russia, China and America are proclaimed as most notorious violators of cyber ethics. Though, it would be a great folly to limit these violations only to few standard countries. In the secret cover of screens, many countries around the world are committing cyber-espionage.

Demands are being raised by various national groups to declare it a warfare activity. International law is still trying to establish a basic framework to encounter this global challenge. Ingredients that constitute offence and defence are shaping themselves in the umbrella of international law. As per Tallinn Manual, cyber space being the sovereign territory gives rise to a legitimate logic of treating cyber attacks with same seriousness as attacks on physical territory. Thus, victim nations shall be entitled to justice and reparations under the ambit of international law and propounds evolution of law thereto.

It goes without any doubt that implications of cyber espionage are indeed severe and concept like cyber warfare can take shape as a natural consequence.  However, certain section of experts rejects the claims of cyber warfare in Toto. They declare that cyber attacks are too disorganised and disjointed to take shape of real war. Owing to constant media coverage, public perception hints towards the escalation of cyber attacks into full-scale war. The reality check rejects all these perception because the scale of these attacks is less than 4%. Public perception is being shaped by media as well as politics. One can sensitise the issue and broadcast a productive story while others can direct public policy in lieu of combating cyber espionage. However, barring the equation of cyber espionage with warfare, cyber attacks do deserve a legal sensitive framework governing the international fraternity.




Deepika Sangwan is a second-year student at Army Institute of Law, Mohali. She is an Editor at college magazine ‘AILITE 2016-2017’. She believes that writing gives clarity & depth to one’s thoughts. Apart from decorating facts with reasoning, cycling is her favourite pass time.


Beware of the Hacker!

A friend was pissed off recently because he was informed by others of unusual posts from his Facebook account. He had been offline for sometime only to be called back with abnormal activity happening on his wall. A rant from him partly read as follows,

“Am sorry friends for all the posts on your walls in my name. Please know that am not responsible. Some fellow has hacked my account and is out to spoil my good name. Am fixing things and hope to find this fellow.”

Well, my friend was not the first one to have their Facebook account hacked. I had seen several complaints from different people, even from other social media platforms. Thing is, the culprits are in most cases never found and so, after the owners of the accounts have fixed things and changed their privacy settings, the incidents are soon forgotten and life goes on.

Hacking is just but one form of cyber crime, maybe the most common and yet the one that people mostly brush off as not being serious, despite the serious consequences that come with it. The definitions of cyber crime vary largely because of the vast forms it takes as well as the jurisdictions. However, what remains constant in those various definitions is the fact that the computer, computer system or internet is often involved either as a target or a medium of committing the crime.[1] In this blog post though, I will restrain myself to hacking as an offence and why any hacker out there should think twice before continuing with their acts.

A straight forward definition of hacking is the use of a computer to gain unauthorized access to data in a system. Norton classifies hacking as a type 1 cyber crime done where hackers take advantage of the flaws in a computer system to carry out a crime.[2] Hackers hack into computer databases for various reasons, including facilitation of identity theft to be able to commit other crimes, to defraud corporations or individuals as well as hacking government databases to expose state secrets.[3]

In the UK, hacking is an offence under the Computer Misuse Act of 1990. This is provided for by Section 1 of the Act which provides for unauthorized access to computer material, which hacking is part of. The Police and Justice Act of 2006 made some amendments to sections 1-3 of the Computer Misuse Act making the maximum sentence the offence of unauthorized access to computer material to be two years. The Indian Information Technology Act of 2000 under section 65 provides for 3 years imprisonment or a fine of up to 2 Iakhs or both for the offence of tampering with computer source documents which hacking is part of.

In the US, hackers are punished for their acts by a number of different crimes depending on the varying circumstances under which the crimes were committed as well as par the different computer crime statutes available. The penalties include imprisonment of between six months and twenty years depending on the statute under which one is found liable and the veracity of the crime as well as fines between $ 1000 to $15000 or both the prescribed fine and imprisonment.

Advances in technology coupled with increased internet use are some of the reasons hacking has become common across the globe. Criminals have thus realized that they need not be physically present at a place to commit whatever crimes they want and are thus hiding behind keyboards and doing so much mischief. Some do it for fun; just to show others how good they are with technology. This is why more and more governments have or are coming up with laws to curb hacking and protect themselves as well as their subjects from the acts of hackers.

Most forms of cyber crime, hacking included have a concept of being borderless, that is, they can be committed in a different country and the effects are felt in another country. With this concept may arise the problem of jurisdiction, especially so where one country lacks provisions on a form of cyber crime. This is the reason international and regional instruments such as the Budapest Convention and the African Union Convention on Cyber Security and Personal Data Protection encourage cooperation between states in the prosecution of cybercrimes and other computer related crimes.

It goes without saying therefore that you ought to take hacking seriously as an offence punishable under law just in case you were not. One may ask why it is an offence, and here is the reason. Hacking is a breach to key human rights such as the right to privacy and right to property because most of the information targeted by hackers is private and confidential which they use against their victims. Also, the property being violated does not belong to the hacker and hence hackers interfere with the real owner’s right to enjoy the ownership and use of their property.

[1] <> accessed on 9/3/2017

[2] < > accessed on 9/3/2017

[3] <> accessed on 10/3/2017




Deborah Mulemiah is currently a postgraduate diploma in Law at the Kenya School of Law. Passionate about law and literature.

Reporting a cyber crime in India with just an e-mail

“Yesterday only, I received a call on my mobile device from an unknown number. The anonymous caller presented himself as some bank officer who was in immediate need of my ATM card number and CVV. After politely informing him that I’m a law student, I did disconnect the call.”

Well, not a new thing. Such happenings are way too common in our friend circle, family friends, and even ourselves and our parents. Law knowing persons including law professors, practitioners, and law students regularly receive phishing attempts, impersonating calls and emails on their electronic devices. What’s worse is that they choose to ignore such happenings.

Thanks to the recent legal developments in the Indian legal system, we can report such incidents just by dropping an email or reporting it to the local cyber cell.

What to report

Any cybercrime can be reported following the undermentioned steps. Whether a person is asking for your secret information or someone threatening you over Facebook, whether someone hate-texting you on Twitter or sending you sexually inappropriate messages on Whatsapp, you can (and must) report the incident by following the undermentioned steps.

For a rough idea regarding the ambit of the term ‘cybercrime’, it includes any illegal act that involves the usage of a computer or networking device. Read more here.

Where to report

Cyber crimes have global jurisdiction according to the IT legislation and therefore a complaint can be lodged in any cyber cell as per convenience.

How to report

First, you have to write an application addressing to the head of the cyber crime cell (head of the particular cyber crime cell to which you chose to report).

Note – Your application should include the following details:

  • Name
  • Address
  • E-mail address
  • Phone number

Second, attach the relevant and required documents. The type of documents required vary from offence to offence. For example, in case of hacking, you need to provide documents like logs of the server, a copy of the defected page, a copy of the original page, control mechanism details, list of suspects etc. In case of an impersonating call or message, the required documents include such call/message log, sender/caller details, impersonating details etc. Broadly speaking, attach any document that proves the existence of a prima facie case.

Third, send the email (along with the attached documents) to the concerned cyber crime cell using the contact details mentioned below.

Addresses of Cyber Crime Investigation Cells in India


Cyber Crime Police Station,

CID Annexe Building, Carlton House,

# 1, Palace Road,

Bangalore – 560001.

Telephone: +91- 080- 22942475, +91- 080- 22943050




SIDCO Electronics Complex,

Block No. 3, First Floor,

Guindy Industrial Estate,

Chennai -32

Ph: 044 22502526




Central Bureau of Investigation,

Plot No. 5-B, 6th Floor, CGO Complex,

Lodhi Road, New Delhi – 110003

Ph:+91-11-4362203, +91-11-4392424




In Charge Cyber Crime Police Station,

Hyderabad City.

Email :




ACP   Inspector Cyber Crimes

Sub-Inspector Cyber Crimes

IT Cell    Special Branch

Ph: 9491 039 167, 9491 039 172

9491 039 088, 040-2785 3413



Cyber Crime Investigation Cell,

Crime Branch, 4th Floor,

Administrative Building No. 1,

Near Udyog Bhavan,

Civil Lines, Nagpur-01.

Tel: +91 – 712 – 2566766



Office of Commissioner of Police

2, Sadhu Vaswani Road,

Camp, Pune – 411001

Phone: +91-20-020-26126296, 26122880, 26208250

Fax: 020 26128105.


E-Mail: /


Cyber Crime Investigation cell,

Annex III, 1st floor, Office of the Commissioner of Police,

D.N.Road, Mumbai – 400001

Ph: +91-22- 24691233

Web site:

E-mail id:



Website :


Ph: +91-9672700012



Madhya Pradesh

Inspector General of Police


Bhopal (M.P.)






Helpline Numbers:







3rd Floor, Office of Commissioner of Police,

Khalkar Lane, Court Naka, Thane (W)

Ph: 022-25410986



Uttar Pradesh

Cyber Complaints Redressal Cell,

Nodal Officer Cyber Crime Unit Agra,

Agra Range 7,Kutchery Road,


Uttar Pradesh

Ph : 0562-2463343, Fax: 0562-2261000



West Bengal


IIIrd Floor ,Bhawani Bhawan

Alipore, Kolkata – 700 0027

Phone Numbers – 033 2450 6100

Fax Number – 033 2450 6174




DIG, CID, Crime and Railways
Fifth Floor
Police Bhavan
Sector 18, Gandhinagar 382 018
Contact Details:
+91-79-2325 4384

+91-79-2325 0798
+91-79-2325 3917 (Fax)


IG-CID, Organized Crime

Rajarani Building, Doranda Ranchi, 834002

Ph: +91-651-2400 737/ 738


Don’t ignore crimes, no matter how small they may seem to be. You have a need to speak for yourself, and an obligation to lend your voice to those in need. Concluding with the words of Elie Wiesel:

“We must take sides. Neutrality helps the oppressor, never the victim. Silence encourages the tormentor, never the tormented. Sometimes we must interfere.”

– Elie Wiesel, The Night Trilogy: Night, Dawn, the Accident




‘Passionate!’ That’s the only word he uses to describe himself. Questioning assumptions. Challenging hypocrisies. Making the planet a better place to live in.

Protecting yourself against hacking

India is developing and taking a turn towards the path of digitalization. But it is our duty to keep our personal information private. It is adamant that the information can be stolen by the hackers and be used for any wrongful purpose. A man can forget but the internet never forgets and therefore, the information needs to keep in safe from the hands of the hackers. Hacking is an illicit attempt and unauthorised intrusion into hardware or software/ computer or a network.  It is the exploitation of the computer system or any private network of the company or any institution. Hacking can be done for personal conflict also. Hacking is a mala fide attempt to access or to take control over the network of others. Hacking is basically done by the hackers. There is no hard and fast rule to define and determine the hackers. Hacking is generally done by the one who is highly skilled and intelligent to crack the password of the other’s computer system or the network. Hacking is basically done by the professionals who have the knowledge of computer system in depth. If a real hacker wants to get information about your personal belongings, they can easily get that information through hacking.

Hackers are also known as “THE CRACKERS” as they crack the password of the network or the channel to get the information out of it. Hacking is a very vulnerable process and is the information is easily disclosed.

To protect yourself against hacking and getting your information be undisclosed, there are certain remedies to be followed so that the necessary and important information remains undisclosed and the hacker could not hack the computer in order to get the information.

  1. Passwords

You should create a strong password for your computer in respect of securing your data from the hackers. Passwords should be the combination of letters, numeric and symbols. You should reset the password from time to time. One should keep in mind that there should not be the same password for different accounts.

  1. Private website

If you have your own domain name, then there is a chance that your personal information including your number, an address is available to everybody. Hence, while registering, privatize your information so that hackers make not get any information.

  1. History data

The Internet has all the records what were you up to and what you are up to. So clear off the history data once in a while so that information cannot be leaked.

  1. Avoid open Wi-Fi AND Hotspot

Hackers are active through free Wi-Fi and hotspot and can steal your private data through open Wi-Fi or hotspot. Hence, avoid using the open Wi-Fi network or giving or taking hotspot connection from any other network. Instead, connect your internet in outside places.

  1. Public computers

Cyber cafes are the most reluctant places from where cyber crime happens. Using a private account through public computers may lead you in a difficult as it can go viral easily.

  1. Online transactions

These are the days where digitalization is at its peak but not to forget to use your card details alertly. There can be a chance of fraud by online companies to collect the details of your card and misuse it.


The speed of the internet is growing fast and we are lagging behind it. When we use anything, we should be aware of its pros and cons. Therefore, using internet also has its pros and cons and we should safely use it for our safety. Online transaction is on demand nowadays, and after demonetization, it has increased it pace like hell. So, while doing online transaction, we should know which all are the protected websites and from where your card details should not be leaked. We should stay cautious while using public programming system and avoid entering the personal bank accounts or social media details as there are chances for these accounts to be hacked. Nowadays, in this competitive world, every company and person needs to grow fast from the other and climb the mountain of success, for this sometimes, they hack the site or account of other person to grab the details of their marketing strategies, and hence, for this, hackers are hired by these big companies.




Sakshi Jain is currently pursuing her BLS LLB from Government Law College, Mumbai. Although she’s keen to gain knowledge and explore things going around her, her priority always stays focused on law only. Although she yearns for a career in the corporate sector, she’s quite confident regarding her capability to endure in other fields also. A passionate law student and a natural reader, she wants to complete her master degree from Harvard, Oxford, or London University.

Online sexual harassment

In India, irrespective of whether we live in the urban or the rural area, one of the things that remains a constant is misogyny. We face misogyny from our births till the end of our lives, right from female infanticide to child marriages and dowry deaths; from sexual harassment at workplace to marital rape and eve teasing; and from eve-teasing to acid-throwing and rape, women are at the receiving end of each ill-treatment. And as offended as we are with what happens in the offline/tangible world, this blog post is not about that. Slowly, like a sickly disease, this very prejudice against women can be seen permeating the digital world as well. It is kind of scary when we think about it. The online world was and is still a safe haven for many, including me. People were protected by the computer/mobile screen which does not allow for direct face-to- face communication or real relationships. Now, not so much.

Why is this so scary?

Crimes in India are all governed by the substantive law formulated under the IPC (Indian Penal Code). This means that possibly every real world offence (either a committed or an omitted act which is a violation of a legal right) that you can think of has been defined and has a quantum of punishment under the Indian Penal Code. For example, assault and battery, rape, murder, culpable homicide, theft, trespassing, outraging the modesty of women, etc. The list is endless, really.

Crimes of a sexual nature need such a great amount of evidence that most accused are acquitted (pronounced not guilty). Either the trial takes too long, or the investigation is botched, or the accused gets away on the basis of a technicality. Thus, the reality is that not all offenders are caught and put behind bars to suffer the consequences of their actions.

In comparison to other crimes against women, cyber-bullies often do not realise the nature of the wrongful act being committed by them.

Sexual harassment is a punishable offence in India, irrespective of whether it is in tangible or intangible form. It is imperative to know which acts constitute sexual harassment, and how to fight sexual harassment to have an understanding of its online aspect. Sexual harassment is defined as the unwanted intrusion of a sexual nature in the personal space of an individual.

Online sexual harassment can be punished under Section 67 of the Information Technology Act, 2000 along with relevant provisions of the IPC. For example, outraging the modesty of a woman, showing pornographic content without consent, making sexually coloured remarks or asking for sexual favors online are punishable offences under Section 67 of the Information Technology Act. This act makes transmitting or publishing obscene material in electronic form punishable by imprisonment upto 3 to 5 years and a fine of upto 5 to 10 lakh rupees.

Online sexual harassment has been found to manifest into three large categories:

a. the victim is on the receiving end of pornographic material, lewd comments and insults.

b. offensive material is posted about the victim on a public platform; or

c. offensive material of/about someone is posted without their consent.

Online sexual harassment has now become a harrowing reality faced by more than 70% of women in urban areas. In such a reality, it is of paramount importance that you know how to protect yourself from it.

Here is a step-by- step guide on how you can protect yourself against online offenders:

Step 1: Proceed with caution

A precautionary method to protect yourself is to privatise your social media accounts. This way, no anonymous user will ever be able to harass you as your posts will not show up on their feed. Also, make sure that the information you post on social media is not sensitive, i.e., photos of yourself and/or your phone number on public access networks. These can be used in a wrong way.

Step 2: Block, Block, Block

If the privatisation of your accounts is not enough and you still receive or are tagged in offending material, then you can block such a person. If anyone emails or texts you with objectionable material, block them. It’s the simplest way of protecting yourself from online trolls. All social media sites provide the facility of blocking hostile elements from your feed.

Step 3: Report to the host website

Any material which you find as derogatory to yourself or your views can be removed when you report such material to the host website. You can also report a person repeatedly for making derogatory remarks. This can get that person’s account shut down permanently by the host website.

Step 4: File an FIR

If a person is repeatedly sexually harassing you through multiple fake accounts, or publishing derogatory content posing as you, then you can file a police complaint against him/her to protect yourself.

Many women feel helpless when faced with online sexual harassment. However, one doesn’t need to live in fear anymore. Have faith in the judicial system and your modesty will be protected if the necessary precautions and actions are taken at the right time. Remember that Indian Penal Code as well as the Information Technology Act, 2000, have your back. One protects you in the real world whereas the other, in the virtual one. It must be kept in mind that the wheels of justice may be slow, but they exist nevertheless.

Now that you know about what steps to take in case you are ever faced by online trolls, let others gain from it too. Share the post, and let it reach far and wide, because someone somewhere might be facing an online harassment and may need help.



Khadija Khalil is currently pursuing 3 rd year of BLS/LLB course at Pravin Gandhi College of Law, Mumbai. With a love for the smaller things in life (being 5 ft tall), she is a geek who found law to be her fandom. Also a moot court enthusiast, because, why not.