|
Chennai Cyber Crime AC Gets an Award
The Tamilnadu State Government announced today that Mr S.Balu, Assistant Commissioner of Police, Cyber Crime Cell, Chennai has been chosen for an award for "Excellence in Investigation". It may be recalled here that Chennai Cyber Crime Police Station attached to the Commissioner's Office had the distinction of getting the first conviction under Section 67 of ITA-2000 in November 2004. In a case involving posting of an obscene and harassing information about a lady in a Yahoo e-Group, Mr Balu traced the offender in Mumbai and though the crime had been committed through a Cyber Cafe, was able to gather enough evidence to get conviction. The entire proceedings were completed in a record time of 7 months proving the efficiency of the prosecution process. Naavi.org congratulates Mr Balu for the recognition achieved for a meritorious performance.
Related article: First Conviction Under Sec 67 of ITA-2000
Bangalore Cyber Police Stage a PR Coup
While "Creating Awareness" has been one of the challenges in battling Cyber Crimes, the recent PR Coup achieved by Bangalore Cyber Crime Police Station deserves a special mention. It was refreshing to see last week a replica of the Cyber Police Station on a popular prime time TV serial, "JagaLagaMTiyaru" in Udaya TV (Kannada) addressing a SMS related complaint from a member of the public. The Office in Charge (the Actor) was also given the opportunity to explain how Police are confident of tracing such crimes and assured the public indirectly about their capability. He also addressed the issue of public reluctance to bring complaints to their notice and assured confidentiality of identity and friendly support from the Police to the victims. It appears that the future episode will also address the issue of how those who follow up such SMS and solicit women will also be caught and punished.
The episode was extremely useful in creating an instant awareness of such crimes, the existence of such Police Stations and in creating confidence in the minds of the public. Hopefully other states will also use similar measures to spread awareness of Cyber Crimes.
Cyber Game Claims a Life
It is strange to believe that a 28 year young person left his job to play Computer game, played a marathon 50 hour battle simulation game and immediately thereafter died of heart attack induced by exhaustion. This real life story has been reported from South Korea and brings to focus the addictive nature of Cyber Games. This is a warning signal for parents in India who are seeing more and more children getting addicted to Computer games. Addiction to Computer games is the first step towards games in Cyber Space where the risk of addiction are higher. Cyber Sociologists should start thinking of the means to check this menace. (Your views in this regard are welcome).. Report in chron.com.
Computer Generated Bank Statements
A question is often raised on the fact that some Banks send unsigned statements of accounts to the clients with the note "This is a computer generated statement and does not require signature". Consequent to the passing of the ITA-2000, a statement of this nature appears to be out of synch with the legal provisions.
ITA-2000 provides for the methodology to authenticate any computer generated document both when it is presented in electronic form or when it is printed out. Hence non adherence to the ITA-2000 procedure could be considered as non compliance of a Cyber Law provision. Banks and other organizations in India need to revisit this area soon.
MNC Banks need to realize that they are bound by laws in India in this respect and they cannot import a US law which may allow such unsigned computer print outs to be accepted in law.
Mumbai Floods and Due Diligence
The unprecedented floods in Mumbai on 27th July 2005 crippled many national networks. Some of the critical networks that stopped functioning included Banking networks. many ATM networks also appear to have been affected.
Despite the enormity of the event, it is such events that test the robustness of the Disaster Recovery and Business Continuity Plans of critical networks. Perhaps Indian Banking system has not come out of this incident in flying colours.
Lack of adequate BCP is not only an issue of deficiency in Customer Service opening up claims of damages in Consumer Courts but also will open up a charge of lack of "Due Diligence". In case any fraud is occasioned as a result of the network failure, Banks may be held negligent both under Negotiable Instrument's Act as well as Information Technology Act 2000.
It is time Banks take a re-look at their DRP and BCP plans for their critical operational networks.
This MMS Can Land You in Jail
Police in Lucknow are reportedly making random checks of mobiles for presence of Osama Bin Laden's promotional videos which are said to be in circulation....Report in IE
CySi Round Table on Cyber Crimes
Cyber Society of India and Prime Point Foundation jointly organized a 'Round Table on Challenges to Cyber Crimes" in Chennai on July 23rd. Mr T.Theethan, Chairman of CySi presided over the meeting. Mrs R.Rajalakshmi, Director STPI inaugurated the event. Mr Suresh Kamath, Chairman, Laser Soft was the chief guest. Mr R.Ramamurthy, Vice Chairman of CySi gave the concluding remarks. Mr S.Balu, Assistant Commissioner of Police, Cyber Crime Cell and Naavi participated in the discussions to clarify the issues raised. Several eminent persons from the industry also participated and contributed with their valuable views.Mr K.Srinivasan, Prime Point Foundation, proposed the vote of thanks.
Some Reports: Chennai online : Telegraph : News Today
"Aggressive Defence" as a Preventive Measure.....Praveen Dalal
When a property owner takes measures to protect his property, such measures may include steps which may inflict counter damage to the attempted offender. Is this legal? If so does it call for any moderation? How does Indian laws address this issue? are some of the points discussed by Mr Praveen Dalal in this informative article.
New Privacy Protection Measure in California on the anvil
The Californian Bill "Identity Information Protection Act of 2005" has incorporated certain regulations on RFID usage which have raised a debate on the constitutionality of some of the propositions. Existing law, the Information Practices Act of 1977, regulated the collection and disclosure of personal information regarding individuals by state agencies, except as specified. The new Act will extend the principles of data protection to collection of data through contact less data transmission.
At a time when the BPO industry in India is contemplating on providing RFID tags to its employees it is necessary to note that the information gathered though such RFID tagging needs to be handled with care as it is prone to charges of privacy violation as defined in the Californian Bill.
We Said It ...It is Here..BPO Regulatory Authority
Naavi.org had already pointed out that one of the solutions to the BPO problems is setting up a BPO Regulatory Authority of India. We are glad to note that a move in this regard is being made by Nasscom.
It is as much important to plan "How We Do it" as "What we do" if we need to secure our BPO industry. Our main thought is that it would be more appropriate if we say that what we want is a "BPO Development Authority of India" instead of "BPO Regulatory Authority of India".
Naavi will be happy to share his thoughts on the structuring of the authority in case Nasscom is open to receiving such suggestions.
I had made a reference to "Adult Pass" as one of the suggestions to regulation of por.nography in my previous article. Some have sent me a request to elaborate on the same. Hence this article..Details
Comments from Mr Praveen Dalal
A strange debate has been raised in the Post Mallika Sheravat MMS scam whether Por.n should be legalized?. Times of India carries this story where several experts seem to agree on this controversial aspect. ...
Now that this issue has been brought up for debate, the ITA-2000 review committee which is formulating laws for Cyber Cafe regulation amongst other things should take note and probably suggest that
"A new exclusive TLD (.xxx.in) should be created under the dot in domain where adult material may be held immune from the operation of section 67 of ITA-2000, provided however that all ISPs filter the domain and provide access only to those who hold an "Adult Pass" issued in the form of a new category of Digital Certificate".
This provision will satisfy the economic sense since it can attract global por.nographic players to the dot in domain and also increase the market for digital certificates...Detailed Article
The Champion of Data Protection now has to rethink..
UK has been championing the cause for a high degree of "Privacy" and "Data Protection". India has been blamed for lack of similar laws. Even in the current BPO turmoil, many have advocated strong "Data Protection Laws", little realizing that such a law is inseparable with "Privacy Rights" and is in conflict with the security concerns of a terrorist threatened country like India. US realized the concern after 9/11. Now UK will perhaps realize that "Human Rights" and "Privacy" has to be subordinated to the "National Security" and however much we dislike it, there is no other choice.
Results Out.. Certificates Not...
In the Internet age, it has become common for university and secondary exam results to be published on the web. More often than not candidates will be seeking admissions to other institutions or applying for jobs based on such results even before formal certificates are issued by the agencies.
This strange but true problem of the young achievers is being addressed by Cyber Evidence Archival Center with a proposal to extend its service to the issue of "Section 65 B-IEA Certified Copies of Web Published Marks Cards"...Details
ISO 27001 is Here..replacing BS7799
A significant change has occurred with respect to the information security standards with the publication of the ISO 27001 draft standards. ISO 27001 is the replacement for BS7799. The new (draft) version has incorporated a number of significant changes. It further 'harmonizes' the approach with other management standards, such as ISO 9001, and builds further upon the PDCA model (Plan-Do-Check-Act).
Is Women's Harassment Legislation Amenable to Abuse?
The brief reference made in naavi.org on the "Sexual Harassment of Women at Work Place (Prevention) Bill 2003 (SHWWPP Bill) has evoked some interesting responses.
Here is an interesting response that has come forth....Read here for Details
The new draft which is now being considered is lot milder and sensible and hopefully the earlier version does not resurface during the time the new version is discussed in the Parliament.
From the news paper reports, it is understood that the ITA-review Committee will have a decisive meeting some time during the next two weeks and finalize its recommendations to the Government. In this connection, Naavi.org will present a series of suggestions that could be discussed by the committee. I request the public to send me their comments on the same.
There are fifteen suggestions presently listed for discussion and they are available in the following links.
Spam | Squatting | Terrorism | Data Protection |
CRAT | Hacking | Stalking | Abuse |
Interception | CRAC | Secured DS | Marriage |
Civil Liabilities for all offences | Enhancing Civil Liabilities | Miscellaneous |
A Positive List of BPO Employees
Naavi has proposed to maintain a system which addresses the need for certain BPO employee register which is a "Positive List" of employees who are "Preferred for Employment" rather than a "Negative List".
If Nasscom is willing to take the responsibility for running such a programme, Naavi will be happy to provide any assistance required in this regard. Considering the enormity of the task on hand, it is proposed that Nasscom should take the lead in setting up a Security BPO for BPOs with the participation of the industry players to address the security and image problems of Indian BPOs. ..Details : Related response and comment
No Negative List Please...Let's Be Positive !!
While it is fine to think that an employee who has committed a fraud in one BPO should not be given an employment in any other BPO, and the register of BPO employees will serve as the "Negative List" for this purpose, it is necessary to also consider the legal, moral, social and political aspects of the suggestion.
When even a murder accused is considered "Innocent until proved guilty" and often this argument continues until the Supreme Court decides on the appeal, condemning an employee through a departmental enquiry process is untenable however good the system may be. The move to keep the register as a "Negative List" or even a "Grey List" of "Possible Tendency for Misconduct" is therefore a non starter....More
National E-Employment Exchange Project
One of the suggestions that are being discussed in the industry circles after the recent frauds in the BPO industry is "Creation of an Employee Register". ...it appears that the Nasscom BPO Employee's Register Project is better implemented as a "National E-Employment Exchange Project" with a distributed state level data bases maintained by each of the States....Detailed Article
Provisions of the Proposed US Privacy Act
The new privacy act proposed in USA proposed increased penalty for identity theft, makes it punishable of a security breach is not reported, increases transparency in data collection and imposes fines upto US $ 15000/- per day of violation in certain cases.... Details
FBI Arrests Online Pirates
In a well executed sting operation run for over two years, FBI is said to have trapped several online pirates of movies and software. One of the accused is an Indian, Chirayu Patel, an Indian-American student based in Fremont, California, who the Bureau has charged with conspiracy, criminal copyright infringement and aiding and abetting. Report in TOI
Data Protection? or BPO Regulation?
Considering the recent developments, it is reasonable to expect that we shall soon be seeing a "Data Protection Act of India" as a response to the Sting Operation of SUN.
Now it is time for us to look at what such a "Data Protection Act" may contain and how it will address the issues presently discussed...Details
Privacy in India: Need for a national level study
India is becoming a leader in Business Process Outsourcing (BPO), increasing amounts of personal data from other countries are flowing into India. Mr K. Ponnurangam, PhD, Student at School of Computer Science, Carnegie Mellon University, USA, highlights the need for a statistical survey on the attitude and awareness of Privacy rights in India....Details
US Senators Propose Sweeping Data Protection Law
A sweeping law on data protection is being proposed in US as reported here by news.com. Experts are divided on their opinion on certain aspects of the Bill such as providing data base access to data subjects. However, when India is debating a law of this nature, this would be a good reference document.
Cyber crimes: Can the West trust Indian BPOs?
This report in Economic Times reflects on the legal provisions that address the BPO frauds. The article rightly points out one of the hidden risk areas of "Sub Contracting" that is prevalent in the industry.
Is "BPO Regulator of India" a Solution?
Though there has been a wide spread discussion on the need for "Data Protection Act" in India, it is to be clarified that what appears to be the concern of the industry today in India is the preservation of BPO business and not necessarily the Privacy Rights of an individual drawn from the Human Rights principle.
A "Data Protection Act" of the type in vogue in UK is therefore unlikely to be of interest and if an attempt is made to name the new law as "Data Protection Act of India", then it will be a highly watered down version of the Internationally accepted guidelines.
In this context, we need to think at an alternate option of a "BPO Regulator" who will ensure adequate security standards on a national scale in the BPO industry through its regulatory measures. If this is accepted, the requirements of the BPO industry as being demanded now can be disposed off with one single amendment to ITA-2000 to appoint such a regulator and leave it to him to finalize the procedural aspects of data protection within the industry through notifications.
I invite a debate on this thought. (Comments welcome)
720 pages of Comprehensive Coverage on Cyber Laws Naavi's "Cyber Laws in India..ITA-2000 and Beyond", first E-Book on Cyber Laws to be published in India consisting of 720 pages of comprehensive coverage on Cyber Laws and relevant issues, available for online purchase at RS 300/- in download form and at RS 400/- on CD. For more information click here. |
If you would like to know more about Naavi, the information is available here.
For Any Payments to be made to Naavi online : Naavi_s Payment Center