"This website is the Wikipedia of Indian Cyber Laws".. A Visitor's remark
Bangalore Cyber Security Summit 2011, Bangalore, March 17th and 18th
Participation by Invitation. Limited Entries
Request for Invitation to be sent here.
UIDAI will be liable for KYC failures
Jan 30: It has been reported that the UID will be used as a proof of identity for telecom purpose. It means that UID will substitute the responsibility of KYC obligations cast on mobile companies. While this is good news for the mobile companies, the dependence of KYC on UID by a DOT directive exposes UID to liabilities arising out of failure of KYC. Mr Nandan has been stating that he is not worried about fraudulent use of UID since it is tied with the biometric identification and one biometric can be linked only with one UID. However, one fraudulent UID can now be used for multiple fraudulent mobile connections which can be used for various kinds of frauds. If for any reason, UID is misused will make UIDAI liable for negligence. In all the Phishing cases we are holding the Banks liable if the KYC on the fraudulent customer fails. Now similar liability falls on UIDAI. The stakes for UIDAI therefore goes up by several notches as Banks and mobile companies swear by the UID for their KYC obligations. Hope Mr Nandan has explore the consequences. Alternatively, if the Government tries to protect UIDAI through legislation, there will be chaos with Phishing and Terrorist crimes being committed with the misuse of UID and no body would be responsible for negligence. Related Article
Indian Version of Wiki leaks
Jan30: "Transparency" in public administration is a very important aspect of Governance and Internet is one of the best tools of such transparency. Wiki Leaks has contributed a lot in recent days to disclose information which is of public interest but is inconvenient to people in administration. In this context, we need to welcome emergence of www.indianleaks.in which is providing a platform for disclosure of certain public interest documents. The effort is appreciable and hopefully it will get contributions from public to make it useful. Responsibility for maintaining such sites ofcourse is very high since there is always a possibility of some unscrupulous persons sneaking in false documents. Hence the site has to maintain an impeccable integrity and well planned systems to ensure that the site is not misused. Even at the base level, as a platform to present RTI information of public interest, the site would serve an useful purpose. good wishes to the creators.
Delhi State IT Act planned
Jan 28: It appears that the State of Delhi is considering a separate legislation to enable implementation of certain IT projects in the City. Though it is referred to as the "IT Act" in this report hope the State will properly name the act so that public would not confuse with ITA 2000, or Income Tax Act. In case the intention is only to introduce certain IT initiatives, it may be sufficient to issue notification under Section 90 of ITA 2000 instead of a new Act. If the new State Act tries to legislate on introduction of surveillance cameras there is a possibility of a conflict with certain sections of ITA 2008. Hopefully these have been taken into consideration. Related Report
Data Privacy Day Celebrated
Jan28: Since 2009, US started a practice of celebrating January 28 as a "Data Privacy Day". Presently, Canada and 27 other EU countries also were joining the celebrations. From 2011, India has also joined the group of countries celebrating jan 28 as the "Data Privacy Day". On this occasion, DSCI, Bangalore Chapter had organized a meeting at IIIT B premises in which Naavi spoke on the importance of the day and shared information on some of the latest developments in the Privacy front. Mr Anurana Saluja, Infosys chaired the meeting and representatives from different IT and non IT companies attended the meeting. A copy of the presentation made by Naavi on the occasion is found here.
Banks Active in Job Fraud Support
Jan27: After many cases of Phishing, where Banks are facing liabilities, the next wave of liabilities would be on several Companies and supporting banks who are involved in Job related Phishing. Despite warnings from Naavi.org, Companies have not adopted use of authenticated e-mails for sending out employment related communication to the prospective employees. As a result it becomes easy for fraudsters to send phishing mails and collect money from public on various excuses holding out job promises. While the practice of using of unauthenticated e-mails is the main cause of the fraud, the fact that the money collected gets credited to the fraudsters accounts in various Banks and later the fraudsters become untraceable opens up a charge against such Banks of "negligence" through failure of KYC and consequent assistance to the commission of fraud. In the recent case where a student in Hyderabad filed a complaint, investigations by Police have revealed the involvement of Banks such as SBI, ICICI Bank, Union Bank, Indian Bank, Axis Bank, PNB etc. Companies whose names have been used for the fraud include Tata Motors, Maruti Suzuki, Mahindra and Mahindra etc. Related Article:
Lucknow Police file case against Facebook
Jan27: Lucknow Police have registered an FIR on Facebook for carrying content under the group "I Hate Gandhi". Along with various sections of IPC, the case has also been booked under Sec 66A of ITA 2008. The action of the Police needs to be appreciated since a defamation act against a revered figure like Mahatma Gandhi deserves to be condemned.. Related Story
Are Vested Interests at Work to manipulate RBI ?
Jan 24: The GGWG was an exercise at revising the 10 year old report of the SR Mittal Group which first addressed the requirements of the Internet Banking Era. Compared to the task which was ahead of the Mittal Group, GGWG was in a far more advantageous position since there was a decade old experience on both technology as well as the legal aspects of Technology Banking. ..
Not withstanding some good work reflected in the GGWG, it appears that the GGWG could have done far better than what it has done. This is more glaring in the chapters on Cyber Fraud and Legal Issues... More : Related Article in Techgoss
Delhi Police Files FIR under ITA 2008 for Cyber Squatting
Jan24: In an interesting interpretation of Sections 66 and 66A of ITA 2008, it appears that the Police have filed a case against a person who had "Parked" a domain in the name of pratibhapatil.com because the string of alphabets "pratibhapatil" can be read like the name of the President of India. The report suggests that there was no content in the website and it is unlikely that this case would be seen with any respect from a Court of Law. Related Report
Pune Police invoke Section 69 for interception
Jan23: Pune Police propose to seek powers from Central Government to intercept the e-mail communications of all criminals convicted of cognizable offences. The section was meant for temporary interception and it is interesting to note that the Police appear to be seeking to regularize the interception as a permanent feature. Related Article
Maharashtra Adjudicator absolves Wife of Hacking
Jan 23: In an interesting case, a husband complaining about his wife hacking into his account has appealed to CAT against the order of the Adjudicator of Maharashtra absolving the wife of the accusation. The point of debate is whether the husband shared the password with the wife and hence her access was not "Unauthorized". Allegation includes hacking of the husband's father's account also. It is not clear if the defense "password shared voluntarily extends to the father in law's account also. The incident comes under the purview of the ITA 2000 before the amendments of ITAA 2008 became effective.. Related Article
Jan 23: National Crimes Record Bureau (NCRB) has come out with the statistics of Cyber Crimes for the year 2009. Though the statistics may not indicate the complete picture of the Cyber Crime scenario, in the absence of better official statistics, it is to be considered as an indication of the status atleast in reflecting the relative changes from year to year.
A notable feature is that leaving aside Section 67 crimes, the 233 cases registered under Section 66 and 21 cases registered under Section 65 should have resulted in financial losses to some victims. In the normal course these 254 cases should have resulted in Adjudication complaints to the State Adjudicators.
The gap between crimes registered and adjudication applications filed indicates the acute ignorance amongst the victims about the availability of the adjudication facility. At the same time, if all eligible cases do get registered as adjudication complaint, the Adjudicators would find it hard to meet the responsibilities due to shortage of infrastructure...More
Carbon Trading becomes a Target of Phishing
Jan23: Though Phishing is normally associated with Banking, we have observed in India that Phishing has been targetted at Income Tax clients and many Job seekers. It is now reported that Carbon Trading has become one of the latest targets of Phishing. The fraudsters seem to have breached the security in the Carbon trading system and put through fraudulent trade transactions. It is reported that emission certificates worth Euros 28 million were stolen in the attack and the EU Emission Trading System has suspended further trading pending resolution of the problem. This is a warning signal for sock exchanges in India since similar frauds may surface in share trading also. SEBI needs to study the modus operandi of the Carbon Trading related Phishing and ensure adequate security measures to secure the share trading transactions in India. Related article
Phishing Risks under G Gopalakrishna Working Group Report
Jan 22: The GGWG has made the following comment on Phishing Risks in its report
"Of late there have been many instances of 'phishing' in the banking industry, posing a major threat to customers availing internet banking facilities. Though Section 66D of the amended IT Act could broadly be said to cover the offence of phishing, the attempt to commit the act of phishing is not made punishable. It is suggested that there is a need to specifically provide for punishment for an attempt to phish as well, in order to deter persons from attempting it"
I would however like to bring it to the notice of the observers that this has been addressed in ITA 2008. Additionally, ITA 2008 makes Phishing liable for punishment under several sections other than 66D. These observations are relevant to an analysis of Phishing cases in future... More
Role of Adjudicators in Phishing Cases Reiterated
Jan 22: One of the important observations made y the G Gopalakrishna Working Group in Electronic Banking is as follows.
The IT Act, 2000 as amended, exposes the banks to both civil and criminal liability. The civil liability could consist of exposure to pay damages by way of compensation upto Rs 5crore under the amended Information Technology Act before the Adjudicating Officer and beyond Rs 5 crore in a court of competent jurisdiction. The top management of banks could also suffer exposure to criminal liability given the provisions of Chapter XI of the amended Information Technology Act and the exposure to criminal liability could consist of imprisonment for a term which would extend from three years to life imprisonment, as also a fine. Further, various computer related offences are enumerated under various provisions of the Act. ""
The fact that the Umashankar Case has been vetted for Jurisdiction purpose both at the Adjudicator's level as well as the Cyber Appellate Tribunal Level is also another indication that the matter of jurisdiction in respect of such cases is a settled fact in law.
Since some IT Secretaries are not clear whether they can entertain adjudication applications there is a need for Cyber Appellate Tribunal and the Ministry of Communications and Information Technology , GOI to start a dialogue with the State Governments to find a proper mechanism by which the IT Secretaries are provided with infrastructure, guidance and manpower support to handle this additional responsibilities. ..More
RBI Working Group in Electronic Banking
January22: RBI released the report of the Working Group headed by G.Gopalakrishna on Information Security in Banks. After the June 14, 2001 instructions on Internet Banking based on the then working group report headed by S.R.Mittal, this report is another game changer in the Banking industry. Naavi has been in the forefront of fighting for better Information Security systems in Banks and the last year's landmark decision of the TN Adjudicator was a critical development which prompted Banks to sit up and take notice of their responsibilities. Now Banks have a more recent guideline to follow in respect of the security requirements. Watch out for more information in the impact of the Gopalakrishna report on the information security issues in Banks. Press Release: Summary of Report: Full Report :
Cyber Law Status in Pakistan
January 10: According to this report from Pakistan it appears that the ordinance on Cyber Crime which was prevalent since 2007 and commented on this site at that time has lapsed in November 2009 and there has been no action to renew the act so far. It is noticeable that at the same time ITA 2000 was amended in India Pakistan let the law lapse. Related Article
Social Networking Sites Cast New Responsibilities
January 08: Social networking sites where people post several personal experiences are causing a headache to drug companies in USA under FDA regulations. The regulations expect companies to track adverse effect of its drugs from any source of information. What is causing the problem is when some information is found on a social networking site that "Such and such a drug caused this effect" the company would be constrained to take note. FDA is expected therefore to come up with a specific guideline on how such information has to be handled. Related article
Vicarious Liabilities in Citi Bank Fraud Case
January5: The Rs 400 crore investment related fraud in Citi Bank has also raised the issue of vicarious liabilities of the CEO and Chairman of the bank. The Police are right in including the names of the CEO and Chairman in the FIR under the prima facie finding that their negligence could have caused the loss. It is however open to the executives to defend themselves that they had practiced due diligence and hence should be excused from personal liability. This is the general principle of law including ITA 2008. This is not to imply that these executives were corrupt. It is only to test if they were not negligent. Such a scrutiny is essential from the point of view of Corporate Governance to examine what precautions are being taken now and what needs to be taken in future to protect the investments of the public. Article in ET
Tapping of Mobile Phones in Mumbai
January1: The issue of mobile phone tapping has been a matter of concern to the community particularly after the Nira Radia issue. Here is an incident narrated by a journalist about a service provider who provides such a service. Unfortunately, many techno savvy persons fail to understand the difference between what is legal and illegal and end up spoiling their otherwise fruitful career. Article in Mumbaimirror
Status of Internet Broadband in India
Dec 28: The National Broadband Plan recommended by TRAI has many interesting statistics regarding the growth of Internet activity in India and its impact on the economy. According to the report the Government has acknowledged a shortfall in realization of its broadband goals in 2010. As against a targeted 20m users, the achievement has been only 10.3 million users. This amounts to a penetration of 0.8% against a tele-density of 60.99. The national broad band plan which includes setting up of a wide optic fiber network envisages provision of 75 million broadband connections by 2012 of which 17 million will be on DSL, 30 million on cable and 28 million on wireless broadband. This is expected to further increase to 160 million by 2014. Next three years is therefore expected to be a golden period for broadband connectivity in India. Copy of Report: Copy of Press Release
IT Refund Fraud.. Department Should Act
Dec 24: For some time it is reported that phishing mails in the name of the IT department are being used for internet frauds. Here is a sample of a mail sent from one of the readers of naavi.org. The hyperlink included points to an image website ovcghana.com. (Who is information available here) Probably a trojan is embedded in the link which could steal passwords. The mail is an "impersonation" and is an offence under Section 66D of ITA 2008.
It is now the responsibility of IT department to take action against the impersonator by registering a complaint for investigation with the Police. Silence amounts to facilitation of the fraud and possibly lead to vicarious liabilities. An Adjudicator or a Police Authority may also take cognizance of the presence of the mail and start an investigation.
The who is information is protected under the notorious "Privacy Protection Policy" of ICANN wih a service provider called Domains By Proxy Inc. Hence action has to start with a demand for the name and address of the registration from the proxy registrant failing which the proxy registrant should be considered as an accomplice and case should be filed on the company for recovery of compensation to the extent of a couple of million US $.
I hope IT department takes up the complaint in the interest of the general public.
Quickheal Introduces Laptop Theft identification services
Dec 17: Quickheal which is one of the indigenous manufacturers of anti virus software has introduced a free service for tracking laptops through Mac identification. Presently the service is available in select towns and is expected to be extended to other cities soon. More information
Law to enable Electronic Surveillance
Dec 16: India is considering an enactment to make it mandatory for telecom service providers to enable surveillance by the state as a security measure, on the lines of the US law "Communication Assistance for Law Enforcement Act" (CALEA): Report in ET
It may be recalled that when the licensing terms for "Landing Stations" were first released in India, they contained similar provisions. Naavi.org had also commented on the same through the article: Landing Station or Police Station?. These views expressed in 2000 before ITA 2000 became effective may require a review in the context of ITA 2000/ITA 2008 as well as the current global threat of terrorism. Probably the Supreme Court views in the Nira Radia case may also throw some light on the judicial acceptance of privacy invasion for security considerations.
Number Portability
Dec14: Mobile number portability all over India is scheduled to be introduced from 20th January 2011. According to PIB press release, the request needs to be completed within 7 days and cost not more than Rs 19. This much awaited facility should bring relief to many mobile subscribers who are stuck with inefficient service providers. There is one rumour that is floating in the market that there is a systematic effort to destabilize BSNL so that its customers can migrate to other service providers and this is behind the recent technical problems that has surfaced in BSNL. Hope the top management of BSNL take steps to dispel these doubts..
Nira Radia Tapes to test Privacy Laws
Dec9: The release of Nira Radia's tapes by the media has opened an important debate on the Privacy laws in the country. Now that Mr Ratan Tata has filed a petition at the Supreme Court, the scope of Article 21 of the Constitution and need for separate legislation for Privacy protection will come for review... Related Article : Also read cis-infis.org
The Wikileaks has also created a stir in global circles by releasing documents which are considered sensitive by different Governments opening up a debate on what is the limit to which privacy invasion can go. (See article)
Naavi.org has also raised issues arising out of Privacy protection of "Who is" services and IP address hiding in e-mails which prevent quick investigations of cyber crimes.
In 2006, the Government of India had introduced a Personal Privacy Protection Bill (Details here) which however did not get passed. Whenever a new legislation on Privacy Protection is considered it is necessary that there are adequate provisions whereby Privacy Protection Right does not become the tool for criminals to hide.
US Considering XML approach to EHR
Dec9: In order to enable better health data exchange between organizations, National Coordinator for Health IT and Centers for Medicare and Medicaid services has started the process to develop an XML based universal exchange language. Report
Chinese Cyber Threats Re Visited
Dec 5: The wiki leaks expose has confirmed the role of China as a Cyber War practitioner if ever a confirmation was required. The Chinese hacker group which released the "Blaster" worm in 2003 is believed to have Government links which have shared the source code for Windows OS. Related Article.
The task now is to consider measures of how to respond to the Chinese threats. In the light of Stuxnet type of attacks and Manchurian Chips, the supply of computer/Telecommunication hardware from China is the biggest source of security risk.
IISC led committee for security certification of telecom equipments was set up for this purpose. Hope it would take some measures that would help mitigate this China-hardware risk.
PR Syndicate honours 'Cyber Law Guru of India', Na.Vijayashankar PR Syndicate, (an organization of Corporate PR Professionals in Chennai,) celebrated its First Anniversary on 20th January 2007 at Russian Cultural Centre. On the occasion, "Award of Excellence in Public Life" was presented to 'Cyber Law Guru of India' Na.Vijayashankar...More |
What is Naavi.org?
Naavi.org is India's premier portal on Cyber Law. It is not only an information portal containing information on several aspects concerning Information Technology Law in India but also represents the focal point of several services around Cyber Law carried on by Naavi.
The first such service is the Cyber Law College a virtual Cyber Law education center in India which provides various courses on Cyber Law.
The second key service is the Cyber Evidence Archival center which provides a key service to help administration of justice in Cyber Crime cases.
The third key service is the domain name look-alikes dispute resolution service which provides a unique solution for websites with similar looking domain names to co exist.
The fourth key service is the online mediation and arbitration service another unique global service.
The fifth key service is the CyLawCom service which represents the Cyber Law Compliance related education, audit and implementation assistance service.
Additionally, Naavi.org is in the process of development of four sub organizations namely the Digital Society Foundation, Naavi.net, International Cyber Law Research Center and Cyber Crime Complaints and Resolution Assistance Center. Digital Society Foundation is a Trust formed with the objective of representing the voice of Netizens in various fora and work like an NGO to protect their interests. Naavi.net is meant to develop a collaborative distributed network of LPO consultants. International Cyber Law Research Center would support research in Cyber Laws and Cyber Crime Complaints and Resolution Assistance Center would try to provide some support to victims of Cyber Crimes.
Together, Naavi.org represents a "Cyber Law Vision" that goes beyond being a mere portal. Started in 1997, when the concept of Cyber Law was new across the globe, consistent efforts over the last decade has brought Naavi.org to the beginning of "Phase 2" in which the services are ready to reach out to a larger section. This is recognized as the phase of collaborations and growth by association. Naavi.org will therefore be entering into a series of associations to develop each dimension of its vision with an appropriate partner. Individuals, Organizations and Commercial houses which have synergistic relationship with the activities of Naavi.org are welcome to join hands in commercial and non commercial projects of Naavi.org.
Naavi
If you would like to know more about Naavi, the information is available here.
For Any Payments to be made to Naavi online : Naavi_s Payment Center