portal on cyber laws in india, from naavi the cyber law guru of india and an encyclopeida of Cyber Law Cases India, Cyber Crime, Fraud Prevention, Phishing, cyber laws for engineers, cyber laws for every one, cyber crimes and ITA 2008, Internet Law, infor

Let's Build a Responsible Cyber Society
15^th Year in service of Netizens

Archived e-books

Cyber Laws for Every Netizen-2004

ITAA 2005-
You Be The Judge

Cyber Laws for Every Netizen-1999

Naavi's Payment
Center

USD-INR Rate

Contact Address

E-Mail

About Us

Consultancy

Affiliation

Trademarks

Business Enquiries

Advertising

Cyber Law Forum

RSS Subscription

"This website is the Wikipedia of Indian Cyber Laws".. A Visitor's remark

"Watch This Site as a Daily Habit. It may save careers".. A Banker's remark as an advise to fellow Bankers

Naavi.org wishes all its visitors a happy and prosperous 2012

US Court orders de-indexing of sites in search engines

Nov30: In what can be considered as a very significant decision a federal judge in Nevada ordered all Internet search engines and social media websites to de-index 228 domain names of sites which sold fake goods. The disputed domain names have been ordered to be seized and handed over to a registrar "GoDaddy". Though the order raises several operational questions, the order is significant to the extent that domain names have been considered as capable of being "Seized" and "handed over to safe custody". Further developments would be interesting. Related Article

Lok Adalat can pass orders on Sec 138 cases

Nov 29: The Supreme Court ruled that Lok Adalat can decide on Cheque bounce cases under Sec 138 of NI Act. In giving its ruling, SC has highlighted the object and purpose of Lok Adalats to find a cost effective solution to reduce the pending cases in other Courts. Related Report.

This view is important for Cyber Laws since there is at present some doubt about the role of Adjudicators and Cyber Appellate Tribunal regarding powers to adjudge on criminal issues coming under Chapter XI of ITA 2008. While Section 46 of ITA 2008 empowers the Adjudicating officer for adjudging contravention on "any provisions of this Act", and also empowered imposition of "penalty", the rules made there under restricted itself to "award of compensation" for a damage. It is therefore debatable if the rules could have been framed even for the handling the complaints under Chapter XI and the department has not considered the same.

Since the Adjudicator/CAT is empowered to frame its own rules, it is possible at some point in future for a pioneering Adjudicator/CAT to frame its own rules and proceed to award penalties under Chapter XI of ITA 2008. Probably Supreme Court would accept such extension of the powers of Adjduicator/CAT for the purpose of providing quick justice to the community.

Hacking Does not pay

Nov28: A hacker who tried to negotiate a job by threat of disclosing confidential information has been arrested in US. The Hungarian hacked into the computers of Marriott hotel and negotiated with an under cover agent of US secret service drafted by the hotel demanding that he be employed. He was invited for an employment interview which was taken by the cover agent and the hacker disclosed all the details of his activity. A case has been booked and he has now pleaded guilty. It is expected that he may face an imprisonment of atleast 10 years. This should be a lesson for the misguided youth who some times think that they can demonstrate their hacking skills and use it for getting an employment. Related Article

We may recall an earlier incident in which Naavi.org pointed out a similar incident in India involving hacking of Government websites by an agency which wanted security contracts from the Government. However Government of India did not take any action in contrast with the action taken by Marriot hotel in consultation with the US secret service.

UK National Cyber Security Strategy

Nov 27: UK Government announced its new Cyber Security Strategy for building a more trusted and resilient digital environment. Report : Strategy document

Case filed to declare Aadhar as illegal

Nov26: A case has been filed in Bangalore to declare Aadhar as "Illegal". Plaintiffs have cited various reasons including security, procedures, contract related issues as well as privacy violation. etc. Copy of the plaint

Yahoo Challenges GOI order

Nov 26: Yahoo has challenged the order of GOI imposing a fine of Rs 11 lakhs for refusing to part with some information demanded by the Government. The details sought for was regarding the e-mails sent claiming responsibility for the Delhi High Court blast. While Yahoo has raised a defense that it is duty bound to protect "Privacy", it is on a slippery ground as it is trying to protect the privacy of persons who are either mischievous and trying to mislead a terror investigation or preventing the culprits being identified in time. While the procedure used by GOI may be debated, it is unclear why the Government pursued the financial penalty route rather than prosecuting Yahoo on criminal charges. Yahoo should be happy that it has not happened as yet. Report in TOI

Estimate of Phishing Cases in India

Nov26: According to an answer provided by Minister Sachin Pilot in Parliament, 508 and 386 phishing cases was reported to CERT-In in the year 2010 and during January-October 2011 respectively. ..Report : TOI report

HIPAA-HITECH Act deadline extended

Nov 25: The deadline for switchover of HIPAA electronic transaction standards from 4010 to 5010 scheduled for 1st January 2012 has been extended by CMS to end of March 2012. CMS' Office has announced that it will not take any 5010-related enforcement actions before the end of March. However, it will accept complaints about non-compliance with the rule before then, and it could require covered entities to show evidence of a good-faith effort to comply. The reason is the lack of preparedness of the industry for the switchover which also reflects the failure of software vendors to complete migration requirements and testing. Related Article

NCRB Statistics on Cyber Crimes

Nov 24: NCRB has now released the crime statistics for 2010 as in the previous years. According to information released, a total of 966 cases have been registered across the country under Section 65, 66 and 67 of ITA 2008. Additionally 14 cases are registered under Sections 72,73,74 related to digital signatures, 3 cases have been booked under Section 70, 15 cases under Section 72. ..Details

Cyber Insurance is possible

Nov 24: Naavi has been advocating introduction of insurance for Cyber Crimes in India for a long time now. However the insurance agencies donot seem to have progressed much on the issue. It is therefore interesting to read about this case study on an educational institution's experience on Cyber insurance

Lucknow Police say admit their ignorance about Cyber Crimes

Nov 24: Lucknow Police reportedly have admitted that they are unable to take action on a Cyber Crime complaint because they are ignorant. According to a report in daijiworld.com, Police have failed to take any action on a complaint made on Facebook about objectionable content. The complainant has now approached the High Court for necessary instructions. The plea of the Police is surprising since it is neither true nor acceptable.

The subject complaint is a simple case and does not require much of investigations. Facebook has corporate presence in Hyderabad and its executives are available for answering the summons. Facebook has a substantial virtual presence in India and can be blocked by the Government of India if it choses to be a "rogue intermediary" and refuses to be answerable to Indian law. Hence inability to proceed with the investigation cannot be excused.

It is another matter for the Court to consider the facts of the case and take a view on the complaint.

I am personally aware that the Police in Lucknow are reasonably aware of Cyber Crimes and have successfully cracked other difficult cyber investigations. The refusal to handle the complaint against Facebook therefore indicates other reasons. The fact that the complainant's husband is an IPS officer might have contributed to the non cooperation.

Data Retention in Companies..Survey by Symantec

Nov22: A global survey by Symantec over 2000 organizations indicate that only 20% of organizations have a formal information retention plan. According to the survey 37 percent don’t see a need for an information retention policy. Plus, 32 percent say that they don’t have the time for it, while an equal number say they haven’t given anyone in their departments the responsibility of drafting one. This finding indicates that most Indian companies are in non compliance of Section 67C of ITA 2008. Report

TRAI Guidelines on Blocking of Lost Mobiles ..expected

Nov20: TRAI is finalizing the guidelines for blocking lost mobiles and is expected to issue the guidelines in another month. The move is welcome and long overdue. However it is necessary for TRAI to ensure that "Blocking of Handsets" will not be used by Cyber Fraudsters who want to disable mobile alerts in respect of Banking transactions. We are presently observing Phishing fraudsters disabling SIM cards by reporting them as "lost" so that alerts donot reach the customers. Now they may also report loss of handsets for the same purpose. report

Website Terms and Unauthorized Access

Nov 19: During the Megan Meir Cyber bullying case in US there was a discussion about whether registering a false profile on Social Networking sites and availing the services amounted to "Unauthorized Access" under the Computer Abuse Act. Now the Cyber Crime department in US is seeking authority to prosecute web service users for "unauthorized access". In particular the department seeks to prosecute insiders who steal sensitive information and use it for commission of other offences. Related Report

Rs 99 Lakh Bank Fraud in Bangalore

Nov18: In another failure of the mobile banking services offered by Banks, a businessman has been defrauded of Rs 99 lakhs in Bangalore. The fraud involved telephonic instruction to change an email ID, change in mobile number registered with the Bank, obtaining a chequebook and forging the signature. In the whole episode substantial negligence is seen in the manner the Bank has handled the issue. While the Police are in search of the fraudsters, the Bank having passed forged cheques need to immediately make good the amount to the customer. The report is silent on this aspect. Report in Bangalore Mirror

Chennai Banks Forced to pay

Nov 18: After the Chennai Police unearthed a major credit card scam, it is reported that Banks have started reimbursing the losses to the customers on the basis of FIRs lodged. Canara Bank and ICICI Banks are reported to have repaid Rs 8 lakhs against 15 complaints so far. A total of 247 complaints have been filed with the Police in this connection. The total loss is estimated to be Rs 1.5 crores. Of the 247 instances, 92 cases are from Canara Bank. The credit for this change of heart by Banks may perhaps belong to the Chennai police for persuading Banks to accept liability since it is a common knowledge that Banks often resist the customer's demands in such cases. Report in Hindu

Bank of India and Police in Bangalore needs to take note of this development with reference to the complaint filed by Mr S Nagaraja regarding fraudulent withdrawal through ATMs. It must be reiterated that in this case the Banking Ombudsman in Bangalore Mr S Palanisamy failed to provide justice to the victim and Deputy Governor of RBI also failed to intervene. In this case also Canara Bank was involved indirectly since the money was withdrawn through Canara Bank ATM which did not have CCTV installed. Bank of India took the unfair stand to which Mr Palanisamy agreed that since the ATM has recorded that "Transaction was successful", it is the responsibility of the customer to provide evidence that he did not draw the money himself. The lack of CCTV facility was conveniently used by the banks to avoid their liability and the banking Ombudsman did not find any fault with the Bank.

Naavi.org is still looking for clarification from Dr Chakravarthy, Deputy Governor RBI in this regard.

Earlier articles: Innocent Bank Customer Suffers of ATM Card Cloning Fraud : Banking Ombudsman Scheme Set to Fail (Part 1) : The BO order : Bank of India Vs ATM Customers

Social Networking Sites banned from schools

Nov 19: In the aftermath of the Facebook hacking report where more than 2 lakh accounts in Bangalore alone had been compromised under a trojan attack leading to pictures being morphed and posted in pornographic sites etc, many educational institutions have reportedly banned Facebook and other social networking sites from their network. This is a step in the right direction since the security in such sites are weak and can be compromised not only through spam messages posted on the walls but also advertisements, and applications. Report in Midday

New E Book Cyber Crimes &ITA 2008 Now Available

Facebook and ITA 2008-Need for Practicing Due Dilgence

Nov 17: Facebook has been under the center of a controversy in India for "Non Compliance of ITA 2008". It is reported that due to a security failure several thousands of Facebook users received a spam content which was then used to compromise the respective accounts of the user. Consequently links were reportedly posted which introduced a "Trojan" . It is reported further that the trojan stole some photographs posted on the facebook profile, morphed it into pornographic pictures. (See this TOI report). Facebook is considered an "Intermediary" under Indian law and is expected to follow "Due Diligence" as per the provisions of the Act. Failure to follow due diligence could make Facebook liable for any offence committed by the users making use of the Facebook platform. ..

...Additionally Facebook type of service providers which includes all the social networking sites need to put in place an appropriate dispute resolution mechanism on the lines of ICANNs UDRP process or some thing better.... More

SHA 1 algortithm no longer approved for Digital Signature in India

Nov 15: Under the amended rules for Certifying Authorities the list of approved hash algorithms has been pruned from SHA1 and SHA 2 to only SHA2. Existing digital certificates will be valid until their expiry and new certificates issued will use only SHA2 algorithm. RSA encryption standard will now be of 2048 or 4096 bit. The new rule will be effective for all certificates issued after 25th October 2011. New guidelines also provide for issue of certificates with 3 year validity.

Book on Cyber Crimes for Police, Prosecutors and Judiciary

11.11.11: The new book titled "Cyber Crimes and ITA 2008" is now available for download and on CD. This book is specifically written with a focus on the requirements of Law Enforcement and will contain a detailed section by section analysis of Cyber Crime related provisions in ITA 2008.

The book is written to serve as a reference book that people in law enforcement. It will be in E Book format with a page turning effect and works on Windows systems.Book in CD form includes a free copy of ITA 2008 and an e-book on Digital Signatures.

Book will also be available for download along with the free book on Digital signatures.Copy of ITA 2008 in E Book form will be provided on request to those who purchase the downloadable version.

The book is priced at Rs 900/- inclusive of the shipping charges to major towns in India.

CLICK HERE FOR MORE INFORMATION

Cloud Computing insecurity revealed

Nov11: Researchers at a security consulting firm Stach & Liu have revealed in a hacker conference in Miami that a simple Google Code search may reveal cloud services authentication parameters such as access codes, passwords and secret keys in environments such as Amazon's EC3. The problem of course was not associated with the service provider but with the users. But as in other aspects of security, it is as strong as its weakest link. Unless the stake holders take the trouble of preventing such weaknesses in the system the issue of suspected security in Cloud computing remains. Related Article

20 persons arrested in Kerala on Interpol alert

Nov 8: Kerala police have arrested 20 persons who were frequently visiting Child Pornographic websites. Interpol had reportedly monitored these persons for the last few months and alerted the local police with names, IP addresses and other information. It may be noted that viewing child pornography is an offence under Section 67B of ITA 2008 where imprisonment of upto 5 years is indicated. Article in TOI

When you face an Internet Banking Fraud..in India

Nov 8: Internet banking frauds are common place particularly in India. I often receive requests for guidance on this matter from victims from different parts of India not knowing what to do. I am therefore placing these brief instructions for public information. What is stated here is my considered opinion (not to be construed as legal advice) as an Ex-Banker and a person involved in such litigations and is based on the guidelines contained in various RBI guidelines and Information technology act 2000....More

Stuxnet Virus in Mysore..

Nov4: The Rare Materials Plant at Rattehalli near Mysore which is an Uranium enrichment plant is reported to have been affected by Stuxnet virus. It is suspected that the source of the trojan is a possible Cyber war attack aimed at destabilizing a number of centrifuges operated in the facility. Since the computers in the facility do not have internet connectivity, hands of some rogue elements with access to the facilities is considered likely. This reflects a failure of the physical and manpower aspects of information security in the facility. Being a critical IT infrastructure the responsibility for the security breach lies with CERT IN. Hope CERT-IN is aware of the existence of the facility and its criticality. We need a clarification from CERT IN on what action had been taken earlier regarding assessing the security requirements of this unit. Hope an RTI would get the required information. .. Article in asian age

Fake Facebook profile is impersonation

Nov3: Naavi has been pursuing his complaint about use of his name by another facebook user with Facebook authorities under the argument that it amounts to an offence under ITA 2008 and Facebook is liable as an "intermediary" to prevent the commission of the offence. There have been several rounds of discussions with the Facebook team in this regard and the matter is pending for a decision at their end. In the meantime a similar view appears to be emerging in Court in New Jersy, US where an woman by name Dana Thorton is under trial for impersonation for having created a profile in the name of her boy friend and posted objectionable content. ..Article

London Meet on Cyber Security

Nov1: London is hosting a two day global conference on Cyber Security which is being attended by a delegation from India lead by Mr Sachin Pilot, MOS, MCIT. Naavi in the meantime would like to remind that DIT has not been compromising on the security of the nation by ignoring the China risk and also not taking appropriate action in respect of CAT and data security guidelines. .. More

Duqu Command and Control Center in Mumbai seized

Nov1: It is reported that based on an identification by Symantec, a server hosted in Mumbai is reported to have been identified as functioning as a command and control center for Duqu trojan. This trojan is considered similar to Stuxnet in construction and has been marked as a code developed for reconnaissance preparing for more malicious attacks in future. The server has been seized by DIT officials and further investigation is reported to be in progress. .. Story in eweek

PR Syndicate honours 'Cyber Law Guru of India', Na.Vijayashankar

PR Syndicate, (an organization of Corporate PR Professionals in Chennai,) celebrated its First Anniversary on 20th January 2007 at Russian Cultural Centre. On the occasion, "Award of Excellence in Public Life" was presented to 'Cyber Law Guru of India' Na.Vijayashankar...More

What is Naavi.org?

Naavi.org is India's premier portal on Cyber Law. It is not only an information portal containing information on several aspects concerning Information Technology Law in India but also represents the focal point of several services around Cyber Law carried on by Naavi.

The first such service is the Cyber Law College a virtual Cyber Law education center in India which provides various courses on Cyber Law.

The second key service is the Cyber Evidence Archival center which provides a key service to help administration of justice in Cyber Crime cases.

The third key service is the domain name look-alikes dispute resolution service which provides a unique solution for websites with similar looking domain names to co exist.

The fourth key service is the online mediation and arbitration service another unique global service.

The fifth key service is the CyLawCom service which represents the Cyber Law Compliance related education, audit and implementation assistance service.

Additionally, Naavi.org is in the process of development of four sub organizations namely the Digital Society Foundation, Naavi.net, International Cyber Law Research Center and Cyber Crime Complaints and Resolution Assistance Center. Digital Society Foundation is a Trust formed with the objective of representing the voice of Netizens in various fora and work like an NGO to protect their interests. Naavi.net is meant to develop a collaborative distributed network of LPO consultants. International Cyber Law Research Center would support research in Cyber Laws and Cyber Crime Complaints and Resolution Assistance Center would try to provide some support to victims of Cyber Crimes.

Together, Naavi.org represents a "Cyber Law Vision" that goes beyond being a mere portal. Started in 1997, when the concept of Cyber Law was new across the globe, consistent efforts over the last decade has brought Naavi.org to the beginning of "Phase 2" in which the services are ready to reach out to a larger section. This is recognized as the phase of collaborations and growth by association. Naavi.org will therefore be entering into a series of associations to develop each dimension of its vision with an appropriate partner. Individuals, Organizations and Commercial houses which have synergistic relationship with the activities of Naavi.org are welcome to join hands in commercial and non commercial projects of Naavi.org.

Naavi

If you would like to know more about Naavi, the information is available here.

For Any Payments to be made to Naavi online : Naavi_s Payment Center

RSS Subscription

BLOG POSTS