How Do you React to a Sec 79 Notice if you are an intermediary?
Naavi's Theory of Regulated Anonymity
Sec 43A Compliance Framework
Arise, Awake and Stop Not until
Indian E Banking is made Safe
How Much Money is lost through Phishing in
India?
March 31: Today is the end of a financial year
for Indian Banks. It is time for them to draw their annual reports and
submit it to both RBI and its shareholders. One essential information
missing from Bank reports it the extent of loss in E Banking frauds. RSA
recently stated that the losses suffered by Indian enterprises in 2011
through Phishing was of the order of Rs 172 crores. In an RTI based
information releassed by RBI by DNA, Mumbai, it was stated that during
2010-11, the losses on E Banking were Rs 467 crores in Citi Bank, Rs 298
crores in SBI, Rs 112 crores in ICICI Bank and Rs 39 crores in HSBC. (See
here) According to another rough estimate by Symantec, phishing
related losses in India
was of the order of Rs 6500 crores.
Naavi.org has been fighting for "Safe E Banking" and
advocating that Banks which cannot provide safety in Internet Banking
should be barred from providing Internet Banking service. In this
connection demand has been already made on RBI to cancel the licenses of
one branch each of ICICI Bank and Punjab National Bank. However RBI has
maintained a royal silence.
Naavi has also brought to public attention the
continued vulnerabilities in E Banking as
demonstrated by Mr K S Yash, a
security consultant in Bangalore. The videos of a live demonstration
before a group of experts have also been submitted to CERT IN and
informed to RBI. Invitations have been sent to both RBI and CERT IN
to take the demonstration directly and initiate action to restore the
confidence of the public in E Banking. ... We are awaiting a positive
response from both of them.
Under this background, one must question the wisdom
of Banks and RBI in hiding the real information of how much money is
being lost by Indian Banks through Phishing and any form of E Banking
frauds, whether they are being reported to RBI as per the RBI's Fraud
reporting guidelines?, Whether the losses are recovered out of insurance
as per the RBI's Internet Bankign guidelines of June 14, 2001? If not
why RBI is silent on the Bank's recovering the money from the hapless
customers?, Why DIT is barring legal remedies in such cases by not
appointing a chair person for Cyber Appellate Tribunal since last June?,
Why DIT and the Government of Karnataka has not been able to address the
anomalous situation created by the IT Secretary of Karnataka deciding
that no cases can be brought before him against any Banks?, Why RBI is
tolerating the rogue behaviour of Banks in ignoring its guidelines both
of June 14 2001 and the more recent Gopala Krishna Committee report? Why
RBI is unable to notify the recommendations of the Damodaran Committee
report?, Why RBI is silent on our request to apply KYC failure fines to
create an E Banking insurance Fund?, Why our Ministers Kapil Sibal, Mr
Sachin Pilot as well as the PM are unable to respond to our complaints?
etc.
Naavi.org vows to start a fresh campaign on
"Protecting E Banking Customers" and invites Consumer activists all over
India to join in this campaign. I invite support and comments at
naavi@vsnl.com.
Arise, Awake and Stop Not until
Indian E Banking is made Safe
ICICI Bank on Face Book.. Does it
compromise user security?
March 29: ICICI Bank is known for its
innovativeness. Unfortunately, some times we feel that the
innovativeness crosses its boundaries to possible recklessness. The
recent foray of ICICI Bank into Face Book is one such new brainwave that
has stuck ICICI Bank. Now it is possible to view a person's account
through an application on Face Book. Though ICICI Bank claims that no
data is transferred to Face Book and hence the security of information
is not compromised, for a Bank which has the highest reported internet
banking fraud incidents such statements ring hollow.
One wonders what RBI thinks of this innovation. Does
the security on Face Book meet the recommendations of Gopala Krishna
Committee report? or Does it matter? After all RBI guidelines are
there for the public to see and feel secure.
MP wants Section 79 rules to be annulled
March 26: A motion has been moved in the
Rajyasabha that the notification issued by DIT on Intermediary
guidelines on April 19, 2011 be annulled. The motion has been moved by
Mr P Rajeev, an MP from Kerala.
report
FIR Registered against HSBC Employees for
harassment
March 23: We have reported in these columns
about the disclosure by Mr Yash on E Banking vulnerabilities through a
live demo involving some Banks. The demo included HSBC Bank and
subsequently it had been reported that some representatives of the Bank
had visited his house in Bangalore and threatened his family members
demanding that the demo videos on the Internet should be removed. Naavi
had brought this to the notice of the Bank at higher levels. Now
Mr Yash has confirmed of having filed an FIR against the Bank requesting
the Police to investigate and provide him protection from being
physically harmed.
Kerala High Court admits petition against
Intermediary rules
March 12: Kerala High Court has admitted a
petition challenging the constitutionality of the Intermediary rules
issused by GOI on April 11, 2011. The petition has been filed by an
advocate Mr Shojan Jacob raising objection to certain provisions of
rules under Sec 79 and Section 69A and arguing that the rules are
unconstitutional. Rules under Sec 79 are interrelated with rules under
Section 43A also and hence it may be necessary to look at the rules
under Section 43 A (April 11, 2011) while deciding on the
constitutionality of the rules under Section 79. In particular the rules
under Section 43A provide that if an intermediary can show an ISO 27001
certificate, he is deemed to have followed the requirements under
Section 43A for protection of privacy of an individual. This refers to
privacy while Section 79 refers to freedom of speech. These two are
interrelated and both need to be reviewed for constitutionality.
Naavi.org has already discussed these issues at length in the past and
readers may view the articles in the
Archived
News
Related articles:
Writ extracts :
Medianama :
Bar&Bench
GIGA National Seminar held at Hyderabad
March 11: A national Seminar was held at
NALSAR in Hyderabad on "Internet Law and Governance" as part of the
activities of GIGA, (The Institute of GLOBAL INTERNET GOVERNANCE AND
ADVOCACY) established as a center of research, advocacy and training in
Internet Governance and related issues. Justice S.Ravidra Bhat,
inaugurated the conference and also made an interesting presentation on
the E Court project in Delhi which was launched under his supervision.
Officials from DIT including Dr Gulshan Rai, Dr Ravishanker and Dr Mohan
also spoke on Internet Governance initiatives and security issues. Pavan
Duggal, noted Cyber Law specialist gave a presentation on mobile laws in
India. Copy of presentation made by Naavi on IT Act-Issues for Judiciary
is available
here. Prof Vivekanandan, Director of the institute outlined the
activities of the institute including the
free online data base of judgements
maintained by the institute. The
website of giga was also launched during the occasion.
IT Companies in Bangalore face a new
challenge
March11: IT Companies in Bangalore have been
presented with a new challenge with the withdrawal of the exemption from
labour laws for the industry. This is likely to hit the bottom line of
the IT Companies and act as a disincentive for new IT investments in
Bangalore. The industry needs to develop a system of classifying the
workers and the wage levels and obtain a case to case basis exemption.
Industries have been given a six month time to meet the commitments. A
serious effort is required by each company and the industry as a whole
to resolve this issue and ensure that this does not become a death knell
for the industry.
Report in Hindu
Time to Delete Your Face Book and Twitter
account?
March11: A surprising and disturbing report
from US indicates that many employers and colleges are demanding that
applicant's reveal their log in ID and passwords when they apply for a
job or a course. Certain agencies seem to demand during the interview
that password protected pages shall be displayed in front of the
interviewer.
Read the article here
If such a practice is found in a country like US
where there is a huge awareness and activism in Privacy Protection, then
one may wonder what could be the attitude in other more authoritarian
countries.
Perhaps this marks the end of "Privacy" of
individuals on the Internet as we know today... Or is the beginning of a
new trend of anonymous, virtual identities and a second life for some?
A Phishing Mail in the name of You Tube
March 8: Here is a new phishing mail in the
name of You Tube. The mail indicates a You Tube Video but the link is to
some html page which may possible contain some viruses.
See the copy of
the mail here
Why
The Governor of RBI is guilty of this bloodbath?
March8: Reserve Bank of India is by
law the custodian of the interests of Bank customers in India.
It is expected to regulate the Indian Banking system. The
responsibility for introducing and encouraging the use of E
banking lies with the RBI and hence the responsibility for the
loss suffered by customers also lies with RBI. Naavi has also
brought to the attention of RBI that there is a serious flaw in
the Internet Banking security and RBI should take some
corrective actions immediately to prevent the possibility of a
Cyber Terrorist attack on Indian Banks. However all these
efforts have been met with a stoic silence from the authorities.
Under these circumstances, Dr D. Subba Rao, the Governor
of Reserve Bank of India must be considered as having failed in his duty
to protect the interests of the Customers of Indian Banks who are
seeking a safe banking platform. The blood of the E Banking victims is
therefore all over the hands of the Governor of RBI. ...
More
Bank Frauds in Bhopal
March 8: A series of E Banking frauds
have been reported from Indore where it is reported that more than 100
complaints have been registered in the last one year. The Police seem
baffled by the number of crimes and have started advising customers
about safe e-banking. While this is appreciable the report does not
indicate any action taken by banks against the errant Banks and hence it
is unlikely that a solution will be found to this problem in the near
future. RBI should check of the 100+ frauds reported in this report are
there in the FMR reports filed by the Banks and if not, take action
against the banks which are hiding this information from RBI.
Related Article:
Spurt in online banking frauds leaves state policemen baffled
Copyright Decision goes against
Intermediaries in UK
March 7: A three-judge panel at London's Court
of Appeal endorsed new copyright rules, siding with the music industry
over internet providers in a battle over online file sharing. Under the
rules under The Digital Economy Act has rules similar to rules already
in place in France and Ireland and forces internet service providers to
send an escalating series of warnings to users suspected of illegally
swapping movies and music. Eventually, service providers can suspend
repeat offenders' access to the Web.
Related Article
HIPAA Non Compliance Holds up Physician's
payments
March 7: From January 1, 2012, HIPAA
introduced a mandatory shift of the Electronic Transactions and
Code set Standards from 4010 guidelines to 5010 guidelines. The deadline
was extended for 3 months due to the lack of readyness of the industry. HIPAA ASC
X12 version 5010 and NCPDP version D.0 are new sets of standards that
regulate the electronic transmission of specific healthcare
transactions, including eligibility, claim status, referrals, claims,
and remittances. Covered entities, such as health plans, healthcare
clearinghouses, and healthcare providers, are required to conform to the
new transaction set standards. It is understood that due to many
technical issues involved in the migration, there is a large scale delay in the
processing of transactions leading to many physicians not receiving
their payments on time. The industry is requesting another 3 month's
extension of the deadline.
Related article
Indian Business Associates who may be involved in
processing of HIPAA transactions need to ensure that they donot
become objects of complaint in this regard . It would be prefereable for
them to technically review their processes and correct deficiencies if
any.
FaceBook Outsources Content monitoring
March 5: Despite the stand taken by Face Book
that it is not able to manually monitor content in its court case in
India, it appears that Face Book has set in an outsource mechanism to
monitor content. However there is concern on whether this mechanism is
trust worthy and whether it is appropriate to reveal sensitive personal
data to the outsource agency. The mechanism however appears to come
close to some of the suggestions made in these columns about how social
networking sites can meet the obligations under Sec 79 of ITA
2008.Perhaps Face Book is moving in the right direction though some fine
tuning of the process may be required. The suggestions made on
"Regulated Anonymity" may also be relevant here.
Related Article
TV Actress Falls Prey to Lottery Fraud
March 4: Asha K Shetty, a TV actress in Chennai
has reportedly lost Rs 1.77 lakhs in an online lottery scam. She
was lured with an SMS and filled up a form with RBI logo. This
incident indicates the vulnerability of people arising out of the
trust they place on their mobile communications and the name of
organizations like RBI...
Related story in TOI
Theory of Regulated Anonymity
March 3: The theory of regulated anonymity as
propounded by Naavi advocates a conflict resolution solution for
preserving the democratic principles of Privacy Protection in Cyber
Space along with the need of the law enforcement to be able to prevent
misuse of “Privacy” as a cover for Cyber Crimes.
The Theory is built on
the premise that “Absolute Anonymity of the Netizen is impractical as it
would be completely opposed by all law enforcement authorities and is
against the current laws in most countries. ...More
:
Download the entire article
Regulated Anonymity-A Solution towards Privacy compatible with
National Security
Mar 2: There is admittedly, a strong case for “anonymity”
and also “Pseudonomity” as means of protecting the privacy of an
individual on the Internet. However looking from the perspective of
increasing Cyber Crimes and their escalation to Cyber Terrorism and
Cyber Wars, there is an equally strong case for the demand of the law
enforcement for absolute surveillance and need to identify individuals
conducting any transaction on the Internet. The new laws in most
countries including India and US try to provide for such “ Authorized
Invasion of Privacy”. This brings forth the direct conflict between
Privacy and Crime Prevention while formulating regulations.
Is there a solution to resolve this concept?.. Naavi
explores and invites suggestions and comments from legal and
technical persons about how such a system can be designed.
Detailed
article :
Download
the entire article
![[Valid RSS]](../../image/valid-rss.png "Validate my RSS feed"){kind=small}
![[Valid RSS]](http://www.naavi.org/image/valid-rss.png "Validate my RSS feed"){kind=small}
