2009-The Golden Year for Cyber Laws in India...Part II
(This is part II
of the Two Part Article. Part I is available here)
The year 2009 is considered the "Golden Year for Cyber Laws in India" since
it was during this year on October 27, 2009 that the amendments to ITA 2000
vide ITAA 2008 became effective. The new version has made Cyber Law
Compliance part of Information Security Practice and firmly established the
need for Techno Legal Cyber Security to be part of every Corporate policy
framework. Apart from this seminal development, the year saw other
developments which are worth recounting.
Naavi who has been in the working on development of Cyber Law Compliance
solutions quickly identified the need for a technology solution for
compliance of Section 7A of the ITA 2008 and came up with a solution
called
"Ujvala-Bellur e-auditing Tool" in association with Bellur
Informatics Pvt Ltd.
A second initiative taken by Naavi during the year was pursuing a solution
for Cyber Law Compliance with an appropriate solution for Cyber Cafes.
However, due to the delay in the framing of rules under Section 79 of ITA
2008 which has not yet been released (till date), the suggested solution is
kept pending. In the meantime some new Cyber Cafe management software has
been introduced in the market which is partially compliant with Cyber Laws.
Once the full regulation is available, the adequacy of the existing
solutions can be assessed.
Ever since ITA 2008 was passed, Naavi has been advocating the formation of
a National Netizen
Commission. This would be pursued in the future years also.
During the year Naavi.org also raised several issues which affected
Netizens in India. One such was the
debate on e-Gazettes which we feel should be a free service which the
Government should provide to the Citizens of India.
Another issue which caught the public attention was the fight on
savita_bhabhi website which was finally blocked by the Government.
An interesting case of Burkha Dutt, the well known NDTV journalist sending
a defamation notice to a blogger for the criticisms he made regarding the
26/11 coverage made headlines during the beginning of the year. The threat
resulted in the blog entry from being removed.
Another incident which occurred during the fag end of the year saw a film
producer in Hyderabad bringing upon his influence on a large IT company to
dismiss an employee for posting links to a film download site as a
copyright infringement.
There were instances of "impersonation" of Naavi reported during the year
one of which was
by
an advocate in Maharashtra. End of the year also saw the release of the
3D film Avatar where the term "Naavi" was used as the name of a clan and
made the term globally known.
During February, the conficker virus created a scare by bringing
down the French Airforce by corrupting the flight plans in the
server. In December the CAT examinations in India was also adversely
affected allegedly due to the same virus. It continues to pose a threat in
the future since it is estimated that more than 9 million computers were
affected at one time and perhaps millions of computers still carry
the virus and represent a potential Botnet that can cripple the Internet
and trigger Cyber Wars.
The year 2009 is also important since some of the developments in US also
affected the Indian scenario substantially. One such development was the
passage of the HITECH Act which made compliance of HIPAA-HITECH mandatory
for Indian Companies engaged in the processing of US health information.
This triggered Naavi to formulate a new Information Security
Framework called
IISF 309 similar to the LIPS 1008
which he had formulated in end 2008 to address the requirement of Legal
Process Outsourcing companies. The IISF 309 is being refined further after
the announcement of rules under ITA 2008 and will be extensively used in
2010 for ITA 2008 audits by Ujvala Consultants Pvt Ltd and other associates
of Naavi.
The year also saw a general election where BJP promised setting up of a
Digital
Security Agency as part of its manifesto. However, BJP lost the
election and it was left to the Congress led UPA Government to implement
similar strategies. It still required a person like P Chidambaram as Home
Minister to think of several reforms including setting up of an integrated
intelligence set up for the Country, making FIRs mandatory on every
complaints etc which are likely to be rolled out into action plans in the
coming years.
Towards the middle of the year, Naavi started a campaign to make
"Bengaluru
as Information Security City" as a strategy to overcome
the backlash of the Obama comment that Bangalore was taking away employment
from US. As a result, several programmes were suggested by Naavi to be
undertaken in Bangalore in the coming days. One such programme that
materialized was the "Bangalore
Cyber Security Summit 2009" under the umbrella of the IT
& BT department, GOK. Hopefully more such programmes of such nature would
follow.
Internationally, a case from Minnesota where a middle aged lady was asked
to pay compensation US $1.92 million for having downloaded 24 songs without
license. This may have its effect even in India and we may expect some
aggressive prosecutions on the copyright front. The Government of India has
also taken up
amendment of the Copyright Act 1957 and adding some provisions on
Digital Rights Management, Contributory Infringement etc to the Indian law.
Another incident that made news during the year was the blocking of
savita_bahbhi website. Despite criticism from many naavi held his
ground and substantiated his stand that the site needed to be blocked and
finally when the GOI initiated action, there was a huge outcry. The war on
savita_bhabhi appears to be a long drawn one since towards the end of the
year, the site resurfaced in alternate name and Naavi has again taken up
the matter with the necessary authorities. CERT-In also on its own moved to
ensure that major search engines imposed a mandatory filter to ensure that
obscene content is blocked from the search engines.
Another major development towards the second half of 2009 was the setting
in motion of the
Unique ID Project headed by Mr Nandan Nilekani . Naavi also applied the
IISF 309 framework and placed his suggestions on the
Reasonable Security Practices for UID Project.
Naavi
also took another pioneering step in redefining the concept of Information
Security. Having been a pioneer earlier in India is promoting the Techno
Legal Information Security concept, Naavi has now introduced a "Theory
of IS Motivation Based on a Behavioural Science Approach" which brings
the behavioural science as the
third dimension of Information Security. This has opened a new thought
process in information security for integrating HR principles with
the Legal and Technical aspects. Naavi also introduced the concept of
"Compulsive
Cyber Offence Syndrome" as a part of the process of understanding why
people get lured into committing Cyber Crimes.
An
unfinished task which Naavi carried through the year was the adjudication
case in Phishing with the adjudicator of Tamil Nadu. Though
reasonable time has passed for a decision in the adjudication case, the
possibility of a favourable verdict has increased with more decisions from
elsewhere supporting the view that Banks should be considered liable for
Phishing incidents. First there was a
German Case then information on the changes in the
Danish law reached India. Finally, in December, the Banking Ombudsman
gave a
direction to Bank of India to pay back the Phished amount with
interest.
Naavi
has also raised an important issue on
Inheritance of Virtual Assets and the need to make suitable laws in
this regard. He also introduced the new concept of the relevance of
CiNezens as the drivers for Cyber Laws in future.
As a
final thrust in the year 2009, Naavi has launched a campaign with the
Corporate world highlighting the obligations under
Clause 49 of SEBI listing regulation and its relation to ITA 2008
compliance. This is likely to be followed further during the coming year.
The year
started with the dawn of ITA 2008 but it took almost the entire year for
the amendments to be put to action. As the year closes, we are left with a
hope that 2010 shall take off as a prosperous year for Techno Legal
Information Security Industry. Let the "Golden Year for Cyber Laws in
India" pass on the baton to a prosperous year for all Netizens in
India and elsewhere.
Naavi
December 31, 2009
Comments are Welcome at
naavi@vsnl.com
