Topmail the E Mail provider is a conspirator of the Karnataka E Mail terror crime

The 26/11 sympathisers emboldened by the appeasement attitude of the politicians in the Karnataka State Government and voted by the corrupt voters of Karnataka, have threatened several schools in Bangalore with an email and created a state of terror in the city and the nation.

If one looks at the content of the e-mail, it appears that this incident cannot be considered as a simple bomb threat but it is a threat to kill non believers of Islam. It is therefore an act of terrorism and law enforcement should book the case as a terrorist act.

This case comes under the jurisdiction of NIA and not state Police.

I urge the Central Government and MHA to take note and immediately take over the investigation. The State Police under the influence of the current political masters will only be interested in brushing the incident under the carpet.

Leaving the comments on the political aspects aside, let us look deeper at the legal issue where we also need to flag the role of E Mail providers in such crimes. The current system of anonymous e-mails is a system that does not fit into this Hamas age. It must be disbanded even if it hurts the progress of mankind. We need to switch over to “Identified E Mail user system” where e-mail service is provided only to those who are verified.

To start with, E-mail providers should start the practice of flagging “Unverified” e-mails as “Potential Spam” so that existing spam filters automatically flag such e-mails. Subsequently KYC based e-mail system should be used by the community.

In the current case, the email has come from topmail.com. Case should be registered against them and the domain should be immediately blocked from India under Section 69A of ITA 2000.

Currently there are some e-mail service providers who provide secure email service for corporate purpose. In such cases the corporate admin becomes the KYC assurance provider and takes care of verifying the user and onboarding them onto the e-mail system. No outsider can either send or receive emails from the domain. (eg: ledgermail)

Similar system should be used for public e-mail with several trust providers hosting the service of authenticating the end users. The Government may take care of authenticating the authenticators through an appropriate accreditation system.

The DPDPA-2023 now has a system of “Consent Managers” and it is time that E Mail services are also provided through such consent managers who are licensed and who should verify the users and then provide access to the current e-mail service providers.

The e-mail providers would be data fiduciaries who should be able to provide security including provision of information under 69B of ITA 2000. They are also subject to the provisions of Section 69A as well as Section 69. They can be blocked and demanded with decryption of encrypted e-mails.

All Consent Manager systems under DPDPA should be also declared as protected systems under Section 70 of ITA 2000.

Service Providers such as G Mail need to introduce a system of flagging the originating IP address and drop the system of substituting proxy IP address which contributes to the proliferation of phishing and terror emails.

The current system of “Redaction” of Domain name users accepted by ICANN is a fraud on the society. It has no relevance to “Privacy” since hosting a domain name does not come under any Privacy protected activities and the registrants have no Privacy Rights”.

Not introducing measures of flagging the originating IP address and the name and address of the registrant of the domain should be considered as a support to Phishing and therefore should render the E Mail service providers to be convicted for assisting in the commission of a crime.

This practice should start with the current Karnataka E Mail incident when a notice has to be issued to the e-mail provider to either own up the mail or identify the account holder under Section 69B of ITA 2000. If there is non-cooperation, case should be booked under Section 66F of ITA 2000 for creating terror in the community.

Anything other than such action would be considered as un-satisfactory.

Naavi

A Whois enquiry reveals that the domain name registrar of topmail.com has redacted the information on the topmail.com registrant and therefore made himself liable for being considered as part of the conspiracy. Hence the FIR should include Ke-Systems GmbH as the registrar who has abetted the crime. The registration appears to have been made from www.topsectechnology.com. The other domains involved in the hosting include topsec.com and an email dataprotected@maskeddetail.com, a referral domain tieredaccess.com .

It is necessary for the investigators to get into tieredaccess.com to find the identities. observed that these terror hosts are hosting their content in AWS.

Topmail is a customer of AWA. Probably AWS may have some of the information of the origin of these e-mails and information to block topmail service. Even the associate intermediaries such as AWS should be issued notices under Section 69B for information.

The FIR should include all these agencies (and more) as conspirators under Section 120 of IPC and the investigation should be undertaken at the international level.

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.