Naavi.org

NCLT Order on Net4India is killing 70000 + customers and needs immediate modification

Posted on September 20, 2020 by Vijayashankar Na

NCLT and the Finance Minister are in opposition

While we were discussing the problems of 70000 plus customers of Net4India who are using the domain name registration service or web hosting service or e-mail server service or secured server etc, honourable Minister of finance Smt Nirmala Sitaraman was answering a query in the Parliament on 19th September 2020 where she expressed that the Bankruptcy code was not intended to be merely a recovery mechanism but a program to enable industrial recovery.

The NCLT order on Net4India which was sent to me yesterday however indicates that the bench consisting of Mr M.M. Kumar and S.K.Mohapatra in its order dated 8/3/2019 based on a petition by State Bank of India has done precisely what Mrs Nirmala Sitharaman said was not the objective of the Bankruptcy code.

This order ought to have been a matter of public discussion since it affected a very large number of customers who enjoy the rights under the Consumer Protection Act. According to the website of Net4India, there are over 5 lakh customers while the ICANN indicates that there were 73000 domain name registrants under Net4India. Whatever may be the correct figure, it is large enough and it is a fact that NCLT had no idea of how its order would affect these 70000+ customers.

NCLT was literally blind in looking at the problem only as an application from SBI to recover its borrowings of about Rs 194 crores. It has just seen whether there was a loan, whether it was not repaid and simply issued an order. Its 30 page order does not make any mention of what is the business of Net4India and what would be the consequence of its order.

The applicant namely Edelweiss Asset Reconstruction Company has filed the application under Section 7 of the Insolvency and Bankruptcy Code 2016 proposed one Mr Vikram Bajaj as the Resolution Professional, a Chartered Accountant and Company Secretary by profession.

According to the order, Net4India established in 1985 approached SBI in 2002 and was granted a loan which after several enhancements became an NPA of Rs 194 crores. SBI filed a recovery proceedings which is pending at Lucknow DRT.

In the meantime Edelweiss invoked the Bankruptcy code under which NCLT issued an interim order appointing a Resolution Professional Mr Vikram Bajaj. A public notice was also released on the sale of a property and the status of the sale is unknown.

No Notice to Customers

In all these development, neither NCLT nor the RP made any attempt to keep the customers of Net4India informed. No notice was displayed on the website of the company and no individual notice was served on individual creditors of the company. Many of these customers have placed advance deposits with the company and are creditors.

The entire proceedings have been done in a suspicious manner as if to take over the property of the company by vested interests. A separate investigation is required to find out if there is any real estate mafia involved in the transaction.

Considering that the business of Net4India was a money spinner, it is inconceivable that it ran up a debt of Rs 194 crores without an active negligence from SBI. Hence how the debt arose in the first place and how the NCLT ignored the DRT pendency and went ahead with its order culminating in the sale of immovable property is a matter fit for CBI investigation and investigation by the vigilance department of SBI.

While the investigation whether this is another Vijay Mallya type of Banking fraud is a separate issue flagged for the Ministry of Finance to consider, we would like to highlight certain failures of the NCLT and the RP in the issue of and execution of the order which disrupted the critical business of over 70000 domain name registrants who registered their domain names with Net4India and many more who used the other services so that the system is improved in the long run.

NCLT did not value Data

It is clear from the order that NCLT chose to ignore the impact of the proceedings on the customers of Net4India and also the value of the “Data” that was inside the servers which were housed in the building which is now up for sale.

It is a common principle that when a building with tenants are sold, the tenants would be given sufficient notice and time to shift out. But in this NCLT order, the service users who have parked their web assets including some on which there could be IPR, have been frozen without notice.

This is a violation of the fundamental right of the Citizens. NCLT does not have any right to forcibly close down my business nor confiscate my web assets. RP had no right to cause the services to be disrupted. It is possible that NCLT and RP may say that they have not prevented Net4India to continue its services. But this is not a matter of finding an excuse. NCLT and the RP must take the responsibility for the damage they have caused to all the customers of Net4India.

Had Net4India been a Bank, would not the NCLT taken steps to ensure that the rights of other depositors are protected?. The Government of India recently amended the cooperative bank’s law to enable such intervention in case of winding down of a cooperative Bank. The same principle should have applied here also.

Had Personal Data protection Act been in place, the Data Protection Authority would have come into reckoning before this order was issued. Now Net4India and NCLT as well as the RP have not accounted for the “Data” as an asset and whether it was an asset which was covered by the mortgage deed and whether NCLT had any right to confiscate the data as part of the Asset reconstruction exercise.

In case the data had been valued, perhaps the decision that Net4India was insolvent itself would have been considered as incorrect. Hence NCLT has defaulted in the basic evaluation of whether Net4India was solvent or not since it did not value the data sitting inside the servers of net4India. The order is therefore wrong ab-initio.

It is also possible that NCLT and the RP were not even aware of the value of data they were immobilizing in the process of this asset reconstruction. Despite Naavi.org highlighting this, the MeitY has also not realized how the valuable data is being dumped aside in a locked building in the sale proceeds.

If tomorrow the company closes down, the RP may sell the Computers along with the data residing there in without even worrying about the confidentiality of the information which would be “Sensitive Personal Information”.

This is the Voice of 70000 customers of Net4India

We are now raising the voice of the 70000 plus customers of Net4India that NCLT and the RP have caused disruption of their respective business for which there would be a claim of damages and this group of customers need to be considered as a major creditor of Net4India entitled to the proceeds of any asset realization.

A Core group of the affected persons today met virtually and decided to form a “Forum of Net4India Customers” and take up a legal fight against those who ignored the interests of the customers and are going ahead with the distribution of assets within a closed group by misleading the NCLT which may be ignorant of how a “Going Concern” involved in critical internet services can wind down its operations.

The biggest question that arises is why it did not occur to the NCLT that there are thousands of customers whose web assets would be frozen if they are not transferred out to an alternate service provider before the building is locked down.

The ICANN has been talking individually to some and perhaps allowing some transfers to happen on privileged basis without extending the benefits to common people. MeitY has not woken up to the fact that the “Critical infrastructure asset” of the country is at stake. The CERT In and the National Security Advisor, Mr Ajit Doval have not recognized that there is a national security interest involved here.

It is to be recognized that Net4India has been in business since around 1998 when I first registered a domain name and most of the old timers which may include Banks and others might be having their domain names registered with Net4India. Now if all of them have to close down their shop because of the NCLT order, then national interests are at stake.

An evaluation of the impact of the closing down of the Net4India operations should have been conducted by NCLT before it issued the interim order. It should have invited a public objection after proper advertisement across the country and individual notices to all the customers before acting on the complaint.

In the Data Protection Scenario, NCLT has caused a large scale harm to data subjects (even forgetting the corporate entities who suffer loss of business), by not issuing individual notices to all individual customers and not securing their interests as a “Data Fiduciary”. While the proposed PDPA has some exemptions for the tribunals, the ITA 2000 does not spare any organization that causes wrongful loss to an entity by contravention of Section 43 and 43A of ITA 2000.

We can explore if the RP Mr Vikram Bajaj may be held liable for the wrongful loss of the tens of thousands of data subjects and service users and how the NCLT will bear the vicarious responsibility.

These are issues which have been flagged for the first time in India and there is a need for a complete review of the way NCLT has handled this issue.

We therefore urge NCLT to immediately modify its order and appoint a technical team under the guidance of NIXI to ensure that all data in the Net4India servers are secured and made operational so that the services such as domain name transfers, changes in domain name related information, the e-mail services and hosting services are commenced without any further delay.

The core team of suffering customers of Net4India have therefore decided to form the “Forum of Net4India Customers” and represent their requirements to the appropriate forums.

All those customers who are interested in joining in this fight may kindly contact Naavi for more information.

Naavi

Posted in Cyber Law | 14 Comments

Further Developments on Net4India since yesterday

Posted on September 19, 2020 by Vijayashankar Na

Yesterday late in the night I posted the article on the possibility of ICANN facing trial in the Supreme Court in India.

There have been some developments to report since then.

Dr Mahendra Limaye, of Nagpur has indicated that he is preparing a PIL on the issue and invites all persons who can join the petition to write to him. Those of you who are interested may send a request either to me to be forwarded to him or directly to him (mahendra@cyberorgindia.com ).

Mr Namith Kothari has brought to my attention that the Resolution Professional for the insolvency petition is

Vikram Bajaj, Resolution Professional, Net 4 India Ltd.
308, 3rd Floor, Pearls Business Park, Netaji Subhash Place,
Pitampura, Delhi – 110034
bajaj.vikram@gmail.com

The resolution professional has issued an expression of interest regarding sale of some properties through a document but has not indicated any recognition of how the action has inconvenienced thousands of Net users. (According to the home page of the company there are 500000 customers of Net4India, and not only 73000 we indicated in yesterday’s article).

It is time for the Bankruptcy law to be revamped so that innocent customers of the company are not denied access to critical services because the RP is unaware of the type of service that a company provides and whether it is necessary to block the services. I hold the RP liable for denial of service to the customers and must be made a party to the PIL.

It was also indicated that ICANN had sent a notice to jasjit.s@net4.in taking note of the insolvency petition and suspending Registrar license of Net 4 India asking them to indicate the details of the notice of suspension on its website which it has failed to do. The suspension was to prevent any inbound new transactions but did not mention how the existing customer interests had to be undertaken.

Presently we require an immediate resolution of the customer’s problems by ICANN taking over the registry keys and assigning it to another temporary registrar so that the services can be continued. This is a serious Business Continuity issue for most and cannot await the conclusion of insolvency proceedings.

We may also find fault with the Tribunal for its ignorance or apathy with which it has appointed the RP without understanding the business the client is in and without alternative arrangements being made for continuity of the services. We need to prevent recurrence of such orders through an appropriate legislative measure in Information Technology Act 2000 through an amendment.

Naavi.org had made some suggestions on including Cyber Squatting in ITA 2000 when the first amendment was considered (Refer here).

Now it is suggested that “Domain Name registrars” must be declared as “Intermediaries” in ITA 2000 and should be strictly brought under a control which should include “registration”, a “Sunset clause for withdrawal from business” etc. This should be the objective of the PIL so that a permanent solution is found to the anarchy created by situations like Net4India insolvency.

Hope the PIL makes a suitable demand on MeitY to make the necessary amendments to ITA 2000. However, since the registrars are anyway considered “Intermediaries” even under the present law, perhaps a notification from MeitY should be sufficient.

Also whenever insolvency petitions are launched against registered intermediaries, the MeitY has to be informed before the NCLT admits theathe petition and NCLT should always consider “Continuity of the business of the customers of the subject company” while ordering an RP to take further action.

It would be better if NCLT adopts this as a voluntary procedure before the Government brings suitable amendments to the procedure. While the objective of NCLT is laudable, it cannot be used callously to inconvenience thousands of customers who have no stake in the dispute for which one insolvency petition is justified.

Naavi

Posted in Cyber Law | 1 Comment

ICANN may face a Trial in Indian Supreme Court

Posted on September 18, 2020 by Vijayashankar Na

The apex organization that controls the Internet namely ICANN (Internet Corporation of Assigned names and Numbers) is all set to face the Indian Courts. A PIL is all set to be filed in the Indian Supreme Court against ICANN thanks to a Sub Contractor for domain name registration called “Net4India”.

In all probability, the Ministry of Information Technology and the registrar Open providers.com will also be the respondents.

This will perhaps be the first time that the Internet Governance system will be questioned in a Court of law because ICANN has repeatedly failed to safeguard the interests of the public.

When Internet was started, it was a US Government project. But after it was handed over to the public domain, ICANN emerged as the apex regulatory organization controlling the IP addresses and also the Domain names.

In the initial years, ICANN mismanaged the IP address allocation system under IPv4 which resulted in an inequitable distribution of available IP addresses to different countries. After the IPv6 system was introduced, the problem of non availability of IP addresses has been pushed to the background.

Then ICANN mismanaged the Domain Name system introducing multiple TLDs with inadequate control in registration and allowing overlaps of domain names. At the same time, it used its might to stifle technology which could have brought Alternate Domain Name Systems in use. It allowed the proliferation of Phishing with complete lack of control on registration of domain names. From the initial First Cum First served basis of domain name registration, ICANN gave way to trade mark right dominated UDRP system without preventing the registration of conflicting domain names. This lead to innocent persons registering domain names only to lose it out in a IPR battle with the large corporations who owned trade marks.

Subsequently, ICANN introduced the Country Code domain names but failed to ensure proper use of the country codes so that it only multiplied the IPR issues.

More recently, ICANN gave room for Privacy Protection of WhoIs register which is a boon for Cyber Criminals.

Thus time and time again, ICANN failed in its fundamental duty to set a proper path for the Cyber Space administration.

In particular, ICANN considered domain name system as a money spinner for itself and appointed registrars with a hefty registration fee and did not exercise the required control over them. This enabled registrars to cheat the public by allowing arbitrary pricing of domain name registrations, appointment of unverified sub contractors for domain name registrations etc leading to the public being at the mercy of the registrars and exposing the registrants to various frauds.

Now in India one of the ICANN’s faults has exploded into a major problem causing a disruption in the Internet system.

Naavi.org had brought to the attention of the public way back in July 2017 raising a question “Is Net4India closing its operations?” .

This article highlighted the then just developing problem with Net4India appearing to indulge in some accounting malpractices and failing to respond to customer queries.

In more recent times, the problems escalated and Naavi.org followed up with the following several articles

ICANN Has to find a solution to Net4India problem
ICANN should release Domain Secret Code for transfer on request from the Consumer
Net4India discontinuance of service..Towards finding a solution

Unfortunately, the MeitY appeared to be completely oblivious of the seriousness of the issue. The India representative of ICANN Mr SamiranGupta failed to find a solution and ICANN was totally disinterested.

As a result today thousands of customers of Net4India are having problems of not being able to renew their domain names transfer their domain names. Many have their hosting stuck up, E mail servers not serviced.

Even today there appears to be nearly 73261 domains registered with Net4India and the chaos that the freezing of these domain names have created in the Indian Cyber Space is unimaginable.

At such a time, it looked funny that National Security Advisor today was speaking in a conference about “Cyber Security” without having any idea of what is the role of domain names in the healthy functioning of the Cyber Space.

It is unfortunate that the Ministry of Information Technology, is either unable to understand the gravity of the problem or is uninterested in resolving the issue.

For the records, it may be stated that Net4India may have filed an insolvency petition and neither ICANN nor MeiTy has any idea of how to tackle such a situation.

Given the fact that Naavi.org gave a three year advance warning the failure of ICANN and MeitY to find a solution during this period is simply unacceptable.

Who ever is the “Receiver” who is handing the bankruptcy proceedings should also be questioned about their inability to ensure the continuity of the service even while the proceedings of winding down is being attended to.

Since it was found out that another registrar namely Open Provider.com had some interest in Net4India’s domain activities, Naavi.org contacted them to take over the operations of the servers of Net4India so that the domain name services can be continued. Unfortunately, Open Provider replied

“Thanks for reaching out to us.

But as per our commitments with our Reseller, we do not target their end customers and it will be against our protocol to on-board our Resellers end customer.

However, you are free to use our services for all your new registrations.

Incase if you are facing any problems, please mention it so I can pass this information and ask them to respond you. “

Obviously this registrar to whom Net4India may be financially related in some form is not interested in resolving the customer issue and is speaking of “ethics” of business.

Naavi.org has been receiving a number of queries from individuals and companies about what is the solution to this problem.

Though Naavi.org has tried to elicit response from MeitY, Mr Samiran etc, there is no response from any of them.

It is therefore time that a PIL is required to be filed in Supreme Court with a request for ICANN to introduce an automatic system of transfer of domain registrar services to an alternative service provider in case of such defaults.

It is also the responsibility of the Ministry of IT in India to ensure that under the Intermediary Guidelines of ITA 2000, the registrars should be made answerable for such defaults.

At present, Net4India has committed a fraud on the public by first causing denial of service and then disabling some of their services with a view to shut off enquiries from the customers. A criminal case can be filed on this company and appropriate changes need to be brought to ITA 2000 to prevent such happenings in future.

Some advocates are already planning to file a PIL on this matter and I urge them to expedite their petition and ensure that they make MeitY, the Receiver to the bankruptcy proceedings, Openprovider.com as well as the ICANN and its India representative parties to the suit.

Naavi.org has also urged clients at different places to file adjudication applications with the respective adjudicators in their states so that they can also take up the complaints and try to find solution.

Looking forward to the PIL lawyers who understand the issue to act without further delay.

Naavi

P.S: Submitted the following complaint at ICANN today on 19th September 2020..at https://www.icann.org/complaints-office

A domain name registrar by name ‘ net4india’ operating from Delhi, India has ceased operations. It is not issuing AuthCode for transfer of domains, not responding to any customer queries. It is receiving inward payments with no accountability. Over 70000 domain names may be in the limbo along with e-mail services, domain hosting services.

There is a need to transfer the registry to another operating registrar immediately.

For the future a system has to be made available to handle such withdrawal of registrars from business.

Problem was first pointed out in July 2017 by Naavi.org and more recently a number of persons have reported the issue in India to authorities including Mr Samiran Gupta, the ICANN representative.

If ICANN does not handle the issue immediately, a class action suit may be filed against ICANN and its executives.

Request immediate attention and action.

Posted in Cyber Law, ITA 2008 | 2 Comments

Getting Ready for the New Era of Personal Data Protection

Posted on September 11, 2020 by Vijayashankar Na

Personal Data Protection Act is round the corner. Every organization handling personal information both of their employees or their customers need to get ready in understanding what we need to do for compliance.

FDPPI as the pioneering Data Protection Organization in India is organizing a free webinar on 23rd September 2020 between 10.30 am to 12.30 pm focussed on the SMEs and MSMEs.

The program is free to participate.

Request each one of you to spread the word so that maximum number of persons and organizations can take advantage of the webinar.

Those of you who are associated with industry organizations may kindly spread the word in your community so that your members can benefit.

Naavi

Posted in Cyber Law | Leave a comment

Divide and Destroy Policy to delay Passing of PDPB 2019

Posted on September 10, 2020 by Vijayashankar Na

Hindustan Times has carried an article today under the title “RBI Seeks exemption from Data Protection Law”. At first glance it appears to be a serious opinion from the financial regulator but on deeper verification, appear to be a planted story to support views of some lobbies.

Given an opportunity, there is no doubt that even FaceBook wants to be exempted from Data Protection Law and may be even other organizations. Just as the Parliament session is about to commence on September 14th and we are expecting that the JPC would place its recommendations to get the Personal Data Protection Bill 2019 (PDPB 2019) to the next stage, HT’s article suggests that there is an attempt to plant dissidence among the regulatory agencies.

In the next few days we may expect articles suggesting that even TRAI, IRDAI, SEBI etc all would like to be exempted from the PDPA.

It appears that this article is part of the propaganda unleashed to scuttle the passage of the Bill. In all probability this could be a fake story published to stir up a controversy.

The approach of PDPB is similar to GDPR in that it is not a sectoral approach to Privacy protection but an across the board approach. It will affect Financial information, Health Information, stock market information etc. To some extent it will disrupt the existing regulators. But this is natural and inevitable. In fact PDPB is a continuation of ITA 2000/Section 43A and hence there is no reason why RBI which was comfortable all these years when 43A defined financial information is “Sensitive Personal Information”, should raise an objection now.

In all probability the views expressed in the article are not that of RBI. In fact RBI was more stringent regarding the data localization and PDPB is far more lenient.

There is a strong lobby of credit card processors lead by NASSCOM which does not want “Financial Information” to be within the PDPB. The reason is that Financial information is the most valuable personal information and several organizations are making money in processing the information in a manner in which PDPB will not allow.

PDPB does not exempt even the DPA from the provisions of being considered as a Data Fiduciary and there is no reason why RBI or any other organization should seek exemption. It is also not clear why RBI should be concerned since the personal data it handles is minimal and is restricted to that of the employees. It is the individual Banks who would be subject to PDPB and hence RBI need not worry about any serious disruption of its activities.

When RBI collects any financial information of a data subject, it may come through a Bank and hence its role may be only that of a data processor. Also most of the time the data is used for monitoring the security of the financial transactions as well as for statistical purpose and hence PDPB has in built exempts for RBI.

There are several other points mentioned in the article as if they are stated by some anonymous representative of the RBI. It is however more likely that this is a planted story of some vested interests who are worried about the loss of their commercial opportunities to exploit the financial data of individuals.

The report is also false when it mentions that “Data Retention Norms” are mentioned in PDPB. There is no such norms and RBI’s regulations will determine how long Banks keep the personal data. Similarly it is wrong to say that PDPB does not allow storage of payment data abroad at least in the current version. It only says that a copy should also be kept in India.

RBI”s role as operator of RTGS and NEFT are technology platforms which are managed through the Banks and hence the role of RBI is only as an intermediary through which the data passes through and not as a Data Fiduciary.

The report therefore needs to be ignored as yet another attempt by lobbyists to check the passage of PDPB in the current session. It would be advisable that RBI comes up with its official view whether the comments attributed under the article are official views of the RBI.

Just as the CDS has to manage the relationship with the three service chiefs, the regulators like RBI, IRDAI, TRAI, SEBI etc., need to manage the relationship with the DPA and unless there are ego issues, senior people should be able to manage the overlapping issues that may come from time to time.

It is unfortunate that the media is trying to create a divide between RBI and the Government to help some industry interests to prevail.

Naavi

Posted in Cyber Law | Leave a comment