ICANN should release Domain Secret Code for transfer on request from the Consumer

Posted on July 13, 2020 by Vijayashankar Na

I refer to the problems in Net4India partially ceasing its activities discussed here through our earlier articles.

The refusal of the domain registrar to allow transfer of domain to another registrar is a problem of Consumers of domain name service which should be addressed through the Consumer Courts under the Consumer Protection Act.

I had requested for transfer of my domains namely cyberlawcollege.net, cyberlawguru.in and pdpsi.in to another registrar though they are not presently due for renewal.

However my other registrar has expressed his inability to transfer in the absence of the Authorization Code from the earlier domain registrar. This is a constraint imposed by ICANN in their procedures.

In my case the problem is compounded because the e-mail of the registrant registered was at vsnl.com address which Tatas have now stopped servicing. Net4India is not able to make any changes in the e-mail address.

Both Vsnl.com (Now owned by Tatas)  as well as Net4India are service providers who were providing services to customers in India because of the ICANN having given them the license. The Indian Government is a party to this arrangement since they have the overall responsibility for managing the Internet Governance system. NIXI is specifically provided the authority to deal with the dot in domain names.

Now the problems consumers are facing with Net4India has exposed the deficiency in service of ICANN, Net4India, VSNL (now taken over by Tatas) and The Ministry of IT, Government of India.

There are many lawyers in Delhi who raise PILs for many irrelevant things. The Supreme Court is also pleased to take any anti Government PIL even if it is an interference of the normal Governance function provided to the executive.

The problem now posed by Net4India to domain name consumers is a matter which directly affects the Freedom of Expression, causes a denial of acccess, besides large number of people losing money. This is a far more serious issue than many other issues for which the PIL lawyers are able to get the Supreme Court act even under the COVID lock down conditions.

The Supreme Court also takes up certain cases on Suo Moto basis. Many times PILs are admitted  even when the interest represented is of the elite or on the basis of religion or for political reasons or even if it is related to a Vikas Dubey the notorious criminal or the terrorists.

This is now a test for PIL advocates of Delhi as well as the Supreme Court.

Will they recognize the public interest inherent in this instance and make ICANN clean up their domain name registration system?…

Will they pull up companies like Net4India and Tatas who discontinue critical services without proper winding down of operations?

Will they make the Government or NIXI type of agencies of the Government to think of how to resolve such issues through notifications and advisories?

We await answers…

Naavi

 

Posted in Cyber Law | Leave a comment

Kris Gopalakrishna Committee submits reports

Posted on July 12, 2020 by Vijayashankar Na

Preliminary reports suggest that the Government is releasing the report submitted by Kris Gopalakrishna Committee on Data Governance for public comments.

 The committee was formed  for the purpose of recommending the regulation on Non Personal Data which is of relevance to Big Data Companies.

The copy of the report is not yet available in public domain but some details are available through this article in Economic Times

The detailed report is available here.

Public comments can be made upto August 13 here.

Some of the recommendations that the committee could have made are

  1. Appointment of a regulator for regulating non personal data
  2. Payment for processed non personal data by the industry to the Government

The panel  is reported to have suggested that

-data can be requested from businesses and government by various stakeholders — the government, citizens, startups, private organizations, and non-profit organizations — for social welfare, regulatory, sovereign, and economic purposes.

-Data for sovereign purposes may be requested for national security, legal purpose, or meeting a sectoral regulation requirement.

We may await for more information.

Copy of the Report

Naavi

P.S: Log in here for submission of comments

Posted in Cyber Law | Leave a comment

ICANN Has to find a solution to Net4India problem

Posted on July 12, 2020 by Vijayashankar Na

On July 31, 2017, I had written an article “Is Net4India closing down its operations?”

At that time I had some problems and subsequently my issues were to some extent resolved. However, in recent days, I am receiving many complaints from other persons affected by similar problems.

I had recently drawn the attention of Mr Samiran Gupta through another article “Name and Shame Rogue Domain Name Registrars” in the context of preventing Phishing frauds. But I did not get any response from him.

I have now taken up the issue of Net4India again with Mr Samiran Gupta and sent him the following e-mail.

Dear Mr Samiran

As a representative of ICANN, you are aware of the importance of the reliability of domain name registrars.
ICANN provides the accreditation to registrars and public place a reliance on these registrars and commit their brands to them in the form of Domain name registrations.
If any of these registrars get into financial problems and exit from business, there is a need for ICANN to step in and ensure that public are not affected.
One such situation seems to have arisen in India with Net4India, one of the leading service providers who provide domain name registration and hosting services is apparently facing problems.
 Many users have complained about not being able to transfer their domain registrations to other registrars. I have also experienced the same difficulty.
It is necessary for ICANN to work with Meity and ensure that one of the other registrars in India can take over the current domain name registrations so that customers are able to transfer them and take control of their cyber assets.
Net4India refusing to allow domain transfers should be considered as an offence under ITA 2000 (Section 66) and MeiTy should take suitable action.
I request you to initiate action in this regard immediately.
Regards
I have marked a copy to the Secretary of MeitY because this is a responsibility of Internet Governance in India. MeitY cannot remain a mute spectator to such  difficulties which they have failed to address through the amendments to Information Technology Act 2000 despite Naavi pointing out to them repeatedly in the past that Domain Name Disputes need to be addressed though ITA 2000.
We know that in critical services it is important to ensure that “License to Carry on business” should be accompanied by an “Obligation to ensure that customers are not left in the lurch when the license is withdrawn or the licensee exits the business”.
For example, if an organization is a Certifying Authority for digital certificate issue, in India, while there are licensing norms which may mandate a minimum capital clause, Pre-licensing audit and approval etc, there is a condition that if the licensee withddraws from the business suitable notice has to be given so that the certificate holders are able to port their services to another licensee.
Unfortunately, ICANN did not anticipate the problem of a Registrar walking away leaving the customers in the lurch. Now it is the responsibility of ICANN to sort out this issue. Otherwise, there could be legal action against the representative of ICANN in India.
I am not however advocating any such action against the officials of ICANN since they may be acting in good faith and Net4India may be having genuine business problems.
But it is the responsibility of Mr Samiran Gupta to make necessary enquiries about Net4India, hold a dialogue with MeitY and find a solution to this problem.
The MeitY has to come up with a notification under Section 79 of ITA 2000 for the time being that
“An Intermediary who is a Registrar of Domain Names, is responsible for being held guilty for denial of service and diminishing the value of information residing inside the computer” under Section 66 of ITA 2000/8 and if he exits the business guilty of Section 65 of ITA 2000 for having deleted the “Computer Source Code” when it is required to be kept for the time being., failing which Civil and Criminal action would be launched against the Intermediary”
At the same time, ICANN under the UDRP and NIXI under INDRP should enforce “Porting” of domain names at the request of the registrants, just as they do in  case of resolution of domain name disputes.
I request Mr Ravishankar Prasad, the honourable minister of IT to take up this matter on an urgent basis.
Those of you who are in Delhi and have complained about Net4India may kindly call on the Secretary MeitY and the Minister of IT and bring it to their immediate notice irrespective of the COVID related excuses any body may have.
If ICANN or MeitY is responsible, I expect a public response about this issue to Naavi.org.
I request those of you who recognize the problem to spread this message through the media/social media so that it hits the authorities loud and clear.
Naavi 
Posted in Cyber Law | 84 Comments

The Dangers of allowing Guest Posts

Posted on July 12, 2020 by Vijayashankar Na

Naavi.org has believed on knowledge dissemination and through out the 20 years of existence tried to spread knowledge freely. In the process, when some body wants to publish any article of their own on Naavi.org, I have obliged if the content is of relevance to the audience who frequent Naavi.org. When such content is published, Naavi.org would be an “Intermediary” and would be liable as per the provisions of ITA 2000/8 and also be able to claim the benefits of exemption from liability under Section 79 of ITA 2000/8.

But some times, people may misuse the facility of allowing guest posts.

One such occasion arose recently, when I received a request from a person named Badal Patel from myadvo.in. The article was titled “GDPR Compliance Checklist for Indian Companies”.

On February 29, 2020, I received an email as follows:

Hi,

I would love to provide a guest contribution to your blog. I’m also open to any of your ideas as well.

Anytime I guest post on a prominent blog like yours I always make sure to do 1200+ words, with images and data to back up any points I make.

I promise there will be no fluff, just actionable advice.

Let me know what you think. I’m excited to hear back from you.

Keep Up The Good Work.

Best Regards
Badal      

The sender was identified as

Badal Patel
Digital Marketing Executive
+917307390190
Plot No. 80, 4th Floor, Sector 44, Gurugram, Haryana – 122003, India
Since the article was of interest to the audience of Naavi.org, it was published on March 15 2020 as a “Guest Post” under the title “GDPR Compliance Checklist for Indian Companies”.
Very recently, on June 29, I received an email from Ms Jissy Joy, a student of National University of Advanced Legal Studies, Kochi that the said article was actually written by her and given to Myadvo.in for publication. Jissy wanted the article to be taken down as it was a copyright infringement.
As an intermediary, Naavi.org sent a notice to M’s Badal but did not receive any reply or explanation. Though the article can now be taken down, it appeared that better justice would be done to Ms Jissy if the article remains under publication with the note that a copyright infringement notice has been received.  
Accordingly the following note was appended to the article:
[This guest post was published at the request of badal@myadvo.in. An objection has been received on 29th June 2020 stating that the article was originally written by Ms Jiss Joy for publication in myadvo.in and there is a copyright infringement. A request has been sent to Ms Badal Patel for confirmation  for taking down the article. If no counter objection is received from Ms Badal Patel within a reasonable time, this article will be taken down…. Naavi..29th June 2020]
Now, whoever reads the article, will give credit to Jissy and understand that she might have been wronged. I thought this would be a better relief to Jissy than merely taking down the article and let Badal enjoy the benefits of publication of this article between March and June.
I had advocated such a measure for disputed publications on the internet(Refer Respond? or React? An E-Governance Dilemma ) on how to counter rogue websites.
Since I have not so far received any counter from Badal or Myadvo.in, I thought that this incident needs to be highlighted both for the benefit of Jissy as well as to advocate a strategy for addressing such issues. 
By keeping the article with the said note, it is felt that the beneficial use of the infringement has been prevented.
I would like to have the comments from others to this method of countering plagiarism.
Naavi
Posted in Cyber Law | Leave a comment

“National Self Reliance in Data Protection Certifications, Implementation and Audits”..FDPPI

Posted on July 11, 2020 by Vijayashankar Na

The much awaited Module G program of the Foundation of Data Protection Professionals in India or FDPPI (www.fdppi.in) which will provide training on  many relevant Data Protection Laws of the world including GDPR, CCPA, Singapore PDPA, DIFC Data Protection law and HIPAA will commence today (11th July 2020)at 4.00 pm IST.

The sessions will be online for 90 minutes each on Saturdays and Sundays starting from today upto August 23.

This is a significant step FDPPI has taken in preparing the Indian Data Protection Community to be aware of the multiple Data Protection laws to which the organisations in India are exposed to.

So far, Indian professionals had to opt for expensive global certification programs ane even in such programs the learnings were  often limited to one specific law such as GDPR. FDPPI recognizes that the life of a DPO in an Indian company is different from that of the DPOs in other countries. Most Indian companies handle personal data of different companies and it would be inappropriate if they apply “GDPR knowledge” alone as if every other law is covered by GDPR compliance.

FDPPI’s course is therefore structured to provide a reasonable overview of multiple data protection laws and given an opportunity for the student to develop a discerning view on these different laws.

FDPPI has already covered the Indian law separately in one full module over 14- hours of online training leading to certification of Module-I. Now this module called Module G will cover over 18 hours of online training and cover GDPR in fair detail and then the other laws to the extent feasible.

These certifications are two modules of the “Certified Expert Data Protection Professional” program developed by FDPPI. This Certification is still available for interested persons under the E Education initiative of Naavi/Cyber Law College.

While individual certificates such as “Certified Data Protection Professional (Module-G)”  will be issued to those participants who register for the Course along with Certification exam from FDPPI (Total Cost rs 18000), those who have opted only for the training and not for taking the certification exam (Total Cost Rs 6000/-) will receive participation certificate from the training partner, Cyber Law College.

This Certification program as well as the PDPSI framework of implementation of data protection regulation are two significant “Atma Nirbhar Bharat” initiatives taken by FDPPI in the field of Data Protection.

The objective of these programs is to establish “National Self Reliance in Data Protection Certifications, Implementation and Audits”

Those who have missed the registration and want to catch up before today afternoon when the program starts, may peruse the Prospectus and make payment through the following link to join the program.

REGISTRATION CLOSED

Naavi

Posted in Cyber Law | Leave a comment

Data Governance Regulator may be designated by the Kris Gopalakrishna committee

Posted on July 11, 2020 by Vijayashankar Na

According to a report in Business Standard  the Kris Goplakrishna Committee has submitted its report on “Data Governance” to the Government. One of the recommended regulations that has been leaked appears to be for setting up of a new regulator which perhaps may be called the Data Governance Authority. (DGA)

It would be interesting how the functions of the DGA would be defined in a manner that it does not interfere with the DPA. The critical aspect of this seggregation of roles between DPA and DGA is the classification of data as “Personal Data” and “Non Personal Data”. The issues of “Data Identifiers”, the “De-identification/Pseudonymization” or “Anonyization” will need to be clarified so that the industry is clear on what is regulated by DPA and what is regulated by DGA.

The concept of “Differential Privacy” which we discussed yesterday will be extremely relevant since the proponents of “Differential Privacy” claim that it could be an alternate to “Anonymization Before Big data analysis”.

The DPA as it stands today would like the personal data be anonymized before the Big Data industry takes it up for aggregation and generation of community related inferences. The “Differential Privacy” advocates however claim that they can process identifiable personal data and ensure that disclosures remain e “Anonymous”.

Similarly, there is a need to debate on a definition of “Shared Personal Data” and “Community  Personal Data” which can be clarified when the new Data Governance law is drafted.

Naavi

Posted in Cyber Law | Leave a comment