Equip yourself for a career as a Data Protection Professional in India

Posted on June 5, 2020 by Vijayashankar Na

A new career is unfolding in the field of “Data Protection Professionals in India”.  The subject of “Data Protection” is a techno legal domain. It can be considered as an extension of the Cyber Law expertise for legal professionals looking for Corporate careers. The IT and IS professionals can also look at this domain as an enrichment of their present expertise and acquiring an additional dimension to their current careers.

This knowledge could be a gateway for the new career opportunities in the field of Data Protection.

In the direction of preparing the professionals towards this new career, Naavi is conducting a series of educational programs in which more than 100 senior professionals have already taken part.

Over the next two week ends, Naavi is conducting another online program  which is a good opportunity for professionals to start their journey in this direction.

Probably when the Covid Lock down ends and the realities of economic disturbance hits the employment scenario, there will be need for professionals to preserve their positions by re-skilling themselves in appropriate futuristic knowledge. This is one such opportunity.

The participants of this program have the opportunity to also appear for the Certification examination of Foundation of Data Protection Professionals in India (FDPPI) and qualify as “Certified Data Protection Professional (Module-I)” by paying an additional fee subsequently.

Remember that India is already under a Data Protection regime under Section 43A of Information Technology Act. The forthcoming Personal Data Protection Act is only a new version of the “Due Diligence” and “Reasonable Security Practice” under the current laws.

Check www.cyberlawcollege.com for more details and payment

REGISTRATION CLOSED

Naavi

An opportunity is before you. Grab it today. Tomorrow may be too late.

Posted in Cyber Law | Leave a comment

Name and Shame Rogue Domain Name Registrars

Posted on June 3, 2020 by Vijayashankar Na

Congratulations to Delhi police fr busting the “Aysushman Bharat fake website fraud”.

It has been reported (Refer Indian Express article) that four persons were arrested in Delhi for running a fake website by the name ayushman-yojana.org and cheating public by offering jobs in the name of the Government. The fraud was brought to light after a complaint was made by the National Health Authority. The website had advertised 5116 vacancies in six states and received payments for registration of applications.

This fraud is a repeat of the fraud committed several years back when a fake website cgtmse-govt.in was opened to impersonate cgtmse.in (First reported on naavi.org: Loans through SMS ??  and Loans through SMS-Fraud Site confirmed. These articles were written on 16/7/2013 and June 11, 2014 but despite the matter having been brought to the notice of the owners of the genuine domain name, no remedial action was taken. Subsequently, a fraud of Rs 22 lakhs occured to a client of Punjab National Bank on which a complaint was filed. It was then reported (Refer article Chattisgarh Adjudicator passes compensation order for Rs 22 lakhs)  The compensation was awarded on 20/5/2016. (copy of order available here)

In the above case also it was the Delhi Police who had arrested the accused who had set up the fake websites www.cgtmse-govt.in, www.cgtmse-gov.in and www.pmay-gov.in. The name of the accused in this case were Sudipto Chatterji alias K.M.Acharya and Shekh Ibrahim.

The websites were disabled after the adjudication which was 3 years after Naavi.org brought the fraud to the notice of the public. During this time several other persons lost their money and this was evident in the fact that the beneficiary of the adjudication, Mr Mohanty got his money returned because there was money in the PNB account of the fraudster which was actually money collected from subsequent frauds. So, some body else who did not pursue the complaint lost the money and the person who pursued the case got his money back from the proceeds of the other frauds.

What we had pointed out at that time and reiterate now is that this fraud could not have been committed without the assistance of the Registrar of Domain Names and also the Bank (PNB in this case). These two parties should have been the co-accused in the fraud case and had to be punished. If the Adjudicator had exercised his powers under Section 46 of ITA 2000 fully, he could have ordered PNB to check all earlier fraudulent credits in the account and made PNB return all these o the respective victims. The domain name registrars would have also learnt  a lesson that they could have acted in 2013 after the Naavi.org made public the fraud and cancelled the domain name registration which would have been well within the their rights under the domain name registration contracts they would have obtained from the accused.

It is however not considered the duty of the domain name registrars and they continue to be the architects of the kind of frauds  that re-surface again and again. The Ayushman-yojana.org fraud is just another case which has been found now even as many such frauds are being committed even now.

The domain name was registered on 8th March 2020 by the registrar midwestdomains.com. It may be noted from the whois records that this domain name has been registered by an organization named HSIF Company in Uttar Pradesh.

Fortunately since “Privacy protection” was not enabled on the site, a research of other sites showing whois information reveals the following domain name registration details.

Name: HSIF Company

Address: B-7 Sector 64, Gautam Budhdha Nagar, UP, 201301

Phone 1204250001

E Mail: hr.hsifc@gmail.com

In my view it is the negligence of midwestdomains.com  has enabled not only the registration of the fake domain name. The registrar has also profited by such registrations. 

Name and Shame Rogue Domain Name Registrars

The question we should rise is

Should we not make these registrars also responsible for such fraudulent registrations as co-conspirators of the scam?.

Law permits these registrars to be considered as co-conspirators but the fact that these companies are like deep web companies and part of the criminal syndicate themselves makes it difficult in practice to draw them to courts .

But these registrars should be named and shamed and must be put on the “Rogue Registrars” list. ICANN should also be asked to change its current systems of appointing registrars and making them liable for proven cases of domain name frauds arising out of lack of verification of the identity of the registrants.

I request any official of ICANN to respond and let us know what action they take when such rogue registrars are reported and if they have issued any circular earlier that registrars have to identify the registrants and have failed to do so, what action can be taken now at least after a fraud has been reported.

Mr Samiran Gupta the India representative should be made a respondent in all future domain name related phishing and should be questioned on what action is taken at the ICANN level to prevent such frauds.

Mr Samiran Gupta’s LinkedIn profile here

ICANN also has to immediately stop the domain name registrars hiding the registrant’s identity under the privacy excuse since registration of domain name and running a website is a “Public-Business” activity and does not come under any “Personal Data Protection” laws of either GDPR or any other law.

ICANN and the registrars being blind to the cyber crimes being committed out of deliberate registration of fake websites is a bane of the Internet and is also increasing the cost of operation for genuine operators who have to block several related domain names only to prevent frauds of this nature.

In around 2002, Naavi promoted the concept of “Look Alikes Disclosure”  (Presently available at www.lookalikes.in) to enable genuine domain name registrants to at least declare these fraudulent domain names. But this also requires some efforts on the domain name owners to display a link to the lookalikes data base like the following:

This service was proposed but could not be commercialized. May be its time has come now.

I wish Delhi Police check up if the current gang of fraudsters in the case of Ayushman-yojana.org have any connection with the earlier fraud and if so ensure that they get appropriate punishment in the Court for repeated offences.

A Note to honest Registrars in India

This article refers to those registrars who are in the wild west abetting the Cyber Criminals and refuse to be accountable. Other honest registrars may kindly excuse me for using the title as I have done here.

However, even these registrars need to introduce policies and procedures to ensure that proper KYC is done on the domain name registrars so that impersonation frauds are reduced to the extent possible.

If possible look at the proposed Personal Data Protection law in India which has suggested social media intermediaries to introduce a system of verifying the users. Introduce a similar system in domain name registrations and refrain from providing “Privacy Protection of Who is data”. Who is data is not a personal information but is a public business information.

NIXI should also incorporate these guidelines as “Best Practices in Domain Name registration” and be a model to the world. Mr Samiran Gupta can coordinate some of these changes with NIXI which is the policy formulator for Dot IN domains.

Naavi

Posted in Cyber Crime | Tagged | Leave a comment

A Movement in Data Protection has started in India…

Posted on June 2, 2020 by Vijayashankar Na

A detailed 44 minute video including the Question and Answer session is also available here

Posted in Cyber Law | Leave a comment

Cyber Law Courses from Naavi…a reaction to cherish

Posted on May 31, 2020 by Vijayashankar Na

“Most of us don’t want to learn law primarily for two reasons, one subject being little dry and secondly we feel lawyers are there to take care. After attending this workshop conducted by Guru Na.Vijayashankar (Naavi) and organised by …. ,I realised the subject is fantastic provided taught by a person who himself knows the subject. At the same time as a citizen an IT professional need to know basics . Otherwise we as security professional are dependent on others as first responder for any un toward incident. Can’t claim to be an expert but at least aware. Thanks ….for making me part of this learning experience. My prize possession.”

A Director, Information Security

It was a pleasure to complete two short programs on Information Technology Act 2000 to Information Security professionals during the last two weeks. The Course was conducted over 12 hours and covered the ITA 2000 from a Techno Legal perspective.

One of the participants posted the above comment in his linkedIn profile which I thought I should share with others, just to highlight the need of IT/IS professionals to be also aware of ITA 2000.

For some time now I had restricted to teaching only Data Protection and it was after a long gap that I returned to teaching ITA 2000. It was refreshing. I also felt honoured by several senior IS professionals from major companies in India being part of these programs.

Naavi

Posted in Cyber Law | Leave a comment

To Whomsoever It May concern…. One Question to Mr Modi on one year of completion

Posted on May 30, 2020 by Vijayashankar Na

To Whomsoever It May concern

Right now, I am asking one question to Mr Modi on why he is ignoring the need to remove the Digital Black Money which is taking roots in India. I hope I will receive the answer if not from Mr Modi, from any of his deputies.

(I am leaving aside the many good things Mr Modi has done during the last one year and ignoring the difficulties that  have arisen due to the COVID Crisis and the continued challenges posed by the anti national opposition.)

I am speaking of the “Crypto Currencies” lead by the “Bitcoin”, which is the digital black money that seems to have encroached upon us and mocking at all the honest tax payers who are contributing to the welfare of the economy while the corrupt are feeling victorious.

“Bitcoin” is an anonymous asset that poses itself as a currency to replace Indian Rupees. Once rupee is converted into Bitcoin, it can further be converted into many other crypto currencies all of which are anonymous. They can also be converted into some foreign currencies and convertible into any other foreign currency. It therefore facilitates havala transactions in a jiffy.

Bitcoins and other crypto currencies are held in  wallets which are as easy to set up as an e-mail account. There is no need to go through any stringent KYC process and people can use an anonymous Proton mail account and an online pseudonymous mobile number for additional authentication if required.

Bitcoins can be loaded onto the wallets and withdrawn through an exchange. Exchanges may have different forms of conducting KYC. After the various controversies some Indian exchanges have introduced some system of KYC but it would not be difficult to open benami accounts in these exchanges and transfer the bitcoins to other benmi wallets outside India. Even if the first account is identifiable, subsequently the Bitcoin can be transferred to an anonymous wallet, re -bought at a loss and account closed booking a capital loss while the original asset is converted into a benami wallet. It is a very effective money laundering operation.

Currently the exchanges in India are doing Bitcoin transactions following the helpful decision they extracted from the Supreme Court on the RBI’s prohibitory circular. It is therefore now possible to use the exchanges to link to Indian Bank accounts and transfer rupee balances in Banks into Bitcoins and later change it to other crypto currencies and foreign exchange without any control from RBI. Neither RBI nor any other department of the Government have tried to re-issue the RBI circular or ask for a review of the decision of the Supreme Court. Hence exchanges are now free to do their business of converting Indian rupees of investors into Bitcoins.

Initially the benami bank deposits will get converted and later, even honest tax payers will also start converting their rupee deposits into crypto currencies. The stock market investments will also get eroded to some extent and all other benami assets including gold may get converted into the crypto currencies.

Once we allow the termite of Bitcoin to settle down, it will gradually eat away all the rupee assets in our Banks and create a crisis in our financial systems.

Since Bitcoin is the currency of choice for “Bribery”, the entire community which is corrupt and want corruption to continue will not raise their voice against Bitcoin. The Cyber Crimes will also proliferate since Bitcoins are the currency of choice for ransomwares and operations in the deep web. The terrorists will also be happy since they can pay the sleeping cell operators in India through Bitcoins and not take the trouble of printing fake currencies.

In summary, Bitcoin is a perfect black money and presently it is allowed to be used freely in India.  One of the failures of your administration has been your inability to ban Bitcoins and Crypto Currencies.

I am sure that there are many excuses for not doing it and also shift the blame to RBI. None of the excuses however indicate that it is not possible to ban Crypto Currencies. Some experts are misguiding the Government that instead of “Banning” we should “Regulate”. It is easy to “ban” but tougher to “regulate”, though it is possible to achieve “Banning” through “Regulation”. But the Government is not keen on pushing through the draft bill which is already with the Ministry of Finance and under the cover of the Covid, Bitcoin is establishing itself.

Banning Crypto Currencies is like “Demonetizing the Virtual Currencies” and should have been done along with the demonetization of the high denomination currencies.

I wish the Government takes note of this failure and try to address this at least in the next session of the Parliament.

Naavi

Posted in Cyber Law | Leave a comment

“To Whomsoever It may Concern” …series of postings

Posted on May 30, 2020 by Vijayashankar Na

Dear Friends of this Blog,

This Blog has been running since 1998 and on various occasions made comments on Cyber Law as it has been emerging in our country. These were meant to develop Cyber Jurisprudence in an area where even the Courts are learning.

Cyber Jurisprudence need not be considered only as what can be ascertained in the words of wisdom contained in a Court judgement as many law teachers may believe. I believe with my 40 plus years of teaching of law both in the Banking field and Cyber Law field that many times Courts depend on the views of the advocates who put across their views and the judges donot take an independent view of their own. Though in the higher courts, the judges are free to do so, they only respond when there is a constitutional view and even here, some judges swear by what is written in the Constitution and some say they have the power even to re-interpret the words written in the Constitution.  As a result the Courts do what they like to do  and some times give a slip to what is good for the society.

The Courts have supported Constitutional amendments from the earlier version to “Secular” version but will not support the reversal. Mr Ravi Shankar Prasad often speaks of the “Original Constitution” that had the pictures of Rama and Krishna, as he did in his lecture recently in the NLSUI- Madhava Menon Lecture series. But he does not say why today Indian constitution bars the teachings of Ramayana or Bhagavadgita openly in our schools. Every body have their own constraints including Mr Modi and Amit Shah or even the Chief Justice of India.

But we the Citizens of India in whose proxy name the Constitution is being protected by the Government and the Courts are often denied our right of expression.  Each one of us who have some vested interest try to be diplomatic in our expressions so that we donot offend one section or the other. The silence of the majority is therefore the bane of our society.

I have been speaking in good faith about many developments in the Cyber Law area in India through these columns trying to draw the attention of different decision makers.

As a citizen of India, I have felt it is my duty to draw the attention of Ministers as well as the Judicial authorities on many occasions so that they can do what is right for the society.

However, the persons in power who need to do their duty often are happy to keep quiet. Many of them may agree with what I say but donot have the opportunity to speak out or the courage to speak out.

I have therefore decided to open a series of articles under the series “To Whom So Ever It May Concern” (TWSEIMC) in which certain things relevant to the field of Cyber Jurisprudence would be discussed.

I hope like minded citizens join me in this campaign and try to draw the attention of the authorities  so that those who have the power can do what they can within the legal boundaries.

This series is not going to discuss purely political matters but try to restrict it to professional discussions.

Looking forward to your support.

Naavi

 

Posted in Cyber Law | 1 Comment