Comments on the Parliamentary Committee Report on ITA2006
In SA, it is Rs 300 per card skimming
One of the sources from which credit card fraudsters collect information on credit cards for committing online frauds are the physical credit card usage places such as Restaurants, Petrol bunks etc. In these places where the customers give away their credit cards, skimmers are distributed to the attenders who are tipped for every card skimmed. In South Africa recently several employees of a Hotel were arrested for such a fraud. It is reported that they were being paid SA Rands 50 (approx: Rs 295/-) for every skimming.
To prevent such frauds, it is necessary for establishments to practice "Due Diligence" in the form of introducing mandatory procedures to prevent skimmers being used and if possible use portable credit card swiping devices so that the cards can be swiped in front of the customer without being taken out of sight of the customer. credit card issuers also have to start issuing separate online credit cards and disable physical cards being used online. The I-Pin is one of the possible solutions but not as good as separate cards... and there are other solutions for creative business entities...
Report in capetimes.com
Mobile Frauds.. Need to watch out!
Users of mobiles are now the targets of frauds. Many of these frauds replicate the Internet/E-Mail frauds. With the growth of Smart Phones, the devices are now prone to virus and phishing attacks similar to key logging attacks on the computer. It is time for mobile owners to be on guard. Article in TOI
SMS as Evidence
Recent incidents of SMS spoofing has taken the predictive trend where criminals are using it to defeat SMS as a piece of evidence as is being attempted in the Prmaod Mahajan murder case. The article referred to below explores how the SMS data can be changed within a mobile. Despite these revelations, it is to be remembered that SMS is still an admissible evidence in a court of law though the defense can try to prove that it is not reliable. This is a challenge which Mobile Forensic specialists will now have to overcome. Article in TOI
Parliamentary Committee Report on ITA 2006 ..analysed..by D.Venkatesh Pastay, Advocate
It is felt that the opinions and views expressed by the mainstream media representing the lopsided version of the facts and needs of the society does not serve well from the point of view of responsible journalism. It is high time media stood up in favour of unbiased reporting and against the presentation of views which are in effect unfair from the larger society’s interest point of view. Detailed Article
Action against Swisscash
Naavi.org has been highlighting the Swiss Cash scam for quite some time now. Those who have invested and would like to take action against Swisscash may visit www.peoplevsswisscash.blogspot.com and explore options.
The Future of Lawyers
This series of articles published in timesonline.com written in the context of the UK markets are relevant to the Indian context as well and legal professionals may find this interesting. Perhaps it is time for us to start a parallel debate in India too on the subject.
Legal profession is on the brink of fundamental change Outside investors will demand a very different type of law firm A decade on-much changed, much still to unfold No one has a vision for the next generation of lawyers' How the traditional role of lawyers will change Will lawyers exist in 100 years? Join the debate
Banish these offenders from Cyber Space
The content on some of the dog haters communities in Orkut.com which are shocking and revolting was brought out by some animal lovers. Animal lovers have sought criminal action against the community as well as the Intermediary (For not withdrawing the content when it has come to notice the illegal activity).
We fully support the move to prosecute the persons who posted the disgusting content as well as Orkut.com. We also suggest that the e-mail and Google membership accounts of the persons who have posted the illegal content has to be immediately disabled and cancelled. This is the equivalent of "banishing" the offender from the netizen community. No doubt the person may re-surface with some pseudo identity but still the banishment would be a show of the community's disapproval. Report in ptinews.com :Report in ET
New Phishing Attack on Gmail Users
Naavi.org has noticed that the following mail is in circulation to gmail users:
Dear Account User
Due to the congestion in all G-mail users and removal of all unused OldAccounts, G-mail would be shutting down all unused Accounts, You will have to confirm your E-mail by filling out your Login Info below after clicking the reply button, or your account will be suspended within 24 hours for security reasons.
* Email : ......................................................
* Password : ......................................................
* Date of Birth: ......................................................
* Country Or Territory : ......................................................
After following the instructions in the sheet, your account will not be interrupted and will continue as normal. Thanks for your attention to this request. We apologize for any inconvenience.
Account owner that refuses to update his or her account before two weeks of receiving this warning will lose his or her account permanently.
Thank you for using G-mail
Recipients are warned not to respond to the mail since it could lead to their identity being stolen.
It is necessary for Google to note that the phishing mail is emanating form the email address firstname.lastname@example.org. If Gmail does not immediately disable this e-mail account, Google would be vicariously responsible for the phishing due to their negligence.
November 21, 2007, 12 45 pm
PETA Demands closure of “cruel” Orkut community
PETA has urged Mumbai police to immediately direct Orkut.com to block illegal content showing cruelty to animals and to initiate appropriate action against the members who have claimed to have committed acts in violation of Prevention of Cruelty to Animals (Act) 1960...details at ptinews.com
In UK, Identity theft is a Billion Dollar business
The recent controversy regarding lack of security of information of UK Visa applicants has raised concern all over the world about the consequences of organized identity theft. It is learnt that over 100000 applicants of UK Visa are now facing the risk of their identity being stolen and used for creating false profiles of people who may be carrying out illegal activities. Some of these people should not be surprised if they read in the news paper that they were shot dead in some Police encounter while being engaged in a terrorist activity!. The reason why identity theft is increasing day by day is that there appears to be an economic incentive for the thieves. According to one survey a stolen identity is reportedly worth £84,000 in terms of the income it could generate for thieves. The going rate for a driving licence is apparently £1,000 and £5,000 for a sham marriage to a British citizen. The Home Office puts the price of Identity theft in the UK as £1.7 billion each year. Report in Gaurdian.com : Report in Computer weekly
In the light of this data breach incident, there is a demand for criminalization of data breach to supplement the fines prescribed under UK Data Protection Act. It is interesting to note that in India a data theft would qualify for Section 66 (ITA-2000) offence for which there is a 3 year imprisonment prescribed under law. Additionally Sec 43 prescribes compensation for damage suffered upto RS 10 million. Probably, Indian law provides better data protection than the UK law!
Virtual Theft....A new Concept of Crime
Some time back the news of a virtual fraud on the Secondlife.com website and a case having been filed in the physical space Court had been reported which had indicated the interesting possibilities of a Inter-Society Crime between the Physical Society and the Virtual Society. In another incident of similar nature, it has now been reported that a Dutch student has been arrested for having stolen the virtual furniture which some others had purchased for hard cash.
If a similar crime happens in India, can we book it under any of the provisions of law?.. is the natural question we face. Obviously this would be a fraud under IPC as well as an offence under Section 66 of ITA 2000. Compensation would also be possible under Section 43 of ITA 2000.
However this raises the thought .. "Do we need Virtual Prisons" to "virtually imprison" the "virtual thieves"?
Details at rediff.com : Another virtual Crime at secondlife.com
Related article in naavi.org: "Learn to Unlearn", the first principle of "Cyber Jurisprudence
RBN Suspected to be Re-Grouping in China
The Russian Business Network which has been accused of Cyber Crime support services on a very large scale is suspected to be regrouping its activities with a shift in the focus of its operations to China. Report in Timesonline
Don't get fooled by this type of SOS
One of the recently increasing types of scams is an e-mail from a known friend which states some thing similar to the following.
HELLO, HOW ARE YOU DOING? I WANT YOU TO KEEP THIS CONFIDENTIAL BETWEEN BOTH OF US, I KNOW THAT I CAN PUT MY TRUST IN YOU ON THIS. PLEASE DO NOT LET ME DOWN. RIGHT NOW I AM IN AFRICA, NIGERIA. I CAME HERE ON A TRIP TO SEE A FRIEND AND WHEN I GOT HERE I LOST MY WALLET CONTAINING THE ADRESS OF MY FRIEND AND HIS CONTACT PHONE NUMBER, ALONG WITH MY ATM CARD AND OTHER VALUABLES.SO RIGHT NOW I DO NOT EVEN HAVE ANY MONEY ON ME . I AM STAYING IN A HOTEL NOW, AND THE MANAGER IS ALREADY RANTING OVER HIS MONEY AND AS TIME GOES BY THE BILLS ARE INCREASING. I WOULD WANT YOU TO LOAN ME $2000. I PROMISE TO PAY YOU BACK AS SOON AS I GET BACK… I WOULD WANT YOU TO HELP SEND THE MONEY VIA WESTERN UNION . GET BACK AT ME ASAP.
Beware that this is part of a fraud that is in circulation in India and often starts with the attacker getting your e-mail password through phishing or otherwise.
IndiaTimes Hack Leads to Cocktail of Compromise
Some time back, we had highlighted that a page of Indian Express website had been infected by an advertiser to enable him serve ads to the visitors searching for the Indian Express page. We had also reported on the infection of the Bank of India website. Now it is reported that India Times pages have also been infected with a malicious code which included a cocktail of downloader and dropper Trojans, assorted other malicious binaries, and large amounts of scripts, cookies, and other non-binaries. It is also reported that when this was first reported to Times of India there was no security person available and the caller was told that it was a holiday in India and the matter could be attended only on Monday.
The incident highlights how negligent are our website owners though the sites are maintained by major industry houses with necessary resources..... Detailed Report
Cyber Terrorism and Its dimensions
While the Parliamentary committee headed by Mr Nikhil Kumar turned down the ITA 2000 Amendment Bill, it also recommended that the Act should provide for defining "Cyber Terrorism" as an offence under the Act. It is necessary to recognize that "Cyber Terrorism" includes both "Use of ICT in support of Physical Terrorism" as well as "Terrorism in Cyber Space". In order to define the offence of "Cyber Terrorism", it is necessary to understand all the dimensions of the offence. This article The Dark Web Of Cyber Terror – An Inescapable Reality contains a good discussion on the dimensions of Cyber Terrorism.
How Changes in a Printed Document could amount to Hacking
Cyber Crime Complaints and Resolution Center (CCC-RAC), Bangalore recently received a complaint which brought out some interesting but subtle aspects of the Information Technology Act 2000 often missed at first glance.
The essential part of the complaint was that an online stock broking agency had taken an application form of a client in print. Subsequently there were some disputes and when the client asked for a copy of the application form submitted by him he found that some body had entered an email address in the form which he had earlier signed without filling up the relevant portion. ...
In this incident, one of the queries raised was whether the incident reflected any offence under ITA 2000. In view of the wide ramification of the incident, we are presenting herewith some of the provisions of ITA 2000 which makes the above offence an offence under Section 66 of ITA 2000. Consequently Section 85 of ITA 2000 becomes relevant to establish vicarious liability of the Broking firm and also Section 43 of ITA 2000 to invoke a claim for damages....More
Is Anonymity on the Net under threat?
"Anonymity on the net under fire"..cries out a report in ndtv.com..
The report opens a debate on whether stringent laws against anonymous profiles being used in social networking sites is detrimental to the growth of Internet or not.
Some experts seem to feel that laws may stifle growth of Internet.
It is however necessary for us to differentiate between "Anonymity", "Pseudonomity" and "Impersonation". What the law should attack is "Impersonation" in the name of "Anonymity" which reflects in the problem of fake identities in the social networking sites. These are harmful to the person whose identity is assumed by another person and has to be checked even if this affects the growth of Internet.
However "Anonymity" or "Pseudonomity" which protects the privacy of a person and still enables a person to work on the Internet need not be banned.
Practically, it is possible that some activities which start as harmless activity may turn out to be perceived as harmful at some other point of time. Law has to provide for intervention in such cases. This requires that "Anonymity" or "Pseudonmity" to be unravelled under an operation of law. This is precisely what happens today when an ISP reveals the user of an IP address or an e-mail provider provides the membership details.
Law should therefore mandate that membership of Internet services should be based on real identities but the user may be allowed to assume public avatars which are different but not resembling other known identities. Such "resemblance" may not be measured only in terms of "name" but also with reference to the assumed profile.
This would break a middle ground which is acceptable both to Privacy supporters and regulatory bodies.
Perhaps we can experiment such an innovative provision in the future version of amendments to ITA-2000
Error by Pune Police brings discredit to ITA 2000
The midnight arrest of a Bangalore software professional on the grounds of defaming Shivaji on orkut.com and his being held for 50 days in Yerawada jail without trial has raised predictable concerns as this blog post indicates.
Now the blame is being placed on the law namely Information Technology Act 2000 (ITA-2000) which is being dubbed as "Draconian". In the process the mistake of the Police and AirTel will get sidelined...under Section 80 of ITA 2000, Police have only limited power of arrest which can be exercised "only in public places" ...This section does not give any powers to the Police to arrest a person at his house nor office....the Police mis-interpreted the law and caused the arrest and it is not proper to term ITA 2000 as a "Draconian law"...More
National Workshop on IT Law at BV Bellad College, Belgaum
BV Bellad College Belgaum conducted a National Workshop on IT Law on November 3rd at the Lingaraj College auditorium. Mr H K Patil, former Law Minister of Karnataka inaugurated the programme.
Honourable Justice of the High Court of Karnataka Sri N Kumar was the chief guest and also spoke on the salient features of Information technology Act.
Naavi participated in the programme and spoke on the Information Technology Act and Emerging Cyber Crimes.
Hubli as a Cyber Law Aware City
Digital Society Foundation has now embarked on an ambitious project of creating a Society of Cyber Law Aware citizens in the Hubli command area in association with Hubli Police, G K Law College and some IT Companies. The immeidate target audience in this respect include Students in High Schools and Colleges, Professionals in IT Companies, Police, Bankers and the teaching community in general. More information on this project "Hubli as a Cyber Law Aware City" will follow.
Fighting Online Crimes requires focus on Education
At the cost of repetition, it may be stated again that the Cyber Crime fighting requires a focus on education at all levels. Related Article: Online crime fight needs more than law enforcement
An Unpardonable Blunder..by Pune Police and Airtel
In a show of gross negligence and arrogance on the part of the Pune Police and Airtel, a software engineer in Bangalore has been kept in custody for 50 days in the Yerawada jail.
According to the report, the software engineer was arrested in Bangalore from his residence under the allegation that he was responsible for the posting of some information defamatory to Shivaji on a social networking site and was being arrested under the provisions of ITA 2000. He was released after 50 days on an application of a BJP activist with the information that Airtel had given a wrong lead related to the IP address query.
In the whole tragedy, there was also perhaps a role for a magistrate who refused to grant bail because he failed to assess the offence appropriately.
No doubt that this statement of the Police nails Airtel to a charge of gross negligence and the Police should immediately proceed against Airtel for giving false information and misleading an investigation.
Secondly, the affected person should be able to claim substantial compensation from Airtel for the harm caused to him which will leave a long term psychological impact on the victim and his families impossible to be fully compensated financially.
Lastly it is not possible to understand how a "Defamation" charge was considered an offence under ITA 2000 and considered cognizable. If the charge was under ITA 2000 then there was no power to the Police to arrest the person from the private place.
It is clear that the Police have also erred in a manner that Human Rights Commission should take suitable action in this regard. It is strange that the same police force which hugs and kisses a terrorist sympathizer and a convict like Sanjay Dutt could treat a professional in the manner in which they have done.
Even if the person was guilty, there was no need for an immediate arrest more so in the midnight in a neighboring state in gross violation of accepted procedures and principles.
It is necessary for the Supreme Court to take suo-moto cognizance of the lapses on the part of the Police and Airtel and provide a suitable relief to the affected individual.
This sort of bungling affects genuine investigations and also discredits ITA 2000 which is already under attack by vested interests. The supporters of the ITA 2000 amendments now have a huge stick to beat the act.
But the incident only shows how untrained and un informed Police may misuse law rather than any weakness of the law itself.
Related Report in Sify.com : report in telegraph.com
PR Syndicate honours 'Cyber Law Guru of India', Na.Vijayashankar
PR Syndicate, (an organization of Corporate PR Professionals in Chennai,) celebrated its First Anniversary on 20th January 2007 at Russian Cultural Centre. On the occassion, "Award of Excellence in Public Life" was presented to 'Cyber Law Guru of India' Na.Vijayashankar...More
Naavi's latest book "Cyber Laws Demystified" was soft launched at the Nimhans Convention Center during the Indian Police Congress. The book is a comprehensive coverage on Cyber Laws both ITA-2000 as well as IPR and other issues.
Structured into 24 chapters it also covers the proposed amendments to ITA-2000 in detail as an appendix. A copy of the Information Technology Act 2000 is also appended to the book.
The book also has several individual chapters on the legal issues of Cyber Banking, Cyber Advertising, Cyber Taxation and Cyber Terrorism.
The book is priced at Rs 750/-.
For Enquiries and Bulk orders click here. :
What is Naavi.org?
Naavi.org is India's premier portal on Cyber Law. It is not only an information portal containing information on several aspects concerning Information Technology Law in India but also represents the focal point of several services around Cyber Law carried on by Naavi.
The first such service is the Cyber Law College a virtual Cyber Law education center in India which provides various courses on Cyber Law.
The second key service is the Cyber Evidence Archival center which provides a key service to help administration of justice in Cyber Crime cases.
The third key service is the domain name look-alikes dispute resolution service which provides a unique solution for websites with similar looking domain names to co exist.
The fourth key service is the online mediation and arbitration service another unique global service.
The fifth key service is the CyLawCom service which represents the Cyber Law Compliance related education, audit and implementation assistance service.
Additionally, Naavi.org is in the process of development of four sub organizations namely the Digital Society Foundation, Naavi.net, International Cyber Law Research Center and Cyber Crime Complaints and Resolution Assistance Center. Digital Society Foundation is a Trust formed with the objective of representing the voice of Netizens in various fora and work like an NGO to protect their interests. Naavi.net is meant to develop a collaborative distributed network of LPO consultants. International Cyber Law Research Center would support research in Cyber Laws and Cyber Crime Complaints and Resolution Assistance Center would try to provide some support to victims of Cyber Crimes.
Together, Naavi.org represents a "Cyber Law Vision" that goes beyond being a mere portal. Started in 1997, when the concept of Cyber Law was new across the globe, consistent efforts over the last decade has brought Naavi.org to the beginning of "Phase 2" in which the services are ready to reach out to a larger section. This is recognized as the phase of collaborations and growth by association. Naavi.org will therefore be entering into a series of associations to develop each dimension of its vision with an appropriate partner. Individuals, Organizations and Commercial houses which have synergistic relationship with the activities of Naavi.org are welcome to join hands in commercial and non commercial projects of Naavi.org.
Add Your Comments Here
If you would like to know more about Naavi, the information is available here.
For Any Payments to be made to Naavi online : Naavi_s Payment Center