Victory for Media Pressure

The intense media pressure created in the aftermath of the Gurgaon fraud finally had its result in getting the Prime Minister of the country endorse the call for a new "Data Protection Act". We have reached a situation where media has created a perception that "If a new law is not passed, data protection in Indian BPOs will be weak".

The option is still before the Government.. either to amend the ITA-2000 comprehensively or to scrap it and go for different laws.

It must be remembered that "Data Protection Law" is not complete without "Privacy Rights" and the law cannot discriminate between rights of Foreigners and Indians. It is doubtful if our e-Governance system is ready for "Data  Protection" concerning Indian citizens.

In the end, multiple laws also mean that CEO 's in IT industry will be running around "Compliance Management" rather than "Business Management". More

This Sting is Not Journalism...It is a Crime

In the episode of the Gurugaon BPO fraud, there is still one aspect left unexplored. It is the analysis of the nature of the operation of Journalist resulting in the accusation of a person as a fraudulent person and killing his career for the life time.

..it is established that the act of SUN as a magazine and Mr Oliver is a crime under different sections of ITA-2000 and IPC. ...If Haryana police fail to act against the journal, it will open up charges of inefficiency and possible favouritism including possible corruption at the Police circles...Details

Ignorance Induced Frauds..reduction through training

In a bid to create better awareness of Cyber Ethics in the BPO industry as a fraud risk mitigation strategy for BPOs, Naavi has structured a "Ethical BPO Professional Training" to be administered as an in-house training programme for BPO employees.

The half day programme will create the required minimal awareness  at the employee's level to reduce incidence of ignorance induced frauds and also provide a certification. The certified professional's list will  be entered in a register to be maintained by Cyber Evidence Archival Center...Details :Contact Naavi for schedules

IT Companies Now Have one More Concern

Here are some extracts from the Bill on Sexual Harassment of Women in workplaces. If this becomes a law then HR managers of IT and BPO companies where there is a significant number of women employees will have a tough time in maintaining a harmonious working relationship. Some may even feel that an "All Male Office" would be a safer place to work in. I invite comments from others to debate the contents of the Bill which is likely to go into the Parliament shortly. Additional information on the Bill is also welcome. ..Details

Beware of Abuse of Law!!

After the initial condemnation of Indian BPOs on the one hand and the accused Karan Bahree on the other hand, the media has now started recognizing the need to be balanced in their views....Amidst the global concerns about data protection and BPO industry interests, it is also necessary for us to recognize that if this turns out to be a hoax case motivated by extraneous considerations, the damage done to the employee is some thing which will not be corrected.

While many are calling for stringent laws such as 10 years imprisonment, 50 crore civil liability etc for such offences, I would like to warn the public and the experts that going overboard and enacting very strict laws will be amenable to abuse of the laws...Details

Is America Shedding its "Democratic" traditions?

The surprising 9-0 vedict in the Supereme Court against music file sharing in the MGM Vs Grokster and StreamCast case has raised eye brows in certain parts of USA about the lack of support to uphold the "Freedom of Speech" and "Freedom of Technology".

It appears however that this may not be an isolated event since the commercial pressures in USA appears to be slowly overpowering its democratic considerations paving the way to reflect if this is a tendency towards "Dictatorship directed by Commercial Considerations".

One of the US based Netizens has pointed out another US Supreme Court  verdict (5-4 majority verdict) which came on June 23, 2005 where the Court upheld the right of the Civic Authorities to acquire private land for city development. What is important to note here is that there was a commercial motive behind this move. The judgment itself said "local governments can seize property from land owners and turn it over to private developers to increase local tax revenues."..as if "increasing local revenues" and "public good" are synonymous.

Landmark Judgment in US on File Sharing

In a surprisingly unanimous decision, the US Supreme Court held that those who promote "File Sharing" are guilty of copyright infringement. Experts opine  that the judgement does not make Peer to Peer technology illegal but only affects a deliberate misuse of the technology. Yet the complete implications of the ruling is still to be evaluated. It could however be termed as a victory of the Entertainment industry over technology.

The ruling says "..one who distributes a device with the object of promoting its use to infringe copyright, as shown by clear expression or other affirmative steps taken to foster infringement, is liable for the resulting acts of infringement by third parties.".NYT report : The Supreme Court's Ruling on MGM v. Grokster: What It Is and What it Means for You ..villagevoice.com : Details from copyright.gov

Phishing is covered under Indian Law

This report in ET about Delhi High Court decision in a phishing case again proves that Indian laws are capable of dealing with emerging Internet frauds...Report

Media Disinformation on Data Protection Laws in India

The twin BPO frauds  of Mphasis and Infinity e-Search in quick succession has given raise to a series of discussions on the status of Data Protection Laws in India. Unfortunately several media persons as well as industry persons have gone on record with statements indicating that either there is no data protection laws in India or if it is there, it si grossly insufficient.

The efforts of Naavi.org in clearing the air is a drop in the ocean when NDTVs and Economic Times continue to speak in a different tone.

A small attempt has been made in this report just to high light the fact that the media may require better understanding of Indian Laws on Data Protection before adding fuel to the fire of speculation about security. ..Details

Infinity e-Search Contradicts itself

The Gurgaon BPO fraud has created an embarrassing situation for Infinity e-Search, the company in which Mr Karan Bahree was employed. Initially, the company claimed that it had nothing to do with the data scam.  However, today the Company is reported to have sacked Karan. If Karan is convicted of the crime then without any further proof, Infinity e-Search will also be primarily liable under Section 85 of the ITA-2000. It appears that Infinity e-Search is digging its own grave by sacking Karan. Details

The capital of cyber crime is the US, not India..Times of India

This editorial in TOI is interesting as an expression of faith from the Indian media on the BPO security which is rare. Such support is essential if we need to address the international conspiracy in bringing disrepute to Indian BPO industry...Naavi

Threat to Indian Sovereignty ?

The Gurgaon BPO case has opened a Pandora's box on the jurisdictional aspects involved in the Cyber Space offences. ... As a fall out of such instances, the jurisdiction discussions are now entering the financial regulatory area ..

It is reported that the Office of the Comptroller of the Currency (OCC)  has requested permission of the RBI to inspect BPO outfits in India which process information on behalf of US Banks.  ...Agreeing to the request of OCC may have the effect of opening a door for loss of Indian Sovereignty on the operations of the Indian Companies.

... this could be an opportunity to define how we can define the jurisdiction of Cyber Offence incidents. ...we may debate the possibility of developing an apex nodal authority such as "BPO Regulatory Coordination Authority of India" through which all the foreign regulatory bodies work for imposition of any regulations on the Indian soil. Details

This Could be Cyber Terrorism

As could be expected, the so called BPO fraud reported in SUN (UK) has taken some interesting turns on the second day.... there is a serious prospect of the evidence being tampered with or already having been tampered with..."Sting Journalism" .. is in itself an illegal act and Police have no discretion not to recognize the crime... role of Mr Samir and his background ..need to be probed....

There is a possibility that the entire episode may be a frame up of the Indian BPO industry with the ulterior motive of discrediting the industry...This case is no longer to be treated as a local Police case. It could be a case of Cyber terrorism...suggest that the Government of India should  immediately take up an international investigation through CBI and Interpol...Details

Yahoo Closes Chat Rooms

A Houstan TV report showing pedophiles trying to lure minors in Chat rooms has forced Yahoo to shut down its user-created chat rooms.  Creation of new chat rooms has also been disabled. Yahoo has reported that it is working on increasing the security and reintroducing the rooms. ClickZ news

India Has A Robust Data Protection Law !

The Sun Report in UK on leakage of information about 1000 Credit Card numbers  from an Indian BPO just when news about 40 million credit card details leaked in USA, appears to be  an effort to move away the discussion from the status of Data Security in USA vis a vis India.

Under such circumstances quite often we hear complaints that the absence of a specific Data Protection Act in India is a matter of concern for the BPO service buyers from abroad.

If we properly look at the ITA_2000 it appears that whether by design or otherwise, ITA-2000 does address the major issues which a new law on data protection is expected to do...

Naavi.org makes an open offer to MCIT and Nasscom to share its vision of the BPO for BPOs so that a  security blanket can be drawn for the Indian BPOs that would ensure security for the information that the industry is expected to handle....Details

Avoiding Frauds on Internet through DNS Service

The growing menace of phishing has focussed the need for "Fraud Prevention Solutions at the ICANN level". While the efforts to educate public will continue to be addressed by NGOs like Naavi.org, the Law Enforcement is busy following complaints brought to their attention. In recent days FBI has done some excellent work to document identified phishing sites.

What is still lacking is a proper effort from the DNS management system which can provide a better alternative in this respect...Detailed Article

Engineer Arrested for IPR Theft

An young Engineer in Chennai has reportedly been arrested by the Police for allegedly stealing software belonging to his employer and trying to sell the same to some of the customers abroad. We may recall that a similar IPR theft had been reported by TAFE a few months back and a leading BPO last year. Report in IE

To meet the corporate requirements of Cyber Security in such cases, cylawcom.org has developed an exclusive audit, implementation and certification system that addresses the needs of R&D divisions of IT and Non IT Companies where IPR is created, stored and often lost...Details at www.cylawcom.org

Workshop on ITA-2000 at CII, Chennai

CII  Southern Region conducted a one day workshop on ITA-2000 and debated the provisions of the Act and need for some of the changes that are being contemplated. CII is expected to keep the Ministry of Information Technology informed of the views of the experts so that they may be considered during the proposed review of the act which is currently underway. Several recommendations received by Naavi.org were also placed in the workshop and discussed. Adequacy of the listing of offences, technical neutrality, security standards and due diligence were some of the points deliberated in the process.

A Question Mark on Security in US BPO Industry

In a major security breach, 40 million credit/debit card particulars were reported to have been  compromised in USA indicating a serious lacuna in data security amongst BPOs in USA...Details in Washington Post : Comments by Praveen Dalal

Submit Your Suggestions on ITA-2000 Modifications..Now

CII Southern Region is organizing a workshop on June 21st at Chennai to discuss the proposed review of ITA-2000 and submit their suggestions to the Ministry of Information Technology, GOI. Any of the members of the public who have a view to submit may send it to Naavi immediately to be placed in the workshop for discussions....Naavi

Oracle Faces Public Wrath

In an interesting case which opens a debate on many points of legal propriety, Oracle has been facing the wrath of one section of community in Bangalore for not disciplining one of their employees who is accused of having discredited Bangaloreans and Bangalore Police and incited violence, hatred and community disharmony. Visitors may respond to the questions raised in the article ..Details

SIM a New Opportunity area for Techno Legal Cyber Security Specialists

The increasing complexities of regulations across the world affecting the IT environment has thrown up an urgent need for software solutions to meet Compliance requirements. Security Information Management (SIM) solutions have therefore become a great opportunity area for software and IT security professionals who understand the legalities of security compliance. Simultaneously, it is also being felt that there is an opportunity in the BPO area for compliance services. The CyLawCom process pioneered by Cyber Law College will be one such product which will aim at an integrated Techno Legal Security Management Solution for IT environment. Details at www.cylawcom.org

India to Fight US Dominance on Internet?

The working group on Internet Governance (WGIG) is set to meet in Geneva during June 14-17 to discuss issues concerning Internet Governance and the role of ICANN vis-a-vis the soverign Governments. It is expected that this will discuss a better role for India and other developing countries in Internet Governance and the deliberations will be followed up in the coming Tunisian round of WSIS in November....Report in HT.

A Copy of the Indian views can be found in this response to a questionnaire submitted by India.

CyLawCom is SOX+Basel II+ITA-2000+..

Indian Corporates are increasingly getting worried about SOX compliance and SAS 70 audit etc in view of their US connections. In the process however they are failing to give due attention to the Indian laws such as ITA-2000. Banks in particular have to immediately worry about Basel II compliance for which they need to start parallel runs from next year. One integrated compliance plan that is designed to meet all relevant compliance requirements is the CyLawCom process suggested by Cyber Law College. Presently an attempt is being made to address the specific needs of Co-Operative Banks in Karnataka with a specific programme CyLawCom-Coop Banking. The programme is presently based on manual audits by trained persons but may  be automated in due course. (Contact Naavi for details)

98 % of all Cyber Crimes Covered in Indian Laws.... Nasscom Study

It is reported that a comparative study undertaken by Nasscom has opined that 98 % of all committable Cyber Crimes are adequately addressed by Indian legal system including IPC, ITA 2000,Contract Act and Consumer Protection Act. ..Report in Siliconindia

MCIT has announced that its own "Expert Committee" set up to review ITA-2000 which was originally expected to give its report in February is likely to submit its report in August. Hopefully, Nasscom study will be one of the inputs that the MCIT committee will take into account.

Amidst all these committees, one still wonders what happened to the Cyber Regulations Advisory Committee which is conceived as the advisory group for review of the Act provided in the Act itself. ...Naavi

Legal BPO Attracts Focus

The attractive potential that the legal BPO business holds in India has come to focus as ET carries a lead article on the prospects. It is estimated that the insustry would grow to US $ 2billion by 2010. ..Detailed Article

Security Loopholes Exposed in US Military Sites

An UK hacker is reported to have hacked into a number of US military systems and copied critical information. The fact that such hacking was committed using tools easily available on the net exposed the weak security status of the network...Report in Sify.com

RBI to Introduce Norms for BPOs

In the aftermath of the Mphasis fraud, RBI is set to introduce norms for outsourcing of work by Indian Banks. BPO sector needs to note that this could be the beginning of a new phase of regulations compliance of which will be part of the CyLawCom process. ..Report in ET

ITA-2000 Review in two months

The proposed review of ITA-2000 has been put off by two months due to the delay in the presentation of the report by the review committee.... Business Standard

"India and BPO are made for each other"

Cyber Media group of publications conducted the "BPO Summit 2006" at Chennai on 6th June 2006 which was widely attended by the industry representatives. Several eminent industry stake holders participated in the programme and shared their views over three technical sessions dedicated to the discussion of "Strategies for enhancing  Value to BPO Services" through Quality, Technology and Manpower.

Mr Pradeep Nevatia, MD Lason India set the tone for the discussions with a resounding affirmation that "India and BPO are made for each other". He highlighted that with the availability of  large manpower resources, India can effectively placed to service the Outsourcing requirements of the world. Speakers highlighted the employment potential of the industry expected to reach 5 million by 2008, need to address issues such as "Quality Culture", "Effective Process Management" and " Employee Motivation"...Naavi

Information Asset Insurance in India?

Insurance industries appear to have started thinking on insuring of information assets as this report in BL suggests. The success of the business however depends on the "Risk Identification" and "Valuation of Risk Mitigation Efforts". This is the focus of the CyLawCom programme which Naavi.org has been advocating for some time now. Probably the CyLawCom professionals will be able to assist the insurance industry in Risk measurement for the IT insurance industry.

Technological Courts and Speedy Trial

The constitution of India imposes heavy duty on the judicial system for providing legal mechanism to deal with problem relating to imparting justice. The technological development made by the human being in the field of science can be highly useful in realization of this objective. Geeta Narula, explores the judicial response to the technological developments.  Detailed Article

e-Extortion reported by CC Avenue

CC Avenue, a leading online payment service provider in India has reported a denial of service attack on their server along with a payment of "protection Money" of US $ 1000 per month. Copy of the mail is available here.

Yahoo Sued in a repeat of an Indian Case

In a replay of the Indian Case in which a person was convicted for a 5 year term for posting objectionable material in yahoo message group, a case has been filed by a lady on yahoo.com for not removing the objectionable material on request. The incident is a repeat of the Suhas Katti case which happened in Chennai/Mumbai and highlights the liability of portals. >>Report in HT