National Netizen’s Rights Commission Required in India
Punjab Police Steal a March in e-Governance
Jan 07: Punjab police are reported to have started registration of FIR online. This is one reform which Naavi.org has been advocating over a long time as a Citizen Friendly e-Governance service. Karnataka made a beginning with an online complaint filing system but it falls short of the Punjab initiative. We congratulate Punjab police on the move. Report in TOI
Auditing of Documents- Information Technology Act 2000 Amendment
Jan 07: The amended Information Technology Act (ITA 2008) has brought a significant change in the E-Governance related provisions in the Act. In ITA 2000, enablement of e-Governance had been provided through sections 6, 7 and 8. In ITAA 2006, a new section Section 6A had been proposed. Now on the recommendations of the Standing committee, section 7A has also been added.
In some cases of e-Governance, it may not be possible to comply with this provision fully in respect of legacy documents. There would be a need therefore for giving a prospective effect to this provision.
This is an interesting opportunity for the IT industry which needs to come out with necessary solutions. Naavi would be keen to work with an IT Company for the development of this CyLawCom product and invite proposals from interested parties. ...More
Another Call Center Fraud
A fraud has been reported in the HSBC Call center, Vishakapatnam where an employee has obtained the PIN of a customer during conversation and transferred RS 47 lakhs from the customer's account. The person who had resigned from the Bank has since been arrested. The incident is however another blow to the credibility on the BPO industry in India calling for some measures to improve the ethical training of the employees.
Section 66 invoked for unauthorized telephone tapping
Dec 31: According to report in Hindu, Chennai CB CID has filed a charge sheet regarding publication of transcript of telephonic conversation in a news paper. According to the report, a 900 page chargesheet has been filed under Sections 66,70 and 72 of ITA 2000. It may be recalled that the DMK Government had earlier appointed an one-man Commission after a section of the media published the transcript of the tapped conversation between former Chief Secretary L K Tripathy and Mr Upadhyay with regard to a political case registered against former Chief Minister and AIADMK supremo J Jayalalithaa.
Justice P Shanmugham, the one man Commission of inquiry appointed by the Tamil Nadu government to go into the telephone tapping incident, had found former DVAC Chief S K Upadhyay guilty of misconduct and recommended Departmental action against him. It had also recommended that criminal cases be registered against DVAC Special Assistant A Shankar for misconduct and endangering the security and confidentiality of official communications by unauthorisedly accessing the computer and leaking it to the media. The Commission also had recommended similar action against Sub-Inspector S Prabhakaran and Legal Advisor N Vijayarajan for gross negligence and misconduct for allowing the leakage of confidential and official communication to others. Related Article1 Related Article2 Related Article3
Concern for Privacy Rights Vs National Security- The Ground Realities
Dec 30: The first version of the amendments to ITA 2000 culminating in the passing of the Information Technology Amendment act 2008 on Dec 22/23 in the Indian Parliament was the recommendation of the "Expert Committee" (ITAA 2005). Published on August 29, 2005, it created a huge backlash amongst those who were concerned about Cyber Crimes. Naavi was in the forefront of a volatile campaign against the proposals in very strong terms. The toned down version which was introduced as the next version of the proposed amendments was Information Technology Amendment bill 2006 (ITAA 2006). While ITAA 2006 was an improvement over ITAA 2005 and had removed some ridiculous suggestions contained there in, it continued to be heavily slanted in favour of Intermediaries and ignored the needs of the Police and National Security. The timely intervention of the Parliamentary Standing Committee seems to have worked wonders and the slant in the final version (ITA 2008) now passed by the Parliament has swung drastically to the other extreme where sweeping powers have been provided for Interception, Monitoring, Blocking of websites etc. This has naturally raised some criticisms from the Privacy supporters and this article tries to analyse the provisions of ITA 2008 in this regard. ...More: Part I, Part II, Part III
Likely Misuse of ITA 2008 Highlighted
Dec 30: Some observers have highlighted the lack of provisions to prevent misuse of snooping powers retained by Government in the new ITA 2008. An online petition has been raised in the web collecting opinion on the same. One such petition is available. The petition urges the Government to institute an an independent authority to review complaints of unauthorised / illegal interceptions here : Related Article : Related Article 2, Related Article 3
Cyber Security Leadership.. US in the race
Dec 30: Recognizing the benefits of Cyber Security leadership, it is reported that US is putting efforts on gaining a lead in Cyber Security leadership on the global platform. China is presumed to have already built some strengths in this field. India needs to take up the challenge and try to make the right moves to gain some grounds. Naavi has been suggesting that India should set up a Unified Command for Cyber Security at the national level and discussed the various steps to be taken in this direction over the last two years in various fora. What is required now is the political will to take some long term policy decisions so that India does not lose an opportunity for being amongst the top few countries in the Cyber Security domain. Related Article
Pornography Provisions criticized
Dec 29: Some of the changes made in ITA 2000 regarding pornography laws have come in for criticism as it may put browsers of Pornographic sites under the scrutiny of law. The offending section is Section 67(B) (2) which states " Whoever creates text or digital images, collects, seeks, browses, downloads, advertises, promotes, exchanges or distributes material in any electronic form depicting children in obscene or indecent or sexually explicit manner or" is punishable.... Article in Herald, Delhi
Overview of Changes between ITA 2000 and ITA 2008
Dec 28: In order to assist analysts in quickly understanding the changes between ITA 2000 and ITA 2008, Naavi.org has prepared a comparison chart based on the information now available. It will be refined as and when more information is released by the Government of India. ..Naavi
Changes in the Cyber Crime Policing- Information Technology Act 2000 Amendment
Dec 27:National Crime Records Bureau recently released the 2007 statistics of Crimes including Cyber Crimes. Media did discuss the report especially highlighting the growth in Cyber Crimes by 50% as reported. However, experts have always given scant respect to the recorded Cyber Crime statistics since this only reflects the cases registered by the Police. It has no relation to the actual number of Cyber Crimes happening in the Country as well as complaints taken by public to different Police stations where they are refused.
In the light of the observations that Cyber Crimes are on the increase, there was great interest in knowing how the ITA 2000 amendments would address the issue....The amendments have now revealed a whole bundle of surprises which will make Cyber Crime Police in each state jump up from their seats....Details
New Cyber Security Infrastructure unveiled by Information Technology Act 2000 Amendment
Dec 27: The unveiling of the amendments which has transformed ITA 2000, the landmark cyber legislation in India which was first enacted with effect from October 17, 2000, ( the new version of the Act is herein referred to as ITA 2008) has provided a new focus on Information Security in India.
So far, Information Security Experts have been speaking on "Cyber Law Compliance" as a part of "Techno Legal Information Security" and advising Companies to formulate an appropriate plan of action to comply with cyber laws as a part of the IS practice. Now this association of Cyber Law into the Information Security domain has gained additional importance due to some amendments that have been made to ITA 2000.
The amended Act is making a sincere effort to bring in a complete information security infrastructure into the industry... Details
Information Technology Act 2000 Amendment Details unveiled
Dec 25: The much awaited details of the amendments to ITA 2000 passed by Loksabha on 22nd and Rajyasabha on 23rd of this month without any debate, has now come to the public domain. It is time to discuss the implications of the amendments and also the extent to which the Parliamentary standing committee's recommendations have been incorporated in the new Bill. Here is the first set of observations. Details
ITA 2000 Amendment Bill- Open Letter to President of India
Dec 25:The Parliament of India had a dubious record on December 23rd of having passed 8 bills in 17 mintues. All Bills were passed without debate marking it one of the lowest points in the history of legislation in India. ..In the course of this unprecedented incidence, the Information Technology Act 2000 amendment Bill 2006 was also passed. This bill was pending since December 15 2006, was once returned by the Standing Committee for substantial modifications and was re tabled on December 15 2008 with corrections.
In this context, the undersigned considers it necessary to make efforts to correct this irregularity as otherwise this irregular process will get etched in the history of legislation in India as a “Bill Passed without Debate”.
I have therefore sent the following e-mail letter to the President of India which is reproduced here for public information....Details
Shield for Web Infections
Dec 25: Naavi.org has been highlighting the recent raise in virus and trojan infections through infected webpages as observed in Bank of India, Deccan Herald, Deccan Chronicle websites. Now one anti virus company viz F Secure has come up with a first of the kind solution (still in beta version) to prevent these "Zero Day Exploits". F-Secure Exploit Shield is an application that protects users from web-based malicious exploits and stops malware at the first point of infection. All malicious, exploit-hosting URLs it detects are automatically reported back to F-Secure's Real-time Protection Network, which helps our Security Labs discover new exploits on the Internet and react to protect all our existing customers. The present version works only with Windows XP and not with Vista. Free Download is available here. A Review of the product is available here
Imports of Mobile Phones from China to be stopped ?
Dec 24: Naavi.org had been highlighting the national security risks in allowing import of mobile phones from China which were said be not conforming to the International standards of providing unique IMEI numbers. This enabled the sets to be used by criminals including terrorists without the phones being effectively traced. Now it is reported that the Government of India has taken a decision to ban such imports. This is a step in the right direction and needs to be followed up with a strict software audit for all It products that come from China. Related Article
Satyam to Pay for Security Lapses
Dec 24: Satyam Computers has been banned by World Bank for 8 years from undertaking any business for the Bank. This ban may also affect projects of world bank assisted projects. The real reason for this sanction is the earlier report that inadequacies in security in the Satyam BPO was responsible for key logger trojans to be installed by some Chinese attackers resulting in compromise of confidential data. Some reports also suggest that the reason is attributable to some preferential shares being given to one world bank official by Satyam amounting to "bribery". Fox News Report
Life Imprisonment for Cyber Terrorism
Dec 24: Information trickling on the amendments to ITA 2000 passed without a debate in the Parliament on December 23rd indicate that the maximum punishment for Cyber Terrorism has been provided as "life Imprisonment". It may be recalled that similar provision is available in other countries such as Pakistan and Sri Lanka also. Other details are awaited. TOI article
Rajya Sabha Also passes ITA 2000 Amendment Bill without a Debate
Dec 23: It must be one of the special occasions when a Bill which was being hotly debated for over two years was passed in both houses of Parliament without any debate. This is a show of absolute arrogance on the part of the ruling party and also a show of complete ignorance about the importance of the Bill by the opposition parties. What is to be noted is that the copy of the Bill as passed is still not in public domain and the secrecy couple with the hurry indicate some ulterior motives in passing the Bill without debate. Report
Loksabha Passes ITA 2000 Amendment Bill Without Debate
Dec 22: As expected, in the din of the Anti Antulay discussions, Loksabha appears to have passed the ITA 2000 Amendment Bill without any debate. In fact it is possible that none of the MPs even knew that the Bill was passed as the Speaker was shouting "The Ayes have it and the Ayes have it" without any regard to whether it was being heard by any body. Tomorrow, the Rajya Sabha speaker would also shout "The Ayes have it and the Ayes have it" and an amendment which was pending for three years will become a law without any of the legislators understanding what is being passed. It was a mockery of the legislative process. PTI report Related Reports 1. Bloggers News ET
Keeping Our House Safe-Reduce Opportunities to Terrorists
Dec 19: Naavi addressed a seminar at Loyola College, Chennai on the topic "Keeping Our House Safe-Reduce Opportunities to Terrorists" to students and teachers of Loyola College. The seminar was organzied by CSI Student's Chapter and was presided over by Father Dr S Peter S. J., Loyola College correspondent & the secretary.
Sri K Bhaskaran a senior Software Consultant was the chief guest.
Naavi discussed various tools that Cyber Terrorists use today such as phishing, botnets, Wifi Hacking, Steganography, e-Extortion, Phone Spoofing and DNS poisoning. He also suggested the precautions to be taken by public to avoid being used by terrorists.
Cyber Intelligence Jobs Remain Vacant
Dec 16: As per reports from Kolkata, The Intelligence Bureau has stated that over 4000 vacancies are lying vacant in the department and they are finding it difficult to attract people to apply for these jobs due to low salary levels. The lack of manpower is hurting the intelligence work of the department.
Perhaps Mr Chidambaram needs to do some thing to attract talent to the Intelligence Bureau if some of the tasks he has set for himself as the new Home Minister of the Country can materialize. Related Article
BSNL Endangers Indian Cyber Security?
Dec 16: It has been conclusively proved in recent days that in UK a large number of Credit Card swiping machines supplied to merchants from China had a malicious chip inserted which could steal credit card data of customers and send it to fraudsters in China. China is also in the forefront of Cyber Wars and is known to be attacking Indian Cyber Space from time to time. There has been reports about China trying to infiltrate IT companies in Bangalore and a spurt of Chinese students studying in Mysore University has raised suspicion about the possibility of industrial espionage attempts. After the Satyam Computers-World Bank dispute in which Chinese hackers were accused to have implanted trojans to steal World bank data, it has become necessary to be extremely cautions about Chinese products and people working in IT space.
In this context it is alarming to know that BSNL has concluded a contract for US $ 40 million for purchase of Huawei broadband routers to be used by home users. Are these routers capable of being manipulated by China when need be? Can a mass of routers be disabled by sending some remote instructions through Internet? Can the routers be programmed to divert select data such as passwords to a different destination? are some of the questions that make security experts are worried about.
BSNL needs to clarify public if it has structured these security risks in its business deal and if not will it now undertake an effective audit of the embedded chip in the routers and confirm to the public that there lies no security risks in using these Chinese products. The same care should be excercised in import of any Chinese IT products including IBM laptops which may be supplied with Chinese made chips. Related Article Related Article 2
ITA 2000 Amendment Bill Introduced in the Parliament?
Dec 15: Judging by the press release from PIB titled "IT Act to be amended to prevent obscenity ", it appears that the much awaited ITA 2000 Amendment Bill 2006 has been presented in the Parliament. The copy is however not yet available to us. If available, we can try to analyze the proposals. If any of the readers has a copy, I request them to send the same to me through e-mail naavi@vsnl.com : Article in CIOL
Chinese Invasion of Bangalore !
Dec 15: Uncomfortable questions are being raised about the sudden spurt of Chinese students in the Bangalore-Mysore Corridor. Security specialists are speculating that this could be part of a larger plan o China to infiltrate the IT industry. This also tallies with the observations made by Naavi.org when the controversy regarding Satyam's contract with the World bank surfaced. Article in DNA
What is required now is to observe how the Karnataka Government reacts to this report. This is typically an intelligence input that reflects on the safety of Cyber Space of Karnataka.
PIL Filed on Security Requirements
Dec 14: A PIL has been filed in Mumbai asking the Government of India to implement a 12 point security plan. The PIL has some interesting suggestions including mandatory surveillance by Government of e-mails, Cyber Cafe activities etc. A copy of the PIL is available here. Comments are welcome.
Anti Virus Software Compromised?
Dec 12: Security specialists have reported that attackers are exploiting some anti virus software and using them as doorways to enter the system. According to Greencloudsecurity.com, the affected software include many popular commercial and open source antivirus software such as AVG, F-Secure, Sophos,ClamAV, BitDefender and Avast. When an email with the malicious code is scanned, the system may either crash or execute an arbitrary code resulting in a complete securiety bypass and remote system compromise.
Dec 11: The long wait seems to be over. Ever since baazee.com issue surfaced in end 2004 and an expert committee was formed to suggest amendments (superceding Cyber Regulations Advisory Committee ) ITA 2000 is waiting for amendments. This fortnight it is expected that the ITA 2000 Amendment Bill may get passed in the Parliament. Here are some thoughts on the proposed amendments based on the draft which was earlier in the public domain of what the amendments should avoid. This is presented here so that our MPs will take necessary steps to raise appropriate objections if the amendments are proposed against the interests of community... Details
Why US PATRIOT Act is required in India?..2 (Inter State Cyber Crime Police Cooperation)
Dec 09: Section 105 of the USPATRIOT Act addresses the issue of building collaboration between different Cyber Crime investigation agencies.
It states "The Director of the United States Secret Service shall take appropriate actions to develop a national network of electronic crime task forces, based on the New York Electronic Crimes Task Force model, throughout the United States, for the purpose of preventing, detecting, and investigating various forms of electronic crimes, including potential terrorist attacks against critical infrastructure and financial payment systems."
This sort of creating a federal structure for Cyber Crime prevention in India by networking different Cyber Crime Police cells in India is an important requirement we need to address. After the Mumbai events, this aspect is being talked about. At the same time the Police reforms are also under consideration.
Even before the formal setting up of a federal anti terror police set up comes up, there is a need for an informal collaboration of the Cyber Crime cells in different States.. More
Why US PATRIOT Act is required in India?
Dec 09: The Indian National Cyber Security Forum (INCSF) in its first formal meeting on 6th December 2008 at Bangalore advocated that what India now needs as a counter cyber terrorism response in terms of legal structure reform is an Indian PATRIOT act and a mere addition of a "Cyber Terrorism" clause in ITA 2000 amendments is not sufficient. I would like to elaborate on the reasons why this suggestion is being made by INCSF.... More
Ethical Hackers Demand Counter Terrorism Steps
Dec 7: The "Club Hack", a meeting of ethical hackers in Pune has demanded that the Government needs to adopt Counter Terrorism steps. The discussions are reported to have favoured filing of a PIL in this regard. Report in Indian Express
Is this "Cyber Terrorism" ?
Dec 7: The hoax call made on behalf of the Indian External Affairs Minister, Mr Pranab Kumar Mukherjee to the Pakistan President Mr Zardari on 28th November 2008, putting the two countries on the brink of an unintended war is a typical example of what can be done by manipulation of electronic devices. India is now amending the ITA 2000 to introduce a section on punishment of "Cyber Terrorism". The test of good legislation would be to treat this sort of a call as a "Cyber Terrorist Act" and make it eligible for at least life imprisonment. Had it succeeded, it would have caused an official war between the two countries. This offence would then have been outside the definition of a "Terror attack". If the definition of "Cyber Terrorism" is linked to "Causing Violence and death through explosion.. etc" as is expected, the hoax call may legally not amount to Cyber Terrorism. Naavi.org therefore urges the GOI to define "Cyber Terrorism" in such a manner that it not only includes the traditional terror attacks resulting in explosion, destruction, death in physical space, but also attempting to cause similar effect through the use of electronic devices besides including damage to virtual assets as part of the offence. Related Article
National Cyber Security Forum urges for an "Indian PATRIOT act"
Dec 6: The Round Table on "Cyber Terrorism" held at Bangalore has urged a separate law for tackling "Cyber Terrorism" on the lines of the US PATRIOT Act. The group of Legal and Information Security professionals who discussed the implications of "Cyber Terrorism" in India felt that the Government of India should not feel complacent after adding one new clause on "Cyber Terrorism" in ITA 2000 when it is amended and highlighted the need for a comprehensive legislation that covers, a proper definition of "Cyber Terrorism", "Provides for empowering law enforcement to tackle the operational challenges in investigation and prosecution", "Provides for intelligence gathering in which Private sector collaborates with the Law Enforcement", "Provides for appropriate technology for security and intelligence", "Provides for participation of the Netizens in the security process" etc. The group also felt that the private tech savvy individuals who often launch counter attacks on foreign servers as an "Ethical Hacker's Response to Terrorism" needs to be brought under the umbrella of a regulation so that they donot end up on the wrong side of law. In order to follow up on the requirements for Netizen's response to Cyber Terrorism, the group agreed to form into a "National Cyber Security Forum" and undertake an action plan to ensure that the Government does not slip back into a slumber after the heat of the Mumbai attack wears off. A Detailed report will be put up on this site shortly. Report in Deccan Chronicle : Brief Report on the proceedings : Naavi's Comments1
IT Act Amendments and Cyber Terrorism
Dec 4: The amendments proposed to IT Act 2000 in the form of IT Act amendment Bill 2006 (ITAA 2006) have been under consideration since mid 2005. The undersigned has been following the developments closely and the developments have been well captured as the history of development of Cyber Laws in India at Naavi.org
In the aftermath of the Mumbai terror attack, there is now a renewed interest on legislation in India which is aimed at defending the nation against all forms of terrorism. Under this blinding glare of terrorist attacks, it is being stated that the ITAA 2006 is likely to be passed (refer reports emerging from the Internet Governance Forum at Hyderabad).
I urge the MCIT to put the draft for public view so that there will be some element of consensus on its effectiveness. I also urge the MPS to ensure that the draft is made public before it is finally passed......... More
Techgloss announces award for revealing identity of Savithabhabhi.com owners
Dec 1: In an interesting development, a web journal viz techgloss.com has announced a reward of RS 7000/- to anybody who would provide information as to the identity of this infamous website. . More info
![[Valid RSS]](http://www.naavi.org/image/valid-rss.png "Validate my RSS feed"){kind=small}