COPY OF NEW INFORMATION TECHNOLOGY ACT (ITA 2008)

All Courses from Cyber Law College now based on ITA 2000 Amendments made in the current session of Parliament: Copy of Prospectus

TATAs enter Managed Security Services

Oct 24:It is reported that Tata Communications  (www.tatacommunications.com) has partnered with unified threat management solutions provider Fortinet (www.fortinet.com) to launch virtualized UTM to its customers in India. According to the Company it is the first Company to offer such services. Naavi.org has been suggesting such services for the benefit of SMEs and the development is welcome. ..Report

Virtual Goods are "Goods" that can be stolen

Oct 24: A Dutch court has ruled that Virtual Goods can be recognized as "Goods" and "Theft" can be recognized in case of virtual goods. A pair of teenagers were convicted for the offence of stealing a Virtual mask and a virtual amulet used in a game. The Court used an analogy that "Stealing of Electricity" is recognized as "Theft" of a tangible property and similar principle can be applied to Virtual goods. ... Report

In India, any theft of Virtual goods can also be classified as an offence under Section 66 of ITA 2000. Also remedy can be sought under Section 43 through the adjudication process. We therefore may not require the IPC to be applied to virtual thefts.

IT.biz to open in Bangalore on 6th November 2008

Oct 24: The 11th edition of India's premier Information and Communication Technology (ICT) show, Bangalore IT.biz 2008, would be held at Palace Grounds here from November 6 to 8. Apart from international conferences, the show would also have exhibitions, workshops, roundtables and a conclave CEOs of top notch companies.The conference would discuss topics like, e-governance, rural IT policy, how IT is going to increasingly impact the life of the common man, delivering large-scale change in healthcare through ICT, ICT in education and revolutionizing the classroom, role of IT in the nation's internal security and how IT can make India the global destination for sports. More information available at www.bangaloreit.biz.

Cyber Crime Losses 5 times security investment

Oct 24: In an interesting statistics that has been reported, the loss on account of Cyber Crimes in 2005 was estimated to be around US $ 100 billion and was placed higher than the value of drug trafficking. It is also observed that the information security industry itself is valued around US $ 20 billion indicating that collectively the market is losing 5 times the value of their security investments. This indicates a huge market for Cyber Crime Insurance which eventually has to set the standards of security as well as the rewards for the insured. Since the security investments might have been made by one set of the market players while the losses might have been suffered by another, actuarial analysts need  to find out the incidence of loss in the segment of the market which has invested in information security. This will provide a clue for risk assessment for Cyber Crime insurance players. Detailed article in Khaleej Times

In another related report, a Symantec Study (Report in BS) has indicated that  more than 400 unique phishing attacks on reputed Indian banks in the last six months of 2007. Out of these, some of the attacks involved the use of compromised ‘.gov’ servers to launch phishing attacks on other brands. While the actual losses are not known in view of the slack implementation of Cyber Laws, Banks have been successful in transferring these losses to the customers. The Phishing security industry is also accused of not sharing information with the public quickly resulting in innocent victims losing the money when the information that the site was a phishing site was perhaps available to a privileged few who preferred to remain silent. Losses arising out of such criminal silence is estimated to be around US $ 300 million annually (Report in ZD Net) in the US market and there is a growing demand that Banks should be made liable for such silence.This is also a factor that may make Cyber Crime insurance a necessary cover to be taken by Banks.(Detailed Report)

The prospects of Cyber Crime insurance which Naavi.org has been supporting for long may be nearer to reality than ever before.

Virtual Divorce and Virtual Murder

Oct 24: In an interesting case reported from Japan, a Japanese piano teacher has been arrested on suspicion of killing her "virtual husband" after becoming enraged that he suddenly divorced her in an online game. The 43-year-old woman allegedly hacked into a man's computer and killed off his avatar in the popular interactive game Maple Story, the Associated Press reported.

The woman, who is in custody on suspicion of illegally accessing a computer and manipulating electronic data, allegedly used the man's ID and password to log on and carry out the virtual murder in May, said a police official in the northern city of Sapporo, according to the AP. She had not yet been charged but if convicted could face up to five years in prison or a fine of up to $5000 ($7400). Details at news.com

Indian Cyber Security ..Imports from China

 Oct 24: China which is in the forefront of "Cyber Wars" appears to have opened one more front in its bid to rule the global cyber world. According to the accompanying report from UK, it is found that a large scale fraud is being committed in China where the credit card swiping devices shipped from the factory are found to have been tampered with to insert a malicious code in the Chip for stealing the data from swiped credit cards. At this point of time security specialists are considering this as a "Supply Chain Attack" carried out by an organized crime syndicate without any involvement from the Chinese Government. It has been revealed in the investigations that the fraud has been going on for last 9 months and the stolen data has been reaching China and Pakistan. It is however difficult to rule out the complicity of the Chinese authorities in a sophisticated Cyber battle.

India imports several electronic devices including smart mobile phones from China and RBI has recently allowed Mobile Banking. This is a perfect recipe for a chip based fraud which can cripple the Indian Banking system. It has been earlier reported from some security observers (ref comments in the article in telegraph UK referred to here) that Chinese made mobiles were capable of being switched on remotely to eves-drop on the conversations.

It is therefore necessary to take  a hard look at our foreign trade policy and filter imports of electronic devices from China from the "Information Security Perspective". Detailed Report : Related Article in bloggernews.net

Digital Society Day 2008

October 17: The Digital Society Day 2008 was celebrated in a grand manner in Bangalore by KILPAR and KLE Law College in association with DSFI with a National Seminar on Privacy Rights and Data Protection in Cyber Space. The programme had been organized to commemorate the Digital Society Day of India which falls on October 17th each year.

The programme was inaugurated by the Honourable Minister for Law, GOK,  Sri S Suresh Kumar. There was a day long deliberations on the Personal Data Privacy Bill, Amendments to ITA 2000 regarding Data Protection, Human Rights, Industry and Law enforcement perspectives of Data Protection and Data Privacy and the need to a balanced legislation.

The programme was attended by more than 120 delegates many of them from outside Bangalore. .:Detailed Report : PHOTOS :

Indian Companies better than US counterparts in Information Security

Oct 16: A survey conducted by Price Waterhouse Coopers LLP (PWC) has found that information security practices in India has made significant progress in the last year. In many respects IS in India is considered better than in North America.

According to the study, more organizations than ever are encrypting databases (55 percent), laptops (50 percent), backup tapes (47 percent) and other media. Fifty-nine percent of respondents said they have implemented an "overall information security strategy" which includes: the increased use of intrusion detection software (62 percent compared to 52 percent in 2007); the installment of firewalls to protect individual applications (67 percent compared to 62 percent in 2007); and the disposal of outdated computer hardware (67 percent compared to 58 percent in 2007). The majority of security spending comes from the IT group (57 percent) followed by the security department and other functional areas such as marketing, human resources and legal.

One area where the Asian companies lag behind North America is in respect of Privacy protection. 41 % of the respondents say their company requires employees to be trained in privacy practices. Only 18% had appointed Chief Privacy officers in their organizations.

 Report :  Survey

Electoral Rolls in Delhi Hacked!

Oct 12: It is reported that the Delhi Electoral rolls have been found to have been deliberately tampered with by the officials of an IT Company Webel Technology Limited. This would amount to Section 66 offence under ITA 2000 and the Company and its officials are in serious danger of being hauled up to the Courts and probably to the jails as well. Again this boils down to what "Due Diligence" the Company's top management had taken to ensure against any of its lower rank employees playing mischief. Related Article in TOI

Terrorist Intrusions to IT Companies?

Oct 12: There was a news report yesterday that Satyam Computer has been  banned by World Bank under the charge of having installed a keylogger in one of the facilities handling World Bank data. Satyam has however denied the report.

It cannot be ruled out that in this instance Satyam may be a victim of a terrorist intrusion into its software department and some mole might have introduced the key logger and stolen the information for the benefit of some anti social organizations. It could also be the handiwork of Chinese Cyber Warriors who might have infiltrated into Satyam. The matter should therefore be taken up for further investigation by Indian law enforcement to find out where the stolen data has reached. Related Article   Report on the denial

Perhaps there is a need for Satyam and such other companies to strengthen their internal security measures and "Due Diligence" to  prevent liabilities on the top executives in such cases. ..More

Google Mapping Eyes Gets Sharper

Google Maps had evoked a debate earlier on the loss of "Privacy" and "Compromise of National Interests". In what could be considered as an increase of concern, Google Eyes have grown sharper. According to news report the new Satellite imaging launched by Google is having a resolution of about 18 inches. Though some of the security sensitive installations may be blocked from public view, terrorists who have penetrated Yahoo may succeed in penetrating Google and gain access to such sensitive information under employee privileges. It is therefore necessary for US Government to undertake a special security check on the employees of Google who work on the project and have access to the razor sharp images of sensitive installations both in US as well as in India or elsewhere. Detailed Article

Enterprises Living in a False Sense of Security

According to recent findings on the state of the Internet by Akamai, the trend of distributed denial of service (DDoS) attacks, continues to target exploits that were identified years ago, suggesting there is still a significant population of insufficiently patched systems connected to the Internet. Also, enterprises, with various forms of security solutions may have the perception of full protection, but they are not devoting proper attention to the wireless devices that could lead to crucial information becoming available to outsiders. Experts also believe that India's unsafe security environment could be costing its BPO industry an estimated $500 mn annually. Detailed Report

Cyber Attack on World Bank from China

October 11: According to Fox News report, the World Bank Group's computer network has been raided repeatedly by outsiders for more than a year. This network is one of the largest repositories of sensitive financial information of economies of every nation. Sources inside the bank have confirmed that servers in the institution's highly-restricted treasury unit were deeply penetrated with spy software last April. Invaders also had full access to the rest of the bank's network for nearly a month in June and July.

In total, at least six major intrusion two of them using the same group of IP addresses originating from China have been detected at the World Bank since the summer of 2007, with the most recent breach occurring in September this year. Detailed Report

Privacy Policies on the Websites.. Standardization required

October 10: An interesting study in US has indicated that the average time taken for reading the Privacy policies on websites is around 10 minutes and if US Citizens have to read all the Privacy Policies on the sites they visit, they may have to spend annually more than US $ 650 billion (approximately RS 30,00,000 crores!) This is said to be one reason why people normally ignore the Privacy Policies.  One of the suggestions made is to create a more user friendly standard form of Privacy Policy/ This can also be achieved by a Privacy Forum with a common policy framework and websites becoming members of such forum. There are already such efforts in US and perhaps one such forum is required in India. Digital Society Foundation (DSFI) is planning to develop such a standard policy for its members. The objective is to create one policy for a non e-Commerce website which does not create membership nor collect such information and another for an E_Commerce sites where credit card details and membership details are collected.

Naavi.org came to know recently that some small ISPs are collecting details of websites visited by the user and also his Mac address. While these are not necessarily objectionable, the lack of communication of such important privacy intrusions to the users is a matter of concern. Probably the Personal Data Protection Act which is under consideration by the Parliament will try to address this need. Article in out_law.com

LIPS, Indian answer to USPTO Concerns

Oct 9:Cyber Law College as a part of its CyLawCom initiatives (Initiatives for Cyber Law Compliance of IT operations in India) has developed for the first time in India as well as anywhere in the world an Information Security Standard for the processing of Legal Information. This “Legal Information Privacy Standard” or “LIPS” Standard in its version 1008, incorporates 21 information security principles drawn from the established principles of Privacy Protection and Information Security available in various other information security initiatives.  The principles are drafted with the idea of simultaneously meeting compliance standards in ITA 2000, HIPAA and ISO 27001. The first version of LIPS has been launched today the Vijaya Dashami day of 2008 and will be referred to as LIPS1008. The team from Ujvala Consultants Pvt Ltd will be ready to undertake LIPS1008 audit to interested companies. ..More

Indian LPO Industry to face a Security Challenge

Oct 9: The US PTO has supposedly warned US law firms that they need Government permission before sending confidential information on inventions and patents. This is the protectionist action by the  Anti Outsourcing lobby who are worried by the increasing outflow of information processing. The move is expected to increase the cost of litigation to US citizens. An appropriate solution to meet the concerns would have been to specify information security standards of the HIPAA type to ensure that the confidentiality of information is not affected. Hopefully the "Government Clearance Procedure" will be simple and ensure that genuine business interests would be protected. ..More

Related Article in ET

How Ethical Hacking Course Helped Terrorists

Oct:8: Naavi.org has been time and again warning the society that conducting of "Ethical Hacking Training" is illegal in India. However some organizations are bent on exploiting the commercially attractive proposition of conducting such programmes. The result is that persons such as Mr Peerbhoy working in Yahoo office at Mumbai, the person accused of having sent terrorist mails during the recent Delhi blasts getting trained through these programmes and using the knowledge for an attack against the country.

We need to understand that such programmes should be conducted only under proper supervision, background check of participants and registration of the trained persons with the intelligence agencies. It is necessary for the Police now to examine the profiles of all the persons who have undergone trainings at E2labs as well as Adept Technologies who are known to have been conducting such training programmes for some time and investigate the where abouts of these trained ethical hackers.

While it is agreed that terrorists need not depend only on such organizations, as a part of the intelligence routine, watching the trainees of such institutions is a necessary security drill. Report in expressindia.com : Techgloss.com

Online Investment Frauds and Cyber Crimes

Stock scams are of various types and so many that one may feel vulnerable in this survival-of-the-fittest-environment. However, Here is an article on online frauds.

Related Article

This is a Cyber Terrorist Attack on the Digital Society

Oct: 8: Security Experts have unearthed in a research that a new hacker's tool was used to compromise over 2 lakh web servers out of which malicious codes were successfully planted in over 80000 websites. Victims of the attack include government, Fortune 500, and a weapons manufacturing firm, and  the US Postal Service. This is a typical Cyber Terrorist attack which tries to hit at the root of credibility and popularity of web as an information dissemination, e-Commerce and e-Governance tool. It is necessary for all countries to come together and address a protection plan against such attacks. It is also to be remembered that even though this attack appears to be on the websites, the objective could be and the impact would certainly be on the physical society as well. Detailed Report

---

DIGITAL SOCIETY DAY 2008.. Event in Bangalore on October 17, 2008

As in the previous years, Digital Society Foundation (Trust promoted by Naavi and others) will celebrate October 17, 2008 as the Digital Society Day of India in recognition of the fact that on October 17, 2000, ITA 2000 was given effect to bringing in the legal recognition for electronic documents for the first time in India. The theme for the current year is "Privacy and Data Protection in Cyber Space".

The event will consist of a day long programme to be held at KLE Law College, Rajaji Nagar, Bangalore in association with KILPAR (Karnataka Institute of Legislative and Parliamentary Reforms) and KLE Society's Law College. The seminar will discuss the issues in balancing the demand for Privacy Rights Protection by Human Rights Activists with the Law Enforcement needs in the light of Cyber Terrorism and Cyber Wars. It is intended to collect the views of Legal Experts on the "Essential Features of a Suggested Data Protection Act of India" to be consolidated and presented to Nasscom and Ministry of Communications and Information Technology for further action.

Delegate Fee: Rs 1000/- for professionals. Rs 500 for students. For Registration contact: KLE Law College, Rajaji Nagar, Bangalore. Or Send e-mail to naavi@vsnl.com

(Law Students wishing to present a paper on the occasion may kindly submit the paper before October 10th to naavi, through e-mail and print copy. The best paper presenter may be invited to briefly present his views during the seminar). Detailed Programme

---

UK To Create Internet Surveillance Center

Oct 7: As per reports from UK, the British Government has set aside a budget of US $ 21.3 billion (Rs 90000 crores) to create a data base to monitor and store Internet Browsing, e-mails and telephone calls of every Briton. (Ref: yahoonews).

In India TOI has reported a move by IB to set up a "Research and Technology Center" and to recruit 6000 Cyber Spies. (Report: TOI).

While these news items will make the Privacy Rights supporters uncomfortable, it appears that the time has come to support such moves in the interests of National Security.

New Copyright Law in New Zealand Comes into Force

Oct: 3:  New Zealand is amending its Copyright law with the Copyright (New Technologies) Amendment Act 2008 which becomes effective from October 31. One of the provisions (Sec 92A regarding ISP liabilities) will come into effect later from 28th Feb 2009. The act requires ISPs to terminate accounts used for Copyright infringement and strengthens the liability of Technology providers under Contributory Infringement concept

Details at behive.govt.nz

Information Security Culture in USA better than in India

Oct 1: An interesting survey conducted by CISCO has brought out some interesting  factors which indicate that the security culture in USA is far better than the rest of the World and India is some where near the bottom better only to China.  Some observations were

a) Use of corporate assets for personal e-mail was 39% in US as against 58% in India

b) Only 2% in US tweaked the security settings of the Company as against 20% in India to view their favourite websites not allowed under the Company policy.

These figures indicate the "Information Security Obedience Factor" which can be used as a parameter for measuring the data loss risk. If it is combined with "Information Security Awareness  Index", "Information Security Effort Index", we can arrive at a Net "Information Security Compliance Index" for each company. This should be an interesting industry parameter to watch out. Report in Internet news.com Report in Forbes

Scrabulous Creators get a favourable Court verdict

Oct1: The Indian entrepreneurs Rajat Agarwal and Jayant Agarwal who had started the popular Scrabble game on MySpace under the name "Scrabulous", are reported to have obtained a partially favourable Court decision in the case filed against them for infringement of Trademark rights. While the conduct of the game has been permitted, the name has been ordered to be changed. The case had been filed by the original inventors of the Scrabble game claiming exclusive right for the online version. The case threw up several interesting questions on Copyrighting of Games, the combined rights of Trademark and copyrights etc. There is also an issue of when the game was invented and whether the copyright itself has expired etc. Report in LA Times : Background : Legal Debate1: Legal Debate 2