Indian Information Security Framework-IISF 309
Recent Articles on ITA Amendment Act : Copy of ITA 2008 : Comparison: TA 2000 Vs ITA 2008
Impact of ITA 2008 on IS professionals
April 18: Consequent to the passage of the Information Technology Amendment Act 2008, significant changes have occurred in the "Regulatory Compliance" requirements in India applicable to IT users. This has also a serious impact on the IS professionals increasing their responsibilities. Naavi elaborated on the impact of the amendments to ITA 2000 to a group of ISACA members in Bangalore. Gist of Naavi's Presentation
CrPc Amendments to be modified
April 20: The recently proposed amendments to CrPc curbing the powers of arrest for offences upto 7 years appears to have been stalled. This means that the present provisions where the Police have powers to arrest for offences which are cognizable will continue. The Government has decided to let the new Government assuming office after the current elections to take a view on the same. This decision refers to CrPc amendment Act 2008 and not to ITA amendment act 2008 Article in TOI
Conficker Virus on Credit Card Scam
April 14: According to security observers, Conficker virus which is supposed to have infected millions of computers world wide has started its activity with an attempted credit card scam where spam messages offering an anti virus software called "Spyware Protect" for US $ 49.95 is being offered. Public are advised to avoid responding to such spam mails. Related article
You Tube Blocks uploads from Korean Server
April 14: In response to a South Korean law that requires the users of websites with an excess of 100,000 unique visitors per day to indicate their real names when files are uploaded, You Tube has stopped activities of uploading from its Korean server. But while the move obeys the letter of the law to prevent defamation through the Internet, it skirts around the spirit of it by allowing users based in South Korea to continue uploading and commenting on You Tube by switching their preference setting to a country other than Korea.
The new law was brought rushed into force after the suicide of a popular actress Choi Jin Sil after a series of online rumors had her pressuring a fellow actor to repay a loan she had made to him causing the suicide of the actor. Some time back the case of the "dog poop girl." had made headlines in Korea. In this case, after the girl's dog defecated on the Seoul subway and she failed to clean it up, a fellow traveller posted a picture of her online with an account of the incident. The story spread fast and within days a campaign had identified her, where she lived, and the university she attended. In the end, she reportedly dropped out of school and fled her home because of the controversy.
Many major Korean portals and Web sites require users to provide their national ID card number when registering accounts but Google, does not ask for this information so the law would have also required it to build a new verification system. Related Article
Tampered Chips are a National Security Risk
April 14: More evidence is being unearthed on the possibility of Chips used in Computers being manipulated to gain remote entry into the computer. These chips enable disablement of critical IT infrastructure by an outsider and is part of the "Cyber Warfare". Any "National Cyber Security" strategy therefore needs to take into account a strategy to counter such threats.
It may be observed that the BJP 's IT Vision document has documented the need to "Develop Computer Hardware industry in India" and "Setting up of a National Digital Security Agency" which could take steps in the direction of protecting the nation against doctored chips.
This is an excellent idea which deserves to be taken note off and appreciated by the people. It would be prudent if this policy is adopted by UPA or any other party which may come into power after the elections.
US is undertaking large scale research in "Non Destructive Testing of Chips" to ensure that Chips are safe from backdoors. India also needs to act in this direction. Related Article in spectrum.ieee.org : PDF Copy
This TOI report does not seem to have a basis
April 9: Today's Times of India carries a front page report titled "E Mail Providers will need to have servers in India" credited to one Mr Vinay Madhav. The report suggests that ITA 2008 has mandated that all free e-mail service providers such as Gmail or yahoo mail are supposed to shift the e-mail address to .in domain and this will require comnsumers to change their e-mail identity. To the best of my belief, the amendments donot suggest this and the report therefore appears to be creating a wrong perception in the market and creating a scare about the amendments. The amendment only suggests that the "Intermediaries" need to "retain data for specified periods" and "provide traffic data" to the authorities as may be prescribed. Failure to comply with such requirements would be considered as a punishable offence.
Presently, e-mail providers are indirectly helping criminals to escape identification by allowing them to hide behind proxy addresses. This may not be permitted now under ITA 2008.
I have recently come across a local ISP (BSNL) which appears to have lost the access information and is refusing to provide the IP address particulars despite an RTI application. Such negligent acts which were punishable now also with proper interpretation of the provisions will now become more clearly punishable under ITA 2008.
In the past TOI platform has been used to discredit proposed amendments which were against the interests of "Intermediaries". There is an indication that the game could have started once again... More
Data Retention Law for ISPs in UK
April 8: Public Sector Telephone and Internet Companies in UK will now be required to retain certain information of users for a period of one year. The information to be retained includes traffic data, cell data in respect of mobile communications, Call details, IP address etc. In case of VOIP calls also the data necessary for identifying the origin of the message also need to be retained. The regulations will be effective from 6th April 2009 and have come at a good time when Indian authorities are also looking for notifying similar regulations under Section 67C of ITA 2008
Related Article in ZDNET : EC Directive : Schedule
Why Netizen's Protection Agency is Critical for India
April 7: The proposed Cyber Security Act 2009 in USA envisages emergency powers for the President of USA to shut down Internet. It also proposes to vest several powers with the National Institute of Standards and Technology to set standards for Cyber Security. While this is only a proposed law in US, India has already passed similar laws through the amendments made in ITA 2000. As per the amended ITA 2008, the Director General of Computer Emergency Team will have "Emergency" powers for handling Cyber Security incidents. This could mean that the CERT can exercise powers similar to what the President of USA will have under the Cyber Security Act, namely to declare Cyber Emergency. Powers to block websites, call for information, intercept, monitor etc is also being envisaged under ITA 2008. It is not clear if CERT itself will be entrusted with such responsibilities also in which case the CERT will become as much powerful as the US president under Cyber Emergency situations. In order to maintain balance of power, it is recommended that the powers under sections 69,69A and 69B are entrusted to another agency preferably a "Netizen's Rights Protection Agency" so that the use of the powers can be moderated. Related Article in Bloggers News
Digital Security Agency.. Catches attention
April 7: Though it is several days after the announcement of the IT Vision by BJP where formation of a "Digital Security Agency" for India with an objective of counter cyber terrorist actions was suggested not many analysts recognized the importance of the announcement. But gradually the potential impact of the suggestion is sinking in in the community. One of the thoughts that have been floated now by one analyst is whether such an agency should only be a covert unit and not be part of an official policy. While the concern is valid, it must be stated that every sovereign Government has the right to respond to an attack from outside. Just as USA bombed Afghanistan after the 26/11 attack, India has the right of hot pursuit in case it is attacked from outside. A Cyber Counter attack is also not necessarily a "hot pursuit" into foreign territory. It is a remote attack from our own territory as much as the attack itself is from the enemy's own territory. In one of the recent US Supreme Court judgments, it was held that the US Government even had the right to kidnal a person from a foreign soil without the local Government's knowledge if it is necessary to apprehend a criminal. Hence there should be no doubts about the rights of a Country to set up a Cyber Defense Force which may counter attack a server outside India to silence its activities that are inimical to India. Digital Security Agency is therefore perfectly legal. Of course it is not expected that the agency would attack another country on its own without a "War" being declared. Related Article
April 6: The Cyber Security bill introduced in USA has expectedly raised strong reactions perhaps more against the provisions. But many of the provisions suggested are surprisingly similar to what Naavi.org has been discussing for some time as "Desirable" in the context of increased Cyber threats. India has also passed amendments to ITA 2000 with several provisions directly related to creating an improved security infrastructure in Cyber Space. Further the main opposition party viz BJP has made Cyber Security a part of its political agenda ahead of a major election. In the light of these developments, it is interesting to analyse briefly the salient provisions of the Bill. This article attempts to identify the salient features of the Bill... More
Mumbai to have a Cyber Crime Police Station
April 5: A 61 staff Cyber Crime Police Station is to be inaugurated shortly at Mumbai. When opened, it would be the largest Cyber Crime Police Station in India. Bangalore was the first to have a Cyber Crime Police Station way back in 2000 but may now lose its pride of place to Mumbai. Article in TOI
Will Digital Security Agency be a reality?
April 4: For the first time in India, there is now a talk of a "Digital Security Agency" of India to deal with Cyber Warfare, Cyber Counter Terrorism and Cyber Security of National Digital Assets. For too long India has been talking of being an e-Super Power without addressing the issue of Digital Security. But now there is a hope. The hope has come in the form of an election manifesto from one of the major political parties of India namely the BJP. (Copy of the manifesto). While the Indian media headlines issues such as the Ram Temple, none of the reporters seem to have the capability of understanding the possible impact of the Digital Security Agency to the IT industry in general and the economic situation in a recession hit industry in particular. I urge the media to highlight these aspects. more
US proposes Cyber Security Act
April 3: A new Bill by name "Cyber Security Act of 2009" has been introduced in the Senate proposes to provide substantial powers to the American President and allows allows the president to shut down private Internet networks. The legislation also calls for the government to have the authority to demand security data from private networks without regard to any provision of law, regulation, rule or policy restricting such access. According to the Bill, the president would have broad authority to designate various private networks as a "critical infrastructure system or network" and, with no other review, "may declare a cyber-security emergency and order the limitation or shutdown of Internet traffic to and from" the designated the private-sector system or network. More on Cyber Security Act : More : Copy of Bill
The Bill seems to surprisingly incorporate many suggestions which Naavi.org has been advocating for India.
A few People in India who are carrying out a campaign against the ITA 2008 need to take note of these developments and understand the trend that the global cyber regulation is taking before criticizing the provisions in ITA 2008. Article in eweek.com
Chinese Mobiles to go out of India
April 3: Due to security concerns, the GOI has taken steps to ban Chinese mobiles which come with IMEI numbers which are not not following global standards. Buyers looking for cheap mobiles need to be vary about such handsets. TOI article
A new IS Security Agency on the anvil?
April 2: A report in mydigitalf.com suggests that a DIT official recently has indicated that a TRAI type regulator would be set up for Information Security by the Ministry. It is not clear if the reference is to the new responsibilities entrusted to the office of "Computer Emergency Response Team" under ITA 2008 or to some other agency contemplated. Since the election code is now in place, we may have to wait for the new Government at the Center to come into existence before such a move is publicised. It is interesting to note that BJP, one of the aspirants for power at the Center has also announced through their IT Vision policy, the setting up of a National Cyber Security Agency. reference article
Tata Indicom over charging on Service Tax
April 2: Recently, GOI reduced the Service Tax by 2% from 12% to 10%. With the surcharge component, the tax now gets reduced from 12.36% to 10.30%. However, Tata Indicom the premier Internet Service Provider in the country which took over the erstwhile VSNL has continued to charge a service tax of 12.36% for its ISP renewal services. See tariff chart as of April 2, 2009. It is not clear if the company is also remitting the higher tax to the Government or appropriating it itself. It needs to clarify. The Company also has a strange policy where by if a customer renews the package before the account is due, the renewal is effected from the new date of renewal and not the earlier date of renewal. This means that customers who renew in advance would lose since they lose the overlapping time. Hope Tata Indicom corrects this system also.
GOI takes Steps to face Cyber Terrorism
April 2: The GOI is reportedly initiating steps to introduce information security measures in the Government sector by instructing every department to set up 24X7 information security monitoring teams. The security guidelines sent by the Ministry of IT is also said to have suggested a background check for information security officials.
The guidelines seems to have also indirectly identified the Critical Information Infrastructure referred to under Section 70 of ITA 2008. The identified domains are
The Armed Forces, defense production and research, power, Oil and gas, stock exchanges, depositories, banks and financial institutions, space research installations, Internet services, Telecom and data centers, broadcasting services, railways, civil aviation, shipping and surface transport, public utilities and law enforcement agencies. Significantly, installations with both public and private sector have been marked as vulnerable. This may be taken as an indication of a notification to be issued under ITA 2008 in this regard. Refer article in IE
|
PR Syndicate honours 'Cyber Law Guru of India', Na.Vijayashankar PR Syndicate, (an organization of Corporate PR Professionals in Chennai,) celebrated its First Anniversary on 20th January 2007 at Russian Cultural Centre. On the occasion, "Award of Excellence in Public Life" was presented to 'Cyber Law Guru of India' Na.Vijayashankar...More |
|
Naavi's latest book "Cyber Laws Demystified" was soft launched at the Nimhans Convention Center during the Indian Police Congress. The book is a comprehensive coverage on Cyber Laws both ITA-2000 as well as IPR and other issues. Structured into 24 chapters it also covers the proposed amendments to ITA-2000 in detail as an appendix. A copy of the Information Technology Act 2000 is also appended to the book. The book also has several individual chapters on the legal issues of Cyber Banking, Cyber Advertising, Cyber Taxation and Cyber Terrorism. The book is priced at Rs 750/-. For Enquiries and Bulk orders click here. : |
What is Naavi.org?
Naavi.org is India's premier portal on Cyber Law. It is not only an information portal containing information on several aspects concerning Information Technology Law in India but also represents the focal point of several services around Cyber Law carried on by Naavi.
The first such service is the Cyber Law College a virtual Cyber Law education center in India which provides various courses on Cyber Law.
The second key service is the Cyber Evidence Archival center which provides a key service to help administration of justice in Cyber Crime cases.
The third key service is the domain name look-alikes dispute resolution service which provides a unique solution for websites with similar looking domain names to co exist.
The fourth key service is the online mediation and arbitration service another unique global service.
The fifth key service is the CyLawCom service which represents the Cyber Law Compliance related education, audit and implementation assistance service.
Additionally, Naavi.org is in the process of development of four sub organizations namely the Digital Society Foundation, Naavi.net, International Cyber Law Research Center and Cyber Crime Complaints and Resolution Assistance Center. Digital Society Foundation is a Trust formed with the objective of representing the voice of Netizens in various fora and work like an NGO to protect their interests. Naavi.net is meant to develop a collaborative distributed network of LPO consultants. International Cyber Law Research Center would support research in Cyber Laws and Cyber Crime Complaints and Resolution Assistance Center would try to provide some support to victims of Cyber Crimes.
Together, Naavi.org represents a "Cyber Law Vision" that goes beyond being a mere portal. Started in 1997, when the concept of Cyber Law was new across the globe, consistent efforts over the last decade has brought Naavi.org to the beginning of "Phase 2" in which the services are ready to reach out to a larger section. This is recognized as the phase of collaborations and growth by association. Naavi.org will therefore be entering into a series of associations to develop each dimension of its vision with an appropriate partner. Individuals, Organizations and Commercial houses which have synergistic relationship with the activities of Naavi.org are welcome to join hands in commercial and non commercial projects of Naavi.org.
Naavi
If you would like to know more about Naavi, the information is available here.
For Any Payments to be made to Naavi online : Naavi_s Payment Center
![[Valid RSS]](http://www.naavi.org/image/valid-rss.png "Validate my RSS feed"){kind=small}