Recent Articles on ITA Amendment Act :   Copy of ITA 2008 : Comparison: ITA 2000 Vs ITA 2008  : Indian Information Security Framework-IISF 309

...For a Copy of the E Book on Digital Signatures, Click here

---

The National ID Card Challenge for Nandan Nilekani..

June 27: It was a pleasant surprise to know that the Government of India thought it fit to pick a professional like Mr Nandan Nilekani and appoint him for one of the important projects such as the National ID Card  (NIDC) Project. Our good wishes to Mr Nandan for a successful stint in this new role.

While Mr Nandan as an experienced IT professional can be expected to lead the project team to the most optimal solutions,  we will be failing in our duty if we donot bring to the discussion board some of the suggestions which had been placed before the Government earlier even if they had not been considered for implementation earlier. It is our desire that the new project team under Mr Nandan should again evaluate these suggestions and reject it if not found suitable. I am therefore reproducing the salient parts of these suggestions... More Part I . Part II

The War on Savitabhabhi.com needs to be continued

June 27: Naavi.org took up the issue of banning savitabhabhi.com  May 2008 first with an e-mail complaint to CERT-In followed by a similar complaint with DGP, Karnataka...The war on savitabhabhi needs to continue... Details : Also see : Supreme Court View on Obscenity (PDF Link) : Psychologists agree with Naavi's view : Differing legal views : Impersonating Amitab Bachchan

Update: July 11: P.S: The owner of the subject site has been identified by timesonline.co.uk as one Mr Puneet Agarwal, 38 year old, British Citizen of Indian origin. article : article in allotechie.com

Update July 11: You tube content attracts attention

IT Security Spending to Grow despite Recession

June 25: According to a recent CompTIA study, spending on information security processes, training and especially technologies is expected to increase approximately 20% to 25% globally, with India and China outpacing the U.S. and the U.K. The upswing comes at a time when IT budgets overall are expected by market watchers such as Gartner Inc. to decline worldwide in 2009. Related Article

HDFC Bank To Improve Online Banking Security

June 25: HDFC Bank is reportedly introducing new security measures where the customers would be able to see their photograph when they log into their account. This is expected to enable them distinguish between the genuine bank site and a phishing site. It may be recalled that recently a case was filed against ICICI Bank in Chennai making the Bank liable for a Phishing transaction. Since then Banks are getting better prepared to meet the security challenges. However it must be remembered that the HDFC Bank proposal only alerts the customer after he logs into the Bank account. If he has wrongly logged into a Phishing account, it is only after the transfer of the log in information that he may find out that he may not be in a genuine website. This may be too late. Hence it is necessary for the Banks to adopt other means such as multi factor authentication and more importantly use of digital signatures for high value transactions. Related Article

RIAA Terrorises Netizens

June 23: The Minnesota verdict against Jammie Thomas Rasset ordering the lady to pay US $ 1.92 million for having downloaded 24 songs from Kazaa network is a gross abuse of law. What is condemnable in this verdict is the extent of punishment which has no relation to the alleged impact of the legal violation. The Court in this case appears to have been swayed by RIAA and its commercial interests rather than justice. There is an urgent need for the reversal of the verdict which may happen during the further proceedings on appeal. It is however also the time to think how RIAA's aggression in terrorizing the ordinary netizens  for music downloads can be checked.

While RIAA may retain its aggressiveness against the service providers, it should not be allowed to go about enriching itself from the end users of technology by claiming unreasonable compensation. It is a common element of justice that a punishment has to be commensurate with the offence and in cases such as music downloads without license. The IPR offence of this nature cannot be equated with a crime such as say a "Murder" where deterrence is important since the victim can never be compensated for the loss caused to him by an offence. However an IPR offence is an economic offence where the exact loss can be identified and the compensation should therefore be not  higher than two to three times the actual wrongful gain that the accused has made. 

According to EFF, Supreme Court of USA has suggested that  a jury may not award statutory damages for the express or implicit purpose of deterring other infringers who are not parties in the case before the court.

Related Articles:  Retrial Required: :  Insane Verdict : Not to be a Precendent  Too far : Constitutionality

US $ 80000 per Song Downloaded??

June 21: It is reported that a Court in Minnesota has awarded a compensation to RIAA to be paid by  Jammie Thomas-Rasset, a 32 year old mother of four who downloaded 24 songs in violation of music copyrights. The total compensation is US $ 1.92 million (Rs 8.64 crores). Besides downloading 24 songs from kazaa file sharing network, the person was also accused of uploading 1700 songs to Kazaa according to reports y BBC. It is said that this is the first such case to go for trial and there are more than 35000 similar cases settled out of court from smaller amounts. The lady has plans to appeal against the verdict and also stated that she is in no position to meet the kind of liability imposed on her. Many consider the verdict as "Ridiculous" and "An aberration". The severity of the punishment unrelated to the perceived wrongful loss suffered by RIAA or wrongful gain made by the accused   has surprised many.  The verdict is likely to force a number of out of court settlements with this new bench mark of compensation threat and bring a huge financial bonanza to RIAA.

There are many in India who consider Indian laws as "Draconian" since it makes a person viewing a pornographic site (with child pornography content) or which enables the Secretary of MCIT order blocking of websites. After this verdict, it is necessary for them to reconsider their views if it is the Indian laws that are draconian or the US laws. Perhaps the draconian nature of Indian laws are in the context of protecting our culture or security but the draconian nature of the US laws is to protect the commercial interests of business entities. Related Article : Also Read:  Online Copyright Protection in US (OCILLA)

Mobile Phones Without IMEI numbers to be blocked

June 20: As expected, the Mobile Service providers in India have been asked to block mobiles which donot conform to the IMEI number standards, from the first of July. Many of the Chinese mobiles available cheaply may get blocked on account of this measure. Related Article in Computer World

Security Issues in Cloud Computing

June19: Google recently found a flaw in its Google Docs software-as-a-service application that inadvertently caused it to share user files. Also, an employee for SaaS provider Salesforce.com was duped by a phishing attack and leaked a customer list. These incidents indicate the security risks associated with the emerging enterprise computing environment namely "Cloud Computing". The National Institute of Standards and Technology is due to release formal guidance on cloud computing adoption this summer, with a chapter devoted to security. Experts however feel that these are teething problems in the development of Cloud Computing as a technology. These issues are the focus of discussion in the seminar proposed to be conducted at Bangalore by Total ESP, in the month of August.

A Fraud in the name of Security !

June 17: In an interesting Nigerian Mail fraud, the fraudster has used the reference of an International Conference by  Association of Certified Examiners and issued a fax stating that the association has decided to compensate 50 Nigerian Mail scam victims. The audacity of the scamsters to use the fraud examiner's name  and the use of fax instead of e-mail needs to be taken note of. Copy of Fax

Distributed Security Approach for Cyber Crimes

June 17: Researchers in US have suggested a new "Distributed Security Approach" is required to control Cyber crimes. According to them, the new paradigm cannot rely on sanctions, but instead, it must  shift the focus of law enforcement from reaction and punishment to deterrence and prevention and to do so requires something akin to community policing but in the virtual world. They argued that a new generation of cybercrime prevention laws would require citizens, organizations, and companies to identify and obtain the tools necessary to prevent cybercrime, to install these tools and keep them updated, and to use them in an effective manner to prevent identity theft, anonymous email relaying, and the expansion of zombie networks of infected computers. Related Article

Obama's Cyber Security Policy

June 16: US President Obama has directed a 60 day comprehensive review of the US Policies and Structures for Cyber Security which includes strategy, Policy and standards. The actions of Mr Obama indicate that he would like US to occupy the position of leadership in the Information Security industry. We in India should realize that if there is any slot open in the Globe for "Leadership" by say in the next 10 years, it is in the area of "Information Security" and we need to do everything within our powers today to ensure that India does make significant strides towards the leadership position in Information Security. May be we will never catch up with US but atleast we will be in the Group of Three in Cyber Security (Shall we call this E-G3 Countries) consisting of US, India and UK. China and Israel would ofcourse strive to be in the top as well. It is in this context that Naavi.org advocates that Bangalore should take steps to be recognized first as the Information Security Capital of India. The BISAM (Bengaluru Information Security Awareness Movement) is an initiative to make Bengaluru as the one city in India where every IT worker is specifically put through an "Information Security Awareness Training Programme". We wish that all stake holders join in this endeavour to make Bengaluru the Information Security Capital.

UK To follow US in creating a Cyber Command

June 14: Over the last two years, Naavi.org has been discussing the need for a National Cyber Security Force in India. US has been makign a good progress in this direction and it is now reported that the  British government is also taking steps to create  a cybersecurity organization similar to the one proposed by President Obama.  We hope that similar initiatives are also started in India and urge the Karnataka Government to take the lead in setting up a Cyber Security Command Center for the State which could be a role model for other States. Related Article

Course on Security Informatics Required

June 13: As a part of establishing Bengaluru as the Information Security Capital, there is a need for an initiative from an Engineering Institution in Bengaluru  to start a programme on "Security Informatics". The programme should bring together students of disciplines such as Computer Science, Electronics, Telecommunications, Medical Electronics and Information Science to study the "Information Security" as an additional subject. This can be introduced initially as an "Elective" and in due course converted into a separate branch. The programme could cover Cyber Forensics as well as Cyber Laws and Data Protection legislation as part of the curriculum. The technical aspctes may include Firewalls, Intrusion Detection Systems, Wireless Security, Chip Security, Application hardening, Security Architecture in software designing etc.

Naavi.org/Cyber Law College suggests IIIT-B, RVCE, PESIT, BMSCE or other leading institutions in Bengaluru to take up this challenge of creating a course on "Security Informatics" and would be happy to join hands in the programme.

Related Article: Master's Programme on Security Informatics : Need for Cyber Security Education

Bengaluru Information Security Awareness Movement (BISAM)

As a follow up of the suggestions made in the recent industry meet, Naavi.org is taking up a project for extensive Techno Legal Information Security Awareness drive in the City of Bangalore to move towards re-branding of Bangalore as an "Information Security Capital". This would also be an extension of the "Cyber Law Awareness Movement" which has been successfully implemented by Cyber Law College in Karnataka with Cyber Law Courses in different cities in the State.

A request has also been submitted to the State Government to undertake projects in the domain of Cyber Crimes, Information Security etc.  independently and in participation with the activities of Naavi.org.

The project to be identified as Bengaluru Information Security Awareness Movement (BISAM) will aim at creating a City with near saturated Information Security Awareness in the IT and non IT industrial sectors, Government Agencies as well as Schools and Colleges through a series of activities.

 Also See: Bengaluru as Information Security City:                                                                      

Naavi

12th June 2009

Naavi.org invites other like minded companies to join this movement.

Copyright Enforcement Fraud?

June 10: There have been instances of fraudsters impersonating as Police officials and collecting money from unsuspecting public with threats of various kinds. Naavi.org had earlier reported an attempted fraud in Hyderabad where some fraudsters tried to extort money from a person who was on an online obscene chat. It appears that a new gang has surfaced in Bangalore which is going around questioning  some designing professionals if their  AutoCAD software is licensed and if not are demanding a sum of Rs 1 lakh. It is necessary for the Police to investigate and  to put an end to the fraud. Also See: Techgoss.com

Search for Security Experts in US

June 8: The US Department of Defense is said to be on the look out for 10 000 security experts to work in diverse industries such as energy, aviation etc. They are planning to conduct a national competition for talent search. "Cyber Olympics", "Digital Forensic Challenge" etc are programmes under consideration. Separate awards are also made available for High Schools to encourage participation. India needs to note the innovative efforts being taken at US regarding Cyber Security and learn from them. Related article at internetnews.com

Bengaluru as Information Security City

June 6: A half day symposium had been organized at Bangalore by IT Cell of BJP to discuss the impact of the proposed tax reforms suggested by Mr Obama on the IT industry in Bangalore. During the occassion, Naavi presented an action plan for re-branding Bengaluru from being a "Silicon City of India" to "Information Security City of the world".

PKI Outreach Programme

June5: CDAC  conducted a one day symposium in Chennai on PKI Infrastructure in India and Digital Signatures. Naavi spoke about the legal issues concerning digital signatures as per ITA 2000/8.

More Opposition for Sec 69A

The powers proposed to be conferred on the Government under Section 69A of ITA 2008 for which draft rules have been published for comments has come in for more criticism. Mr Pavan Duggal has warned that the rule could be considered ultra-vires the constitution.  Refer article in BS

Naavi.org has already raised its concern with a call for a "National Netizen Rights Commission" or at least a "National Netizen's Rights Advisory Board".  We have already pointed out that the proposed rules must be tempered with appropriate "Safeguards". The "Safeguards" need to be drafted in such a way that the public gets the confidence that the rules would not be misused. Presently the Government is perhaps under the feeling  that since provisions similar to what is being proposed under ITA 2008 are available under Telegraph Act for "interception" and Supreme Court seems to have accepted the safeguards presently used for tapping of telephones, the rules presently contemplated may also be acceptable.

It is however necessary for the Government to realize that the Net Community is far more vocal than telephone user community and their opposition cannot be brushed aside. By not being as diplomatic as was required considering the sensitiveness of "Internet Censorship", Ministry of Communication and IT has made a mistake and we will now see a fight between MCIT and Ministry of Information and Braodcasting which could be detrimental in the smooth passage of the rules.

Sooner  MCIT realizes that keeping all the controls with the Government officials without adequate representation to civil liberty groups is not a good strategy for getting the cooperation of the public for the proposed rules even if it can be justified in the interest of the security of the nation.

Also see: Article in Hindu dt 7th June

Also see: National Netizen’s Rights Commission Required in India

Naavi.org is India's premier portal on Cyber Law. It is not only an information portal containing information on several aspects concerning Information Technology Law in India but also represents the focal point of several services around Cyber Law carried on by Naavi.

The first such service is the Cyber Law College a virtual Cyber Law education center in India which provides various courses on Cyber Law.

The second key service is the Cyber Evidence Archival center which provides a key service to help administration of   justice in Cyber Crime cases.

The third key service is the domain name look-alikes dispute resolution service which provides a unique solution for websites with similar looking domain names to co exist.

The fourth key service is the online mediation and arbitration service another unique global service.

The fifth key service is the CyLawCom service which represents the Cyber Law Compliance related education, audit and implementation assistance service.

Additionally, Naavi.org is in the process of development of four sub organizations namely the Digital Society Foundation, Naavi.net, International Cyber Law Research Center and Cyber Crime Complaints and Resolution Assistance Center. Digital Society Foundation is a Trust formed with the objective of representing the voice of Netizens in various fora and work like an NGO to protect their interests. Naavi.net is meant to develop a collaborative distributed network of LPO consultants. International Cyber Law Research Center would support research in Cyber Laws and Cyber Crime Complaints and Resolution Assistance Center would try to provide some support to victims of Cyber Crimes.

Together, Naavi.org represents a "Cyber Law Vision" that goes beyond being a mere portal. Started in 1997, when the concept of Cyber Law was new across the globe, consistent efforts over the last decade has brought Naavi.org to the beginning of "Phase 2" in which the services are ready to reach out to a larger section. This is recognized as the phase of collaborations and growth by association. Naavi.org will therefore be entering into a series of associations to develop each dimension of its vision with an appropriate partner. Individuals, Organizations and Commercial houses which have synergistic relationship with the activities of Naavi.org are welcome to join hands in commercial and non commercial projects of Naavi.org.

Naavi

---

Add Your Comments Here

---

If you would like to know  more about Naavi, the information is available here.

For Any Payments to be made to Naavi online :  Naavi_s Payment Center

RSS Subscription

BLOG POSTS