New
Versions of Naavi's E books Available in PDF
format at affordable prices
Syria Shuts
down Internet
Nov 30: In
a crackdown on free speech the Syrian Government has
reportedly cut off access to Internet by its public.
There appears to be a civil war going on in the
country and the Government does not want the news to
go out of the country.
Report
DCP/IG
approval required for Sec 66A prosecution
Nov 29: Even
as the PIL in Supreme Court has been filed against
the constitutionality of Sec 66A of ITA 2008, the
Cyber Regulations Advisory Committee (CRAC) is
reported to have recommended that state approval
from an officer of DCP level at rural areas and IG
level in metros will have to be sought before
registering complaints under the section.
Report-1 :
Report 2 :
Report 3 :
Report 4
Though the reports
have started speaking of this as an amendment, this
should be considered only as a "recommendation" and
the recommendation has to be issued as a
"Notification" and placed before both houses
of the Parliament. Normally a notification is placed
before the Parliament if it is not in session.
Presently the house is in session and it may be
considered a "Privilege" issue if the notification
is issued straight away.
Constitutionality
of Section 66A raised in Supreme Court
Nov 29: As
expected a PIL has been filed in Supreme Court about
the constitutional validity of Section 66A of ITA
2008.
Report
First time in
12 years Cyber Regulations Advisory Committee is
set to meet
November 28: Naavi.org
has several times in the past has pointed out that
the amendment of ITA 2008 was not done through a
proper process since it was based on the Expert
Committee report and not passed through the Cyber
Regulations Advisory Committee constituted as per
Section 88 of ITA 2000/8. I was therefore pleasantly
surprised that the proposed meeting of November 29
which was reported in the media a few days back to
review the recent incidents is actually a meeting of
the Cyber Regulations Advisory Committee
(CRAC). It was however strange to think that
the Ministry was unaware of the provision of ITA
2000 and had not thought of convening the meeting of
CRAC even once in the last 12 years. But we can at
least now feel "Better Late than Never". However, it
is necessary to reiterate that this committee is
basically a "Secretary's club" and does not have
adequate public representation. Though there are
representations from NASSCOM and FICCI they
represent industry and not ordinary Netizens. Hence
the outcome of the CRAC meeting is unlikely to
completely satisfy the Netizens of India. :NDTV
report
IPV 6 to
provide better Cyber Crime Control?
Nov 28: The
switchover from IPv 4 to IPV 6 is being looked upon
by the Indian Government as a means of better Cyber
Crime Control. A top official of the DIT has
reportedly stated that since the Internet number
allocation data base will be within its control
instead of APNIC, it would facilitate easy
identification of monitoring cyber crimes.
Report
Probably the
official is referring to offences such as presently
hogging the lime light such as the twitter posts and
blogging against the political leaders. Technical
view of the switchover from IPC 4 to IPV 6 is
different. Many feel that DOS attacks will be more
challenging to counter. It may not make much
difference to detection of other crimes. Let's wait
for more expert opinion on the "Cyber Crime
Detection Impact of IPv6".
Bangalore
Cyber Crime Police Station lacks experts?
Nov 27: According
to this report in Hindu, Bangalore Cyber Crime
Police Station is finding it difficult to pick the
services of technical experts to assist in the Cyber
Crime investigations. it may be recalled that during
the days of Mr S.M.Krishna as the Chief Minister of
Karantaka, this PS was set up as the first of its
kind and was well supported with budgets which
enabled them to take the assistance of technical
persons by paying them adequate remuneration. Now
that Cyber Crime cases are filed and accepted in any
Police station the Cyber Crime PS has become more of
a Forensic consultancy center for other Police
Stations. Probably the budgetary support is lacking
since the unit is perhaps lost its visibility. Hope
the revival of the PS does not have to wait the
return of SM Krishna to power.
Report
Aaakash To be
produced in China?
Nov27: The
prestigious Akaash Tablets which the Government of
India plans to distribute in large numbers at
Government costs in India is reportedly being
manufactured not in India but of all places, China.
Despite the possible cost advantages, it is clear
that distribution of large number of computer
devices manufactured in China is a huge security
risk since China is a known Cyber Warfare specialist
and in the past alleged to have embedded malicious
trojans and "Manchurian chips" into systems supplied
from the country. Government has to rethink on this
project.
Report in NewYork Times
Company denies report :Microsoft
Study :
HTC Vodafone infected :undetectable
virus
Maharashtra
Government to issue guidelines to Police
Nov 27: Following
the public outrage on the misuse of cyber law in the
case of Palghar arrests under Section 66A,
Maharashtra Government has indicated that it would
issue guidelines to the Police on the handling of
ITA 2008 cases and also revert to "Investigation
only by DSPs". In the meantime it has been reported
that action has been taken against the erring
policemen. As per the report SP Mr Ravindra
Salgaonkar has been suspended. The senior police
inspector Shrikant Pingle is also expected to be
suspended. Mr Sangram Nishandar, Additional SP is
expected to receive a warning. Simultaneously Bombay
High Court has transferred Ramachandra Bagade, the
first-class judicial magistrate who was involved in
the incident.
Report :
Report2
Stage 2 of
HITECH regulations will be effective for 2014
release for incentives
Nov 26: The
Stage 2 meaningful use rule, requiring the
encryption/security of data stored in CEHRT
[certified electronic health records technology] has
been notified on September 4, 2012. It also requires
that EHR software be designed to encrypt, by
default, electronic health information stored
locally on end-user devices.The rule also requires
providers to "implement security updates as
necessary and correct identified security
deficiencies as part of the provider's risk
management process.".These changes will be effective
for the next stage of release of incentives after
January 2014.
Related Article
Mumbai
Consumer Forum orders Bank to pay
Nov 26:
Quoting the Internet Banking guidelines, a District
Consumer Forum in Mumbai has ordered a Bank to pay
Rs 42000/- as compensation to a customer from whose
account the amount had been fraudulently drawn.
Naavi.org welcomes this decision. At present several
cases of similar nature are pending with the Cyber
Appellate Tribunal and it appears that some of the
Banks have exercised undue influence on the
Government and stalled the appointment of the Chair
person for Cyber Appellate Tribunal for more than
one year holding up the rendering of justice to the
victims. Report
Constitutionality
of Sec 66A
Nov 26: Pranesh
Prakash of Center for the Internet and Society, has
analyzed Section 66A in detail and argues why it
should be considered violative of the article 19(1)
of the Indian constitution.
Details in CIS Website
What is
Happening at CAT?
Nov 25: The
importance the Government of India is placing on
Cyber Security in India and public good is indicated
by the way the Ministry of Communications and
Information Technology is handling the institution
of Cyber Appellate Tribunal.(CAT). CAT is an apex
judicial body for handling all civil matters on
appeal from different adjudications that may go on
in the country under Section 46 of ITA 2008.
But this
organization has been deliberately kept vacant by
the Central Government of Dr Man Mohan Singh since
July 2011. Despite several reminders to several
authorities including the ministers such as Mr Kapil
Sibal, no action has been taken so far by the
Government.
To rub salt on the
wounds of the Cyber Crime victims who are waiting
for this judicial body to resume its statutory
responsibility, the Government appointed a "Judicial
Member" in December 2011 who was allowed to remain
in office without any authority to conduct hearings.
He has now demitted his office on
attaining super annuation. As a mockery to the
institution, the Government
has also appointed a "Technical Member"
knowing fully well that in the absence of a "Chair
Person" neither the Judicial member nor the
Technical Member can hold any hearings.
It is difficult to
understand what is the reason behind this strange
behaviour. It appears that there may be some vested
interests which either does not want CAT to
function. It is time that the Government exhibits
some sense of Governance and takes action in this
matter and stop treating the institution of CAT as a
joke.
Stringent
HITECH Audits expected in US in 2013
Nov 25: The
HITECH Audits in 2013 by OCR are expected to be far
more stringent than the audits conducted in 2012
which was more like a test drive. The audits are
likely to be random and without notice. If the
violations are observed there are likely to be heavy
sanctions. Indian Business Associates of the US
Covered Entities will also need to upgrade their
Privacy and Information Security preparedness as
their non compliance may reflect as non compliance
by their associate covered entities. Some of the
Covered Entities may undertake their own audits and
impose penalties on the Business Associates based on
the indemnity clauses in the BA agreement. It is
therefore recommended that Indian companies engaged
in the processing of health care information from US
review their Privacy and Information Security
measures and arm themselves with appropriate
documentary evidence for compliance of HIPAA-HITECH
standards.
Related article
Anticipatory
Bail for Netizen Activity
Nov 25: The
recent incidents in India have exposed every blog
writer, Social Media user to the risk of
occasionally posting a view point which may not be
to the liking of somebody who may move a complaint
with the Police under Section 66A of ITA 2008 and
other sections of IPC, and the possibility of the
Police swooping in and arresting the person has
become a distinct possibility. Hence as an
"Information Assurance Consultant" advising people
on how to mitigate Cyber Risks, it has become
necessary to also advise individual virtual media
activists that they should keep themselves ready to
apply for anticipatory bail at short notice. To help
such persons,
here is a draft anticipatory bail application.
(Experts may advise
refinement of this application and how to make
it more acceptable to the Courts)
It is a shame on
our democratic system that such a discussion
is in circulation in the Internet.
Cyber Freedom
Movement of India
Nov 24: It
is reported in papers today that the enquiry setup
by the Maharashtra police on the misuse of law in
the Palghar case by policemen has held the Policemen
guilty and recommended action. This is good news.
But before we can take comfort, another incident of
misuse where two Air India employees were arrested
some time back for alleged offences under ITA 2008
following union rivalry has come to light.
Report in Indiatoday
Misuse of law to
harass citizens by politicians and subservient
policemen is therefore a permanent problem which
requires a long term solution. We need to fight for
a "Cyber Freedom" and launch a movement to ensure
that there is a proper protective regime for
recognition and protection of Netizen's rights.
In this direction,
I call for an amendment to ITA 2008 and an addition
of a Chapter on "Netizen's Rights" where we
introduce appropriate checks and balances against
misuse of the law. I demand that all political
parties declare their stand on this demand for
"Cyber Freedom in India" and make this a major
election plank for the coming elections. If none of
the current political parties consider this
important, at least Mr Kejriwal needs to take up
this issue as one of his main election demands.
"Naavi
Pyramid" for Modular implementation of Total
Information Assurance
Nov 23:
The Naavi pyramid approach to IA is built on the
premise that Total Information Assurance which
satisfies all the 5 elements such as
Confidentiality, Integrity, Availability,
Authenticity and Non Repudiation can be achieved
across all the three dimensions of security namely
the Technology, the Law and the Human aspects if we
try to re arrange the objectives in a hierarchy of
priorities......More
Another Case
filed against Sec 66A
Nov 22: UP
Cadre IPS officer Amitabh Thakur and his wife social
activist Dr Nutan Thakur have filed a writ petition
in Allahabad High Court, Lucknow Bench, for
declaring section 66A of the Information Technology
Act 2000 as ultra vires because it violates the
fundamental right to expression under Article
19(1)(a) and other rights related with life and
liberty enshrined in Chapter III of the Constitution
.
Report
Already a similar
complaint has been filed in Madurai. We may await
how the Court reacts. In the meantime there is also
a report that the Government is thinking of some
changes of its own.
Report
Has Section
66A passed the Constitutionality test?
Nov 21: The
law ministry has indicated that the Section 66A has
undergone "Clear and Present Danger Test" for
constitutionality, at the time it was drafted
according to this report in Indian Express.
Report :
Validity questioned in Madras high Court : Asian Age
report
Naavi.org had
however stated in the context of the amendments that
"Removal of Offensive Content is a sensitive
issue.... there needs to a safeguard that the powers
of blocking, interception etc may not be abused
either because of political or other considerations.
Hence it is necessary that a Netizen Protection
Commission or in its absence a Netizen Protection
Advisory Board be constituted as an agency which may
consider any request for exercise of powers under
the Act by Government agencies and the Police for
interception etc and advise the intermediary
suitably."
This suggestion
requires a thought once again. ...More
of the suggestions made in 2008
"Freedom
on the Net" is an election issue in next
national elations
November 20: The
Palghar incident where two ladies were arrested for
Facebook activity expressing a view that no bundh
was necessary in Maharashtra on the death of Mr
Thakre has triggered a debate on whether Police in
Maharashtra have turned themselves to be part of the
goonda elements of a political party and if so what
needs to be done. Incidental to the solution is
whether ITA 2008 requires a further amendment to
provide immunity to citizens against misuse of law
by the Police and whether the issue of "Freedom on
the net" is critical enough to be a national
election issue....
More
Total
Information Assurance For Modular
Implementation(TIAF4MI)
November 19: The
Total Information Assurance Framework (TIAF)
developed by Naavi now is depicted as the "Naavi
Pyramid" which divides the Total 
Information
Assurance based on the three dimensional pentagon
model of IS motivation into five progressively
implementable levels based on the well known five
principles of Information Security accepted by the
current IS and IA practitioners.
The TIAF4MI is an
approach which incorporates the best practices
inherent in the current IS and IA practices and
increases the acceptability amongst corporate
managers. Hopefully the industry will respond
positively to this new approach to Information
Security and Information Assurance...
More
Information
Assurance Framework for Health Care Industry
November 17/18:
Based on his vast experience on HIPAA and ITA
2008, and to meet the specific requirements of the
Indian Health Care Industry, Naavi has developed a
new Information Assurance Framework for the use by
Indian Health Care industry. The framework titled
IAF4HC will be nursed by Ujvala Consultants Pvt
Ltd and explained in detail over these columns in
the coming days. ..More
HSBC in
the eye of global criminal syndicate..says Kejrival
November
9: In a
significant expose, Mr Arvind Kejrival of India
against corruption charged HSBC being a part of a
global money laundering industry and has been
involved in managing havala transactions in India.
Already HSBC has faced similar charges in US and
has been penalized. We need to wait and watch the
impact of the expose on HSBC in India.
Be
Careful when you receive an "Enclosed ticket"
message
November
9: Malware code
droppers are always looking out for new ways to
drop viruses to unsuspecting users. Recently I
came across a mail apparently from an airline
advising me that a ticket has been booked for me
and I can download the same from the attachment. I
could spot the rogue mail since it was from Delta
Airlines. Had it been from IRCTC or a local
airline in which I regularly book tickets, perhaps
I would have been tempted to see which ticket is
enclosed and would have invited a malware into my
computer which could well have been a key logger.
I have sent the mail for analysis to virus experts
and update on the nature of the malware. Readers
may however take note of such emails and avoid
falling prey to them.
P.S: "The trojan is
known as Generic VB.i (McAfee), a variant of
Win32/Injector.PVR (NOD32), Troj/Bredo-VJ
(Sophos), Trojan.Smoaler (Symantec)." As of
3/11/2012, it appears that 41
of the 44 AV softwares are able to detect
this virus. (If you know Kannada)
PIL
Filed against Section 66A
November
9: A PIL has
been filed in Madurai High Court seeking repeal of
Section 66A which is being repeatedly being
misused to arrest and harass political opponents.
Report
AirTel
accused of Phone Sex Racket
November7:
An FIR has been
filed on AirTel and others for running a "value
added service" on Phone Sex. AirTel which has been
accused of several unethical and illegal practices
to generate revenue is now facing a charge of
outsourcing a "phone Sex Service" and offering it
as a value added service to its clients. Naavi has
also accused Airtel of cheating customers on
delayed account closures and false billing both on
data card and 3G services. This Noida incident
confirms the existence of such unethical practices
as a part of the corporate culture. TRAI needs to
take appropriate disciplinary action. Related
Article
IPV6
implementation deadline fixed for Banks
November
6: RBI has
advised banks to switch to IPV6 protocol
before the end of December 2012. Though the
migration has been under discussion in network
circles for a long time, Banks may find this short
notice deadline a little uncomfortable. While many
security experts consider that the migration
really does not take time, there is a need for
Bankers to ensure that during the migration they
donot make mistakes that affect the security of
the system. Related
Article:
IPv6 Transition Poses New Security Threats
China
Risk.. If you are visiting
November
4: China is
considered to be a leader in Cyber espionage. Here
is an article that highlights the risks and
precautions some cyber security advisors recommend
if you are visiting China. Article
Section
66A
in Karti Vs Ravi incident
November
3: Section 66A of ITA 2008 has been
receiving lot of attention presently because of the
arrest of one Twitter user by name Ravi Srinivasan.
There is widespread criticism of the section
warranting a need for an academic debate on whether
there is anything wrong in the section itself or in
its interpretation ..Considering the importance of
this incident to "Netizens Right to Freedom of
Speech and Personal Liberty", it is therefore
essential for us to analyse the whether the incident
reflects the offence for which the accused has been
charged... Details
: Part I : Part
II
Karti Chidambaram
issue gets hot
November 3: Following the arrest
of one Mr Ravi Srinivasan, a small time
businessman (who was also an IAC worker) under
Section 66A of ITA 2008 based on a complaint by
the Finance Minister's son, Section 66A of ITA
2008 has come for a serious debate. Some consider
it as unconstitutional and requires to be
scrapped.
Is
Emergency round the corner?
November
3: The issue of Mr Ravi Srinivasan as well
as Aseem Trivedi indicate that we are already in a
state of "Emergency" and freedom of speech is no
longer guaranteed in India at least for the
Netizens.
We can expect that in the next few weeks
the real "Emergency" under Article 352 may also be
declarred because of a perceived threat to
National Security from various anti corruption
activists including Anna Hazare, Baba Ramdev, Arvind
Kejrival and Dr Subramanya Swamy. Mr Swamy's
reported petition to derecognize Congress may
be the last straw on the camel's back. In such an
event naavi.org will suspend its activities until
democracy in India is restored.
I request the opposition parties that as
and when the next election takes place, if they are
still in business, they should include in their
election manifesto that "Freedom of the Netizens in
India shall be guaranteed".
Netizens Rights
Commission required in India
November
2: After the enactment of the amendments to
ITA 2000 in December 2008, Naavi.org had pointed out
in its discussion on Section 69 and 69A that there
was a need for a Netizen Rights Protection mechanism
to prevent abuse of law. We had even proposed a
"Netizen Rights Commission" on the lines of Human
Rights Commission or a separate division to be
started for the purpose by the Human Rights
Commission itself. Now the time has come to focus on
this demand once more due to the repeated misuse of
Section 66A as we have observed in the recent case
of remarks against Karti Chidambaram.
The current Government does not have time
to address this issue nor seem to have the necessary
inclination. I therefore wish that Netizens of India
make this an "Election Issue" for the 2014
elections. We need to demand different political
parties to express their stand on the issue of
"Freedom of Speech" on the Internet and in
particular how they would deal with the issues
arising out of misapplication of Section 66A or
Section 79.
While on the subject it was interesting to
note that Mr Narendra Modi had expressed some views
on Internet Censorship opposing the moves of the
Government. I request Mr Modi to reiterate his stand
on the subject as he is considered a possible Prime
Ministerial candidate for BJP. (Modi
supports
fight against internet censorship).
I also request both Mr Arvind Kejrival and
Mr Anna Hazare also to indicate what is their stand
on the subject of amending the amended ITA 2000.
Related Articles: Will the Government Consult Netizens? :
Concern for Privacy Rights Vs National
Security-
Protective
Disclosures are necessary in India
November
1: Aseem Trivedi went to Jail because he
displayed cartoons in Anna Hazare meet. Now it is
the turn of one Mr Ravi Srinivasan who has been
arrested for an otherwise innocuous comment on the
Twitter because he was an IAC member. Government of
India appears to be so unnerved by IAC that they
react violently to any member of IAC however
unimportant he may otherwise be. Under the
circumstances, it has become necessary for Tweeters
and Blog writers in India to consider including in
their publications a protective disclaimer
stating "I am not an IAC member". This may
mitigate the risk of them being targetted for Cyber
Crimes.
We may note that under the Data Protection
Act of UK, Political Affiliation is considered a
"Sensitive Personal Information". A similar
provision should be considered in India also under
Section 43A.
(Naavi declares that he is not a member of
either IAC or Anna Hazare group though he believes
that corruption is the root cause of misery for
Indian Citizens.)
Innovative CAPTCHA
s and Advertising Creativity
November
1: CAPTCHA s have become a common security
measure used by websites. Today I came across a
Captcha which stood out for its creativity in
serving an advertising objective. I thought of
sharing this with the community. Details
US$ 1 million drawn
fraudulently from Citi Bank
November1:
12 Hackers were arrested for
fraudulentlywithdrawing US $1 million from multiple
ATMs with withdrawals made within 60
seconds which the system wrongly debited as a single
transaction. Hope Indian Banks will check their
systems and verify if they also have similar
vulnerabilities. Report
For Articles of
Earlier Date Browse through Archives
![[Valid RSS]](../../image/valid-rss.png "Validate my RSS feed"){kind=small}
