"C2C auction site is a Mine filed of Cyber Law Risks"



Previous Articles:

Outrage Expressed at bazee.com CEO arrest :

What is Due Diligence?..1..Effect of Section 79 of ITA-2000

What is Due Diligence?..2..(Effect of Section 85 of ITA-2000)

Arrest of Avnish..Industry Responds(Should  Law Take Its Own Course?)

Dont' Raise the bogey.."Law is Wrong"

Thanks to the tremendous support received from the Industry, Bazee.com CEO was able to get bail in the MMS case. Unfortunately however, a new trouble front seems to have opened against Bazee.com, with the complaint on "Hawking of Imitation Goods". The case being investigated by the Mumbai Police now raises further questions on the "Non Compliance of Cyber Laws and Its Consequences on an Auction Site".

Naavi.org has been repeatedly stressing that  a "C2C auction site is a minefield of Cyber Law Risks". This seems to be tested in the case of bazee.com, India's biggest auction site.

Naavi.org has received several complaints in the past from consumers about the deals they have entered into in Bazee.com.

To set the record straight, it must be stated that the undersigned had an own experience which was not very bad. In this instance, when the undersigned had complained about the substandard piece of goods supplied by one of the vendors, the defective piece  (Of small value) was immediately replaced with another piece without any further query. Though the replaced piece was also not qualitatively superior, it was appreciated that some response was shown to the customer complaint. There were also several e-mail and telephone follow ups from the vendor to remove the adverse rating placed by me in the site against the product.

However, the experience of some of the others particularly those who had entered into high value transactions, might not be the same.

In one of the recent complaints received by me, one Mr Arun Prasad had bought a 256 MB Sony Microvault USB 2.0 Flash drive which turned out to be an imitation. The buyer claimed protection under the "buyer's Protection Plan" which was refused by the Company.

In another recent incident, one Mr Ravi Mohan had bought an Air Conditioner and had cancelled the order as per the terms. However, it is alleged that Bazee.com is contesting the Credit Card Chargeback.

(Additionally, several frauds have been reported in Internet Fraud forum.).

It is now reported in Indian Express  that acting on information from copyright activist Anil Kumar, police raided electronics shops at Mussafir Khaana, Natha Street, Sahara Market and Heera Panna on Monday, arresting 42 shop owners.According to the police, the names and addresses of the 42 accused who were selling the fake branded goods were also advertising them as the real thing and selling them via Bazee.com.

It is not yet clear how the Police will handle this situation though it is reported that Bazee.com has already been asked to provide some information and evidence material.

People who are conversant with Internet transactions will appreciate that even with the best of intentions, any C2C platform is likely to be misused. It is true that in the interest of Electronic Commerce, the C2C auction sites are not to be discouraged nor targeted by Police.

Naavi.org has itself pointed out several instances in the past where frauds have been facilitated misusing the names of Citi bank, BBC, Federal Express Couriers or e-bay etc.

The question therefore arises if in the interest of E-Commerce, blanket protection be given to all E-Commerce players against third party frauds committed through them or in their names.

While fully appreciating the needs of the industry for a free hand to do business using the technology, it is however difficult not to insist that the E-Commerce player has to undertake some responsibility to prevent his assets being misused. Hence providing blanket protection is not considered correct. It will encourage deliberate frauds and erosion of faith in the E-market place which will be detrimental to the interests of genuine players like Bazee.com.

The next alternative is to set up a regulatory framework to ensure that E-Commerce is "Licensed". In such a case a Government agency can receive applications and provide license just like issuing industrial licenses. I am sure that this will be very much favored by the Politicians and Bureaucrats.

Industry Captains like Mr Amit Mitra and Mr Narayana Murthy have to ponder if their recent demand for "Change in IT Law" is likely to lead the E-Commerce scenario in India towards the "License Raj". I would like to remind these stalwarts that even when IT Bill- 99 was under discussion in the Parliament between May 14th and 17th, there was a move to introduce a licensing system for Website registration by Indians. This was rightly shot down by the late Mr Dewang Mehta of  Nasscom.

Any move to change IT law at this juncture with the some idea of protecting Bazee.com will be highly dysfunctional to the whole community including Bazee.com itself.

I would however repeat that there is in fact no need for change of the Law since the current law with a protection for "Network Service Providers" which has a wide definition is itself good enough to protect E-Commerce despite the minor irritants from time to time arising out of mis-understanding of the provisions by the Police.

The Police are also in the learning process and I am sure that the mistakes are being reduced gradually from the time Police arrested web masters of Go2Next job.com for "hacking" when there was a payment dispute between the service provider and the customer.

What is the strong point of the current law which requires "Due Diligence" is that the control on what is expected of the industry is in its own hands in the form of "Norms" that are developed for managing the business of E-Commerce sites such as Auction sites.

I therefore urge the Industry captains including organizations such as Nasscom, FICCI and CII to explore the possibilities of defining "Due Diligence" at this point of time through a "Cyber Law Compliance Guideline".

Naavi in association with the Cyber Society of India has developed some preliminary framework for CyLawCom audit and certification which actually defines a bench mark for due diligence. It is however open to the Court at any point of time to consider these bench marks either adequate or not and accept it or reject it as the measure of due diligence. Though Cyber Society of India will try to ensure that these bench marks keep pace with the changing scenario in technology, if the industry associations join hands with Cyber Society of India in either endorsing the CyLawCom plans as suggested by Cyber Society of India or modify them suitably, there will be a set of guidelines.

Presently the system works as follows:

1. An E-Entrepreneur registers as a member of Cyber Society of India  (CySi)

2. The CyLawCom Audit and Certification service is presently provided by one of the Constituent members of the Society through a sub committee of CySi meant for the purpose.

3.The member applies for CyLawCom Audit to the Sub Committee of the Society meant for the purpose.

4.The CyLawCom subcommittee of CySi will collect the necessary preliminary information and raise a quote for the service.

5. On acceptance of the quote and the formalities regarding payment of fees for the service, the audit will be undertaken and after a due process provide a guidance note based on the observations.

6. On the client reporting adherence of the suggested norms, a separate evaluation committee will conduct a follow up audit and provide the necessary certification.

7.The actual process of implementation can be undertaken by the client on his own or in consultation with any other Techno Legal Cyber Security Examination agency registered with CySi. There are a set of CylawCom Examiners being developed exclusively for this purpose by Naavi.

Currently, the plans are under preliminary implementation and Cyber Cafes have been identified as one of the classes of industry players requiring such services. The services are offered not only for the Portals such as Bazee.com but also for non IT Companies using IT for administration and marketing.

The ball is now in the court of the industries. Let us accept that business has several risks. It is the duty of the management to identify and rectify them at the appropriate time with the appropriate measures. Not all risks can be eliminated. We need to manage them. One such measure is the CyLawCom process.

(For more details on the services of CySi, Naavi, the Secretary may be contacted)


December 23 ,2004

Also See

Bloggers Beware..Set of 10 articles

Advertising Code?..or Section 67 of ITA 2000?

Related Articles:

Times of India report

India Plans US Type Law..TOI

It is Like Arresting the PM of India for a Crime

For Structured Online Courses in Cyber laws, Visit Cyber Law College.com


Back To Naavi.org