Collective Negligence
Are You Cyber Law
Compliant?.... This interesting question was first raised by Naavi in
November 2000, and highlighted in a lecture organized by CII, Chennai to a group
of its members way back in July 2001.
Nearly Five years later it is unfortunate that the question still lingers. If today,
we are concerned on the liabilities of organizations and executives for Cyber
Crimes, as it has happened in the case of Bazee.com and Mphasis, a thought should
pass our mind on whether the industry should be held collectively responsible for
not taking sufficient steps to educate the stake holders and initiate necessary
action when it was due.
The response of the industry after the recent crisis has been to
first blame the law in the form of ITA-2000 and second to blame the lack of law
such as "Data Protection Laws".
There is no doubt that ITA-2000 could have been drafted
better. One should also ponder why was it not facilitated by the industry when the
ITA-2000 was being
drafted?
Naavi himself had tried his best to attract the industry's
attention time and again on their role in contributing to the law making.
The draft of the E-Commerce Act 1998 and later IT Bill 99 was placed on our
website inviting comments from the public. A Netizen's forum organized by Naavi
collected the opinions from several like minded law professionals and submitted
a memorandum to the Ministry of Information Technology (MIT) suggesting some
changes.
However, neither the top IT Companies nor the industry
representative groups showed any inclination in participating in such
activities.
It must be said to the credit of the MIT at that time that
they were in fact responsive to the suggestions and did accommodate some, if not all of
the recommendations made by the Netizen's Forum.
Subsequently, on another occassion, Naavi personally called the attention of top IT
companies including Infosys, Wipro, Satyam, TCS and others in a bid to put
together an initiative to set up a CERT with private sector participation. At
that time
no such organization was in existence in India, though it was felt that such an
initiative very much necessary for the growth of the industry. However, the
industry and their representative organizations failed to appreciate the urgency
and remained mute spectators to the growth of Cyber Crimes.
All through these 8 years since Naavi.org/Cyber Law College
(initially under the banner Naavi.com) first started its mission of "Creating a
Responsible Cyber Society", there have been several initiatives undertaken to
spread the awareness of Cyber Laws not only amongst the industry but also
amongst educational institutions such as the Engineering colleges, Law Colleges
etc. Cyber Law College is even discussing programmes for "Creation of
Responsible Young Netizens" through an education programme at High School level.
Naavi has also initiated several vital services such as Verify4lookalikes.com,
ceac4india.com, arbitration4india.com, registration of E-Entrepreneurs,
Programme to encourage Cyber Cafes to become E-Bridge Centers, etc.
Most importantly, there have been many initiatives on
"Voluntary Cyber Law Compliance" by IT players including CyLawCom certification
requirements for software product manufacturers.
The very recent efforts of Naavi creating a book on Cyber
Laws in Kannada and a website in Kannada on Cyber Laws (www.naavika.org) have
been efforts to reach out to the grass roots of the society with the essential
"Cyber Law Literacy".
These initiatives have clearly drawn the attention of the IT
majors as well as institutions such as Nasscom to the needs of the
society and pointed to the possible ways of implementation in a commercially
sustainable manner.
It is a matter of incomprehensible surprise however, that the IT wizards have
neither been able to understand the need and commercial potential of such
activities nor the Industry Bodies and Government agencies stepped in to do some
spade work before Commercial interests are fully developed.
Though Nasscom and MIT have been undertaking several programmes with
substantial investments, they have been only addressing some of the peripheral
issues. The central issue of "Creating Awareness of Cyber Laws amongst Cyber
Society Players and Instituting a Voluntary Cyber Law Compliance Programme" has
not however been addressed so far.
In fact it is an irony that in the field of Cyber Law
Literacy, the private initiatives of Naavi and his efforts through Cyber Law
College represent perhaps much more than what the industry bodies with its huge
resources could achieve.
If therefore we have a CEO of a MNC being
arrested and a former Nasscom Chairman's company is being criticised as following
insecure business practices, it appears to be a reflection on the collective
negligence of the industry players to appreciate the core issue of why Cyber
Crimes are a threat to the industry and why awareness of Cyber Law is the key to
reduction of Cyber Crimes.
At least the recent incident should
stir the imagination of Mr Jerry Rao who with his vast experience in the
financial services industry and a stint in Nasscom should give us the hope that some
thing positive may occur.
If it happens, we can thank the CitiBank Fraudsters for their
contribution to the enlightenment of the industry leaders.
Naavi
April,14, 2005
Related Articles:
Other Articles on
CyLawCom
Are You
Cyber Law Compliant?
Cyber Law
Related Risk Management
The
Strength of Indian Cyber Laws
Changing
Profile of Cyber Crimes
Critical Review of the
Incident in technewsworld.com
India Acts on Call center Fraud..Personnel Today
http://www.technewsworld.com/story/42112.html
http://economictimes.indiatimes.com/articleshow/1077097.cms
http://www.theregister.co.uk/2005/04/13/india_call_staff/
http://economictimes.indiatimes.com/articleshow/1077047.cms
