"This website is the Wikipedia of Indian Cyber Laws".. A Visitor's remark

Bernard von Bothmer Professor : For Egyptian History


Comments on G Gopalakrishna Working Group Report

Comments on Cyber Fraud Issues Comments on Consumer Education
Comments on Digital Signatures, 2F authentication, Sec 65B etc  Comments on Offences, CA business and Online nomination
Comments on Encryption and Data Protection Comments on "Intermediary Status"
Comments on "Cheques in Electronic Form" Comments on Legal issues in G Gopalakrishna Working group recommendations
Are Vested Interests at Work to manipulate RBI ? Phishing Risks under G Gopalakrishna Working Group Report
Role of Adjudicators in Phishing Cases Reiterated  Summary of Report: Full Report :
RBI Notification


A New Service Launched

July 8, 2011: In continuation of the endeavour to introduce pioneering services to Netizens, Naavi has launched a new service from " www.Cyber-Notice.com  " to provide free and low cost option for notices to be placed in Cyber Space. The service is unique since the paid service comes with a CEAC certification as to the publication of the notice and the period for which the notice was available. Suggestions for improving the service are welcome. Bulk users who would like to register themselves for special rates and credit facilities may  contact the site administration... Visit the site here

Future of e-Banking in India

July3: Phishing frauds have become so common in Banks that they soon will not be considered as news worthy of discussion. Naavi has been in the forefront of a crusade against Bankers who have jumped into the e-Banking bandwagon throwing all caution to wind and making customers pay for the commercial greed of the Banks.

In order to end speculation in this regard, Naavi has now placed a request with the Governor of Reserve Bank of India that in three instances of known violation of RBI guidelines brought to their knowledge, RBI should penalize the respective branches of the bank by cancellation of branch licenses....More

Innocent Customer Suffers out of Bank's Negligence

July2: An ATM fraud involving a customer of Bank of India has been reported from Bangalore which indicates the distinct possibility of an ATM Card cloning  syndicate being in operation in Bangalore. In this reported incident, Canara Bank ATM was involved. It appears that the banking Ombudsman has informed the customer orally that he has received a satisfactory explanation from the Bank and may be unable to resolve the dispute.

When the customer is still holding the Card and the ATM Bank is unable to produce evidence in the form of CCTV that the customer has not himself withdrawn the amount it is surprising how the Banking Ombudsman can come to the conclusion that RBI direction has not been followed by either Bank of India or Canara Bank. RBI needs to take a closer look at the incident and needs to come up with a proper explanation for the decision of the Banking Ombudsman.

In a similar incident in Gurugaon under a complaint no BO Complaint No. 201011014004856, where money had been drawn from a customer's account in Axis bank through ATMs in some foreign countries, the Ombudsman had ordered that payment had to be made by the Bank which held the customer's account. There are also other instances where Banking Ombudsman have held Banks liable in Phishing cases also and some of these cases are reported in the Compendium of cases reported by RBI and it is not clear why the Banking Ombudsman in Bangalore should take a divergent view. There is also a case of Bank of India in Bangalore itself in the past where the Ombudsman intervened and settled a claim of Rs 29000/- to a phishing victim. RBI needs to ensure  consistency in the decisions of their officers acting as Ombudsman.  ...More

Related Report in Deccan Chronicle

Cookie Legislation in UK

July2: Explicit consent would be required by websites if they propose to track the website users according to  a law passed by UK.The law will be effective after a period of 1 year. This is a provision similar to what GOI has introduced through Sec 79 rules. Related Report

The Status of CAT

July 1, 2011: The term of the current Chairperson (Presiding officer)  of Cyber Appellate Tribunal (CAT), Justice Sri Rajesh Tandon expired yesterday the 30th June 2011 due to his attaining the age of superannuation. Unfortunately, the Government does not appear to have taken timely action either to appoint a substitute in place of Sri Tandon or to extend his term before his term expired.As a result CAT will technically be closed from today until a new incumbent assumes office. ..More

Demat Fraud in Delhi

July 1: Six persons have been arrested for a fraud in which the offenders hacked into a demat account and sold shares worth Rs 94 lakhs. The amount was transferred to a Bank account opened in the name of the share holder in ICICI Bank, Chandigarh. Yet another case of KYC negligence by the Bank. Going by the frequency of frauds occuring through ICICI Bank accounts it may be necessary for RBI to open a special division for conducting KYC inspections in ICICI Bank...provided RBI is serious on its obligations to AML Act. Related Story

Content Removal Requests from Government..

June 29: Google Transparency has reported a 67 % increase in the requests from Government of India for content removal from Google controlled sites in the current year. Requests have come from Courts, Police and the Government agencies. Related report in techgoss

GOI owes an Explanation to Public

June 23: The decision of the GOI to engage the services of Huawei, China to set up a security lab in Bangalore in association with IISc is a decision which baffles every observer of Information security. When one peruses the Wikipedia posting on Huawei, we come across the following posts:

"In October 2009, Indian Department of Telecommunications reportedly requested national telecom operators to "self-regulate" the use of Chinese-made equipment (including ZTE and Huawei), quoting security concerns. Earlier, in 2005, Huawei was blocked from supplying equipment to India's national network BSNL.In 2010, Indian security intelligence (CBI) insisted on canceling the rest of the Huawei contract with BSNL and pressed charges against several top BSNL officers regarding their "doubtful integrity and dubious links with Chinese firms". In April 2010, Sistema Shyam Teleservices Ltd., the Indian unit of Russia's AFK Sistema, didn't get clearance to buy Huawei equipment.

In May 2010, security agencies in India became suspicious of Chinese Huawei employees after learning that part of Huawei's Bangalore R&D office building is off limits to Indians. The intelligence agencies also noted how Chinese employees of Huawei keep extending their stay in Bangalore for months on end. When security agencies launched an investigation to probe the purpose behind these long-drawn business trips by the Chinese staff of Huawei to Bangalore, they were told that the Chinese were staying on to learn and master English in India."

Despite such knowledge if Indian Government first released the ban on Huawei for supply of equipments and now goes one step ahead and makes them the security partner for the country, it is difficult to understand the thinking behind the decision.

China Intrudes into Indian Cyber Security System

June 23: India is aware through years of its existence that China is one of the most cunning and a powerful neighbor with global ambitions. China is like Lion and a Fox rolled into one. To trust China and devise national security strategies is nothing short of committing harakiri. This is what Indian Government seems to be heading for. It is reported that  Indian Government has taken a decision to let the Chinese Company  Huawei be their partner for securing the security of systems used by telecom companies. Huawei being a major supplier itself and China being one of the biggest global threats to Cyber Security, the decision appears to be a complete compromise of the Indian Cyber Security system. It can also mean that after some efforts, the Indian scientific community including IISC have expressed their inability to find out the vulnerabilities by themselves and need Chinese help in this regard. Perhaps now we can consider appointing ISI as our National Consultant for Counter terrorism measures!. Related report in ET

Google Street View Blocked

June 23: It is reported that Bangalore Police has stopped the Google Street View project in the name of national security. Since the recording was only of what is viewable from a public space, the privacy arguments are weak. As far as security, terrorists only need the contours of a place which could be their targets rather than the details. While Street view can be of assistance in their recce, it is not a risk grave enough to require the extreme action. Probably the decision needs a debate and review. If Google had been a Chinese Company perhaps it would be easier for them to get security clearances!. Report


COS suggests Privacy Bill

June 22: The Committee of Secretaries (COS) of the GOI is reported to have taken a decision to introduce a "Right to Privacy Bill" applicable for all individuals living in India whether they are Indian Citizens or not. Presently ITA 2008 itself has provisions under Sec 43A which provide for privacy protection. Hence this bill is redundant. It appears that the Bill is meant more for defining how certain agencies can be authorized access of privacy information. It is indicated that  Insurance Companies can access health information, Employers may get access to Bank data. Additionally telephone interception would be authorized and intelligence will have access anyway. It is also stated that the CAT constituted under ITA 2008 will be the appellate authority under the Bill. This requires an amendment of ITA 2008. Further CAT at present and is likely to be headless after June 30. Under the circumstances the proposition of COS seems to be impractical.

Advocates frustrate CAT sitting in Chennai

June 21: ITA 2000/8 envisaged that the  dispute resolution mechanism under the Act would be a model judiciary system  and render quick and economic justice to public who are victims of Cyber Crimes.  But the advocates representing litigants are often found to be adopting tactics that are meant only to delay things.. More.

How IT Act is misused

June 21: Here is an interesting account of how IT Act has been misused for internet censorship. It is found that some advocates specialize in obtaining interim orders which amount to a relief (punishment to the counter party) without any substantive case in their favour. The trick is to file an application in an appropriate court. Most Courts donot dismiss a petition on the spot even if it is absurd or ridiculous. They simply issue notice to the other party returnable after two or three weeks. In the meantime the petitioner requests for interim order such as stay on the publication. Court agrees on an ex-parte basis since it is only an interim relief. Then the petitioner uses his other tricks to see that the case is not heard for some time. If the respondent appears he is given time of another three or four weeks to respond. Even if he responds immediately, the petitioner will seek time to file a counter. Then he will ensure that the counsel seeks adjournments one after another on various grounds including that the counsel has to go on vacation, he is seriously ill, he has to attend another court etc. Adjournments may continue until the judge gets tired. In the meantime the interim order will provide a relief.  The case of Kochar Vs Legally India represents one such case.  Article

Bank Websites insecure

June 21: Security experts have found vulnerabilities in many Bank websites including ICICI Bank and HDFC Bank. Article

Cloning of Debit Cards in Ranchi

June20: A group of youngsters selling car wash accessories in a Petrol Bunk costing Rs 280/- for a mere Rs 30/- were found to be insisting on payment by debit cards. It was found that they were later cloning the debit cards and withdrawing money from the Bank.  Police have registered an FIR and arrested a few persons. Article in TOI

Centaur Hotels in violation of Sec 43A

June 19: A report in bangaloreaviation.com indicates that authorities in Centaur Hotels New Delhi under the management of Air India has a practice of loading scanned passport and credit card information of customers on a public website. Out of the two, Credit Card information is considered as "Sensitive Personal Information" under Sec 43A and requires to be protected with "Reasonable Security Practices". It is clear from the report that the information is in unencrypted form and in a public server. This is a violation of the Sec 43A rules and exposes the Company to liabilities. Though the liability arises only on a victim claiming a damage, it is a "Risk" for which the company needs to provide for under corporate governance requirements. It is however considered under the law that the passport information is not "Sensitive Personal Information". The rules have been deficient in this respect since passport is today the most important identity document for an individual and if duplicated can be a cause of many other identity theft related frauds.  It is understood that the page has since been taken down. However this underscores the need for IT managers being trained in techno legal information security. The article

USA Court Also holds Bank liable for Phishing

June18: When the adjudicator of Tamil Nadu decided in the S. Umashankar Vs ICICI Bank case in favour of the victim of Phishing, several Banks were upset. Their contention was that they have the right to introduce any technology but they will not take absolute responsibility for frauds despite law and RBI regulation being in favour of the victim customer.

Earlier to this verdict, there was one German Court decision also in the same light holding the Bank liable for Phishing. Now even a Michigan Court has given a similar verdict.

Banks in India who want to ignore ITA 2000/8 law on use of digital signatures or RBI's Internet Banking guidelines and are fighting to hold the victim of a phishing to be made liable are slowly losing ground. After the G Gopalakrishna working group committee report, notified on April 29, 2011, it appears that the last hope of the Banks that RBI will come to their assistance is also lost.

It is time for Banks to upgrade their techno legal security system as suggested by the Gopalakrishna working group rather than living in the false hope that they can avoid liabilities through protracted legal wrangles.

Banks must now focus on the October 31, 2011 deadline for their new IS policy to avoid further accusations of "Negligence".

 Related eport in Computerworld

More Opposition builds up for IT Rules

June18: The recent IT rules on Intermediaries and Cyber Cafes have attracted criticisms from several quarters. While Cyber Cafe regulations have been criticized for lack of concern for Privacy and the impractical nature of the regulations, the Intermediary guidelines have been criticized for the possibility that it would stifle  free speech. Here is a good article on the subject

First Adjudication Application in Karnataka filed

June14: After a prolonged wait, the first Adjudication application in Karnataka has been accepted by the IT Secretary. The complaint has been filed by a customer of ICICI Bank who has suffered a loss through unauthorized access to his account.

Tata Docomo Releases blocking of BloggersNews.net

June14: After several rounds of follow up it appears that Tata Docomo has removed the blocking on www.bloggernews.net. It was pointed out to the company that blocking of a website without appropriate sanction amounts to contravention of Section 69A of ITA 2008 and makes the company officials liable for imprisonment. Company has finally removed the block.

Early Aadhar Holder is a SIMI Activist

June12: Even before the UID scheme is to take off it is learnt that a SIMI activist has been one of the early holders of an Aadhar Card in a fictitious name. Close on the heels of the report of theft of two laptops containing UID data, this report nails the claim of the Government that the security of the system has been taken care of. Despite being warned, Sri Nandan Nilekani has always maintained that the UID scheme cannot be misused as a security threat. Unfortunately his confidence has been proved incorrect. It is therefore necessary that at least now, UIDAI reviews its systems and ensures that national security is not compromised. Related Report.

P W C Davidar Honoured

June11: Cyber Society of India (CySi) honoured Mr P W C Davidar, the former Adjudicator of Tamil Nadu with the award of a "Fellowship" in recognition of his outstanding services rendered as the Adjudicator of Tamil Nadu during his tenure as the IT Secretary. It may be recalled that Mr Davidar had the credit of the first adjudication decision in India in the case of S.Umashankar Vs ICICI Bank. Subsequent to this historical decision, 16 more adjudication applications have been filed in Tamil Nadu making it the State with the most active Adjudication system. During the occasion Mr N.Vittal former CVC was also awarded a Life Time Achievement Award. Speaking on the occasion, Mr N.S.Vishwanathan, Regional Director of RBI recalled how RBI has always upheld the interests of the customer and emphasized that "Security" is an important aspect of Banking. He recalled the words of the Deputy Director of RBI that "it was improper to pass on the liability of a cyber crime to the Customer". The award function was followed by a workshop on different aspects of Cyber Crimes in relation to Banking. The program was attended by several Bankers. Related Report in Hindu

IRCTC Fraud. One Ticket Agent Arrested

June7: Naavi.org has been pointing out that online IRCTC booking through Tatkal is being fraudulently taken over by agents. Complaints have even been lodged with IRCTC on this account. We have also exposed one software professional who had posted a client side script which could be used for overriding others in booking the tatkal tickets. This software professional removed the contents of his site but there are others who are also posting hacking guidelines for IRCTC site. In our complaint to IRCTC we have been suggesting IRCTC that they whould conduct a CBI enquiry on an analysis of tatkal bookings to prevent this fraud. We have also suggested that agents should be disabled from Tatkal booking for the first 15 or 30 minutes. Similar views are also held by others.

We are glad to note that one such agent has been arrested in Mumbai for such fraudulent booking. He is reported to have made 44 bookings under Tatkal on a single day.

There is a clear indication that IRCTC officials must be involved in this fraud. a good analysis has been given by Mr Amish to estimate that the fraud may be valued at around Rs 10000 crores. IRCTC has also modified its rules to accommodate the agents. When online booking was started, agents were not allowed the use of the facility. Later they were included. Then IRCTC also made a change regarding the ID card details to be provided. Earlier the full details of the ID card including the serial number had to be provided at the time of booking. Now this is not required. Passenger can give any ID. While this appears to be a move to help customers, it is actually meant to help the agents who may not have proper ID documents of the passengers.

Cyber Bullying by Vodafone?

June7: The attitude of Vodafone in filing a defamation suit (Refer article in FE) against a dissatisfied customer expressing his complaint on the Internet smacks of "Corporate Arrogance" and needs to be opposed by all consumer oriented organizations. Differences do arise between a customer and a consumer oriented business entity. Most matured business houses follow  the axiom "Customer is always right" and go out of the way to placate a complaint. When the company is not responsive the customer is forced to post his complaints in various consumer fora as well as his personal web space.

In the event the facts presented are false there is a legal right to file a defamation suit. However in most cases the money rich company files a case only to harass the individual. Unfortunately our unfriendly legal system is a night mare for most individuals. Often petitions which ought to be thrown out in the first place are admitted by Courts making the respondent spend time and money to respond to an unsustainable legal dispute. The case then drags on and on and the proceedings become a punishment to the consumer hurting him more than the original dispute.

It has been my personal experience that Vodafone service is bad and I discontinued the service for the same reason.  I donot know the details of the current dispute but it appears that the person is so agitated that he has contacted the higher officials and also posted their contact numbers for others to see. It is ridiculous that the Company claims that the customer can go through only the customer care facility and should not contact other officials. We all know that customer care is only one of the contact points for the customer and it often is not able to solve all the issues.  In such cases, since the consumer's  contract  is with the company and any service charges paid by him go to fund the salary of all the officers of the company  it is the prerogative of the customer to contact any official including the CEO or even the Board of Directors to seek resolution of  his complaint. Each such person has a duty to the consumers and are vicariously liable for the warranties made on the service either through advertisements or otherwise. Hence writing to them or publishing their contact numbers for others to contact them cannnot be considered as an illegal activity. If they feel inconvenient, it is the price they pay for being the officials of such a company.

Hence the stand taken by the Company is clearly anti consumer. This bullying attitude of Vodafone needs to be condemned. It is preposterous to suggest that ITA 2008 should be applied against a consumer who posts his complaint in his facebook profile whether it is private or public. The remedy for such arrogant behaviour of a Company is a consumer movement against such a company. Now that there is MNP, I think people should express their dissatisfaction by severing their relationship with the company. A Consumer company which is anti consumer is not a company to be associated with. Perhaps we require a Cyber Anna or a Cyber Baba Ramdev to take up the cause of such cyber bullying.

Bangalore losing status as IT Capital of India?

June6: It is reported that the ASSOCHAM  has said that Bangalore is set to lose the prestigious tag as the IT City. Results of a survey of 800 CXOs is said to indicate that nearly 30% of the Bangalore based CXOs were keen to shift to Gurugaon and 25% to Noida. Naavi has been trying to persuade the State Government to take up measures to ensure that Bangalore remains the destination for IT industry. When a hard core an IT professional was elected as an MP of BJP it was hoped that he would take steps to promote IT industry in Karnataka. However the Government has its priorities set elsewhere. Judging by the lukewarm response to some of the initiatives of Naavi to make Bangalore the focus of IT Security from the Government, it appears that ASSOCHAM survey conclusion may become a reality sooner than expected.  With the change of Government in Tamil Nadu and Mrs Jayalalitha assuming the Chief Minister's role, it is expected that Chennai and Tamil Nadu will also initiate steps to wean away IT investments. Recently a group of North Eastern States chose to headquarter their IT promotion initiatives from Hyderabad instead of Bangalore or any other place.  This indicates that outside Karnataka, the perception is growing that Bangalore is no longer a recognized IT hub. Unless Dr V.S. Acharya, the IT Minister and Mr M.N.Vidyashankar the Principal Secretary, IT and BT recognize the threat and initiate immediate remedial measures, before the end of the current BJP Government's tenure, Bangalore would have lost its identity as the IT capital of the country. I invite the attention of the National IT Cell of BJP and Mr Janardhan, the Chitradurga MP who was a former IT professional to take interest in devising strategies to change the disturbing. trend.

"Vinaashakaale Vipareeta Buddhihi"

5th June, 2011: When Jaya Prakash Narayan (JP) was arrested in June 25, 1975, it was stated that he commented "Vinaashakaale Vipareeta Buddhihi". I am reminded of that development today. After the arrest of JP and other political leaders and declaration of "Emergency", on 26th June, 1975, a few publications protested the Emergency measures by printing blank editorials. It was the beginning of a two year dark period in the history of India when dictatorship ruled the Country. It is 36 years since that event and we have history repeating itself with the midnight swoop on Ramlila Grounds and arrest of Baba Ramdev who was protesting against Corruption. By its action, the Government has indicated that  it is better to suspend democracy rather than take steps to prevent corruption. I am now reliving the days of June 26, 1975 and reminded of the famous words spoken by JP which was then headlined by Indian Express. Yesterday I speculated on "Emergency" measures. Unfortunately it has become a reality today. . Let's wait and see how media and other political parties react to the current situation. At the point of time when this is being posted, there is still no "Emergency". I hope that 2011 is not 1975 and  hence the situation may not worsen into an "Emergency" situation. However, It is a sad day for India.

History is being created in India

4th June 2011: A globally historic event has just begun in India in the form of the Anti Corruption Movement mobilized by Baba Ramdev. After the Non Cooperation movement of Mahatma Gandhi, this could turn out to be the biggest mobilization of people in India for a cause and perhaps may outscore even the anti emergency movement of Jayaprakash Narayan. What is unique about this event is that non political forces have come together to root out corruption which is the biggest menace in the country.

There are very few persons left in the country who are still swearing by non corrupt practices and they are often ridiculed as impractical. Many politicians who were expected to be honest have came around to the view that today it is not possible to avoid corruption in public life. But now there is a renewed hope. Ramdev's movement has gained support across the country and along with Anna Hazare's team has become a formidable force which the Government cannot ignore.

We may recall that BJP had in fact included in its last election manifesto that black money abroad will be brought back to India. Dr Manmohan Singh also promised after Congress came to power that they will bring back black money within 100 days. We may therefore say that both political parties are in principle supportive of Baba Ramdev's demand.

While the Government was effectively killing the Lok Pal movement of Anna Hazare, it is unlikely to succeed killing the Baba Ramdev's movement. It is however possible that the Government may resort to an "Emergency" like action of arresting of Baba Ramdev and crushing the movement. Hopefully Government will see reason and accept Baba Ramdev's demands without much delay.

Whatever turn the movement takes, it is clear that 4th June 2011 will be a historic day in the history of not only India but the entire world.

October 31, 2011 is the first deadline for Bankers under GGWG

June 3: The April 29th circular of RBI advising implementation of the recommendations of G Gopalakrishna Working Group recommendations has set a specific timeline for implementation of the recommendations. One of the principle deadline would be October 31, 2011 by which time Banks must put in place policies and procedures which donot require extensive investment. This may include the setting up of the IT Strategy  Committee, Risk Management Committee and the IT Steering Committee as well as designation of a CISO.

The circular suggests a Quarterly review process and the first calendar quarter after the issue of the guideline falls on 30th June 2011. It is recommended that the Board meeting within this quarter may take on record the receipt of the RBI guidelines and initiation of the first steps towards implementation of the recommendations. The second quarterly review by September 30 may discuss steps taken during the first 4-5 months so that the Bank will be ready with the compliance requirements for October 31, 2011 including a quick "Gap Analysis".

As an experienced past Banker and a techno legal information security practitioner, Naavi offers GGWG Gap Analysis" service for Banks to enable them comply with GGWG recommendations. Interested Banks may contact naavi at naavi@vsnl.com (+919343554943) for further details.

Six year Imprisonment for HIPAA Violation

June2:  An Alabama Court sentenced Mr Isaac Earl Smith,  to six years in prison for his role in a prescription fraud scheme that included crimes of healthcare fraud, aggravated identity theft and violations of HIPAA. Related Article

US Postal Services Introduce "Adult Signatures"

June 1: Naavi.org had in the past made suggestions regarding introduction of "Adult Passes" in the Cyber Space for receipt of adult content. In the meantime it is interesting to note that US Postal authorities have introduced a service called "Adult Signatures" where the mail is delivered to adults above 21 years of age upon verification of age. It should be a forerunner to the concept of "Adult Pass" suggested by naavi.org. Related notification

HHS Includes "Disclosure" as part of Privacy Rights

June1: In a conceptually significant development, HHS has proposed a change in the Privacy laws related to HITECH Act according to which the data subject would be entitled to know who has accessed his information. In the light of the powers which the Indian Government is likely to exercise under the new rules under ITA 2008 on Privacy, this is an important disclosure requirement that should become part of every privacy law. HHS notification for public comments : related Article

Directory of Mobile Numbers

June1: Mobile numbers are considered "Personal information" and are protected by privacy. However we should  debate if there is a need to reconsider the issue of privacy of mobile numbers. When a person receives a call or SMS from a mobile number, his privacy is disturbed. When he receives multiple calls or multiple SMS numbers, it annoys a person and it may invoke Section 66A of ITA 2008 as an offence. In such a case the recipient of the anonymous call has a genuine right to know the identity of the person making the call.

It is therefore necessary for all mobile service providers to introduce a mechanism where by if a person receives more than 3 calls from a mobile number during a period of one month, he is entitled to demand the identity of the caller from a repository of mobile directory. This is the privacy right of the call receiver pitted against the privacy right of the caller.

This  provision of disclosure on demand should be introduced as part of the "Due Diligence" of the intermediaries since identity of the caller is the first essential step for the call receiver to invoke the protection of ITA 2008.

The exact procedure of how a demand can be made, what evidence need to be submitted etc can be decided.

In order to implement the same it is also necessary for every Mobile Service provider to provide a free online copy of billing details so that the call receiver can extract the statement as a proof of having received multiple calls from a given number within a particular time.  DIT has the power to issue such guidelines under Section 79/Section 67C /Sec 85 of ITA 2008. Reactions are welcome.

UID Data Stolen

May 30: It is reported that two laptops containing UID data were stolen from a school in  Pune. Naavi.org had suggested earlier that UID should follow a techno legal information security plan under IISF 309 framework. In case they have followed the principles of IISF 309 (Version 3), they might be able to counter the data loss suffered through the theft. Otherwise it indicates that UID system will continue to suffer in future also from security issues and may get abandoned as a project midstream. Article in TOI

Call Records to be stored for 5 years?

May 30: The IB is reported to have demanded that call records must be kept by Mobile Service Providers for a minimum period of 5 years. This has been opposed by the Telcos on grounds of cost. The requirement can be specified both under Sec 67C of ITA 2008 as well as under the recent rules released by DIT under Sec 79. Related Story in ET

Obama Creates a Cyber Law Controversy

May30: US President has created a controversy involving Cyber Laws by using "Autopen" to sign an important constitutional document from afar. It is reported that the "PATRIOT Act" was due for renewal and required the  President's signature which could not be physically obtained within the stipulated time since Mr Obama was abroad. He authorized the use of "Autopen" to sign the Bill. Report in NDTV : NewYorkTimes. :

The decision opens up a Pandora's box as to the legality of "Signatures". ... More

Corporate AGM online

May 29: Ministry of Company Affairs has been one of the most ardent promoters of ITA2000/8. It was MCA which made digital signatures mandatory and gave a lease of new life to Certifying authorities in India. Now MCA  has also clarified that it is possible to conduct shareholder's meetings virtually. Naavi's CEAC in conjunction with Arbitration. in provides a cyber law compliant virtual meeting solution for companies. Hopefully companies take advantage of the provision. Related Article

Role of Media in ensuring that Justice Reaches People

May 27: The fact that the President of India cleared a mercy petition of a victim who had been convicted 7 years ago by the highest Court of the land has naturally made news. If the Executive which has to only review the facts and circumstances based on the trials already conducted in three or four different Courts needs 7 year’s time to decide yes or no on the mercy petition, no body can blame the Judiciary which takes ages to decide on the underlying cases.

It is in this context that the role of Media in highlighting certain cases becomes useful to the society. Though we may call it as “Trial by Media”, it often quicker decisions. The need for such media intervention is therefore necessary to ensure that the judicial system is not rendered more and more inefficient due to lack of timely delivery of justice...More

Cyber Appellate Tribunal Sitting in Chennai again

May 27: In only the second such instance the Cyber Appellate Tribunal (CAT) which is the appellate authority over Adjudication of contravention of Information Technology Act 2000/8(ITA2008) will be sitting in Chennai on 1st June 2011. The CAT will hear proceedings on three pending cases of Phishing one of which is on ICICI Bank and two on Punjab National Bank.

NewYork Police Blunders in Cyber Crime Investigation

May25: In a case of a shocking blunder, the New York Police have committed a grave blunder by misreading the IP address and addressing a wrong person who happened to be arrested, handcuffed and humiliated for an offence not committed by her. On the other hand when the real culprit was later identified, it appears that he was not arrested or handcuffed. The arrested girl, Ms Krittika happened to be a daughter of an Indian diplomat and even her claims of diplomatic privilege was ignored. The offence itself was trivial and concerned sending abusive e-mails to the teacher. In the whole episode, New York Police come out as inefficient and racist. Related Article

Regional Consultation on Cyber Laws

May 23: National Legal Service Authority (NALSA) conducted a Regional Consultation meet on Cyber laws in Hyderabad on 21st and 22nd of May 2011. Honourable Justice Sri Altamas Kabir, a Judge of Supreme Court of India and Executive Chairman NALSA presided over the event. Several eminent Judicial personalities including Chief Justice of Gauhati, Honourable Sri Madan Lokkur, Chief Justice of Orissa, Honourable Sri Gopala Gowda, Chief Justice of AP and Executive Chairman AP State Legal Services Authority, Honourable Sri B.Prakash Rao, Presiding Officer of Cyber Appellate Tribunal, Hnourable Sri Rajesh Tandon and several others participated in the event. Honourable Minister of Law of the Government of AP, Sri  E.Pratap Reddy was also present.

The meet represented a grand summit of the Judicial authorities in the States of Orissa, West Bengal, Jharkand, Bihar, Chattisgarh, Sikkim and Andaman and Nicobar and Hyderabad appears to have emerged as the preferred center for this group of Eastern States to deliberate on Cyber Law and Cyber Crime related issues.

Naavi participated in the program as one of the speakers during the session on "Challenges and Issues in Cyber Laws "and placed the Netizen's perspective of the issues focussing the issues surrounding Cyber Judiciary. A summary of Naavi's presentation made during the event is available here.

New Regulations Under ITA 2008

May23: A copy of the new notifications dated April 11, 2011 under Sec 6A, Under Sections 43A and 79 along with a notification on Cyber Cafes is now available here. All notifications under ITA 2000/8 are to be placed before the Parliament before notification. It is not clear when these notifications have been placed before the Parliament. Information on this is awaited. Copies of the  Notification are available here.  Sec 6A, Sec 43A and 79, Cyber Cafe:

The notifications have been a subject of criticism on several grounds. More discussions on these will follow.

New Adjudicator for Tamil Nadu

May20: With the change of Government in Tamil Nadu, there has been a shuffling of the IAS officers. In the process the Principal  Secretary IT of Tamil Nadu has been replaced and Dr Sathosh Babu who was presently the Managing Director of ELCOT has been appointed as the new IT Secretary of the State. It is to be recognized that the post of IT Secretary in a State also carries the responsibility of the Adjudication under ITA 2000. In effect the IT Secretary is the Chief Civil Judge of the State for adjudicating against any contravention of ITA 2000.

Mr P W C Davidar had been an exceptional officer who held the post of Adjudicating officer with dignity and a kind of expertise which is rare. It was during his tenure that four cases of Phishing were resolved. His landmark judgment in the case of S.Umashankar Vs ICICI Bank has made it into all Cyber Law text books and will remain as the trend setter in the development of Cyber Judiciary in India. It was not surprising that after the Umashankar verdict the presence of an office of Adjudication became known and nearly 16 other cases came to be registered with him. At the time of his transfer nearly 14 cases are pending of which two cases against PNB are significant. These cases are significant since the Bank tried all tricks ethical and unethical to ensure that the case could not be completed on schedule and got adjourned on several pretexts only to ensure that the case does not get decided before the change of guard.

As a result, the new Adjudicator will need to take stock of the developments of last 6 months before proceeding with the adjudication and inevitably the poor victims of Cyber Crimes who were hoping that their cases would be decided within the statutory period of 4 months will now have to wait much longer.

We hope that the new Adjudicator would quickly get into operation and continue with the case from where it was left off. The situation is a test for Cyber Judiciary system as it would determine how the system functions when there is change of the Adjudicator midstream in an ongoing case. The advocates representing the parties would perhaps demand a fresh enquiry where has the victims feel done in by the system and the delays which are common in Civil Cases but were sought to be removed in the Cyber Judiciary system. Since the Adjudication system is an "Enquiry" process and is not bound by the Civil Procedure Code, it is open to the Adjudicator to device his own system for continuance of the pending proceedings to uphold the principle of natural justice which is the driving principle of Adjudication under ITA 2000/8

International Perspective of Rules under ITA 2008

May19: Here is an international perspective of the proposed rules under ITA 2008 draft of which were released on April 11th 2011. The rules need to be Gazetted. There are several objections raised regarding the rules and a final word has not been said as yet... Article

Will Banks take note of this flaw in their security system?

May17: Banks have been claiming that internet banking is safer with SMS alert systems being in place. RBI seems to innocently agree with the same. Now this warning from Delhi Police should open the eyes of RBI and the Banks. The Delhi Police has pointed out to the modus operandi of fraudsters to divert the SMS alerts to cloned SIM cards preventing the account holder from getting any alerts. This diversion of SMS alerts are used in conjunction with phishing to commit frauds.The so called 2F authentication through OTP also suffers from the same weakness since OTP can be obtained through the cloned SIM. RBI should therefore consider 2F authentication though SMS as inadequate security.. HT News

One More Phishing Complaint upheld in Chennai

May 17: After the Landmark judgement in April 12, 2010 in the case of S.Umashankar Vs ICICI Bank, the adjudicator of Tamil Nadu has delivered another judgement in the case of Thomas Raju Vs ICICI Bank holding the Bank liable to repay the loss sustained by the customer on account of unauthorized access to his account. Though these cases are generally termed as "Phishing" cases, it is always the Bank that claims that no body can access the account without the customer sharing his password and try to paint all cases as cases of negligence by the customer. However in the case of Thomas Raju, the customer claimed not to have received any phishing mail at all. In two other cases before the adjudicator of Tamil Nadu involving PNB, the customers have claimed not to have divulged one of the two passwords required for passing the transactions. It therefore appears that these are not strictly phishing cases but are cases where there is a prima facie failure of security in the Banking system.

It may also be noted from the website of TN Government that in the last year ICICI Bank has entered into compromise in two more cases where ICICI Bank was involved. Thus to 4 customers of ICICI Bank in the last year have found relief through adjudication. I hope that the legal community would consider making use of the adjudication system in every State in appropriate cases in future. Copy of Judgement

Why top law students in India donot want to practice?

May 16: Legal profession has in the past been considered as a noble profession where public spirited persons may serve those who need the support of the judiciary for relief when they were victims of some contravention of law. ....It is therefore heartening to note that bright young people are showing some interest in the profession as is indicated by the response to the competitive examination, CLAT 2011 which determines the qualifiers to enter into the prestigious National Law Schools. ...More

RTI Appeal with RBI remains unanswered

May15: Naavi had filed an RTI application with RBI regarding the G Gopalakrishna Working group report. The information officer had rejected the information on grounds of national security interests.  An appeal had been preferred on the same on April 1st. Even after 45 days, there is no response from the appeal authority. A reminder has been sent today. The application and the RBI reply is being  made available through this site so that somebody in Mumbai can assist me in pursuing the request. RTI Application : Reply received: Appeal

Unauthorised Blocking of websites is also an offence

May10: It is observed that many websites and articles are being blocked by ISPs. It is presumed that at least some of these are done on the basis of informal orders from the DIT. If ISPs donot have a formal written order to block a website then their action can be termed as "Denial Of Service" under Section 43 and 66 of ITA 2008. ISPs should therefore clarify if the blocking of websites such as bloggernews.net have been properly authorized. Since some of the articles of Naavi which have been blocked cannot be justified under national interests, the blocking of the sites can only be termed illegal. If action is initiated, some officials of ISPs may find themselves answerable to law...provided law cannnot be bent by the influential !

The end of Naavi.org in sight?

May 10: Given the trend of website blocking resorted to by the Government of India, DIT, it will not be surprising that Naavi.org may be the next target for being blocked by the Government of India, DIT. In the recent days there have been so many objectionable happenings in the Indian Cyber space that it becomes impossible not to express opposition through the website. However this makes many in the administration unhappy. The current approach of the GOI is tending towards the "emergency day arrogance" and hence there is a reasonable expectation that Naavi.org would be forced to close down.

If this happens, the nearly 14 year old crusade on "Creating a Responsible Cyber Society" being pursued by Naavi may come to an end. In the past whenever websites are blocked, they have remained blocked for an indefinite time and hence our communication with the readers may get cut off. I therefore would like to to place this contingent obituary on the site and thank all those who were supportive of Naavi.org in the past.

Even if Naavi.org is blocked in India it is intended to continue the publication for the international audience and those who can access the site from outside India may still continue to receive the site.

Is Bloggernews.net blocked?

May10: It appears that not being satisfied with the blocking of a selective article on bloggernews.net, the Government of India has now blocked the entire URL www.bloggernews.net. It is not clear if this was a result of any Court action. There is a possibility that this could be because of this article on "Calling attention of CVC.." or it may be due to this article where a copy of the letter sent to RBI Governor is published though in such a case it is likely to be an administrative order not backed by any  Court order. Related Article in Statesman. Related Article in techgoss.com

Fake EVMs in West Bengal

May10: Fake EVMs have been detected in Midnapore, West Bengal where Trinamool Congress workers have also been accused of having prevented voters from casting votes. It would be interesting to observe if cases will be booked under ITA 2008.... IE Story

Beware of Osama related Cyber Frauds

May4: With a high interest in the cyber space to know more about the killing of Osama Bin Laden and view the photographs,  it is expected that Cyber Crime perpetrators will exploit this interest in enticing Netizens to visit malicious websites and implant trojans and viruses. Sympathizers may also be lured into advance free frauds in the form of donations. Netizens may therefore refrain from visiting any site not known to be an official website of a reputed agency. If a search is thrown up on Google, Netizens should verify the hyper link and check if the URL is correct. It is preferable to type the URL where known. Related article in Chicago times

G Gopalakrishna Working Group Report notified

May1:RBI has notified Banks on information security guidelines in e-Banking based on the G Gopalakrishna working group report. It would be interesting to analyze the RBI notification in comparison with the original report and its recommendations. Naavi.org would provide its views in due course. Copy of RBI Circular

Has MCIT issued the guidelines without proper evaluation?

April 30: I would like to bring to the notice of the Central Vigilance Commission and the Comptroller and Auditor General of India an apparent irregularity that needs investigation in the interest of the Country. The issue involves according to one estimation a decision proposed to be taken by the Ministry of communications and Information technology resulting in IT stake holders collectively spending Rs 700 crores immediately by a payment to a private party abroad just to know what is the law of Information security in India that applies to them. Stakeholders who want to comply with the law later may collectively be required to spend around Rs 30000 crores each year to follow the law as being notified and this commercial benefit is again going to private sector because of this notification.

There is a need therefore to stop the approval of the proposed notification until a national debate is undertaken in the matter and all stakeholders are convinced that there is no reason to suspect irregularity in the promotion of a commercial benefit of this magnitude....More

Draft Rules for Sec43A-79-cybercafes, finalized?

April 30: The draft rules proposed under ITA 2008 under sections 43A, 79 and for Cyber Cafes seems to have been finalized. Unfortunately the department seems to have stuck to its earlier version which was sent for public discussion and suggestions of the public seems to have been completely ignored. Naavi.org has been particularly critical about the adoption of ISO 27001 as the necessary and sufficient criteria for the compliance of "Reasonable Security Practices" which is considered incorrect since the framework is proprietary, not available in public domain without a cost and grossly inadequate. The department has accepted in a communication to Naavi that no study has been made by the department on the impact of adopting ISO 27001 as the statutorily approved framework and the financial implications of the same on the India as a country.

In the light of this admission, it is strange that the department has ignored the issues raised by Naavi (Ref: Is India selling itself out to ISO 27001?). :

Finalized rulesRelated Article in apargupta.com :

Banking Ombudsman Orders payment in Bank fraud case

April27: In another instance of a bank fraud involving unauthorized debit, on the advise of Banking ombudsman in Mumbai Punjab National Bank has refunded a sum of Rs 184980/- to the customer. The letter from the Bank requests the customer to drop/delist his complaint. It is not clear if the incident will reflect in the Banking Ombudsman's report or would be hidden from public as "Complaint withdrawn". We also need to wait and see if Punjab National Bank has reported this incident  in their annual report for the period ending March 31, 2011. If not, we need to check what is the RBI policy regarding report of such security breach incidents.

Indian Judiciary needs to Act differently

April 27: NY times has commented on the recent developments in India on Internet Censorship. The Center for Information Society, Bangalore recently published a list of 11 websites that have been blocked by the Government of India (See article). According to the report, instructions for blocking of the sites were issued by the CERT-IN based on some Court's judgments. What the report however fails to highlight is that some of these so called judgments based on which CERT-In passed the blocking orders were "interim orders" pending hearing of a complaint. At least in one case information is available to suggest that the defendant was not given due notice to appear and still the Court passed an interim order until next hearing that the site be blocked. It is observed that many advocates misuse the provision of "Interim orders" to get favourable judgements at least in the short term. The fault however lies in the system where judicial proceedings are generally delayed and any interim order is good enough for a few months and in some cases for a few years. It is necessary for the Chief Justice of India to look into each of the 11 cases referred to in the article of CIS and determine how many of them are after a due process of law.

IBA and RBI needs to take note of MCA Advice

April27: The Circular issued by Ministry of Company Affairs on the use of e-mails for outward communication such as AGM notices etc is a matter which needs to be taken note of by Banking institutions including the regulator such as RBI and the industry forum such as  IBA. The circular makes a direct reference to Section 5 of the ITA 2008 indicating the need for digital signatures to be used for authentication of e-mails. RBI initially in its Internet  Banking guidelines of June 14, 2001 had clearly mentioned that PKI based authentication systems must be adopted by Banks for its e-banking operations. Though this was not specific to whether digital signature should be used for e-mails or for account transactions, it was clear that wherever electronic documents need to be authenticated, PKI system as required under ITA 2000 was to be adopted, failing which Banks should assume the legal risk. However, since June 2001 to current date, RBI has not bothered to force the Banks from adopting digital signatures. Even after MCA made digital signatures mandatory for corporate returns and Income tax department for filing of tax returns, Banks continued to ignore this important aspect of law. IBA on the other hand appear to be silent on the issue that most Banks are openly flouting the RBI regulations. From our observations of the industry, one of the Country's leading Bankers and a leading private sector bank are stonewalling adoption of digital signatures in Banking. RBI seems to be incapable of meeting the resistance though it is illegal. IBA is part of the resistance itself since it is the body of the same Banks.

Industry observers are aware that there is a back room maneuvering going on at the highest levels to get administrative support  the non compliant methods of e-banking that is prevalent in India.

Naavi.org which is in the forefront of a crusade for better security for Bank customers in e-banking era, has time and again brought to the notice of the public, RBI, IBA, SEBI Ministries involved, Some of the Banks involved as well as the Cyber judiciary system that non adoption of digital signatures for banking transactions and e-mails is a serious non compliance issue. Excepting a part of the system, others are unmoved by the pleas of Naavi.org. It appears strange that Naavi is isolated in this concern for e-banking customers and no other institution appears even remotely as concerned as Naavi.

We therefore need a Citizen led movement to make the regulatory institutions to act. Naavi.org will start a new phase of "Building an Awareness about the need for  Cyber Law Compliance by Bankers" from 1st of May and would welcome any other  individual or organization that would like to join hands in this campaign to liberate Bank customers from the risks of E banking arising out of negligence of the Bankers. Watch out this space for the roll out of the campaign.

MCA advises use of e-mails for notices

April 26: As a part of compliance of section 53 of Indian Companies Act, Ministry of Company affairs has issued a circular that as a "Green initiative", e-mails can be used as a substitute for communication under certificate of positing. It is good that the government has realized the potential of e-mail at least now. It may however be necessary for the Government to clarify that e-mails are to be digitally signed. Article in CIOL :Circular

Dashworld reopens debate on Alternative Domain Name System

April 24: Alternative domain name systems that work outside the ICANN is the biggest challenge to the authority of ICANN to regulate the Internet name space. At the same time the logic of alternate domain name providers which supports a free Internet movement cannot be faulted. Alternate domain name management systems emerged way back in 2002 and earlier (See article: Is There an Alternative to ICANN?). Obviously there was a reported attempt to disable the alternate domain name systems through ISPs and US Government intervention. Afterwards there was a silence indicating that these efforts had fizzled out. Recently however dashworld.com has restarted the alternate domain movement. If this trend catches on, there will be a need to re-look at the current system of administration of domain names and particularly the law related to Cyber squatting and relevance of services such as lookalikes.in.

Clash of .xxx domains with New.net

April 24: By opening the registration of .xxx, ICANN has once again challenged Alternate domain name registration services such as New.net. Way back in 2002, the conflict started with ICANN issuing .biz TLDs which was already being used by the alternate domain name systems. Now .xxx is another clash point where all new registrants would be directly exposed to the risk of a domain name conflict with the registrants of .xxx with New.net. A serious thought has to be given to whether  ICANN needs to recognize the alternate domain name operators  and adopt an inclusive policy or pursue an apartheid system and keep them out.

Internet Governance Issues

April 22: Institute of Global Internet Governance & Advocacy (GIGA) is being inaugurated on 23rd instant at Hyderabad by Honourable Justice G.Raghuram, Judge, High Court of Andhra Pradesh. Dr V.C.Vivekanandan, Director of GIGA coordinates the activities of the Institute and discussing the various research and advocacy priorities of the Institute  and chart out an action agenda for the Institute.

Litigation Support Or Public Service?

April 21: Naavi has been engaged as Netizen activist for over a decade now. His earlier crusade against Savita Bahbhi.com is well known. For the last few years, Naavi's attention has been on protecting the interests of innocent Bank customers against frauds arising in the E-Banking sector. In pursuit of this, Naavi has offered consultancy for several cases. The objective of Naavi has been that innocent victims of Bank frauds are to be protected and Banks should improve their security. Unfortunately, commercial considerations always affect Information security whether in an SME or a huge Bank.  It is a natural tendency of every businessmen to make profits and cut costs.When an activist  opposes the establishment which is neglecting consumer interest,  the establishment looks upon the activist  as a trouble maker and tries its best to silence him if possible by various means. This is as much true of  Shanti Bhushans involved in the Anna Hazare initiative as of Naavi in his anti phishing initiative.

Presently Naavi has a role to play as an Activist trying to protect the larger society of Netizens from victimization by commercial interests. However some of the cases in which he is presently engaged with, are hindering his freedom of expression since Banks are trying to put a rein on his public service because the matters he may raise could technically be called sub-judice. Though all matters which are sub-judice donot become a contempt of court when reported in the public, it is not always easy to convince a Court about the nuances and this could create some practical issues in Naavi discharging his role as an Activist cum representative of a victim.  Though involvement in the  initial cases were necessary as an inertia breaker, there is a feeling that it may restrict Naavi's role in public service in the long run.  Since each of the cases often drags for over three years before culmination despite the legal limitation of 6 months in Adjudication and 6 months in CAT, some lawyers successfully reduce the fast courts into ordinary courts by seeking frequent adjournments. Because of these delays,  if Naavi is engaged in more of the litigation work, he will cease to be able to serve the society as a Netizen activist. This has raised the dilemma "Litigation support or Public service?"

RBI and IBA are two national level organizations which ought to take up the responsibility of making e-banking safer. However, one does not get the confidence that they would be capable of safeguarding the interests of the Customers of banks when there is a conflict with the interests of the Banks themselves. While IBA being a forum of Bankers and such an attitude is natural, the way RBI has so far handled the issue of security in the G Gopalakrishna working group fails to provide confidence that it will continue to be the protector of Bank customers. A reading of the industry developments at this stage indicate that a group of Bankers are actively working towards diluting the law of e-banking in India to protect the Banker's commercial interests against the public interest of the customers. It is possible that RBI may be supporting them. Soon there will be a request made to the Ministry of Information Technology for certain amendments to ITA 2008 to protect the Banker's interests though it may hurt the customer's interests.

It is felt therefore that a movement against a tendency to exploit Bank customers is required in India. Naavi is reminded of the late Sri M.R.Pai who served the bank depositors during the Seventies and Eighties working for their safety of their deposits.. We donot see any such visionary leaders around at present to protect the Bank customers in the e-Banking era. But we hope that just as an Anna Hazare movement emerged from no where to shake up the country, we will see  a movement emerge, to put an end to the exploitation of Bank customers.

Naavi would be happy to take active part in such a movement when it emerges.  In the light of the above, Naavi is considering the ways and means of completing the current assignments on Phishing and freeing himself to take part in such a movement. All those who want to be part of such movement to protect the e-banking customers from being exploited by the profit hungry bank establishments may contact naavi@vsnl.com. People who can take the mantle from Naavi and support phishing victims in various cities may also contact Naavi so that we can develop a network of public spirited activists all around the country who would help innocent victims of bank frauds in getting justice.


ICICI Bank settles with a Phishing victim Out of Court

April 20: It is reported that in one of the adjudication applications in Chennai, by Shri Jeevika Arasu Vs ICICI Bank, the Bank and the customer have come to an out of court settlement. A copy of the order from the Adjudicator in this regard is available here. On 20th April, ICICI Bank counsel who had to appear in the Cyber Appellate Tribunal in Delhi to argue the case against Mr S.Umashankar absented himself citing "Personal" reasons. While we donot know if there is any relation between his absence in Umashankar appeal case in Delhi and the reported compromise from the Bank in Chennai, it may be noted that after Dwarak Ethiraj case, Jeevika Arasu case is the second published compromise entered into by ICICI Bank in Chennai in respect of Phishing complaints. Hopefully the Bank is realizing the futility of fighting against its own customers. May God give them the wisdom to make it a regular practice so that the fruits of Umashankar's fight reaches many more customers.

US takes Suomoto action against Botnets

April16: US Department of Justice in association with Mirosoft is reported to have launched a major offensive against botnets.  Filing a Civil Complaint under the "John Doe" principle on unknown perpetrators, US attorney office has obtained search and seizure warrants and proceeding on an offensive.

We may note that the Adjudicators under ITA 2008 are also empowered to take such Suo Moto action when there are a large number of victims from an unknown perpetrator. This can not only apply in case of Virus and Botnet instances, but also on Phishing instances. It can also apply when there are a large number of Bank accounts known to be used for encashing Phishing proceeds.

We hope that a public spirited Adjudicator will launch such a proceeding.

Banking Ombudsman Orders payment

April 11: In another Bank fraud reported from Gurugaon where a customer had lost around Rs 6.6 lakhs by way of fraudulent withdrawal through ATM, the Banking Ombudsman has order the Bank to pay back the amount lost to the Customer. The order restores the amount lost but is silent on the interest.

Vigilance Cannot be dropped

April 9:It is good news that ultimately the Government of India has agreed to the formation of a drafting committee to draft an effective Lok Pal Bill. This is a victory for the people and could be as significant as the second independence movement. However, the stakes are so high for politicians that it is unthinkable that they would allow an easy passage of this Bill making it into a law and allow an independent person to head the Lok Pal. If appointments to key offices such as CVC and CEC could be politically influenced, the possibility of political mischief in the formation of Lokpal cannot be ruled out. It is necessary for the Civil Society to keep up the vigil and watch every movement of the Government and ensure that what has begun well also ends well.

Public Pressure Mounts on the Government

April 8: It appears that the public pressure is mounting on the Government that it should yield to the demand of the Anna Hazare lead movement to draft a Jan Lokpal bill including members of the Civil Society in the drafting committee. Hopefully by tomorrow the official notification is expected to be announced.

RTI Application on Websites blocked

April7: In a reply to an RTI application, DIT has indicated the list of websites blocked by it so far under the ITA 2000/8. We congratulate Mr Pranesh Prakash of Center for Internet Society for having taken this initiative.Details

Corruption is the biggest threat to India.. We need to join the fight

April 6: It is heartening to note that a movement is building around Mr Anna Hazare all over the country for  immediate action on Lok Pal bill. After the recent internet based movements in Egypt it is time for Netizens to express their solidarity to Mr Anna Hazare in whatever manner they can. The Government will have its hesitation and we cannot expect the it to take positive action unless there is enormous public pressure.. We may require a "Non Cooperation" movement with the Government to really make it think in the direction of involving the civil society in a bill on which the politicians have a direct vested interest.

There are some intellectuals who will have their own argument why prevention of corruption is not possible and it is necessary for common men to ensure that the movement is not derailed by such pseudo intellectuals. Corruption is a decease which corrupts the society and creates inequalities where there may be none. At a time when there is a scam a day the need for a systemic infrastructure to act as deterrence to corruption is the need of the hour. If we donot support some body who has started a movement which is important for the future of India, we will be failing in our duty to the nation. Let's therefore welcome the Anna initiative. For more information read here: Comparision of Lokpal bill drafts Govt Vs Civil Society : Also see: indiaagainstcorruption.org

Build Yourself an Anti Phishing Shield

April 4: It is observed that Phishing attacks are now appearing on many Indian Public Sector Banks which has a large population of customers who are not sufficiently net savvy. Though there is an increasing awareness of Phishing frauds, the number of frauds are expected to increase in the coming years. A Phishing crime network is under development which starts from opening Bank accounts with false ID, obtaining passwords of customers by various means, accessing accounts over internet and transferring money to fraud accounts and withdrawing through ATMs.

A new threat that emerges in this context is that some internal workers in Banks (which includes temporary workers who work in marketing as well as employees of outsource partners) may use the cover of Phishing attacks and commit frauds of their own. The modus operandi would be to send a Phishing mail to targeted customers whose passwords have already been obtained by some means and then access the account. If there is any objection from the customer he would be confronted with the fact of receiving the Phishing mail and forced to believe that he might have answered the same and therefore should bear the liability.

Though this can be challenged, it is a painful and long drawn process. Since most of the evidences that can defend the victim are available only with the Bank and not with the victim and the e-discovery process is relatively unexplored, there is a need for Bank customers who receive phishing mails to build their own shield against being unfairly held liable for an internal fraud.

In order to provide some sort of a shield for such employee assisted phishing frauds, CEAC has launched two services namely CEAC-ITN (Identity Theft Notice) which is a free service for reporting such events to a trusted third party and CEAC-VPN( Virtual Public Notice) which is a paid service. Though it is not yet clear if this would be considered by Courts as an effective alibi for the registrant, it is considered a good step towards building a legal shield against being unfairly treated by Banks in the unfortunate event of a phishing attack. Details

Data mining of Health Information leads to legal suits

April 3: A national drug-store chain Walgreen co in California has been accused of having unlawfully benefitted from the information of its customers. In what could be considered as a suit that can hurt the data mining industry in general, the dispute is over "de-identified prescription" information which the store chain has allowed to be used by medical companies.  It is charged that the "information" on which the store has made a commercial gain belongs to the patients and that it cannot be commercially exploited by the store. Related Story 1 : Related Story2 : Related Story3

Cignet Fine sends HIPAA concerns soaring

April3 : The OCR's decision to fine Cignet a total of US $4.3 million has sent alarm bells in the healthcare industry  in USA on the consequences of non compliance of HIPAA. This was the first time the new HITECH Act penalty schedule was applied. It is said that Cignet violated the rights of 41 patients when it denied them access to their medical records and also not cooperated with the OCR in its investigations. It was considered as a "Wilful Neglect" not corrected within 30 days. Details



PR Syndicate honours 'Cyber Law Guru of India', Na.Vijayashankar

PR Syndicate, (an organization of Corporate PR Professionals in Chennai,)  celebrated its First Anniversary on 20th January 2007 at Russian Cultural Centre. On the occasion, "Award of Excellence in Public Life"  was presented to 'Cyber Law Guru of India' Na.Vijayashankar...More


  What is Naavi.org?

Naavi.org is India's premier portal on Cyber Law. It is not only an information portal containing information on several aspects concerning Information Technology Law in India but also represents the focal point of several services around Cyber Law carried on by Naavi.

The first such service is the Cyber Law College a virtual Cyber Law education center in India which provides various courses on Cyber Law.

The second key service is the Cyber Evidence Archival center which provides a key service to help administration of   justice in Cyber Crime cases.

The third key service is the domain name look-alikes dispute resolution service which provides a unique solution for websites with similar looking domain names to co exist.

The fourth key service is the online mediation and arbitration service another unique global service.

The fifth key service is the CyLawCom service which represents the Cyber Law Compliance related education, audit and implementation assistance service.

Additionally, Naavi.org is in the process of development of four sub organizations namely the Digital Society Foundation, Naavi.net, International Cyber Law Research Center and Cyber Crime Complaints and Resolution Assistance Center. Digital Society Foundation is a Trust formed with the objective of representing the voice of Netizens in various fora and work like an NGO to protect their interests. Naavi.net is meant to develop a collaborative distributed network of LPO consultants. International Cyber Law Research Center would support research in Cyber Laws and Cyber Crime Complaints and Resolution Assistance Center would try to provide some support to victims of Cyber Crimes.

Together, Naavi.org represents a "Cyber Law Vision" that goes beyond being a mere portal. Started in 1997, when the concept of Cyber Law was new across the globe, consistent efforts over the last decade has brought Naavi.org to the beginning of "Phase 2" in which the services are ready to reach out to a larger section. This is recognized as the phase of collaborations and growth by association. Naavi.org will therefore be entering into a series of associations to develop each dimension of its vision with an appropriate partner. Individuals, Organizations and Commercial houses which have synergistic relationship with the activities of Naavi.org are welcome to join hands in commercial and non commercial projects of Naavi.org.


If you would like to know  more about Naavi, the information is available here.

For Any Payments to be made to Naavi online :  Naavi_s Payment Center

[Valid RSS]

RSS Subscription



Cyber Law College
........The Other name for Cyber Law Education in India
[Download Brochure]