David Coleman Headley deposition gives a boost to ODR Global

Naavi has been a long time advocate of the use of electronic means of communication in Judicial matters. Whenever we hear that accused escapes while in transit to a Court or see the enormous police force deployment just to bring in convicts and under trials to the Court and escorting them back again, we have regretted the inefficient systems that drains out the resources of the Government and come back to haunt us in the form of increase in taxes.

For various compulsions such as the need to make a progress in the 26/11 trials and the inability to get David Coleman Headley, a key accused to be brought physically to the Indian Courts, his  deposition as an approver was obtained by the Mumbai Sessions Court through a video conference. Now this video evidence will be a key to  further proceedings in India and discussions in international counter terrorism circles.

Though this is not the first time, an Indian Court has used “Video Conference” to interact with the accused or the witnesses, this will be the most significant and noticed incidence of the use of Video Conference in judicial proceedings in India.

The current proceedings took place directly in the presence of the Judicial authority at one end while at the other end of the Video conference, a foreign prison agency was present. At this point of time, we are not aware what procedures the Court used to enable the evidence meet the requirements of law.

The procedure which Naavi has been advocating for such purposes involves a trusted third party being able to produce a Section 65B certificate to make the video file admissible as evidence. It is also recommended that a representative of the Court be present at the end of the deposer just to confirm his identity and the process used at his end to depose.

These principles of Cyber Law Compliant video conferencing has been incorporated in the new service that Naavi has launched in his “ODR Global” project through www.arbitration.in.

The “ODR Global Project” is the first leg of a series of activities that Naavi has planned to bring more and more dispute resolutions online. ODR Global uses the “Virtual Arbitration Room” as the key to conducting such proceedings and also provides for the virtual presence of a neutral observer who provides the Section 65B certification.

The “ODR Global Project” is now kept open for investors to join so that it could be scaled up to its potential level of operation.

The David Coleman Headley’s deposition in a similar system is considered in this context as a reminder to the potential that such systems hold for civil judicial process and the ADR process. There is no reason why this should not become a default alternative system of conducting all judicial processes with the consent of all the stake holders.

For more on the advantages of the “ODR Global Project”, visit www.arbitration.in or this investor’s link.



Share Button
Print Friendly

Cyber Robbers back with Carabanak attack

Carbanak is one of the dreaded attacks which is reported to have been used to steal over $1 billion from the Banking systems since 2013. After a brief absence, security specialists now report that the attack is active once again.

Investigators estimated at the time that the attackers breached the networks of more than 100 banks across 30 countries, stealing up to $1 billion. JP Morgan Chase and the Agricultural Bank of China are reported to have suffered heavy damages on account of Cabanak attack.

The attackers either transferred money to their own accounts, ordered the money distributed to remote ATMs where an associate waited to receive or, in some cases, penetrated the banks’ accounts systems to change bank balances and then order transfers. The attack went undetected for periods in excess of 18 months.

Unlike other attacks that target the customers of the Bank, Carbanak is an APT (Advanced Persistent Threat) designed to attack the Banking systems directly and execute transactions without the need to impersonate the online users. It also attacks the internal financial systems of large corporations.

Carbanak is a well organized system that uses several known exploitation techniques executed as an organized industry effort.

Initial infiltration was achieved through spear phishing and exploit laden attachments that compromised employee endpoints with malware, eventually stealing the credentials and taking over control. Once inside, the security controls are weak and enable the attacker to simply execute fund transfer transactions with ease.

The latest variant of the attack indicates that this is a  mix of multi channel fraud that abuses both online and physical systems from within and via the banks’ service channels.

The attackers did the following:

  • Infected computers attached to ATMs so the machines dispensed cash at the same time the gang’s mules were there to pick it up;
  • Compromised internal Oracle databases, created fraudulent accounts, issued cards and modified account balances to wire out more money each time;
  • Abused the Society for Worldwide Interbank Financial Telecommunication system to move large amounts of money into accounts they controlled;
  • Used the online banking vector for e-pay fraud and fraudulent transactions.

Experts are of the view that Carbanak attack was preventable. It was a well-orchestrated crime operation but not necessarily considered a sophisticated operation at technical level. It was the failure to protect the end point systems of the employees that enabled unsafe downloads to start with and subsequent failure to detect and stop exfiltration of data that led to the success of the operation.

In another attack involving malware known as Metal and Corkow, attackers infected the target  bank’s corporate networks via spearphishing e-mails.

In one of the Russian banks hit by this attack , it was discovered that millions of rubles were withdrawn by its customers in one night from the ATMs of other financial institutions. An investigation revealed that the attackers actually gained access to the bank’s money processing systems and made some changes to automatically roll back ATM transactions.

This allowed the gang’s members to withdraw money from several ATMs and the balance on their cards remained the same.

In yet another attack named GCMAN, a time based script executed fund transfer instructions of $200 every minute to multiple e-currency services without being reported to any system within the Bank.

These developments indicate that as Banks and Large corporates migrate to the use of Digital ways of doing business, they are exposed to risks that need to be addressed with a greater resolve than they are doing at present.

The Cyber Insurance industry also has to look at how they would be able to cover such risks and how they will treat the failure of security for extended periods of time.

Related Articles:

  1. Securityintelligence.com
  2. Scmagazine.com
  3. Securityweek.com
Share Button
Print Friendly

Another Adjudicator, this time from Gujarat emerges to keep up the tradition

Adjudication was one of the ambitious propositions of Information Technology Act 2000 (ITA 2000) to promote quick and fair justice to Cyber Crime victims. It envisaged easy procedures free from Civil Procedure Code restraints, justice within 4 months from an authority which should have a good understanding of technology.

However since 2003 when the IT Secretaries of State were designated as Adjudicators for their respective states, few have shown the inclination to assume responsibility.

First person to act and deliver awards as an Adjudicator was Mr P W C Dawidar of Tamil Nadu. He had the distinction of giving out one of the first awards against Banks in the S Umashankar Vs ICICI Bank case and followed it up with other similar judgements in other cases. But he was silenced by being transferred out of the department after J Jayalalitha took over as the CM. Perhaps it was a routine transfer of the new Government but was a move which killed the Adjudication system in Tamil Nadu.

The next to emerge was Rajesh Aggarwal of Mumbai who took scores of decisions, created history by conducting an online arbitration and gave a huge fillip to the system.

Now a third Adjudicator has emerged Gujarat in the form of  Mr Dhananjay Dwivedi who recently heard a Phishing complaint against Dena Bank and Idea and gave a judgement in favour of the customer who was the victim of Phishing.

Copy of the Judgement is available here

While delivering the judgement, Mr Dwiwedi has made the following comment which is noteworthy.

“Of late, the society is seeing rise in the number of fraudulent transactions over on-line platform. The criminal intent and crime against property etc. is being taken through the criminal justice system. In all such cases, State being the prosecutor, the cases are taken through the criminal jurisprudence with police helping the criminal justice system.

However, there seems to be a lack of awareness for the civil remedy available to the citizens in terms of penalty as well as compensation under provisions of the ,  Information Technology Act.

To ensure that citizens become aware of the provisions of the law and also become more vigilant in guarding personal information that is sensitive in nature and become aware about security practices to safeguard one’s on-line space, there is a general need to increase awareness about the new legal framework introduced through the mechanism of Information Technology Act and Rules thereunder.

Accordingly, it is ordered that decision in this case be put in public domain and be widely publicized. “

I hope that he would keep the system alive in the coming days by accepting such complaints so that the spirit of ITA 2000 in ensuring speedy justice remains.



Share Button
Print Friendly

Transformation from ADR To Virtual ODR

This is a continuation of the Part I of the article on Virtual ODR

“Virtual ODR” is the ODR system that is adopted by Arbitration.in. It is an ODR system in the sense that it is an “Online” system for conducting Dispute Resolutions such as Arbitration or Mediation. But it is different from the so called ODR systems which are being presently used worldwide and let’s try to understand the differences.

In the ODR system that is generally used, the Website that offers the services functions like a “Arbitral Center”. The person who invokes the arbitration_room_standardsystem (claimant) sends a request by e-mail to the center with necessary information about the respondent. The Center appoints an Arbitrator and forwards the claimant’s request to him. There after, the Arbitrator takes over and sends an e-mail notice to the respondent. When the response is received, it is communicated to the claimant and his response to the respondent’s reply is sought. Arbitrator will decide when the chain of correspondence has to be closed and declare that he has all the necessary information to take a decision and proceeds to convey his award.

In this entire process, lot of time is wasted in waiting for the response from the other party and even when received, it  may be incomplete and need clarification. Hence the process may have to go through several cycles of exchanges unless the Arbitrator puts his foot down and rules that the exchange of responses will be allowed only  once or twice. This may leave the disputing parties dissatisfied. Additionally, if the process is challenged in a Court, there will be needless discussions on what the Arbitrator did or did not do.

On the other hand the Virtual ODR system of Arbitration.in functions principally as a service provider to the Arbitrator. Where required, it arbitation_room
may provide back office services but all proceedings will be done in the name of the Arbitrator only and the website only acts as an intermediary service provider.

The actual process of arbitration is conducted in a virtual meeting room. While e-mails are exchanged initially, it is for issue of access credentials to the people who have to be present and not on the proceedings.

If the parties need to introduce evidence in the form of lengthy documents which need to be studied by the other party, it may be sent by e-mail as advance information but are confirmed during the virtual session. However the face to face (virtual) meeting in which the parties, their counsels and the Arbitrator meet together enables all discussions to take place in a virtual replication of a physical meeting. Even witnesses can be examined in the same room. In view of the meeting of all parties in one place, small differences of opinion can be settled quickly and to the satisfaction of all parties. There is therefore better clarity on the views of either parties and saving of repeated exchanges of e-mail just to present points and respond to the points raised by the other.

Additionally, the Registrar of the Arbitration.in will be present during the session and take complete notes of all the proceedings by simply making a video recording of the entire process. This results in complete transparency when the proceedings are to be discussed later when challenged in a Court. Since the recording is certified by the Registrar under Section 65B of Indian Evidence Act, it is admissible as evidence in any Indian Court under law.

Hence the Virtual ODR process is distinctly superior in terms of not only operating efficiency but also in terms of judicial acceptance.

This type of Virtual ODR with certification of proceedings is considered unique and innovative.

I hope the Arbitration community appreciates the benefits and start using the system.


Any Arbitrator or Arbitral House requiring training or more clarification can contact Naavi

Share Button
Print Friendly

Virtual ODR is the flavour of the day for ADR

Naavi has recently launched the New and Improved service for online Arbitration at www.arbitration.in The service is presently available for any commercial arbitration though lot more work is being done in the background to scale up the services as a new StartUp.

While introducing the service to some of the professionals in the Arbitration industry, it was observed that there was some difficulty in understanding the nature of the service and whether it is a “Legal Service or a Technology Service”.

The fact is that Arbitration.in is a Technology Service to be used by the legal professionals and can be rightly called a “Techno Legal Service”. or an IT Enabled Legal/Judicial Service

It’s Different

Arbitration is already an established ADR (Alternate Dispute Resolution) process and its benefits are easily appreciated.  Mediation is another similar form of ADR which also has been used extensively. Worldwide, there has been a talk of ODR (Online Dispute Resolution) and when Arbitration.in is introduced as an ODR, many are unable to immediately recognize that this is not the ODR they have otherwise heard. It is different.

In order to provide more clarity to why the system proposed by arbitration.in is globally unique, innovative and judicially robust, I discuss some of the USPs of the project.

It is wise to be ODR Ready rather than be sorry later

First of All, I would like to clarify that the target audience for the Arbitration.in service are the “Arbitrators” and the “Arbitration Councils”.  (Or the Mediators and Mediation Councils).

When an existing Arbitrator is called upon to conduct an Arbitration, it is open to him to set the rules of conduct. Since most of the Arbitrators are familiar with the Court procedures under Civil Procedure Code (CPC), though the Arbitration Act provides them to be flexible, they tend to err towards the safer side of doing things just as in the CPC.

But with the need to speed up the proceedings and particularly when pursuing a “Fast Track” arbitration under the amended Arbitration Act, there is need for Arbitrators to innovate without losing the “Principle of Natural Justice”.

It is therefore open to the Arbitrator to suggest that the Claimant of an Arbitral proceeding (originator) and the  Respondent to adopt the ODR process under Arbitration.in.

Inevitability of Transformation

Permanent Arbitral Institutions may in their rules include the ODR process of Arbitration.in as part of their approved process so that any member of the institution can use it if he so desires.

Obviously, ODR of Arbitration.in would not be used if all the parties are comfortable of the use of the system and agree to use it. If they donot agree, the Arbitrator may fall back upon the clause in the Agreement which may define the Seat of Arbitration. In the case of Arbitral Institutions, the institution itself may provide the physical and secretarial infrastructure which will be used by default.

If the disputing parties recognize the advantages of the Arbitration.in facilities, they can either incorporate the use of Arbitration.in in their contract itself or agree to use it in a supplementary agreement. The arbitrator may then have to be chosen on the basis of whether he would be able and willing to use the ODR of Arbitration.in.

It may not be too far for E Commerce companies such as the Snapdeal or 99 acres.com or the online Banks, to insist that they would resolve their consumer disputes only through ODR, since otherwise, the time and effort required for grievance redressal (mandatory requirement under Section 79 of ITA 2000/8) would be unproductive for their business.

Arbitral Houses should therefore try to be “ODR-Ready” before their members start losing out business in the emerging Digital India. At the same time, the young and tech savvy new generation of Arbitration professionals may opt to be individually “ODR Ready” and start using ODR to an extent that public may start preferring them instead of those who stick to the legacy systems.

ODR particularly of the variety proposed by Arbitration.in has the potential to be a disruptive technology that will shake up the ADR industry. Initially there may be an attempt at protecting the legacy system by those who are already established, but sooner or later the young brigade and the USPs offered by the new technology would break any attempt to delay the onset of ODRs as the most preferred option for ADR.

Just as Sunil Manohar Gavaskar had to give up his opposition for limited over cricket the Gavaskar’s of the ADR industry will have to transform themselves to the ODR world.

It would therefore be inevitable that all Arbitrators as well as the Permanent Arbitral Institutions take steps to upgrade themselves to the use of ODR.

Arbitration.in has therefore placed a high emphasis for providing training to the members of the ADR community on how to use the ODR facilities of Arbitration.in. It is expected that the community will use these training services to familiarize themselves with the ODR process.

I have already claimed that the ODR process of Arbitration.in is “Different”.  First of all I refer to this as Virtual ODR” instead of calling it only as ODR so that we can distinguish it from the current forms of ODR which are in vogue mostly outside India.

Transformation from ADR Virtual ODR is

-A Transformation from

Confusion to Clarity

Delays to Expediency

Inefficiency to Efficiency

Opaqueness to Transparency

I will explain the difference in the follow up article how these USPs add up to make Arbitration.in a globally unique service.



Share Button
Print Friendly

Serving a Notice to VSNL on spam mail

When we receive spam mails we often wonder what we do with them. Many of these mails are “Phishing” Mails trying to drop a trojan into your computer for committing a more damaging fraud. If you donot notice, you may have to regret your ignorance later. But even when you identify the fraudulent mail, you get irritated because you feel helpless that you can do nothing other than deleting them.

An “Attempt to drop a trojan” is a cognizable offence under ITA 2000/8 and all of us as citizens of India who observe a “Cognizable offence” have a duty to report it to the law enforcement authorities.

In some of these cases, Phishing mails emanate from an ISP who can take steps to block such mails at least prospectively.

Hence there is a public service value in reporting such incidents. Naavi has created a facility/service for this purpose through www.cyber-notice.in where such public notices in cyber space can be published.

I give here an example of how such a service can be used.

I  received today an e-mail which was apparently from the VSNL team of TATA DOCOMO threatening shutting down of my account unless I do an Account validation for which an in-mail link was provided.

The header information contained an IP address indicating  that the e-mail had originated from Nigeria. However the e-mail ID was autoflex@vsnl.com and hence the sender was a customer of VSNL.

I have therefore placed a Cyber Notice addressed to VSNL that one of their customers is indulging in such a criminal activity and demanding that the account autoflex@vsnl.com be blocked. At this point of time, I am not confident that VSNL will respond.

(See the copy of the notice at www.cyber-notice.in)

However, as a citizen of India I have done my duty to keep them informed and triggering the requirement of “Due Diligence” under ITA 2008. Legally, if no action is taken, some victim can hold VSNL and its executives responsible under Section 79 of ITA 2008.

Being a public notice this also keeps the police at various places informed so that they can take their action as they find it necessary.

At present, such public interest notices will be published by Cyber Notice.in as a free public service.

The service Cyber-Notice.com has been started as a support to the legal requirements where by “Notices” often are released under Court proceedings in prominent print media. In the currrent generation, the purpose of such services would be served only if they are published in Cyber Space and are available for search engines to pick up. Just as many ideas of Naavi, this may also take time to get accepted by the community. But it is expected that in due course, Cyber-Notice.in will be an essential tool of every advocate who has to publish notices in support of any litigation.

I suppose it will be extensively used to defend against phishing and to give notices to ISPs who fail to take action against spammers and contribute to the proliferation of phishing frauds.

Comments are welcome.



Share Button
Print Friendly