Header image alt text

Naavi.org

Building a Responsible Cyber Society…Since 1998

On the historical “GST day” when a One Nation- One Tax system went on stream, a day long conference was held in Chennai about “Cash Less Economy”. Organized by InternetTechies Solutions Private Limited, the program in ITC Chola Grand  discussed several interesting aspects of the emerging Cashless society in India.

One of the topics of discussion was the evolution of Cyber Laws in India and how it impacts the new digital system where “Cash” is being digitized in various forms of digital instruments.

Speaking in the subject, Naavi underscored the different perspectives of principal stakeholders of the Cashless Economy such as the Technologists, The Businessmen and the Regulators a part of which is captured below.

Disruption Without Destruction

While Technologists with their passion for innovation take pride in “Causing Disruption” in the society with their innovative transformation ideas, Businessmen look for profits at every corner, including cutting the corner for an additional rupee of profit. Regulators on the other hand work with less than complete understanding of technology and are often honey trapped by technologists and business entities into taking decisions which are sub-optimal.

In this context it is a challenge to find a balanced path of growth where Innovation towards a disruptive solution that shakes up the society into progress is brought in without causing destruction of those who use very system which we want to take in the path of progress.

A typical example is the push for acceptance of Crypto Coins such as Bitcoin as a “Legally Recognized Digital Currency” which may be a disruptive  innovation that can transform the way we look at currency but in the process make our Banking system redundant and thereby destroy the edifice of the economy.

Hence at every step towards implementation of the concept of Cashless economy, there is a need to watch if the risks are properly covered. The objective is not to reject technical progress but ensure that the security of the users is always at the center of adoption of any innovation.

With the trend in the Digital Cash system in India converging on the NPCI platfom as a common gateway for different  Bank and Card Accounts  and convergence of authentication on the Aadhar  platform, and now convergence of all trade transactions in the GST platform, there is more convenience in the cash less society.

However along with this convenience, comes an “Unification of Risks”. If there is a single vulnerability some where in the system, that can have a highly disruptive effect causing wide spread destruction.

It maybe recalled that the Petya Ransomware spread across Ukraine like wild fire through a widely used tax related software and similar happening in India cannot be ruled out.

In the context of the Risks that can be exploited by criminals, it is necessary to look at how the Indian Cyber Laws address the responsibility of protecting the consumers.

It must also be realized that law may identify two types of Digital Cash namely “Digitization of the current currency/money holdings which a citizen may deposit and hold in the form of balances in the Bank” and the creation of new “Digital Currency” of the BitCoin type.

The two namely the “Digitization of Existing Currency” and “Creating Digital Currency” are not same either for regulatory purpose or for the impact they may leave on the economy. While the Digitization of money in the banking system is achieved through E-Banking and M-Banking where digital modes are used as “Channels of Communication with the Banks”. The extensions such as the ATM or the Cards, or Mobile Wallets are also normal Banking transactions executed with different digital tools. From the legal perspective this “Digitized Banking” is governed by the legacy laws of Banking super imposed with the law such as the Information Technology Act (ITA 2000) which builds a bridge between the existing laws and the electronic way of using money.

On the other hand the Bitcoin type of Digital Currency is a system which may be outside the purview of the definition of Currency under the RBI Act and does not come under the provisions of the existing legal framework.

What may not be within the framework of law may also be outside the purview of law. Some times, such things may be neither within the law nor outside but may fall in the grey area in between. In such a situation, some people start exploiting the opportunities until one day the matter is pushed either inside or outside the legal framework by clarity dawing on the community.

But when the legal framework is unclear, which side to err on is a matter of “Risk Perception and Risk Management Attitude” of a subject. People with n unethical mind (as also the criminals) will jump at the opportunity and try to make hay while the sun shines while conservative people stick to ethics and avoid doing what is not clearly legal.

Some of the people who make gains today may lose it out if the law changes and regret their decision in future. Alternatively, if they are smart, (and also lucky) they may get out in time with profits but not without trapping others. It is for this reason that our MP Mr Kirit Somaiah called Bitcoin a “Ponzi Scheme” and he was not off the mark.

Under existing law in India, Bitcoin is not a “Currency” under RBI Act but may be considered as an “Electronic Piece of Paper recognized by ITA 2000” and interpreted for the meaning contained in the electronic document.

While the principal Cyber Law that we need to look at in this context is the Information Technology Act as introduced in 2000 and amended in 2008, it is also necessary to look at the Payment and Settlement Act 2007 which may undergo further modifications now as suggested by the Watal Committee, the amendments to ITA 2008 itself which is under consideration as well as the newly proposed Data Security Act.

In the back of these laws, one cannot forget the “Negotiable Instruments Act 1881” as amended from time to time and more recently in 2015 and the different regulations of RBI.

The ITA 2000 brought the legal recognition of electronic document with a paper document and the NI amendment Act of 2002 introduced the concept of Cheque in Electronic Form. This concept of Cheque in Electronic form went through a major transformation in the NI amendment Act 2015 which brought Cheque in Electronic Form into the provisions of the NI Act 1881 as amended upto date since Cheque in Electronic Form is part of Section 6 of NI Act.

With this, it may be possible to invoke several aspects of NI Act such as the responsibilities of the Paying Banker and Collecting Banker as well as Payment in Due Course and Collecting Bank’s responsibilities etc which need to be interpreted in the context of electronic instructions that go behind the UPI or Wallet transactions where the customer of one Bank is deemed to have issued an electronic instruction to his Bank to make payment of a certain sum of money to a certain person and the same is collected by another Bank on behalf of the intended payee of the instruction.

To most technologists and even the non Banking regulators, this concept of a “Wallet Transaction” being spoken in the same breath with a “Cheque” may come as a shock.

When the full implication of this comparison dawns on the society, we will know that there are clear interpretation of how a “Forgery” of an electronic instruction  will be a nullity in law and the paying banker will be liable for the payment of such forged instruments.

A more detailed debate may be required on the impact of NI Act on the new instruments of cashless economy including the UPI and USSD, the role of the Banks under Sections 85 and 131 of NI Act, role of the NPCI which is similar to an intermediary in a physical society who carries the cheque from the drawer to the Payee determining whether it was properly “Delivered”.

I am sure that this line of thinking opens up thoughts on how the digital signature or E Sign needs to be used in digital payment instruments in substitution of physical signatures on paper based instruments and how the absence of a legally recognized authentication on “deemed electronic cheques” may affect the liabilities of the intermediaries.

The “Intermediaries” will then also be exposed to the liabilities that arise out of “Non Compliance of ITA 2008” and the impact of Section 85 and Section 79 on vicarious liabilities.

Amidst all these discussions looms the risk of the ignorant regulators trying to fall for the pressure of vested interests and trying to legalize Bitcoins. If done, a flood of around Rs 6.5 lakh crore rupees of digital currency will flow into the Indian floating currency system causing a 50% jump in the floating currency and causing disruption that will actually be destructive.

There are may in the technology industry who are pushing Block Chain technology as an “Authentication Technology” and building a relevance for Bitcoins through this mis-represented logic. “Block Chain Technology” is a “Ledger Keeping technology and cannot be used in replacement of what the law today recognizes as “Authentication” which is “Non Repudiable” under law.

In the light of these developments, the “Risk of Wrong Regulation” also becomes necessary to be taken into account. It is often found that the consultative process of the Government is inadequate and the Consumers are never part of this consultation. We the Citizens therefore are hoisted with law that we were never part of making despite calling ourselves a “Democratic Society”. Laws are made at the instance of business which has an agenda to exploit the innocent public and this trend needs to be changed.

It is therefore essential that more seminars like the Cash Less Economy needs to be held particularly in Mumbai and Delhi to attract the attention of RBI and the Finance Ministry. We need to debate on the theme of “Disruption Without Destruction”. The Government may also pro actively consider Co-opting consumer representatives who are “Techno Legal Economic Experts” so that a proper perspective is considered before key decisions are taken.

Even if all normal business risks cannot be eliminated through better legislative clarity, Government may still consider reduction of the risks substantially through the encouragement to be given to the Cyber Insurance Industry which needs to shoulder some of the liabilities that the consumers need to bear out of the systemic risks that arise as the nation move towards cash less economy.

Naavi

 

Having Problems with WordPress… Any suggestions?

Posted by Vijayashankar Na on July 2, 2017
Posted in Cyber Law  | 2 Comments

For the last few days, I am having a problem with the Word Press. It appears that a post above a particular size is not getting published or updated.

If I post a screenshot image this post also cannot be uploaded.

The error message says

Quote

Not Acceptable

An appropriate representation of the requested resource /wp/wp-admin/post.php could not be found on this server. Additionally, a 406 Not Acceptable error was encountered while trying to use an ErrorDocument to handle the request.

Unquote

Can anybody suggest how this can be rectified?

Help will be highly appreciated.

Naavi

P.S: The problem was identified as a Mod Security on the server. Has been set right now.

Interview with ISMG

Posted by Vijayashankar Na on July 2, 2017
Posted in Cyber Law  | No Comments yet, please leave one