Naavi avatar
Full name:
Vijayashankar Na
Nickname:
Naavi
Website:
Description:

Posts by Vijayashankar Na

Banks Prepare an assault on customers through Court actions

Naavi.org has been highlighting the fact that banks are conducting “Unsafe Banking” in pursuance of “Profit before Customer Service” and pushing Customers into greater and greater risks.

RBI has through the 2001 guidelines on Internet Banking and again through the Information security guidelines (GGWG) in 2011 has mandated that Banks need to ensure proper cyber security and also cover themselves with Cyber Insurance. However, Banks have not upgraded their security but going for higher and higher levels of untested technology.

The Adjudicator of Maharashtra had provided several awards in favour of the customers and Bankers were very much dissatisfied. Eventually, the Adjudicating officer was transferred.

Simultaneously the Karnataka Adjudication system has been kept closed since the IT secretary is not interested.

As of now the entire system of Adjudication across the country has been paralyzed.

It is also well known that probably it is the influence of the Banks that the post of the Cyber Appellate Tribunal (CAT) remains unfilled for four years.

Cases which are already before CAT are in a limbo.

Now it is learnt that all the affected Banks in Mumbai are considering challenging the decision of the Adjudicator of Maharashtra in High Courts. From the recent verdict of a High Court in Bangalore we know that any lower court verdict can be turned upside down if necessary even using a faulty calculator to add. Banks have the resources which can work wonders with our system.

It is therefore necessary for Netizens and public spirited lawyers to be vigilant and ensure that Courts donot take decisions which are anti cyber crime victims under the influences that banks can mount on them. Consumer protection organisations also need to step in now to see that injustice is not done to bank fraud victims.

In any such litigation, RBI must also be made a party to clarify its stand on “Security in Banking system”.

I wish media also turns its attention on this class action by Banks against its own customers to cheat them of their hard earned savings in pursuance of the greed for more profits by Banks.

Naavi

 

Share Button

Banks Brushing Data Security Issues under the carpet

“The general culture in our bank is to brush data security breach and loopholes under the carpet” says one of the senior executives of a leading Bank, according to this article in Midday.

Mumbaikars beware! Your bank details are being stolen and sold!

It is well known that Cyber Security has been subordinated by Bankers today to profits and RBI has been looking the other way. Highlighting one of the vulnerabilities in the Security protocols which became public a few months back, (SSl V3 exploit), the article explains how many of the Bank’s own executives admit that the Banks have been deliberately neglecting the security and “brushing the problem under the carpet”.

This should be an eye opener for RBI to tighten up its regulatory measures so that Indian Banking system is not a victim of greed of bankers to make profits at the cost of security.

Naavi


Any Questions on Cyber Law? Download this App from Google App Store a Ask

en_app_rgb_wo_60

Share Button

New Mobile App launched for Cyber Law Awareness for Everyone

The undersigned has been undertaking several measures from time to time towards spreading awareness of Cyber Laws in the country. In a bid to further the mission of “Cyber Law Awareness For Everyone”, Naavi has launched a mobile App called “Cyber Law Guru”.

The app which is presently on Android platform enables any person to post a query and an attempt will be made to provide a feedback to the best of our ability.

Initially, Naavi will be providing the answers but in due course it is intended that a panel of experts will be answering the queries.

The purpose of this App is only to “Educate” and “Create a better awareness” and not to provide any consultancy.

The app can be downloaded from the Google App Store and here:

en_app_rgb_wo_60

 

We hope that the app would be found useful.

The app is presently on extended testing and any constructive feedback is welcome. The feedback can be sent to Naavi

Naavi

 

Share Button

Has RBI really woken up from its slumber?

Mr Raghuram Rajan, Governor of RBI sprang a surprise during the press interaction on 14th May following the Board meeting at Goa, by hinting at setting up of a subsidiary to meet the Cyber Security requirements of the sector.

This in fact is great news for the sector and we hope that the idea is taken forward in the right direction.

Our own perception about the tenure of Mr Raghuram Rajan has been that so far he has been focussing more on the monetary policies and is actually neglecting the “Banking Regulation” aspect. This is the first time that RBI under Rajan has expressed a recognition of the fact that “Cyber Crime Risks” are  a concern.

The undersigned has repeatedly pointed out that RBI does not walk the talk when it comes it its policies on Cyber security. There is Internet Banking guidelines of June 2001 which mandated Cyber Crime insurance which Banks never implemented. There is April 2011 guideline following the G Gopalakrishna Working group committee report implementation of which is also lagging behind. The Damodaran Committee report was sidelined and not notified. Many guidelines on ATM security have remained unimplemented. RBI has never proceeded with suitable penal action which would have instilled a greater sense of responsibility in Banks. The undersigned has a personal experience of how RBI ignored taking actions against ICICI Bank, PNB, SBI and AXIS Bank which were in the forefront of bullying the Internet customers who had suffered losses on account of Cyber Security failures.

At the same time, even before securing the more than decade old Internet Banking system, Bankers  have been able to push advanced cyber Banking products such as Social Media Banking. Mobile Banking itself has moved into the second generation “App based Banking” which will revolutionize the way people use the Banking system. Recently we had lot of legal controversies surrounding App Based Taxi services. Similar issues may in future arise if RBI does not handle the App Based Banking regulations properly.

There is no doubt that technology will make a lot of difference to Banking. In the recent press interaction, Rajan repeated the words which have been part of my presentation slides for a long time that “Banking no longer belongs to Bankers. It belongs to Technologists”, the words of wisdom first uttered by Mr A.T. Panner Selvam, previously my senior colleague in Indian Overseas Bank, who later on went on to become the Chairman of other Banks.

But the undersigned has also repeatedly pointed out that any innovation in technology cannot be at the cost of “Security” of banking transactions using Bank customers as Guinea Pigs. The mandate for RBI is to manage the Indian Banking system with the core beneficiary being the “Customer”, who is the “Purpose” of Banking as Mahatma Gandhi put it.

In this connection, the undersigned suggested that RBI should make Cyber Insurance mandatory when the new Banking licenses were considered since the new generation banks are likely to have a larger stake in technology and therefore a greater technology risks. Of course RBI ignored such suggestions and did not even make a mention of Cyber Security as part of Bank licensing criteria.

So far, the perception of the undersigned (which I hope is not correct) is that RBI is subordinating its regulatory responsibilities to the commercial interests pushed through by IBA. It is for this reason that some Banks are pushing technology that is not compliant with law and exposes customers to greater fraud risks. If Mr G Gopalakrishna the former ED had not been vigilant, some of the Banks which were members of the working group headed by him would have pushed through certain suggestions which were bad in law.

During some of my interactions with RBI through RTI applications, I have even been told that RBI does not collect fraud data which can identify Phishing type of frauds from loan frauds. A recent RTI has given at least some information on the number of Cyber Crimes though there is no consistency with the figures of similar nature revealed by the IT Minister in the Parliament. The Cyber Crime metrics in banking industry is still unreliable and is a big hindrance to the development of Cyber Crime Insurance industry.

I hope all these apprehensions are things of the past and RBI has now recognized the need for a change of heart and recognized the need to address Cyber Security as a core issue. We therefore warmly welcome the development suggesting that there could be a focus on Cyber Security through a separate IT division.

The exact shape this suggestion will take needs to be watched.

We know that there is already an institution such as IDRBT under direct control of RBI with a reasonable expertise in technology and significant contribution to the Indian Banking system and its technology developments.  Will the new idea be an extension of IDRBT? or will there be a new Subsidiary? or will there be a new division of RBI? are some of the issues to be decided.

It is necessary that whatever be the status, the focus has to be on “Information Security” and not limited to “Information Technology”.

Presently the division of RBI which supervises payment settlement system has been providing enough impetus to technology through its own policy formulations often ignoring the security concerns. It will continue to promote IT and no new division is required for this purpose.

There is also a “Risk Monitoring” Department which does some good work on protecting consumer interests though little away from the technology aspects.

It would therefore be appropriate for RBI to consider a separate division or subsidiary which is called “Information Security” division/subsidiary. This division can also set information security standards for the financial sector and also work as CERT for the industry. Such a division can work closely with Cyber Insurers and develop actuarial data to help the industry to develop affordable cyber crime insurance products both for the industry and the individuals.

Also, if the entity is an external subsidiary, how will it be managed? What will the representation of RBI in the board? Vis a Vis the commercial Banks?.. is an issue to be settled.

I  have  suggested in the past creation of a fund for Cyber Crime loss reimbursement out of the KYC fines imposed from time to time. Such projects can be integrated with the Cyber Crime insurance and the activities of Information Security of the proposed department. In such a case multiple divisions of RBI may have to be represented in the activities of this new division/subsidiary.

Presently, the IT initiatives of RBI are often dictated by ICICI Bank and SBI.  These Banks in pursuance of their commercial objectives tend to relegate Information Security to “What is Commercially Feasible”. Some vendors also wield enormous influence in the decisions. We apprehend that there will be an attempt by these vested interests to take over this new “Cyber Security” entity  and ensure that it will also dove tail the commercial interests.

Mr Raghuram Rajan who appears to be dependent on his other colleagues on the subject of Information Security, should ensure that he is not misguided by vested interests in implementing these new Cyber Security initiatives.

I request all Information Security professionals to keep track of the developments in this regard and raise red flags when required.

Naavi

Share Button

Justice Karnan escalates fight with the system

The strange ways of the functioning of Justice Karnan of the Madras High Court took another ugly turn with the Judge defying the order of the Supreme Court to open another area of confrontation. (See the report)

Earlier, the Judge had taken on his fellow Judge, Justice Dhanapalan as well as the Chief Justice of Tamil Nadu, Justice Sanjay S Kaul by raising the objection to Dhanapalan’s inclusion in a civil Judge recruitment committee alleging that Dhanapalan’s educational qualification was bogus. He did not stop at requesting the CJ to remove Mr Dhanapalan from the committee. He went ahead and suo moto ordered a stay on the committee and peppered the order with a threat that if it is violated, he would launch contempt of court proceedings against the CJ along with charging him under the Prevention of atrocities against SC & ST  Act.

This was therefore not a simple case of a vigilant Judge trying to bring to the open an irregularity or fraud. It was a case of a Judge threatening his superior with his judicial powers and also invoking the caste card.

It may be noted that Justice Karnan has a history of such “Threat to use Contempt of Court” and “Threat to use SC/ST Card” even in earlier occasions against the previous CJ also.

When confronted with the threat and the Judicial order issued by Karnan, the CJ approached the Supreme Court for direction and a thre Judge bench stayed the order of Karnan. It had ordered that Justice Karnan shall not interfere with the Civil Judge recruitment process.

Now. according to today’s report, Justice Karnan has indirectly defied the Supreme Court order by another suo moto order. Now he has issued a direction to CBI Chennai to conduct an enquiry on Justice Dhanapalan’s educational qualifications. He has also furnished some information obtained through RTI.

While one can appreciate the commitment of Justice Karnan to oppose an irregularity if present, his frequent threats of invoking the Caste Card as well as the Contempt card projects him as a Caste activist. In the recent incident he has also threatened to open up “Muslim” and “Christian” issues  indicating that he would go to any length to achieve his goal. An analysis of the events indicates that he holds a  a personal grudge against Justice Dhanapalan and wants to settle it with all the powers at his command.

The lack of self restraint and diplomacy is an issue that must be making both the Chief Justice of Madras High Court and the Supreme Court wonder how to handle this unprecedented situation.

The controversy has many possible outcomes and it would be interesting to see how it develops into any of the following situations.

Will CJ of Madras and India continue to remain within the strict boundaries of petitions before them and ignore the move of Justice Karnan dragging CBI, Chennai into the controversy? Or

Will they suo moto order another stay on this order?

Will CBI or CJ- Madras move the SC in the matter?

Will Justice Dhanapalan move SC in the matter?

Will SC move a contempt of Court action against Justice Karnan?

Will there be any impeachment motion against Justice Karnan?

Will any responsible member of the public move the Supreme Court to stop this washing of dirty linen in the public by the Judge?

….Let’s wait and see the drama unfold

In the meantime we reiterate that when a person takes the oath of a Judge, he must also give up his rights under the Caste and Gender based legislations that our society has adopted to protect the lesser mortals.

Such laws are blatantly against the “Principle of Equality” and  related to “Vote Bank Politics”. They need to be amended to exclude the “Creamy layers” so that it protects those who need protection and does not become a tool in the hands of empowered people to misuse.

While they remain in the books, they need to be upheld by Courts when citizens invoke them. But when Judges  invoke such laws with suo moto orders, to protect their own causes, the laws may be considered as  being used for  “Self serving” purpose.

We need to therefore find a method to exclude exercise of such rights by Judges.

The Supreme Court now has an opportunity to look into this matter and pass appropriate ruling to prevent similar incidents in future.

Supreme Court may therefore consider  if a Judge should voluntarily excuse himself from using  caste or religion or gender based protection to further his own causes by an appropriate oath.

The use of Contempt law against another Judicial person should also be excused since any disagreement can always be handled through appeal in the proper course to a superior judicial authority.

If Supreme Court remains silent, we may see more of such incidents in the future and the respect the Judiciary should enjoy with the public will be severely eroded.

Naavi

Share Button

17 years …The journey of naavi.org

I am suddenly reminded by linked in that today naavi.org completed 17 years of existence. I was woken up to this reality by the congratulatory messages sent by some of my friends. 17 years has been a long time and changes have occurred in all aspects of life. Normally we say that the Internet world moves 4 times faster than the physical world and hence these 17 years are equivalent to nearly 68 years of development in the physical space.

It is interesting to place on record here some of my immediate thoughts on this long journey….

When I entered the Internet space, it was through my journalistic credentials. At that time I was writing a regular column in Indian Express as a finance specialists advising investors on “Investment for the week”. Besides this, I was a reasonably prolific writer in news papers with regular contributions of research on investment trends, public issue trends etc. By that time I had already been involved in the designing of websites for Corporation Bank, Sundaram Finance and several other clients of RKSWAMY/BBDO advertising. I was therefore tempted to host a website just to host my personal information. Naavi.com and Naavi.org were registered in this context. Over a period of time Naavi.com was lost to a cyber squatter due to a mistake of delay in renewal and Naavi.org continued.

What was initially a personal site of the undersigned then was turned into a Cyber law site with the draft of E Commerce Act 1998 being put up for public information and feedback. Since then with the pumping in of information and views on various developments, Naavi.org developed into a portal. There was an attempt to convert it into a bigger portal with sections on information security etc but finally, it was only practical to retain it as a personal blog.

After lot of persuasion from friends, the word press version was launched from 12.12.12 and the older model of the site was relegated to the background with a link from the home page.

Many of my friends may not be aware that the postings on the site include some serious work on Cricket ratings for World cup which is even more relevant during the IPL. It also had links to other personal interests such as elections in India though the central theme has been “Cyber Laws”. Moving with the times, there have been several Netizen issues that have been taken up with missionary zeal often resulting in brushing the authorities on the wrong side.

During these days, there have been many successes and perhaps as many failures and disappointments and frustrations. Often these have been put forth on the website such as when the Cyber Appellate Tribunal becoming defunct, the Bangalore Adjudicator shutting off further activity of adjudication etc. But after a brief period of disillusionment with the authorities, we have moved on with renewed hopes that one day things will be better.

In the meantime Modi came and created a new hope. Though this hope is also on the wane, the eternal optimist in me says that “some thing positive is around the corner”.

The good wishes of all my friends has renewed this eternal hope as I continue to search for something more encouraging than the present…..just around the next corner…Thank you…

Naavi

Share Button