Cyber Appellate Tribunal to be active again

apna_ad_nov24

Naavi.org has been pursuing with the Government of India about the appointment of the Chair Person for Cyber Appellate Tribunal for over 3 years now. After exhausting all channels during the UPA regime, we had restarted the efforts after the new Government came to power.

At last there is a reply from the Ministry of Information Technology , perhaps because of the nudging by the National Human Rights Commission and the response has been posted on the website pgportal.gov.in.

The reply is dated November 20th and states

“You are hereby inform that the requisite pre-appointment formalities for appointment to the post of Chairperson, CAT, have been completed and proposal for appointment is under consideration by the competent authority.”

This response is to a comment posted on 5th September 2014.

Hopefully we may see re activation of the Cyber Appellate Tribunal shortly.

Naavi

Share Button
Print Friendly

Mockery of Cyber Justice?

It was interesting to note the blog post http://mahenlimaye.blogspot.in/  in which advocate Mahendra Limaye has pointed out that in response to a survey across the IT Secretaries in India, most were not even aware about their duties to the public as an “Adjudicator”.

Mr Limaye points out

Quote:

In most of the states in India office of Adjudicator is almost non-existent or non-performing. The reason behind the same is either the person who is supposed to be Adjudicator is not aware about his duties or the office staff of the said supposed to be Adjudicator is not aware about the procedure of the office of Adjudicator and above all most of the cyber crime victims/ lawyers /police officers are not aware about this CIVIL REDRESS MECHANISM.

Recently I mailed to most of the I T Secretaries in India to ascertain whether they have received any complaints for Adjudication and was shocked to discover that Most of the I T Secretaries offices responded that matter is to be filed with Police and I T Secretary has no role to play in Cyber Crimes adjudication.

Do you consider this as a Mockery? I certainly do!!!!!!!

The story does not end here. Few adjudicators(which can be counted on fingers) in India who are deciding the matters,have not set up any formal procedure for the Adjudication.No specific dates of month are reserved for the hearings nor there is any limitation within which parties are supposed to reply or police are supposed to submit there investigation report etc.Though as per provisions of 4k Adjudicator is supposed to hear application within 4 months and dispose within 6 months.

 Do you consider this as a Mockery? I certainly do!!!!!!!

UnQuote:

Naavi.org has spoken ad nauseam on this subject. It is good that other Cyber Law professionals are also feeling the injustice that is being meted out to the public of India.

Before we go further, I need to make a mention that at present we need to make a special mention of Mr Rajesh Aggarwal, IT Secretary of Mumbai who has been doing an yeoman service in this regard and has been adjudging on a number of cases under Section 46. We also need to remember Mr PWC Davidar of Chennai who was the pioneer who gave his landmark adjudication verdict in the case of Umashankar Vs ICICI Bank. These two are exceptions to whatever comment can be made that certain IT Secretaries are unaware of their responsibilities etc.

At the same time it is necessary to remember certain IT Secretaries who could not raise above conflicting interests and certain others who are arrogant enough to say that they know enough of Cyber Law to teach even the other Cyber Law experts in the market for decades and proceeded to take questionable decisions.

It is sad that we have also seen that Karnataka High Court failed to raise to the occasion and provide a relief when asked for and the Judge invoked the provisions selectively to suit one of the dominant parties to a dispute and ruled that the Cyber Crime victim cannot seek remedy at the High Court because there is a remedy at Cyber Appellate Tribunal (CAT) while at the same time he himself was ruling against the provisions of Section 61 of ITA 2000/8 and taking a decision in favour of one of the parties instead of directing him to approach the Cyber Appellate Tribunal. (When this decision was made it was known that the CAT was not functional at that time and directing the Cyber Crime victim to approach CAT was like pushing him into a black hole.).

We cannot also absolve the Ministry of Communications and Information Technology headed now by Mr Ravishankar Prasad which has failed to respond to a number of queries raised by the undersigned. It appears that Mr Prasad has not been able to understand the problem and is totally dependent on his support staff who are not perhaps guiding him properly.

I will also not spare the honourable Prime Minister Mr Modi of the blame since over the last few months, I have brought to the attention of Mr Modi himself that “Non Appointment of a Chair person to CAT is a huge blow to the delivery of Cyber Justice in India” but neither Mr Modi nor the PMO has even acknowledged my letters.

I would therefore like to ask Mr Modi.. Where is your efficient Governance? Is this all we can expect?

The only responses I have been receiving is from the Human Rights Commissions in Karnataka and now in Delhi. The Human Rights Commission of Karnataka did act suo moto to activate an unwilling Adjudicator but Karnataka High Court silenced the Commission. Now my latest letters to the Union Minister of IT, the PMO, and the Chief Justice of Supreme Court is with the Human rights Commission Delhi which has asked for the response from the Government.

We are waiting to see what Mr Ravi Shankar Prasad will reply now. Will he repeat what Mr Kapil Sibal said last time… or will he take an independent view. If Mr Prasad is being mislead by his support staff and for this reason he is unable to take a decision so far, I would urge him revamp the entire staff of the IT department or else take the blame for the inefficiency of his department.

Othewise Mr Modi’s Government will be no better than MMS government. Will Mr Modi take this as a compliment?

I wish advocates like Mr Limaye file a PIL to find out what is holding up the appointment of the Chair Person of CAT even after the new Government has taken over? Can it be anything other than Corruption? Nepotism? or Inefficiency?..

India has a right to know.

Naavi

Share Button
Print Friendly

The Start-ups and Techno Legal Risks

Whenever a new IT venture is stared, project managers normally analyze the feasibility of the project from several parameters.

For example we look at the market Feasibility to understand whether there is adequate demand for the product and what are the current supply positions and the identified gaps. For greater clarity the market feasibility may identify the product positioning, market segmentation and the impact of price on demand etc.

Similarly we look at the technical feasibility of the project identifying the technology requirements and whether the technical resources are available for meeting the product as demanded in the market at the quality required and at the price accepted.

Additionally we look at the managerial feasibility of what kind of managerial resources are required and are available to the company either in house or in the market and at what price etc.

Financiers including venture capitalists look at the financial feasibility and examine the cost of project and the means of finance with variables such as the debt equity combination, the break even point etc.

Normally a Tech Start-Up represents the dream of a Techie who is perhaps a brilliant software developer. But often he is not necessarily equally brilliant in Marketing, Finance or Man Management. Successful Start Ups often consist of a promoter mix where one or more is a Marketing or Financial expert. Since manpower requirements primarily are other software professionals, the promoters may be able to pool the talent for their production division from their past contacts or through friends.

In the midst of all these, Tech Start Up promoters often lose sight of the fact that there is a need for a “Techno Legal Feasibility Analysis” of a project in addition to the four kinds of feasibility mentioned above. Often the success and failure of a Start Up depends on this factor which is actually alien to the tech savvy promoters as well as the finance wizards in the venture capital firms.

Let’s briefly understand what are “Techno Legal Risks”.

We do understand in the information security scenario what is meant by a “Threat” and “Vulnerability” or their net result which we call as “Risk”.  In “Techno Legal Feasibility Study”, the analyst tries to make an assessment of the Legal Threats and Legal Vulnerabilities and arrives at the “Legal Risks” that a business project faces.  It is a part of project planning requirement that the management should have a suitable control/s in place to mitigate, avoid, transfer or absorb these techno legal risks.

Such an analysis will prevent resources being deployed on a business which is likely to meet with a legal suit sooner or later which can destroy the earlier plans. A peculiar aspect of legal risks is that they mature when the business is ripe and is already a cash cow. The technical risks on the other hand often surface when the business is in the starting phase where there is still an opportunity to forget the impact and re start. But the legal risk which manifests when the business has already taken shape and built a base often cripples an organization forcing it to quit.

We can recall the experiences of Napster which was a great technical and marketing success but turned out to be a disaster because the legal risks were not covered fully. Radiant Software of Chennai is another example  of a similar nature which had to sell out being unable to meet the legal liabilities arising out of a legal issue.

If an organization undertakes a Techno Legal Feasibility study at the start up phase, the implementation of strategies to mitigate the risks can seamlessly transform into strategies for meeting the “Information Security/Assurance” requirements when the business goes on stream. Otherwise the business will realize the need for Information Security much later in the life time of the organization when it becomes difficult and more expensive to implement a total transformation of the organization from a “Laissez Faire Organization” to an “Information Security Conscious” organization. Often such a transformation will create dissonance in the organization which may even force some critical resources to resign.

Every CISO who has told the company that they should introduce a “No Camera Phone in Premises” can understand the  difficulty implementation of such a transformation represents. On the other hand if such a policy is there from the zero day, (or at least the day 1) then implementation of information security becomes easy.

It is high time Venture Capitalists and equity investors in Tech Start Ups make “Techno Legal Feasibility Study” a part of their “due-diligence” for project evaluation.

If you agree or disagree, drop in your comments..

PS: While the above article focuses on Start Ups, it also applies to all those organizations which have increased their technology stake in business such as introducing E-Services, E Commerce outlets, E Banking services etc to their legacy service base.

Naavi

Share Button
Print Friendly

Let’s start a Race with Modi’s Swachh Bharat Campaign..

Naavi started his sojurn in Cyber Space in 1998 with the slogan “Let’s Build a Responsible Cyber Society”.  This initiative was focussed more towards the individual Netizens being made aware of the Cyber Laws and making them law abiding netizens, though from time to time the need for Cyber Law Compliance at corporate level was being highlighted.

After 15 years of this journey it appears that a time has come to push the initiative further in the Indian Corporate Sector. So far Corporates excused themselves from compliance for lack of clarity and some times out of ignorance. But now it is time that Corporates come out of this self imposed blind and take a firm and positive step towards compliance.

Our Prime Minister has called for a “Clean India” campaign with every Street and Mohalla, Village and city to be kept clean. If Mr Modi has the optimism to achieve such a gigantic task, should we not be confident of achieving a much less daunting objective of achieving a “100% ITA 2008 Compliant Corporate Society in India”?

It is possible that during the next few years, ITA 2008 may undergo some changes. But if a compliance program to ITA 2008 is in place, it should not be difficult to make course corrections to adapt to any changes that may come up in the next few years.

Naavi.org has started the “Hall of Fame” to start listing those who can claim that they are ITA 2008 compliant. This list will be maintained under the website www.ita2008.co

Presently the list is blank. Let’s see how it starts filling up.

There are many organizations specially Banks who claim to be ITA 2008 compliant. I invite them to include their name in the Hall of Fame. I also invite customers of different organizations to urge their service providers to self introspect and take steps to get the names of their organizations included in the list.

Let’s start a race today…. Race with Modi’s ambitious plan of creating a “Swachh Bharat by 2nd October 2019″. Let’s try to meet our goal of “100%  ITA 2008 Compliance by 2019″ ITA 2000 was notified on 17th October 2000 and ITA 2008 amendments were notified on 27th October 2009. By 2019, it will be a decade of ITA 2008 regime and it should be more than a reasonable time for corporates to show their respect to law by declaring themselves to be “ITA 2008 Compliant”. Let’s try to make every Company, IT or Non IT, Every E Commerce website and Every E Governance department ITA 2008 Compliant by 27th October 2019.

I invite the Ministry of Communications and Information Technology to initiate the “ITA 2008 Compliance Andolan” as a national project and challenge the PMO on who would be the first to achieve their goal. Netizens and Citizens of India would be happy if both the goals are achieved.

I declare the race open!

Naavi

Share Button
Print Friendly

Are you a ITA 2008 compliant organization?..Enter the Hall of Fame..

Information Technology Act 2000 (ITA 2000) came into effect on 17th October 2000. Apart from the legal recognition of electronic documents provided under the Act, certain offences and contraventions were defined in the Act. One important aspect of the ITA 2000 was the introduction of the concept of “Due Diligence” failure of which could land a Company and its executives in trouble.

Under sections 79, intermediaries could be held liable for offences attributable to the third party information handled by them and under Section 85, Companies could be held liable for offences attributable to the Company. In either case the liability could be both civil and criminal. Because of section 85 the liability on a Company could also be extended to its officials.

This meant that Companies having the risk exposure to the commission of contraventions under the Act either by its employees or by others who use their information assets. Hence it became critical for companies to protect their and their executives interest by adequately following due diligence.

Though there was an attempt to get these provisions diluted through the “Expert Committee” constituted by the Government in the aftermath of the baazee.com developments, the final outcome in the form of ITA 2008 (ITA 2000 with amendments under Information Technology Amendment Act 2008) was perhaps more stringent than ITA 2000. It retained the provisions of Section 85 and 79 along with an expansion of the contraventions and crimes recognized by the Act.

The need for companies to be ever more vigilant about “Due Diligence” increased with the introduction of the ITA 2008 with effect from 27th October 2009.

It is now 5 years since ITA 2008 came into being and ITA 2008 mandated several security measures cumulatively requiring an ITA 2008 compliance audit and compliance program for every IT User.

We hope all corporate managers have taken note of this requirement which is also a pre requisite for Clause 49 compliance under SEBI listing norms for listed companies.

Naavi.org requests every company to self introspect and ask a question to themselves, “Am I compliant with ITA 2008?”

If not it is necessary to take suitable steps to implement such a compliance program at the earliest. If any company has completed an ITA 2008 compliance implementation program, Naavi.org thinks that such companies deserve to be placed in the “Hall of Fame” for ITA Compliant Organizations.

Naavi has therefore launched a new website www.ita2008.co   to represent the rare companies which deserve to be called an “ITA Compliant Organization” and request Cyber Law Consultants and Techno Legal Information Security consultants to report the names of organizations who have completed a proper ITA 2008 compliance audit along with the date of such completion and the consent of the company to place their names in the list.

Simultaneously another website,  www.ita2008.in has also been launched and is dedicated to carrying a copy of the Act and rules for immediate reference.

While Naavi or Naavi.org or ita2008.co does not take the responsibility to independently verify the claim, it would like to provide an opportunity for companies and consultants who have taken steps to reach certain satisfactory levels of compliance. We do grant that at this point of time there may not be a standardization of evaluation and different auditors may have different evaluation standards.

Naavi  invites leading Techno Legal consultants of India to come together and form an informal forum so that we can try to develop some standard practices  that would be acceptable to all. This would be an attempt at developing a “Standard” for “ITA 2008 Compliance Audit and Implementation”. As some of the observers of this site are aware, Naavi.org has suggested a framework called IISF-209 v-5 which is an attempt to provide some road map for such standardization. . Naavi has also developed some thoughts on how to measure the progress of ITA 2008 compliance over a period of time to establish the maturity levels reached by an organization.

There can be scope for further development of this concept  if the leading ITA 2008 compliance consultants in India can come together.

I look forward to comments and suggestions in this regard so that we can take this effort beyond launching of a website and declaring an intention to create a “Hall of Fame” for ITA 2008 compliant organizations.

Naavi

1st November 2014

Share Button
Print Friendly

Cyber Pornography- We need to fight for a Clean Internet

The Rajyasabha MPs who are visiting Chennai and Bangalore are collecting views about whether ITA 2000 should be amended to fight Cyber Pornography.

Naavi.org has been fighting for action to eliminate Cyber Pornography for over a decade and has discussed what needs to be done in this regard.

To refresh the minds of those who are concerned with the problem, I draw their attention to the following articles:

1. Responsibilities of the School Administration

2.Declare A War On Cyber Pornography !

3.Govt Can Ban Porn websites for obscenity

4.The War on savitabhabhi.com needs to be continued

5.Should we legalize por.n?

After the introduction of ITA 2008, Section 67B has stringent provisions that can be used to control Cyber Pornography. In fact Section 67B is so stringent that it is considered as amenable for misuse by Police.

Under these circumstances, it is our considered opinion that it is not  necessary to amend ITA 2008 to control Cyber Pornography.  Even if more stringent changes are made to the law, it will not make any difference and will only increase the possibility of abuse.

If there was a will to control Cyber pornography, by this time we could have done it. But the industry is completely against the idea since banning pornography will reduce internet traffic and also eliminate an  important channel of virus distribution. The criminals and the greedy businessmen are therefore lobbying against elimination of Cyber Pornography.

Recently there was a new search engine created by some technologists to provide for “Anonymous Pornographic content Search”.  

However, so far there is no news of the Government taking any steps to prosecute these persons for promoting a service to break Indian law.

Section 79 of ITA 2008 along with the rules notified in April 2011 has specific “Due Diligence Mandate” which includes steps to prevent posting of any obscene content on websites. This law is more than sufficient to fight Cyber Pornography if we have the will.

After the recent crimes in Mumbai, Delhi and Bangalore where sex related offences have been committed with unbelievable atrocities and strange circumstances, it can be said without doubt that youngsters are being corrupted with cyber pornographic content that makes them behave like animals at times.

There is therefore an immediate need to take suitable steps to ensure that the Indian Cyber Space is cleared of this filth called pornography.

Naavi welcomes the initiative of the standing committee under the chairmanship of Sri Bhagat Singh Koshyari in trying to find a solution to this menace.

During their meetings, the MPs will find many technology specialists discouraging them and saying that we cannot block pornographic content since they will resurface in a different name. This is an excuse that the pornography supporters present to prevent action from the Government. It is necessary for us to remember that today around 74000 viruses are appearing each day and the industry is fighting it constantly. The total population of viruses and malware in the world could well be running into more than 21 million. Perhaps the war against virus would never be won completely but the menace is kept in check with some minimal investment from the user’s side.

If 74000 viruses per day can be kept in check and more than 20 million malwares have been pinned down, it is not impossible to eliminate Cyber Pornography at least from India if there is a serious effort.

What we may need is to develop a mechanism for reporting of pornographic URLs and development of a central data base of all such reports. Then all ISPs should create a black list of URLs by linking their DNS cache with the black listed URLs. If we take up this effort on a war footing the way Mr Modi has launched the “Clean India Campaign”, it is possible to create a “Clean Indian Cyber Space” in no time.

It is possible that many users may start using proxy servers to beat the system. It does not matter. If we can eliminate 90% of pornography, then the damage would be significantly curtailed. The incentive to maintain the savitabhabhi.com or its alternative kirtu.com would die down gradually.

Naavi.org therefore calls upon the Bhagat Singh Committee to declare a “Swachh Bharatiya Cyber Space (Antarjaal) Abhyan” and work on how to develop the system of identifying pornographic content and encouraging development of  more and more “Net Nanny” type of filters for schools and other organizations so that we can reach our “Swachh Bharatiya Antarjaal ” goal in 2015 itself.

Naavi

Share Button
Print Friendly