ISIS Propaganda from a Bengaluru Executive?

It is a shocking revelation that one of the most prominent Twitter handles carrying on ISIS propaganda happens to be that of a young professional working in Bengaluru in an MNC firm.

Report

The twitter handle was titled Shami Witness and the person is identified by his pseudo name Mehdi.

The incident highlights how terrorism has spread its wings to young professionals with good educational background. It is unfortunate that the Police in Bengaluru had no inkling to the goings on.

It also highlights the failure of the employee behaviour monitoring system in the organization in which the person was employed and HR professionals need to think of new ways of identifying such deviant minds working in the system.

Naavi

P.S: Another question which the Government of India and Karnataka need to answer is that just as they banned Uber and other app based taxi services, will they ban the ad company in which the person was employed and also other ad companies !

Share Button
Print Friendly

Government Fails to understand the Uber business model

apna_ad_nov24

The incident in Delhi involving a Uber taxi driver (a known criminal convicted earlier) committing rape of a girl using the taxi service to get a drop back to her house at around midnight after attending a party and pub has exposed the inability of the Government of India to understand the business model of app based taxi service.

When these officials who does not understand business, try to regulate a business that they donot understand, we cannot but see the bizarre knee jerk reactions alround.  So far the Government is talking of banning the taxi services without realizing that these companies such as Uber, Ola or Taxi for Sure donot run a taxi service as we traditionally understand. They provide certain technology services to the drivers (may also be the owners) of vehicles which are available for adhoc hiring. They are “Communication Management Companies” or a “Digital Call Center service” trying to bring the commuters and the vehicle owners for meeting mutual requirements. Everything else is “Perception”.

In a way, the problem being faced by the app based taxi services in India is similar to the problems faced by Bitcoin community some time back when RBI came down heavily on the system taking it as a challenge to the currency system.

In the case of the Bitcoins, the system was promoted and perceived as a “Currency” replacing the Rupee or Dollar where as it was a “commodity” acceptable for exchange of goods and services  in a “Limited Voluntary user forum”. The mistake was that of both the community which promoted it as a currency and the regulators who considered it as a currency.

Now, as regards the Uber, Taxi for Sure and Ola, are not “Fleet Operators” who own vehicles under a permit and run it with the help of drivers employed either on salary basis or on contract basis. In the “app based taxi service”, if any body has to be registered as a “Commercial Taxi” it is the individual driver who operates the taxis and not the Ubers or Olas. It is incorrect to even call them as “Taxi operators”. They must be called ” Aggregators” acting on behalf of the drivers. In fact it is more appropriate to consider  the Ubers and Olas  as the agents of the taxi drivers and not the other way round.

It would therefore be not possible for the transport department to register them as taxi operators without a change of law. If this path of changing of law to consider Ubers and Olas as taxi operators is attempted by any of the State Governments, it could lead to more legal complications than what they are trying to solve. As per the current laws, perhaps a single vehicle owner can register himself as a “Commercial Taxi Operator” and this law is sufficient to address the needs of the drivers who are affiliated to the Ubers or Olas.

The Ubers and Olas would be still liable as an “Intermediary” with some vicarious liabilities arising out of representing themselves as “Principals owning the taxis” instead of  “Agents for Booking”. Their liability will be more like the “Cyber Cafes”.

If the Government tries to define the Ubers and Olas as “Fleet Operators”, then they also need to consider the impact of such an interpretation on  private bus booking agents, train or air ticket booking agents, tour operators etc. If the Government says that Ubers and Olas cannot run their business without owning the vehicles themselves, then similar rules would be made to all other cab operators and auto rikshaw operators also that only the owners need to run the business. This will be impractical and cannot be implemented. In that case the app based service providers can consider that they are being discriminated and their fundamental right to run a business of their choice would be unfairly curtailed. If challenged, the Supreme Court may have to declare such laws as unconstitutional.

If the role of Ubers and Olas as a technology intermediary is recognized, their technology strengths can be harnessed by the Government to ensure that consumers get a good service and at the same time technology can be used in various ways to improve the security of the passengers.

Naavi

Share Button
Print Friendly

Uber failed in ITA 2008 Compliance

apna_ad_nov24

Before we proceed, let me make one point clear. Banning of Uber and other “App Based Taxi Services” is completely unacceptable. It is an immature reaction to the incident and should be reversed immediately.

We need to learn from the incident and make a root cause analysis to identify what improvements can be brought into the system. If we have any hope of building “Smart Cities”,we need to be capable of  managing “Smart Taxi Services”. If a similar approach had been adopted to Banking where there have been hundreds of frauds, we would have closed internet and mobile banking long back.

The app based taxi services such as Uber, Ola or Taxi For Sure are extremely convenient to the public. It is also a great way of providing employment where individuals can throw up their resources  to a pool and earn a living. In Bengaluru, Ola is extending the service to Autos and it can be a great boon to the public if properly handled. The benefits of the service are too over whelming to be be denied to the public just because of the misdeed of one driver.

We need to find out how the service can be improved and made more secure without banning the service. In this context we can explore if ITA 2008 compliance would have assisted the app based companies to improve the security of their service.

Under ITA 2008, the services of the app based taxi operators would be recognized as an “Intermediary”. They receive messages from members and transmit them to the service providers. In the process they add value to the service by various means. Such service could also be provided by a telephone call center. The app is a digital tool that does the work better.

The “App Center” which could be a “Web Site” that operates in the background need to be compliant with Section 79 of ITA 2008. According to ITA 2008 the App Center (Or its owner who is the company such as Uber) need to exercise “Due Diligence” and “Reasonable Security Practice” failing which they would be liable for any contravention of ITA 2008.

The offence in question however falls under IPC committed with the use of electronic documents to lure the customer. However when the driver switched off the app to facilitate the crime, he caused “Disruption” of service which is a contravention under Section 43 of ITA 2008 as well as an offence under Section 66 of ITA 2008. It will also attract Section 85 of the Company according to which the individuals who are in charge of business of the company may be held liable personally for the civil and criminal liabilities arising out of the incident.

If the app company needs to defend against the liabilities arising out of the contravention, it needs to show observance of “Due Diligence” and “Reasonable Security Practice”.

A proper interpretation of the provisions of ITA 2008 indicate that there should be a “Privacy Policy” and appropriate disclosure policy while the intermediary collects and uses sensitive personal information from public for providing the service. The enrolled drivers would be “Business Associates” of the company and the company (Intermediary) needs to have appropriate policies, procedures and controls in place to ensure that information passed on to them is used only for the purpose for which it was provided, namely to provide the taxi service and nothing else.

Such security measures would include an anticipation of the failure of the network when the service provider loses connectivity with the driver either because he can switch it off or because the network may not be available and the counter measures that are required to address the consequences which are considered reasonable. This is a “Threat” and a “Vulnerability” that leads to a “Risk” that needs to be mitigated.

Such reasonable counter measures could be “Alerting the Passenger” and his/her emergency contacts that “The taxi in which the passenger is travelling is temporarily out of contact and its last known location was ….” and also alerting the nearest police control room. In the instant case, it would have woken up the  passenger and enabled her to protect herself better.

The Police may say that they donot have the resources to respond to such alerts since there would be too many false alarms. But if the first alert from the app is corroborated by a subsequent alert from say the passenger using some security app of their own, then the police can swing into action through the patrol vehicles to check. Also the passenger can confirm when the booking is made  if he/she has accompanying passengers or is travelling alone which can tag the alert as “Non Critical” or “Critical”.

The back ground verification of the drivers would however be an essential part of the security and can be used to tag the drivers as “Verified” or otherwise.

The beauty of technology is that if we are innovative, we can up the security several notches and make the life of the citizens that much more secure.

We hope that our administrators understand the power of technology and use it properly rather than banning the use of technology for managing the taxi services. In the coming days the app based transport services will be an integral part of “smart city life” and it would be unwise to interrupt this technology development.

I also urge the app taxi operators to immediately form a forum of their own and develop a “Standard Security Procedure” to be an “industry practice”. They can then seek approval of such information security practice under Section 43A of ITA 2008 as a “Reasonable Security Practice”.

This would protect their business from knee jerk and arbitrary regulations from different Governments and harassment from corrupt politicians and police.

Naavi

Share Button
Print Friendly

Section 66A and Section 79 of ITA 2008 at Supreme Court

Hindustan Times has reported (Refer: Article  “SC warns govt over gagging social media” in Hindustan Times ) that the Supreme Court has demanded that the Government submits its views to the Court within one week and threatened that it may otherwise keep the section under suspension.

The main issue under consideration by Supreme Court is whether Section 66A is “Un-Constitutional” and interferes with the “Freedom of Speech”.  If SC is satisfied that the section does interfere with the freedom of speech since it criminalizes posting of comments on Face Book and Twitter as in the Palghar Case, it may come to the conclusion that Section 66A needs to be scrapped. Simultaneously the indication is that SC may also take a view on the responsibility of intermediaries under Section 79 in similar cases.

Naavi.org has expressed its views on this issue several times and would like to reiterate its views for immediate reference.

1. The current complaint before the SC is based on the action of Police in some of the cases such as the Palghar case. The most recent is a case filed on Mr N.Chandra Babu Naidu by TRS Chief Chandrashekar. In our opinion, all these cases have been filed by an error of judgement on the part of the Police and hence are not relevant to the issue whether Section 66A is unconstitutional or not. Postings in Face Book and Twitter should be considered as “Publishing” and is not within the provisions of Section 66A which should be restricted to “Messages” and “E Mails”. Restrictions on “Publishing” under ITA 2008 is restricted to what is “Obscene” and is covered under Section 67. All other defamation issues must be considered as outside the purview of ITA 2008 and should be considered as falling under IPC. A relevant “Explanation” under Section 66A would be a sufficient relief in the present case.

2.The reason why scrapping of Section 66A is not recommended is that this section addresses issues such as Cyber Bullying, Cyber Stalking, Phishing and Spamming. Hence there is a need to retain the section.

3.There is also a question on whether “Annoying” can be a sufficient ground to be equated with “Defamatory”.  Feeling “annoyed” is a personal reaction and is not the same as “being Defamed” in the presence of others. A person can get annoyed for nothing and cannot be a ground for removal of any content under Section 79.  An intermediary cannot also sit in judgement of whether there is a defamationary element in any content as this is the responsibility of the judiciary….unless the defamation is primafacie evident.  Intermediary can only put up a counter view and start a process of grievance redressal.

Let’s wait for further developments.

Naavi

Related Article by Pranesh Prakash

Share Button
Print Friendly

Cyber Appellate Tribunal to be active again

apna_ad_nov24

Naavi.org has been pursuing with the Government of India about the appointment of the Chair Person for Cyber Appellate Tribunal for over 3 years now. After exhausting all channels during the UPA regime, we had restarted the efforts after the new Government came to power.

At last there is a reply from the Ministry of Information Technology , perhaps because of the nudging by the National Human Rights Commission and the response has been posted on the website pgportal.gov.in.

The reply is dated November 20th and states

“You are hereby inform that the requisite pre-appointment formalities for appointment to the post of Chairperson, CAT, have been completed and proposal for appointment is under consideration by the competent authority.”

This response is to a comment posted on 5th September 2014.

Hopefully we may see re activation of the Cyber Appellate Tribunal shortly.

Naavi

Share Button
Print Friendly

Mockery of Cyber Justice?

It was interesting to note the blog post http://mahenlimaye.blogspot.in/  in which advocate Mahendra Limaye has pointed out that in response to a survey across the IT Secretaries in India, most were not even aware about their duties to the public as an “Adjudicator”.

Mr Limaye points out

Quote:

In most of the states in India office of Adjudicator is almost non-existent or non-performing. The reason behind the same is either the person who is supposed to be Adjudicator is not aware about his duties or the office staff of the said supposed to be Adjudicator is not aware about the procedure of the office of Adjudicator and above all most of the cyber crime victims/ lawyers /police officers are not aware about this CIVIL REDRESS MECHANISM.

Recently I mailed to most of the I T Secretaries in India to ascertain whether they have received any complaints for Adjudication and was shocked to discover that Most of the I T Secretaries offices responded that matter is to be filed with Police and I T Secretary has no role to play in Cyber Crimes adjudication.

Do you consider this as a Mockery? I certainly do!!!!!!!

The story does not end here. Few adjudicators(which can be counted on fingers) in India who are deciding the matters,have not set up any formal procedure for the Adjudication.No specific dates of month are reserved for the hearings nor there is any limitation within which parties are supposed to reply or police are supposed to submit there investigation report etc.Though as per provisions of 4k Adjudicator is supposed to hear application within 4 months and dispose within 6 months.

 Do you consider this as a Mockery? I certainly do!!!!!!!

UnQuote:

Naavi.org has spoken ad nauseam on this subject. It is good that other Cyber Law professionals are also feeling the injustice that is being meted out to the public of India.

Before we go further, I need to make a mention that at present we need to make a special mention of Mr Rajesh Aggarwal, IT Secretary of Mumbai who has been doing an yeoman service in this regard and has been adjudging on a number of cases under Section 46. We also need to remember Mr PWC Davidar of Chennai who was the pioneer who gave his landmark adjudication verdict in the case of Umashankar Vs ICICI Bank. These two are exceptions to whatever comment can be made that certain IT Secretaries are unaware of their responsibilities etc.

At the same time it is necessary to remember certain IT Secretaries who could not raise above conflicting interests and certain others who are arrogant enough to say that they know enough of Cyber Law to teach even the other Cyber Law experts in the market for decades and proceeded to take questionable decisions.

It is sad that we have also seen that Karnataka High Court failed to raise to the occasion and provide a relief when asked for and the Judge invoked the provisions selectively to suit one of the dominant parties to a dispute and ruled that the Cyber Crime victim cannot seek remedy at the High Court because there is a remedy at Cyber Appellate Tribunal (CAT) while at the same time he himself was ruling against the provisions of Section 61 of ITA 2000/8 and taking a decision in favour of one of the parties instead of directing him to approach the Cyber Appellate Tribunal. (When this decision was made it was known that the CAT was not functional at that time and directing the Cyber Crime victim to approach CAT was like pushing him into a black hole.).

We cannot also absolve the Ministry of Communications and Information Technology headed now by Mr Ravishankar Prasad which has failed to respond to a number of queries raised by the undersigned. It appears that Mr Prasad has not been able to understand the problem and is totally dependent on his support staff who are not perhaps guiding him properly.

I will also not spare the honourable Prime Minister Mr Modi of the blame since over the last few months, I have brought to the attention of Mr Modi himself that “Non Appointment of a Chair person to CAT is a huge blow to the delivery of Cyber Justice in India” but neither Mr Modi nor the PMO has even acknowledged my letters.

I would therefore like to ask Mr Modi.. Where is your efficient Governance? Is this all we can expect?

The only responses I have been receiving is from the Human Rights Commissions in Karnataka and now in Delhi. The Human Rights Commission of Karnataka did act suo moto to activate an unwilling Adjudicator but Karnataka High Court silenced the Commission. Now my latest letters to the Union Minister of IT, the PMO, and the Chief Justice of Supreme Court is with the Human rights Commission Delhi which has asked for the response from the Government.

We are waiting to see what Mr Ravi Shankar Prasad will reply now. Will he repeat what Mr Kapil Sibal said last time… or will he take an independent view. If Mr Prasad is being mislead by his support staff and for this reason he is unable to take a decision so far, I would urge him revamp the entire staff of the IT department or else take the blame for the inefficiency of his department.

Othewise Mr Modi’s Government will be no better than MMS government. Will Mr Modi take this as a compliment?

I wish advocates like Mr Limaye file a PIL to find out what is holding up the appointment of the Chair Person of CAT even after the new Government has taken over? Can it be anything other than Corruption? Nepotism? or Inefficiency?..

India has a right to know.

Naavi

Share Button
Print Friendly