Are you a ITA 2008 compliant organization?..Enter the Hall of Fame..

Information Technology Act 2000 (ITA 2000) came into effect on 17th October 2000. Apart from the legal recognition of electronic documents provided under the Act, certain offences and contraventions were defined in the Act. One important aspect of the ITA 2000 was the introduction of the concept of “Due Diligence” failure of which could land a Company and its executives in trouble.

Under sections 79, intermediaries could be held liable for offences attributable to the third party information handled by them and under Section 85, Companies could be held liable for offences attributable to the Company. In either case the liability could be both civil and criminal. Because of section 85 the liability on a Company could also be extended to its officials.

This meant that Companies having the risk exposure to the commission of contraventions under the Act either by its employees or by others who use their information assets. Hence it became critical for companies to protect their and their executives interest by adequately following due diligence.

Though there was an attempt to get these provisions diluted through the “Expert Committee” constituted by the Government in the aftermath of the baazee.com developments, the final outcome in the form of ITA 2008 (ITA 2000 with amendments under Information Technology Amendment Act 2008) was perhaps more stringent than ITA 2000. It retained the provisions of Section 85 and 79 along with an expansion of the contraventions and crimes recognized by the Act.

The need for companies to be ever more vigilant about “Due Diligence” increased with the introduction of the ITA 2008 with effect from 27th October 2009.

It is now 5 years since ITA 2008 came into being and ITA 2008 mandated several security measures cumulatively requiring an ITA 2008 compliance audit and compliance program for every IT User.

We hope all corporate managers have taken note of this requirement which is also a pre requisite for Clause 49 compliance under SEBI listing norms for listed companies.

Naavi.org requests every company to self introspect and ask a question to themselves, “Am I compliant with ITA 2008?”

If not it is necessary to take suitable steps to implement such a compliance program at the earliest. If any company has completed an ITA 2008 compliance implementation program, Naavi.org thinks that such companies deserve to be placed in the “Hall of Fame” for ITA Compliant Organizations.

Naavi has therefore launched a new website www.ita2008.co   to represent the rare companies which deserve to be called an “ITA Compliant Organization” and request Cyber Law Consultants and Techno Legal Information Security consultants to report the names of organizations who have completed a proper ITA 2008 compliance audit along with the date of such completion and the consent of the company to place their names in the list.

Simultaneously another website,  www.ita2008.in has also been launched and is dedicated to carrying a copy of the Act and rules for immediate reference.

While Naavi or Naavi.org or ita2008.co does not take the responsibility to independently verify the claim, it would like to provide an opportunity for companies and consultants who have taken steps to reach certain satisfactory levels of compliance. We do grant that at this point of time there may not be a standardization of evaluation and different auditors may have different evaluation standards.

Naavi  invites leading Techno Legal consultants of India to come together and form an informal forum so that we can try to develop some standard practices  that would be acceptable to all. This would be an attempt at developing a “Standard” for “ITA 2008 Compliance Audit and Implementation”. As some of the observers of this site are aware, Naavi.org has suggested a framework called IISF-209 v-5 which is an attempt to provide some road map for such standardization. . Naavi has also developed some thoughts on how to measure the progress of ITA 2008 compliance over a period of time to establish the maturity levels reached by an organization.

There can be scope for further development of this concept  if the leading ITA 2008 compliance consultants in India can come together.

I look forward to comments and suggestions in this regard so that we can take this effort beyond launching of a website and declaring an intention to create a “Hall of Fame” for ITA 2008 compliant organizations.

Naavi

1st November 2014

Share Button
Print Friendly

Cyber Pornography- We need to fight for a Clean Internet

The Rajyasabha MPs who are visiting Chennai and Bangalore are collecting views about whether ITA 2000 should be amended to fight Cyber Pornography.

Naavi.org has been fighting for action to eliminate Cyber Pornography for over a decade and has discussed what needs to be done in this regard.

To refresh the minds of those who are concerned with the problem, I draw their attention to the following articles:

1. Responsibilities of the School Administration

2.Declare A War On Cyber Pornography !

3.Govt Can Ban Porn websites for obscenity

4.The War on savitabhabhi.com needs to be continued

5.Should we legalize por.n?

After the introduction of ITA 2008, Section 67B has stringent provisions that can be used to control Cyber Pornography. In fact Section 67B is so stringent that it is considered as amenable for misuse by Police.

Under these circumstances, it is our considered opinion that it is not  necessary to amend ITA 2008 to control Cyber Pornography.  Even if more stringent changes are made to the law, it will not make any difference and will only increase the possibility of abuse.

If there was a will to control Cyber pornography, by this time we could have done it. But the industry is completely against the idea since banning pornography will reduce internet traffic and also eliminate an  important channel of virus distribution. The criminals and the greedy businessmen are therefore lobbying against elimination of Cyber Pornography.

Recently there was a new search engine created by some technologists to provide for “Anonymous Pornographic content Search”.  

However, so far there is no news of the Government taking any steps to prosecute these persons for promoting a service to break Indian law.

Section 79 of ITA 2008 along with the rules notified in April 2011 has specific “Due Diligence Mandate” which includes steps to prevent posting of any obscene content on websites. This law is more than sufficient to fight Cyber Pornography if we have the will.

After the recent crimes in Mumbai, Delhi and Bangalore where sex related offences have been committed with unbelievable atrocities and strange circumstances, it can be said without doubt that youngsters are being corrupted with cyber pornographic content that makes them behave like animals at times.

There is therefore an immediate need to take suitable steps to ensure that the Indian Cyber Space is cleared of this filth called pornography.

Naavi welcomes the initiative of the standing committee under the chairmanship of Sri Bhagat Singh Koshyari in trying to find a solution to this menace.

During their meetings, the MPs will find many technology specialists discouraging them and saying that we cannot block pornographic content since they will resurface in a different name. This is an excuse that the pornography supporters present to prevent action from the Government. It is necessary for us to remember that today around 74000 viruses are appearing each day and the industry is fighting it constantly. The total population of viruses and malware in the world could well be running into more than 21 million. Perhaps the war against virus would never be won completely but the menace is kept in check with some minimal investment from the user’s side.

If 74000 viruses per day can be kept in check and more than 20 million malwares have been pinned down, it is not impossible to eliminate Cyber Pornography at least from India if there is a serious effort.

What we may need is to develop a mechanism for reporting of pornographic URLs and development of a central data base of all such reports. Then all ISPs should create a black list of URLs by linking their DNS cache with the black listed URLs. If we take up this effort on a war footing the way Mr Modi has launched the “Clean India Campaign”, it is possible to create a “Clean Indian Cyber Space” in no time.

It is possible that many users may start using proxy servers to beat the system. It does not matter. If we can eliminate 90% of pornography, then the damage would be significantly curtailed. The incentive to maintain the savitabhabhi.com or its alternative kirtu.com would die down gradually.

Naavi.org therefore calls upon the Bhagat Singh Committee to declare a “Swachh Bharatiya Cyber Space (Antarjaal) Abhyan” and work on how to develop the system of identifying pornographic content and encouraging development of  more and more “Net Nanny” type of filters for schools and other organizations so that we can reach our “Swachh Bharatiya Antarjaal ” goal in 2015 itself.

Naavi

Share Button
Print Friendly

Cyber Pornography- MPs to hold consultations

It is reported that a group of Rajyasabha MPs are visiting Chennai today and Bangalore tomorrow to discuss issues on how to control Cyber Pornography.

Persons interested in providing their views may contact the Cyber Crime police station or the IT Secretaries in each of these states and ensure that their views are heard.

There is a huge economy riding on cyber pornography and hence any attempt to control the menace will have opposition from certain quarters.

There is a view that vested interests are trying to prevent wider discussions on the subject and donot want the members to meet a larger section of the public.

Hence interested persons may take special efforts to reach out to the MPs. The press release indicates the details of how to reach out to the committee.

Related Article

Press Release

Naavi

Share Button
Print Friendly

Can we declare the Indian Cyber Space as a “Union Territory”?

A Few days back there were reports in the press about Government of India ordering an enquiry on Flipkart under provisions of competition law following some problems that arose during the Big Billion Day sale.

Government of India has now clarified that there would be no investigation on the Flipkart’s Big Billion Day sales in which unfair trade practices were alleged.

See Report IN ET

The Minister of Commerce Nirmala Seetharaman had earlier made a statement that indicated that an enquiry could be ordered based on the complaints of the meta society traders who could not digest the possibility of their  pre-Diwali sale getting adversely affected by the online sale. Now the Minister has stated that here earlier statement was mis-quoted.

We are happy that the earlier stand which was unjustified has been rejected.

In the meantime, Karnataka Government seems to have its own issue on the online traders concerning payment of VAT. According to the report, the Government had raised an objection with Amazon claiming that the goods stocked at the Amazon facilitation center should be treated as “Practically” belonging to Amazon. This view is unlikely to have any legal validity since it has the effect of re-defining the age old concepts of contract act just to pre-pone the collection of tax. This sort of distortion of law for immediate short term gains of tax collection is ill advised and we hope that  better counsel will prevail.

It is difficult to understand why Government officials cannot appreciate that flipkart.com or amazon.in or snapdeal.com are merely shops in the cyber space. Their business models may either be like a shop front where the goods are bought from dealers by the website and re-sold to its customers or the sale can be on an exhibition mode where the website acts merely as a space used by the dealers to make their own sales with a commission paid to the space owner either as a cut in the sale revenue or otherwise.

Unless Government wants to double tax the transactions, there is no difference between collecting the tax either from the dealer or from the website. But the liability will depend on the contract between the dealer and the website which may vary from one website to another and also from one dealer to another.

There could however be some debate on the incidence of Inter State levies. When a customer of one state buys a product from say Flipkart which bills the transaction in Karnataka, the state where the customer is residing may chose to charge an “entry tax” and collect it through the courier.

With all the discussion about GST going on, there is no need to complicate the E Commerce business by such extreme views on inter state transactions even if the current laws may make it possible. In all E Commerce transactions, there is a fair share of sale returns and replacements and it would be a real pain to account for tax on such transactions if each state wants to collect a portion of the tax.

In the event Government tries to squeeze the industry, it is possible for E Commerce sites to shift to off shore locations or arrange to  deliver the goods from the godowns in each state.

All this will not significantly increase the revenue of the States but may inconvenience a Netizen and delay the E Commerce delivery. Netizens as a category should raise their voice against such obnoxious thoughts that some Governments may entertain.

There is perhaps one solution which is in the hands of the Central Government to prevent this issue from becoming a dampener for Digital India.

Possibly the Ministry of Information Technology can amend Information Technology Act 2000/8 with the proviso

“Not withstanding any thing contained in any law, and in the absence of an agreement to the contrary, any commercial transaction effected through Internet where any one of the parties to the transaction is located in India,  is deemed to have been completed in the jurisdiction of the Indian National Cyber Space and not in the jurisdiction of any of the States in India and shall be subject to taxation and regulation only by the Government of India”

For all practical purposes, the Indian Cyber Space would then be equivalent to a new Union Territory controlled by the Government of India. This will prevent each State intervening in the E Commerce transactions in the greed of generating revenue.

Naavi

Share Button
Print Friendly

Naavi launches e-ombudsman service

As a part of the dispute resolution requirements of any organization, it is always a good strategy to develop Alternate Dispute Resolution mechanisms to avoid unpleasant litigations.

Arbitration is one such strategy which Naavi has been proposing as an online service under www.arbitration.in.

In certain cases it would be desirable to have an “Ombudsman” approach before even proceeding to arbitration. The Ombudsman with the right kind of knowledge and enjoying respect in the community can suggest and bring about resolution through mediation and conciliation which can be less expensive and faster.

For “Intermediaries” coming under ITA 2008, “A Grievance redressal mechanism” is mandatory. Many of the intermediaries have a fairly effective complaint handling mechanism with the help desk handling complaints involving technical issues. However the help desk will not be able to effectively deal with instances where the complaint has a potential for escalating into a legal dispute. In such cases, inefficient handling by the help desk personnel may even complicate the resolution.

From a “Techno Legal Perspective” therefore, a security breach incident needs to be vetted by a person with suitable techno legal knowledge so that an early attention can be given for potentially volatile incidents. Further when the first level technical resolution by the helpdesk fails to satisfy a complaining customer, there is a need to escalate the complaint preferably to the next level where a decision can be taken with “Techno Legal” outlook. An Ombudsman would be able to come in at this stage.

Further, when employee issues need to be addressed by a company or it is necessary to pursue a “Whistle Blower Policy”, it is always more effective for the disputes to be addressed by an “Ombudsman” than an internal senior employee. An Ombudsman can act as a filter to anonymize the complainant and avoid nuisance complaints.

Considering such needs and a perceived demand by companies both big and small, Naavi is proposing to offer a new service titled “E-Ombudsman” through www.e-ombudsman.in. This will be a platform through which a panel of eminent persons will offer their services to companies on demand to act as Ombudsmen.

Today being the 14th anniversary of the “Digital Society Day of India”, (Remember that ITA 2000 was notified on 17th October 2000 and brought legal recognition to electronic documents for the first time in the country), the service of e-ombudsman is being formally launched.

A detailed plan of action to make the services available through online applications is being developed to support a greater automation of the service and will be introduced in the due course.

I wish the service will be found useful by the community.

Further information will be updated at www.e-ombudsman.in. For more information please contact Naavi.

Naavi

Share Button
Print Friendly

Cyber Crime in Auto Meter Tampering at Bangalore

A Kannada TV Channel namely BTV News channel has reported a sting in which the tampering of auto meters has been discussed in great detail.  A TV debate has been presented today ( 15th October 2014) where the issue is being discussed.

One of the views expressed by panel members is that legal action should be taken on manufacturers of tamperable meters as well as the mechanics who tamper the meter and the drivers. Panel members are also expressing regret that the law is not stringent enough and even when caught the persons responsible are getting away with fine of Rs 500/- or less.

The news report is showing how chips are being introduced in the digital meters so as to make it run faster than what they should. It is being reported that around 1 lakh meters in Bangalore are susceptible to tampering and not less than 50% of these have already been tampered with. Such autos are estimated to be over charging about Rs 10-15 for each trip. The loot therefore is estimated to be around Rs 20-30 lakhs per day.

The TV debate is also presenting one of the meter manufacturer who claim that his meter is tamper proof but there are other meters in the market which are tamperable and the Government has not shown any inclination to encourage the use of tamper proof meters.

Considering the enormity of the problem, it is necessary to clarify that tampering of digital meters is a Cyber Crime and falls under Section 66 of Information Technology Act 2000/8. It is also an offence under IPC as “Assistance to Cheat”. The punishment under Section 66 is 3 year imprisonment and fine upto Rs 5 lakhs. It is therefore stringent enough to send shivers to drivers.

Hence it is not correct to say that the law is not strong. Perhaps the Police is not interested in applying strong laws. Also the traffic police may not have adequate exposure to cyber laws and hence have never thought of invoking the law.

While the tampering mechanic is directly responsible for  causing the electronic system (Digital Meter) to behave in a manner it is not intended to and therefore liable for Section 66, the driver would be also equally liable since he owns the meter and commercially benefits by the tampering.

Unfortunately it may be difficult to make the manufacture of the tamperable meters liable. But the Government may try to encourage tamper proof meter manufacturers and ensure that other meter manufacturers fall in line.

I hope the Police Commissioner in Bangalore will explore how ITA 2000/8 can be applied in all cases of Meter tampering .

Naavi

Share Button
Print Friendly