Vision Document on Security BPO for BPOs prepared by Naavi.org
Contact for details

New Adjudicating Officer for Tamil Nadu

Under ITA-2000, the IT Secretary of the State is designated as the Adjudicator. Consequent to the designation of Mr C.Chandramauli as the IT Secretary of Tamil Nadu in place of Mr Vivek Harinarayan, Tamil Nadu will now have a new Adjduicator...Report in The Hindu

New System of Web Advertising Corrupting the Internet System

Netizen's Attention is drawn to the article on Cryptography quoted below from tmcnet.com where a relatively new system of web advertising has been used. Under this system, specific words in the article are hyperlinked under a "Sponsored Links" programme to certain URLs.(See Picture). ..As in the case of spywares, the "Apparent Hyper Link" is made to behave in a manner not expected by the user of the document and to that extent, the sponsored link system is deceptive and is a tainted form of advertising. This is not considered as a welcome development for the industry..... Detailed Article (Comments are welcome)

Cryptography Survives Regulatory Scare

In view of the difficulties that an encrypted information may present to the law enforcement, there have been a demand earlier in the US that the decryption key should be escrowed with a Government agency. Recently in UK, a provision in UK in the Electronic communications Act requiring registration for encryption service  providers has been allowed to lapse. These are considered positive steps to the Netizen's Rights Movement since it puts the freedom of expression and Privacy above state intervention. Under the Indian ITA 2000, the controller of Certifying Authorities has been provided a power under Sec 69  that enables seeking the assistance of the key holder to assist in decryption in cases of national importance with an attached 7 years imprisonment for failure.

A  thought is still lingering in the minds of some regulatory circles that the current digital signature system should be replaced with a dual key system where the private key used for encryption is escrowed with the CA while the second private key used for signature continues to be private.

In the light of the international developments, it is hoped that this move would be dropped.

Related Article: The Cryptowars are over.fipa.org : London Stock Exchange Welcomes change ..tmcnet

Boom time for KPO s and Doom time for BPOs ?

KPO sector  is expected to grow at a CAGR of 46 % as against the normal BPO sector's expected growth rate of 26 % according to an Evalueserve survey. One of the areas in which India sees huge opportunities is in the area of outsourced legal services. It is no coincidence that Naavi's project on Arbitration is rightly slotted in this segment. Details of Survey

CyLawCom for Cooperative Banks in India

The recent turmoil created in Bangalore by action of RBI on Sauharda Cooperative Bank and some of the moves which RBI has taken in recent days on the regulatory issues of Cooperative Banks has revived the memories of the regulatory transformation that was unleashed in India on the NBFC industry in the post CRB scam period.

Responding to the recognition of an emerging need, Cyber Law College has introduced a service  namely CyLawCom Audit for Co Operative Banks. Any suggestions in this regard from interested persons is welcome... Details

BS 150000 and SAS 70 Compliance for BPOs

The global attention attracted by the CitiBank-Mphasis fraud has also brought greater focus to the auditing of the BPO operations from the point of view of meeting the emerging standards of security and disclosure. Hitherto the standards talked about were BS7799/ISO 17799, CMM and Six Sigma. But in the coming days specially developed standards for the Service industry such as BS 150000 will become increasingly relevant. Simultaneously, the disclosure standards prescribed by SOX is being augmented by the SAS 70 (Statement on Auditing Standards No. 70) standard,  an internationally recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA) for service organizations.

These emerging standards are directly relevant  to the Cyber Space environment and hence have expanded the concept of CyLawCom opening new opportunities for the CyLawCom professionals. Cyber Law College has decided to make introductory study of these new areas of compliance part of the Techno Legal Cyber Security Course and the CyLawCom Certification programme. It may be noted that though SAS 70 certification is done by a CA firm, it can engage the services of a non CA professional having relevant information technology and security skills to participate in a SAS 70 engagement. (Queries on SAS 70 for BPOs Welcome)

A  note..only  for the Cricket Lovers..From Naavi

Several years ago,(1999) I had proposed an innovation in the one day rules to counter the "Pinch Hitting" strategies of Sanat Jayasuriya and save the opening bowler's career. I am glad to note that ICC is now introducing the suggestion to some extent. Similarly, I hope Naavi's Rating for Cricketers in a closed tournament like a worldcup will also be used one day.

IRDA Guidelines for Online Training of Insurance Agents

IRDA has issued guidelines of online training of agents. The guidelines are meant to  meet the standards used for offline training in terms of minimum number of hours of training...Copy of guidelines (pdf) :report in rediff.com

Contributions from Associates

It has been suggested that Naavi.org may publish short comments on various events of interest to the Cyber Law Community if submitted from time to time. We welcome such contributions to be sent by e-mail to Naavi.. ..Naavi

Verisign Stumped by a Phisher

There are plenty of  phishing e-mails that  invite you to visit a Bank's website and enter some particulars. Here is a report of a phishing attempt where the displayed pseudo Bank page contains a verisign seal, which if clicked confirms that it is a genuine site. It has been rightly observed in the report that verisign should have conducted a mandatory verification of the server digital certificate before displaying the confirmation.  A slip up..hopefully o be corrected in the coming days....Report in snpx.com: (Comments from Visitors Welcome)

Kidnapping of E-Documents for Ransom

In a baffling new attack, hackers are reportedly adopting a new strategy of encrypting the documents on your computer and demanding a ransom to release them. It is not clear if this is a new virus activity or a serious extortion threat since extortions involving money transfers are known to be traced far more easily than a mere virus introduction.... Report in snpx.com

For the sake of those who grumble..Is ITA-2000 equipped to handle new cyber crimes?..Please be assured that ITA-2000 provides both criminal liability under Section 66 as well as civil liability under Section 43.  Enforcement is ofcourse a different issue..a practical challenge which needs to be addressed.      Comments from Visitors

Tendering Practices in e-Governance should change

Analysing the slow progress of e-Governance in Tamil Nadu, indiatogether.com quotes... "Vijayshankar throws light on tendering practices in government that cause outcomes to go wrong. "For example, the government should seek those who will be able deliver birth and death certificates at the cost of Rs.5 per document that measures up to certain criteria instead of floating a lowest-bidder tender describing the processes that might not be cost-effective", he says. If the government were to seek vendors who could deliver a service at minimal cost instead of describing the processes through which the services should be rendered, private participation would be greater, argues Vijayshankar." Report

Right To Speedy Trial...Praveen Dalal

Article 21 of the Constitution of India declares in a mandatory tone that no person shall be deprived of his life or his personal liberty except according to procedure established by law. Feeling the heart-throb of the Preamble, deriving strength from the Directive Principles of State Policy and alive to their constitutional obligation, the Courts have allowed Article 21 to stretch its arms as wide as it legitimately can.

The legislative sensitivity towards providing a speedy and efficacious justice is mainly reflected in two enactments. The first one is the Arbitration and Conciliation Act, 1996 and the second one is the incorporation of section 89 in the traditional Civil Procedure Code.

..it is high time that we must build a base for not only offline ADRM but equally ODRM in India. ...Details

German Invasion on Dot In Domain System?

Naavi.org had been advocating for a policy change in the dot in domain names for a long time before the recent change so that the drain of foreign exchange from India towards registration of other domain names could reduce. The changes made recently including the registration of generic names was therefore considered welcome. However, the research done by Priyanka Rangarajan Project Co-ordinator, Society for the Removal of Corruption has come out with some scathing remarks and revealing findings which make it necessary for all decision makers to sit up and take notice. In view of the importance of the issue, we are reproducing the letter written by Ms Priyanka in one of the yahoo groups with her permission. We hope some positive corrective decisions will be forthcoming from the department in this regard....Copy of the Letter

Accreditation for Web Journalists?

It is reported that a scheme for registration of Bloggers and accreditation of web journalism is on cards as per this report in ET. Perhaps the earlier move of Cyber Society of India to provide CyLawCom Certification to Bloggers/Web Journalists (See www.cylawcom.org ) must have kindled some thoughts from the Government. Hope this does not become a licensing scheme.

Naavi has often pointed out that in India we have a tendency for the Governments to over regulate and the only way this can be prevented is to go for self regulation before the Government moves. It was to prevent such regulatory intrusion that Naavi suggested a voluntary Cyber Law Compliance for both Cyber Cafe owners as well as Bloggers. But it appears that the industry is slow to  react and hence given room for more legislation.

... The Report

Basel II and Cyber Law Compliance

According to the present guidelines of RBI, parallel run of Basel II norms should commence from April 2006. The actual implementation is scheduled for April 2007. This leaves us hardly 10 months to get ready for the parallel run.

Many Banking software vendors are now scrambling  for "Basel II Compliance" to be embedded into their software so that their clients are not adversely affected during the migration.

The objective of this article is to highlight the relationship between legal compliance and Basel II norms of Capital Adequacy. ( In the context of Computerized, Internet based, ATM based Banking, legal compliance is dominated by Cyber Law Compliance).

In case "Cyber Crime Risks"  are not properly covered and the existing Fraud risk insurance fails to provide security for the lack of due diligence, the risk becomes an "Uncovered Exposure" under the Basel II norms requiring higher Capital provision...>Details

Software to Detect Fraudulent Documents

A Kolkata based research student is reported to be in the process of developing a software to detect fraudulent computer documents and to track the scanners and printers used for their production. ..Story in yahoo

ADR, the Ultimate Solution to Backlog...Praveen Dalal

It is now widely acknowledged that ‘Justice delayed is Justice denied’. It is of common knowledge that existing justice system is not able to cope up with the ever-increasing burden of civil and criminal litigation....The CPC has been amended with effect from 1^st July 2002 to make ADR an integral part of the judicial process....We need “private initiatives” for not only establishment of ADR facilities in India but equally a “liberal use” of the same by the citizens and netizens....Detailed Article

Serious Security Holes Found in Anti Virus Software

It has been reported that most of the popular anti virus software vendors have recently fixed security holes that let an intruder take control of an user's computer while the scanning process was apparently on. The affected software included McAfee, Norton and Trend Micro...Article in Computer World

A Unique Collaborative Venture of Arbitrators in India

Alternate Dispute Resolution (ADR) through Mediation and Arbitration has been hailed as the next revolution in the judicial administration in India.

As has been the tradition of Naavi, if something is considered good for the community, efforts will not be spared to make such things happen. Now under the same principle, Naavi has undertaken a mission to develop ADR in India through a massive collaborative movement across India with the appropriate use of technology.

Yes, it is an ambitious project.....may be a mission which takes time to accomplish...may need participation from many investors, technology supporters, arbitrators, Governments etc.....may be there will be hurdles in plenty.

But a beginning has been made and I invite all interested persons to lend their support and make this ADR revolution a reality....More

Has MCIT Killed the Digital Signature System in India?

Through a notification dated October 29 2004, the MCIT sought to bring in the distinction between the Secure Digital Signature and the other Digital Signature by the following notification...On the face of it this appears to be a very reasonable provision aimed at introducing more security in to the system.

However, MCIT appears to have lost sight of the fact that along with ITA-2000, certain amendments were made to the Indian Evidence Act 1872 where in evidentiary value was ascribed to digital signatures. The notification adversely affects the status of digitally signed electronic documents in terms of their evidentiary value.

It appears that even before the system of digital signatures can be popularized amongst the common man, MCIT has taken steps to upgrade the system to a "Secure Digital Signature system" and in the bargain made it difficult for the existing system to even take root.

I hope the above issues (See article for details) have been taken note of by MCIT and we will receive a suitable clarification. ..Detailed Article

Financial Fraud and Cyber Crimes

In today's economic world where all financial transactions are computer based, it is no surprise that most financial frauds in India also attract  Section 66 of ITA-2000. One such case is the case of financial fraud that is reported to have occurred in Chennai in which a center manager of NIIT Franchisee allegedly defrauded to the extent of Rs 26 lakhs her employer.

This case attracts academic interest because it not only demonstrates the link between ITA-2000 and financial frauds in an electronic system but also because it has the potential to test the liability under Section 43 of the beneficiary company in which the alleged fraudulent employee and one of her associates is a director...Detailed Article

.Report in Hindu of 12th May 2005 : Related Report in The Hindu : Related Report in naavi.org

Online Arbitration in India....Praveen Dalal

The swift growth of e-commerce and web site contracts has increased the potential for conflicts over contracts which have been entered into online. This has necessitated a solution that is compatible with online matters and is netizens centric. This challenging task can be achieved by the use of ODRM in India.

The need and necessity of ODRM is going to be felt very soon and we must be prepared for the same There is a possibility that we may get BPO services in arbitration matters in the distant future. In any case it is also a mandate of Article 21 of the Constitution of India. .It cannot be doubted that if the State is encouraging ODRM it is thereby assisting in the attainment of a speedier, economical and convenient justice system. Thus, the sooner ODRM is adopted the better it will be for the nation in general and the justice seeker in particular. ..Detailed Article

Is Spyware Recognized as an offence in ITA-2000?

We often wonder if ITA-2000 is strong enough to address the emerging issues in Cyber Crimes. There are frequent demands that the ITA-2000 needs to be amended since it cannot recognize some of the offences that are becoming serious issues now.

One such doubt being raised is the incidence of "Spyware" and  "Adware" which reside in the computer of an user and send out information to an outside destination.

...Section 43 and Section 66 of ITA 2000 are worded in such a manner that Spyware is recognized as an offence for criminal liability and as a contravention for civil liability... Detailed Article

FIR filed against Directors of Adept Technology

It has been reported that an FIR has been filed on the directors of Adept Technology Ltd a Chennai based Company engaged amongst other things in conducting training programmes on "Ethical Hacking". It is alleged that one of the Directors is involved in a Rs 35 lakh  fraud in an NIIT Franchise center in the City and further investigations are in progress. The complaint has been filed by a Chennai based IT Company Intelligent Software Solutions Pvt Ltd.

Lookalikes in real life fight it out

An interesting dispute has arisen between Virendra Shewag the famous Indian Cricketer and his look alike Mr Sharma. As per this report in HT, Mr Shewag's ad agents appear to have stoped Mr Sharma from appearing in ads. Perhaps a case for verify4lookalikes.com service to be used in the ads?

Consultant says no to porno client, keeps job

This is the story of another consultant who stood by her values and the employer showed respect for her views and managed a solution to satisfy every one. The employee in this case found it difficult to work on a project which involved working on selling of pornographic content though legally. She held a frank discussion with her employers who understood and respected her concern and agreed to keep her off the project which was considered financially necessary for the company but offended the employee's beliefs. A solution was worked out where by the client was moved to another group which was constituted of persons who had no moral or ethical compulsions against working on such projects. An example other employers should try to emulate. Full article in techrepublic.com

Silence Cost him his job

Continuing on the need for developing a "Code of Ethics for Job Change" in IT Industries in India, this article in techrepublic highlights the dilemma faced by many employees. This is a case where an employee was unfairly dismissed from service since he chose to remain silent when he was required to speak up. The reason to remain silent was not because of any criminal intention but was only for what the employee considered as "Discipline"...Full article in techrepublic.com

Job Hopping Ethics

In India, employees particularly in IT companies are increasingly becoming vulnerable to harassment from vengeful employers who may not only retain access to employee's e-mails but also many times persecute them with false criminal cases when they resign. There have been several cases of such false implications which has landed employees in trouble.

It is also true that there are an equal number of cases where resigning employees have cheated the employers as well. The Citibank-Mphasis fraud is an immediate case in point.

Time has perhaps come for IT Employees to organize themselves with the twin objectives of being  protected against persecution when they want to shift jobs for genuine reasons and also follow certain ethical principles in changing of jobs. At the same time, employers should realize that employer-employee disputes are better sorted out over a discussion table or through arbitration rather than hoisting false cases. It is suggested that some HR firm should take the lead in designing a document for "Job Change Ethics"...Send Your views to Naavi

Employers in Australia Reined !

In a first of its kind legislation in Australia, the New South Wales state government introduced surveillance legislation to outlaw unauthorised spying on employees using technologies including e-mail, video cameras and tracking devices.

The legislation is expected to be passed by next week and the Penalties would include a A$5,500 fine (2,252 pound) for individuals, or A$5,500 for each director of a corporation...Details at uk.news

Adult Games..Selling in India

After the problems encountered by Bazee.com on the alleged sale of an obscene video, it appears that the sale of Games on the Internet could be a new problem area for portals. Some Games are considered "Adult Stuff" and marketing the same could cause Law Enforcement to take preventive action. In order to prevent unpleasant developments, it is suggested that "Secondary Content" defined as "Packaged for delivery by a third party" as against content directly posted on the website, needs to be "Certified Good for Sale" by some authority.

Will the Ministry of Information Technology take note of this requirement and create a "Content Certification Authority" to  which "Books", "CDs", "Games" etc can be referred to for clearance before being put up for sale?..Will it be practically feasible for MIT to take up such a mammoth work? Will it be amounting to "Censorship of the Internet?".. Send your views to Naavi

Should Cyber Marriages be Banned

Already opinions have been expressed by eminent lawyers on the issue. The substance of the views is that since "Saptapadi" is the essence of the Hindu Marriage and therefore a Cyber marriage is not feasible, the existence of the "Registered Marriage" concept opens up other possibilities...

it is the view of the undersigned that it may be recommended that  ITA-2000 is amended to notify that "Any Contract of Marriage" is outside the scope of ITA-2000. I request viewers to send their views in this regard for onward transmission to Ministry of Communications and Information and Technology. Interested persons may send their views on "Should Section 1(4) be amended to include 'Any Contract of Marriage' as an exclusion from ITA-2000."..More on it from Naavi.

Digital Marriage Again

There appears  to be a renewed interest in "Digital Marriage" as gathered from some discussion forums. We had earlier carried an article on this subject from Mr Praveen Dalal. Now a High Court advocate from Delhi Ms Geeta Narula provides her perspective view of the "Digital Marriage" in this article. She strongly presents the case to conclude that "There is nothing that makes a marriage valid or invalid for it being performed with the use of internet or information technology. Once a person satisfies the essential and formal validities of the marriage his/her marriage is perfectly valid. "  Detailed Article

Bangalore Cyber Police Save an Executive's Job

In an interesting case, Bangalore Cyber Police are reported to have stepped in to clear an executive who is accused to have sent some obscene e-mails to his employers and dismissed from the job even before he reported. It is one of those cases where the former employer tried to take revenge on the outgoing employee for reasons better known to them.

While it is a happy ending for the person to have got back the job he lost, it would be even more rewarding if he can claim damages from those who were responsible for his mental agony during the crisis period. Details in Indian Express