Vision Document on Security BPO for BPOs prepared by Naavi.org
Contact for details
New Adjudicating Officer for Tamil Nadu
Under ITA-2000, the IT Secretary of the State is designated as the Adjudicator. Consequent to the designation of Mr C.Chandramauli as the IT Secretary of Tamil Nadu in place of Mr Vivek Harinarayan, Tamil Nadu will now have a new Adjduicator...Report in The Hindu
New System of Web Advertising Corrupting the Internet System
Netizen's Attention is drawn to the article on Cryptography quoted below from tmcnet.com where a relatively new system of web advertising has been used. Under this system, specific words in the article are hyperlinked under a "Sponsored Links" programme to certain URLs.(See Picture). ..As in the case of spywares, the "Apparent Hyper Link" is made to behave in a manner not expected by the user of the document and to that extent, the sponsored link system is deceptive and is a tainted form of advertising. This is not considered as a welcome development for the industry..... Detailed Article (Comments are welcome)
Cryptography Survives Regulatory Scare
In view of the difficulties that an encrypted information may present to the law enforcement, there have been a demand earlier in the US that the decryption key should be escrowed with a Government agency. Recently in UK, a provision in UK in the Electronic communications Act requiring registration for encryption service providers has been allowed to lapse. These are considered positive steps to the Netizen's Rights Movement since it puts the freedom of expression and Privacy above state intervention. Under the Indian ITA 2000, the controller of Certifying Authorities has been provided a power under Sec 69 that enables seeking the assistance of the key holder to assist in decryption in cases of national importance with an attached 7 years imprisonment for failure.
A thought is still lingering in the minds of some regulatory circles that the current digital signature system should be replaced with a dual key system where the private key used for encryption is escrowed with the CA while the second private key used for signature continues to be private.
In the light of the international developments, it is hoped that this move would be dropped.
Related Article: The Cryptowars are over.fipa.org : London Stock Exchange Welcomes change ..tmcnet
Boom time for KPO s and Doom time for BPOs ?
KPO sector is expected to grow at a CAGR of 46 % as against the normal BPO sector's expected growth rate of 26 % according to an Evalueserve survey. One of the areas in which India sees huge opportunities is in the area of outsourced legal services. It is no coincidence that Naavi's project on Arbitration is rightly slotted in this segment. Details of Survey
CyLawCom for Cooperative Banks in India
The recent turmoil created in Bangalore by action of RBI on Sauharda Cooperative Bank and some of the moves which RBI has taken in recent days on the regulatory issues of Cooperative Banks has revived the memories of the regulatory transformation that was unleashed in India on the NBFC industry in the post CRB scam period.
Responding to the recognition of an emerging need, Cyber Law College has introduced a service namely CyLawCom Audit for Co Operative Banks. Any suggestions in this regard from interested persons is welcome... Details
BS 150000 and SAS 70 Compliance for BPOs
The global attention attracted by the CitiBank-Mphasis fraud has also brought greater focus to the auditing of the BPO operations from the point of view of meeting the emerging standards of security and disclosure. Hitherto the standards talked about were BS7799/ISO 17799, CMM and Six Sigma. But in the coming days specially developed standards for the Service industry such as BS 150000 will become increasingly relevant. Simultaneously, the disclosure standards prescribed by SOX is being augmented by the SAS 70 (Statement on Auditing Standards No. 70) standard, an internationally recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA) for service organizations.
These emerging standards are directly relevant to the Cyber Space environment and hence have expanded the concept of CyLawCom opening new opportunities for the CyLawCom professionals. Cyber Law College has decided to make introductory study of these new areas of compliance part of the Techno Legal Cyber Security Course and the CyLawCom Certification programme. It may be noted that though SAS 70 certification is done by a CA firm, it can engage the services of a non CA professional having relevant information technology and security skills to participate in a SAS 70 engagement. (Queries on SAS 70 for BPOs Welcome)
A note..only for the Cricket Lovers..From Naavi
Several years ago,(1999) I had proposed an innovation in the one day rules to counter the "Pinch Hitting" strategies of Sanat Jayasuriya and save the opening bowler's career. I am glad to note that ICC is now introducing the suggestion to some extent. Similarly, I hope Naavi's Rating for Cricketers in a closed tournament like a worldcup will also be used one day.
IRDA Guidelines for Online Training of Insurance Agents
IRDA has issued guidelines of online training of agents. The guidelines are meant to meet the standards used for offline training in terms of minimum number of hours of training...Copy of guidelines (pdf) :report in rediff.com
Contributions from Associates
It has been suggested that Naavi.org may publish short comments on various events of interest to the Cyber Law Community if submitted from time to time. We welcome such contributions to be sent by e-mail to Naavi.. ..Naavi
Verisign Stumped by a Phisher
There are plenty of phishing e-mails that invite you to visit a Bank's website and enter some particulars. Here is a report of a phishing attempt where the displayed pseudo Bank page contains a verisign seal, which if clicked confirms that it is a genuine site. It has been rightly observed in the report that verisign should have conducted a mandatory verification of the server digital certificate before displaying the confirmation. A slip up..hopefully o be corrected in the coming days....Report in snpx.com: (Comments from Visitors Welcome)
Kidnapping of E-Documents for Ransom
In a baffling new attack, hackers are reportedly adopting a new strategy of encrypting the documents on your computer and demanding a ransom to release them. It is not clear if this is a new virus activity or a serious extortion threat since extortions involving money transfers are known to be traced far more easily than a mere virus introduction.... Report in snpx.com
For the sake of those who grumble..Is ITA-2000 equipped to handle new cyber crimes?..Please be assured that ITA-2000 provides both criminal liability under Section 66 as well as civil liability under Section 43. Enforcement is ofcourse a different issue..a practical challenge which needs to be addressed. Comments from Visitors
Tendering Practices in e-Governance should change
Right To Speedy Trial...Praveen Dalal
Article 21 of the Constitution of India declares in a mandatory tone that no person shall be deprived of his life or his personal liberty except according to procedure established by law. Feeling the heart-throb of the Preamble, deriving strength from the Directive Principles of State Policy and alive to their constitutional obligation, the Courts have allowed Article 21 to stretch its arms as wide as it legitimately can.
The legislative sensitivity towards providing a speedy and efficacious justice is mainly reflected in two enactments. The first one is the Arbitration and Conciliation Act, 1996 and the second one is the incorporation of section 89 in the traditional Civil Procedure Code.
..it is high time that we must build a base for not only offline ADRM but equally ODRM in India. ...Details
German Invasion on Dot In Domain System?
Naavi.org had been advocating for a policy change in the dot in domain names for a long time before the recent change so that the drain of foreign exchange from India towards registration of other domain names could reduce. The changes made recently including the registration of generic names was therefore considered welcome. However, the research done by Priyanka Rangarajan Project Co-ordinator, Society for the Removal of Corruption has come out with some scathing remarks and revealing findings which make it necessary for all decision makers to sit up and take notice. In view of the importance of the issue, we are reproducing the letter written by Ms Priyanka in one of the yahoo groups with her permission. We hope some positive corrective decisions will be forthcoming from the department in this regard....Copy of the Letter
Accreditation for Web Journalists?
It is reported that a scheme for registration of Bloggers and accreditation of web journalism is on cards as per this report in ET. Perhaps the earlier move of Cyber Society of India to provide CyLawCom Certification to Bloggers/Web Journalists (See www.cylawcom.org ) must have kindled some thoughts from the Government. Hope this does not become a licensing scheme.
Naavi has often pointed out that in India we have a tendency for the Governments to over regulate and the only way this can be prevented is to go for self regulation before the Government moves. It was to prevent such regulatory intrusion that Naavi suggested a voluntary Cyber Law Compliance for both Cyber Cafe owners as well as Bloggers. But it appears that the industry is slow to react and hence given room for more legislation.
... The Report
Basel II and Cyber Law Compliance
According to the present guidelines of RBI, parallel run of Basel II norms should commence from April 2006. The actual implementation is scheduled for April 2007. This leaves us hardly 10 months to get ready for the parallel run.
Many Banking software vendors are now scrambling for "Basel II Compliance" to be embedded into their software so that their clients are not adversely affected during the migration.
The objective of this article is to highlight the relationship between legal compliance and Basel II norms of Capital Adequacy. ( In the context of Computerized, Internet based, ATM based Banking, legal compliance is dominated by Cyber Law Compliance).
In case "Cyber Crime Risks" are not properly covered and the existing Fraud risk insurance fails to provide security for the lack of due diligence, the risk becomes an "Uncovered Exposure" under the Basel II norms requiring higher Capital provision...>Details
Software to Detect Fraudulent Documents
A Kolkata based research student is reported to be in the process of developing a software to detect fraudulent computer documents and to track the scanners and printers used for their production. ..Story in yahoo
ADR, the Ultimate Solution to Backlog...Praveen Dalal
It is now widely acknowledged that ‘Justice delayed is Justice denied’. It is of common knowledge that existing justice system is not able to cope up with the ever-increasing burden of civil and criminal litigation....The CPC has been amended with effect from 1st July 2002 to make ADR an integral part of the judicial process....We need “private initiatives” for not only establishment of ADR facilities in India but equally a “liberal use” of the same by the citizens and netizens....Detailed Article
Serious Security Holes Found in Anti Virus Software
It has been reported that most of the popular anti virus software vendors have recently fixed security holes that let an intruder take control of an user's computer while the scanning process was apparently on. The affected software included McAfee, Norton and Trend Micro...Article in Computer World
A Unique Collaborative Venture of Arbitrators in India
Alternate Dispute Resolution (ADR) through Mediation and Arbitration has been hailed as the next revolution in the judicial administration in India.
As has been the tradition of Naavi, if something is considered good for the community, efforts will not be spared to make such things happen. Now under the same principle, Naavi has undertaken a mission to develop ADR in India through a massive collaborative movement across India with the appropriate use of technology.
Yes, it is an ambitious project.....may be a mission which takes time to accomplish...may need participation from many investors, technology supporters, arbitrators, Governments etc.....may be there will be hurdles in plenty.
But a beginning has been made and I invite all interested persons to lend their support and make this ADR revolution a reality....More
Has MCIT Killed the Digital Signature System in India?
Through a notification dated October 29 2004, the MCIT sought to bring in the distinction between the Secure Digital Signature and the other Digital Signature by the following notification...On the face of it this appears to be a very reasonable provision aimed at introducing more security in to the system.
However, MCIT appears to have lost sight of the fact that along with ITA-2000, certain amendments were made to the Indian Evidence Act 1872 where in evidentiary value was ascribed to digital signatures. The notification adversely affects the status of digitally signed electronic documents in terms of their evidentiary value.
It appears that even before the system of digital signatures can be popularized amongst the common man, MCIT has taken steps to upgrade the system to a "Secure Digital Signature system" and in the bargain made it difficult for the existing system to even take root.
I hope the above issues (See article for details) have been taken note of by MCIT and we will receive a suitable clarification. ..Detailed Article
Financial Fraud and Cyber Crimes
In today's economic world where all financial transactions are computer based, it is no surprise that most financial frauds in India also attract Section 66 of ITA-2000. One such case is the case of financial fraud that is reported to have occurred in Chennai in which a center manager of NIIT Franchisee allegedly defrauded to the extent of Rs 26 lakhs her employer.
This case attracts academic interest because it not only demonstrates the link between ITA-2000 and financial frauds in an electronic system but also because it has the potential to test the liability under Section 43 of the beneficiary company in which the alleged fraudulent employee and one of her associates is a director...Detailed Article
.Report in Hindu of 12th May 2005 : Related Report in The Hindu : Related Report in naavi.org
Online Arbitration in India....Praveen Dalal
The swift growth of e-commerce and web site contracts has increased the potential for conflicts over contracts which have been entered into online. This has necessitated a solution that is compatible with online matters and is netizens centric. This challenging task can be achieved by the use of ODRM in India.
The need and necessity of ODRM is going to be felt very soon and we must be prepared for the same There is a possibility that we may get BPO services in arbitration matters in the distant future. In any case it is also a mandate of Article 21 of the Constitution of India. .It cannot be doubted that if the State is encouraging ODRM it is thereby assisting in the attainment of a speedier, economical and convenient justice system. Thus, the sooner ODRM is adopted the better it will be for the nation in general and the justice seeker in particular. ..Detailed Article
Is Spyware Recognized as an offence in ITA-2000?
We often wonder if ITA-2000 is strong enough to address the emerging issues in Cyber Crimes. There are frequent demands that the ITA-2000 needs to be amended since it cannot recognize some of the offences that are becoming serious issues now.
One such doubt being raised is the incidence of "Spyware" and "Adware" which reside in the computer of an user and send out information to an outside destination.
...Section 43 and Section 66 of ITA 2000 are worded in such a manner that Spyware is recognized as an offence for criminal liability and as a contravention for civil liability... Detailed Article
FIR filed against Directors of Adept Technology
It has been reported that an FIR has been filed on the directors of Adept Technology Ltd a Chennai based Company engaged amongst other things in conducting training programmes on "Ethical Hacking". It is alleged that one of the Directors is involved in a Rs 35 lakh fraud in an NIIT Franchise center in the City and further investigations are in progress. The complaint has been filed by a Chennai based IT Company Intelligent Software Solutions Pvt Ltd.
Lookalikes in real life fight it out
An interesting dispute has arisen between Virendra Shewag the famous Indian Cricketer and his look alike Mr Sharma. As per this report in HT, Mr Shewag's ad agents appear to have stoped Mr Sharma from appearing in ads. Perhaps a case for verify4lookalikes.com service to be used in the ads?
Consultant says no to porno client, keeps job
This is the story of another consultant who stood by her values and the employer showed respect for her views and managed a solution to satisfy every one. The employee in this case found it difficult to work on a project which involved working on selling of pornographic content though legally. She held a frank discussion with her employers who understood and respected her concern and agreed to keep her off the project which was considered financially necessary for the company but offended the employee's beliefs. A solution was worked out where by the client was moved to another group which was constituted of persons who had no moral or ethical compulsions against working on such projects. An example other employers should try to emulate. Full article in techrepublic.com
Silence Cost him his job
Continuing on the need for developing a "Code of Ethics for Job Change" in IT Industries in India, this article in techrepublic highlights the dilemma faced by many employees. This is a case where an employee was unfairly dismissed from service since he chose to remain silent when he was required to speak up. The reason to remain silent was not because of any criminal intention but was only for what the employee considered as "Discipline"...Full article in techrepublic.com
Job Hopping Ethics
In India, employees particularly in IT companies are increasingly becoming vulnerable to harassment from vengeful employers who may not only retain access to employee's e-mails but also many times persecute them with false criminal cases when they resign. There have been several cases of such false implications which has landed employees in trouble.
It is also true that there are an equal number of cases where resigning employees have cheated the employers as well. The Citibank-Mphasis fraud is an immediate case in point.
Time has perhaps come for IT Employees to organize themselves with the twin objectives of being protected against persecution when they want to shift jobs for genuine reasons and also follow certain ethical principles in changing of jobs. At the same time, employers should realize that employer-employee disputes are better sorted out over a discussion table or through arbitration rather than hoisting false cases. It is suggested that some HR firm should take the lead in designing a document for "Job Change Ethics"...Send Your views to Naavi
Employers in Australia Reined !
In a first of its kind legislation in Australia, the New South Wales state government introduced surveillance legislation to outlaw unauthorised spying on employees using technologies including e-mail, video cameras and tracking devices.
The legislation is expected to be passed by next week and the Penalties would include a A$5,500 fine (2,252 pound) for individuals, or A$5,500 for each director of a corporation...Details at uk.news
Adult Games..Selling in India
After the problems encountered by Bazee.com on the alleged sale of an obscene video, it appears that the sale of Games on the Internet could be a new problem area for portals. Some Games are considered "Adult Stuff" and marketing the same could cause Law Enforcement to take preventive action. In order to prevent unpleasant developments, it is suggested that "Secondary Content" defined as "Packaged for delivery by a third party" as against content directly posted on the website, needs to be "Certified Good for Sale" by some authority.
Will the Ministry of Information Technology take note of this requirement and create a "Content Certification Authority" to which "Books", "CDs", "Games" etc can be referred to for clearance before being put up for sale?..Will it be practically feasible for MIT to take up such a mammoth work? Will it be amounting to "Censorship of the Internet?".. Send your views to Naavi
Should Cyber Marriages be Banned
Already opinions have been expressed by eminent lawyers on the issue. The substance of the views is that since "Saptapadi" is the essence of the Hindu Marriage and therefore a Cyber marriage is not feasible, the existence of the "Registered Marriage" concept opens up other possibilities...
it is the view of the undersigned that it may be recommended that ITA-2000 is amended to notify that "Any Contract of Marriage" is outside the scope of ITA-2000. I request viewers to send their views in this regard for onward transmission to Ministry of Communications and Information and Technology. Interested persons may send their views on "Should Section 1(4) be amended to include 'Any Contract of Marriage' as an exclusion from ITA-2000."..More on it from Naavi.
Digital Marriage Again
There appears to be a renewed interest in "Digital Marriage" as gathered from some discussion forums. We had earlier carried an article on this subject from Mr Praveen Dalal. Now a High Court advocate from Delhi Ms Geeta Narula provides her perspective view of the "Digital Marriage" in this article. She strongly presents the case to conclude that "There is nothing that makes a marriage valid or invalid for it being performed with the use of internet or information technology. Once a person satisfies the essential and formal validities of the marriage his/her marriage is perfectly valid. " Detailed Article
Bangalore Cyber Police Save an Executive's Job
In an interesting case, Bangalore Cyber Police are reported to have stepped in to clear an executive who is accused to have sent some obscene e-mails to his employers and dismissed from the job even before he reported. It is one of those cases where the former employer tried to take revenge on the outgoing employee for reasons better known to them.
While it is a happy ending for the person to have got back the job he lost, it would be even more rewarding if he can claim damages from those who were responsible for his mental agony during the crisis period. Details in Indian Express
720 pages of Comprehensive Coverage on Cyber Laws
Naavi's "Cyber Laws in India..ITA-2000 and Beyond", first E-Book on Cyber Laws to be published in India consisting of 720 pages of comprehensive coverage on Cyber Laws and relevant issues, available for online purchase at RS 300/- in download form and at RS 400/- on CD.
For more information click here.
Add Your Comments Here
If you would like to know more about Naavi, the information is available here.
For Any Payments to be made to Naavi online : Naavi_s Payment Center