---

Happy Diwali, Let There be Light to Remove Our Cyber Law Ignorance

---

"October 17 is Digital Society Day"

---

Indian Banks...Facilitating International Frauds?

Recently, we have  come across a job offer scam run in the name of a Canadian Hotel. Under this scam, a lady by name Rosy Christiana  sends out e-mails and offers a job to a group of people in a Canadian Hotel "Omni". She then demands payment of processing fee etc which is remitted to a Gambian person by name Donald Jones through a Bank Trust Bank Ltd. Mr Jones is represented as the Afro Asian Immigration agent for Canada.

What intrigues me as an Ex-Banker however is that how the Bankers in India fail to alert their customers when they come up with a request to make remittances of large amounts of foreign exchange to unknown persons in countries such as Gambia or Nigeria. Are they so innocent that they have not heard of Nigerian Frauds? Or Do they not care?.

Can such negligent Bankers be booked under law for facilitating the fraud?...one can ponder.....Detailed Article

Legal Issues in Blogs

Here is a link to a Podcast of Naavi's views on the legal issues in Blogging published through http://www.primepointfoundation.org/presense0906.htm

Cyber Crime Police Stations to be opened at Hubli and Belgaum?

Karnataka Home Minister M P Prakash has said that the State Government was seriously considering the proposals to set up cyber police stations in Hubli and Belgaum, in the light of an alarming rise in criminal cases pertaining to cyber activities. Report in IE

Credit Card Frauds ..Alarming Proportions

According to a Times of India Report, Over 100 people have approached the cyber crime investigation cell (CCIC) of the Mumbai police in the last one month and complained that someone had used their credit card numbers to book air tickets they had never sought or got. This is the tip of the iceberg that indicates the huge risk that the Indian Credit Card holders run.

What is important to note is that part of this risk is because of the negligence of the Credit Card Issuing Banks which needs to be immediately addressed.... Detailed Article

HP Chief Distances himself from "Rogue Investigation"

The funding of a hacking adventure by HP on some reporter's telephone records drew loud protests from the market for violation of Privacy. While this resulted in the quitting of the CEO last week, the new CEO has now categorically distanced himself from the investigation. HP chief exec Mark Hurd  who replaced former chairman Patricia Dunn, who was forced to resign last week said "The investigation team became so focused on finding the source of the leaks that they lost sight of the privacy of reporters and others. They lost sight of the values HP has always represented."... Report in Techworld

Self Regulatory Organization for BPO/ITES

Nasscom has indicated that a Self Regulatory Organization is being set up for assisting smaller IT companies in maintaining the benchmark level of IT Security. Readers may recall here the suggestion from Naavi.org about BPO for BPOs (Refer Article: BPO For BPOs.. A vision document) to manage the security requirements of the ITES industry. According to Mr Kiran Karnik, president, Nasscom, the SRO has already completed its initial round of funding and the final rollout phase, including industry memberships, is under way. It would commence operations in the next 3-6 months and has already received approval of the Nasscom executive council. Naavi.org welcomes the new development. Article in CIOL

Lime Wire sues RIAA

Lime Wire, a software company alleged in court filings that the record companies have engaged in unfair business practices to scare away its users.  Lime Wire develops peer-to-peer technology, which is often used by individuals to create copies of music and distribute it over the Internet. More than a dozen record companies have joined in the lawsuit against Lime Wire, alleging that its technology provides a means for copyright infringement.

In its countersuit, Lime Wire states that the record labels launched their own digital-distribution Web sites and alleges that the labels joined forces to be the sole recipients of any financial benefit....Detailed story in news.com

Google Loses Copyright Case in Belgium

Copyright management firm Copiepresse in Belgium had filed a law suit in August 2006, accusing Google of breaching copyrights of publications represented by the firm by publishing snippets and pictures from copyright protected publication in its News search service. The Court of First Instance at Brussels which heard the case has ordered Google to withdraw the articles, photographs and graphic representations of Belgian publishers of the French - and German-speaking daily press, represented by the plaintiff, from all their sites (Google News and "cache" Google or any other name within 10 days of the notification of the intervening order, under penalty of a daily fine of 1,000,000.- € (1.27 million USD) per day of delay. Further Court ordered Google to publish, in a visible and clear manner and without any commentary from her part the entire intervening judgment on the home pages of 'google.be' and of 'news.google.be' for a continuous period of 5 days within 10 days of the notification of the intervening order, under penalty of a daily fine of 500,000,- € ($635,000 USD) per day of delay.

The decision does question the "Fair Use" principle of quoting parts of a content for specific purpose of Comments or Parody. The snippets that Google publishes along with the search link is in the form of a reference to the Comment and should perhaps come within the provisions of Fair Use.

Also, Google has rightly claimed that the publishers who donot like the indexing can use preventive tags in their content page to prevent the robots from goring through the contents. Refusal to use available simple techniques to protect copyright of web content needs to be interpreted as an "Implied Consent" that the search engines can crawl the information and use the snippets for providing the reference. The appeal will be heard in November and hopefully Google's right would be upheld. Copy of order
 

Cinema Goes Digital

It is reported that the first end to end digital Cinema in India has been released in Malayalam. (See Report in Hindu).   The movie Moonnaamathoraal (The Third Person), directed by adman-turned-filmmaker V.K. Prakash, was photographed, edited, distributed and exhibited entirely by digital means. Five more such films are planned by the same film maker marking the beginning of a new era in film making in India.

This would simultaneously throw the question of whether such films are covered by the provisions of the "Cinematographic Act" or not.  It appears that presently the digital movies is subject to the provisions of ITA-2000 and would come within the provisions of Broadcast Services Regulation Act as and when the current Bill becomes an Act. However, it is debatable if the production can be technically called a "film" which is a term appropriate to the chemical production where the photographic film is used to record, edit and exhibit the pictures.

A Great Opportunity for Police Reforms

In a far reaching judgement, the supreme Court bench headed by Chief Justice YK Sabharwal  has  ordered sweeping reforms in the country's police administration to keep the force above political interference and corruption. The reforms include a minimum fixed tenure for DGPs and other senior officers, the setting up of state security commissions, the separation of investigation from law and order, and the establishment of a police panel to decide transfers and promotions. The Court has fixed  December 31 2006 as the deadline for implementation of the directions and asked the central and state governments to file compliance affidavits by January 3 next year. Report in Hindustan Times 24/09/06

Digital Trail

The increasing number of cyber crime incidents being reported recently threatens to create distrust in the community over the Internet as a means of e-Business and e-Governance. Slowly, terrorism is creeping into the electronic world in the form attacks on soft economic targets, requiring an urgent tightening up of the cyber crime prevention and prosecution system.

Is our law enforcement machinery, consisting of the police, advocates and the judiciary, prepared to meet this challenge? Let us look at some recent incidents. ..Detailed Article in The Hindu

 

When Your ISP makes you a Criminal !

In India, introduction of a virus is a contravention of Section 43 of ITA-2000 and could result in a liability upto Rs 1 crore to each of the persons affected. It can also be an offence under Section 66 under which the originator of a Virus can be imprisoned upto 3 years. .....I have recently come across two instances of this kind in which VSNL is involved as an ISP which I would like to place before the public. ...  

As long as their is a financial incentives for ISPs in charging their customers for bandwidth usage of Viruses and Spams, there appears to be no possibility of ISPs taking any effective pro-active action from their end. It is therefore the responsibility of the Ministry of Communications and Information Technology to ensure that ISPs tune up their security systems. Or else action should be brought on them under the ISP licensing provisions to pay suitable compensation to the customers who lodge complaints in this regard. The adjudicators in each state should also open up a e-mail complaint box to receive such complaints and quickly pass compensation orders. It must be remembered that the adjudicators have the powers to even take Suo moto action when they observe such mass scale contraventions  perpetrated by ISPs....More

Filing of e-Returns to be mandatory

Filing of annual returns through e-filing systems will become mandatory from September 16, 2006 marking a milestone in the migration of India from the paper based transaction world to electronic document based transaction world. This would require every director of a limited company to acquire digital signing capability and use it for signing the annual returns. This also represents a huge bonanza for Certifying Authorities who were so far incapable of penetrating the markets. Having failed to persuade the public about the benefits of the sue of digital signatures through investment in education and training, the Certifying authorities have now found a better way to boost their business through a mandatory provision. (Details at http://www.mca.gov.in  )

This approach of forcing the users will lead to a new wave of problems with irresponsible or negligent use of digital signatures which will translate into a set of Cyber Crime complaints. The Cyber Crime Police therefore needs to be equipped afresh to meet this challenge.

Blue Tooth and WiFi devices banned ?

It is reported that  a letter has been written by the Cabinet Secretary B K Chaturvedi,  to  every government department advising of Cyber Terror threats and measures required to meet them. The measures include banning of WiFi enabled Laptops and GPRS/BlueTooth enabled mobiles in Government departments. Article in Times Now
 

"Maruti" in news

The domain name related to "maruti" made headlines in India some time back when Maruti Udyog then won an arbitration against www.marutionline.com, owned by a Delhi software company. While this claim was later rejected by the Delhi High Court, Maruti Udyog seems to have suffered another setback in USA where their case against an individual with www.maruti.com appears to have been lost on technical grounds under the Cyber Squatting Act. Report in BL

Haryana Government Makes a Trend Setting Move

In what could be called a trend setting move, it is reported that Haryana Government has set up a three member panel with the powers of a Civil Court to hold enquiries in respect of Cyber Crimes. Report in India e-news.

It is not clear if the order is meant to try the contraventions under chapter IX of ITA-2000 or it also includes offences under Chapter XI of the ITA-2000. Also since this supercedes the earlier order of the Government of India appointing an adjudicator for Haryana, it is not clear if the order is within the provisions of section 90 of the ITA-2000.... Notification

Hewlette Packard Funds Hacking Attack

In what appears to be a misadventure, Hewlette Packard  are reported to have hired investigators to hack into the information system of a phone company and get the calling records of nine reporters without authorization. It is difficult to understand how companies as large as HP could engage in such illegal activities. It may be recalled that some time back Oracle had been accused of planting its employees in SAP to assist in hacking of SAP network and steal some information on new product development. It appears US corporate authorities can go to any length of unethical behavior to make financial gains. report in SNP

BPO Taxation attracts attention

Taxation of the income attributable to the Indian operations of a global company has attracted attention once again. Naturally, the MNC's are upset about the prospects and there is also an issue of practicality. Today the Government is more interested in generating revenue from whatever sources and it is not surprising that they should look at the prosperous BPO segment for adding to their kitty. It is however necessary for the Government to take a holistic view so that the goose that lays the Golden egg is not killed in an attempt to raise resources from every where to finance their political ambitions...Report at dnaindia.com

BlackBerry Users warned of the Security risks

Experts speaking at Black Hat and DefCon conferences in Las Vegas recently, warned about the security risks inherent in the use of Blackberry and Wi-Fi devices. Commenting on the observations, Mr R K Raghavan, (Former Director CBI) urges CBI to work closely with technology creators to ensure better safety in the emerging new technology space...Report in Business Line

The Bomb Hoax.. How solved

More details of the recent Bomb Hoax in Chennai and how it was solved have now become available. Here is a report from Hindu. The incident highlights the need for quick response from the Police in such cases. If such cases have to be handled by the solitary Cyber Crime Cells which many States seem enough to handle Cyber Crimes, then it would be clear that in most cases the horses would have bolted before the doors are closed. It may be recalled that during his recent visit to Hubli in Karnataka, Naavi has strongly urged the Police in Hubli to start a Cyber Crime Cell in Hubli since the lone Cyber Crime Cell in Bangalore servicing the entire state of Karnataka is hardly sufficient for the increasing number of Cyber Crime incidents that are being reported. Since Cyber Law College is establishing a local education center in Hubli in association with G K Law College, it has expressed its desire to train the Police officers in Hubli to be prepared to meet the Cyber Crime challenges. A similar offer has also been made to Police in Mysore where Cyber Law College is establishing an educational center in association with JSS Law College. If such initiatives are properly responded, then we may see a possibility of quick responses in Cyber Crime incidents leading to better conviction rates.

Cyber Laws Seminar at Aurangabad

Cyber Law College in association with Seechange Consultants, Chennai is organizing the next worrkshop on Cyber Laws under the NPIU programme at Government Engineering College, Aurangabad. The three day programme is meant for Engineering College Faculty and is being organized as a part of the TEQUIP project.

Bomb Hoax in Chennai..throws up the due diligence shortcomings at MSPs

The recent bomb hoax in Chennai delaying the flight of President Dr Abdul Kalam has brought to light the due diligence shortcomings of Telephone and Mobile service providers.

The said hoax call was made through a PCO which did not provide the caller ID to the Police Control room. It was then suspected that the call could have been made  using a mobile phone through the emergency call services (such as 112 on a GSM network or 000 on a CDMA network). Since the call however originated from the land line the analysis of the call led to the service provider through whom the call was tr aced to a PCO. Through a lucky break where by the PCO happenned to be within the range of a CCTV of a jewellery shop, the person who made the call was identified.

Though this case was solved, the incident point out the need for proper recording of emergency service calls. The  emergency services are designed to be free and also to pass through any available network even other than the home network of the subscriber. Though there is no need for this service to be billed, the receiving network has to receive the call and then divert it to the Police emergency number. In this process the network software has to record the call including the IMEI number or the ESN number. However, most of the MSPs do not save the log of the 112 calls since it is not required for billing. As a result the data gets deleted from the cache. In terms of  ITA-2000, this practice of not recording the 112 call details may be considered as lack of due diligence making the network operator liable.

It is also to be noted that many service providers and handset/Telephone manufacturers provide facility to block the Caller ID functionality at the receiving end. Time has come to design the technology which provides the privacy protection without providing an opportunity for the criminals to make anonymous calls. Though such technology solutions are available, telecom operators have tried to avoid them in their bid to maximise their profits or out of ignorance. Now that the issue of national security is in the forefront, perhaps telecom operators will change their approach.

Surat Tops in Registration of Cyber Crime Cases

It has been reported that as per NCRB records (2005), 481 cyber crimes were registered across the country (179 under the IT Act and 302 under IPC). Of this, 155 were registered in Gujarat alone (two under IT Act and 153 under IPC). Surat accounted for 146 of Gujarat’s share. According to Sinha, most of the cases registered by them and classified by NCRB as cyber crime, relate to stealing and then misusing passwords to change business records, pilfering money by unauthorised access to ATM passwords, land scams (manipulation of documents), preparation of false papers, counterfeiting of currency and stamp papers, getting bank loans or credit cards with the help of computers. Details (PDF document)

Orkut comes under Scrutiny..in Brazil

The Orkut.com community site promoted by Google has been in the news for some time for promotion of obscenity in India. Several of naavi.org viewers have brought this to our attention seeking guidance on how this menace can be controlled. The solution for such community crimes needs to be found by group action by NGOs or by the law enforcement agency itself. In Brazil, a Judge has now ordered Google to disclose details of users accused of crimes like racism or child pornography. As is usual in such cases Google has stated that the data is in US servers and they cannot reveal the information. It is to be noted that an excuse of this kind cannot be raised in India since Section 75 of ITA-2000 would be applicable to any offences under ITA-2000. Perhaps Brazilian prosecutors should take a cue from the principle behind Section 75 of ITA-2000 and persuade Google to comply with the local laws of Brazil... Report in Reuters
 

TRAI Moves in Consumer Interest

Ever since the CAS system of regulation of TV broadcasting came into being, Naavi.org has been pointing out the consumer views on the regulation and how TRAI had failed to take the interest of Consumers. Fortunately, while Chennai Viewers had to bear with a regime which was exploitative of the consumer, now that a larger audience in other cities have to bear with the CAS regime, TRAI has at last realized the need to act and regulate the pricing of channels as well as standardise the set top boxes. No doubt the broadcasters will object. Hopefully the judiciary will ensure implementation of the regulations without fear or favour. Report in exchange4media : Related Article in naavi.org.. CAS Regime....Issues still to be Resolved  : Is This the Consumer Friendly CAS that the PM Promised?

BPO operator in Credit card fraud

An employee of a BPO in Kolkata has been arrested for misusing the credit cards of some US citizens to make purchases online. The lady employee obtained the credit card numbers during her work in a call center. Report in TOI