Make Your Company HIPAA Compliant
Train Your Employees for HIPAA Awareness ::Conduct HIPAA Compliance Audit
COPY OF NEW INFORMATION TECHNOLOGY ACT (ITA 2008)
All Courses from Cyber Law College now based on ITA 2000 Amendments made in the current session of Parliament: Copy of Prospectus
Information Technology Act Analysis Forum
Now that ITA 2008 has become the new Cyber Law base in India, and that it will have significant impact on the Digital Society in India, Naavi.org has considered it necessary to open an online forum for collecting the views and recommendations of interested persons on the propositions. ITA 2000 which will be referred to now as ITA 2008 will open up new facets of Information Security practices in the country and open up new business opportunities for the IT industry reeling under the global recession. Fundamental changes are happening in the Cyber Security infrastructure in the country and IT industry and the legal fraternity cannot ignore the need to follow the developments. Government may also benefit with the views from informed members of the industry and take them as inputs to the formation of rules under the act. All interested persons may send their views to email@example.com on their views on the ITA 2008 and this forum to be called "ITA 2008 Analysis Forum" will place the comments on this website and invite the Government agencies to consider the inputs. To enable people analyse the provisions, section by section comparison of ITA 2008 with ITA 2000 and ITA 2006 as well as a stand alone copy of ITA 2008 are available on this site.
Links: ITA 2008 : ITA 2000 Vs ITA 2008 :: ITA 2006 Vs ITA 2008
Recommendations of the International Conference on Cyber Security
Nov 30: An international conference on Cyber Security was held at New Delhi on November 29th and Nov 30th organized by the World Council of Corporate Governance and Institute of Directors. After the debate a set of recommendations were developed on behalf of the participants.. The recommendations (which will be shared with the Government) along with some rationale for the same are provided herewith for general information. Details
5 Key Steps to Cyber Security
Nov 29: Speaking at the International seminar on Cyber Security organized at Delhi by Indian Academy of Law and World Council for Corporate Governance, Naavi presented what he called as Vision-2009 for Cyber Security. He highlighted that Cyber Security is an essential part of National Physical space security and identified need for development of Compliance culture, Development of appropriate indigenous security standards such as LIPS1008, Cyber Crime Insurance, Compliance software development, and development of an integrated infrastructure on national scale to coordinate the security work of different agencies were the 5 Key Steps required to be taken towards achieving cyber security. (Gist of his presentaion is available here.)
MySpace Case corroborates our interpretation
Nov 29: Naavi has been in the forefront of developing cyber jurisprudence in India. One of the key interpretations of Naavi was in interpreting the "Diminishing the value of information or utility" under Section 66 which he has often held as wide enough to cover misuse of genuine passwords. This view now stands upheld by the US Courts in the Lori Drew case. Earlier, his interpretation that Banks should be held liable for Phishing was also upheld in a German Court. Some Indian luminaries are averse to the interpretations calling them "Creative". But we are of the opinion that new laws in a new field need new ways of interpretation. Lori drew case report
Cyber Space and Physical Security
Nov 28: In the light of the war launched on India by terrorists who landed in a rubber boat landing right next to the Taj in Mumbai and then spanned out causing havoc in Mumbai, a renewed thought comes up on how Cyber technology can help the maintenance of physical security. Though there are CCTV cameras in some of the public places they seem to be of no assistance in preventing such assaults. It is necessary for an army of people to keep watching the CCTV footages and raise alarm when there are suspicious movements. Alternatively there needs to be automated alerts if technology permits. Perhaps there is a need for research in the area of artificial intelligence to explore the technological options. In the meantime, it is necessary for the CCTV footages to be made available for vigilante groups for monitoring and raising alarms where necessary. Naavi.org invites comments from the public on "How Netizens and Cyber Technology can assist in fighting terrorism".
Cyber Threat Report-2009
Deccan Chronicle website infected with Trojans.
Nov 22: Some time back, Naavi.org had pointed out Indian Express and Deccan Herald websites having been infected. Now it is the turn of Deccan Chronicle . It appears that there is a specific strategy of the virus distributors to use popular news paper sites for hosting the trojan distribution activity.
Organizational Responsibilities for Fraud Prevention
Nov 18: "Where there is Money, There will be Frauds" is a truth every financial professional knows. The increased use of technology in the Banking, Financial Services and Insurance (BFSI) business has introduced the dimension of "Fraud Management" as part of business responsibilities of BFSI business...
It is necessary for the BFSI managers to recognize that it will not be long before the liabilities for Frauds will be shifted to the institutions from the customers. World wide, this is the trend. If some body wants to create a commercial venture built on a technology platform, it is the responsibility of the owner of the venture to make it safe for the customers. This principle is now part of the legal mandate and often manifests itself in the form of "Legal Compliance", and "Mandatory Information Security Audits"...More
3i infotech licensed as Certifying Authority
Nov 16: 3i infotech became the eigth licensed certifying authority in India when it received its license with effect from 7th November 2008. Branded e-Mudra CA, the new CA has stareted functioning with the standard set of digital certificate products for e-mail signing and web form signing. The other licensed CAs are NIC, IDRBT, TCS, MTNL, Customs & Central Excise, (n) code Solutions CA and GNFC. It is however disappointing to note that as of 16th November, the website is yet to function fully. Considering that Digital Signature business is a "Zero Error Tolerance" technology field, it is necessary for 3i infotech to set right the website soon.
It is also observed that even on the CCA site, the link to the CPS is not working. Since CPS is a pre-requisite for granting of the license, one cannot understand how a week after the granting of the license, CPS is still not available. It is also interesting to note that the column on "Authorized Representative" in the CCA site is left blank. Apparently the license has been issued in a hurry. Can we expect the product to be bug-free? Has it been sufficiently tested? Is there a process in the licensing for "Testing"?.. CCA needs to clarify. (Ed: Copy of CPS was made available on the CCA site on 17th Nov 2008 after e-mail from Naavi.org.)
BJP IT Cell in Karnataka
Nov 16: BJP which has set up a national IT Cell with professionals from different IT fields contributing to the policy formulations, computerization in the party and e-Governance activities has now appointed a coordinator for the Karnataka cell. (Accompanying news report from Vijaya Karnataka, Bangalore ed 16th Nov 2008).
Mr Janardhan, an Engineer with work experience in CISCO, DELL, SUN Microsystems and Sasken amongst others and an American patent holder has been nominated for the purpose. Such cells have been in operation in Chennai and Gujarat.
The IT cell could be a good instrument for a Public-Private partnership in bringing the benefits of ICT to the e-Governance operations.
Naavi.org which is in the process of implementing a Statewide Cyber Law Awareness Movement (karnataka saibar kaanUnu prajnaaMdOlana) as a private sector initiative for public good welcomes this development.
Explanation from SBI Cards
Nov 14: As per the response sent by SBI Cards to the anomaly pointed out earlier, it is stated that the monthly card statements show certain entries as debits and credits. However the balance shown as payable is not calculated out of these debits and credits. There is a second stream of calculations which monitors the dues of the customer and the amount payable gets printed from this calculation. In other words, a part of the contents of the statement is printed out from the database of transactions and the part from another application. If all the transactions during the month form part of both streams of calculations then the statement appears correct. In cases where there are adjustments which are not part of the current transactions, the balance payable will not be a result of the summation of the debits and credits shown in the statement. In other words there may be an excess claim during one month and a short claim in a different month. This leads to a total confusion in the customers who follow their expenses separately and try to tally with the amount claimed. The mistake gets compounded as in the subject case which we referred where there was first an unauthorized debit in respect of a cancelled insurance policy and then creation of an unauthorized EMI-loan against the payment. This resulted in multiple entries both debit and credit in respect of the same transaction leading to a complete messing up of the account. Hope SBI cards will revise the monthly statement format to ensure that what we see on the transaction list is what the balance is made off.
Fraud or Magic at SBI Cards?
Nov 10: At SBI Cards some magic appears to be happening. 2+2 is adding upto some thing different than 4 and the managers seem to be unable to sort out why it is happening?. I am giving below an extract of a statement from a Card account which shows a one month statement of expenses for April 2008 including transactions booked internally by the Bank. According to simple arithmetic, the statement adds up to indicate a net amount payable by the client to the extent of Rs 4678.02. However, the Bank indicates an amount payable of Rs 9453.42.
As an Information Security observer, one of the possibilities indicated by the incident is that the software of the card division might have been fraudulently manipulated and at certain conditional fulfillment, it charges customers an amount higher than what is payable.
Now through this open forum the attention of SBI is being drawn once again to the need for top management attention on the matter. The matter requires an independent Source Code audit of the Card accounting software to determine why the accounting is going wrong. In view of the possible fraud behind this incident it is necessary for a CBI enquiry to be ordered to make an impartial investigation... Detailed Article
Church in Pakistan opposes death penalty for Cyber Terrorism
Nov 9: An attempt to make Terrorism through Cyber Space punishable with death penalty in Pakistan has been opposed by Pakistani Church. If death penalty for Terrorism is acceptable, the question arises if Cyber Terrorism should be made an exception and if so why? Related Article : Article 2 Article 3 Article 4
Naavi reiterates need for National Cyber Security Advisory Group
Nov 7: Chairing the session on "ICT and National Security" at the BangaloreIT.biz, Naavi reiterated the need for a National Cyber Security infrastructure to coordinate the activities of all security related activities such as Cyber Crime policing, Private Sector Information Security practice and CERT In. He said that strict laws alone cannot provide the solution and underscored the importance of Cyber Security awareness amongst the users. "We cannot secure some body unless they want to be secured" he stated. Dr B A Mahesh, former SP Cyber Crime Cell, Bangalore indicated the different types of cases handled by them. Dr Gulshan Rai, Director, CERT-In introduced the activities of CERT-In and Dr Kamlesh Bajaj, Director, DSCI presented the role of DSCI in assisting the industry in Cyber Security practices. Report in CIOL: Report in TMC.net Report in ITexaminer.com: tmcnet2 : Report in nationalsecurity.org : individual.com
Blogger's Vicarious Liability
Nov 6: Here is an interesting article on Blogger's liabilities. The author argues that "posters should nonetheless be compelled to get up on their soapbox and stand behind their words. It's far too easy for someone to be able to spew venom — even falsity — around when nobody knows who he is". This aspect is covered under the concept of "Due Diligence" in India and Naavi.org has been advocating a voluntary "Blogger's Ethics" practice to be followed by Bloggers.
International Conference on Cyber Security 29-30 Nov 2008,
New Delhi, India
Nov 3:To address & debate Internet Security issues the World Council for Corporate Governance of UK (WCFCG) together with its associate the International Academy of Law, India (IAL), and in partnership with Cyber Law College are organizing an International Conference on Cyber Security in
on 29-30 Nov, 2008. Its theme is “Legislation, Monitoring & Enforcement of Cyber Laws”. New Delhi
Law makers, Governmental policy makers, Legislators, Business leaders, IT experts, eminent jurists, enforcement organizations, academics, bankers & reputation agents are expected to participate. The conference aims to tap the rich tapestry of global experience to enrich thinking on cyber laws, internet security and governance issues for public good. For Participation details, visit www.wcfcg.net or contact firstname.lastname@example.org.
GOI to undertake Cyber Security Awareness Campaign
Nov 3:The MCIT is reportedly undertaking a project to conduct Cyber Security Awareness programmes in different technical institutions. It may be recalled that such efforts have been pioneered from Naavi who has conducted several such programmes across the country from awareness lectures to three day workshops in Engineering Colleges, REC(NITs) and Law Colleges etc as a private initiative. Though a delayed reaction, the current move of MCIT is welcome.
It may however be pointed out that Naavi has always been projecting such programmes as "Cyber Law Compliance" or "Cyber Ethics" since there is every possibility of such programmes unwittingly becoming initiation of young technical brains into "Ethical Hacking". Since the College students may include current and potential terrorist sympathizers, any discussion on "Security" will turn into a discussion on "How it happens?" and tools of hacking and sniffing become part of the discussions particularly if the sessions are handled by persons who may be technical experts but not trained teachers.
It is for this reason that Naavi has always been advocating that "There shall be no teaching of ethical hacking without teaching of Cyber Laws, consequences of non compliance of laws etc". Hence there is a need to focus the training towards "Ethics" though the underlying discussion is on "Security". Article in IE
China Leads in Cyber Wars
Nov 3:In yet another reminder to the world, the emergence of China as the Cyber War specialist is being indicated by many Cyber Security experts. According to the UK National Infrastructure Security Coordination Centre, around 300 UK government departments and critical infrastructure businesses have been attacked so for. China has a plan for using industrial espionage to turn their country into the mightiest industrial and military power on the planet. China poses as a rising star in the world of commerce, industry, technology and science. It is reported that Fake British currencies are being printed in various cities. ID and visa fraudsters are in alliance with the drug mafia and their networks. They go through personal files and even employ desks to obtain names, job titles, social security numbers, home addresses and other information available. In addition, businesses, public organizations, and academic institutes received highly politicized virus-laden e-mails from these networks. Information networks of these groups jam TV and radio transmission. The can hijack radio and TV transmission for a disinformation campaign. They sabotage the transaction of stock exchange. During the Gulf war in 1991, Dutch hackers stole information about the US troop movements from Pentagon computers...etc.
The scenario is simply scary. Are we ready to defend our Country? If so what is our strategy? Where does it begin? Who is responsible for this?.. are questions every Indian is asking. Does MCIT has an answer?
Privacy Rights in India
According to Na Vijayshankar, cyber law campaigner, the police are supposed to monitor any anti-social activities in society and can take action on their own. Vijayshankar, who is also the Chairman of the Digital Society Foundation of India, says the organisation proposes to act as a vigilante unit. He points out that his organisation even filed a PIL in connection with denigration of Gandhi on You Tube. "I personally try to keep the police informed. I strongly feel the police should maintain contact with voluntary organisations to act as cyber informers."
Article in DH
US Lawyers Fight over interpretation of Cyber Law
Nov 1: The Lori Drew Case where the accused impersonated herself as a young boy deliberately to befriend and later insult an unsuspect school girl Megan Meir, causing her to commit suicide has drawn attention of "Cyber Jurisprudents" in interpreting if certain provisions of the "Computer Abuse Act" can be applied to the case. The point under contention is that the MySpace terms prohibited impersonation through creation of a false profile. Alternatively, the registered profile created a virtual personality and the terms provided access to a person matching the false profile and the real personality had Unauthorized access.
In this case the creation of a false profile was not only intentional, it was part of a deeper conspiracy. It is true that creation of false profiles is a common practice. But mostly it is a "Concern for Privacy" which may prompt persons to give false information or use assumed names on the social networking sites. But should such practices be checked? or at least brought under "Good Faith and lack of malicious intention"? are some of the larger issues involved in the case.
The facts of the case does not seem to suggest that the accused deserve any sympathetic bail out due to technical reasons.
The larger issues may be debated as part of the "Due Diligence" interpretation. In fact one of the beauties of Indian ITA2000 is that it provides scope for an interpretation of what is "Due Diligence" at different levels such as the "User" and "Service Provider". These would have been helpful in resolving jurisprudential issues since every type of interpretation cannot be part of the law book. Details
Make "Security Informatics" part of Engineering Study
Nov1: As a response to the growing importance of information security in the industry and the need to inculcate a "Security Culture" early in the careers of young Indians, there is a need to encourage Engineering Colleges in India starting a new discipline on Security Informatics as a subject of study. The upcoming IT event in Bangalore viz IT.biz has several activities centered around IT initiatives in the State of Karnataka, Naavi.org urges the State Government to also consider an action plan for introducing a suitable course in Security Informatics as a part of Engineering Study in the State.
Australia Proposes Law for National Pornography Filter
Nov 1: A law has been proposed in Australia for mandating national filters for blocking Child pornography on Internet. Though the move has been opposed by business interests, it represents a practical desire to rid the Internet of one of the most harmful menaces that has an adverse effect on the society.
It may be recalled that in an article dated January 5, 2002, titled "Declare a War on Cyber Pornography", Naavi suggested "..
In the current times nearly seven years later, the threat from Pornography has widened into an Information Security Risk since pornography is used not only to corrupt young minds and make money but also to drop trojans, expand botnets and commit other crimes for financial benefits as well as a part of Cyber Warfare.
When countries considered more permissive are taking such "Cultural Policing" of Internet seriously, in India we are considering dilution of punishment under Section 67 from 5 years to 2 years and exempting Intermediaries from their due diligence responsibilities envisaged in ITA 2000 by amending the ITA 2000. (See here for more details)
Despite several technologists as well as ISPs bitterly opposing our commitment to make Indian Internet Space as clean as possible and the non cooperation of agencies such as Police or CERT in the savitabhabhi website case, Naavi.org continues to demand that India should make strong moves in fighting pornography for the larger benefits of the society.
We also urge at least one of the ISPs committed to a Better Indian Internet Culture voluntarily sets up a type of filter proposed in the Australia referred to here and lead the way.
PR Syndicate honours 'Cyber Law Guru of India', Na.Vijayashankar
PR Syndicate, (an organization of Corporate PR Professionals in Chennai,) celebrated its First Anniversary on 20th January 2007 at Russian Cultural Centre. On the occasion, "Award of Excellence in Public Life" was presented to 'Cyber Law Guru of India' Na.Vijayashankar...More
Naavi's latest book "Cyber Laws Demystified" was soft launched at the Nimhans Convention Center during the Indian Police Congress. The book is a comprehensive coverage on Cyber Laws both ITA-2000 as well as IPR and other issues.
Structured into 24 chapters it also covers the proposed amendments to ITA-2000 in detail as an appendix. A copy of the Information Technology Act 2000 is also appended to the book.
The book also has several individual chapters on the legal issues of Cyber Banking, Cyber Advertising, Cyber Taxation and Cyber Terrorism.
The book is priced at Rs 750/-.
For Enquiries and Bulk orders click here. :
What is Naavi.org?
Naavi.org is India's premier portal on Cyber Law. It is not only an information portal containing information on several aspects concerning Information Technology Law in India but also represents the focal point of several services around Cyber Law carried on by Naavi.
The first such service is the Cyber Law College a virtual Cyber Law education center in India which provides various courses on Cyber Law.
The second key service is the Cyber Evidence Archival center which provides a key service to help administration of justice in Cyber Crime cases.
The third key service is the domain name look-alikes dispute resolution service which provides a unique solution for websites with similar looking domain names to co exist.
The fourth key service is the online mediation and arbitration service another unique global service.
The fifth key service is the CyLawCom service which represents the Cyber Law Compliance related education, audit and implementation assistance service.
Additionally, Naavi.org is in the process of development of four sub organizations namely the Digital Society Foundation, Naavi.net, International Cyber Law Research Center and Cyber Crime Complaints and Resolution Assistance Center. Digital Society Foundation is a Trust formed with the objective of representing the voice of Netizens in various fora and work like an NGO to protect their interests. Naavi.net is meant to develop a collaborative distributed network of LPO consultants. International Cyber Law Research Center would support research in Cyber Laws and Cyber Crime Complaints and Resolution Assistance Center would try to provide some support to victims of Cyber Crimes.
Together, Naavi.org represents a "Cyber Law Vision" that goes beyond being a mere portal. Started in 1997, when the concept of Cyber Law was new across the globe, consistent efforts over the last decade has brought Naavi.org to the beginning of "Phase 2" in which the services are ready to reach out to a larger section. This is recognized as the phase of collaborations and growth by association. Naavi.org will therefore be entering into a series of associations to develop each dimension of its vision with an appropriate partner. Individuals, Organizations and Commercial houses which have synergistic relationship with the activities of Naavi.org are welcome to join hands in commercial and non commercial projects of Naavi.org.
Add Your Comments Here
If you would like to know more about Naavi, the information is available here.
For Any Payments to be made to Naavi online : Naavi_s Payment Center