Make Your Company HIPAA Compliant
Train Your Employees for HIPAA Awareness ::Conduct HIPAA Compliance Audit
COPY OF NEW INFORMATION TECHNOLOGY ACT (ITA 2008)
All Courses from Cyber Law College now based on ITA 2000 Amendments made in the current session of Parliament: Copy of Prospectus
TATAs enter Managed Security Services
Oct 24:It is reported that
Virtual Goods are "Goods" that can be stolen
Oct 24: A Dutch court has ruled that Virtual Goods can be recognized as "Goods" and "Theft" can be recognized in case of virtual goods. A pair of teenagers were convicted for the offence of stealing a Virtual mask and a virtual amulet used in a game. The Court used an analogy that "Stealing of Electricity" is recognized as "Theft" of a tangible property and similar principle can be applied to Virtual goods. ... Report
In India, any theft of Virtual goods can also be classified as an offence under Section 66 of ITA 2000. Also remedy can be sought under Section 43 through the adjudication process. We therefore may not require the IPC to be applied to virtual thefts.
IT.biz to open in Bangalore on 6th November 2008
Oct 24: The 11th edition of India's premier Information and Communication Technology (ICT) show, Bangalore IT.biz 2008, would be held at Palace Grounds here from November 6 to 8. Apart from international conferences, the show would also have exhibitions, workshops, roundtables and a conclave CEOs of top notch companies.The conference would discuss topics like, e-governance, rural IT policy, how IT is going to increasingly impact the life of the common man, delivering large-scale change in healthcare through ICT, ICT in education and revolutionizing the classroom, role of IT in the nation's internal security and how IT can make India the global destination for sports. More information available at www.bangaloreit.biz.
Cyber Crime Losses 5 times security investment
Oct 24: In an interesting statistics that has been reported, the loss on account of Cyber Crimes in 2005 was estimated to be around US $ 100 billion and was placed higher than the value of drug trafficking. It is also observed that the information security industry itself is valued around US $ 20 billion indicating that collectively the market is losing 5 times the value of their security investments. This indicates a huge market for Cyber Crime Insurance which eventually has to set the standards of security as well as the rewards for the insured. Since the security investments might have been made by one set of the market players while the losses might have been suffered by another, actuarial analysts need to find out the incidence of loss in the segment of the market which has invested in information security. This will provide a clue for risk assessment for Cyber Crime insurance players. Detailed article in Khaleej Times
In another related report, a Symantec Study (Report in BS) has indicated that more than 400 unique phishing attacks on reputed Indian banks in the last six months of 2007. Out of these, some of the attacks involved the use of compromised ‘.gov’ servers to launch phishing attacks on other brands. While the actual losses are not known in view of the slack implementation of Cyber Laws, Banks have been successful in transferring these losses to the customers. The Phishing security industry is also accused of not sharing information with the public quickly resulting in innocent victims losing the money when the information that the site was a phishing site was perhaps available to a privileged few who preferred to remain silent. Losses arising out of such criminal silence is estimated to be around US $ 300 million annually (Report in ZD Net) in the US market and there is a growing demand that Banks should be made liable for such silence.This is also a factor that may make Cyber Crime insurance a necessary cover to be taken by Banks.(Detailed Report)
The prospects of Cyber Crime insurance which Naavi.org has been supporting for long may be nearer to reality than ever before.
Virtual Divorce and Virtual Murder
Oct 24: In an interesting case reported from Japan, a Japanese piano teacher has been arrested on suspicion of killing her "virtual husband" after becoming enraged that he suddenly divorced her in an online game. The 43-year-old woman allegedly hacked into a man's computer and killed off his avatar in the popular interactive game Maple Story, the Associated Press reported.
The woman, who is in custody on suspicion of illegally accessing a computer and manipulating electronic data, allegedly used the man's ID and password to log on and carry out the virtual murder in May, said a police official in the northern city of Sapporo, according to the AP. She had not yet been charged but if convicted could face up to five years in prison or a fine of up to $5000 ($7400). Details at news.com
Indian Cyber Security ..Imports from China
Oct 24: China which is in the forefront of "Cyber Wars" appears to have opened one more front in its bid to rule the global cyber world. According to the accompanying report from UK, it is found that a large scale fraud is being committed in China where the credit card swiping devices shipped from the factory are found to have been tampered with to insert a malicious code in the Chip for stealing the data from swiped credit cards. At this point of time security specialists are considering this as a "Supply Chain Attack" carried out by an organized crime syndicate without any involvement from the Chinese Government. It has been revealed in the investigations that the fraud has been going on for last 9 months and the stolen data has been reaching China and Pakistan. It is however difficult to rule out the complicity of the Chinese authorities in a sophisticated Cyber battle.
India imports several electronic devices including smart mobile phones from China and RBI has recently allowed Mobile Banking. This is a perfect recipe for a chip based fraud which can cripple the Indian Banking system. It has been earlier reported from some security observers (ref comments in the article in telegraph UK referred to here) that Chinese made mobiles were capable of being switched on remotely to eves-drop on the conversations.
It is therefore necessary to take a hard look at our foreign trade policy and filter imports of electronic devices from China from the "Information Security Perspective". Detailed Report : Related Article in bloggernews.net
Digital Society Day 2008
October 17: The Digital Society Day 2008 was celebrated in a grand manner in Bangalore by KILPAR and KLE Law College in association with DSFI with a National Seminar on Privacy Rights and Data Protection in Cyber Space. The programme had been organized to commemorate the Digital Society Day of India which falls on October 17th each year.
The programme was inaugurated by the Honourable Minister for Law, GOK, Sri S Suresh Kumar. There was a day long deliberations on the Personal Data Privacy Bill, Amendments to ITA 2000 regarding Data Protection, Human Rights, Industry and Law enforcement perspectives of Data Protection and Data Privacy and the need to a balanced legislation.
The programme was attended by more than 120 delegates many of them from outside Bangalore. .:Detailed Report : PHOTOS :
Indian Companies better than US counterparts in Information Security
Oct 16: A survey conducted by Price Waterhouse Coopers LLP (PWC) has found that information security practices in India has made significant progress in the last year. In many respects IS in India is considered better than in North America.
According to the study, more organizations than ever are encrypting databases (55 percent), laptops (50 percent), backup tapes (47 percent) and other media. Fifty-nine percent of respondents said they have implemented an "overall information security strategy" which includes: the increased use of intrusion detection software (62 percent compared to 52 percent in 2007); the installment of firewalls to protect individual applications (67 percent compared to 62 percent in 2007); and the disposal of outdated computer hardware (67 percent compared to 58 percent in 2007). The majority of security spending comes from the IT group (57 percent) followed by the security department and other functional areas such as marketing, human resources and legal.
One area where the Asian companies lag behind North America is in respect of Privacy protection. 41 % of the respondents say their company requires employees to be trained in privacy practices. Only 18% had appointed Chief Privacy officers in their organizations.
Report : Survey
Electoral Rolls in Delhi Hacked!
Oct 12: It is reported that the Delhi Electoral rolls have been found to have been deliberately tampered with by the officials of an IT Company Webel Technology Limited. This would amount to Section 66 offence under ITA 2000 and the Company and its officials are in serious danger of being hauled up to the Courts and probably to the jails as well. Again this boils down to what "Due Diligence" the Company's top management had taken to ensure against any of its lower rank employees playing mischief. Related Article in TOI
Terrorist Intrusions to IT Companies?
Oct 12: There was a news report yesterday that Satyam Computer has been banned by World Bank under the charge of having installed a keylogger in one of the facilities handling World Bank data. Satyam has however denied the report.
It cannot be ruled out that in this instance Satyam may be a victim of a terrorist intrusion into its software department and some mole might have introduced the key logger and stolen the information for the benefit of some anti social organizations. It could also be the handiwork of Chinese Cyber Warriors who might have infiltrated into Satyam. The matter should therefore be taken up for further investigation by Indian law enforcement to find out where the stolen data has reached. Related Article Report on the denial
Perhaps there is a need for Satyam and such other companies to strengthen their internal security measures and "Due Diligence" to prevent liabilities on the top executives in such cases. ..More
Google Mapping Eyes Gets Sharper
Google Maps had evoked a debate earlier on the loss of "Privacy" and "Compromise of National Interests". In what could be considered as an increase of concern, Google Eyes have grown sharper. According to news report the new Satellite imaging launched by Google is having a resolution of about 18 inches. Though some of the security sensitive installations may be blocked from public view, terrorists who have penetrated Yahoo may succeed in penetrating Google and gain access to such sensitive information under employee privileges. It is therefore necessary for US Government to undertake a special security check on the employees of Google who work on the project and have access to the razor sharp images of sensitive installations both in US as well as in India or elsewhere. Detailed Article
Enterprises Living in a False Sense of Security
According to recent findings on the state of the Internet by Akamai, the trend of distributed denial of service (DDoS) attacks, continues to target exploits that were identified years ago, suggesting there is still a significant population of insufficiently patched systems connected to the Internet. Also, enterprises, with various forms of security solutions may have the perception of full protection, but they are not devoting proper attention to the wireless devices that could lead to crucial information becoming available to outsiders. Experts also believe that India's unsafe security environment could be costing its BPO industry an estimated $500 mn annually. Detailed Report
Cyber Attack on World Bank from China
October 11: According to Fox News report, the World Bank Group's computer network has been raided repeatedly by outsiders for more than a year. This network is one of the largest repositories of sensitive financial information of economies of every nation. Sources inside the bank have confirmed that servers in the institution's highly-restricted treasury unit were deeply penetrated with spy software last April. Invaders also had full access to the rest of the bank's network for nearly a month in June and July.
In total, at least six major intrusion two of them using the same group of IP addresses originating from China have been detected at the World Bank since the summer of 2007, with the most recent breach occurring in September this year. Detailed Report
Privacy Policies on the Websites.. Standardization required
Naavi.org came to know recently that some small ISPs are collecting details of websites visited by the user and also his Mac address. While these are not necessarily objectionable, the lack of communication of such important privacy intrusions to the users is a matter of concern. Probably the Personal Data Protection Act which is under consideration by the Parliament will try to address this need. Article in out_law.com
LIPS, Indian answer to USPTO Concerns
Oct 9:Cyber Law College as a part of its CyLawCom initiatives (Initiatives for Cyber Law Compliance of IT operations in India) has developed for the first time in India as well as anywhere in the world an Information Security Standard for the processing of Legal Information. This “Legal Information Privacy Standard” or “LIPS” Standard in its version 1008, incorporates 21 information security principles drawn from the established principles of Privacy Protection and Information Security available in various other information security initiatives. The principles are drafted with the idea of simultaneously meeting compliance standards in ITA 2000, HIPAA and ISO 27001. The first version of LIPS has been launched today the Vijaya Dashami day of 2008 and will be referred to as LIPS1008. The team from Ujvala Consultants Pvt Ltd will be ready to undertake LIPS1008 audit to interested companies. ..More
Indian LPO Industry to face a Security Challenge
Oct 9: The US PTO has supposedly warned US law firms that they need Government permission before sending confidential information on inventions and patents. This is the protectionist action by the Anti Outsourcing lobby who are worried by the increasing outflow of information processing. The move is expected to increase the cost of litigation to US citizens. An appropriate solution to meet the concerns would have been to specify information security standards of the HIPAA type to ensure that the confidentiality of information is not affected. Hopefully the "Government Clearance Procedure" will be simple and ensure that genuine business interests would be protected. ..More
Related Article in ET
How Ethical Hacking Course Helped Terrorists
Oct:8: Naavi.org has been time and again warning the society that conducting of "Ethical Hacking Training" is illegal in India. However some organizations are bent on exploiting the commercially attractive proposition of conducting such programmes. The result is that persons such as Mr Peerbhoy working in Yahoo office at Mumbai, the person accused of having sent terrorist mails during the recent Delhi blasts getting trained through these programmes and using the knowledge for an attack against the country.
We need to understand that such programmes should be conducted only under proper supervision, background check of participants and registration of the trained persons with the intelligence agencies. It is necessary for the Police now to examine the profiles of all the persons who have undergone trainings at E2labs as well as Adept Technologies who are known to have been conducting such training programmes for some time and investigate the where abouts of these trained ethical hackers.
While it is agreed that terrorists need not depend only on such organizations, as a part of the intelligence routine, watching the trainees of such institutions is a necessary security drill. Report in expressindia.com : Techgloss.com
Online Investment Frauds and Cyber Crimes
Here is an article on online frauds.
This is a Cyber Terrorist Attack on the Digital Society
Oct: 8: Security Experts have unearthed in a research that a new hacker's tool was used to compromise over 2 lakh web servers out of which malicious codes were successfully planted in over 80000 websites. Victims of the attack include government, Fortune 500, and a weapons manufacturing firm, and the US Postal Service. This is a typical Cyber Terrorist attack which tries to hit at the root of credibility and popularity of web as an information dissemination, e-Commerce and e-Governance tool. It is necessary for all countries to come together and address a protection plan against such attacks. It is also to be remembered that even though this attack appears to be on the websites, the objective could be and the impact would certainly be on the physical society as well. Detailed Report
DIGITAL SOCIETY DAY 2008.. Event in Bangalore on October 17, 2008
As in the previous years, Digital Society Foundation (Trust promoted by Naavi and others) will celebrate October 17, 2008 as the Digital Society Day of India in recognition of the fact that on October 17, 2000, ITA 2000 was given effect to bringing in the legal recognition for electronic documents for the first time in India. The theme for the current year is "Privacy and Data Protection in Cyber Space".
The event will consist of a day long programme to be held at KLE Law College, Rajaji Nagar, Bangalore in association with KILPAR (Karnataka Institute of Legislative and Parliamentary Reforms) and KLE Society's Law College. The seminar will discuss the issues in balancing the demand for Privacy Rights Protection by Human Rights Activists with the Law Enforcement needs in the light of Cyber Terrorism and Cyber Wars. It is intended to collect the views of Legal Experts on the "Essential Features of a Suggested Data Protection Act of India" to be consolidated and presented to Nasscom and Ministry of Communications and Information Technology for further action.
Delegate Fee: Rs 1000/- for professionals. Rs 500 for students. For Registration contact: KLE Law College, Rajaji Nagar, Bangalore. Or Send e-mail to email@example.com
(Law Students wishing to present a paper on the occasion may kindly submit the paper before October 10th to naavi, through e-mail and print copy. The best paper presenter may be invited to briefly present his views during the seminar). Detailed Programme
UK To Create Internet Surveillance Center
Oct 7: As per reports from UK, the British Government has set aside a budget of US $ 21.3 billion (Rs 90000 crores) to create a data base to monitor and store Internet Browsing, e-mails and telephone calls of every Briton. (Ref: yahoonews).
In India TOI has reported a move by IB to set up a "Research and Technology Center" and to recruit 6000 Cyber Spies. (Report: TOI).
While these news items will make the Privacy Rights supporters uncomfortable, it appears that the time has come to support such moves in the interests of National Security.
New Copyright Law in New Zealand Comes into Force
Oct: 3: New Zealand is amending its Copyright law with the Copyright (New Technologies) Amendment Act 2008 which becomes effective from October 31. One of the provisions (Sec 92A regarding ISP liabilities) will come into effect later from 28th Feb 2009. The act requires ISPs to terminate accounts used for Copyright infringement and strengthens the liability of Technology providers under Contributory Infringement concept
Details at behive.govt.nz
Information Security Culture in USA better than in India
Oct 1: An interesting survey conducted by CISCO has brought out some interesting factors which indicate that the security culture in USA is far better than the rest of the World and India is some where near the bottom better only to China. Some observations were
a) Use of corporate assets for personal e-mail was 39% in US as against 58% in India
b) Only 2% in US tweaked the security settings of the Company as against 20% in India to view their favourite websites not allowed under the Company policy.
These figures indicate the "Information Security Obedience Factor" which can be used as a parameter for measuring the data loss risk. If it is combined with "Information Security Awareness Index", "Information Security Effort Index", we can arrive at a Net "Information Security Compliance Index" for each company. This should be an interesting industry parameter to watch out. Report in Internet news.com Report in Forbes
Scrabulous Creators get a favourable Court verdict
Oct1: The Indian entrepreneurs Rajat Agarwal and Jayant Agarwal who had started the popular Scrabble game on MySpace under the name "Scrabulous", are reported to have obtained a partially favourable Court decision in the case filed against them for infringement of Trademark rights. While the conduct of the game has been permitted, the name has been ordered to be changed. The case had been filed by the original inventors of the Scrabble game claiming exclusive right for the online version. The case threw up several interesting questions on Copyrighting of Games, the combined rights of Trademark and copyrights etc. There is also an issue of when the game was invented and whether the copyright itself has expired etc. Report in LA Times : Background : Legal Debate1: Legal Debate 2
PR Syndicate honours 'Cyber Law Guru of India', Na.Vijayashankar
PR Syndicate, (an organization of Corporate PR Professionals in Chennai,) celebrated its First Anniversary on 20th January 2007 at Russian Cultural Centre. On the occasion, "Award of Excellence in Public Life" was presented to 'Cyber Law Guru of India' Na.Vijayashankar...More
Naavi's latest book "Cyber Laws Demystified" was soft launched at the Nimhans Convention Center during the Indian Police Congress. The book is a comprehensive coverage on Cyber Laws both ITA-2000 as well as IPR and other issues.
Structured into 24 chapters it also covers the proposed amendments to ITA-2000 in detail as an appendix. A copy of the Information Technology Act 2000 is also appended to the book.
The book also has several individual chapters on the legal issues of Cyber Banking, Cyber Advertising, Cyber Taxation and Cyber Terrorism.
The book is priced at Rs 750/-.
For Enquiries and Bulk orders click here. :
What is Naavi.org?
Naavi.org is India's premier portal on Cyber Law. It is not only an information portal containing information on several aspects concerning Information Technology Law in India but also represents the focal point of several services around Cyber Law carried on by Naavi.
The first such service is the Cyber Law College a virtual Cyber Law education center in India which provides various courses on Cyber Law.
The second key service is the Cyber Evidence Archival center which provides a key service to help administration of justice in Cyber Crime cases.
The third key service is the domain name look-alikes dispute resolution service which provides a unique solution for websites with similar looking domain names to co exist.
The fourth key service is the online mediation and arbitration service another unique global service.
The fifth key service is the CyLawCom service which represents the Cyber Law Compliance related education, audit and implementation assistance service.
Additionally, Naavi.org is in the process of development of four sub organizations namely the Digital Society Foundation, Naavi.net, International Cyber Law Research Center and Cyber Crime Complaints and Resolution Assistance Center. Digital Society Foundation is a Trust formed with the objective of representing the voice of Netizens in various fora and work like an NGO to protect their interests. Naavi.net is meant to develop a collaborative distributed network of LPO consultants. International Cyber Law Research Center would support research in Cyber Laws and Cyber Crime Complaints and Resolution Assistance Center would try to provide some support to victims of Cyber Crimes.
Together, Naavi.org represents a "Cyber Law Vision" that goes beyond being a mere portal. Started in 1997, when the concept of Cyber Law was new across the globe, consistent efforts over the last decade has brought Naavi.org to the beginning of "Phase 2" in which the services are ready to reach out to a larger section. This is recognized as the phase of collaborations and growth by association. Naavi.org will therefore be entering into a series of associations to develop each dimension of its vision with an appropriate partner. Individuals, Organizations and Commercial houses which have synergistic relationship with the activities of Naavi.org are welcome to join hands in commercial and non commercial projects of Naavi.org.
Add Your Comments Here
If you would like to know more about Naavi, the information is available here.
For Any Payments to be made to Naavi online : Naavi_s Payment Center