Recent Articles on ITA Amendment Act :   Copy of ITA 2008 : Comparison: ITA 2000 Vs ITA 2008  : Indian Information Security Framework-IISF 309

Copy of Notification on ITA 2008

...For a Copy of the E Book on Digital Signatures, Click here

---

Unique ID Project.. What should be Unique?

Aug 30: In the absence of the physical card however, the virtual data base becomes critical to the integrity of the system and will be a target of attack for cyber terrorists and data thieves. The security of the data therefore becomes paramount and there is a need for appropriate measures in this regard....While the UID itself will be a Root ID for downstream services available to the Citizen of India, there is a need to recognize one single  "Root UID Parameter" so that in the event of any dispute, the UID would be owned by the person in undisputable control of the "Root ID Parameter"....Out of the 12 parameters indicated for inclusion in the UID data base, "Address" is one parameter which is subject to change. It is therefore not suitable as part of the ID document. It is better that it is removed from the database. If required, it can be part of the secondary data base and used as "Registered Address at the time of first creation of the data"....It must be remembered that UID will be "Information Residing Inside a Computer Resource" and is subject to the provisions of Information Technology Act 2000 (ITA 2000)  and the proposed amendments through Information Technology Amendment Act 2008. (ITA 2008)....

As some one who is working on Netizen Welfare for over a decade, the undersigned would like to make a strong demand that the UIDAI should establish appropriate systems and procedures which would ensure that Netizens are protected against the inefficiency and malicious intentions of the staff of UIDAI. .. Also see comments in BloggersNews.net

Chinese Hardware to be subjected to Security tests

August 29: Mr Sachin Pilot, Minister of State for Telecom has indicated that Chinese made hardware supplied to India will be subjected to security checks. It has long been suggested by security experts that Chinese made mobiles, Internet modems and other electronic devices (may include computers) may come with hardware specially designed to steam data or take control over the device for a future Cyber war scenario. Security experts have also warned that BSNL uses ZTE modems for Internet routing at the consumer end which are vulnerable to intrusions. However, BSNL as well as other MSPs continue to rely on the Chinese supplies due to consideration of economy, though this comes at the cost of security.

Though an announcement had been made earlier that Chinese made mobiles will be banned for import, no action has been taken at the MSP level so far to block mobiles which donot have proper IMEI numbers. We hope that the current announcement would be followed up for necessary action on the ground. Report in ET

Intermediary Websites used for Virus distribution

Aug 26: A recent research revealed that over 55000 hacked websites were being used for malware distribution through embedded scripts. Many of these included sites of charitable organizations. One may recall that Bank of India, Indian Express, Deccan Herald have been Indian sites which have been compromised in the past through such iFrame exploitation. Article in zdnet

Indigenous Anti Virus Package Hailed

Aug 26: K7 Computing, a Chennai based indigenous Anti Virus software developer has released its latest version of the total security tool.  A recent review in PC Magazine indicates that the software is getting ready to hit the US market and with a little more improvements could pose a stiff challenge to the established products in the market. Hopefully in an year from now K7 Computing would emerge as an indigenous anti virus software from India who can challenge the other established players such as Symantec, Mcafee and Kasparesky.

Air Tel to Pay damages to Bangalore Techie

August 25: Airtel which gave a wrong IP resolution details to the Police and caused the wrongful arrest of the Bangalore software engineer some time back has been ordered to pay damages to the extent of Rs 2 lakhs. The techie was in jail for 50 days before the Police found out that they had arrested the person by mistake. The arrest itself was wrongly done under Sec 67 of ITA 2000 though it was a defamation case under IPC on a historical character of Shivaji.

The Commission, which took up the case suo motu after reading newspaper reports, found that Bharti Airtel provided wrong information to the police on the IP address as they made a mistake in the time for which the information was sought. The 12-hour time difference for information provided led to the arrest of the wrong person.

A similar mistake of misreading of time was done in 2001 by the Cyber Crime Police Station, Bangalore in a case where the accused is still awaiting trial. .Details

Telecom Companies may be held liable

Mobile companies who allow bulk SMS need to remember that if the messages are used for committing frauds, the service provider may be liable under various provisions of law including ITA 2008 for "Assisting" and "Not following Due Diligence". They need to set in motion a Cyber Law Compliance plan just like web site owners accepting advertisements. It is reported that a GM of BSNL has commented that at present the only option is to register in the Do Not Disturb List.

However, this is not a correct view and the officials of BSNL may be exposed to the rigorous prescription of Section 85 of ITA 2000 if they donot set in motion an appropriate compliance plan.  Related Article in IE

Sec 65B Discussed in Delhi Court

A discussion on Sec 65B which may be of interest to Cyber Law observers is found here:

Online Broker Hacks into Demat Account

August 8: A Vice-president of Indiabulls, a leading online broker has been reported to have been arrested  for allegedly hacking into the demat account of a client and carrying out a Rs 1-crore fraud. Daga has been remanded in police custody till August 18. The person is accused to have sold off or diverted to his own account every single share that a client owned. Report in TOI

A similar case had been filed in Mangalore last year against India Infoline where the manager had been accused of having cheated three customers of Rs 21 lakhs. However, in this case, the Cyber Crime Police Station did not pursue the case as a Cyber Crime case and the complainant is still fighting to recover his dues. Even SEBI has not been cooperative in this case. Yet another online fraud complaint again against India Infoline is pending with the Adjudicator of Gujarat.

Unfortunately, many of the "Cyber Crime" cases involved in these as well as Phishing Cases are wrongly being reported to Consumer Forums. In some cases the cases are even being adjudicated as "Service Disputes" though the Cyber Crime cases have to be adjudicated only through the adjudication system in IT Act.

Update on baazee.com case :

August 7: The Supreme Court admitted petitions of auction portal eBay India Pvt Ltd and its chief Avinash Bajaj seeking quashing of the criminal proceedings initiated against them for allegedly permitting the sale of an MMS clip showing two school students in Delhi in a sexual act.

A Bench headed by Justice Altamas Kabir admitted both the pleas and tagged them with another similar issue pending before a larger Bench.

It is Time we find a New Electronic Signature

August 6: The amendments to ITA 2000 has enabled introduction of new means of authentication of electronic documents that may co exist with the current system of Digital Signatures. Though the notification of the date of effectiveness of the amendments is still awaited, it is time for the industry to start working on alternate systems which can improve the existing digital signature system as well as introduce new systems. The report on MD5 collisions (See here) makes it necessary to immediately consider some means of replacement. It is understood that the Government may be considering notification of SHA256 as another approved algorithm so that it can be incorporated in Digital Signature systems by the licensed Certifying Authorities.(CA). Along with this we may also consider dual hashing of MD5 and SHA 1 to eliminate the collision risks indicated by the research report mentioned earlier. This will be easy to implement and less expensive. Additionally it is time for CAs to take a re-look at the "Token Based Secured Digital Signatures" which have some problems associated with encryption of documents in transit. CAs also need to sort out the compatibility issues with new OS such as Windows Vista.

Unfortunately, the CCA is too tolerant of the CAs playing with Digital Signature Consumers by providing systems which are not compatible with Windows Vista (eg SafeScrypt), introducing consumer unfriendly procedures for revocation and re issue of certificates etc. We hope that the new CCA Mr Vijayaditya would devote some attention on the problems faced by Digital Certificate holders in India... Also See ; Attention Controller of Certifying Authorities in India

Amazon Accused of Hacking

Aug 3: An interesting legal battle appears to be on cards with a case under Compute Abuse Act having been launched on Amazon books for an action taken to respond to a Copyright issue. The issue pertains to the remote erasing of an e-book content in the hands of the authorised buyer because the author of the book objected to the publication. Did Amazon have the right to erase the book once the right had been sold? ..remotely?. Does it mean violation of privacy?...Is it Hacking?.... are the several issues that the issue raises. The issue also highlights how the new Digital Rights Management systems make a mockery of the consumer rights. The correct remedy for this issue would have been for Amazon to regularise all its sales by paying appropriate compensation to the original copyright owner rather than withdrawn the sale of the product already made.

Unfortunately, the consumer is the last person to be protected in current legal regime where Commercial interests of business intermediaries prevail over the consumer interests. : Related Article 1 : Article 2

 

EVMs.. Should they not also be law compliant?

August 2: A fresh discussion is now going on in India on the EVMs and whether they are tamper proof. In this connection we also need to discuss if it is sufficient to focus on the technical security of EVMs or should we also look at the Techno Legal security surrounding the EVMs. The legal security comes from the ability of the EVMs to be subjected to legal scrutiny in case of election disputes and for this purpose they need to be compliant with the exhibiting laws in the first place. This aspect has been discussed in naavi.org in the past. However in view of the current interest, readers are invited to read this recent article on the topic. EVMs .. Making them Transparent and Cyber Law Compliant.

Banning of Obscene Website Acceptable

August 1: Speaking at a public awareness programme in Kochi, the Chief Justice of India, Justice K G Balakrishnan has said that the Government has the power to ban specific websites containing obscene information. This is relevant for the savitabhabhi.com case. Article-ptineews

Are Cyber Criminals working for discrediting public functionaries?

August 1: People who occupy responsible and sensitive public positions are often targeted by their opponents in different ways to discredit them. We donot know if it is just a coincidence or a deliberate move by organized criminals.

Naavi.org has today come across an incident where one of the respected judges heading a sensitive investigation panel in Karnataka has been put to embarrassment by a Nigerian mail sent from his e-mail address which highlights the seriousness of this kind of a problem. In a popular Nigerian mail fraud, e-mails have been sent out from the e-mail address of the functionary obviously to all his mail contacts which consist of his friends and business contacts.

The mail which says "Hope you are doing well, I am writing to ask you to please loan me $2,500  urgently. I traveled to Nigeria for a program so i was robbed at the hotel  where i lodge. Now i need $2,500 to settle my bills and get a flight ticket  back home. I will appreciate any amount you can quickly arrange and send to me via Western Union or Money Gram with the details below." provides an address in Nigeria and is sent to all his contacts in the mail system. At least a few unsuspecting friends may respond.

This could be either an act committed with the use of a trojan or by hacking into the e-mail account by stealing the password.  When ordinary persons make complaints in such cases, neither the Police take it seriously nor the service provider (yahoo) cooperates. The current incident highlights how public functionaries may be discredited through such acts.

In order to put an end to such practice, it is suggested that Police may register a complaint and take up investigation making Western Union a party to the attempted fraud which in all probability could even be funding terrorist organizations. If required, more information would be provided to the Police.

Naavi.org has been highlighting that financial intermediaries including Banks often lend a helping hand to criminals using Internet for fraudulent purposes mostly through negligence. Phishing, Lottery Scams and Nigerian frauds are important Cyber Crimes where the financial intermediaries help in money transfer and criminals, terrorists use their services with impunity. There is a need to check this possibility as a part of National Cyber Security.

Also see: National Netizen’s Rights Commission Required in India

Naavi.org is India's premier portal on Cyber Law. It is not only an information portal containing information on several aspects concerning Information Technology Law in India but also represents the focal point of several services around Cyber Law carried on by Naavi.

The first such service is the Cyber Law College a virtual Cyber Law education center in India which provides various courses on Cyber Law.

The second key service is the Cyber Evidence Archival center which provides a key service to help administration of   justice in Cyber Crime cases.

The third key service is the domain name look-alikes dispute resolution service which provides a unique solution for websites with similar looking domain names to co exist.

The fourth key service is the online mediation and arbitration service another unique global service.

The fifth key service is the CyLawCom service which represents the Cyber Law Compliance related education, audit and implementation assistance service.

Additionally, Naavi.org is in the process of development of four sub organizations namely the Digital Society Foundation, Naavi.net, International Cyber Law Research Center and Cyber Crime Complaints and Resolution Assistance Center. Digital Society Foundation is a Trust formed with the objective of representing the voice of Netizens in various fora and work like an NGO to protect their interests. Naavi.net is meant to develop a collaborative distributed network of LPO consultants. International Cyber Law Research Center would support research in Cyber Laws and Cyber Crime Complaints and Resolution Assistance Center would try to provide some support to victims of Cyber Crimes.

Together, Naavi.org represents a "Cyber Law Vision" that goes beyond being a mere portal. Started in 1997, when the concept of Cyber Law was new across the globe, consistent efforts over the last decade has brought Naavi.org to the beginning of "Phase 2" in which the services are ready to reach out to a larger section. This is recognized as the phase of collaborations and growth by association. Naavi.org will therefore be entering into a series of associations to develop each dimension of its vision with an appropriate partner. Individuals, Organizations and Commercial houses which have synergistic relationship with the activities of Naavi.org are welcome to join hands in commercial and non commercial projects of Naavi.org.

Naavi

---

Add Your Comments Here

---

If you would like to know  more about Naavi, the information is available here.

For Any Payments to be made to Naavi online :  Naavi_s Payment Center

RSS Subscription

BLOG POSTS