Recent Articles on ITA Amendment Act :   Copy of ITA 2008 : Comparison: ITA 2000 Vs ITA 2008  :

Indian Information Security Framework-IISF 309 : Copy of Notification on ITA 2008 :

...For a Copy of the E Book on Digital Signatures, Click here

2009-The Golden Year for Cyber Laws in India...Part II

The year started with the dawn of ITA 2008 but it took almost the entire year for the amendments to be put to action. As the year closes, we are left with a hope that 2010 shall take off as a prosperous year for Techno Legal Information Security Industry. Let the "Golden Year for Cyber Laws in India" pass on the baton to a prosperous year for all Netizens  in India and elsewhere...More

2009-The Golden Year for Cyber Laws in India

The year 2000 was the launch of the Digital Society in India since Cyber Laws were first put in place in the form of Information Technology Act 2000. (ITA 2000),  Now the year 2009 has turned out to be a landmark year in the history of Cyber Laws in India with the notification of the Information Technology Amendment Act 2008 (ITAA 2008). ..more

ITA 2008 starts to take effect

Dec 29: It is heartening to note as per this report that search engines have started taking action to filter pornographic content as per ITA 2008. A Guardian report states that Yahoo search engine and Flickr Photo sharing site have made it mandatory for Indian users to use safe searching facility. It is also reported that action is being taken to block the re-surfaced savita_bhabhi site. Report

CBI Arrest Software Company CEO

Dec 29: On a complaint filed by Microsoft, CBI has arrested a CEO of a Company in Delhi allegedly involved in selling pirated Microsoft products, manipulation of activation keys, etc. Report

Section 6A .. Draft Rules Put up for discussion

Dec 27: The Ministry of Communication and IT, GOI has placed draft rules under Section 6A of ITA 2008 on its website. This refers to the rules regarding service delivery and incorporates one recommendation that had already been recommended to Karnataka Government some time back by Naavi, namely creation of a repository of digitally signed documents and digital Signature certificates of officials. (It is not clear if the rules were finally implemented). The rules are in the nature of "Enabling provisions" and a suggested framework which the State Governments may use to draft the state level rules for the specific services to be rendered. State Governments need to announce their own rules. Copy of Draft Rules : Related Article: Rules to be Framed under ITA 2008 by Central Government

Internet Intermediary Liability in India

Dec 27: National Law School, Bangalore is organizing a seminar on Internet Intermediary Liability in India on March 5, 2010. The annual programme Consilience this year seeks to not bring leading academicians to debate upon the topic of contention and  also looks to increase and encourage student participation. More details are available at www.consilience.in

"Naavi" finds a clone in Avatar?

Dec 25: Naavi is in the process of becoming a globally known name...may be not for the exploits in the Cyber Law field but because of Avatar movie. Naavi is being used as the Internet avatar of Vijayashankar since around 1998. Over the past few years, the popularity of Naavi had already got a few chat avatars emanating. A job site even took a key word ad on Google search for some time with Naavi as the key word. One lawyer in Nagpur wrote in his face book profile that www.naavi.org was his site. In the meantime a squatter registered the naavi.com domain name in which we started our initial web activity. But now with the Avatar 3D movie having been released both in India and abroad, we will soon have Google filled up with Naavi hits on the movie related issues. Hopefully, the original Naavi needs to identify himself as Cyber Law Naavi or Naavi of Naavi.org. Report on the movie.

The New Era of CiNezens

Dec 25: Cyber Laws have been defined as the laws of the Cyber Space. Though Cyber Space emerged as a border less society with a strong foundation based on anonymity, pseudonomity and freedom of speech, over the last decade the nature of Cyber Space particularly from the perspective of regulation has undergone a seachange.... today’s regulations are being driven by a community other than the Citizens of the Country. These are the persons whom we can recognize as a hybrid entity between Citizens and Netizens who may be appropriately called CiNezens... More

China Mandates Registration of Websites

Dec 25: This week, China's Ministry of Industry and Information Technology released regulations, dated Dec. 15, requiring the registration of all Web sites. The wording of the rules is broad enough to cover all sites, domestic and foreign, whether or not they carry sex-themed material. "Domain names that have not registered will not be resolved or transferred," the regulations state. ..detailed article

Watch out.. DMCA of India is coming

Dec 24: A bill proposing to amend Copyright Act 1957 to align it with the international demands is reported to have been cleared by the Cabinet committee. According to the Press release, this will address the issue of Digital Management Rights, rights to authors etc. Details are awaited. An earlier draft of the proposed amendments which were available in the Copyright Office website and later withdrawn is available here for information. It is not known if the draft has been changed subsequently.  Copy of PIB release

When Banks in India don't use Digital Signatures, ..It would be a Clause 49 Non Compliance

Dec 24: Corporate Governance is an important responsibility of top management in any listed  corporate entity in India. An offshoot of this responsibility is the written commitment given by the Management in the annual report. This written commitment commits the Chairman as well as the Independent Directors besides the executive directors.

under Section 3 and 3A of ITA 2008 any electronic document that requires authentication needs to be authenticated using Digital Signatures. Since many of the Company's transactions are done using electronic documents and liabilities are being created far and against the Company through such electronic documents, if the electronic documents are not authenticated in a "Non Repudiable Mannner" there would be an adverse impact on the Company. Hence if there is no compliance of Section 3/3A of ITA 2008, there would be  deficiency in Compliance. .. More

National Security Infrastructure

For the first time in India, the Central Government  has come up with a specific national security plan. Mr P Chidambaram, the Union Home Minister must be congratulated for articulating a plan to split the Home Ministry to create a separate ministry for internal security and also think of setting up a counter terrorism agency. A copy of the speech of Mr PC is found here.

For the First time in India,  Bank Absorbs Phishing Liability

Dec 23: Phishing attacks are a common form of risks in today's Internet based Banking. Banks have been largely bulldozing the customers into believing that the liability for Phishing should be boarne by the customers because they were negligent in responding to the Phishing mail.

...it is heartening to note that Bank of India has set a precedence by accepting liability for Phishing in one the cases filed in Bangalore and repaying the amount along with interest to the customer who was a victim of a Phishing fraud. In this case, the banking Ombudsman also directed the Bank to make the payment and the Bank obliged... More

Why It’s Hard to Teach Internet Law

Dec 23: Here is an interesting article on the difficulties of teaching Cyber Law. As a teacher of Cyber Law with nearly 10 years experience in India, Naavi agrees with the views well articulated in the article. Naavi has with reasonable success integrated the technology students into Cyber Law and is now working on bringing the study of law to the Management field. A course "Cyber Laws for Managers" is being planned in Chennai in association with a business school which will start a new trend in the teaching of Cyber Laws in India. The article

ICT Report Card For 2009

Dec 23: A Press Release from PIB lists the achievements of the GOI during 2009 in the ICT sector. Press Release

UID Will Not Issue Cards

Dec 23: Despite clarifications from Nandan Nilekeni, there is still a confusion in the market about whether UID will issue a "Card".  This article in ET with the body of the article stating UID is a number and the heading stating that it is a Card is a typical reflection of the confusion in the minds of many. Several years back Naavi suggested adoption of the DVIIS system for Citizen Card. This system suggested that "Smart Cards" are not required for the purpose and all data should be held in a secure virtual space and the users are required to hold only a simple paper based card with a Unique number which would server as the Citizen ID card. This same principle of "Virtual Information" is used by UIDAI now for the issue of UID number.

For the time being the DVIIS card which was proposed is being replaced by a letter to be issued by the UID to the UID applicant stating the number allotted to the individual. Cards may be issued by different service agencies which may rely on UID for their specific purposes. For example, a Bank may issue a Customer ID based on UID. The Passport office may issue the Passport Card incorporating UID as one of the parameters. The RTO may issue a Driving License Card incorporating the UID etc.

 Related Articles:

Digital Value Imprinted Instrument System : Smart Cards and Their Limitations, : Buying Process Modification and Optimal Solutions,: Bus Ticketing Project,: Smart Cards for Citizen ID. .Let's Not Build Castles in the Air :  The National Card Challenge for Nandan Nilekani..Part I,: Reasonable Security Practices for UID project. a draft for debate.

Libel Charges on Website in USA Dismissed

Dec 22: An appellate court in New York has dismissed a defamation lawsuit against a Web site that allegedly hosted libelous comments about a local realtor. The court ruled that the site was immune from liability under the federal Communications Decency Act, which protects Web sites from damages for content created by users. The victim is considering an appeal.  Detailed Article

Innovative Ways to Charge Bank Customers

Dec 20: The modernization and use of IT in Banking were expected to reduce the cost of transactions in Banks and improve their efficiency. However in India Bank customers appear to have neither seen increase in efficiency nor reduction in costs. During the pre-IT days, Banks were collecting outstation cheques within 7 days at a nominal cost. Now Banks with RTGS support take more than a week and charge exorbitantly for outstation cheque collection. But what appears to take the cake is introduction of the  internet banking and charging the customer for the issue of passwords. I am not sure if all Banks adopt this practice but it has been noticed in the case of Union Bank of India.. RBI needs to clarify the reasoning for this levy on the customer. What is notable is that Banks are first of all violating the law of the land by not adopting digital signatures for the authentication of electronic transactions and yet want to charge the customer for passwords at a rate higher than what it costs for a class I digital signatures.

ITA 2008 Emergency Help Center

Naavi.org pioneered the Cyber Law Compliance drive in the Indian Corporate Sector in 2000. However, the Corporates never woke up to their responsibilities to the required extent until now. With ITA 2008 becoming effective from October 27, 2009, the situation has now changed. Corporate Directors are slowly started feeling uncomfortable with the possible non compliance of the regulations when they sit to sign the next year's annual report in April 2010. The Company Secretaries preparing for the year end Board meetings to chart out the last quarter agenda on a priority basis are scratching their heads on what to do with the Compliance requirements under ITA 2008. In order to assist such Corporate Directors, CEOs and Company Secretaries, Naavi.org has set up an "ITA 2008 Emergency help Center" on +919343554943 and naavi@vsnl.com to provide immediate information on the requirements. ..More

Hackers Attack Microsoft COFEE

Dec 16: Hackers have released software they say sabotages a suite of forensics utilities Microsoft provides for free to hundreds of law enforcement agencies across the globe.

Decaf is a light-weight application that monitors Windows systems for the presence of COFEE, a bundle of some 150 point-and-click tools used by police to collect digital evidence at crime scenes. When a USB stick containing the Microsoft software is attached to a protected PC, Decaf automatically executes a variety of countermeasures. Related Article:

UPAID case settled for US $70 Million

Dec: 15 The 1 billion US $ claim by UPAID on Satyam has now been renegotiated and settled for US $ 70 million with Mahindra Satyam buying back the patent whose rights came under a dispute because of allged forgery of signatures of two of Satyam employees. Related Report

Mobile Numbers Directory

Dec 13: SMS alerts have come to be increasingly used by Banks as a means of informing customers about Credit Card and transaction information so that customers can alert the bank if the transactions are not genuine. Some Banks are even treating this on part with "second factor authentication". In many mobile banking transactions, SMS is the means of authentication. In view of this the mobile number of a customer becomes a key information of the account holder which the Bank should consider as "Security Sensitive". More

RBI opposes Mobile Based Financial Asset creation

Dec 13: RBI and Home Ministry appear to have reservations on the introduction of Mobile Based Financial Services in India by MSPs. This report in ET indicates that RBI is concerned about the creation of parallel economy based on financial assets created on mobile banking. It may be supposed that the opposition of home ministry may be based on the use of mobile financial assets by anti national elements.

On the otherhand, the Income Tax department appears to be in favour of the system of Mobile Wallets by MSPs to continue.

In the absence of appropriate security solutions to protect mobile transactions and the lack of proper security even at Banks, it would be premature to expand mobile banking and allow entry of MSPs into the field. MSPs have to first demonstrate their capability to manage the KYC norms to prevent misuse of mobiles before claiming more say in the finacial industry.

Naavi.org considers that RBI is correct in opposing their entry to parallel banking systems and also the Home ministry is also correct in opposing the move from security considerations. May be the decision can be reviewed based on specific solutions that the industry may propose in future.

Related Articles: ET 1 : ET 2 : Medianama : Current Guidelines : Old Guidelines

The Shied and Sword Approach to Information Security

Dec 12: Naavi has been promoting the thought that "Security is No Security if it is not Techno Legal Security". In purusance of this thought the end objective of Information Security is being sought to be redefined from the current DRP-BCP concept to DLP-OLR concept where the acronyms stood for Defensive Legal Protection and Offensive Legal Remedy .  Accordingly the DLP-OLR terminology has been incorporated in several documents used in this site. Since may other practitioners have started using the acronym DLP for Data Leak Prevention, in order to avoid confusions that may arise due to the overlap of the acronyms, I have now decided to use an alternate terminology for the DLP-OLR concept namely DLS-OLS meaning Defensive Legal Shield and Offensive Legal Sword,. In this context the recommended Techno Legal Information Security Management strategy would be referred to as the "Shield and Sword Approach". The concept may also be extended to the counter offensive strategies which we may discuss in certain national security contexts.

The Buck Stops Here

This is a copy of article written by Naavi on the need for Cyber Law Compliance.  More

Ankit Fadia Website Hacked?

December 08: It is reported that the website of the ethical hacking expert Mr Ankit Fadia has been hacked and made to indirectly promote a Viagra website. Mr Fadia has stated that the problem is at the server maintained by net4india while several other security experts disagree. According to the report, though Fadia's website, http://www.hackingmobilephones.com/, doesn't have a visible connection with any outside portal, it has an invisible link to a website named http://www.uindy.edu/ and some other similar ones. These are related to advertising and promoting Viagra online. 

It also appears that the website uindy.edu belongs to the University of Indianapolis and a folder named "/surveys/public/viagra" is being used for hosting the viagra promotion pages. It appears that that server has also been compromised. It appears that at the time of verification, the university has removed the offending pages.

 Report in Midday. : Hacked Website Source Code

Chinese Cyber Intrusion

Dec 4: In yet another instance indicating that China specializes in Cyber Warfare, the report in DNA indicates that China appears to have intruded into vital army computers and stealing the data. The Government of India should collect some evidence and take up this intrusion as an act of aggression for a debate in UNO.

Autonomy of IIMs at stake

The continued failure of the CAT online examination has made it necessary for the GOI to order an enquiry. If the enquiry is held fairly, it is more or less certain that IIM Administration along with Prometric would be held to be at fault on various grounds. The surfeit of criticisms appearing on the press also indicate that the possibilities of Courts taking a strong adverse view of CAT-2009 is very high.

Under the circumstances, as a premier management institution, IIM has do display its ability to drive through a crisis. As we often say, “The character of a person is displayed not when he falls down but when he gets up”. Now it is time for IIMs to display this character which should reflect admission of its fault in not conducting a dry run, not consulting IS specialists, and not having a backup plan... More

India Blocks Chinese Mobiles without IMEI

Dec 02: In a long pending move, India finally implemented ban on Mobile without IMEI numbers. It is expected that around 25 million Chinese made mobiles are likely to be affected in the process. The Government also appears to have taken note of the intelligence reports that Chinese made computer hardware can be a source of security risk because of malicious embedded chips. Report

Mismanagement of CAT.. A Setback for IIMs

Dec 1: The failure of the online CAT system has thrown the reputation of IIMs to winds. As premier management institutes of the country, graduates of IIM are expected to manage challenges and crisis in the industry scenario. However, the way IIM has handled the transition from paper-based CAT to online CAT has left everyone wondering about the ability of IIMs... More

 

Naavi.org is India's premier portal on Cyber Law. It is not only an information portal containing information on several aspects concerning Information Technology Law in India but also represents the focal point of several services around Cyber Law carried on by Naavi.

The first such service is the Cyber Law College a virtual Cyber Law education center in India which provides various courses on Cyber Law.

The second key service is the Cyber Evidence Archival center which provides a key service to help administration of   justice in Cyber Crime cases.

The third key service is the domain name look-alikes dispute resolution service which provides a unique solution for websites with similar looking domain names to co exist.

The fourth key service is the online mediation and arbitration service another unique global service.

The fifth key service is the CyLawCom service which represents the Cyber Law Compliance related education, audit and implementation assistance service.

Additionally, Naavi.org is in the process of development of four sub organizations namely the Digital Society Foundation, Naavi.net, International Cyber Law Research Center and Cyber Crime Complaints and Resolution Assistance Center. Digital Society Foundation is a Trust formed with the objective of representing the voice of Netizens in various fora and work like an NGO to protect their interests. Naavi.net is meant to develop a collaborative distributed network of LPO consultants. International Cyber Law Research Center would support research in Cyber Laws and Cyber Crime Complaints and Resolution Assistance Center would try to provide some support to victims of Cyber Crimes.

Together, Naavi.org represents a "Cyber Law Vision" that goes beyond being a mere portal. Started in 1997, when the concept of Cyber Law was new across the globe, consistent efforts over the last decade has brought Naavi.org to the beginning of "Phase 2" in which the services are ready to reach out to a larger section. This is recognized as the phase of collaborations and growth by association. Naavi.org will therefore be entering into a series of associations to develop each dimension of its vision with an appropriate partner. Individuals, Organizations and Commercial houses which have synergistic relationship with the activities of Naavi.org are welcome to join hands in commercial and non commercial projects of Naavi.org.

Naavi

---

Add Your Comments Here

---

If you would like to know  more about Naavi, the information is available here.

For Any Payments to be made to Naavi online :  Naavi_s Payment Center

RSS Subscription

BLOG POSTS