For Digital Signature Certificates with Online Training on how to use them securely,  Contact naavi@vsnl.com

Digital Society Foundation of India (DSFI) intends making a consolidated representation to Reserve Bank of India on behalf of the Phishing Victims to pursue improvements in the security of Internet Banking in India. DSFI therefore invites information from Phishing Victims with details of their respective cases indicating the amount lost, bank involved, how the amount was transferred, to which account the amount was transferred, whether a Police complaint was preferred, FIR lodged, whether Bank responded to the complaint etc. Victims may use the enclosed format if required and elaborate with evidence if any. All material may be sent by mail or e-mail to DSFI office at Bangalore at Digital Society Foundation, No 37, 20th Main, B S K Stage I, Bangalore 560050, Ph 26603490, e-mail;dsfoundation@gmail.com. .. Online form: : Word/ PDF  (For download)

 

EVM Vulnerability Exposed

April 30: Electronic voting machines (EVMs) have been in wide use for several years in India. In the last few elections doubts have been expressed about the vulnerability of the machines and some time back even a PIL had been filed against the system. Naavi has been also highlighting the "Cyber Crime and Cyber Law Compliance" part of the system .( Refer article).

A detailed note on the various ways by which EVMs can be manipulated is now in the public domain through a paper released by three volunteers (J. Alex Halderman, Hari K. Prasad, Rop Gonggrijp) who have conducted an extensive research on the actual machines. The report can be found here. (4 MB PDF file).

A video of on the findings is also available here.

An interesting cartoon can be found here.

Is there a solution to making EVM's trust worthy? Perhaps Yes. If any entrepreneur is interested in developing a suitable alternative system, Naavi would like to discuss the possibilities. Related Article by senthilraja  :  Article in bloggersnews

Ranjitha decides to take action

April 30: Ranjitha, the Tamil actress who was allegedly involved in certain objectionable action in the video related to Nityananda has after a long time broke her silence and raised objection to her name being dragged into the case. The implication of her statement is that the lady in the video is not her and any reference to the same would attract defamation action. Interestingly she has also indicated that action under ITA 2000 may be initiated. In case she maintains that she is not the person in the video, then the charge can only be on the defamation front and on the media which stated that it was she who appeared in the video. The charge under ITA 2000 may come either in case there is an allegation that the video has been morphed with Ranjita identity being added to some other video. Alternatively, a charge can be made under Section 66E of ITA 2008 for "Breach of Privacy" provided she admits that it was herself in the video but it was violation of her privacy. It would be interesting to see how she sustains the defamation statement in a court if required.

A few years back a similar incident had occurred in Tamil Nadu where what was called a "Trisha Video" was in circulation. Here also the celebrity decided to disown that it was she who had been secretly photographed and hence Police could not press any serious charges. For Section 66E charge to be made it is essential that the person should admit that it was his or her privacy that was violated. Otherwise the case would be hollow. The defendant can also feign ignorance stating that the charecter looks like the celebrity and it was reasonable for him to assume so. Under Section 66A, he can claim that it was "not known to be false". Hence Ranjitha's case is unlikely to be sustained under ITA 2008 if attempted.

 Related Article by Neeraj Arora

Charge sheet Filed in Umashankar Case

April 30: Just before the judgment of Umashankar Vs ICICI Bank adjudication was released holding ICICI Bank liable on Phishing, it is now also known that a chargesheet has been filed by the Chennai police in the case under Section 66 of ITA 2000. Chargesheet includes Sections 419,420,465,468 and 471 of IPC also. The chargesheet however has been made against the account holder in Mumbai Fort branch of the Bank to which the phished amount was transferred and later withdrawn in cash across the counter.

The criminal proceedings recognize the offence under Sec 66 as was done by the adjudicator while exercising his jurisdiction. The adjudicator had consequently also examined the operation of Section 85 and held that ICICI Bank was liable under Section 85 due to a failure in fulfilling the "Due Diligence" obligations. This automatically means that ICICI bank officials in charge of the business as well as the Directors of the Bank are also liable for the offence and such offence may extend to criminal obligations. The precedence of baazee.com in the ITA 2000 scenario as well as several other IPC instances would be sufficient to make ICICI Bank liable on criminal grounds.

In the instant case, the Mumbai branch was accused of opening the account of the fraudster without following KYC norms, granting him "Overdraft" facilities, allowing him to withdraw Rs 4 lakhs in cash across the counter immediately after the disproportionate amount was credited to the account, destroying the CCTV evidence available to identify the fraudster, failing to lodge a complaint when the fraud was brought to their notice, claiming that they were entitled to retain part of the fraud proceeds to recover the overdraft amount etc make ICICI Bank officials in Mumbai susceptible to be charged for criminal negligence.

ICICI Bank should be relieved that the Police have spared them from being charged either under Section 66 or under Sec 420 of IPC though there were enough grounds for the same. There is however a possibility that at some point of time in future, Police may rethink and add the Bank as Co-Accused in the case or alternatively a PIL may be filed for the purpose.

Who is the Competent Authority for Blocking websites?

April 28: Search engines have a practice of registering for a price links that appear on the top of a search query. A press release from PIB indicates that GOI has issued directions to major search engines Google, Yahoo and MSN that no "Sponsored Links" shall be displayed for the search query on "SEX". According to the Press Release, the direction has been issued under Section 69 of ITA 2008 by the Controller of Certifying Authorities. (CCA). It is however noted that under the amended Section 69 under ITA 2008 and the rules notified there with, the competent authority to issue the necessary directions is not the CCA but the secretary of Ministry of Home Affairs at the Center or the State.

 Also the directions under this section is meant for "Interception and monitoring" of the type alleged to have been undertaken by the NTRO recently as reported by the outlook magazine and denied by the Government. The actual action directed here falls under the powers available under Section 69A and the competent authority for issuing the same according to the notified rules  is a "Designated Officer" to be designated or in his absence the Secretary of the Department of Information Technology under emergency powers. However in a recent case at the Delhi High Court, a direction was issued to CERT IN for blocking and CERT IN filed a reply stating that the competent authority for blocking is "Coordinator, Cyber Law Division, Department of Information Technology".

It therefore appears that the PIB press release is based on a incorrect information based on the earlier version of ITA 2000 where the Section 69 directly gave powers to the CCA for interception and decryption. It is surprising that there is confusion at the department of IT itself on who is the competent authority for blocking access under ITA 2008.

Cyber Crime is Big Business This Year

April 27: Experts feel that Cyber Crimes will further increase in 2010 in both the number of incidents as can be measured by say the number of malware codes in circulation, number of botnets created, number of credit cards stolen, number of financial frauds etc bit also grow in terms of value. For the time being it is impossible to estimate the potential security threat arising out of Cyber Crimes since there is dearth of statistics on reported cyber crime incidents.

Naavi.org contemplates creation of a "Digital Security Consortium" in India and bring together all agencies working in the area of Cyber Crime prevention under one banner for information exchange purpose. This we consider is the first step to understanding Cyber Crimes. Article in FE

UN Rejects International Cyber Crime Treaty

April 27: UN has rejected a Russia backed proposal for a new Cyber Crime treaty on the grounds that a new study is required before it could be considered. The decision is obviously influenced by US and EU communities who advocate that there is already an existing treaty for the purpose. The EU community signed the  Budapest Convention which has been ratified by 46 countries.

The Budapest Convention gives police powers to access servers in other countries without the permission of the authorities, as long as the system owners sanction the access. Criminals can hop between servers in different countries quickly, police want to be able to secure electronic evidence before they move on, and need to be able to subpoena service providers to hand it over. Russia is in opposition of this provision.

It is time if India can consider itself well placed to suggest a  regional Cyber Crime Treaty for South East Asia which can then be harmonized with the other international treaties.

.. Details

CII Conference on Cyber Security

April 25: Confederation of Indian Industry Southern Region (CII) held a one day conference on Cyber Security at Hotel Accord Metropolitan, Chennai on 24th April 2010. This is a brief report (from Naavi as a speaker/delegate) on the proceedings of the conference. P.S: This is not an official report of CII and contains only the personal observations of Naavi...More :

Copyright Act Set for Amendment

April 20: A Bill to amend Indian Copyright Act 1957 and incorporating certain provisions which are of importance to Digital Documents has been introduced in the Rajya Sabha. Copy of the draft bill is available here.

Another Consumer Court Verdict against a Bank

April 16: Close on the heels of the verdict from the Adjduicator of Tamil Nadu which imposed a liability on ICICI Bank for a Phishing fraud, TOI has reported a Consumer Court verdict from Mumbai in which the Court has held a Bank liable for a fraud in the Net Banking transactions of a customer Mr Nikhil Futan involving a loss of Rs 4.6 lakhs.  ..TOI article

It is however clear that the time has finally come for Banks to secure their e-Banking technology or else face the liability. So far Banks have not been reporting to any authority statistics of the number of Phishing and other e-fraud incidents reported to them and hence there is a lack of assessment of the gravity of the problem. It is time that RBI and CERT-IN works out a mechanism for the report of all Cyber Crimes affecting the Banks.

It is also necessary for SEBI to question ICICI Bank and other listed Banks if they have properly disclosed the Phishing risks in their Clause 49 declarations... More

ICICI Bank Phishing Case..comments

April 15: The article in the Internet Edition of Economic Times on 14th instant on the adjudication verdict regarding ICICI Bank phishing case has elicited several responses from the public. Some of these comments emanate from lack of facts and create a wrong impression in the minds of the public. Since it appears that further comments on the site have been closed, I am providing my reactions to the comments to the ET article here. Article in Statesman

My Comments to Reader's Comments in Economic Times

An Open Letter to IBA Chairman

April 14: Naavi invites IBA Chairman for a public debate on the Phishing Risks faced by Bank Customers in India and what is expected of the Banks as a positive reaction to the TN adjudicator's Landmark judgement of 12th April 2010.  More:  Also read :Land Mark Judgment in Phishing Case

Microsoft Outsourcing Contract to Infosys

In what could be considered as a major victory for the Indian Software and Outsourcing industry, it has been announced that Microsoft has outsourced its internal IT services--help desk, desk-side services, infrastructure and application support--to Indian outsourcing firm Infosys. For Infosys, managing Microsoft's internal IT gives it a high-profile customer and insight to using the latest technologies from the software giant. It is stated that Infosys will manage IT services for Microsoft employees worldwide and it is a part of  consolidation of services that were already outsourced to HP and others. Related Article

Phishing Victims see light at the end of the tunnel

April13: Phishing is an act of cheating against a Bank customer resulting in the cheater obtaining an electronic copy of the access signature which is then forged to take away the money lying to the credit of the customer. Banks facilitate the crime by following archaic security and authentication methods ignoring the law of the land and instructions of RBI. Now in the judgment of 12th April 2010 from the Adjudicator of Tamil Nadu in Umashankar Vs ICICI Bank in which ICICI Bank was found guilty under Section 43 of ITA 2000 read with Section 85 of the same act and the victim was ordered to be paid compensation by the Bank the victims of this fraud see a light at the end of the tunnel. Naavi.org has been repeatedly cautioning the Banking industry that neglecting the authentication mandate of ITA 2000 was accepting the legal risk in the transactions and they need to switch over to the use of digital signatures in their communication and Internet Banking. The judgment of Mr PWC Davidar, the adjudicator of Tamil Nadu provides a timely reminder to the Banking industry which is trying to leap into mobile Banking before understanding and mastering the Internet Banking risks.

We are informed that ICICI Bank  may appeal against the order. Article in Business Line  Related Article in ET : Article in Rupee Times : Article in stockwatch.in

Land Mark Judgment in Phishing Case

April 12: In a landmark judgment in India, delivered by Sri PWC Davidar, IAS, the Adjudicator of Tamil Nadu (also the IT Secretary) has passed an award for payment of Rs 12.85 lakhs to a petitioner who alleged a fraudulent withdrawal from his ICICI Bank account. This is the first case on "Phishing" going for adjudication in India. The judgement has asserted the jurisdiction of the adjudicator in Phishing case, asserted the coverage of Section 43 for Phishing, and also the application of Section 85 of the Act making the Bank liabile for the fraud. ...More.. Copy of Judgement  Related Article in governancenow : Related Article in techgoss : Related Article in rediff.com

Call for Inclusion of Cyber Laws in Law Curriculum

While inaugurating the training programme on the Cyber Security and Cyber Law for Judicial Officers, organised by the Institute of Management in Government (IMG) here on Saturday, Justice Rajesh Tandon Cyber Appellate Tribunal chairman suggested that the Government should take the initiative to adopt a uniform policy to include the cyber laws as part of the law education in the country,  Justice Rajesh Tandon has said.     Related Article

Court Emphasizes Sec 65B certification of Electronic Evidence

THE DELHI High Court has directed all additional session judges of the district courts to be cautious while handling cases related to electronic records. Justice Pradeep Nandarajog observed recently that  " We have repeatedly noticed that additional sessions judges are exhibiting computer- generated print outs on statements of the investigating officer that he obtained them from a particular source, without complying with the mandate of Section 65 B of the Evidence Act . The Judge has passed this order recently after noticing that many trial courts had accepted electronic records merely on the statement of the investigating officer ( IO). The court was hearing an appeal by three men who had been convicted by a lower court of kidnapping a child for ransom. Related Article

Digital Will

It has been reported in TOI today that a businessman in Delhi has taken steps to write a will for his digital assets. The legal aspects of such a move was discussed earlier in October 2009.

Readers may note that we have two issues here. First is a Digital Will where the document has the characteristics of a will but expressed as an electronic document. This at present is not recognized by virtue of ITA 2008. Second is the physical will for a digital asset.This is possible if an “Electronic Document” or a “Password” or “Files in Electronic form either in a computer or on the Web” is recognized as an asset. If so there is a need for discussion on whether the asset is “Movable”or “Immovable” or a new vareity which may be called “Virtual Assets”.

Naavi firmly believes that there is a scope for a separate legislation on “Inheritance of Virtual Assets” on the lines of Transfer of Property act or Indian succession Act or a combination of both. It is interesting that at least one citizen has raised this issue and caught the attention of the media.I trust that the Government of India, Ministry of Information Technology, constitutes a suitable taskforce to discuss all aspects regarding defining of virtual asset, its ownership, transferability etc.: Earlier Article

Is PDS worth Scrapping?

April 2: An interesting debate has been raised by the Jago Party about the feasibility and desirability of abolishing the current Public Distribution System. The key to implementation of the suggestion lies in appropriate e-Governance solutions being developed whether to retain the existing system or to introduce a new system. Since use of technology for public benefit is close to my heart, I am raising some of the issues associated with this suggestion... More

Can Section 66A of ITA 2008 be used for "Defamation on the Internet"

April 1: "Defamation" is an important legal issue that arises often on the Internet. In India, so far defamation was being covered in law under Section 499 of IPC which can be extended to Internet speech or documents. ...After the ITA 2008 was notified with effect from October 27, 2009, Section 66A has often been cited as a new provision regarding "Defamation in electronic form".

Perhaps it would take a few more years for the opinion on these matters to crystallize. Until then Naavi.org advocates that it may be left to the choice of the complainant to invoke either 66A of ITA 2008 or Sec 499 of IPC and not both and if it is intended that the case is pursued both on criminal front and the civil front, the civil claim may be pursued with the Adjudicator while a Cyber Crime complaint may be lodged with the Police for appropriate action on the criminal front...More

[The above opinion is presented only for academic debate and comments for publication or otherwise are welcome by e-mail at naavi@vsnl.com]

---

 

Naavi.org is India's premier portal on Cyber Law. It is not only an information portal containing information on several aspects concerning Information Technology Law in India but also represents the focal point of several services around Cyber Law carried on by Naavi.

The first such service is the Cyber Law College a virtual Cyber Law education center in India which provides various courses on Cyber Law.

The second key service is the Cyber Evidence Archival center which provides a key service to help administration of   justice in Cyber Crime cases.

The third key service is the domain name look-alikes dispute resolution service which provides a unique solution for websites with similar looking domain names to co exist.

The fourth key service is the online mediation and arbitration service another unique global service.

The fifth key service is the CyLawCom service which represents the Cyber Law Compliance related education, audit and implementation assistance service.

Additionally, Naavi.org is in the process of development of four sub organizations namely the Digital Society Foundation, Naavi.net, International Cyber Law Research Center and Cyber Crime Complaints and Resolution Assistance Center. Digital Society Foundation is a Trust formed with the objective of representing the voice of Netizens in various fora and work like an NGO to protect their interests. Naavi.net is meant to develop a collaborative distributed network of LPO consultants. International Cyber Law Research Center would support research in Cyber Laws and Cyber Crime Complaints and Resolution Assistance Center would try to provide some support to victims of Cyber Crimes.

Together, Naavi.org represents a "Cyber Law Vision" that goes beyond being a mere portal. Started in 1997, when the concept of Cyber Law was new across the globe, consistent efforts over the last decade has brought Naavi.org to the beginning of "Phase 2" in which the services are ready to reach out to a larger section. This is recognized as the phase of collaborations and growth by association. Naavi.org will therefore be entering into a series of associations to develop each dimension of its vision with an appropriate partner. Individuals, Organizations and Commercial houses which have synergistic relationship with the activities of Naavi.org are welcome to join hands in commercial and non commercial projects of Naavi.org.

Naavi

---

Add Your Comments Here

---

If you would like to know  more about Naavi, the information is available here.

For Any Payments to be made to Naavi online :  Naavi_s Payment Center

RSS Subscription

BLOG POSTS