Let's Build a Responsible Cyber Society
14th Year in service of Netizens

Naavi's Payment
Chat Room


Contact Address
About Us



Keep A Watch On The Virus World

Badware watch

Scan Your Computer For Free..Thanks to Panda Software.

Cyber Law Forum
Privacy Policy, Editorial Policy & Disclaimer


Business Enquiries

RSS Subscription

[Valid RSS]


"This website is the Wikipedia of Indian Cyber Laws".. A Visitor's remark

G Gopalakrishna Working Group Report notified

May1:RBI has notified Banks on information security guidelines in e-Banking based on the G Gopalakrishna working group report. It would be interesting to analyze the RBI notification in comparison with the original report and its recommendations. Naavi.org would provide its views in due course. Copy of RBI Circular

Has MCIT issued the guidelines without proper evaluation?

April 30: I would like to bring to the notice of the Central Vigilance Commission and the Comptroller and Auditor General of India an apparent irregularity that needs investigation in the interest of the Country. The issue involves according to one estimation a decision proposed to be taken by the Ministry of communications and Information technology resulting in IT stake holders collectively spending Rs 700 crores immediately by a payment to a private party abroad just to know what is the law of Information security in India that applies to them. Stakeholders who want to comply with the law later may collectively be required to spend around Rs 30000 crores each year to follow the law as being notified and this commercial benefit is again going to private sector because of this notification.

There is a need therefore to stop the approval of the proposed notification until a national debate is undertaken in the matter and all stakeholders are convinced that there is no reason to suspect irregularity in the promotion of a commercial benefit of this magnitude....More

Draft Rules for Sec43A-79-cybercafes, finalized?

April 30: The draft rules proposed under ITA 2008 under sections 43A, 79 and for Cyber Cafes seems to have been finalized. Unfortunately the department seems to have stuck to its earlier version which was sent for public discussion and suggestions of the public seems to have been completely ignored. Naavi.org has been particularly critical about the adoption of ISO 27001 as the necessary and sufficient criteria for the compliance of "Reasonable Security Practices" which is considered incorrect since the framework is proprietary, not available in public domain without a cost and grossly inadequate. The department has accepted in a communication to Naavi that no study has been made by the department on the impact of adopting ISO 27001 as the statutorily approved framework and the financial implications of the same on the India as a country.

In the light of this admission, it is strange that the department has ignored the issues raised by Naavi (Ref: Is India selling itself out to ISO 27001?). :

Finalized rulesRelated Article in apargupta.com :

Banking Ombudsman Orders payment in Bank fraud case

April27: In another instance of a bank fraud involving unauthorized debit, on the advise of Banking ombudsman in Mumbai Punjab National Bank has refunded a sum of Rs 184980/- to the customer. The letter from the Bank requests the customer to drop/delist his complaint. It is not clear if the incident will reflect in the Banking Ombudsman's report or would be hidden from public as "Complaint withdrawn". We also need to wait and see if Punjab National Bank has reported this incident  in their annual report for the period ending March 31, 2011. If not, we need to check what is the RBI policy regarding report of such security breach incidents.

Indian Judiciary needs to Act differently

April 27: NY times has commented on the recent developments in India on Internet Censorship. The Center for Information Society, Bangalore recently published a list of 11 websites that have been blocked by the Government of India (See article). According to the report, instructions for blocking of the sites were issued by the CERT-IN based on some Court's judgments. What the report however fails to highlight is that some of these so called judgments based on which CERT-In passed the blocking orders were "interim orders" pending hearing of a complaint. At least in one case information is available to suggest that the defendant was not given due notice to appear and still the Court passed an interim order until next hearing that the site be blocked. It is observed that many advocates misuse the provision of "Interim orders" to get favourable judgements at least in the short term. The fault however lies in the system where judicial proceedings are generally delayed and any interim order is good enough for a few months and in some cases for a few years. It is necessary for the Chief Justice of India to look into each of the 11 cases referred to in the article of CIS and determine how many of them are after a due process of law.

IBA and RBI needs to take note of MCA Advice

April27: The Circular issued by Ministry of Company Affairs on the use of e-mails for outward communication such as AGM notices etc is a matter which needs to be taken note of by Banking institutions including the regulator such as RBI and the industry forum such as  IBA. The circular makes a direct reference to Section 5 of the ITA 2008 indicating the need for digital signatures to be used for authentication of e-mails. RBI initially in its Internet  Banking guidelines of June 14, 2001 had clearly mentioned that PKI based authentication systems must be adopted by Banks for its e-banking operations. Though this was not specific to whether digital signature should be used for e-mails or for account transactions, it was clear that wherever electronic documents need to be authenticated, PKI system as required under ITA 2000 was to be adopted, failing which Banks should assume the legal risk. However, since June 2001 to current date, RBI has not bothered to force the Banks from adopting digital signatures. Even after MCA made digital signatures mandatory for corporate returns and Income tax department for filing of tax returns, Banks continued to ignore this important aspect of law. IBA on the other hand appear to be silent on the issue that most Banks are openly flouting the RBI regulations. From our observations of the industry, one of the Country's leading Bankers and a leading private sector bank are stonewalling adoption of digital signatures in Banking. RBI seems to be incapable of meeting the resistance though it is illegal. IBA is part of the resistance itself since it is the body of the same Banks.

Industry observers are aware that there is a back room maneuvering going on at the highest levels to get administrative support  the non compliant methods of e-banking that is prevalent in India.

Naavi.org which is in the forefront of a crusade for better security for Bank customers in e-banking era, has time and again brought to the notice of the public, RBI, IBA, SEBI Ministries involved, Some of the Banks involved as well as the Cyber judiciary system that non adoption of digital signatures for banking transactions and e-mails is a serious non compliance issue. Excepting a part of the system, others are unmoved by the pleas of Naavi.org. It appears strange that Naavi is isolated in this concern for e-banking customers and no other institution appears even remotely as concerned as Naavi.

We therefore need a Citizen led movement to make the regulatory institutions to act. Naavi.org will start a new phase of "Building an Awareness about the need for  Cyber Law Compliance by Bankers" from 1st of May and would welcome any other  individual or organization that would like to join hands in this campaign to liberate Bank customers from the risks of E banking arising out of negligence of the Bankers. Watch out this space for the roll out of the campaign.

MCA advises use of e-mails for notices

April 26: As a part of compliance of section 53 of Indian Companies Act, Ministry of Company affairs has issued a circular that as a "Green initiative", e-mails can be used as a substitute for communication under certificate of positing. It is good that the government has realized the potential of e-mail at least now. It may however be necessary for the Government to clarify that e-mails are to be digitally signed. Article in CIOL :Circular

Dashworld reopens debate on Alternative Domain Name System

April 24: Alternative domain name systems that work outside the ICANN is the biggest challenge to the authority of ICANN to regulate the Internet name space. At the same time the logic of alternate domain name providers which supports a free Internet movement cannot be faulted. Alternate domain name management systems emerged way back in 2002 and earlier (See article: Is There an Alternative to ICANN?). Obviously there was a reported attempt to disable the alternate domain name systems through ISPs and US Government intervention. Afterwards there was a silence indicating that these efforts had fizzled out. Recently however dashworld.com has restarted the alternate domain movement. If this trend catches on, there will be a need to re-look at the current system of administration of domain names and particularly the law related to Cyber squatting and relevance of services such as lookalikes.in.

Clash of .xxx domains with New.net

April 24: By opening the registration of .xxx, ICANN has once again challenged Alternate domain name registration services such as New.net. Way back in 2002, the conflict started with ICANN issuing .biz TLDs which was already being used by the alternate domain name systems. Now .xxx is another clash point where all new registrants would be directly exposed to the risk of a domain name conflict with the registrants of .xxx with New.net. A serious thought has to be given to whether  ICANN needs to recognize the alternate domain name operators  and adopt an inclusive policy or pursue an apartheid system and keep them out.

Internet Governance Issues

April 22: Institute of Global Internet Governance & Advocacy (GIGA) is being inaugurated on 23rd instant at Hyderabad by Honourable Justice G.Raghuram, Judge, High Court of Andhra Pradesh. Dr V.C.Vivekanandan, Director of GIGA coordinates the activities of the Institute and discussing the various research and advocacy priorities of the Institute  and chart out an action agenda for the Institute.

Litigation Support Or Public Service?

April 21: Naavi has been engaged as Netizen activist for over a decade now. His earlier crusade against Savita Bahbhi.com is well known. For the last few years, Naavi's attention has been on protecting the interests of innocent Bank customers against frauds arising in the E-Banking sector. In pursuit of this, Naavi has offered consultancy for several cases. The objective of Naavi has been that innocent victims of Bank frauds are to be protected and Banks should improve their security. Unfortunately, commercial considerations always affect Information security whether in an SME or a huge Bank.  It is a natural tendency of every businessmen to make profits and cut costs.When an activist  opposes the establishment which is neglecting consumer interest,  the establishment looks upon the activist  as a trouble maker and tries its best to silence him if possible by various means. This is as much true of  Shanti Bhushans involved in the Anna Hazare initiative as of Naavi in his anti phishing initiative.

Presently Naavi has a role to play as an Activist trying to protect the larger society of Netizens from victimization by commercial interests. However some of the cases in which he is presently engaged with, are hindering his freedom of expression since Banks are trying to put a rein on his public service because the matters he may raise could technically be called sub-judice. Though all matters which are sub-judice donot become a contempt of court when reported in the public, it is not always easy to convince a Court about the nuances and this could create some practical issues in Naavi discharging his role as an Activist cum representative of a victim.  Though involvement in the  initial cases were necessary as an inertia breaker, there is a feeling that it may restrict Naavi's role in public service in the long run.  Since each of the cases often drags for over three years before culmination despite the legal limitation of 6 months in Adjudication and 6 months in CAT, some lawyers successfully reduce the fast courts into ordinary courts by seeking frequent adjournments. Because of these delays,  if Naavi is engaged in more of the litigation work, he will cease to be able to serve the society as a Netizen activist. This has raised the dilemma "Litigation support or Public service?"

RBI and IBA are two national level organizations which ought to take up the responsibility of making e-banking safer. However, one does not get the confidence that they would be capable of safeguarding the interests of the Customers of banks when there is a conflict with the interests of the Banks themselves. While IBA being a forum of Bankers and such an attitude is natural, the way RBI has so far handled the issue of security in the G Gopalakrishna working group fails to provide confidence that it will continue to be the protector of Bank customers. A reading of the industry developments at this stage indicate that a group of Bankers are actively working towards diluting the law of e-banking in India to protect the Banker's commercial interests against the public interest of the customers. It is possible that RBI may be supporting them. Soon there will be a request made to the Ministry of Information Technology for certain amendments to ITA 2008 to protect the Banker's interests though it may hurt the customer's interests.

It is felt therefore that a movement against a tendency to exploit Bank customers is required in India. Naavi is reminded of the late Sri M.R.Pai who served the bank depositors during the Seventies and Eighties working for their safety of their deposits.. We donot see any such visionary leaders around at present to protect the Bank customers in the e-Banking era. But we hope that just as an Anna Hazare movement emerged from no where to shake up the country, we will see  a movement emerge, to put an end to the exploitation of Bank customers.

Naavi would be happy to take active part in such a movement when it emerges.  In the light of the above, Naavi is considering the ways and means of completing the current assignments on Phishing and freeing himself to take part in such a movement. All those who want to be part of such movement to protect the e-banking customers from being exploited by the profit hungry bank establishments may contact naavi@vsnl.com. People who can take the mantle from Naavi and support phishing victims in various cities may also contact Naavi so that we can develop a network of public spirited activists all around the country who would help innocent victims of bank frauds in getting justice.


ICICI Bank settles with a Phishing victim Out of Court

April 20: It is reported that in one of the adjudication applications in Chennai, by Shri Jeevika Arasu Vs ICICI Bank, the Bank and the customer have come to an out of court settlement. A copy of the order from the Adjudicator in this regard is available here. On 20th April, ICICI Bank counsel who had to appear in the Cyber Appellate Tribunal in Delhi to argue the case against Mr S.Umashankar absented himself citing "Personal" reasons. While we donot know if there is any relation between his absence in Umashankar appeal case in Delhi and the reported compromise from the Bank in Chennai, it may be noted that after Dwarak Ethiraj case, Jeevika Arasu case is the second published compromise entered into by ICICI Bank in Chennai in respect of Phishing complaints. Hopefully the Bank is realizing the futility of fighting against its own customers. May God give them the wisdom to make it a regular practice so that the fruits of Umashankar's fight reaches many more customers.

US takes Suomoto action against Botnets

April16: US Department of Justice in association with Mirosoft is reported to have launched a major offensive against botnets.  Filing a Civil Complaint under the "John Doe" principle on unknown perpetrators, US attorney office has obtained search and seizure warrants and proceeding on an offensive.

We may note that the Adjudicators under ITA 2008 are also empowered to take such Suo Moto action when there are a large number of victims from an unknown perpetrator. This can not only apply in case of Virus and Botnet instances, but also on Phishing instances. It can also apply when there are a large number of Bank accounts known to be used for encashing Phishing proceeds.

We hope that a public spirited Adjudicator will launch such a proceeding.

Banking Ombudsman Orders payment

April 11: In another Bank fraud reported from Gurugaon where a customer had lost around Rs 6.6 lakhs by way of fraudulent withdrawal through ATM, the Banking Ombudsman has order the Bank to pay back the amount lost to the Customer. The order restores the amount lost but is silent on the interest.

Vigilance Cannot be dropped

April 9:It is good news that ultimately the Government of India has agreed to the formation of a drafting committee to draft an effective Lok Pal Bill. This is a victory for the people and could be as significant as the second independence movement. However, the stakes are so high for politicians that it is unthinkable that they would allow an easy passage of this Bill making it into a law and allow an independent person to head the Lok Pal. If appointments to key offices such as CVC and CEC could be politically influenced, the possibility of political mischief in the formation of Lokpal cannot be ruled out. It is necessary for the Civil Society to keep up the vigil and watch every movement of the Government and ensure that what has begun well also ends well.

Public Pressure Mounts on the Government

April 8: It appears that the public pressure is mounting on the Government that it should yield to the demand of the Anna Hazare lead movement to draft a Jan Lokpal bill including members of the Civil Society in the drafting committee. Hopefully by tomorrow the official notification is expected to be announced.

RTI Application on Websites blocked

April7: In a reply to an RTI application, DIT has indicated the list of websites blocked by it so far under the ITA 2000/8. We congratulate Mr Pranesh Prakash of Center for Internet Society for having taken this initiative.Details

Corruption is the biggest threat to India.. We need to join the fight

April 6: It is heartening to note that a movement is building around Mr Anna Hazare all over the country for  immediate action on Lok Pal bill. After the recent internet based movements in Egypt it is time for Netizens to express their solidarity to Mr Anna Hazare in whatever manner they can. The Government will have its hesitation and we cannot expect the it to take positive action unless there is enormous public pressure.. We may require a "Non Cooperation" movement with the Government to really make it think in the direction of involving the civil society in a bill on which the politicians have a direct vested interest.

There are some intellectuals who will have their own argument why prevention of corruption is not possible and it is necessary for common men to ensure that the movement is not derailed by such pseudo intellectuals. Corruption is a decease which corrupts the society and creates inequalities where there may be none. At a time when there is a scam a day the need for a systemic infrastructure to act as deterrence to corruption is the need of the hour. If we donot support some body who has started a movement which is important for the future of India, we will be failing in our duty to the nation. Let's therefore welcome the Anna initiative. For more information read here: Comparision of Lokpal bill drafts Govt Vs Civil Society : Also see: indiaagainstcorruption.org

Build Yourself an Anti Phishing Shield

April 4: It is observed that Phishing attacks are now appearing on many Indian Public Sector Banks which has a large population of customers who are not sufficiently net savvy. Though there is an increasing awareness of Phishing frauds, the number of frauds are expected to increase in the coming years. A Phishing crime network is under development which starts from opening Bank accounts with false ID, obtaining passwords of customers by various means, accessing accounts over internet and transferring money to fraud accounts and withdrawing through ATMs.

A new threat that emerges in this context is that some internal workers in Banks (which includes temporary workers who work in marketing as well as employees of outsource partners) may use the cover of Phishing attacks and commit frauds of their own. The modus operandi would be to send a Phishing mail to targeted customers whose passwords have already been obtained by some means and then access the account. If there is any objection from the customer he would be confronted with the fact of receiving the Phishing mail and forced to believe that he might have answered the same and therefore should bear the liability.

Though this can be challenged, it is a painful and long drawn process. Since most of the evidences that can defend the victim are available only with the Bank and not with the victim and the e-discovery process is relatively unexplored, there is a need for Bank customers who receive phishing mails to build their own shield against being unfairly held liable for an internal fraud.

In order to provide some sort of a shield for such employee assisted phishing frauds, CEAC has launched two services namely CEAC-ITN (Identity Theft Notice) which is a free service for reporting such events to a trusted third party and CEAC-VPN( Virtual Public Notice) which is a paid service. Though it is not yet clear if this would be considered by Courts as an effective alibi for the registrant, it is considered a good step towards building a legal shield against being unfairly treated by Banks in the unfortunate event of a phishing attack. Details

Data mining of Health Information leads to legal suits

April 3: A national drug-store chain Walgreen co in California has been accused of having unlawfully benefitted from the information of its customers. In what could be considered as a suit that can hurt the data mining industry in general, the dispute is over "de-identified prescription" information which the store chain has allowed to be used by medical companies.  It is charged that the "information" on which the store has made a commercial gain belongs to the patients and that it cannot be commercially exploited by the store. Related Story 1 : Related Story2 : Related Story3

Cignet Fine sends HIPAA concerns soaring

April3 : The OCR's decision to fine Cignet a total of US $4.3 million has sent alarm bells in the healthcare industry  in USA on the consequences of non compliance of HIPAA. This was the first time the new HITECH Act penalty schedule was applied. It is said that Cignet violated the rights of 41 patients when it denied them access to their medical records and also not cooperated with the OCR in its investigations. It was considered as a "Wilful Neglect" not corrected within 30 days. Details



PR Syndicate honours 'Cyber Law Guru of India', Na.Vijayashankar

PR Syndicate, (an organization of Corporate PR Professionals in Chennai,)  celebrated its First Anniversary on 20th January 2007 at Russian Cultural Centre. On the occasion, "Award of Excellence in Public Life"  was presented to 'Cyber Law Guru of India' Na.Vijayashankar...More


  What is Naavi.org?

Naavi.org is India's premier portal on Cyber Law. It is not only an information portal containing information on several aspects concerning Information Technology Law in India but also represents the focal point of several services around Cyber Law carried on by Naavi.

The first such service is the Cyber Law College a virtual Cyber Law education center in India which provides various courses on Cyber Law.

The second key service is the Cyber Evidence Archival center which provides a key service to help administration of   justice in Cyber Crime cases.

The third key service is the domain name look-alikes dispute resolution service which provides a unique solution for websites with similar looking domain names to co exist.

The fourth key service is the online mediation and arbitration service another unique global service.

The fifth key service is the CyLawCom service which represents the Cyber Law Compliance related education, audit and implementation assistance service.

Additionally, Naavi.org is in the process of development of four sub organizations namely the Digital Society Foundation, Naavi.net, International Cyber Law Research Center and Cyber Crime Complaints and Resolution Assistance Center. Digital Society Foundation is a Trust formed with the objective of representing the voice of Netizens in various fora and work like an NGO to protect their interests. Naavi.net is meant to develop a collaborative distributed network of LPO consultants. International Cyber Law Research Center would support research in Cyber Laws and Cyber Crime Complaints and Resolution Assistance Center would try to provide some support to victims of Cyber Crimes.

Together, Naavi.org represents a "Cyber Law Vision" that goes beyond being a mere portal. Started in 1997, when the concept of Cyber Law was new across the globe, consistent efforts over the last decade has brought Naavi.org to the beginning of "Phase 2" in which the services are ready to reach out to a larger section. This is recognized as the phase of collaborations and growth by association. Naavi.org will therefore be entering into a series of associations to develop each dimension of its vision with an appropriate partner. Individuals, Organizations and Commercial houses which have synergistic relationship with the activities of Naavi.org are welcome to join hands in commercial and non commercial projects of Naavi.org.


If you would like to know  more about Naavi, the information is available here.

For Any Payments to be made to Naavi online :  Naavi_s Payment Center

[Valid RSS]

RSS Subscription





Search Naavi.org

Deep Links

ITA 2008

ITA 2000- Rules

Archived News



Cyber Evidence Archival Center



Legal BPO


Public Service

Cyber Law College

Digital Society Foundation






Reference Sites

Global Cyber Law Resouces

Legal Information

Cyberlaw Stanford


Law & Tech Blog



Cyber Frauds

Cyber Crime Cases

Cyber Crime cases2


Bank Frauds Forum


Consumer Forum

Consumer Forum-2




Safe surfing






CAT Website

List of AOs


Misc Naavi Initiatives

Naavi Cricket Rating

Cyber Democracy




Personal Links

Daily News

Daily Horoscope