"This website is the Wikipedia of
Indian Cyber Laws".. A Visitor's remark
REQUEST
ON LINE MEETING
|
Comments on G Gopalakrishna Working Group Report
|
Bangalore Cyber Security Summit
2011, Bangalore, March 17th and 18th
Participation by Invitation. Limited Entries
Request for Invitation to be
sent here.
UIDAI will be liable for KYC failures
Jan 30: It has been reported that the UID will be used as a proof of
identity for telecom purpose. It means that UID will substitute the
responsibility of KYC obligations cast on mobile companies. While this
is good news for the mobile companies, the dependence of KYC on UID by a
DOT directive exposes UID to liabilities arising out of failure of
KYC. Mr Nandan has been stating that he is not worried about fraudulent
use of UID since it is tied with the biometric identification and one
biometric can be linked only with one UID. However, one fraudulent UID
can now be used for multiple fraudulent mobile connections which can be
used for various kinds of frauds. If for any reason, UID is
misused will make UIDAI liable for negligence. In all the Phishing cases
we are holding the Banks liable if the KYC on the fraudulent customer
fails. Now similar liability falls on UIDAI. The stakes for UIDAI
therefore goes up by several notches as Banks and mobile companies swear
by the UID for their KYC obligations. Hope Mr Nandan has explore the
consequences. Alternatively, if the Government tries to protect UIDAI
through legislation, there will be chaos with Phishing and Terrorist
crimes being committed with the misuse of UID and no body would be
responsible for negligence.
Related Article
Indian Version of Wiki leaks
Jan30: "Transparency" in public administration is a very
important aspect of Governance and Internet is one of the best tools of
such transparency. Wiki Leaks has contributed a lot in recent days to
disclose information which is of public interest but is inconvenient to
people in administration. In this context, we need to welcome emergence
of www.indianleaks.in which is
providing a platform for disclosure of certain public interest
documents. The effort is appreciable and hopefully it will get
contributions from public to make it useful. Responsibility for
maintaining such sites ofcourse is very high since there is always a
possibility of some unscrupulous persons sneaking in false documents.
Hence the site has to maintain an impeccable integrity and well planned
systems to ensure that the site is not misused. Even at the base
level, as a platform to present RTI information of public
interest, the site would serve an useful purpose. good wishes to the
creators.
Delhi State IT Act planned
Jan 28: It appears that the State of Delhi is considering a separate
legislation to enable implementation of certain IT projects in the City.
Though it is referred to as the "IT Act" in this report hope the State
will properly name the act so that public would not confuse with ITA
2000, or Income Tax Act. In case the intention is only to
introduce certain IT initiatives, it may be sufficient to issue
notification under Section 90 of ITA 2000 instead of a new Act. If the
new State Act tries to legislate on introduction of surveillance cameras
there is a possibility of a conflict with certain sections of ITA 2008.
Hopefully these have been taken into consideration.
Related Report
Data Privacy Day Celebrated
Jan28: Since 2009, US started a practice of celebrating January 28
as a "Data Privacy Day". Presently, Canada and 27 other EU countries
also were joining the celebrations. From 2011, India has also joined the
group of countries celebrating jan 28 as the "Data Privacy Day". On this
occasion, DSCI, Bangalore Chapter had organized a meeting at IIIT B
premises in which Naavi spoke on the importance of the day and shared
information on some of the latest developments in the Privacy front. Mr
Anurana Saluja, Infosys chaired the meeting and representatives from
different IT and non IT companies attended the meeting. A
copy of the
presentation made by Naavi on the occasion is found here.
Banks Active in Job Fraud Support
Jan27: After many cases of Phishing, where Banks are facing
liabilities, the next wave of liabilities would be on several Companies
and supporting banks who are involved in Job related Phishing. Despite
warnings from Naavi.org, Companies have not adopted use of authenticated
e-mails for sending out employment related communication to the
prospective employees. As a result it becomes easy for fraudsters to
send phishing mails and collect money from public on various excuses
holding out job promises. While the practice of using of unauthenticated
e-mails is the main cause of the fraud, the fact that the money
collected gets credited to the fraudsters accounts in various Banks and
later the fraudsters become untraceable opens up a charge against such
Banks of "negligence" through failure of KYC and consequent assistance
to the commission of fraud. In the recent case where a student in
Hyderabad filed a complaint, investigations by Police have revealed the
involvement of Banks such as SBI, ICICI Bank, Union Bank, Indian Bank,
Axis Bank, PNB etc. Companies whose names have been used for the fraud
include Tata Motors, Maruti Suzuki, Mahindra and Mahindra etc.
Related Article:
Lucknow Police file case against Facebook
Jan27: Lucknow Police have registered an FIR on Facebook for
carrying content under the group "I Hate Gandhi". Along with various
sections of IPC, the case has also been booked under Sec 66A of ITA
2008. The action of the Police needs to be appreciated since a
defamation act against a revered
figure like Mahatma Gandhi deserves to be condemned..
Related Story
Are Vested
Interests at Work to manipulate RBI ?
Jan 24: The GGWG was an exercise at revising the 10 year old report of the SR
Mittal Group which first addressed the requirements of the Internet
Banking Era. Compared to the task which was ahead of the Mittal Group,
GGWG was in a far more advantageous position since there was a decade
old experience on both technology as well as the legal aspects of
Technology Banking. ..
Not withstanding some good work reflected in the GGWG, it appears
that the GGWG could have done far better than what it has done. This is
more glaring in the chapters on Cyber Fraud and Legal Issues...
More :
Related Article in Techgoss
Delhi Police Files FIR under ITA 2008 for Cyber
Squatting
Jan24: In an interesting interpretation of
Sections 66 and 66A of ITA 2008, it appears that the Police have filed a
case against a person who had "Parked" a domain in the name of
pratibhapatil.com because the string of alphabets "pratibhapatil" can be
read like the name of the President of India. The report suggests that there
was no content in the website and it is unlikely that this case would be
seen with any respect from a Court of Law.
Related Report
Pune Police invoke Section 69 for interception
Jan23: Pune Police propose to seek powers from
Central Government to intercept the e-mail communications of all criminals
convicted of cognizable offences. The section was meant for temporary
interception and it is interesting to note that the Police appear to be
seeking to regularize the interception as a permanent feature.
Related Article
Maharashtra Adjudicator absolves Wife of Hacking
Jan 23: In an interesting case, a husband
complaining about his wife hacking into his account has appealed to CAT
against the order of the Adjudicator of Maharashtra absolving the wife of
the accusation. The point of debate is whether the husband shared the
password with the wife and hence her access was not "Unauthorized".
Allegation includes hacking of the husband's father's account also. It is
not clear if the defense "password shared voluntarily extends to the father
in law's account also. The incident comes under the purview of the ITA 2000
before the amendments of ITAA 2008 became effective..
Related Article
Cyber Crimes and
Adjudication
Jan 23: National Crimes Record Bureau (NCRB) has come out
with the
statistics of Cyber Crimes for the year 2009. Though the statistics
may not indicate the complete picture of the Cyber Crime scenario, in
the absence of better official statistics, it is to be considered as an
indication of the status atleast in reflecting the relative changes from
year to year.
A notable feature is that leaving aside Section
67 crimes, the 233 cases registered under Section 66 and 21 cases
registered under Section 65 should have resulted in financial losses to
some victims. In the normal course these 254 cases should have resulted
in Adjudication complaints to the State Adjudicators.
The gap between crimes registered and adjudication
applications filed indicates the acute ignorance amongst the victims about
the availability of the adjudication facility. At the same time, if
all eligible cases do get registered as adjudication complaint, the
Adjudicators would find it hard to meet the responsibilities due to shortage
of infrastructure...More
Carbon Trading becomes a Target of Phishing
Jan23: Though Phishing is normally associated with Banking, we have
observed in India that Phishing has been targetted at Income Tax clients
and many Job seekers. It is now reported that Carbon Trading has become
one of the latest targets of Phishing. The fraudsters seem to have
breached the security in the Carbon trading system and put through
fraudulent trade transactions. It is reported that emission certificates
worth Euros 28 million were stolen in the attack and the EU Emission
Trading System has suspended further trading pending resolution of the
problem. This is a warning signal for sock exchanges in India since
similar frauds may surface in share trading also. SEBI needs to study
the modus operandi of the Carbon Trading related Phishing and ensure
adequate security measures to secure the share trading transactions in
India.
Related article
Phishing Risks
under G Gopalakrishna Working Group Report
Jan 22: The GGWG has made the following comment on Phishing Risks in its report
"Of late there have been many instances of
'phishing' in the banking industry, posing a major threat to
customers availing internet banking facilities. Though Section 66D
of the amended IT Act could broadly be said to cover the offence of
phishing, the attempt to commit the act of phishing is not made
punishable. It is suggested that there is a need to specifically
provide for punishment for an attempt to phish as well, in order to
deter persons from attempting it"
I would however like to bring it to the notice of the
observers that this has been addressed in ITA 2008. Additionally, ITA 2008
makes Phishing liable for punishment under several sections other than 66D.
These observations are relevant to an analysis of Phishing cases in
future... More
Role of Adjudicators in Phishing Cases Reiterated
Jan 22: One of the important observations made y the G Gopalakrishna Working
Group in Electronic Banking is as follows.
"
The IT Act, 2000 as amended, exposes the banks to both
civil and criminal liability. The
civil liability could
consist of exposure to pay damages by way of compensation upto
Rs
5crore
under the amended Information Technology Act before the Adjudicating
Officer and beyond
Rs 5 crore in a
court of competent jurisdiction. The top management of banks could
also suffer exposure to criminal liability given the provisions of
Chapter XI of the amended Information Technology Act and the
exposure to criminal liability could consist of imprisonment for a
term which would extend from three years to life imprisonment, as
also a fine. Further, various computer related offences are
enumerated under various
provisions of the Act. "
The fact that the Umashankar Case has been vetted for Jurisdiction
purpose both at the Adjudicator's level as well as the Cyber Appellate
Tribunal Level is also another indication that the matter of
jurisdiction in respect of such cases is a settled fact in law.
Since
some IT Secretaries are not clear whether they can entertain
adjudication applications there
is a need for Cyber Appellate Tribunal and the Ministry of
Communications and Information Technology , GOI to start a dialogue with
the State Governments to find a proper mechanism by which the IT
Secretaries are provided with infrastructure, guidance and manpower support to
handle this additional responsibilities. ..More
RBI Working Group in Electronic Banking
January22: RBI released the report of the Working Group headed by
G.Gopalakrishna on Information Security in Banks. After the June 14, 2001
instructions on Internet Banking based on the then working group
report headed by S.R.Mittal, this report is another game changer in the
Banking industry. Naavi has been in the forefront of fighting for better
Information Security systems in Banks and the last year's landmark decision
of the TN Adjudicator was a critical development which prompted Banks to sit
up and take notice of their responsibilities. Now Banks have a more recent
guideline to follow in respect of the security requirements. Watch out for
more information in the impact of the Gopalakrishna report on the
information security issues in Banks.
Press Release:
Summary
of Report:
Full Report :
Cyber Law Status in Pakistan
January 10: According to this report from Pakistan it appears that
the ordinance on Cyber Crime which was prevalent since 2007 and commented on
this site at that time has lapsed in November 2009 and there has been no
action to renew the act so far. It is noticeable that at the same time ITA
2000 was amended in India Pakistan let the law lapse.
Related Article
Social Networking Sites Cast New Responsibilities
January 08: Social networking sites where people post several
personal experiences are causing a headache to drug companies in USA under
FDA regulations. The regulations expect companies to track adverse effect of
its drugs from any source of information. What is causing the problem is
when some information is found on a social networking site that "Such and
such a drug caused this effect" the company would be constrained to take
note. FDA is expected therefore to come up with a specific guideline on how
such information has to be handled.
Related article
Vicarious Liabilities in Citi Bank Fraud Case
January5: The Rs 400 crore investment related fraud in Citi Bank has
also raised the issue of vicarious liabilities of the CEO and Chairman of
the bank. The Police are right in including the names of the CEO and
Chairman in the FIR under the prima facie finding that their negligence
could have caused the loss. It is however open to the executives to defend
themselves that they had practiced due diligence and hence should be excused
from personal liability. This is the general principle of law including ITA
2008. This is not to imply that these executives were corrupt. It is only to
test if they were not negligent. Such a scrutiny is essential from the point
of view of Corporate Governance to examine what precautions are being
taken now and what needs to be taken in future to protect the investments of
the public.
Article in ET
Tapping of Mobile
Phones in Mumbai
January1:
The issue of mobile phone tapping has
been a matter of concern to the community particularly after the Nira Radia
issue. Here is an incident narrated by a journalist about a service provider
who provides such a service. Unfortunately, many techno savvy persons fail
to understand the difference between what is legal and illegal and end up
spoiling their otherwise fruitful career.
Article in Mumbaimirror
Status of Internet
Broadband in India
Dec 28:
The National Broadband Plan recommended
by TRAI has many interesting statistics regarding the growth of Internet
activity in India and its impact on the economy. According to the report the
Government has acknowledged a shortfall in realization of its broadband
goals in 2010. As against a targeted 20m users, the achievement has been
only 10.3 million users. This amounts to a penetration of 0.8% against a
tele-density of 60.99. The national broad band plan which includes setting
up of a wide optic fiber network envisages provision of 75 million broadband
connections by 2012 of which 17 million will be on DSL, 30 million on cable
and 28 million on wireless broadband. This is expected to further increase to
160 million by 2014. Next three years is therefore expected to be a golden
period for broadband connectivity in India.
Copy of
Report: Copy of Press
Release
IT Refund Fraud..
Department Should Act
Dec 24:
For some time it is reported that phishing mails in the name of the IT
department are being used for internet frauds.
Here is a sample of a mail sent
from one of the readers of naavi.org. The hyperlink included points to an
image website ovcghana.com. (Who
is information available here) Probably a trojan is embedded in the link
which could steal passwords. The mail is an "impersonation" and is an
offence under Section 66D of ITA 2008.
It is
now the responsibility of IT department to take action against the
impersonator by registering a complaint for investigation with the Police.
Silence amounts to facilitation of the fraud and possibly lead to vicarious
liabilities. An Adjudicator or a Police Authority may also take cognizance
of the presence of the mail and start an investigation.
The
who is information is protected under the notorious "Privacy Protection
Policy" of ICANN wih a service provider called Domains By Proxy Inc. Hence
action has to start with a demand for the name and address of the
registration from the proxy registrant failing which the proxy registrant
should be considered as an accomplice and case should be filed on the
company for recovery of compensation to the extent of a couple of million US
$.
I
hope IT department takes up the complaint in the interest of the general
public.
Quickheal Introduces
Laptop Theft identification services
Dec 17:
Quickheal which is one of the
indigenous manufacturers of anti virus software has introduced a free
service for tracking laptops through Mac identification. Presently the
service is available in select towns and is expected to be extended to other
cities soon. More
information
Law to enable
Electronic Surveillance
Dec 16:
India is considering an enactment to
make it mandatory for telecom service providers to enable surveillance by
the state as a security measure, on the lines of the US law "Communication
Assistance for Law Enforcement Act" (CALEA):
Report in ET
It may be recalled that when the
licensing
terms for "Landing Stations" were first released in India, they
contained similar provisions. Naavi.org had also commented on the same
through the article:
Landing
Station or Police Station?. These views expressed in 2000 before ITA
2000 became effective may require a review in the context of ITA 2000/ITA
2008 as well as the current global threat of terrorism. Probably the Supreme
Court views in the Nira Radia case may also throw some light on the judicial
acceptance of privacy invasion for security considerations.
Number Portability
Dec14:
Mobile number portability all over
India is scheduled to be introduced from 20th January 2011. According to
PIB press release, the request needs to be completed within 7 days and
cost not more than Rs 19. This much awaited facility should bring relief to
many mobile subscribers who are stuck with inefficient service providers.
There is one rumour that is floating in the market that there is a
systematic effort to destabilize BSNL so that its customers can migrate to
other service providers and this is behind the recent technical problems
that has surfaced in BSNL. Hope the top management of BSNL take steps to
dispel these doubts..
Nira Radia Tapes to
test Privacy Laws
Dec9:
The release of Nira Radia's tapes by
the media has opened an important debate on the Privacy laws in the country.
Now that Mr Ratan Tata has filed a petition at the Supreme Court, the scope
of Article 21 of the Constitution and need for separate legislation for
Privacy protection will come for review...
Related Article :
Also read cis-infis.org
The
Wikileaks has also created a stir in global circles by releasing documents
which are considered sensitive by different Governments opening up a debate
on what is the limit to which privacy invasion can go. (See
article)
Naavi.org has also raised issues arising out of Privacy protection of "Who
is" services and IP address hiding in e-mails which prevent quick
investigations of cyber crimes.
In
2006, the Government of India had introduced a Personal Privacy Protection
Bill (Details
here) which however did not get passed. Whenever a new legislation on
Privacy Protection is considered it is necessary that there are adequate
provisions whereby Privacy Protection Right does not become the tool for
criminals to hide.
US Considering XML
approach to EHR
Dec9:
In order to enable better health data
exchange between organizations, National Coordinator for Health IT and
Centers for Medicare and Medicaid services has started the process to
develop an XML based universal exchange language.
Report
Chinese Cyber Threats
Re Visited
Dec 5:
The wiki leaks expose has confirmed the
role of China as a Cyber War practitioner if ever a confirmation was
required. The Chinese hacker group which released the "Blaster" worm in 2003
is believed to have Government links which have shared the source code for
Windows OS.
Related Article.
The task now is to consider measures of
how to respond to the Chinese threats. In the light of Stuxnet type of
attacks and Manchurian Chips, the supply of computer/Telecommunication
hardware from China is the biggest source of security risk.
IISC led committee for security
certification of telecom equipments was set up for this purpose. Hope it
would take some measures that would help mitigate this China-hardware risk.
|
PR Syndicate honours
'Cyber Law Guru of India', Na.Vijayashankar
PR Syndicate, (an organization of Corporate PR Professionals in Chennai,) celebrated
its First Anniversary on 20th January 2007 at Russian Cultural Centre. On the
occasion, "Award of Excellence
in Public Life" was presented to 'Cyber Law Guru of India'
Na.Vijayashankar...More
|
What is Naavi.org?
Naavi.org is India's premier portal on Cyber Law. It is
not only an information portal containing information on several aspects
concerning Information Technology Law in India but also represents the focal
point of several services around Cyber Law carried on by Naavi.
The first such service is the Cyber Law College a virtual
Cyber Law education center in India which provides various courses on Cyber Law.
The second key service is the Cyber Evidence Archival
center which provides a key service to help administration of
justice in Cyber Crime cases.
The third key service is the domain name look-alikes
dispute resolution service which provides a unique solution for websites with
similar looking domain names to co exist.
The fourth key service is the online mediation and
arbitration service another unique global service.
The fifth key service is the CyLawCom service which
represents the Cyber Law Compliance related education, audit and implementation
assistance service.
Additionally, Naavi.org is in the process of development
of four sub organizations namely the Digital Society Foundation, Naavi.net,
International Cyber Law Research Center and Cyber Crime Complaints and
Resolution Assistance Center. Digital Society Foundation is a Trust formed with
the objective of representing the voice of Netizens in various fora and work
like an NGO to protect their interests. Naavi.net is meant to develop a
collaborative distributed network of LPO consultants. International Cyber Law
Research Center would support research in Cyber Laws and Cyber Crime Complaints
and Resolution Assistance Center would try to provide some support to victims of
Cyber Crimes.
Together, Naavi.org represents a "Cyber Law Vision" that
goes beyond being a mere portal. Started in 1997, when the concept of Cyber Law
was new across the globe, consistent efforts over the last decade has brought
Naavi.org to the beginning of "Phase 2" in which the services are ready to reach
out to a larger section. This is recognized as the phase of collaborations and
growth by association. Naavi.org will therefore be entering into a series of
associations to develop each dimension of its vision with an appropriate
partner. Individuals, Organizations and Commercial houses which have synergistic
relationship with the activities of Naavi.org are welcome to join hands in
commercial and non commercial projects of Naavi.org.
Naavi
If you would like to know
more about Naavi, the information is available
here.
For Any Payments to be made to
Naavi online :
Naavi_s Payment Center
![[Valid RSS]](http://www.naavi.org/image/valid-rss.png "Validate my RSS feed")
RSS
Subscription
BLOG POSTS
***