Let's Build a Responsible Cyber Society
14th Year in service of Netizens

Contact Address
About Us



Naavi's Payment
Chat Room


Keep A Watch On The Virus World

Badware watch

Scan Your Computer For Free..Thanks to Panda Software.

Cyber Law Forum
Privacy Policy, Editorial Policy & Disclaimer


Business Enquiries

RSS Subscription

[Valid RSS]


"This website is the Wikipedia of Indian Cyber Laws".. A Visitor's remark

"Watch This Site as a Daily Habit. It may save careers".. A Banker's remark as an advise to fellow Bankers

An Open Letter to Mr Kapil Sibal

July31: ..It was good to hear in your interview on Head Lines Today where you stated that there are no pending files in your Ministry...For the last few months, I have been reminding DIT that a decision on the appointment of the Presiding Officer of Cyber Appellate Tribunal in place of Justice Sri Rajesh Tandon who retired on June 30, 2011 was pending. My understanding is that this file is pending on your table for a long time... Complete Letter

New Draft of ESD Bill released

July30: A new version of the draft of the proposed Electronic Services Delivery Bill has been released by GOI. This appears to the final draft which may be tabled in the Parliament in the next session. Copy of the revised Bill

SpyEye Poses new threats to Online Banking

July30: Information security professionals in Banking industry are aware of the havoc that malicious codes such as Zeus can cause in the Online Banking security. When a computer is infected by Zeus v3 it waits until user connects to his online banking account then it hijacks the online banking session. This trojan checks if a customer has more than 800 pounds in their account, then it gets to work.

Now another malicious code "SpyEye" poses  similar risks where the malicious code executes its own transactions while the customer of the Bank is logged in. SpyEye is a botnet with a network of command-and-control servers hosted around the world.Some experts indicate that Zeus and SpyEye capabilities have been merged to create an even more formidable malicious code.

In the light of  these threats, the Banking system need to re-evaluate their security measures as a part of "Due-Diligence" and initiate appropriate counter measures to meet the SpyEye risks.

Indian Bankers who are riding on Customer-Bullying tactics to hoist cyber crime liabilities on the customers need to take note that RBI under the implementation of the GGWG recommendations will be keenly monitoring the measures initiated by the Banks as recommended under the committee's report. Related Article: Banking Risks on Zeus-SpyEye merger

Proposed HIPAA Disclosure Rule meets with stiff opposition

July30: The proposed rule whereby Covered Entities and Business Associates are required to provide certain collateral information regarding disclosures made under the Act to data owners when called for has created a huge stir in the US market. The "Disclosure Accounting Rule" provides that it is a right of the information owner to demand to know the particulars of disclosures made if any by a covered entity or a Business Associate. This requires recording, archiving and disclosing when required information on who accessed the information though permitted by HIPAA or otherwise unauthorized. Compliance of the rule requires changes to be made to the software and certain costs. In a recent survey conducted to elicit the response of the stakeholders it has been reported that a substantial number of respondents felt that the rule is impractical. It is however unlikely that the Government may yield to the pressure of the lobbyists. Related Report : Earlier Comment in Naavi.org: Third Invasion of HIPAA into India will be like a Tsunami attack

Paper Trail test on EVM Unsuccessful

July 30: It has been reported that a test on the process of paper trail being captured for electronic voting system conducted in Delhi has not produced satisfactory results. According to a report which has appeared in thevotingnews.com. it was found that substantial number of electronic votes did not have corresponding paper trail recordings.

It may be noted that Naavi has longtime back expressed the view that the current EVMs are not Cyber Law Compliant. He has also indicated how they can be made Cyber Law Compliant. The solution that has been proposed by Naavi was offered by the inventor who had filed a patent application to the Election Commission also. However at that time the Election commission did not show any interest. It is high time that the design suggested by Naavi is given a fair consideration since it not only provides for a trail being created, it also ensures confidentiality and legal compliance.

Related Articles: Solution to EVM Controversy : EVM Controversy  PIL Filed on Electronic Voting System Clarifications on Cyber Law Compliancy of EVMs : Cyber Law Compliancy and Electronic Voting: Remote Controlling EVM Ė Manufacturing Election Result

Banker's meet on Information Security

July29: Indian Bank Association held its second annual information security seminar in Taj President Mumbai today. The event attended widely by the Banking community discussed several issues on information security relevant to the Bankers. Mr G.Padmanabhan, Deputy Governor of RBI who inaugurated the program highlighted the steps taken by RBI in recent days to improve the security of Banking transactions in the electronic platform and urged the Banks to increase their security measures and also take steps at educating customers. Naavi speaking in a panel highlighted the legal issues of Information Security as proposed in the G.Gopalakrishna Working Group committee report and why use of digital signatures and encryption of SMS messages have become a TINA factor in E-Banking.

Speech of Mr Padmanabhan : Webcast Link : Naavi's Speech (Time: 19.20 to 35.20)

Single KYC for Financial Sector

July 25: Recognizing the inability of Banks to fulfill the KYC obligations in proper form, the Financial Stability Development Council (FSDC) has recommended consideration of a common KYC approach which is more stringent than the present KYC which individual banks seem to be adopting. At a time when UID is also accelerating its identity program the proposal appears to be an industry attempt which may overlap with the UID. Unless the system that the FSDC recommends would be structured differently to suit the Banking needs, there is a likelyhood that the suggested system may turn out to be superfluous. Presently many Banks have considered KYC to be a replacement of the system of Introduction which Banking law and practice suggested under Section 131 of NI Act. RBI has repeatedly stated that Introduction is required even when KYC verification through the Telephone Bill/PAN card etc is done. FSDC needs to ensure the differentiation between UID and the new KYC if there has to be relevance to the suggestion. Related Article

Will for Digital Assets

July25: Making a will is a recommended process for transferring one's self acquired assets or one's portion of an ancestral property which has been bequeathed in an intestate process. Doubts often arise when the asset involved is a "Digital Asset". According to ITA 2008, Will cannot be written in the form of an electronic document. However there is no bar on recognizing a digital asset as a property and including it in a Will in paper form. Related Article

Rs 168 crore damage claimed for data theft charge

July 25:  In what is likely to be a landmark case, Travelocity has claimed a damage of RS 168 crores against Cleartrip.com alleging wrongful benefits received due to data theft. The case has been filed in Mumbai High Court. The case relates to incidents in 2007 and hence ITA 2000 and not ITA 2008 would be applicable. The allegation is that some client information was passed on by an executive who later joined Cleartrip.com. The evidence involves some e-mails alleged to have been received by the employee during his tenure at Travelocity and recovered from the computers of Travelocity. This trial would put to test the efficacy of the forensic investigation report that would be submitted by the Police in their chargesheet. Report

When a Fraudster uses your name...

July 25: Often fraudsters  make use of genuine companies to convince their prospective customers in many ways. Here is an example of one of the phishing mails recently received in the name of the  Department of Homeland Security, US Government. It provides a list of persons who are supposed to have received parcels through two courier companies namely UPS and FEDEX along with the parcel numbers.

In a situation like this prospective victims would like to check the websites of the respective courier companies to confirm the statements made. If therefore these companies provide a prominent notice on their websites, it would be possible to warn the prospective victims. This is not only a public duty but also "Due Diligence" as an intermediary. They can also use a Cyber notice to advise the public that they are not involved in the scam. If this is neglected, it can be anticipated that in the next version of this scam, a link will be provided to a pseudo  fedex/ups tracking page where a positive tracking would be placed for the listed parcels to further convince the victims. Copy of the Phishing Mail

It was found that UPS does have a prominent page alerting the visitors about various frauds that may be conducted in their names. Hoever Fedex did not appear to have a similar public notice.

HIPAA Complaint Converted to Criminal Prosecution

July23: In a  first publicly known instance of a HIPAA complaint turning into a federal criminal prosecution, criminal charges  have been initiated against an osteopathic doctor for allegedly sharing a patientís protected health information with his employer. According to a statement from the federal prosecutors, Richard Alan Kaye of Suffolk, Va., allegedly provided a patientís employer with protected health information "under the false pretenses that the patient was a serious and imminent threat to the safety of the public, when in fact he knew that the patient was not such a threat.".. Report

Blocking of websites has never been so easy in India

July 23: It is reported that Reliance Big Pictures has obtained a Jon Doe order ( Against unknown parties) from a Delhi High Court  to block certain file sharing websites on the presumption that the site may be used for downloading pirated copies of the movie Singham. This is a speculative order and armed with the order the DOT appears to be blocking whatever file sharing site they seem to know off. It would be interesting to check the legality of this order at the Supreme Court. Report

Two Nigerians Sentenced to 7 years

July20: Two Nigerians were sentenced for 7 year imprisonment for online fraud under IPC in a Court in Mallappuram, Kerala. Report

Income Tax Department Shows the Way..How to respond to Phishing?

July 15:Phishing is an often discussed subject by Bankers and Cyber Security Professionals. We also discuss and debate what an organization do when its name is being impersonated and phishing frauds are taking place.

... it was interesting to observe today how Income Tax department has tried to handle customer information regarding the Phishing attacks in the name of the department. ..The steps taken by the department require complete appreciation and who ever was personally responsible for the introduction of these measures deserves commendation. ..More

OTP Compromised by Zeus Trojan

July15:  A new variant of Zeus trojan designed  is designed to steal One Time Passwords used by banks. The malware posses as a legitimate bankign security application called "Rapport" and intercepts all incoming SMS messages and forwards them to a remote server. Related Article

FFIEC Suggests Layered Security for Banks

July14: FFIEC (Federal Financial Institutions Examination Council), the US regulatory body for financial institutions has issued a supplementary "Authentication guideline" for Internet Banking environment. The note highlights the need for a layered security approach which includes risk detection aspects built into the authentication systems. Indian Banking systems suffer from Phishing frauds because neither the Banks  nor the software vendors like Infosys which supply the Finacle core Banking software incorporate the risk management principles. It is necessary for CISOs of banks to take a look at these guidelines and implement them along with what ITA 2008 and GGWG mandates. Copy of the guidance note

Due Diligence: Chairman of Banks in India

July13: Today two interesting news reports have appeared in the news papers.As an ex-Banker and presently a Techno Legal Information Security Consultant as well as a Netizen activist, however, my thoughts run in a different direction and I would like to point this out for the specific notice of the Chairman of various Banks in India.... More . Related report in DH : Related Report in HT

Writing Down the Password

July 13: Bankers often blame customers who write down their ATM Pin on the ATM card. When lost the thief has botht he card and the PIN so that he can use it effortlessly. While we can blame the ignorance of the "Mr Citizen" in this practice, it now transpires that one the Banks in Mumbai had written the code for disarming the night burglar alarm system next to the strong room. The thief pomtly used it to deactivate the alarm and complete the burglary. Who is to blame?.. The manager, all the staff in the branch?, the inspectors? ..the Bank's training system?..or the CEO?... A good case to say that ignorance and negligence is not limited to the "Aam admi" but also to the professional Bankers. Related Story

Why is Bloggernews.net still blocked in India?

July 13: It is difficult to understand why this site bloggernews.net remains blocked in India. Some time back one article written by me on this site was sought to be blocked with a Court order. It was related to a dispute between a company called E2labs in India and the owners of Zone-H.org. E2Labs had filed a defamation suit in a Court in Delhi and asked for an interim order to block the URL. Accordingly an order was made to block the specific URL http://www.bloggernews.net/124029

I would urge the honorable Delhi High Court to review its order since the order has become redundant. If the blocking of the entire site  is not authorised by the Court GOI, each of the ISPs who have caused the blocking are liable for "Denial of Access" and "Diminishing the Utility of a computer resource" which are offences under Section 66 of ITA 2008. The CEOs of the ISPs and the CTOs are liable for imprisonment. If the blocking is unauthorized under Sec 69/69A, there could also be punishment under this section. It would be interesting for the readers to make a search of bloggernews.net for the keyword "India" and identify which article could be the one which has offended the GOI. ...More

Third Invasion of HIPAA into India will be like a Tsunami attack

July 12: India is an important outsourcing partner for USA. There is a substantial stake for the Indian Companies in the developments in USA that may indirectly affect the outsourced business in India. ....Now yet another shake up is visible in the form of the proposed changes in the Privacy law which HHS has notified on May 31, 2011. The changes proposed which are presently under a public comment period is likely to hit Indian outsourcing industry like a Tsunami....more

Corporate India Summit on IT Security

July 12: Secpro 2011, an annual IT Security summit organized by NISPANA is going to be held in Bangalore on 21st and 22nd of July. Details of the summit are available here:

HIPAA Proposes New Rights to Individuals

July12: The proposed changes to HIPAA Privacy Rules suggested by HHS  adds e-discovery rights as part of the HIPAA Privacy rights to data subjects. Presently HIPAA provided a right to request for disclosure of ones own data  and there was also an obligation for the data processor to restrict access to data only to authorized persons. Now the data subject can request for "Accounting of Privacy Obligations" meaning that the data subject will have the right to request for information on who accessed his data etc. This is an innovative proposition which should be welcome by all those who respect the right of an individual to enforce privacy. This was already being included in the recommended security practice under Naavi's IISF-309, the security framework developed for ITA 2008 compliance in India as a best practice and now there is a legal precedence under HIPAA.

An Interesting Identity Misuse in USA

July 11: Here is an interesting case of identity misuse and its implications under HIPAA. A patient was operated for a heart problem in a hospital and died. His family sued the hospital for negligence. During the suit it was admitted by the family that the patient had checked in using his brother's name since there was an insurance in the name of the brother. Now the hospital will not get its insurance payment. The patient's family has to fight through the charge of fraud before its negligence case can be sustained. The Court will now decide if the dead man was in deed the insurance holder and if it decides so, the living brother would have suffered a death by proxy. When India starts depending on UID, we may also see such cases whenever a data entry clerk mistypes the UID number in a hospital admission register.  Related news

Company Law adoption of ITA 2008

July11: ITA 2000 was expected to usher in a "Digital Revolution" in India since it provided legal recognition to electronic documents  as well as the way of authenticating the electronic documents. Though Banking is one of the most digitized industries in India, we have been repeatedly pointing out the reluctance of the industry to absorb the provisions of ITA 2000/8 into the banking procedures. As a result unauthenticated transactions rule the e-Banking scenario and exposing the Banks and the Customers to various kinds of avoidable risks. RBI has not so far been able to force the Banks to adopt what is stated in the law as well as RBI's own guidance in the past. However the recent notification of Gopalakrishna Working group report may change the scenario since RBI has prescribed an elaborate implementation and accountability mechanism for adoption of security measures and legal obligations under ITA 2008.

In this context it is good to remember how the Ministry of Corporate Affairs has been repeatedly introducing and advising changes in Company Law and procedures to ensure the adoption of ITA 2000/8 principles in the day to day affairs of the company. Demat form of corporate securities existed even before ITA 2000 but since then MCA mandated digital signatures for submission of annual returns and brought around 10 lakh corproate directors under digital signature usage regime. Income Tax department followed with tax return submissions being enabled for digital signatures. Now MCA has also clarified that notices can be sent through digitally signed e-mails instead of certificate of posting (since discontinued by Postal department), annual reports can be sent in soft copy format, Board meetings can be held through video conferencing etc. Related Report in Hindu

Naavi has been one of the early adopters of these principles and has created services such as arbitration.in, ceac.in, cyber-notice.com etc to enable companies use electronic means of communication and governance. Hopefully the companies will now appreciate the value of these services and start using them either on their own or on an outsourcing basis.

DIT Ignores Public Interest Call

July11: It was pointed out through these columns that Cyber Appellate Tribunal (CAT) of India, which is an important judicial office connected with Cyber Crimes and contraventions under Information Technology Act 2000/8 has been deliberately allowed to remain without a head since 30th of June 2011.However it appears that the file remains with the DIT.I once again call upon the honourable minister Sri Kapil Sibal to devote five minutes of his time today the 11th july 2011 to pick up the file relating to the appointment of the Chairman of CAT and dispose it off in whatever manner he considers it fit. ..More

Responsibilities of Bankers under GGWG Recommendations

July9: RBI conducted a two day workshop on GGWG recommendations for senior executives of Banks at the College of Agricultural banking, Pune. The program which was the first such program from RBI after the new guidelines were issued on April 11th was widely attended. Naavi participating on the session on Legal issues highlighted the impact of ITA 2008 on the Banking industry as indicated in the GGWG. Mr G.S.Hegde, the legal advisor of RBI who was also part of the GGWG and Mr Kale, GM, RBI who is in charge of the Customer Services department of RBI also shared their views during the session. Copy of presentation made by Naavi on this occassion is available here. : Other articles

A New Service Launched

July 8, 2011: In continuation of the endeavour to introduce pioneering services to Netizens, Naavi has launched a new service from " www.Cyber-Notice.com  " to provide free and low cost option for notices to be placed in Cyber Space. The service is unique since the paid service comes with a CEAC certification as to the publication of the notice and the period for which the notice was available. Suggestions for improving the service are welcome. Bulk users who would like to register themselves for special rates and credit facilities may  contact the site administration... Visit the site here

Future of e-Banking in India

July3: Phishing frauds have become so common in Banks that they soon will not be considered as news worthy of discussion. Naavi has been in the forefront of a crusade against Bankers who have jumped into the e-Banking bandwagon throwing all caution to wind and making customers pay for the commercial greed of the Banks.

In order to end speculation in this regard, Naavi has now placed a request with the Governor of Reserve Bank of India that in three instances of known violation of RBI guidelines brought to their knowledge, RBI should penalize the respective branches of the bank by cancellation of branch licenses....More

Innocent Customer Suffers out of Bank's Negligence

July2: An ATM fraud involving a customer of Bank of India has been reported from Bangalore which indicates the distinct possibility of an ATM Card cloning  syndicate being in operation in Bangalore. In this reported incident, Canara Bank ATM was involved. It appears that the banking Ombudsman has informed the customer orally that he has received a satisfactory explanation from the Bank and may be unable to resolve the dispute.

When the customer is still holding the Card and the ATM Bank is unable to produce evidence in the form of CCTV that the customer has not himself withdrawn the amount it is surprising how the Banking Ombudsman can come to the conclusion that RBI direction has not been followed by either Bank of India or Canara Bank. RBI needs to take a closer look at the incident and needs to come up with a proper explanation for the decision of the Banking Ombudsman.

In a similar incident in Gurugaon under a complaint no BO Complaint No. 201011014004856, where money had been drawn from a customer's account in Axis bank through ATMs in some foreign countries, the Ombudsman had ordered that payment had to be made by the Bank which held the customer's account. There are also other instances where Banking Ombudsman have held Banks liable in Phishing cases also and some of these cases are reported in the Compendium of cases reported by RBI and it is not clear why the Banking Ombudsman in Bangalore should take a divergent view. There is also a case of Bank of India in Bangalore itself in the past where the Ombudsman intervened and settled a claim of Rs 29000/- to a phishing victim. RBI needs to ensure  consistency in the decisions of their officers acting as Ombudsman.  ...More

Related Report in Deccan Chronicle

Cookie Legislation in UK

July2: Explicit consent would be required by websites if they propose to track the website users according to  a law passed by UK.The law will be effective after a period of 1 year. This is a provision similar to what GOI has introduced through Sec 79 rules. Related Report

The Status of CAT

July 1, 2011: The term of the current Chairperson (Presiding officer)  of Cyber Appellate Tribunal (CAT), Justice Sri Rajesh Tandon expired yesterday the 30th June 2011 due to his attaining the age of superannuation. Unfortunately, the Government does not appear to have taken timely action either to appoint a substitute in place of Sri Tandon or to extend his term before his term expired.As a result CAT will technically be closed from today until a new incumbent assumes office. ..More

Demat Fraud in Delhi

July 1: Six persons have been arrested for a fraud in which the offenders hacked into a demat account and sold shares worth Rs 94 lakhs. The amount was transferred to a Bank account opened in the name of the share holder in ICICI Bank, Chandigarh. Yet another case of KYC negligence by the Bank. Going by the frequency of frauds occuring through ICICI Bank accounts it may be necessary for RBI to open a special division for conducting KYC inspections in ICICI Bank...provided RBI is serious on its obligations to AML Act. Related Story



PR Syndicate honours 'Cyber Law Guru of India', Na.Vijayashankar

PR Syndicate, (an organization of Corporate PR Professionals in Chennai,)  celebrated its First Anniversary on 20th January 2007 at Russian Cultural Centre. On the occasion, "Award of Excellence in Public Life"  was presented to 'Cyber Law Guru of India' Na.Vijayashankar...More


  What is Naavi.org?

Naavi.org is India's premier portal on Cyber Law. It is not only an information portal containing information on several aspects concerning Information Technology Law in India but also represents the focal point of several services around Cyber Law carried on by Naavi.

The first such service is the Cyber Law College a virtual Cyber Law education center in India which provides various courses on Cyber Law.

The second key service is the Cyber Evidence Archival center which provides a key service to help administration of   justice in Cyber Crime cases.

The third key service is the domain name look-alikes dispute resolution service which provides a unique solution for websites with similar looking domain names to co exist.

The fourth key service is the online mediation and arbitration service another unique global service.

The fifth key service is the CyLawCom service which represents the Cyber Law Compliance related education, audit and implementation assistance service.

Additionally, Naavi.org is in the process of development of four sub organizations namely the Digital Society Foundation, Naavi.net, International Cyber Law Research Center and Cyber Crime Complaints and Resolution Assistance Center. Digital Society Foundation is a Trust formed with the objective of representing the voice of Netizens in various fora and work like an NGO to protect their interests. Naavi.net is meant to develop a collaborative distributed network of LPO consultants. International Cyber Law Research Center would support research in Cyber Laws and Cyber Crime Complaints and Resolution Assistance Center would try to provide some support to victims of Cyber Crimes.

Together, Naavi.org represents a "Cyber Law Vision" that goes beyond being a mere portal. Started in 1997, when the concept of Cyber Law was new across the globe, consistent efforts over the last decade has brought Naavi.org to the beginning of "Phase 2" in which the services are ready to reach out to a larger section. This is recognized as the phase of collaborations and growth by association. Naavi.org will therefore be entering into a series of associations to develop each dimension of its vision with an appropriate partner. Individuals, Organizations and Commercial houses which have synergistic relationship with the activities of Naavi.org are welcome to join hands in commercial and non commercial projects of Naavi.org.


If you would like to know  more about Naavi, the information is available here.

For Any Payments to be made to Naavi online :  Naavi_s Payment Center

[Valid RSS]

RSS Subscription






Search Naavi.org

Deep Links

ITA 2008

ITA 2000- Rules

Archived News



Cyber Evidence Archival Center



Legal BPO


Public Service

Cyber Law College

Digital Society Foundation






Reference Sites

Global Cyber Law Resouces

Legal Information

Cyberlaw Stanford


Law & Tech Blog



Cyber Frauds

Cyber Crime Cases

Cyber Crime cases2


Bank Frauds Forum


Consumer Forum

Consumer Forum-2




Safe surfing






CAT Website

List of AOs


Misc Naavi Initiatives

Naavi Cricket Rating

Cyber Democracy




Personal Links

Daily News

Daily Horoscope