Let's Build a Responsible Cyber Society
14th Year in service of Netizens

Contact Address
About Us



Naavi's Payment
Chat Room


Keep A Watch On The Virus World

Badware watch

Scan Your Computer For Free..Thanks to Panda Software.

Cyber Law Forum
Privacy Policy, Editorial Policy & Disclaimer


Business Enquiries

RSS Subscription

[Valid RSS]


"This website is the Wikipedia of Indian Cyber Laws".. A Visitor's remark

"Watch This Site as a Daily Habit. It may save careers".. A Banker's remark as an advise to fellow Bankers

Content Removal Requests from Government..

June 29: Google Transparency has reported a 67 % increase in the requests from Government of India for content removal from Google controlled sites in the current year. Requests have come from Courts, Police and the Government agencies. Related report in techgoss

GOI owes an Explanation to Public

June 23: The decision of the GOI to engage the services of Huawei, China to set up a security lab in Bangalore in association with IISc is a decision which baffles every observer of Information security. When one peruses the Wikipedia posting on Huawei, we come across the following posts:

"In October 2009, Indian Department of Telecommunications reportedly requested national telecom operators to "self-regulate" the use of Chinese-made equipment (including ZTE and Huawei), quoting security concerns. Earlier, in 2005, Huawei was blocked from supplying equipment to India's national network BSNL.In 2010, Indian security intelligence (CBI) insisted on canceling the rest of the Huawei contract with BSNL and pressed charges against several top BSNL officers regarding their "doubtful integrity and dubious links with Chinese firms". In April 2010, Sistema Shyam Teleservices Ltd., the Indian unit of Russia's AFK Sistema, didn't get clearance to buy Huawei equipment.

In May 2010, security agencies in India became suspicious of Chinese Huawei employees after learning that part of Huawei's Bangalore R&D office building is off limits to Indians. The intelligence agencies also noted how Chinese employees of Huawei keep extending their stay in Bangalore for months on end. When security agencies launched an investigation to probe the purpose behind these long-drawn business trips by the Chinese staff of Huawei to Bangalore, they were told that the Chinese were staying on to learn and master English in India."

Despite such knowledge if Indian Government first released the ban on Huawei for supply of equipments and now goes one step ahead and makes them the security partner for the country, it is difficult to understand the thinking behind the decision.

China Intrudes into Indian Cyber Security System

June 23: India is aware through years of its existence that China is one of the most cunning and a powerful neighbor with global ambitions. China is like Lion and a Fox rolled into one. To trust China and devise national security strategies is nothing short of committing harakiri. This is what Indian Government seems to be heading for. It is reported that  Indian Government has taken a decision to let the Chinese Company  Huawei be their partner for securing the security of systems used by telecom companies. Huawei being a major supplier itself and China being one of the biggest global threats to Cyber Security, the decision appears to be a complete compromise of the Indian Cyber Security system. It can also mean that after some efforts, the Indian scientific community including IISC have expressed their inability to find out the vulnerabilities by themselves and need Chinese help in this regard. Perhaps now we can consider appointing ISI as our National Consultant for Counter terrorism measures!. Related report in ET

Google Street View Blocked

June 23: It is reported that Bangalore Police has stopped the Google Street View project in the name of national security. Since the recording was only of what is viewable from a public space, the privacy arguments are weak. As far as security, terrorists only need the contours of a place which could be their targets rather than the details. While Street view can be of assistance in their recce, it is not a risk grave enough to require the extreme action. Probably the decision needs a debate and review. If Google had been a Chinese Company perhaps it would be easier for them to get security clearances!. Report


COS suggests Privacy Bill

June 22: The Committee of Secretaries (COS) of the GOI is reported to have taken a decision to introduce a "Right to Privacy Bill" applicable for all individuals living in India whether they are Indian Citizens or not. Presently ITA 2008 itself has provisions under Sec 43A which provide for privacy protection. Hence this bill is redundant. It appears that the Bill is meant more for defining how certain agencies can be authorized access of privacy information. It is indicated that  Insurance Companies can access health information, Employers may get access to Bank data. Additionally telephone interception would be authorized and intelligence will have access anyway. It is also stated that the CAT constituted under ITA 2008 will be the appellate authority under the Bill. This requires an amendment of ITA 2008. Further CAT at present and is likely to be headless after June 30. Under the circumstances the proposition of COS seems to be impractical.

Advocates frustrate CAT sitting in Chennai

June 21: ITA 2000/8 envisaged that the  dispute resolution mechanism under the Act would be a model judiciary system  and render quick and economic justice to public who are victims of Cyber Crimes.  But the advocates representing litigants are often found to be adopting tactics that are meant only to delay things.. More.

How IT Act is misused

June 21: Here is an interesting account of how IT Act has been misused for internet censorship. It is found that some advocates specialize in obtaining interim orders which amount to a relief (punishment to the counter party) without any substantive case in their favour. The trick is to file an application in an appropriate court. Most Courts donot dismiss a petition on the spot even if it is absurd or ridiculous. They simply issue notice to the other party returnable after two or three weeks. In the meantime the petitioner requests for interim order such as stay on the publication. Court agrees on an ex-parte basis since it is only an interim relief. Then the petitioner uses his other tricks to see that the case is not heard for some time. If the respondent appears he is given time of another three or four weeks to respond. Even if he responds immediately, the petitioner will seek time to file a counter. Then he will ensure that the counsel seeks adjournments one after another on various grounds including that the counsel has to go on vacation, he is seriously ill, he has to attend another court etc. Adjournments may continue until the judge gets tired. In the meantime the interim order will provide a relief.  The case of Kochar Vs Legally India represents one such case.  Article

Bank Websites insecure

June 21: Security experts have found vulnerabilities in many Bank websites including ICICI Bank and HDFC Bank. Article

Cloning of Debit Cards in Ranchi

June20: A group of youngsters selling car wash accessories in a Petrol Bunk costing Rs 280/- for a mere Rs 30/- were found to be insisting on payment by debit cards. It was found that they were later cloning the debit cards and withdrawing money from the Bank.  Police have registered an FIR and arrested a few persons. Article in TOI

Centaur Hotels in violation of Sec 43A

June 19: A report in bangaloreaviation.com indicates that authorities in Centaur Hotels New Delhi under the management of Air India has a practice of loading scanned passport and credit card information of customers on a public website. Out of the two, Credit Card information is considered as "Sensitive Personal Information" under Sec 43A and requires to be protected with "Reasonable Security Practices". It is clear from the report that the information is in unencrypted form and in a public server. This is a violation of the Sec 43A rules and exposes the Company to liabilities. Though the liability arises only on a victim claiming a damage, it is a "Risk" for which the company needs to provide for under corporate governance requirements. It is however considered under the law that the passport information is not "Sensitive Personal Information". The rules have been deficient in this respect since passport is today the most important identity document for an individual and if duplicated can be a cause of many other identity theft related frauds.  It is understood that the page has since been taken down. However this underscores the need for IT managers being trained in techno legal information security. The article

USA Court Also holds Bank liable for Phishing

June18: When the adjudicator of Tamil Nadu decided in the S. Umashankar Vs ICICI Bank case in favour of the victim of Phishing, several Banks were upset. Their contention was that they have the right to introduce any technology but they will not take absolute responsibility for frauds despite law and RBI regulation being in favour of the victim customer.

Earlier to this verdict, there was one German Court decision also in the same light holding the Bank liable for Phishing. Now even a Michigan Court has given a similar verdict.

Banks in India who want to ignore ITA 2000/8 law on use of digital signatures or RBI's Internet Banking guidelines and are fighting to hold the victim of a phishing to be made liable are slowly losing ground. After the G Gopalakrishna working group committee report, notified on April 29, 2011, it appears that the last hope of the Banks that RBI will come to their assistance is also lost.

It is time for Banks to upgrade their techno legal security system as suggested by the Gopalakrishna working group rather than living in the false hope that they can avoid liabilities through protracted legal wrangles.

Banks must now focus on the October 31, 2011 deadline for their new IS policy to avoid further accusations of "Negligence".

 Related eport in Computerworld

More Opposition builds up for IT Rules

June18: The recent IT rules on Intermediaries and Cyber Cafes have attracted criticisms from several quarters. While Cyber Cafe regulations have been criticized for lack of concern for Privacy and the impractical nature of the regulations, the Intermediary guidelines have been criticized for the possibility that it would stifle  free speech. Here is a good article on the subject

First Adjudication Application in Karnataka filed

June14: After a prolonged wait, the first Adjudication application in Karnataka has been accepted by the IT Secretary. The complaint has been filed by a customer of ICICI Bank who has suffered a loss through unauthorized access to his account.

Tata Docomo Releases blocking of BloggersNews.net

June14: After several rounds of follow up it appears that Tata Docomo has removed the blocking on www.bloggernews.net. It was pointed out to the company that blocking of a website without appropriate sanction amounts to contravention of Section 69A of ITA 2008 and makes the company officials liable for imprisonment. Company has finally removed the block.

Early Aadhar Holder is a SIMI Activist

June12: Even before the UID scheme is to take off it is learnt that a SIMI activist has been one of the early holders of an Aadhar Card in a fictitious name. Close on the heels of the report of theft of two laptops containing UID data, this report nails the claim of the Government that the security of the system has been taken care of. Despite being warned, Sri Nandan Nilekani has always maintained that the UID scheme cannot be misused as a security threat. Unfortunately his confidence has been proved incorrect. It is therefore necessary that at least now, UIDAI reviews its systems and ensures that national security is not compromised. Related Report.

P W C Davidar Honoured

June11: Cyber Society of India (CySi) honoured Mr P W C Davidar, the former Adjudicator of Tamil Nadu with the award of a "Fellowship" in recognition of his outstanding services rendered as the Adjudicator of Tamil Nadu during his tenure as the IT Secretary. It may be recalled that Mr Davidar had the credit of the first adjudication decision in India in the case of S.Umashankar Vs ICICI Bank. Subsequent to this historical decision, 16 more adjudication applications have been filed in Tamil Nadu making it the State with the most active Adjudication system. During the occasion Mr N.Vittal former CVC was also awarded a Life Time Achievement Award. Speaking on the occasion, Mr N.S.Vishwanathan, Regional Director of RBI recalled how RBI has always upheld the interests of the customer and emphasized that "Security" is an important aspect of Banking. He recalled the words of the Deputy Director of RBI that "it was improper to pass on the liability of a cyber crime to the Customer". The award function was followed by a workshop on different aspects of Cyber Crimes in relation to Banking. The program was attended by several Bankers. Related Report in Hindu

IRCTC Fraud. One Ticket Agent Arrested

June7: Naavi.org has been pointing out that online IRCTC booking through Tatkal is being fraudulently taken over by agents. Complaints have even been lodged with IRCTC on this account. We have also exposed one software professional who had posted a client side script which could be used for overriding others in booking the tatkal tickets. This software professional removed the contents of his site but there are others who are also posting hacking guidelines for IRCTC site. In our complaint to IRCTC we have been suggesting IRCTC that they whould conduct a CBI enquiry on an analysis of tatkal bookings to prevent this fraud. We have also suggested that agents should be disabled from Tatkal booking for the first 15 or 30 minutes. Similar views are also held by others.

We are glad to note that one such agent has been arrested in Mumbai for such fraudulent booking. He is reported to have made 44 bookings under Tatkal on a single day.

There is a clear indication that IRCTC officials must be involved in this fraud. a good analysis has been given by Mr Amish to estimate that the fraud may be valued at around Rs 10000 crores. IRCTC has also modified its rules to accommodate the agents. When online booking was started, agents were not allowed the use of the facility. Later they were included. Then IRCTC also made a change regarding the ID card details to be provided. Earlier the full details of the ID card including the serial number had to be provided at the time of booking. Now this is not required. Passenger can give any ID. While this appears to be a move to help customers, it is actually meant to help the agents who may not have proper ID documents of the passengers.

Cyber Bullying by Vodafone?

June7: The attitude of Vodafone in filing a defamation suit (Refer article in FE) against a dissatisfied customer expressing his complaint on the Internet smacks of "Corporate Arrogance" and needs to be opposed by all consumer oriented organizations. Differences do arise between a customer and a consumer oriented business entity. Most matured business houses follow  the axiom "Customer is always right" and go out of the way to placate a complaint. When the company is not responsive the customer is forced to post his complaints in various consumer fora as well as his personal web space.

In the event the facts presented are false there is a legal right to file a defamation suit. However in most cases the money rich company files a case only to harass the individual. Unfortunately our unfriendly legal system is a night mare for most individuals. Often petitions which ought to be thrown out in the first place are admitted by Courts making the respondent spend time and money to respond to an unsustainable legal dispute. The case then drags on and on and the proceedings become a punishment to the consumer hurting him more than the original dispute.

It has been my personal experience that Vodafone service is bad and I discontinued the service for the same reason.  I donot know the details of the current dispute but it appears that the person is so agitated that he has contacted the higher officials and also posted their contact numbers for others to see. It is ridiculous that the Company claims that the customer can go through only the customer care facility and should not contact other officials. We all know that customer care is only one of the contact points for the customer and it often is not able to solve all the issues.  In such cases, since the consumer's  contract  is with the company and any service charges paid by him go to fund the salary of all the officers of the company  it is the prerogative of the customer to contact any official including the CEO or even the Board of Directors to seek resolution of  his complaint. Each such person has a duty to the consumers and are vicariously liable for the warranties made on the service either through advertisements or otherwise. Hence writing to them or publishing their contact numbers for others to contact them cannnot be considered as an illegal activity. If they feel inconvenient, it is the price they pay for being the officials of such a company.

Hence the stand taken by the Company is clearly anti consumer. This bullying attitude of Vodafone needs to be condemned. It is preposterous to suggest that ITA 2008 should be applied against a consumer who posts his complaint in his facebook profile whether it is private or public. The remedy for such arrogant behaviour of a Company is a consumer movement against such a company. Now that there is MNP, I think people should express their dissatisfaction by severing their relationship with the company. A Consumer company which is anti consumer is not a company to be associated with. Perhaps we require a Cyber Anna or a Cyber Baba Ramdev to take up the cause of such cyber bullying.

Bangalore losing status as IT Capital of India?

June6: It is reported that the ASSOCHAM  has said that Bangalore is set to lose the prestigious tag as the IT City. Results of a survey of 800 CXOs is said to indicate that nearly 30% of the Bangalore based CXOs were keen to shift to Gurugaon and 25% to Noida. Naavi has been trying to persuade the State Government to take up measures to ensure that Bangalore remains the destination for IT industry. When a hard core an IT professional was elected as an MP of BJP it was hoped that he would take steps to promote IT industry in Karnataka. However the Government has its priorities set elsewhere. Judging by the lukewarm response to some of the initiatives of Naavi to make Bangalore the focus of IT Security from the Government, it appears that ASSOCHAM survey conclusion may become a reality sooner than expected.  With the change of Government in Tamil Nadu and Mrs Jayalalitha assuming the Chief Minister's role, it is expected that Chennai and Tamil Nadu will also initiate steps to wean away IT investments. Recently a group of North Eastern States chose to headquarter their IT promotion initiatives from Hyderabad instead of Bangalore or any other place.  This indicates that outside Karnataka, the perception is growing that Bangalore is no longer a recognized IT hub. Unless Dr V.S. Acharya, the IT Minister and Mr M.N.Vidyashankar the Principal Secretary, IT and BT recognize the threat and initiate immediate remedial measures, before the end of the current BJP Government's tenure, Bangalore would have lost its identity as the IT capital of the country. I invite the attention of the National IT Cell of BJP and Mr Janardhan, the Chitradurga MP who was a former IT professional to take interest in devising strategies to change the disturbing. trend.

"Vinaashakaale Vipareeta Buddhihi"

5th June, 2011: When Jaya Prakash Narayan (JP) was arrested in June 25, 1975, it was stated that he commented "Vinaashakaale Vipareeta Buddhihi". I am reminded of that development today. After the arrest of JP and other political leaders and declaration of "Emergency", on 26th June, 1975, a few publications protested the Emergency measures by printing blank editorials. It was the beginning of a two year dark period in the history of India when dictatorship ruled the Country. It is 36 years since that event and we have history repeating itself with the midnight swoop on Ramlila Grounds and arrest of Baba Ramdev who was protesting against Corruption. By its action, the Government has indicated that  it is better to suspend democracy rather than take steps to prevent corruption. I am now reliving the days of June 26, 1975 and reminded of the famous words spoken by JP which was then headlined by Indian Express. Yesterday I speculated on "Emergency" measures. Unfortunately it has become a reality today. . Let's wait and see how media and other political parties react to the current situation. At the point of time when this is being posted, there is still no "Emergency". I hope that 2011 is not 1975 and  hence the situation may not worsen into an "Emergency" situation. However, It is a sad day for India.

History is being created in India

4th June 2011: A globally historic event has just begun in India in the form of the Anti Corruption Movement mobilized by Baba Ramdev. After the Non Cooperation movement of Mahatma Gandhi, this could turn out to be the biggest mobilization of people in India for a cause and perhaps may outscore even the anti emergency movement of Jayaprakash Narayan. What is unique about this event is that non political forces have come together to root out corruption which is the biggest menace in the country.

There are very few persons left in the country who are still swearing by non corrupt practices and they are often ridiculed as impractical. Many politicians who were expected to be honest have came around to the view that today it is not possible to avoid corruption in public life. But now there is a renewed hope. Ramdev's movement has gained support across the country and along with Anna Hazare's team has become a formidable force which the Government cannot ignore.

We may recall that BJP had in fact included in its last election manifesto that black money abroad will be brought back to India. Dr Manmohan Singh also promised after Congress came to power that they will bring back black money within 100 days. We may therefore say that both political parties are in principle supportive of Baba Ramdev's demand.

While the Government was effectively killing the Lok Pal movement of Anna Hazare, it is unlikely to succeed killing the Baba Ramdev's movement. It is however possible that the Government may resort to an "Emergency" like action of arresting of Baba Ramdev and crushing the movement. Hopefully Government will see reason and accept Baba Ramdev's demands without much delay.

Whatever turn the movement takes, it is clear that 4th June 2011 will be a historic day in the history of not only India but the entire world.

October 31, 2011 is the first deadline for Bankers under GGWG

June 3: The April 29th circular of RBI advising implementation of the recommendations of G Gopalakrishna Working Group recommendations has set a specific timeline for implementation of the recommendations. One of the principle deadline would be October 31, 2011 by which time Banks must put in place policies and procedures which donot require extensive investment. This may include the setting up of the IT Strategy  Committee, Risk Management Committee and the IT Steering Committee as well as designation of a CISO.

The circular suggests a Quarterly review process and the first calendar quarter after the issue of the guideline falls on 30th June 2011. It is recommended that the Board meeting within this quarter may take on record the receipt of the RBI guidelines and initiation of the first steps towards implementation of the recommendations. The second quarterly review by September 30 may discuss steps taken during the first 4-5 months so that the Bank will be ready with the compliance requirements for October 31, 2011 including a quick "Gap Analysis".

As an experienced past Banker and a techno legal information security practitioner, Naavi offers GGWG Gap Analysis" service for Banks to enable them comply with GGWG recommendations. Interested Banks may contact naavi at naavi@vsnl.com (+919343554943) for further details.

Six year Imprisonment for HIPAA Violation

June2:  An Alabama Court sentenced Mr Isaac Earl Smith,  to six years in prison for his role in a prescription fraud scheme that included crimes of healthcare fraud, aggravated identity theft and violations of HIPAA. Related Article

US Postal Services Introduce "Adult Signatures"

June 1: Naavi.org had in the past made suggestions regarding introduction of "Adult Passes" in the Cyber Space for receipt of adult content. In the meantime it is interesting to note that US Postal authorities have introduced a service called "Adult Signatures" where the mail is delivered to adults above 21 years of age upon verification of age. It should be a forerunner to the concept of "Adult Pass" suggested by naavi.org. Related notification

HHS Includes "Disclosure" as part of Privacy Rights

June1: In a conceptually significant development, HHS has proposed a change in the Privacy laws related to HITECH Act according to which the data subject would be entitled to know who has accessed his information. In the light of the powers which the Indian Government is likely to exercise under the new rules under ITA 2008 on Privacy, this is an important disclosure requirement that should become part of every privacy law. HHS notification for public comments : related Article

Directory of Mobile Numbers

June1: Mobile numbers are considered "Personal information" and are protected by privacy. However we should  debate if there is a need to reconsider the issue of privacy of mobile numbers. When a person receives a call or SMS from a mobile number, his privacy is disturbed. When he receives multiple calls or multiple SMS numbers, it annoys a person and it may invoke Section 66A of ITA 2008 as an offence. In such a case the recipient of the anonymous call has a genuine right to know the identity of the person making the call.

It is therefore necessary for all mobile service providers to introduce a mechanism where by if a person receives more than 3 calls from a mobile number during a period of one month, he is entitled to demand the identity of the caller from a repository of mobile directory. This is the privacy right of the call receiver pitted against the privacy right of the caller.

This  provision of disclosure on demand should be introduced as part of the "Due Diligence" of the intermediaries since identity of the caller is the first essential step for the call receiver to invoke the protection of ITA 2008.

The exact procedure of how a demand can be made, what evidence need to be submitted etc can be decided.

In order to implement the same it is also necessary for every Mobile Service provider to provide a free online copy of billing details so that the call receiver can extract the statement as a proof of having received multiple calls from a given number within a particular time.  DIT has the power to issue such guidelines under Section 79/Section 67C /Sec 85 of ITA 2008. Reactions are welcome.



PR Syndicate honours 'Cyber Law Guru of India', Na.Vijayashankar

PR Syndicate, (an organization of Corporate PR Professionals in Chennai,)  celebrated its First Anniversary on 20th January 2007 at Russian Cultural Centre. On the occasion, "Award of Excellence in Public Life"  was presented to 'Cyber Law Guru of India' Na.Vijayashankar...More


  What is Naavi.org?

Naavi.org is India's premier portal on Cyber Law. It is not only an information portal containing information on several aspects concerning Information Technology Law in India but also represents the focal point of several services around Cyber Law carried on by Naavi.

The first such service is the Cyber Law College a virtual Cyber Law education center in India which provides various courses on Cyber Law.

The second key service is the Cyber Evidence Archival center which provides a key service to help administration of   justice in Cyber Crime cases.

The third key service is the domain name look-alikes dispute resolution service which provides a unique solution for websites with similar looking domain names to co exist.

The fourth key service is the online mediation and arbitration service another unique global service.

The fifth key service is the CyLawCom service which represents the Cyber Law Compliance related education, audit and implementation assistance service.

Additionally, Naavi.org is in the process of development of four sub organizations namely the Digital Society Foundation, Naavi.net, International Cyber Law Research Center and Cyber Crime Complaints and Resolution Assistance Center. Digital Society Foundation is a Trust formed with the objective of representing the voice of Netizens in various fora and work like an NGO to protect their interests. Naavi.net is meant to develop a collaborative distributed network of LPO consultants. International Cyber Law Research Center would support research in Cyber Laws and Cyber Crime Complaints and Resolution Assistance Center would try to provide some support to victims of Cyber Crimes.

Together, Naavi.org represents a "Cyber Law Vision" that goes beyond being a mere portal. Started in 1997, when the concept of Cyber Law was new across the globe, consistent efforts over the last decade has brought Naavi.org to the beginning of "Phase 2" in which the services are ready to reach out to a larger section. This is recognized as the phase of collaborations and growth by association. Naavi.org will therefore be entering into a series of associations to develop each dimension of its vision with an appropriate partner. Individuals, Organizations and Commercial houses which have synergistic relationship with the activities of Naavi.org are welcome to join hands in commercial and non commercial projects of Naavi.org.


If you would like to know  more about Naavi, the information is available here.

For Any Payments to be made to Naavi online :  Naavi_s Payment Center

[Valid RSS]

RSS Subscription






Search Naavi.org

Deep Links

ITA 2008

ITA 2000- Rules

Archived News



Cyber Evidence Archival Center



Legal BPO


Public Service

Cyber Law College

Digital Society Foundation






Reference Sites

Global Cyber Law Resouces

Legal Information

Cyberlaw Stanford


Law & Tech Blog



Cyber Frauds

Cyber Crime Cases

Cyber Crime cases2


Bank Frauds Forum


Consumer Forum

Consumer Forum-2




Safe surfing






CAT Website

List of AOs


Misc Naavi Initiatives

Naavi Cricket Rating

Cyber Democracy




Personal Links

Daily News

Daily Horoscope