November 1-November 30, 2002

New Cyber Law Course for Netizens To Be Launched

Naavi wants a volunteer to steer

Let us not make the same mistakes in the Cyber Space

The formation of the Department of  Home Land  Security in USA got the final nod this week, with the signature of President Bush. It was notable however that despite the continued threat of terrorism in USA, several Civil Liberties groups staged demonstrations opposing the legislation....At a time we are considering a new security system in the global scenario for the Cyber Space, it is necessary for us to avoid a similar misunderstanding...

Read Here for More

 Google Loses a Trendsetting Domain Name Case

In an interim decision in Norway, Google's claim on the domain name "" has been disallowed despite the registration of "google" as a trade mark in Norway. It has been held that Google has not been able to show risk of substantial damage or defamation if the disputed domain name is continued to be used by the current owner whose business has no relation to that of Google. A final decision is expected in due course.

Though this is an interim decision and could be over turned in the final verdict, it does establish an important principle that "Consumer Confusion" or "Defamation" is essential for a Meta society right of trade mark to prevail over the Cyber society right of the domain name.

There is a need in India to take note of this type of controversy and proposes a suitable legislative provision that protects Indian Netpreneurs being denied domain names that do not create any consumer confusion nor defamation by virtue of the similarity.


Spain Drops Law on Cyber Cafe

A proposed law to regulate Cyber Cafe's on the lines of what the Mumbai and Karnataka Police have proposed is reported to have been dropped after opposition from public.


Compulsory Data Retention Norm Required

Under Section 65 of ITA-2000, whoever intentionally destroys any electronic document required to be preserved under law is punishable with imprisonment and fine. This section also applies to ISPs and Corporate IS Managers who hold important pieces of evidence in case of any Cyber Crime. Unfortunately, in the absence of a specific notification, Indian ISPs are not legally guided as to the period of retention of data. urges the Controller of Certifying Authorities to take immediate action in this regard and notify that all log details of ISP customers including the log of e-mails sent and received must be preserved for a period not less than 3 years. Such rules can also be extended to SMS messages of Mobile companies may be for a lesser period of one year since they fall under the category of electronic documents. While the retention of log records does not have serious "Privacy" implications, the retention of SMS messages may however raise objections from the Civil Liberties groups.

In this connection it is pertinent to observe that many of the EU countries have already passed legislations for compulsory retention of documents for varying periods as per some details available in the following links.

Finland proposes extensive data retention laws

Summary of Data retention Laws in EU Countries

DMCA and Right to Consumer Information

A legal question has been raised by some US shop keepers about the publication of forthcoming sales information in some websites. Protection has been sought by the shop keepers under DMCA barring publication of sales data which is likely to help the consumers to chose the shops. The websites have been asked to remove the information or face legal action.

This challenge is another example of the misuse of the provisions of the Intellectual property law for furthering anti consumer activities. Many legal practitioners believe that information such as sales, discounts etc are facts which are not covered by copyright law. It is however feared that the websites who have been challenged may not have resources to defend themselves against the more resourceful shop owners and may opt to comply with their demand rather than fight it out.

What if a similar notice is received by an Indian website also? Should we allow our e-commerce entrepreneurs to be victims of misinterpreted IPR laws ? or Should there be a mechanism by which a "Protective Umbrella" is thrown on Indian E-Entrepreneurs to prevent such attacks from IPR predators?

If so how this should be done?..and Who should do it?... Your Views are  Welcome

Related Article in TOI


Russia Launches Cyber War on Chechenya

According to Chechen rebels, Russia launched a hacking attack and brought down tow sites and after the recent terrorist attack in Moscow.

This represents the inevitable Cyber Wars that will be fought in the  future. All Cyber security forces will have to consider such attacks if it is a legitimate weapon against the enemies of the country.

It is time to ponder whether  Indian Cyber security forces are ready for similar attacks on anti India sites that abound the Cyber world.


US legislators Approve dot-kids Domain space

The US Senate and the House of Representatives passed a final version of the Dot-Kids Implementation and Efficiency Act, which calls for the creation of a dot-kids domain within America's dot-us addressing space.

This would provide the young generation a free Cyber space to browse through and benefit from the Internet revolution without the onslaught of pornography and other evils that confront the society. This would also make it easy for Schools and Cyber cafes to run child safe Internet browsing centers.

The bill provides that Web site with a address cannot post hyperlinks to locations outside of the domain. It also prohibits chat and instant messaging features, except in cases where a site operator can guarantee the features adhere to kid-friendly standards developed for the domain.

It is time that India also should consider a dot-kid zone under .in domain space.

Copy of the Bill

Software Piracy would cease to be a problem..if

The recent visit of Mr Bill Gates to India has once again focused the attention of the community on the issue of Software Piracy. Though states like Karnataka have assured Mr Gates that they would aim for "Zero Piracy" in the state. While it is recognized that even  Government establishments are guilty of using unlicensed windows OS and Office application on a large scale, the thrust on use of Open Source software in Government circles has received a set back after Mr Gates visit to India for obvious reasons.

Before the States go on a overdrive to catch software pirates, it is necessary to publicly debate the root causes for software piracy in India and the need to adopt  "Pricing Based on Usage" for software applications .

It is interesting to note that recently a French Court held Microsoft itself guilty of software privacy and imposed a large fine on the Company. This highlights the possibility of unintended copyright violations even at the user levels because of complicated licensing terms that users are unable to grasp.

Before pronouncing its citizens guilty of piracy, Governments should contemplate on what they can do to reduce the incidence of piracy,  including spreading the information about availability of license free software both for OS and MS Office like applications.

Related Articles:

Licensing is the problem, not piracy

Frisking of Software.. Is it a necessary Security Requirement?

Frisking individuals before entering a security zone has become a common practice world over. Is it not then necessary that before you allow a software to be installed in your computer, you should frisk it for security loop holes?. Obviously every user would be happy if such frisking eliminates problems arising out of "Bugs" left behind by developers by negligence.

It is however a difficult task to implement a "Frisking Policy" that works and is acceptable to the software vendors.

Should the consumer depend on a security agency to do so?. Should it be part of a "National Cyber Security Policy" to make it mandatory for software sold in a country to be "Security Certified"?. If so can this be achieved with "Proprietory Software" where the source codes are held confidential?.. are issues that need intense debate...... Your Views are welcome

Related Articles:

The Peons Guide to Secure System Development

Linux Download Site Hacked, Software Modified

Small and Tiny Digital Enterprises to Bridge Digital Divide

IT holds a huge promise for India and in order to realize this promise, it is necessary to take IT entrepreneurship to the grassroots level. The global reach of E-Business opens many opportunities for individuals to run home based or Cyber cafe based business which provides self employment with very low investment. Small Cyber cafes or Data Processing Centers are also essential public services in the digital era.

If India has to fully harness its manpower potential, it is necessary to provide encouragement to such Small and Tiny initiatives using the Computer and the Internet as the basic tools of employment. Such encouragement should come in the form of "Income Tax Exemption", "Service Tax Exemption", "Easy Bank Loans" etc.

Just as Cottage industries  helped the industrial economy to take off in Japan and India (though neglected at present), The Tiny and Small Digital Enterprises hold the promise for bridging the digital divide in India and provide gainful employment to many Computer savvy youngsters in villages.... Your Views are welcome

Regulating and Promoting Cyber Cafes

The issue of Cyber Cafe regulation has been engaging the attention of Indian regulators for a long time. There is no doubt that the Law enforcement agencies do require the assistance of Cyber cafes in criminal investigations and a strict legislation could help. However, instead of looking for regulations based on "Registration", "Returns" and "Punishment for Non Compliance", there needs to be a scheme for voluntary compliance of " Good Cyber Cafe Practices" that would provide the assistance to the Police whenever needed. This should be based on some kind of incentivisation so that there would be voluntary compliance.

Could this be achieved through a "Software Monitoring Device" to be installed in Cyber Cafes in return for some incentives? a point to be discussed..... Your Views are welcome

Cost of keeping your Computer Secure

In the current industry scenario, where every desktop needs to be secured against Virus, Hacking and Spam, it is relevant to consider an anti virus, personal firewall preferably with a spam killer as an essential purchase with every Computer. Unfortunately, the cost of such security with a reliable tool may be as much as US $70 or nearly Rs 3500 to be incurred each year. In other words, it would cost nearly Rs 300/- per month to keep your desktop computer safe. Obviously, in the Indian context this is to be considered as "High" and could lead to large scale neglect of desk top security.

There is therefore a need to bring down this cost substantially in the interest of Cyber Space Security of India and some initiative from the Government in this regard would be welcome.... Your Views are welcome

Investigative Hacking Needs Search Warrant

In an interesting observation, a Virginia Judge held that evidence collected by the Police through a Hacker was considered as "Illegally obtained". This throws up a debate on whether "Investigative Hacking" would need a "Search Warrant" since it amounts to searching through an Information Asset pool.

There is an urgent need to amend ITA-2000 in the light of this judgment to prevent investigative hacking by the Police being held illegal in India.

More at

Life Imprisonment to Hackers

The Bill to enact Cyber Security Enhancement Act (CSEA) was recently passed by the House of representatives. The Bill is expected to give greater powers to the Department of Home Land Security to seek information from ISPs, eavesdrop without court order and extend life imprisonment to hackers.

The amendment act reinforces the need for similar provisions in India highlighted by in the article Cyber Terrorism...A New Challenge to Law Enforcement Agencies.

A Commentary at

Copy of the Bill at

When Intellectuals Turn Hostile to National Security

It is an interesting psychological phenomenon that some times, well known intellectuals  feel the urge to join the band wagon of lesser mortals such as Dr Hari Krishna clamoring for international fame solely by criticizing the Indian Security forces and Government. The latest to join this bandwagon is Ms Arundhati Roy defending those who have been accused in the terrorist attack on the Indian Parliament.

It is clear that these activists lack an understanding of the security needs of the country and are blindly supported by the Indian media which is more personality oriented rather than issue oriented.

Counter terrorism strategy in India should therefore also include an education of these intellectuals on their negative impact on the overall security management situation in the country. Top psychologists of the country should also analyse what motivates the Roy's to step beyond their areas of expertise and turn anti establishment at the risk of being close to being also anti national. Media should also review why "Who Says" is more important to them than "What is Said".

Related Article:

Arundati Roy supports Parliament Attack Accused

64% Growth in Net Attacks...Small Business are the New targets

Recent studies have revealed that the criminal attacks on the net are growing at an alarming rate and pro Islamic terrorists are increasingly targeting small businesses on the net. This follows the global terrorist strategy of attacking soft targets to create panic in the community and destabilize the economic progress.

The trend highlights the importance of securing small offices and home computers as a part of an overall strategy to secure the Cyber Space.

Related Articles from BBC:

Battling the net security threat  // Small firms warned over hackers

Act Now to Stop Cyber Security Brain drain to US

Underlying the importance being accorded to Cyber Security initiatives, US Congress is set to vote on a Bill which sets aside a budget of US $900 million (Rs 4500 crores) to be spent in the next five years  on Cyber Security initiatives. The funds are mainly meant for research through various educational institutions.

Indian Government has to take note that if a matching action is not taken here, the cream of Cyber Security talent in India may migrate to US for better research options.


Canada Joins US-EU Cyber Crime Treaty

The US-EU Cyber Crime Treaty has roped in Canada which is making necessary changes to its own laws to comply with the provisions of the Treaty. The changes would cover "Mandatory Preservation of Customer Information", "Installation of Surveillance Mechanism", "Disclosure of Information" etc.

It is time we in India think of our own framework of regulations so that we can improve upon the provisions of the US-EU treaty which in due course would also be in India's consideration.

Related Article

Cyber Security Initiatives Face the PPR Challenge

..Despite the money and efforts spent on Cyber security, spectacular terrorist attacks cannot be ruled out. When such incidents take place, there will be plenty of people around to criticize the security forces and pull their morale down.

As a part of a successful Cyber Security strategy, it would therefore be necessary  for Cyber cops to  arm themselves with the  skill to manage opinion in critical circles. Since some of these critics come from the influential community of journalists, managing "Press Relations" and "Public Relations" (PPR) would be one of the prime tasks of the Cyber Cops in India.


Cyber Law Literacy and the Gold Rush

Quite often, I am asked by Lawyers, Law Students and Professionals about the immediate scope for Cyber Law Study. They often ask "How Many cases have been so far filed under ITA-2000 in India so far?, or "How many Cyber Crime Cases have been registered by the Police?".

...Cyber Law Study is not simply just another  specialization, but is a critical area of knowledge for any serious professional in the Computer era. It may not still be a Gold Rush in India, but may soon be. 


US Likely to Pass an Anti Internet Gambling Law 

US is considering passing of a law to prevent online Gambling. The Internet Gambling Enforcement Act already passed by the House of Representatives will be coming up for the approval of the Congress in December. 


A Notice From China to NCST !!!

Amongst the many important issues  that came in for discussion during the latest ICANN meeting in Shanghai was the administration of ccTLDs....India has been conspicuous by its absence in these deliberations ..

It is in this connection that we need to recognize the importance of the decision of Chinese authorities  that they will throw open the registration of Chinese domain names to non Chinese regrets that we in India have not moved in this direction.


A Defining Moment in Domain Space Administration

The Shanghai meeting of ICANN has concluded with the adoption of the new bylaws. One of the fundamental difference this new by law brings in is to eliminate the Board representation for the public.

Even though an elaborate advisory framework has been defined through the At Large organizations, ICANN in future will be like any private body whose accountability to the public is left to its own discretion.

With this change of status, the role of Government bodies world over has also changed. Now they will be the real representatives of the Net users and have to discharge their responsibilities suitably.

The removal of public participation in ICANN may also increase the relevance of non ICANN domain name registration system and also for the development of an alternative to ICANN to which some of the current responsibilities of ICANN can be shifted and a greater decentralization of ccTLD administration.

The development is a set back for the utopian concept of a democratic unified regulatory mechanism for Cyber Space and will pave the way for bifurcation of the Cyber Space into individual country managed restricted Cyberspace.


November 1, 2002

Related Articles / ZD Net /

Reuter Accused of Hacking

The international news agency Reuter was accused of hacking into the systems of a Swedish Software Company on October 24, 2002, when it downloaded and reported the financial results of the Company before its public release. The Company has filed a criminal complaint in this regard with the authorities in Stockholm.

Reuter has denied the allegation stating that the information was downloaded from the webpage accessible to the public.

The case looks similar to a case where the  a Company  has kept a draft press release in its premises and the reporter picks it up without authorization and publishes it.

It appears that the incident is a case of "Investigative Journalism" that has crossed the limits of prudence and journalistic ethics. We need to watch how the investigative agencies view it.

The Report from the Company

Hackers Step up Attacks in October

As US war on terrorism continues on ground and US intensifies its action against Iraq, Hactivists have stepped up their Cyber war against Information Assets belonging to countries who are supporting US such as India, Israel, UK, and Australia. According to a security firm in London, October 2002 with 16559 recorded attacks was the worst month since it started its observation in 1995.

The preliminary estimate of Economic Damage for the first week in October based on initial calculations puts the total damage caused worldwide by all hacker groups at between US $51m (Rs 255 crores) and $63m (Rs 310 crores).

More in TOI

Related Article in




If you would like to know  more about naavi, the information is available here.