Awake and Stop Not until Indian E Banking is made Safe
Internet censorship in India
June 27: India is one of the countries in
which Internet Censorship is very strong. One more example of the same
is the blocking of
http://hipaablog.blogspot.com a site which contains only useful
information on HIPAA. I want viewers to check if this has been blocked
in their ISP s also since different ISPs may have different policies.
Please do inform me if any other ISPs (I have checked with BSNL) have
also blocked the site. We can also demand from CERT-IN the reason why
this site has been blocked.
Cyber Crime Losses in Euro Banks
June 27: A study by Mcafee and Guardian
Analystics has estimated that the Cyber Crime losses in 60
European Banks could be in the range of USD60 million to 2 billion. At
present estimates in India vary between Rs 2000 to Rs 6000 crores per
annum. (USD 1 billion). But RBI and Indian Banks donot seem to be
concernede since they feel that Indian Banking system is resilient
enough to feed Cyber Criminals without hurting the consumers!
"John Doe" Or "Ashok Kumar" or "Kolaveri"?
June 23: The recent controversy in which
several websites were blocked citing the Madras High Court order by the
producers of the film "3" made the liberal reference to the "John Doe"
principle which in the Indian context was referred to as "Ashok Kumar"
principle. This principle is normally used when there is an offence but
the party is not identified. In the instant case however, the accused
was not "Anonymous". They were actually "Non Existent" on the date of
the Court's order. The prayer and the order was based on the speculation
that some unknown persons may infringe the copyright on the website and
if so they need to be blocked. Such an order needs to be classified
differently and not combined with the John Doe principle. Considering
that the film "3" was famous for the "Kolaveri Song", it may be apt to
call this principle as the "Kolaveri Principle".
June22: In an interesting modus operandi, it is
reported that certain persons in Mohali successfully fooled the ATMs to
report "Failed Transactions" when they withdrew Rs 10000/- and left Rs
100/- in the tray itself.
June 21: Researchers have found one instance
where the size of the brain tumor looks different in Mac and a PC
opening up the debate for telemedicine laws. The research in Germany
found that when data from 30 brain scans were viewed in a "FreeSurfer"
package there were significant difference between Mac and PC outputs.
The incident highlights the need for telemedicine law which imposes high
levels of testing and liabilities for non compliance.
Madras high Court Clarifies on Website blocking
June 21: Madras high court has clarified that
there is no need for ISPs to block the entire websites when the dispute
was related to a specific document. Naavi.org has also been raising its
voice about the unfairness of such orders. It is good that the
clarification has come through.
New Threats to Indian Banks
June 21: Trend Micro has warned that new
variations of SpyEye and Zeus are being sold in the underground
malicious code market and are being used in conjunction with web
injections and man in the browser attacks to rob Banks.
RBI and CERT have been sitting quiet on the
representations made by Naavi.org a few month's back with demonstrations
on such possibilities. It had been pointed out that the trojans can even
present false account views to the customers so that they never realize
the changes in their balances until they veirfy the balances through
alternate channels. The seriousness of the matter is being ignored by
RBI and CERT and the larger banking public are being placed at high
risk. With such insensitive security managers, Indian Banking system is
in grave danger of an attack which will bring the system to halt.
MIT is Confused on the Status of CAT
June 20: The Ministry of Communications and
Information Technology has been managing the Cyber Law in the country.
For some reasons the Ministry of Law appears to be uninterested in
managing "Cyber Law" in India. It is fine as long as MCIT consults the
Ministry of law and does a good job.
But of late, the functioning of MCIT has been raising
eye brows. While MCIT is in the forefront of Internet Censorship in
India, they remain actionless regarding appointment of the Chairperson
for Cyber Appellate Tribunal (CAT). The confusion the department is in
regarding the status of CAT is evident from the fact that pages of MCIT
continue to depict CAT as a division under CCA and headed by an official
The ITA 2000/8 envisaged CAT as equivalent to a Court
headed by a person with the seniority of a High Court judge. But the
department believes that "CAT has been set up under the aegis of the CCA)
snapshots of web pages enclosed). The latest executive assignments
indicate that Mr Gulshan Rai is not only the Director General of
ICERT, but also is the CCA and Head of Division of CAT.
Given the onerous responsibilities of the head of
ICERT, it is unclear why MCIT needs to have a single head for three
different activities each of which requires perhaps more than one person
to manage. More importantly, any appeal of a decision of CCA has to go
to CAT as per ITA 2000/8. It is therefore strange that the Government
thinks that a subordinate judicial authority (CCA) can be called
the administrator of CAT and a "Scientist" of the Government can be
called the "Head of Division of a Judicial body". This is like a State
Government appointing an officer of the Government as the "Head of
Division of High Court".
I hope MCIT understands the niceties of judicial
appointments and corrects the situation.
HIPAA-HITECH Rules may get updated
June 15: Final version of the HIPAA breach
notification rule published in July 2010 is likely to be notified
shortly. Also some changes in the "meaningful use rule" is also expected
under HITECH Act.
Digital Assets and Digital Wills
June 14: With the integration of digital life
and physical life in the current generation, there is value to many of
the digital assets they build up during their life time.
Apart from storing copyrighted material, people
accumulate domain names, hosting space, product license etc in digital
form. The control to these may be through passwords which are lost when
the asset owner expires. There is a discussion in these circumstances
about how the digital assets can be inherited.
Naavi.org was one of the first to raise this issue
and also offer a suggested solution through
It is essential to recognize that "an Electronic
document" can be an "asset" which has value, ownership, transferability
characteristics. But if these has to be transferred after death of the
owner, it has to be by means of a physical instrument and not a digital
will in the form of an electronic instruction since ITA 2000/8 has not
provided recognition for such instruments.
It may be necessary at some point of time in future
for the Indian Government to consider that "a Digital Will in electronic
form is recognized for transfer of digital assets" while a written will
can transfer both physical assets as well as digital assets. In such a
case an issue of dating of the digital will for digital assets vs
written will for digital assets need to be sorted out.
Related Article in BT
Canara Bank Exposed
June 13: In a stunning revelation, the arrest
of a Skimming kingpin by Bangalore Police has also exposed the gross
negligence of Canara bank in its ATM management. The report in
Bangalore Mirror indicates how the skimmers targeted Canara Bank
ATMs since most of them did not have guards. When the case of Mr Nagaraj
had been taken to the Banking Ombudsman in Bangalore last year for a
similar fraud of Rs 40000/-, the Banking Ombudsman failed to penalize
Canara bank for running ATMs without guards and without CC TV cameras.
Had he reacted judiciously at that time probably the current spate of
frauds might not have happened. Now it is time for RBI to ensure that no
ATMs without guards and CCTV cameras (functional) are allowed to be
operated by any Bank in India. The news report provides chilling
information that the Russian skimmer supplier has stated that he has too
many orders on hand to supply such skimmers to India. RBI should note
this as a warning of how the security of Indian banking system has been
allowed to be diluted by their slackness.