Let's Build a Responsible Cyber Society
15th Year in service of Netizens

Naavi's Payment


Contact Address
About Us




Privacy Policy, Editorial Policy & Disclaimer


Business Enquiries




Cyber Law Forum

RSS Subscription

[Valid RSS]


"This website is the Wikipedia of Indian Cyber Laws".. A Visitor's remark

"Watch This Site as a Daily Habit. It may save careers".. A Banker's remark as an advise to fellow Bankerssed

Naavi is a Cyberlaw consultant based in Bangalore and specializes as Cyber law compliance advisor for the industry.

How Do you React to a Sec 79 Notice if you are an intermediary?

Naavi's Theory of Regulated Anonymity

Sec 43A Compliance Framework

Arise, Awake and Stop Not until Indian E Banking is made Safe

How Much Money is lost through Phishing in India?

March 31: Today is the end of a financial year for Indian Banks. It is time for them to draw their annual reports and submit it to both RBI and its shareholders. One essential information missing from Bank reports it the extent of loss in E Banking frauds. RSA recently stated that the losses suffered by Indian enterprises in 2011 through Phishing was of the order of Rs 172 crores. In an RTI based information releassed by RBI by DNA, Mumbai, it was stated that during 2010-11, the losses on E Banking were Rs 467 crores in Citi Bank, Rs 298 crores in SBI, Rs 112 crores in ICICI Bank and Rs 39 crores in HSBC. (See here) According to another rough estimate by Symantec, phishing related losses in India was of the order of Rs 6500 crores.

Naavi.org has been fighting for "Safe E Banking" and advocating that Banks which cannot provide safety in Internet Banking should be barred from providing Internet Banking service. In this connection demand has been already made on RBI to cancel the licenses of one branch each of ICICI Bank and Punjab National Bank. However RBI has maintained a royal silence.

Naavi has also brought to public attention the continued vulnerabilities in E Banking as demonstrated by Mr K S Yash, a security consultant in Bangalore. The videos of a live demonstration before a group of experts have also been submitted to CERT IN and informed to RBI. Invitations have been sent to both RBI and CERT IN  to take the demonstration directly and initiate action to restore the confidence of the public in E Banking. ... We are awaiting a positive response from both of them.

Under this background, one must question the wisdom of Banks and RBI in hiding the real information of how much money is being lost by Indian Banks through Phishing and any form of E Banking frauds, whether they are being reported to RBI as per the RBI's Fraud reporting guidelines?, Whether the losses are recovered out of insurance as per the RBI's Internet Bankign guidelines of June 14, 2001? If not why RBI is silent on the Bank's recovering the money from the hapless customers?, Why DIT is barring legal remedies in such cases by not appointing a chair person for Cyber Appellate Tribunal since last June?, Why DIT and the Government of Karnataka has not been able to address the anomalous situation created by the IT Secretary of Karnataka deciding that no cases can be brought before him against any Banks?, Why RBI is tolerating the rogue behaviour of Banks in ignoring its guidelines both of June 14 2001 and the more recent Gopala Krishna Committee report? Why RBI is unable to notify the recommendations of the Damodaran Committee report?, Why RBI is silent on our request to apply KYC failure fines to create an E Banking insurance Fund?, Why our Ministers Kapil Sibal, Mr Sachin Pilot as well as the PM are unable to respond to our complaints? etc.

Naavi.org vows to start a fresh campaign on "Protecting E Banking Customers" and invites Consumer activists all over India to join in this campaign.  I invite support and comments at naavi@vsnl.com.

Arise, Awake and Stop Not until Indian E Banking is made Safe

ICICI Bank on Face Book.. Does it compromise user security?

March 29: ICICI Bank is known for its innovativeness. Unfortunately, some times we feel that the innovativeness crosses its boundaries to possible recklessness. The recent foray of ICICI Bank into Face Book is one such new brainwave that has stuck ICICI Bank. Now it is possible to view a person's account through an application on Face Book. Though ICICI Bank claims that no data is transferred to Face Book and hence the security of information is not compromised, for a Bank which has the highest reported internet banking fraud incidents such statements ring hollow.

One wonders what RBI thinks of this innovation. Does the security on Face Book meet the recommendations of Gopala Krishna Committee report? or Does it matter? After all  RBI guidelines are there for the public to see and feel secure.

MP wants Section 79 rules to be annulled

March 26: A motion has been moved in the Rajyasabha that the notification issued by DIT on Intermediary guidelines on April 19, 2011 be annulled. The motion has been moved by Mr P Rajeev, an MP from Kerala. report

FIR Registered against HSBC Employees for harassment

March 23: We have reported in these columns about the disclosure by Mr Yash on E Banking vulnerabilities through a live demo involving some Banks. The demo included HSBC Bank and subsequently it had been reported that some representatives of the Bank had visited his house in Bangalore and threatened his family members demanding that the demo videos on the Internet should be removed. Naavi had brought  this to the notice of the Bank at higher levels. Now Mr Yash has confirmed of having filed an FIR against the Bank requesting the Police to investigate and provide him protection from being physically harmed.

Kerala High Court admits petition against Intermediary rules

March 12: Kerala High Court has admitted a petition challenging the constitutionality of the Intermediary rules issused by GOI on April 11, 2011. The petition has been filed by an advocate Mr Shojan Jacob raising objection to certain provisions of rules under Sec 79 and Section 69A and arguing that the rules are unconstitutional. Rules under Sec 79 are interrelated with rules under Section 43A also and hence it may be necessary to look at the rules under Section 43 A (April 11, 2011) while deciding on the constitutionality of the rules under Section 79. In particular the rules under Section 43A provide that if an intermediary can show an ISO 27001 certificate, he is deemed to have followed the requirements under Section 43A for protection of privacy of an individual. This refers to privacy while Section 79 refers to freedom of speech. These two are interrelated and both need to be reviewed for constitutionality. Naavi.org has already discussed these issues at length in the past and readers may view the articles in the Archived News

Related articles: Writ extracts : Medianama : Bar&Bench

GIGA National Seminar held at Hyderabad

March 11: A national Seminar was held at NALSAR in Hyderabad on "Internet Law and Governance" as part of the activities of GIGA, (The Institute of GLOBAL INTERNET GOVERNANCE AND ADVOCACY) established as a center of research, advocacy and training in Internet Governance and related issues. Justice S.Ravidra Bhat, inaugurated the conference and also made an interesting presentation on the E Court project in Delhi which was launched under his supervision. Officials from DIT including Dr Gulshan Rai, Dr Ravishanker and Dr Mohan also spoke on Internet Governance initiatives and security issues. Pavan Duggal, noted Cyber Law specialist gave a presentation on mobile laws in India. Copy of presentation made by Naavi on IT Act-Issues for Judiciary is available here. Prof Vivekanandan, Director of the institute outlined the activities of the institute including the free online data base of judgements maintained by the institute. The website of giga was also launched during the occasion.

IT Companies in Bangalore face a new challenge

March11: IT Companies in Bangalore have been presented with a new challenge with the withdrawal of the exemption from labour laws for the industry. This is likely to hit the bottom line of the IT Companies and act as a disincentive for new IT investments in Bangalore. The industry needs to develop a system of classifying the workers and the wage levels and obtain a case to case basis exemption. Industries have been given a six month time to meet the commitments. A serious effort is required by each company and the industry as a whole to resolve this issue and ensure that this does not become a death knell for the industry. Report in Hindu

Time to Delete Your Face Book and Twitter account?

March11: A surprising and disturbing report from US indicates that many employers and colleges are demanding that applicant's reveal their log in ID and passwords when they apply for a job or a course. Certain agencies seem to demand during the interview that password protected pages shall be displayed in front of the interviewer. Read the article here

If such a practice is found in a country like US where there is a huge awareness and activism in Privacy Protection, then one may wonder what could be the attitude in other more authoritarian countries.

Perhaps this marks the end of "Privacy" of individuals on the Internet as we know today... Or is the beginning of a new trend of anonymous, virtual identities and a second life for some?

A Phishing Mail in the name of You Tube

March 8: Here is a new phishing mail in the name of You Tube. The mail indicates a You Tube Video but the link is to some html page which may possible contain some viruses. See the copy of the mail here

Why The Governor of RBI is guilty of this bloodbath?

March8: Reserve Bank of India is by law the custodian of the interests of Bank customers in India. It is expected to regulate the Indian Banking system. The responsibility for introducing and encouraging the use of E banking lies with the RBI and hence the responsibility for the loss suffered by customers also lies with RBI. Naavi has also brought to the attention of RBI that there is a serious flaw in the Internet Banking security and RBI should take some corrective actions immediately to prevent the possibility of a Cyber Terrorist attack on Indian Banks. However all these efforts have been met with a stoic silence from the authorities.

Under these circumstances, Dr D. Subba Rao, the Governor of Reserve Bank of India must be considered as having failed in his duty to protect the interests of the Customers of Indian Banks who are seeking a safe banking platform. The blood of the E Banking victims is therefore all over the hands of the Governor of RBI. ... More

Bank Frauds in Bhopal

March 8:  A series of E Banking frauds have been reported from Indore where it is reported that more than 100 complaints have been registered in the last one year. The Police seem baffled by the number of crimes and have started advising customers about safe e-banking. While this is appreciable the report does not indicate any action taken by banks against the errant Banks and hence it is unlikely that a solution will be found to this problem in the near future. RBI should check of the 100+ frauds reported in this report are there in the FMR reports filed by the Banks and if not, take action against the banks which are hiding this information from RBI.

Related Article: Spurt in online banking frauds leaves state policemen baffled

Copyright Decision goes against Intermediaries in UK

March 7: A three-judge panel at London's Court of Appeal endorsed new copyright rules, siding with the music industry over internet providers in a battle over online file sharing. Under the rules under The Digital Economy Act has rules similar to rules already in place in France and Ireland and forces internet service providers to send an escalating series of warnings to users suspected of illegally swapping movies and music. Eventually, service providers can suspend repeat offenders' access to the Web. Related Article

HIPAA Non Compliance Holds up Physician's payments

March 7: From January 1, 2012,  HIPAA introduced  a mandatory shift of the Electronic Transactions and Code set Standards from 4010 guidelines to 5010 guidelines. The deadline was extended for 3 months due to the lack of readyness of the industry. HIPAA ASC X12 version 5010 and NCPDP version D.0 are new sets of standards that regulate the electronic transmission of specific healthcare transactions, including eligibility, claim status, referrals, claims, and remittances. Covered entities, such as health plans, healthcare clearinghouses, and healthcare providers, are required to conform to the new transaction set standards. It is understood that due to many technical issues involved  in the migration, there is a large scale delay in the processing of transactions leading to many physicians not receiving their payments on time. The industry is requesting another 3 month's extension of the deadline. Related article

Indian Business Associates who may be involved in processing of HIPAA transactions  need to ensure that they donot become objects of complaint in this regard . It would be prefereable for them to technically review their processes and correct deficiencies if any.

FaceBook Outsources Content monitoring

March 5: Despite the stand taken by Face Book that it is not able to manually monitor content in its court case in India, it appears that Face Book has set in an outsource mechanism to monitor content. However there is concern on whether this mechanism is trust worthy and whether it is appropriate to reveal sensitive personal data to the outsource agency. The mechanism however appears to come close to some of the suggestions made in these columns about how social networking sites can meet the obligations under Sec 79 of ITA 2008.Perhaps Face Book is moving in the right direction though some fine tuning of the process may be required. The suggestions made on "Regulated Anonymity" may also be relevant here. Related Article

TV Actress Falls Prey to Lottery Fraud

March 4: Asha K Shetty, a TV actress in Chennai has reportedly lost Rs 1.77 lakhs in an online  lottery scam. She was lured with  an SMS and filled up a form with RBI logo. This incident  indicates the vulnerability of people arising out of the trust they place on  their mobile communications and the name of organizations like RBI... Related story in TOI

Theory of Regulated Anonymity

March 3: The theory of regulated anonymity as propounded by Naavi advocates a conflict resolution solution for preserving the democratic principles of Privacy Protection in Cyber Space along with the need of the law enforcement to be able to prevent misuse of “Privacy” as a cover for Cyber Crimes.

The Theory  is built on the premise that “Absolute Anonymity of the Netizen is impractical as it would  be completely opposed by all law enforcement authorities and is against the current laws in most countries. ...More : Download the entire article

Regulated Anonymity-A Solution towards Privacy compatible with National Security

Mar 2: There is admittedly, a strong case for “anonymity” and also “Pseudonomity” as means of protecting the privacy of an individual on the Internet. However looking from the perspective of increasing Cyber Crimes and their escalation to Cyber Terrorism and Cyber Wars, there is an equally strong case for the demand of the law enforcement for absolute surveillance and need to identify individuals conducting any transaction on the Internet. The new laws in most countries including India and US try to provide for such “ Authorized Invasion of Privacy”. This brings forth the direct conflict between Privacy and Crime Prevention while formulating regulations.

Is there a solution to resolve this concept?.. Naavi explores and invites  suggestions and comments from legal and technical persons about how such a system can be designed.

Detailed articleDownload the entire article

For Articles of Earlier Date Browse through Archives



PR Syndicate honours 'Cyber Law Guru of India', Na.Vijayashankar

PR Syndicate, (an organization of Corporate PR Professionals in Chennai,)  celebrated its First Anniversary on 20th January 2007 at Russian Cultural Centre. On the occasion, "Award of Excellence in Public Life"  was presented to 'Cyber Law Guru of India' Na.Vijayashankar...More


  What is Naavi.org?

Naavi.org is India's premier portal on Cyber Law. It is not only an information portal containing information on several aspects concerning Information Technology Law in India but also represents the focal point of several services around Cyber Law carried on by Naavi.

The first such service is the Cyber Law College a virtual Cyber Law education center in India which provides various courses on Cyber Law.

The second key service is the Cyber Evidence Archival center which provides a key service to help administration of   justice in Cyber Crime cases.

The third key service is the domain name look-alikes dispute resolution service which provides a unique solution for websites with similar looking domain names to co exist.

The fourth key service is the online mediation and arbitration service another unique global service.

The fifth key service is the CyLawCom service which represents the Cyber Law Compliance related education, audit and implementation assistance service.

Additionally, Naavi.org is in the process of development of four sub organizations namely the Digital Society Foundation, Naavi.net, International Cyber Law Research Center and Cyber Crime Complaints and Resolution Assistance Center. Digital Society Foundation is a Trust formed with the objective of representing the voice of Netizens in various fora and work like an NGO to protect their interests. Naavi.net is meant to develop a collaborative distributed network of LPO consultants. International Cyber Law Research Center would support research in Cyber Laws and Cyber Crime Complaints and Resolution Assistance Center would try to provide some support to victims of Cyber Crimes.

Together, Naavi.org represents a "Cyber Law Vision" that goes beyond being a mere portal. Started in 1997, when the concept of Cyber Law was new across the globe, consistent efforts over the last decade has brought Naavi.org to the beginning of "Phase 2" in which the services are ready to reach out to a larger section. This is recognized as the phase of collaborations and growth by association. Naavi.org will therefore be entering into a series of associations to develop each dimension of its vision with an appropriate partner. Individuals, Organizations and Commercial houses which have synergistic relationship with the activities of Naavi.org are welcome to join hands in commercial and non commercial projects of Naavi.org.


If you would like to know  more about Naavi, the information is available here.

For Any Payments to be made to Naavi online :  Naavi_s Payment Center

[Valid RSS]

RSS Subscription

Posts in Bloggernews.net





Search Naavi.org

Deep Links

ITA 2008

ITA 2000- Rules

Archived News



Cyber Evidence Archival Center



Legal BPO



Cyber Law College



Reference Sites

LII of India

Legal Information

Cyberlaw Stanford


Law & Tech Blog




Cyber Frauds

Cyber Crime Cases

Cyber Crime cases2


Bank Frauds Forum


Consumer Forum

Consumer Forum-2





Safe surfing






CAT Website

List of AOs


Misc Naavi Initiatives

Naavi Cricket Rating



Personal Links

Daily News

Daily Horoscope