Let's Build a Responsible Cyber Society



2009-The Golden Year for Cyber Laws in India...Part II

(This is part II of the Two Part Article. Part I  is available here)

The year 2009 is considered the "Golden Year for Cyber Laws in India" since it was during this year on October 27, 2009 that the amendments to ITA 2000 vide ITAA 2008 became effective. The new version has made Cyber Law Compliance part of Information Security Practice and firmly established the need for Techno Legal Cyber Security to be part of every Corporate policy framework. Apart from this seminal development, the year saw other developments which are worth recounting.

Naavi who has been in the working on development of Cyber Law Compliance solutions quickly identified the need for a technology solution for compliance of Section 7A of the ITA 2008 and came up with a solution called "Ujvala-Bellur e-auditing Tool"  in association with Bellur Informatics Pvt Ltd.

A second initiative taken by Naavi during the year was pursuing a solution for Cyber Law Compliance with an appropriate solution for Cyber Cafes. However, due to the delay in the framing of rules under Section 79 of ITA 2008 which has not yet been released (till date), the suggested solution is kept pending. In the meantime some new Cyber Cafe management software has been introduced in the market which is partially compliant with Cyber Laws. Once the full regulation is available, the adequacy of the existing solutions can be assessed.

Ever since ITA 2008 was passed, Naavi has been advocating the formation of a National Netizen  Commission. This would be pursued in the future years also.

During the year Naavi.org also raised several issues which affected Netizens in India. One such was the debate on e-Gazettes which we feel should be a free service which the Government should provide to the Citizens of India.

Another issue which caught the public attention was the fight on savita_bhabhi website which was finally blocked by the Government.

An interesting case of Burkha Dutt, the well known NDTV journalist sending a defamation notice to a blogger for the criticisms he made regarding the 26/11 coverage made headlines during the beginning of the year. The threat resulted in the blog entry from being removed.

Another incident which occurred during the fag end of the year saw a film producer in Hyderabad bringing upon his influence on a large IT company to dismiss an employee for posting links to a film download site as a copyright infringement.

There were instances of "impersonation" of Naavi reported during the year one of which was by an advocate in Maharashtra. End of the year also saw the release of the 3D film Avatar where the term "Naavi" was used as the name of a clan and made the term globally known.

During February,  the conficker virus created a scare by bringing down  the French Airforce by corrupting the flight plans in the server. In December the CAT examinations in India was also adversely affected allegedly due to the same virus. It continues to pose a threat in the future since it is estimated that more than 9 million computers were affected at one time and perhaps millions of computers  still carry the virus and represent a potential Botnet that can cripple the Internet and trigger Cyber Wars.

The year 2009 is also important since some of the developments in US also affected the Indian scenario substantially. One such development was the passage of the HITECH Act which made compliance of HIPAA-HITECH mandatory for Indian Companies engaged in the processing of US health information.

This triggered Naavi to formulate a new Information Security Framework called IISF 309 similar to the LIPS 1008 which he had formulated in end 2008 to address the requirement of Legal Process Outsourcing companies. The IISF 309 is being refined further after the announcement of rules under ITA 2008 and will be extensively used in 2010 for ITA 2008 audits by Ujvala Consultants Pvt Ltd and other associates of Naavi.

The year also saw a general election where BJP promised setting up of a Digital Security Agency as part of its manifesto. However, BJP lost the election and it was left to the Congress led UPA Government to implement similar strategies. It still required a person like P Chidambaram as Home Minister to think of several reforms including setting up of an integrated intelligence set up for the Country, making FIRs mandatory on every complaints etc which are likely to be rolled out into action plans in the coming years.

Towards the middle of the year, Naavi started a campaign to make "Bengaluru as Information Security City" as a strategy to overcome the backlash of the Obama comment that Bangalore was taking away employment from US. As a result, several programmes were suggested by Naavi to be undertaken in Bangalore in the coming days. One such programme that materialized was the "Bangalore Cyber Security Summit 2009" under the umbrella of the IT & BT department, GOK. Hopefully more such programmes of such nature would follow.

Internationally, a case from Minnesota where a middle aged lady was asked to pay compensation US $1.92 million for having downloaded 24 songs without license. This may have its effect even in India and we may expect some aggressive prosecutions on the copyright front. The Government of India has also taken up amendment of the Copyright Act 1957 and adding some provisions on Digital Rights Management, Contributory Infringement etc to the Indian law.

Another incident that made news during the year was the blocking of savita_bahbhi website. Despite criticism from many naavi held his ground and substantiated his stand that the site needed to be blocked and finally when the GOI initiated action, there was a huge outcry. The war on savita_bhabhi appears to be a long drawn one since towards the end of the year, the site resurfaced in alternate name and Naavi has again taken up the matter with the necessary authorities. CERT-In also on its own moved to ensure that major search engines imposed a mandatory filter to ensure that obscene content is blocked from the search engines.

Another major development towards the second half of 2009 was the setting in motion of the Unique ID Project headed by Mr Nandan Nilekani . Naavi also applied the IISF 309 framework and placed his suggestions on the  Reasonable Security Practices for UID Project.

Naavi also took another pioneering step in redefining the concept of Information Security. Having been a pioneer earlier in India is promoting the Techno Legal Information Security concept, Naavi has now introduced a "Theory of IS Motivation Based on a Behavioural Science Approach" which brings the behavioural science as the third dimension of Information Security. This has opened a new thought process in information security  for integrating HR principles with the Legal and Technical aspects. Naavi also introduced the concept of "Compulsive Cyber Offence Syndrome" as a part of the process of understanding why people get lured into committing Cyber Crimes.

An unfinished task which Naavi carried through the year was the adjudication case in Phishing with the adjudicator of Tamil Nadu. Though  reasonable time has passed for a decision in the adjudication case, the possibility of a favourable verdict has increased with more decisions from elsewhere supporting the view that Banks should be considered liable for Phishing incidents. First there was a German Case then information on the changes in the Danish law reached India. Finally, in December, the Banking Ombudsman gave a direction to Bank of India to pay back the Phished amount with interest.

Naavi has also raised an important issue on Inheritance of Virtual Assets and the need to make suitable laws in this regard. He also introduced the new concept of the relevance of CiNezens as the drivers for Cyber Laws in future.

As a final thrust in the year 2009, Naavi has launched a campaign with the Corporate world highlighting the obligations under Clause 49 of SEBI listing regulation and its relation to ITA 2008 compliance. This is likely to be followed further during the coming year.

The year started with the dawn of ITA 2008 but it took almost the entire year for the amendments to be put to action. As the year closes, we are left with a hope that 2010 shall take off as a prosperous year for Techno Legal Information Security Industry. Let the "Golden Year for Cyber Laws in India" pass on the baton to a prosperous year for all Netizens  in India and elsewhere.


December 31, 2009

 Comments are Welcome at naavi@vsnl.com