Expecting the Government to provide security with its hands tied behind the back

When we look around and see the developments in India, we see a spurt of agitations and oppositions to the actions of the Government. When educated persons and successful professionals, professors in reputed universities, students of advanced legal studies all join chorus with opposition politicians and oppose legislation like CAA, Abrogation of Article 370, Triple Talaq etc., and the Media seems to endorse their opinion,  it appears as if there is an uprise against communalism in the country.

Similarly, when people and organizations oppose the Aadhaar, amendment to rules under Section 69 (ITA 2000), Intermediary Guidelines Notification, or UIDAI’s tender notification for self monitoring in the social media, and now the PDPA 2018 or PDPA 2019, it appears as if there is an uprise against an assault on democracy by the Government.

There is no doubt that the voice of opposition is strong, the gathering of people for CAA protests are impressive and there are some voices from the educated urban class also involved in such protests.  Whether it is Sadguru or Amit Shah these voices will raise in unison to condemn any attempt to support the views of the Government.

If those who support the Government try to hide their expressions for the fear of being defamed by the opposition, then the society may perceive that there are no body to support the Government views and hence what the opposition is saying must be true to some extent.

It is therefore time that such people need to boldly voice their views also. In this context, I would venture to place my views that most of the opposition is not an in principle opposition to either the CAA or Aadhaar or PDPA etc. They are all manifestations of the opposition to Mr Modi not even the BJP. By calling all these efforts as communal and anti Democratic, a narrative is being built that can hide the real intention of the people which is to hate Mr Modi and bring him down if possible.

Again if one wonders why there must be so much hate towards the man who seems to be dedicated to the welfare of the country, the truth stares in the face. The truth is  that the hate for Modi is not because  Mr Modi is fascist or communal but because he has taken to a fight against “Corruption”.  Whether it is demonetization or Linking of Aadhaar to different Government services or the CAA or NPR, the core of the opposition is that the corruption they are indulging in some times in the form of making money directly and some times creating a vote bank to get into power to make money.

The intense opposition to Aadhaar started when the Government made its intention clear to link Aadhaar to the Property ownership which could hurt the holders of benami property. The corrupt but intelligent politicians engaged the various NGOs who were themselves concerned that the money flow from abroad to manipulate the Indian political and religious developments would stop, to raise a more authentic looking opposition to the moves of the Government.  The opposition to Aadhaar, Data Localization in PDPA 2018, surveillance in PDPA 2019 etc are all manifestations of these mechanisations of the corrupt. Unfortunately some have fallen to the trap of this propaganda and taken up opposition to the various legislations under the guise of supporting Privacy or Freedom of Expression etc.

Even the CAA opposition is pure political corruption since the intention of those who oppose is to let illegal immigrants to become their vote banks.

Today, there is a very informative article in epw.in title “The politics of India’s Data Protection Ecosystem” that has traced the legislation of Personal Data Protection bill currently in the Parliament and highlights some of the key issues.

Not withstanding the valuable information that the article contains, the article in its conclusion says “Safeguards for surveillance have received a big blow” and prepares the ground for further debates with the Committee of MPs, which is presently deliberating on the final corrections on diluting the provisions of national security enshrined in the Bill.

While any discussion on improving the drafting of the bill has to be welcomed, we should ensure that the discussion  is held on a fair basis and the genuine interests of the “Security First” school of thought is not ignored. “Security First” principle is that for democracy to survive, first of all we should survive. If any opposition to the Bill is providing strength to the forces which try to destroy the country, we should recognize this before expressing our opposition.

During the struggle for independence, Mahatma Gandhi had several occasions when he suspended or threatened to suspend the agitation for freedom if the principle of non violence is violated. Similarly if the principle of national security is likley to be violated, we should not blindly support the opposition to the Government legislation that are basically meant for assisting the Anti national view point.

Let us therefore keep our eyes and ears open to discuss without forgetting that surveillance is part of good governance and refusing the Government to have some enabling power is like asking our police to use lathis against AK 47 wielding terrorists. We have made such mistakes in the past and we should not do it again.

We must understand that every law can be misused if the police or authorities have no integrity. In the previous Congress Government even the finance minister was subject to surveillance in his office. At that time also there was no law that was supportive of such surveillance. Mrs Indira Gandhi imposed emergency and suspended all Civil Rights misusing her powers. Such instances can only be corrected if we bring ethics into politics and prevent vote bank corruption.

The spirit of “Equality and Justice for all” which was enshrined in our constitution has long been forgotten and though people swear by the constitution to oppose surveillance, they forget that “Providing Security to all the Citizens” is a duty cast on the Government and it is the fundamental right of every citizen to ensure that the Government takes such measures as are required to provide safety to its citizens.

If this safety requires CCTV vigilance, or if it requires exemptions from obtaining consent before conducting intelligence activities , we should recognize that there has to be a legal enablement for the Government to do its duty. Any opposition to the surveillance aspects of the PDPA 2019 should be moderated in this context.

We should not expect the Government to secure our society with its hands tied behind its back with Privacy regulations that ignore the security interests.

Naavi

 

 

Print Friendly, PDF & Email
Posted in Cyber Law | Leave a comment

Don’t use ICICI Bank services for FASTag

After the use of FASTag was made mandatory for toll payments, several service providers came up with a proposal to provide the FASTag stickers including some banks. When the original date for introduction was set as December 15,2019, there was a rush for the purchase of the tags and Banks fixed a price of around Rs 500/- for the issue of the stickers.

ICICI Bank was one such Bank which offered the FASTag sticker at a price of Rs 499.12. The service was provided through the website of ICICI Bank and hence customers of ICICI Bank presumed that it was one of the ancillary services offered by the Bank and opted for it.

However, in the case of the undersigned it has been a bad experience with ICICI Bank, where after registering for the service on November 20 2019, specifically for the vehicle owned by the undersigned, the Bank and/or its service provider failed to provide the sticker within the one week period promised or until now.

When a subsequent Banking ombudsman complaint was raised after waiting for one month, the Bank is providing an excuse that the documents uploaded did not match the registered details but has failed to specifically indicate what is the difference.

The Bank is unable to say X was the data uploaded and Y was the data registered and S does not match with Y.

Instead, the Bank has been sending repeated replies on the twitter handle @ICICIcares that a team has been assigned and they would reply. It appears that the reply is being generated automatically by a robot and no sensible and responsible human executive is aware what is the dispute raised.

This is how AI and Chat robots are being used in a manner that it defeats the very purpose for which they are sought to be used. Even the onsite help of ICICI Bank is managed by a chat bot which is not configured to understand the queries of this nature and does not even escalate failed queries to human supervision.

ICICI Bank has allocated a relationship manager with an e-mail address @icicibank.com which does not receive e-mails from senders with external e-mail addresses such as gmail.

Overall, the dispute resolution practice of ICICI Bank is a demonstration of how the AI technology should not be used.

I have now demanded the cancellation of the transaction and filed a complaint with the Banking ombudsman.

I now await and see how RBI’s Ombudsman  responds to the complaint.

In the meantime, I would like Mr Nitin Ghadkari to reflect how his decisions are causing many problems to people and his failure to take responsibility for proper implementation is reflecting as a failure of the Modi Government. It is important that individual ministers of the Modi Government need to take responsibility for their decisions to ensure that they donot become enemies from within to the Modi Government by their irresponsible handling of decisions that affect the common man.

In the meantime I would like to advise members of public to avoid using ICICI Bank services for FASTag not only because the system must be having some bugs but more so because their grievance handling system is unacceptable.

I would not be comfortable to ignore the registration made with one vendor and buy the tag again from another vendor as this may keep duplicate FASTag stickers in use for the same vehicle number and facilitate fraudsters to use the sticker with a duplicate number plate and commit frauds.

I am sure that Mr Nitin Ghadkari has not considered the Frauds that can be committed if a FASTag is duplicated. I am not sure if the FASTag readers in tools verify the tag details independently with the reading of the number plate and identify if there is a difference.

I would like the transport department to confirm if all the RFID readers in the tolls that accept the FASTag are synchronized with a number plate reading system and raise alarms in real time when there is a difference.

Naavi

Print Friendly, PDF & Email
Posted in Cyber Law | Leave a comment

2020 will be the year of Data Protection in India

The year 2000 was the year of the Cyber Law in India with the notification of the Information Technology Act 2000 (ITA 2000) in India.

Year 2009 saw ITA 2000 acquire a information security outlook with the amendments of 2008. That was when Section 43A, Section 72A, Section 67C, etc regarding data protection came into the law.

Now Year 2020 which was a special year marked for development by the late Dr Abdul Kalam, promises to be the year of Data Protection with the Personal Data Protection Act (PDPA) expected to be passed some time in February.

As the year 2019 comes to a close, it is good to take a glance at what has gone by in Naavi.org and its associated activities.

When 2019 started, the draft of PDPA 2018 was already available for discussion and two notifications of the Government namely the Intermediary guidelines and Section 69 notification were under intense debate.

The year started with Naavi unraveling the “Data Trust Score Model” as a suggested methodology to make a quantification of the compliance status of a data fiduciary under the proposed PDPA 2018. The system was explained over a series of articles.

Naavi also placed some suggestions regarding the intermediary guidelines  including a system of “Intermediary Dispute Resolution Policy” to be voluntarily adopted by the industry like the UDRP/INDRP schemes for domain name dispute resolution.

January 10 was also a historic day for the observers of Cyber Crime jurisprudence in the country as TDSAT upheld the earlier adjudication verdict in the case of S. Umashankar Vs ICICI Bank.

In February, Naavi launched the Personal Data Protection Standard of India (PDPSI) in a bid to develop a open standard for compliance of PDPA.

In the month of March, an important one day workshop was held in Chennai on Section 65B of Indian Evidence Act. The Foundation of Data Protection Professionals in India inaugurated its Chennai chapter and Naavi released the print version of his book “Section 65B of Indian Evidence Act clarified”

In the month of April, Naavi expanded his thoughts on the PDPSI through a series of articles all of which are consolidated under www.pdpsi.in Naavi also announced his book on Personal Data Protection Act as part of his training program on PDPA.

In May 2019, a renewed fight ensued on Bitcoin which continued through out the year and may continue into 2020 also as the bill on banning bitcoin may come to the fore in 2020.

June 2019 saw some attention focussed on Cyber Insurance  which continued with a couple of visits to NIA for lectures and interaction with the Insurance industry practitioners.

July 2019 saw the controversial Shafi Mohammed order of the Supreme Court  on Section 65B referred to a higher bench and the continuation of the fight against Bitcoin. The Aadhaar Amendment Act was also passed during this period.

August 2019 saw Naavi.org highlighting the  Trans union-CIBIL take over and flagged the possibility of irregularities. This was also the month when India integrated Kashmir with the abrogation of Article 370 of the constitution.

September 2019 saw  the  setting up of an expert committee on Data Governance and a discussion on Data Productivity vs Data Security, Data Governance law vs Data Protection law etc. This discussion will gain momentum perhaps some time in 2020 when the committee would submit its report. The month saw a new thought on Data being brought into discussion by Naavi in the form of “Atomic structure of data”.

October 2019 was the time when Naavi espoused a new thought “The New Theory of Data” in an attempt to bring more clarity to the concept of Data as seen by a technologist and a legal professional. Based on three hypotheses of “Additive value”, “reversible life cycle” and “Data is in the beholder’s eyes” Naavi is placing before the academic world a thought for discussion which should be useful in future to interpret the data protection regulations and guide it towards a form in which different stake holders can understand the issues with better clarity.

November 2019 saw the announcement of an online course on PDPA by Cyber Law College which is a an important development defining the future course of education in PDPA. FDPPI also participated in the certification process of such programs both for offline and online programs opening up a new era in the Data Protection domain in India.

Finally coming to December 2019, we saw a revised version of PDPA being presented in the Parliament and referred to a select committee. The version now available on www.pdpa2019.in was the basis of the course which Naavi has been conducting now.

Thus 2019 has been an eventful journey for Naavi and 2020 when PDPA may become a law could be even more eventful.

Let’s welcome 2020 with the hope that  prosperity will dawn on the country.

Naavi

Print Friendly, PDF & Email
Posted in Cyber Law | Leave a comment

National Power Training Institute to promote the illegal crypto currencies in disguise?

A news report has been received that the National Power Training Institute, of the Ministry of power, Government of India is set to conduct a series of training programs ostensibly on “Block Chain”.

The Bitcoin community is going ga-ga about the development and headlined an article  “Indian Government’s Institute offers Block chain training in multiple cities”. 

Three programs have been scheduled according to the report on January 6-10 at Nangal, February 17-21 at Delhi and March 16-20 at Shivpuri.

The content of the program indicate sessions on Bitcoin and Mining with hands on sessions.

It is obvious that the promotion of “Block Chain” is a disguise to promote Bitcoin and in as much as Bitcoin and other Crypto currencies are considered the currency of the criminals and the Government is in the process of passing the bill for banning Crypto currencies and make it a criminal offence to conduct any transactions with crypto currencies, it is surprising and disappointing that an arm of the government of India should be devoting time and money on conducting such programs.

Conducting such programs for students and professors etc has no relation to the working of the power ministry and it is obvious that the resources of the power ministry are being diverted to this project because of the lobbyists from the Bitcoin community.

I have drawn the attention of the Minister of State in the Power ministry, the secretaries of Home and the IT and hope that this series of programs are cancelled forthwith.

Block chain may have some use cases in the power ministry but it is important to recognize that if Crypto currencies are made legal, India would be diverting a vast amount of power to the Bitcoin mining.

According to one estimate Bitcoin energy consumption presently is around TWh 45.165 and expected to reach around 73.12 TWh in 2020 which is comparable to a country like Austria. The carbon footprint at 34.73 Mt of Co2 is comparable to the carbon print of the entire country of Denmark and the e-waste generation at 9.62 kt comparable to the e-waste generation of Luxembourg.

Naavi.org has brought to the notice of the public several articles on bitcoin including he possible disastrous impact on the country.

I wish the Ministers and officials involved in the Ministry of Power, Home and IT wake up to the warnings and ensure that all training programs for promotion of Crypto currencies directly or indirectly indicated in the bitcoin.com article are stopped forthwith.

It would be better if the Home ministry and the IT ministry send out a suitable circular to other ministries to prevent such programs being conducted under the patronage of the Government.

Naavi

Print Friendly, PDF & Email
Posted in Cyber Law | Leave a comment

An Orwellian State?.. We need an equilibrium view of PDPA 2019

Here is a copy of an article published in India Legal.

The published article is available here

An Equilibrium view of  PDPB 2019

Let’s not forget that even Privacy has its boundaries. The Right to Privacy is fundamental but not absolute. But often even wise men get carried away with their obsession as is indicated by the copious criticism being heaped on the Personal Data Protection Bill-2019 (PDPB-2019).

It is to be remembered that “Privacy” as a concept is a “State of Mind” and a “feeling of being Left alone”. Neither the Supreme Court or any experts have been so far able to define it precisely and it remains an enigma of its own.  Now trying to protect an enigmatic concept through regulation of the “information” surrounding the factors that influence the “mental state” is not easy. Further, ensuring that the regulations satisfy the entire population, each of whom have a different “State of Mind” does pose an impossible challenge.

The conflict between” Privacy” of one person and the “Security” of the other is eternal. Any Government of the day needs to have its hands free for “Intelligence gathering” which includes surveillance without which the country is unsafe and we the citizens of the country are unsafe. “Security” is therefore as much a fundamental right as “Privacy” is and a legislation like PDPB-2019 cannot be looked at only with a myopic view as if “Privacy” is an absolute right.

Rejecting the right of the Government to maintain national security through regulated invasion of Privacy will be disturbing the mental peace of millions of other honest citizens for whom the person standing next to him in a crowd could be a terrorist. It is only the faith that there is a security screening that today we travel in air with a safe feeling that the probability of the plane being hijacked or blasted out in the sky is remote. This feeling of “Safety” is as much important for most citizens as the “Feeling of Privacy” some body else would like to have.

Instead of being only critical, it is therefore necessary to examine the draft bill recognizing the presence of  the multiple stake holders such as the Individual, the Corporate, the Government, the Law enforcement etc all of whom have different perceptions of how Data Protection legislation should be.

In the past, here have been several failed attempts to pass a similar law and each time the conflict between Privacy Rights and National Security requirements have caused the proposals to be aborted. Additionally in recent days the industry has developed huge stakes in processing of data and harnessing value therefrom and the Privacy legislation presents a huge hurdle to such business interests who also exercise their own pressure on the legislation.

If the legislation ignores the needs of all stakeholders and takes into consideration only the views of “Privacy Activists”, the country may not become an “Orwellian State” but it is sure to become a “Chaotic State” where terrorism will race ahead and business development may significantly suffer.

Is Government becoming a Big brother?

According to the draft PDPB 2019, section 35, Central Government has retained some powers to exempt itself from  all or any of the provisions of this Act.

35. Power of Central Government to exempt any agency of Government from application of Act

Where the Central Government is satisfied that it is necessary or expedient,—

(i) in the interest of sovereignty and integrity of India, the security of the State, friendly relations with foreign States, public order; or

(ii) for preventing incitement to the commission of any cognizable offence relating to sovereignty and integrity of India, the security of the State, friendly relations with foreign States, public order,
it may, by order, for reasons to be recorded in writing, direct that all or any of the provisions of this Act shall not apply to any agency of the Government in respect of processing of such personal data, as may be specified in the order subject to such procedure, safeguards and oversight mechanism to be followed by the agency, as may be prescribed.

It is this provision which is being criticized by all as dangerous and potentially  turning India into an Orwellian State.

It may however be observed that the section is drafted clearly to indicate that it is only when the Government is satisfied that “It is necessary or expedient” in the “Interest of sovereignty and integrity of India, security of the state and friendly relations with foreign states, public order or preventing incitement to the commission of any cognizable offence” that this provision can be invoked. Even in such a case there has to be a direction in writing to a specific agency and this would always be available for judicial review.

It must be noticed that the reasons under which the provision can be invoked omits “decency or morality or in relation to contempt of court, defamation” which are other reasons provided under article 19(2) of our constitution as reasons for which the fundamental rights can be over ridden.

The Government has therefore been restrained in adding this contingent provision and it must be treated as an “Enabling Provision” which has to be present in the law if the Government has to perform its duty to protect  the citizens of India.

All the Privacy and Data Protection Professionals who always hail everything “Foreign” as better, may to note that even the EU GDPR under Article 23 provides similar exemptions.

What the PDPB 2019 contains is therefore reasonable and in tune with the Government’s own obligations to the society. We should stop nitpicking on whether the safeguards on paper are adequate or not speculate.  The details of how this power may be exercised would be in the rules to be notified later and we need to wait for it.

Constitution of the DPA

Another area of criticism has been that the Data Protection Authority (DPA) and whether it would consist of people who are independent and represent the stake holders.

According to section 42 of the proposed act,

“The Chairperson and the Members of the Authority shall be persons of ability, integrity and standing, and shall have qualification and specialised knowledge and experience of, and not less than ten years in the field of data protection, information technology, data management, data science, data security, cyber and internet laws, public administration, national security or related subjects”

The earlier draft had suggested the Chief Justice of India in the selection panel which has been omitted and this has given rise to the concern that possibility that the choice of the Chairman and the Members could be motivated by the Government’s concerns or by the industry lobby.

The earlier draft had also suggested maintenance of a “list of 5 experts”. It was not clear if this was supposed to be an “Advisory Group” to guide the DPA and has been omitted.

Industry people know that there is no Government Secretary who has 10 years experience in the field of data protection etc and is of less than 65 years of age to qualify to be appointed for the DPA. Even in the private sector there are not many with such experience and who would take up the assignment. So there is a difficulty in the constitution of the DPA with right persons and this needs to be recognized.

It is hoped that the Government will not look to bring foreigners and NRIs who may have the necessary experience but having no commitment to Data Sovereignty of India. We can keep our fingers crossed that the right people will be found at the right time for this onerous but responsible position.

Positive elements of the Bill to be hailed

Beyond the criticisms that have surfaced, there are a couple of positive features that the new version has brought in which needs to be recognized and hailed.

One such provision is section 40 suggesting the creation of a “Sandbox” so that start ups can benefit by a limited time exemption from the obligations under the Act while they test innovative technologies.

Another provision is section 37 which recognizes the  need to exempt the BPOs in India who only process personal data of foreign citizens on the basis of a contract with a foreign Data Controller and provides for a suitable notification as may be required. This was necessary for all those companies who were maintaining “Off Shore Data Processing Facilities” which needed to comply with the data protection laws of the respective countries and would have considered the over lapping of the PDPA jurisdiction difficult to manage.

Further, retaining the innovative definition of the role of the “person who determines the means and purpose of personal data” as the “Data Fiduciary” and the subject as “Data Principal” the credit for which should go to Justice Sri Krishna calls for appreciation. Additionally thinking of a role for “Consent Manager” could be another innovation which the industry will welcome.

Taking an equilibrium view therefore we must conclude that the new Bill has tried to improve upon the earlier version and the fears and concerns are perhaps inevitable but not completely valid.

Naavi

Print Friendly, PDF & Email
Posted in Cyber Law | Leave a comment

DAV Vs Indian Bank: Supreme Court considers Negligence of Bank and orders compensation

There have been so far many awards from Adjudicators in different states  in which Bankers have been held liable for frauds such as “Phishing”. Starting with the S Umshankar Vs ICICI Bank award in 2010, adjudicators in Mumbai, Gujarat, Telengana have on different cases ordered that the victim should be compensated by the Bank in case where the negligence of the Bank has contributed to the loss.

Though the kind of negligence could be different in different cases, and in some of the cases, contributory negligence can also be attributed by circumstances on the victim, the Adjudicators have held that the Bank continues to be primarily liable. In all these cases, Banks try to deflect the blame on the customer and point out the beneficiary of the fraud proceeds as the only culprits forgetting that without the assistance of the bank neither the amount could be fraudulently withdrawn from the paying bank nor collected and withdrawn from the collecting Bank. 

The Adjudicators who are IT Secretaries have some understanding of the technology involved and have repeatedly come to the conclusion that Customers are not to be victimized for the failure of the banking technology to ensure “Secure Banking”.

Though in some cases, the victims being unaware of the process of recovery, approach the Ombudsman or the Consumer forums, and some times have received relief and some times not, it is necessary to observe that the most appropriate forum for such disputes is the Adjudication where the cause of action is built up on a matter of contravention of ITA2000. Where the cause of action is not adhering to a RBI guideline, then the Ombudsman may exercise his jurisdiction and where the cause of action is a “Deficiency of Service”, the jurisdiction can be exercised by the Consumer forum. However, since a “Criminal activity” is behind the loss, and complicated electronic evidences have to be evaluated, it is preferable that the Adjudication is the best forum to take up such issues. 

The second level of evaluation of such cases happen at the TDSAT (Telecom Disputes Settlement and Appellate Tribunal) which is a two member bench where one is a retired Supreme Court judge and the other is a technical member. Hence even in this forum there is a possibility that technical aspects of the case can be evaluated with the assistance of persons having the technical knowledge.

As a result, even where the counsels fail to bring up appropriate points for contention, the two fora namely the Adjudication and TDSAT can be considered having sufficient resources to come to a reasoned judgement in the techno legal cases that the Bank fraud incidents represent.

After the judgement in TDSAT in two cases one of the ICICI Bank and the other of the IDBI Bank, some jurisprudential precedence has been established in such cases.

However, it is notable that now the Supreme Court got an opportunity to consider one case of phishing where DAV School in Kolkata had been defrauded  to the extent of Rs 30 lakhs. Apparently the fraud was caused by SIM cloning and Phishing. But it cannot be ruled out that a bigger conspiracy which could have involved the Bank was behind this loss.

This case went to the State Consumer Grievance redressal forum which expressed the doubt that the Principal was negligent and therefore suspected of complicity and ruled that the Bank cannot be therefore held liable. This was also upheld by the NCDRC (National Consumer Disputes Redressal Commission) and the matter landed up in Supreme Court as a second appeal.

The judgement dated 18th December 2019 from a Supreme Court bench consisting of the honourable judges Dr D Y Chandrachud and Hrishikesh Roy has now held that the Senior Manager, Indian Bank Midnapur Branch, Kolkata is held liable to compensate Rs 25 lakhs transferred  until 2.9.2014 where as the loss of another Rs 5 lakhs transferred subsequently before a complaint was formally filed on 9.9.2014,  was to be borne by the school since it was considered to be on account of their delayed filing of complaint.

This case involved many reasons of which the following are visible from the judgement

a) Negligence on the part of the Bank of having granted Internet Banking facility without request

b) Negligence on the part of the Bank in linking the School’s account to the personal ID of the Principal

c) Compromise of the log in credentials of the individual who was the principal of the School

d) Negligence on the part of the Bank in using the Password authentication system which is not a “Signature” under the ITA 2000 and contravention of RBI circular of June 2001 on Internet Banking.

e) Negligence on the part of the Bank in identifying the unusual nature of the transactions through adaptive authentication security

f) Negligence of one or more collecting Bankers in opening and facilitating the laundering of the proceeds of the fraud through a deficient KYC process.

g) Negligence of the Mobile Service Provider (BSNL) in issuing the duplicate SIM without noting the subtle difference in the name of the applicant reporting loss

Out of these, many of the reasons were not perhaps part of the arguments in the Supreme Court.

However the honourable Supreme Court considered that both the Consumer forums had held that there was a negligence of the Bank but failed to rule compensation for the doubt that there was a complicity of the Principal as a “Master Mind”. However the Police in their investigation had ruled out the complicity of the Principal and hence what remained was only the negligence of the Bank as the cause of the loss. .

Hence the Supreme Court took the stand that the Bank was responsible for the loss of Rs 25 lakhs.

While we appreciate this part of the judgement, the judgement may still be faulted for not allowing the balance Rs 5 lakhs which was rejected for the reason of delay. The reasons for which the loss of Rs 25 lakhs was caused namely the wrongful linking of the school account to the personal ID of the principal was also the reason for this loss and hence it was not logical that the claim on this part of the loss should have been rejected.

It must be remembered that when such a huge loss occurs, the customer would be in such a stunned state of mind that filing a formal complaint after understanding where to file a complaint, whether merely informing the Bank is sufficient since it could also be an erroneous debit etc could take  a few days. In the subject case there is no evidence that verbal complaint was not made to the Bank. Hence the Court was perhaps not correct in rejecting this part of the compensation.

However, the client should be relieved that at least Rs 25 lakhs out Rs 30 lakhs is coming back and more importantly, the personal  stigma that the earlier consumer forums attached to the Principal was removed.

At present when such instances arise, the limited liability circular  of the RBI may also come in handy. According to this circular, if the customer reports an unauthorized debit within 3 days would be zero and between  4-7 days his liability could be nominal and there after as per a reasonable policy of the Bank.

Even in such cases, Banks some times make a false and unsubstantiated claim as to the negligence of the customer in revealing his OTP etc. However the burden of proof for  proving any “Complicity” would   be on the Bank.

Hence in future cases it may not be necessary for the victim to go through the difficulty of the judicial process which is simply beyond the reach of common man. In this instance the victim was a large institution and hence it was possible to fight the case upto the Supreme Court.

In most other cases, the Indian judicial system is so harassing for the victim  and so expensive that individuals without deep pockets do not have a guarantee of Justice as we expect under the Constitution as even the CJI has recently admitted.

Naavi

Print Friendly, PDF & Email
Posted in Cyber Law | Leave a comment