Header image alt text


Building a Responsible Cyber Society…Since 1998

Syndicate Bank loses Rs 1.13 crores of customer’s money

Posted by Vijayashankar Na on November 26, 2014
Posted in Cyber Law  | No Comments yet, please leave one


In a repeat of a common cyber crime which have earlier been reported in the case of Exporters and Importers, an NRI customer of Syndicate Bank in Manipal has reportedly lost Rs 1.13 crores.

It appears funny that the Bank transferred money based on undigitally signed e-mail received in the name of the customer.

See Report here

It is almost like celebrating an anniversary of the article titled “Negligence of Export Promotion Councils, ECGC and Banks lead to Rs 2.35 crore fraud” published in this site on 27th November 2013 highlighting the responsibilities of Export Promotion Councils, ECGC and Banks in ensuring that such e-mail frauds are not committed.

It is unfortunate that the Bank remained illiterate to such information available in the market. RBI should also share with the public what action it has taken to educate the Bankers on such Cyber Crime Risks.

It is sad that Banks and other regulatory institutions seem to be oblivious of their responsibility to protect the citizens from such frauds.

Unfortunately this fraud has happened in Karnataka which is a haven for Cyber Criminals since there is no cyber judicial system operating here at present. With the Adjudicator of Karnataka shooing away Cyber Crime victims from seeking justice through his office, the CM and Chief Justice looking elsewhere, Cyber Crime victims of Karnataka have no where to go for justice. At least if the Bank had been head quartered outside Karnataka, the situation would have been better.

Until such time that there is change in the approach of Karnataka Government on re-activating the Adjudication system in the State and until the Chief Justice of Karnataka opens his eyes to the problem, it is better for Bank Customers in Karnataka to keep their money in Mumbai headquartered Banks since the adjudication system in Mumbai is more active and some justice can be expected.


P.S: The details on why the Adjudication system is not active in Karnataka and why the Karnataka Government and Karnataka High Court is responsible for the miserable state of Cyber Judiciary in the State has been discussed several times in this site and requires no repetition. I wish CM Mr Siddaramaiah who is himself a law graduate or the Chief Justice of Karnataka invites me to explain why I feel so bitter.


Cyber Appellate Tribunal to be active again

Posted by Vijayashankar Na on November 20, 2014
Posted in ITA 2008  | No Comments yet, please leave one


Naavi.org has been pursuing with the Government of India about the appointment of the Chair Person for Cyber Appellate Tribunal for over 3 years now. After exhausting all channels during the UPA regime, we had restarted the efforts after the new Government came to power.

At last there is a reply from the Ministry of Information Technology , perhaps because of the nudging by the National Human Rights Commission and the response has been posted on the website pgportal.gov.in.

The reply is dated November 20th and states

“You are hereby inform that the requisite pre-appointment formalities for appointment to the post of Chairperson, CAT, have been completed and proposal for appointment is under consideration by the competent authority.”

This response is to a comment posted on 5th September 2014.

Hopefully we may see re activation of the Cyber Appellate Tribunal shortly.



Supreme Court has set December 2nd as the final  date of hearing  when it will hear all cases related to Section 66A.

Report in Hindu

According to the news report, a Bench of Justices J.Chelameswar and S.A.Bobde will hear the petitioners Shreya Singhal. Common Cause and People’s Union for Civil Liberties. The counsels representing these bodies are Mr Soli Sorabjee, Mr Prashant Bhushan and Mr Sanjay Parikh respectively.

The three petitions have three different prayers. First is that the case on the Palghar girls who were arrested for posting a FaceBook comment and Liking a FaceBook comment be dismissed. Second is that no arrests be made under the section and the third is that the section is unconstitutional.

Let’s analyze each of the three pleas and the likely arguments that may be taken by the different counsels.

1. Palghar Issue:

In this case, one of  the girls comment on her facebook page as follows:


‘People like Thackeray are born and they die daily, and one should not observe a ‘bandh‘ for that‘


One of the other friends clicked “I Like”. Police arrested both under Section 66A and the magistrate committed the girls to judicial custody of 15 days.

A similar issue came up in Pondicherry when a Twitter post by a person called Ravi Srinivasan, a businessman, stated “got reports that Karti chidambaram has amassed more wealth than vadra.” In this case also police went about arresting the person who posted the tweet under Section 66A.

Additionally there are cases on Aseem Trivedi, the Cartoonist and many floating notices to intermediaries under Section 79 demanding removal of content allegedly contravening Section 66A.

Subsequently the Central Government through its “advisory” dated 9th January 2013, advised as follows:

“State Governments are advised that as regard to arrest of any person in complaint registered under section 66A of the Information Technology Act 2000, the concerned police officer of a police station under the State’s jurisdiction may not arrest any person until he/she has obtained prior approval of such arrest, from an officer, not below the rank of the Inspector General of Police in the metropolitan cities or of an officer not below the rank of Deputy Commissioner of Police or Superintendent of Police at the district level as the case may be.”

2. Parikh’s Plea:

According to the report, the plea is only that “no Arrests are to be made without following the guidelines”.  While the above advisory is a “Guideline” it is unlikely to be considered effective since law and order is a state subject and a mere advisory of the above nature will be ignored by the State police.

If any other guideline is required, it can come up as a “Notification” under iTA 2000/8 which should be notified in the Gazette.

3. Soli Sorabjee’s Plea

This plea is likely to focus on whether the provisions of Sec 66A is within the definition of “Reasonable Exclusions” to Civil Liberty guaranteed under Article 19(1) of our Constitution which states:

–(1) All citizens shall have the right

(a) to freedom of speech and expression;…

–(2) Nothing in sub clause (a) of clause ( 1 ) shall affect the operation of any existing law, or prevent the State from making any law, in so far as such law imposes reasonable restrictions on the exercise of the right conferred by the said sub clause in the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States, public order, decency or morality or in relation to contempt of court, defamation or incitement to an offence

Issues on which Supreme Court needs to ponder:

1. As regards the Palghar issue, the Supreme Court needs to consider if Sec 66A which is applicable to messages and E Mails should also be considered as applicable to Face Book and Twitter. In the process it has to take a view on the difference between “Publishing and Transmitting” Vs “Sending a Message through E Mail or a Communication Device”.

2.As regards the guidelines for arrest, Supreme Court needs to consider what guidelines are required to be issued in this regard and what is the acceptability of the advisory issued in this regard.

3. As regards the constitutionality, Supreme Court needs to look at several angles including whether Sec 66A is actually meant to abridge the constitutional right of “Freedom of Expression” under Article 19 (1) or for any other objective. If the objective of the section is not to restrict the “Freedom of Expression” whether it is necessary to impute such a non existent legislative intent and declare the section invalid and whether in such a process it will defeat the any other objective that the section has set about to do.

Analyzing Section 66A as it exists today:

The Section is titled “Punishment for sending offensive messages through communication service, etc” and states as under

Any person who sends, by means of a computer resource or a communication device
(a) any   information that is grossly offensive or has menacing character; or
(b) any   information which he knows to be false, but for the purpose of causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred, or ill will, persistently  by making use of such computer resource or a communication device,
(c) any electronic mail or electronic mail message for the purpose of causing annoyance or inconvenience or to deceive or to mislead the addressee or recipient about the origin of such messages
shall be punishable with imprisonment for a term which may extend to  three years and with fine.

 The section consists of three sub sections.  The title as well as the content indicates that it is meant for  “Sending” any information or Electronic Mail or Electronic Mail Message.  Sub section (a) qualifies the nature of the content. Subsection (b) emphasizes “Persistent” sending and Sub Section (c) emphasizes the “Purpose of Sending”.

E Mail is specifically mentioned in Sub Section (c) but the other two sub sections use the term “information”.

Sub section (c) mentions “Electronic Mail” as well as “Electronic Mail Message”. We can presume that the term Electronic Mail Message was meant to address SMS or MMS. However the use of the term “Mail” in  “Electronic Mail Message” has the effect of excluding the SMS or MMS which uses a different protocol than the mail protocol. Today we have several messaging services including What’s App, Instagram etc besides the SMS and MMS and the section does not appear to cover the different forms of messaging under this section. If the term “information” itself had been used in sub section (c) it would have been better. In that case the sub section (c) would have read as follows

any information for the purpose of causing annoyance or inconvenience or to deceive or to mislead the addressee or recipient about the origin of such information

 Since the first para of the section refers to “Sending” by means of a computer resource or a communication device, all the three subsections should be considered as referring to “Sending” and includes e-mails, SMS or Instagrams or any other forms in which information is sent from one to another. “Sending” implies “pushing” as against “Receiving” which implies “Pulling” of the information. 

Does “Facebook posting”, “Facebook liking” and “Tweeting” constitute “Sending”? or “Publishing”? is an important issue that needs to be evaluated by the Supreme Court.  If the “Information” stays on a web server and the recipient visits the web space to view the content, such content is more aptly described as “Publishing” rather than “Sending”. Both Face Book and Twitter are Social networking sites where the user’s content gets displayed for any visitor to see. It therefore appears that applying Section 66A to Palghar Case or Karti Chidambaram’s case was incorrect.

It may be noted that Section 67, 67A and 67B could cover both publishing as well as transmission if the message content can satisfy the requirements of “Obscenity”that these sections try to address. The Palghar and Karti Chidambaram cases are not within the provisions of these sections.

Now let’s see what “Grossly Offensive” and “Menacing” means. “Menacing” is easier to interpret since it should contain some kind of threat, a suggestion that some harm will be caused to the person or property by the person who is sending a message. Netither the Palghar case nor the Karti Chidambaram’s case contains such a threat from the sender.

Sub section adds a requirement that the sender should know that the message he is sending is “Known to be false” and he sends such a message “persistently” with the objective of causing annoyance etc. Criticality here is “persistent” which means that the message should be sent again and again. This does not apply to Facebook and Twitter and can only apply to cases such as sending repeated SMS/MMS messages or e-mail. This is more apt for what we normally consider as “Cyber Stalking” or “Cyber Bullying”. The Palghar or Karti’s case does not fall under this category.

Sub section (c) is distinguished by the requirement “to mislead the addressee about the origin”. This refers  to a typical “Phishing” and most of the “Spam” mails.

Thus Sub sections (b) and (c) address cyber crimes such as Cyber Stalking, Cyber Bullying, Phishing and Spam and if the section is quashed for whatever reasons, these crimes will escape punishment at least under this section. This will be a retrograde step.

Sub Section (a) covers extortion messages and messages which can be classified as “More Offfensive than what is generally offensive”. Some things which we may call “disgusting” can be classified as falling under this section. Such messages if they are “Obscene” are already covered under Section 67/67A/67B. Hence  Sec 66A must be considered as addressing messages which are not obscene but are otherwise more offensive than offensive.  Sub section (a) also has a purpose of addressing certain cyber crimes which escape other sections and hence deserves to be retained. Hence quashing of the section would be undesirable even in this context.

From the above, we can see that Mr Soli Sorabjee would be committing a mistake if he argues for quashing of the section.

It must be remembered that Section 66A was never meant to be used for addressing the issue of “Defamation”. IPC handles this adequately. If “Defamation” occurs with “Electronic Documents” whether it is a posting on a website or an email or a message, then the offence can be covered in IPC read along with Section 4 of ITA 2000/8. Hence the objective of Sec 66A was not to duplicate the provisions of Sec 499 of IPC in the electronic document space. It was only to address the new types of cyber crimes such as phishing, spamming, cyber stalking, cyber bullying etc which neither IPC nor the earlier version of ITA 2000 could address.

The  words “annoyance”  does not amount to “Defamation”. Annoyance is what the recipient of a message experiences. “Defamation” is caused  when a person is insulted before other persons. In a one to one communication, no “Defamation” can take place since insults and insinuations are made directly from the sender to the receiver. unless it is a bulk message which goes to other persons as in a forum, defamation cannot occur. Defamation when a message is sent to persons other than the recipient can be covered under IPC along with recognition of electronic documents under Sec 4 of ITA 2008 in the same way making adverse comments in public can attract defamation in physical space.

If however Police applied Sec 66A in some cases then it was their mistake and is not a reason to change the law.

Further if the issue of “Arrest” under section 66A has to be addressed separately, then it would interfere with other sections of “Cognizability” that ITA 2008 refers to. It is not possible to prevent arrest only under one section unless the number of years of punishment under the section is reduced to less than 3 years. If this is done, then the benefit would flow to other cyber crimes which the section tries to address.

Hence there is no case for either quashing the section or for tinkering the arrest aspects as presented by the two learned counsels in their respective cases. The case on Palghar ladies also lacks substance and deserves to be dismissed as a mistake by the Police in interpreting the law.

 Whatever restrictions on the freedom of expression that the section may imply is justified because such exceptions represent cyber crimes that need to be prevented.

It would be interesting to see if the eminent advocates who argue the case and the misconceptions about the section built by the media are good enough to persuade the Supreme Court to ignore the fact that Sec 66A was meant to address different Cyber crimes other than “Defamation” and hence it cannot infringe the “Freedom of Expression” .

In view of the above it is necessary for the Union Law Ministry and Union Ministry of Communication and Information Technology to implead themselves in the case and defend the need to retain the section and not declare it as unconstitutional. If necessary an “Explanation” can be added to the section to the effect that ” This section is not meant to address “Defamation” as envisaged under Section 499 of IPC”



Mockery of Cyber Justice?

Posted by Vijayashankar Na on November 14, 2014
Posted in Cyber LawITA 2008  | No Comments yet, please leave one

It was interesting to note the blog post http://mahenlimaye.blogspot.in/  in which advocate Mahendra Limaye has pointed out that in response to a survey across the IT Secretaries in India, most were not even aware about their duties to the public as an “Adjudicator”.

Mr Limaye points out


In most of the states in India office of Adjudicator is almost non-existent or non-performing. The reason behind the same is either the person who is supposed to be Adjudicator is not aware about his duties or the office staff of the said supposed to be Adjudicator is not aware about the procedure of the office of Adjudicator and above all most of the cyber crime victims/ lawyers /police officers are not aware about this CIVIL REDRESS MECHANISM.

Recently I mailed to most of the I T Secretaries in India to ascertain whether they have received any complaints for Adjudication and was shocked to discover that Most of the I T Secretaries offices responded that matter is to be filed with Police and I T Secretary has no role to play in Cyber Crimes adjudication.

Do you consider this as a Mockery? I certainly do!!!!!!!

The story does not end here. Few adjudicators(which can be counted on fingers) in India who are deciding the matters,have not set up any formal procedure for the Adjudication.No specific dates of month are reserved for the hearings nor there is any limitation within which parties are supposed to reply or police are supposed to submit there investigation report etc.Though as per provisions of 4k Adjudicator is supposed to hear application within 4 months and dispose within 6 months.

 Do you consider this as a Mockery? I certainly do!!!!!!!


Naavi.org has spoken ad nauseam on this subject. It is good that other Cyber Law professionals are also feeling the injustice that is being meted out to the public of India.

Before we go further, I need to make a mention that at present we need to make a special mention of Mr Rajesh Aggarwal, IT Secretary of Mumbai who has been doing an yeoman service in this regard and has been adjudging on a number of cases under Section 46. We also need to remember Mr PWC Davidar of Chennai who was the pioneer who gave his landmark adjudication verdict in the case of Umashankar Vs ICICI Bank. These two are exceptions to whatever comment can be made that certain IT Secretaries are unaware of their responsibilities etc.

At the same time it is necessary to remember certain IT Secretaries who could not raise above conflicting interests and certain others who are arrogant enough to say that they know enough of Cyber Law to teach even the other Cyber Law experts in the market for decades and proceeded to take questionable decisions.

It is sad that we have also seen that Karnataka High Court failed to raise to the occasion and provide a relief when asked for and the Judge invoked the provisions selectively to suit one of the dominant parties to a dispute and ruled that the Cyber Crime victim cannot seek remedy at the High Court because there is a remedy at Cyber Appellate Tribunal (CAT) while at the same time he himself was ruling against the provisions of Section 61 of ITA 2000/8 and taking a decision in favour of one of the parties instead of directing him to approach the Cyber Appellate Tribunal. (When this decision was made it was known that the CAT was not functional at that time and directing the Cyber Crime victim to approach CAT was like pushing him into a black hole.).

We cannot also absolve the Ministry of Communications and Information Technology headed now by Mr Ravishankar Prasad which has failed to respond to a number of queries raised by the undersigned. It appears that Mr Prasad has not been able to understand the problem and is totally dependent on his support staff who are not perhaps guiding him properly.

I will also not spare the honourable Prime Minister Mr Modi of the blame since over the last few months, I have brought to the attention of Mr Modi himself that “Non Appointment of a Chair person to CAT is a huge blow to the delivery of Cyber Justice in India” but neither Mr Modi nor the PMO has even acknowledged my letters.

I would therefore like to ask Mr Modi.. Where is your efficient Governance? Is this all we can expect?

The only responses I have been receiving is from the Human Rights Commissions in Karnataka and now in Delhi. The Human Rights Commission of Karnataka did act suo moto to activate an unwilling Adjudicator but Karnataka High Court silenced the Commission. Now my latest letters to the Union Minister of IT, the PMO, and the Chief Justice of Supreme Court is with the Human rights Commission Delhi which has asked for the response from the Government.

We are waiting to see what Mr Ravi Shankar Prasad will reply now. Will he repeat what Mr Kapil Sibal said last time… or will he take an independent view. If Mr Prasad is being mislead by his support staff and for this reason he is unable to take a decision so far, I would urge him revamp the entire staff of the IT department or else take the blame for the inefficiency of his department.

Othewise Mr Modi’s Government will be no better than MMS government. Will Mr Modi take this as a compliment?

I wish advocates like Mr Limaye file a PIL to find out what is holding up the appointment of the Chair Person of CAT even after the new Government has taken over? Can it be anything other than Corruption? Nepotism? or Inefficiency?..

India has a right to know.


The Start-ups and Techno Legal Risks

Posted by Vijayashankar Na on November 13, 2014
Posted in Cyber LawITA 2008  | No Comments yet, please leave one

Whenever a new IT venture is stared, project managers normally analyze the feasibility of the project from several parameters.

For example we look at the market Feasibility to understand whether there is adequate demand for the product and what are the current supply positions and the identified gaps. For greater clarity the market feasibility may identify the product positioning, market segmentation and the impact of price on demand etc.

Similarly we look at the technical feasibility of the project identifying the technology requirements and whether the technical resources are available for meeting the product as demanded in the market at the quality required and at the price accepted.

Additionally we look at the managerial feasibility of what kind of managerial resources are required and are available to the company either in house or in the market and at what price etc.

Financiers including venture capitalists look at the financial feasibility and examine the cost of project and the means of finance with variables such as the debt equity combination, the break even point etc.

Normally a Tech Start-Up represents the dream of a Techie who is perhaps a brilliant software developer. But often he is not necessarily equally brilliant in Marketing, Finance or Man Management. Successful Start Ups often consist of a promoter mix where one or more is a Marketing or Financial expert. Since manpower requirements primarily are other software professionals, the promoters may be able to pool the talent for their production division from their past contacts or through friends.

In the midst of all these, Tech Start Up promoters often lose sight of the fact that there is a need for a “Techno Legal Feasibility Analysis” of a project in addition to the four kinds of feasibility mentioned above. Often the success and failure of a Start Up depends on this factor which is actually alien to the tech savvy promoters as well as the finance wizards in the venture capital firms.

Let’s briefly understand what are “Techno Legal Risks”.

We do understand in the information security scenario what is meant by a “Threat” and “Vulnerability” or their net result which we call as “Risk”.  In “Techno Legal Feasibility Study”, the analyst tries to make an assessment of the Legal Threats and Legal Vulnerabilities and arrives at the “Legal Risks” that a business project faces.  It is a part of project planning requirement that the management should have a suitable control/s in place to mitigate, avoid, transfer or absorb these techno legal risks.

Such an analysis will prevent resources being deployed on a business which is likely to meet with a legal suit sooner or later which can destroy the earlier plans. A peculiar aspect of legal risks is that they mature when the business is ripe and is already a cash cow. The technical risks on the other hand often surface when the business is in the starting phase where there is still an opportunity to forget the impact and re start. But the legal risk which manifests when the business has already taken shape and built a base often cripples an organization forcing it to quit.

We can recall the experiences of Napster which was a great technical and marketing success but turned out to be a disaster because the legal risks were not covered fully. Radiant Software of Chennai is another example  of a similar nature which had to sell out being unable to meet the legal liabilities arising out of a legal issue.

If an organization undertakes a Techno Legal Feasibility study at the start up phase, the implementation of strategies to mitigate the risks can seamlessly transform into strategies for meeting the “Information Security/Assurance” requirements when the business goes on stream. Otherwise the business will realize the need for Information Security much later in the life time of the organization when it becomes difficult and more expensive to implement a total transformation of the organization from a “Laissez Faire Organization” to an “Information Security Conscious” organization. Often such a transformation will create dissonance in the organization which may even force some critical resources to resign.

Every CISO who has told the company that they should introduce a “No Camera Phone in Premises” can understand the  difficulty implementation of such a transformation represents. On the other hand if such a policy is there from the zero day, (or at least the day 1) then implementation of information security becomes easy.

It is high time Venture Capitalists and equity investors in Tech Start Ups make “Techno Legal Feasibility Study” a part of their “due-diligence” for project evaluation.

If you agree or disagree, drop in your comments..

PS: While the above article focuses on Start Ups, it also applies to all those organizations which have increased their technology stake in business such as introducing E-Services, E Commerce outlets, E Banking services etc to their legacy service base.


Cyber Law Courses launched on Apna Course platform

Posted by Vijayashankar Na on November 7, 2014
Posted in Cyber Law  | 1 Comment

Naavi has started a new series of Cyber Law Courses on the platform of apnacourse.com offering about 20 hours of video lessons.

The courses will be available at www.apnacourse.com and provide one of the most comprehensive courses ever offered on Indian Cyber Laws particularly online or on distance learning mode.

The course is brought under a collaboration of Naavi’s Cyber Law College with Spearhead Eduonline and will be supported by Naavi with social interactions and certification from Cyber Law College.

Those who complete the course will get course completion certificate and upon passing of the examination will be given a certificate as “Certified Cyber Law Professional”.

Naavi’s Cyber Law College was a pioneer in introducing courses on Cyber Law in India way back in 2000. The course has been running in a distance learning mode at present.  Over the years, Cyber Law College has run courses in association with KLE Law College Bangalore, KLE Law College, Hubli, JSS Law College, Mysore and SDM Law College in Mangalore.

With this new online course, Naavi’s Cyber Law Courses would be now available through out the year in a mode that would enhance the receptivity of the distance learning courses.

I hope the courses would be of use in serving Naavi’s mission of creating a Naionwide awareness of Cyber Law and also the promotion of a Cyber Law Compliance culture in the industry.

Interested persons can enrol today at www.apnacourse.com