Header image alt text


Building a Responsible Cyber Society…Since 1998

Supreme Court’s mistake is behind an innocent girl’s suicide in Salem

Posted by Vijayashankar Na on June 29, 2016
Posted in Cyber Law  | 1 Comment

Last year, two erudite Honourable Judges of the Supreme Court of India namely Justice F.Nariman and Justice Chelmeshwar heard a case filed by one Ms Shreya Singhal on the misuse of Facebook. These were cases where the Police had interpreted the Section 66A wrongly and arrested some innocent persons who had posted some innocuous political comments in the Facebook or twitter. (Read the details here)

Section 66A was not meant to address these offences and the cases filed were wrong ab-initio. However, in a bid to become the “Champions of Free Speech” the case was filed and again erudite lawyers argued on behalf of the petitioner and convinced the Judges that Section 66A of ITA 2008 was against the constitutional right of “Free Speech” and should be removed. The Judges were ferocious in their response against the current Government which meekly defended the law passed by the previous Government and scrapped the section. They did not agree even to consider explaining the context in which the section could be applied and the context in which it should not be applied. They said vociferously that the section was not drafted properly and had to go. In the bargain, they showed their anger against the Government and the Parliamentary law makers which was lapped up in the same spirit by the anti Government media as fodder to criticize the Government.

The erudite Government attorneys did not properly defend the case and allowed the decision which was interpreted by the public in the following manner.

  1. Anything posted on Facebook is “Free Speech” and there is a constitutional guarantee that such free speech should be protected.

Public did not understand that the Police had made a mistake and  arrested innocent persons under Section 66A of ITA 2008  though they were exercising their right to “Free Speech” and it was the law to be blamed.

Court as well as the public did not perceive that those to be blamed were perhaps the erring policemen who made the arrests, the erring  prosecutors who advised them wrongly, the  erring magistrates who committed the accused to imprisonment wrongly and the erring higher Courts including the High Court and the Supreme Courts which did not suo moto jump in to stop the wrongful arrests.

The human right activists and the media anchors gloated over the “Victory for Free Speech” and hailed the judges as saviours of Indian democracy and added fuel to the spreading of the wrong message. What these people deliberately failed to recognize is that the decision had created a general perception that

” It is Ok to defame people on Facebook and WhatsApp and law protects it as Free Speech”

Naavi was a minority voice to say that Supreme Court was making a mistake since

a) Section 66A had been wrongly applied to the cases under consideration of the Court

b) If necessary, the section could be read down properly

c) The section had several other uses and if necessary only a part of the section was under dispute in the case and there was no need for the entire section with sub clauses (a), (b) and (c) to be removed.

( For those who want to know more about this , kindly see this page )

Since this infamous decision of the Supreme Court,  Police are confused as to what to do when a “Facebook Crime” is referred to them. If it cannot be booked under Cyber Crime, then they donot know which section of IPC is appropriate and hence there is a delay in swinging into action on such complaints. This could be one of the reasons why the small town police in Salem could not do much in the first 15 days after the complaint was filed in the case of the Salem girl who got frustrated and committed suicide.

Now I want all these “erudite” Judges, Lawyers, Petitioners, Human Right Activists and Media personalities which includes the Arnob Goswamis, Rahul Kanwals, Barkhadatts and Rajdeep Sardesais,  to look at the consequence of their folly in the unfortunate death of a girl in Salem who committed suicide because some deviant person posted morphed defamatory pictures on the Facebook and sent them by SMS/WhatsApp to the girl.

The blood of this innocent girl is on the hands of all these erudite persons and I wish they carry this guilt to their grave.


Related Article in Hindu

Bitcoin back on the RBI radar

Posted by Vijayashankar Na on June 26, 2016
Posted in Cyber Law  | 1 Comment

Naavi.org has earlier  discussed Bitcoin in detail in several articles in the past.  A list of such articles is available at


The gist of earlier discussions is

a) Bitcoin per-se is an electronic document recognized as such under iTA 2000/8 which cannot be denied admissibility in the Courts in India.

b)  Bitcoin is a “Digital commodity” accepted for barter in a close community and not a “Currency” with the backing of a sovereign Government.

c) What is wrong with “Bitcoin” is its projection as a currency and its use in illegal activities.

d) The purchase and sale of “Bitcoin” involving payment and receipt of foreign exchange may be subject to foreign exchange laws

e) Mining of new Bitcoins in India is not illegal and purchase and sale of such indigenously mined Bitcoins cannot be considered illegal.

f) Purchase or Sale of Bitcoins which identifies legal mining activity and which has not at least once passed through the hands of a criminal in the past and not in violation of foreign exchange laws is also not illegal.

g) However, in the absence of proper tagging of Bitcoins, it is a risk for ordinary users to buy and sell Bitcoins since it is most likely to be tainted in a past transaction through the hands of a criminal.

Naavi.org was unhappy when RBI instead of providing proper and legal clarifications, issued an ambiguous circular and ED conducted raids on many Bitcoin exchanges giving an impression that Bitcoin transaction per-se was completely illegal. When a further clarification was sought from RBI, it threatened legal action against the person who sought the information.

The undersigned has always held that the Block Chain technology has great potential to replace the paper currency and though Bitcoin is too tainted to be given recognition, there is every reason for RBI to consider introducing a new Indigenous crypto currency with all the regulatory aspects that RBI can think of.

It is not out of place that much before Bitcoin became a reality, Naavi had promoted the idea of “Digital Value Imprinted Instrument System” which had the potential to substitute the paper currency as we know today with a hybrid instrument that is less expensive and relies on the digital security. Though applied for, Naavi could not get a patent for this idea and subsequently, some instruments did come up in India following the same principles.

Now it appears that RBI has recognized that the Block Chain technology which is the foundation of Bitcoin as well as other Crypto currencies may have a practical usage potential and is setting up an expert committee to analyze the issue. (Refer this report).

Naavi.org welcomes this move.

Readers are invited to explore all articles on Bitcoin at naavi.org and contribute their views if any.

It is to be recognized that “Block Chain Technology” can be used efficiently and without being adversely affected by the problems which Bitcoin was associated with. There will be concerns of “Security” of a block chain being hacked. But I believe effective checks can be established to prevent such security issues and the risks should be significantly less than what we face today in the form of fake currencies being printed by our neighbor countries as a par of their Proxy war strategy. Whether the committee will be able to grasp these intricacies or not is a point which we need to observe closely.


There have been various views expressed by experts about the impact of BrExit on the UK economy, Global Economy and more specifically on the Indian economy. The stock markets have provided a first day feedback which was alarming. There is every reason to believe that the down trend may resume on Monday since the immediate effect of BrExit on the balance sheet of some companies may become evident when the quarterly results keep tumbling out in the following week. Infy or TCS results are usually the first to come out and investors would keenly watch the announcements to understand how well these companies had hedged the exchange risks and how they view the forthcoming changes in the EU business.

 The stock market reaction will however be  more to do with the fact that the result was “unexpected” and “Not factored into the pricing” rather than the real fundamental factors.

Unless there is a “Hate driven” reaction from the other EU countries on UK, I donot see much fundamental adverse effect of BrExit on the Indian companies. There could be some temporary slow down in sales out of UK to EU and some tariff barriers to cross. But these can be managed. However, if there are multiple break outs then there will be a continued uncertainty and several rounds of changes that may slow down the activity more than what should happen if EU does not break up further.

As far as the Indian companies are concerned, I have already indicated in my previous post that RBI and SEBI should immediately review the impact and work out a formula of temporary regulatory concessions as an extraordinary measure to ensure that the stock market is not further jolted when the quarterly results are announced in the next fortnight. I am not sure if they would do anything since they are as much shocked as the Companies by being completely being unprepared for the unexpected outcome.

Leaving aside the financial packages that RBI and SEBI should work out, it is necessary to point out that the problems seems to have occurred because the EU Constitution itself was faulty and did not properly structure the Exit provisions.

We can observe that BrExit referendum indicated that 51.9 % of the persons who voted favoured the exit as against the 48.1% who were against. The response was completely skewed in different regions also making it a highly divided response. The total turnout was only 72.2% which meant that it was eventually only 37.47 % of the electorate who voted for “leave” and caused the chaos which affected not only the 100 % of the electorate but also others in EU and outside.

The root cause analysis of the problem indicates that the EU constitution that allowed such a referendum decision was itself faulty. We understand that the entry of countries into the EU was also through such a referendum by simple majority of those who voted. But having allowed entry and working within the Union for a long time, the severance cannot be considered by the same yardstick since people’s life and financial positions have been irrevocably altered by the UK joining the EU. Hence there should have been a difference between the “Entry Referendum” and “Exit Referendum”. Either both should have been based on “Change only when more than two-thirds want”.  Having erred earlier, at least now the EU constitution has to be changed to making an exit referendum valid only if 67% of the total voters want the exit and not when only 37% want it.

Before the other countries think of a referendum, EU constitution needs to be amended to prevent further exodus.

However any prospective change cannot save BrExit. But a provision can be made in the changed constitution that if after a referendum by less than 67% as it happened in BrExit, another referendum holds by more than 67% of the total votes polled then a country can rejoin. This will still mean that the existing “Leave” voters of BrExit who number 37% can block the re-union unless they change their views.

The reason why “Exits” have to be made difficult is that this is like a “Plebiscite” referendum. It is always skewed towards the “Let’s separate” vote since it is a natural reaction of the population and even minor differences get blown up with a demand for independence. Referendum is a democratic process but it cannot be applied everywhere.  Every pocket of influence at country level starts conducting “referendum” then the notion of a country itself will be at stake.

One way by which we need not do away with this democratic decision but recognize the “Newton’s Law” that an “External Force” needs to be injected to change the current state of a body is to introduce the need for 67% or at least 60% of the total electorate to vote for a change either to leave or join and until then the body should remain in its current state.

I therefore urge EU to immediately revise its constitution in this regard to prevent breaking up of EU.

At the same time UK needs to negotiate with the EU to ensure that the damage is limited by ensuring that an “Economic Zone” is created within London (Similar to the SEZ zones as we know in India) which will be “Special EU business zones” from which companies can operate as if no change has taken place. This will separate the contentious “Migration” issues from the not so contentious “Economic” issues of being with the EU or not.

Then the companies who fear economic damage due to the BrExit may move their headquarters to these zones or their present location can be declared as a “Special EU Economic Zones”. There can be suitable segregation of activities of these Special Economic Zones so that those who have voted to “Leave” may still live in their own world and let those who have voted to “Remain” donot get adversely affected. If required, these Special EU Zones may be made available only to  existing Non British entities only and not extended to locals and new entrants.

I hope such an arrangement will be a Win-Win solution for all.

I urge Mr Narendra Modi to take up this suggestion with EU and UK so that the pain of BrExit on India is reduced.


Reserve Bank of India has revised its Vision document on Payment and Settlement Systems for 2012-2015 and issued a new document titled Vision-2018 which incorporates some important guidelines to be followed by all stake holders.

The Vision-2018 professes to revolve around the 5Cs namely

  1. Coverage
  2. Convenience
  3. Confidence
  4. Convergence and
  5. Cost

The vision will focus on 4 strategic initiatives namely

1.Responsive Regulation

2.Robust infrastructure

3. Effective Supervision and

4.Customer Centricity

The Vision-2018 document reiterates the commitment of the RBI to encourage greater use of electronic payments by all sections of society so as to achieve a “Less Cash Society”.

Through the document, RBI has stated its commitment that

i. RBI, in consultation with all the Stakeholders will create a regulatory framework to promote the twin objectives of enhanced coverage with interoperability and convenience with security.

ii. Building a robust payment infrastructure will be a key objective.

iii.The document will focus on effectiveness of supervisory mechanisms, and augmenting the data reporting and fraud monitoring systems.

iv. The vision will adopt a “Customer Centric” approach to streamline the customer grievance redressal mechanism, focus on building customer awareness and education and initiate customer protection measures.

The document also says that towards achieving these objectives, new policies will be framed.

The document also provides some detailed exposition of the vision.

One of the new initiatives proposed is that Payment Gateway Service Providers and Payment Aggregators who are presently being monitored indirectly may be revised and the indication is that they may be brought under direct regulations. Further, RBI intends to introduce penalties for non adherence to its guidelines.

To strengthen the confidence in the payment systems and to minimize instances of frauds, RBI is expected to develop a framework for collection of data on frauds in consultation with the industry.

One of the areas where improvements are expected to be introduced is in the area of grievance redressal systems. RBI in collaboration with all the stakeholders is expected to undertake customer awareness through structured Electronic Bannking Awareness and Training programs.

RBI also indicates that it will encourage payment system providers (which includes NEFT and RTGS) to adopt best practices for protecting customer interest by putting in place robust fraud and risk monitoring systems. Additionally, a regulatory framework to limit the customer liability in case of unauthorized transactions would also be put in place.

The detailed vision document is available here.

While the intentions behind the vision document is welcome, RBI has always been weak in implementing its own policies and lets the Banks dictate the policies through the IBA. Let us hope that  there will be a difference this time.


The BrExit referendum has exposed the complacency of international financial managers including India where we never had any serious discussion running into the BrExit poll on how it could affect the Indian corporate sector. Some of the Business Channels like CNBC TV discussed the likely impact of BrExit in the same tone as the Federal Rate hikes or RBI policy meetings and did not foresee the possibility of the poll going in favour of the Exit and the serious consequences that could follow.

Even yesterday the channels were taking a position that the result will be in favour of “Remain” and they were easily misled by the opinion polls and betting odds. What we saw today was therefore a disaster which was on the horizon but we could not foresee.

Most of the mutual funds who hold the money of the public must have absorbed the loss arising out of the 1000 point drop in the Sensex today in the early morning bloodbath. This could have a huge adverse impact on ordinary investors who trusted the expertise of the fund managers. It would be interesting if some body researches on the impact of BrExit on the mutual funds and how different fund managers managed the crisis.

In the later part of the day,  markets recovered slightly but there is no guarantee that on Monday the recovery will continue or we will see another drop.

One of the developments that may create a further drop on Monday could be the effect of the BrExit virus spreading to other countries in the EU and Germany, France, Austria, Denmark and other members calling for their own referendum to quit EU. Additionally, the possibility of Scotland trying to go out of Britain is another development that could  cause more concern.

From the look of it, the 4% difference in voting in favour of “leave” when 30% of voters did not vote, can cause a USSR kind of break up of the EU and cause multiple fissures of the Union in the next couple of years.

While we may not like such a fissure that appears illogical from the perspective of “Strength in Unity”, the possibility appears very high.

Just as we failed to analyze the probability of “Leave” voting in BrExit, we cannot afford to overlook the probability of EU breaking up into its several erstwhile independent countries. This is a “Risk” that needs to be identified, analyzed and mitigated.

Just as in Information Security management, where we often fail to identify “Risks”, and fall prey to a “Known Risk”, there is a possibility that we may underestimate or ignore the risk of EU break up and this could create another crisis on another day.

The BrExit was like a “Zero Day” risk which we failed to recognize but we cannot afford to do the same next time when Denmark or another country goes on a referendum.

I therefore urge RBI and SEBI to start planning for “EU Break up” and develop strategies to contain the risks.

Before the BrExit, I would have liked an “Advisory” from RBI that in the event of a BrExit “leave” vote, the British Pound would drop 8-10%, and any open position should be avoided. Similarly,  if SEBI could have announced closure of stock exchange today, probably the risk could have been contained.

However, neither RBI nor  SEBI anticipated the possibility and hence did not take any corrective action. Next time when such events occur, RBI and SEBI should be more pro-active and just as meteorology department broadcasts advisories for fishermen in times of expected weather disturbances, they should provide advisories on known events that could cause extreme volatility of the markets.

I must however appreciate some individual investment advisors who kept reminding that “There is No Trade on such uncertainties” though it might not have been taken note of by many.

Now we are at the fag end of June. The listed companies will be coming up with their quarterly results in the next fortnight and if any company has taken a hit on the foreign exchange front because of an uncovered open exchange position today, their quarterly results will be adversely affected.

Before this comes up as a surprise one by one next month, SEBI should make an assessment of the impact of uncovered Foreign Exchange exposure of all companies (mostly the IT companies with high exposure to the EU currencies) by calling for a report from all the listed companies. This is a strategy like the “Incident Report” that a CERT-In would ask after a zero day malware is detected.

Once any risk is detected, SEBI can ensure that the losses if any are allowed as an extraordinary loss which can be written off over the next three or four quarters instead of the first quarter itself.    This will be like the relief that was given to Banks in the NPA write off and would provide relief to the IT sector in particular.

At the same time, just as  anti Virus companies come up with special virus removal tools, RBI should come up with some special measures to even out the foreign exchange impact of the BrExit in the current quarter balance sheets of listed companies by providing hedging options in the form of specially structured “exchange cover instruments” to spread out the impact.

Hope RBI and SEBI will take the necessary action as otherwise  we must be prepared for another round of down trend in the market from the current levels not only through the next week which happens to the expiry week but also the first fortnight of July.

I presume that these are some lessons from the Information Security practice that Financial regulators can benefit from.


In what should be an eye opener for the new generation tech companies, who are unmindful of legal compliance, In Mobi, the mobile advertising company has been fined US $ 950,000 (approx R 6.39 crores) for collecting information about children without their consent and violating the provisions of COPPA (Children’s Online Privacy Protection Act ).

FTC (Federal Trade Commission) initially fined US$ 4 million and later reduced it to $950,000. InMobi claimed that due to a technical error that led to the process not being correctly implemented. As a result information was collected even when the privacy settings of the consumers were configured otherwise.

Naavi has many times warned the Start Ups to undertake an “ITA 2008 compliance” as part of the “Techno Legal Feasibility” before scaling up their activities. Unfortunately these companies have other priorities for their scarce resources in the initial days and later become too engrossed in business development to take care of legal compliance. The result of such ignorance and negligence is what results in liabilities such as these. It is possible that the company would not have covered themselves with appropriate insurance also and hence has to absorb the loss from their revenue itself.

Hope the company is able to absorb the loss and proceed.

Related Article