Wishing All a Happy Digital Society Day of IndiaWe need not reiterate here that we try to celebrate October 17 every year as the “Digital Society Day of India” because the judicially acceptable “Digital Society” was born in India on this day with the notification of the Information Technology Act 2000 (ITA 2000) which brought legal recognition to electronic documents in India. As Netizens, we are all irretrievably associated with the Digital Society of India for our existence and prosperity and a good supporting legal regime is the foundation for our future.
On October 17, 2017 Information Technology Act 2000 completed 17 years of its existence. Let us recall some of the major developments that Naavi.org captured during the last year when ITA 2000 moved from an age of 16 to 17 and also reflect on what lies ahead.
The year began with a fight on Ransomware which was creating havoc in India and elsewhere. There was need for creating awareness of the risk of not following basic security hygiene such as having a good back up and not inviting malware by clicking on malicious links by computer users. The problem of ransomware however did not abate and during the year we saw several attacks including the WannaCry and Petya. CERT reported 26 ransomware attacks in 2016 in India which jumped up to 37 till June 2017.
The proliferation of ransomware attacks also brought focus on Crypto coins such as Bitcoins which was the preferred currency of the attackers for collecting ransom. Naavi.org took up the fight on Crypto Currencies calling for a ban on Bitcoins and the Government to consider its own Crypto Coin managed by RBI.
The debate on Bitcoin Ban
The Bitcoin debate has reached war proportions during the year since there was clear indication that the Government of India and particularly the Finance Ministry under Mr Arun Jaitely was dithering on taking a proper decision on the issue of whether Bitcoins had to be banned or not.
Any intelligent observer can see that while RBI is against the legalization of Bitcoins, the Finance Ministry appear to be in support of regularization of Bitcoin as a “Currency” despite the dangers that this view presents.
After Mr Modi took the bold step of demonetizing currency despite the political risks just to ensure that Black Money in India is reduced, the dithering of the Finance Ministry about the banning of Bitcoins and creating a speculative situation where investors are being attracted to invest in Bitcoins is an indication that the Finance Ministry is unable to resist the lobbying of the vested interests and wants to at least give enough time to make profits at the cost of Indian Citizens who are getting attracted to Bitcoins like the proverbial “Attraction of a butterfly to light”.
While it is clear that Bitcoins are the currency of the Criminals and a great mode of saving Black Wealth and also used by terrorists funding error sponsors in India. But even after releasing a request for public comment Finance Ministry seems to have held up the final decision on Bitcoins and prefer to carry on the absurd “We Will Observe” argument.
Naavi.org has written many articles and even provided its views on what the Government needs to do but so far there is stoic silence from the Government even at the PMO level prompting us to say “God Save India From Bitcoins”.
We sincerely hope Lord Krishna will take the next Avatar in India to save India from the menace of Crypto Coins. Otherwise the Government of India led by Mr Modi but guided by Mr Arun Jaitely may be consumed by the “Bhasmasura Syndrome”
I hope that at least after the Gujarat Elections, Mr Modi will have time to address the need for “Demonetization of Crypto Currencies in India”
Zero Liability for Bank Frauds
Just before the year began, RBI had started an initiative on “Limited Liability for Cyber Frauds” with a draft circular issued on August 11, 2016 where in it had declared “Zero Liability” on frauds for customers to “Zero” if reported within 3 days. RBI had called for public comments before August 30 and created an expectation that relief would be available to the customers soon there after from Banking Frauds. However, it was not until 6th July 2017, that RBI notified the circular .Banks are yet to fully operationalize the circular and no Bank appears to have come up with policy guidelines as required under the circular. However a base for “Zero Liability” has been set and other teething troubles will get sorted out in time. Naavi.org continued to needle the Banks for not following up on the Cyber Security Framework and RBI for not being able to enforce it. The intransigence of Banks however continues.
In July 2017, Government has also proposed setting up a CERT-FIN specifically for the Financial Sector and several other sector specific CERT s to improve the disclosure of security incidents and also find solutions within the sectoral regulatory requirements. More developments on this front may be visible in the next year.
Social Media Issues
The year also saw continued attack on WhatsApp admins for objectionable posts. Naavi.org released a model WhatsApp Admin policy through its Cyber Law Compliance Center to enable Admins to mitigate the risk of being held liable for the posts of the members. Naavi advocates that the Admins should personally approve only identified members and ensure provision of proper profile information apart from following a good security policy as advised.
Cyber Crime Complaints
As Cyber Crimes increased during the year, the plight of Cyber Crime Victims not being able to register Complaints and the problem of Police not undertaking investigations continued through the year. Though the Government of India gave an assurance to the Supreme Court that “Online Filing of Cyber Crime Complaints” would be facilitated through a Citizen Portal, it appears that not all States have set up follow up facilities for online filing of Cyber Crime complaints.
Naavi.org has therefore taken up the “Improvement of Cyber Crime Complaint Management System” as the mission for the next year.
The Government of India through the recommendations of the T K Vishwanathan Committee also appears to have taken some steps in improving the Cyber Crime Complaint system by suggesting appointment of a “State Cyber Crime Coordinator” and “District Cyber Crime Cells” by amending CrPc and introducing new sections. When implemented this could be a game changer.
Naavi.org will continue to follow up this development in order to ensure that apathy and corruption at the Complaint registration level does not frustrate the Cyber Crime victims.
In particular, Naavi.org will follow the systems currently in place for online filing of complaints
During the year, we saw the “Demonetization” of notes of Rs 500 and 1000 denomination in India which created a huge chaos in the money supply in the country. At the same time it gave a boost to the use of digital payment systems of all kinds. Though the efforts of NPCI in introducing UPI and BHIM applications were laudable, the AEPS system (Aadhaar based payment system”) is causing concern of frauds committed with fake or stored biometric being used for drawing money fraudulently from Banks.
The watal committee report on Digital Payments laid a well defined path for introduction of proper guidelines for the Digital Payment systems in India and RBI came up with a comprehensive guideline on Prepaid Instruments on 11th October 2017 and laid the ground for further development of the system under the umbrella of the security measures suggested for banks under “Cyber Security Framework” and “Limited Liability”.
Section 65B of Indian Evidence Act
After the PK Basheer Vs Anvar judgement of September 18, 2014 continued to find traction during the year with many in the legal community becoming aware of the mandatory need for Section 65B certification of electronic evidence for admissibility.
Subsequently the Sonu@Amvar judgement created a flutter but the confusion settled down.
On January 2, 2017, Government also issued a new notification under Section 79A of ITA 2000/8 regarding the accreditation of “Digital Evidence Examiners” which also created a further debate on how Section 65B of IEA will apply to Forensic labs etc.
The Judgement of a Puri Court provided further clarification and there was a lot of progress in development of Cyber Jurisprudence during the year regarding Electronic Evidence issues. Naavi has also intensified his activities in Cyber Evidence Archival Center and recently introduced the CEAC DROP BOX as a service which will be further developed in the coming year.
Amendments to ITA 2008
The activity of T K Vishwanathan Committee set up to suggest modifications to ITA 2008 also drew attention of the Cyber Law and Cyber Security professionals during the year.
Towards the end of the year a brief note on the recommendations involving Section 78 amendments to ITA 2008, introduction of two sections in CrPc to introduce State Cyber Crime Coordinator position at the IG level and District Cyber Crime Cells involving experts to be involved in advising the Police along with introduction of two sections into IPC to bring in some of the lost provisions of the scrapped Section 66A emerged. Naavi.org had expected a more comprehensive amendment and provided suggestions which may not materialize now.
However, the Government is presently also addressing introduction of a “Data Protection Act” and a “Health Care Data Privacy Act” and there can be more legislation affecting ITA 2008 indirectly through these legislation which may come forth in the next year.
The threat of GDPR being imposed by EU on Indian corporates handling EU citizen’s personal data would be accelerating the need for our own Data Protection Act and it is expected that this will be one of the biggest developments of the next year.
In the meantime, following the proposal of an amendment of the Indian Registration Act 1908 by the Karnataka Government which is ultra vires the ITA 2008, even the Parliament appears to be contemplating some amendments to Indian Registration Act over looking the provisions of ITA 2008 which are expected to give raise to another series of Cyber Frauds that will affect property owners in India.
The issue has been brought to the attention of Dr Ponnuswamy Venugopal an MP who is the Chairman of the Standing Committee looking at the issue and we hope some developments may be there on this front in the current year.
The Cyber Appellate Tribunal Issue
Naavi.org has been fighting on the need for reactivating the Cyber Appellate Tribunal (CyAT) for a long time. This key Cyber Judiciary organization envisaged under ITA 2000 has remained defunct since June 2011 for the sheer inability of the Governments of UPA and even Mr Modi to find a proper Chairman.
In a bizarre reactive decision, Mr Arun Jaitely decided that “If we cannot find a Chair Person for CyAT, why have CyAT at all?”. He therefore decided to merge CyAT with TDSAT through the Finance Bill as if the Government needed to save money by closing down the CyAT.
For a Government which was capable of introducing GST at an enormous cost and able to spend Rs 650 crores in a contract to monitor Social Media, it was a shame to say that there was no money to support CyAT.
As a result, CyAT got merged with TDSAT and at present has gone into oblivion. For records we can note that a case has been pending against the constitutional validity of the merger at the Madras High Court.
But Cyber Law Observers will note that this was one of the biggest mistakes committed by the Modi Government in creating a hurdle for Cyber Crime victims to seek justice.
Mr Arun Jaitely also had other controversies surrounding his department including the Bitcoin decision which is being held in abeyance to promote speculation and profiteering by clever manipulators of the market.
History will judge Mr Arun Jaitely’s negative contribution to the Cyber Law regime in India and determine whether it was his pre occupation with GST or Ignorance of the impact of the wrong decisions of his department in the case of CyAT and Bitcoins or the inability to control the influential lobbies with vested interest that may thrive around the department or any other reason that contributed to the set back on Cyber Legal Regime in India caused by the Finance Ministry.
We will not mince words in criticizing the action or inaction of the Finance Minister until Mr Arun Jaitely wakes up and takes appropriate positive decisions and this debate will continue in the coming year.
The response of Naavi.org is therefore to forget Cyber Dispute Resolution through the Adjudication and CyAT fast court system created by ITA 2000 bot to promote Cyber Mediation and Cyber Arbitration and Cyber Disputes Mediation Center Hopefully these may see traction in the coming years.
One of the other matters of concern to the Cyber Society during the year was the emergence of the “Blue Whale” game that claimed many lives in India. The need to address Internet addiction in children and to develop solutions to secure our children from the kind of games like Blue Whale has been engaging the attention of the Cyber Law observers in India. Probably in the coming days we may see the emergence of a “Cyber Game Regulation Authority” to monitor the Cyber Space for such games.
A Bad Precedent emerges from Mumbai Court
Towards the end of the last year, an interesting but disputable judgement came from Mumbai High Court in an E-Tender dispute raised by Shapoorji Pallonji against MHADA. It was a huge contract of over Rs 11000 crores in which the petitioner was disqualified for not following the e-Tender process. There was a huge commercial stake involved and the petitioner challenged that he could not complete the tender process as expected by the tender authority because the technology failed. It stated that they uploaded the tender documents but could not confirm the tender application and blamed the system for not presenting the final screen which contained a clickable button “Freeze the Application”. It was not clear and there was no evidence that proper admissible evidence was presented to support the claim.
The Court however approved their objection and ordered that “Technical Errors are to be over raided by manual intervention” introducing a new “Cyber Jurisprudence” that an “Electronic Contract defined by a process” had no sanctity which we consider as not a welcome view.
Hopefully this will be reviewed some time later because it contradicts the provisions of ITA 2000/8 which clearly defines how an electronic message is attributed under law.
The Aaadhaar Security Debate
Through out the year the debate on the use of Aadhaar and the security issues continued to be debated.
Naavi.org has been highlighting the risks of the Aadhaar Enabled Payment System as NITI Ayog started promoting PIN less and Card less system of payment. However the Government continues to promote AEPS and frauds using “Stored Biometric use” and “Fake Biometric use” have already surfaced.
In Bangalore there was much noise made about a mobile App which extracted Aadhaar authentication information through the e-hospital application A techie who had released the app was arrested and the case is going on. The incident however demonstrated the inherent weakness in the security of the Aadhaar eKYC system and the possibility of its misuse which is now surfacing in the form of financial frauds.
Naavi.org has brought the risks to the attention of the Government but vested interests around the decision makers may be preventing a proper assessment of the security risks resulting in exposing the Indian citizens to greater and greater financial risks as we move more and more into the Digital payment use.
We hope that the Government will realize the risks and act to mitigate them perhaps through mandatory Cyber Insurance or otherwise, before it is too late.
When we reflect back on the year that has gone by, it appears that there are many developments in the Cyber Law scenario in India. Some of these need to be followed up during the next year as well.
…So as ITA 2000 continues to say… “I am on 17 and going on 18…” we will see many more interesting things unfolding.
(This is an attempt to capture the major cyber law events in India during 17th October 2016 to 16th October 2017 through the eyes of Naavi and Naavi.org. There could be more that can be added to the above and I welcome the readers to add them through their comments)