Naavi.org

The recent issue of Sulli deal and Bulli Bai apps being hosted on GitHub has exposed GitHub to liabilities under ITA 2000 as a Significant Social Media Intermediary (It is estimated that there are 5.8 million users from India).

According to Git hub it is primarily a “Repository” of code. At the same time it also provides services for hosting the code on a website which becomes a publishing service.

In the copyright law, software code is considered as “Literature” and an “Expression”. Hence hosting of codes to directly render services from Github servers like the Sulli deal and Bulli Bai can be classified as publishing activity.

Hence Git Hub is liable both under IAT 2000 and the new Intermediary Guidelines of February 25 as well as the new law coming under DPA 2021 applicable for Significant Social Media Platform.

As an Intermediary and a Paltform, GitHub has to provide for identification of the users, appoint a local compliance officer and be accountable. It cannot take excuse that it is not an Indian Company or it’s servers are in India etc even if it is owned by Microsoft.

Microsoft may claim that it is only the owner of the basic platform and each hosted app is a separate service provided by the users. This would mean that Microsoft itself is a cloud service intermediary and would escape direct liability as long as it can identify the wrong doers.

In the Sulli Deal and Bulli Bai cases therefore, the law enforcement has a strong case against  Microsoft to enforce the law and expect them to co-operate beyond just removing the applications, which is the first step. Now Git hub should be able to preserve the evidence under section 65 and 79 about the transactions in the account including IP address information for a minimum period of last 6 months.

I hope the Government and CERT-IN should take steps to ensure that Git Hub does not make it difficult for law enforcement to get necessary information to continue their investigations.

Naavi

It appears that the power of corruption and the criminals have now invaded the security guardians. As per the news report, Norton a well known company in the Anti Virus software business is added to the download of Norton 360. This is a crypto miner that would mine Ethereum which is fungible with Bitcoin and other crypto currencies.

Though Norton claims that it is an opt in feature and can be turned off, in reality it is stated that it is difficult to remove. We all know that all users are not alert enough to filter such unwanted software at the time of downloading.

It is unfortunate that anti virus companies which were identifying Crypto Miners as “Potentially Unwanted Program” have now yielded to the power of the corrupt.  Norton would be collecting 15% mining fee and use the resources of the users in terms of computing power and electricity to generate this revenue.

This is a completely unacceptable behaviour for a security company. For long time, common man as been alleging that anti virus companies themselves spread the virus and then sell removal tools. Norton has gone one step further to join hands with the “Computer Contaminant” manufacturers to promote Computer contaminants.

India is in the verge of declaring Crypto Currencies illegal and ITA 2000 already has a provision under Section 43 read with Section 66 to consider installation of any program without proper consent as a criminal offence. Even the DPA 2021 has introduced a provision for certification of software to ensure any malicious codes to be present in any software.

Hence the Norton Service is a challenge to the “Opt-in” provision and the sanctity of the consents obtained, whether they are truly well informed consent as per the standards of contract under Section 14 of Indian Contract Act (Refer section 11 of DPA 2021).

I urge CERT-IN to send an advisory to the public about the danger of installing Norton 360 and also advise all Government Agencies to refrain from using Norton Services.

By associating with the Currency of the Criminals, Norton has lost the credibility as a trusted security company and it has to be red-flagged for security purposes.

Naavi

The year 2022 is unfolding before us and I wish all of you a happy new year.

The year 2022 is more likely than ever before to see the passing of the Indian Data Protection Act.

Since September 2018 when FDPPI was formed we have been preparing professionals in India  to be aware of the Indian Data protection scenario through our continuous educational activities.

In the process we have conducted Training Programs leading to “Certification”, webinars in the form of “Indian Data Protection Summit” and “Jnaana Vardhini” events.

We have also developed a base framework for compliance for the industry.

The time has now come to upgrade all our efforts to a higher level as the country prepares itself for the full fledged Privacy and Data Protection Era.

In this direction FDPPI will be introducing a FDPPI “Continuing Professional Education Program (FDPPI-CPE Program) similar to other professional organizations.

The FDPPI-CPE program is aimed at not only ensuring that our professionals  will be better placed to meet challenges that they may encounter in the domain of Privacy and Data Protection  in the real world, but also ensure that the industry respects our professionals more than ever before.

It is desired that an FDPPI Certified professional should command a respect as well informed and updated professional in the eyes of the industry and the FDPPI-CPE program has to enable it.

Please watch out for the details of the program that would be shared here in a couple of days.

We may start the program with some simple provisions and introduce more features in the coming days.

Naavi

When I first entered the web space with an email and my first website, I took upon the recognition as “Naavi”. My first book in 1998 was authored under the name Naavi. (Cyber Laws for Every Netizen in India). My first website was naavi.com (Which is now used by an Australian Company). The website naavi.org fortunately continues with me. The first email naavi@vsnl.com became unusable since VSNL sold itself to Tatas and they discontinued the email service.

At this time, I had anticipated issues in the domain space arising out of similar looking domain names and had introduced a service called “Lookalikes.in” which was a voluntary disclosure for one website owner to declare that the domain name is not related to another domain name which may look similar.

When I adopted the name Naavi, the name “Navi” was considered and left out since it was a registered trademark of Nokia in Japan and also in India reminded people of Navi Mumbai.

Naavi on the other hand was a direct english translation of my initials in Kannada and I had genuine trademark rights. (My Name is Vijayashankar Nagaraja Rao, where Na in Nagaraja is spoken as Naa).

When the film Avatar was released, Google started behaving erratically recognizing NaVi as equivalent to Naavi and the google search for Naavi was directed to Navi, since the movie used the term Navi to describe  a clan.

After a while Avatar went to the background as the interest in searches on Avatar the movie receded.

Recently however, Mr Sachin Bansal, the former Flipkart entrepreneur is creating problems for me since he has started his new ventures under the name “NaVi”. This business is in the field of Finance and  Loans which also happens to be my career in the past where I worked with Indian Overseas Bank and Nagarjuna group. I was a consultant in the financial sector and done extensive work with NBFCs in Chennai.

As a result when people look at Navi loans or Navi Mutual funds, there is a natural confusion as to whether these businesses are associated with my activities.

When the Naavi.com was acquired by a cyber squatter, I thought the name Naavi could not be that important and ignored the loss. When it was acquired by an Australian Company which was into training, after some initial correspondence the conflict was ignored.

Unfortunately Mr Sachin Bansal’s venture is in India and is related to Finance and I have been receiving some calls to enquire if these companies belong to me. There are spam complaints also against the Navi companies which may get confused with me.

While I can consider placing a disclaimer under Lookalikes.com to declare that naavi.org is not related to Navi group of Sachin Bansal, it is sad to know that Google does not distinguish between Naavi and Navi and search for Naavi gets diverted to Navi.

Google should be ashamed of its algorithm that blindly considers Naavi and Navi same terms and needs to be retrained.

I also request that the Navi group of Companies provide a disclaimer that it is not related to Naavi.

I am not sure how Navi group will deal with their trademark infringement with Nokia but the confusing similarity with Naavi needs to be amicably settled.

I am taking the proactive step since Navi.com is already in the list of “Confusingly similar websites” listed in the Lookalikes disclaimer which is available under the link About-Legal.

I wish that Sachin Bansal group also displays a disclaimer that Navi websites and activities are not related to Naavi.

Naavi

Over the last several years, Naavi’s has been the sole voice that Crypto Currencies need to be banned outright.

But the corrupt lobby everywhere have been advancing different arguments including the importance of Block chain as a technology, collection of Income Tax revenue, acceptance by other countries etc to justify the Crypto Currency as against the unequivocal stand taken by Naavi that Private Crypto Currencies are the currency of the Corrupt, Criminals and Terrorists and need to be banned to save the country.

Naavi.org has hosted articles and sent individual appeals to all relevant persons in India including the Prime Minister Mr Modi, Home Minister Mr Amit Shah, Finance Ministers Nirmala Sitharaman, the late Arun Jaitely, the RBI Governor, SEBI Chairman, the BJP as a party, the RSS, Swadeshi Jagran Manch and individual ministers such as Ravi Shankar Prasad, Ashwini Vaishnav , Rajeev Chandrashekar, Secretaries of Meity, Home Ministry, law Ministry, MPs like Tejasvi Surya, Smrithi Irani, Piyush Goyal, Adityanath Yogi, Journalists lime Arnab Goswami, Sucheta Dalal, Mohan Das Pai, the functionaries of RSS such as Mohan Bhagwat, S Gurumurthy and others whom I must have forgotten. Many of these people have been approached multiple times, some times through E Mails, some times through teasing articles, Tweets, Koos, etc. Even the judges of the Supreme Court were several times alerted that they had failed in their duty to protect the Country.

However, so far no body had responded positively while the Bitcoin lobby  was mounting its pressure. It appeared that the power of Black Money and corruption was overwhelming even for Mr Modi.

RBI was effectively silenced by the Supreme Court with the “Bollywood Judgement” and though Mr Shaktikant Das made an attempt to lodge his protest, he appeared to be ignored by the Finance Ministry.

As a result of this apathy or tacit support, Bitcoin lobby continued its intense marketing. The recent IPL had full full of Bitcoin Advertisements and a few days back in Bangalore, even the news paper inserts were found to promote Bitcoins as shown below.

It appeared that the whole country had surrendered to the power of corruption and we had lost the fight against Bitcoin.

However, yesterday we had some good news where the Swadesh Jagran Manch came up with a resolution calling for a total ban on Private Crypto Currencies.

I am not sure if the views expressed by Swadeshi Jagran Manch will be respected by Mrs Nirmala Sitharaman and her team who are hell bent on providing some scope for Private Crypto Currencies to exist and grow in India so that the loss of Swiss Bank accounts and the demonetization donot hinder the progress of Black money in India. The tentacles of Black money lead by Crypto Currencies is so large that even the Joint Parliamentary Committee on Personal Data Protection Bill 2019 had inserted a suggestion aimed at legitimizing the Crypto Currency  by recognizing Ripple Exchange to replace SWIFT  for international fund transfers.

We can give a benefit of doubt to the JPC that they did not realise the import of their suggestion but we know that a few years back SEBI had actively canvassed for recognition of Bitcoins and people who plant such ideas in the bureaucracy must be present in different departments of the Government and perhaps even in the PMO.

It is therefore a welcome sign that there is at least one organization in India in the form of Swadesh Jagran Manch which has taken up the responsibility to open the eyes of the Government of Modi to take immediate steps to ban Crypto Currencies.

I would appreciate an immediate ordinance in this regard to be followed up by a Bill in the Budget session.

Hope Madam Nirmala Sitharaman is listening.

Naavi

An Innovator Challenges Bankers to innovate or perish

Calling attention of Bankers and Economists in India: Prevent this Financial Holocaust

IMF warns about Macro instability if Cryptos are recognized as legal

What is the next Excuse for not banning Crypto Currencies?

Cryptos pose a new threat- The MetaVerse Trap

A Dangerous nexus between Cricket, Bollywood and Bitcoin may develop..Should nip it in the bud

The Crypto Rupee

We need to ban Bitcoins. But do we need a Digital Rupee?.. Naavi.org, February 2, 2021

E Rupee is a re-invention of Naavi’s DVIIS…Naavi.org, August 11, 2021

Black Money Control…. ZeMo-INR as an instrument of implementation. January 20, 2014

Bitcoin is Digital Black Money…Why?… Naavi.org, June 15, 2018

Bitcoin Regulation…. What the Government needs to do… May 24, 2017

Open Letter to Madam Nirmala Sitharaman…. Say No to experimentation…. It will be misused…  March 6, 2021

Check for other articles on Naavi.org

The PDPB2019/DPA 2021 addresses several pro-active compliance requirements aimed at managing personal data by data fiduciaries and data processors with the intention of protecting the “Privacy” of an individual. Contraventions  result in civil penalties upto a maximum of 4% of the total worldwide turnover of the data fiduciary.

There is however one section (Section 83) of DPA 2021 which prescribes a criminal punishment with an imprisonment upto 3 years and a fine of upto Rs 2 lakhs or both. This offence is cognizable and non bailable but no court can take cognizance except with a complaint in writing  by the Authority.

Under Section 85, when the offence is attributable to a company, the section extends the offence to the persons  responsible for the conduct of the business of the company unless they can prove lack of knowledge and exercising of due diligence to prevent the commission of the offence. Such liability may extend to even the Directors of the organization.

In case of Government data fiduciaries, there would be an in house enquiry before any person is held liable.

Most of the “Offences” related to “Data” are presently covered by the Information Technology Act 2000. In fact, once “Privacy Protection” through protection of personal data becomes a law, the current provisions of ITA 2000 will automatically apply to offences related to data protection . As such the offences section in DPA 2021 is redundant and only restricts the powers of ITA 2000/8 rather than enhancing  the provisions therein.

For example, if “Reidentification of de-identified personal data” is an offence under DPA 2021, it is also covered under Section 43/66 of ITA 2000 as ” Diminishing the value of information residing inside a computer resource or affects it injuriously by any means” [Section 43(i)].

However, in view of the DPA 2021 having been defined as a special law overriding the current laws (Section 97), the re-identification as defined under Section 83 goes out of the scope of ITA 2000/8. But any other kind of “Injurious effect on personal data” remains within the provisions of ITA 2000.

Having established that DPA 2021 would be the sole law that addresses the issue of “Re-identification”, let us now see the wordings used in Section 83 and understand if it is clear and adequate to address the intention.

83: Re-identification and processing of de-identified personal data.

(1) Any person who, knowingly or intentionally—

(a) re-identifies the personal data which has been de-identified by a data fiduciary or a data processor, as the case may be; or
(b) re-identifies and processes such personal data as mentioned in clause (a),

without the consent of such data fiduciary or data processor, then, such person shall be punishable with imprisonment for a term not exceeding three years or with a fine which may extend to two lakh rupees or with both.

(2) Nothing contained in sub-section (1) shall render any such person liable to any punishment under this section, if he proves that—

(a) the personal data belongs to the person charged with the offence under sub-section (1); or
(b) the data principal whose personal data is in question has explicitly consented to such re-identification or processing as per the provisions of this Act.

As per this section, the “De-identification” is under the control of the Data Fiduciary or a Data Processor who originates the de-identification of the identified personal data. Any other person who is in possession of such de-identified data shall not re-identify the data except with the permission of the original de-identifying agency.

However  such permission may not be required if the re-identifier has an explicit consent of the data principal. If the data principal has already given consent to the de-identifying data fiduciary for use of identifiable information for any purpose, this automatically becomes capable of being transferred to the re-identifying data fiduciary.

But it appears that there could be a possibility that the re-identifying data fiduciary can also obtain “Explicit Consent” of a data principal and proceed with the re-identification. It is true that at the time the “Explicit Consent” is given by a data principal to an intending data fiduciary who would like to re-identify a data set which may “Discover” the personal identifiable data of the data principal, neither of them knows that such a personal data would be “Discovered”.

But it is possible to get such a “Discovery Consent” as per the provisions of this section. This provision is extremely important to all Data Analytics companies and Big Data Companies which may while offering any service to the data principals get an explicit consent to re-identify any information available with or to be collected by the Big Data Company from other data fiduciaries or data processors as de-identified data or publicly available data and use it to create data intelligence required for the provision of services to the individuals.

This provision opens up some exciting opportunities for Digital Marketing Companies who may consider retail services directed to data principals. Probably this benefit will go un noticed by a section of the market and evolve once the DPA confirms some related regulations.

Naavi

“The concept of “Discovery Consent” or “Exploration Consent” is being presented for the first time here. This would be part of the Theory of Data extended for interpretation. More discussions on this would be presented in due course. Your Comments are Welcome”…Naavi

Other articles on DPA 2021

14. PDPA 2021: Concept of Discovery Consent

13. JPC Recommendations on SWIFT Alternative: Out of scope and Disruptive of Global Economic System

12. JPC recommendation on Children Data

11. JPC recommends DPA to watch on Incident Register

10. JPC comments beyond the Amendments-2: Implementation Schedule

9. JPC comments beyond the Amendments-1-Priority of law

8. Clarifications from the JPC Chairman on DPA 2021

7. Anonymisation is like Encryption with a destroyed decryption key 

6. PDPA 2021: The data breach notification regarding Non Personal Data

5. PDPA 2021: The Data Protection Officer is now in an elevated professional status

4. PDPA 2021: The nature of Data as an Asset and nomination facility

3. PDPA 2021: Regulating the human perceptions

2. PDPA 2021: Definition of Harm to include psychological manipulation

1. PDPA 2021: Should Big Data and Data Analytics industry be worried?