ICANN may face a Trial in Indian Supreme Court

Posted on September 18, 2020 by Vijayashankar Na

The apex organization that controls the Internet namely ICANN (Internet Corporation of Assigned names and Numbers) is all set to face the Indian Courts. A PIL is all set to be filed in the Indian Supreme Court against ICANN thanks to a Sub Contractor for domain name registration called “Net4India”.

In all probability, the Ministry of Information Technology and the registrar Open providers.com will also be the respondents.

This will perhaps be the first time that the Internet Governance system will be questioned in a Court of law because ICANN has repeatedly failed to safeguard the interests of the public.

When Internet was started, it was a US Government project. But after it was handed over to the public domain, ICANN emerged as the apex regulatory organization controlling the IP addresses and also the Domain names.

In the initial years, ICANN mismanaged the IP address allocation system under IPv4 which resulted in an inequitable distribution of available IP addresses to different countries. After the IPv6 system was introduced, the problem of non availability of IP addresses has been pushed to the background.

Then ICANN mismanaged the Domain Name system introducing multiple TLDs with inadequate control in registration and allowing overlaps of domain names.  At the same time, it used its might to stifle technology which could have brought Alternate Domain Name Systems in use. It allowed the proliferation of Phishing with complete lack of control on registration of domain names. From the initial First Cum First served basis of domain name registration, ICANN gave way to trade mark right dominated UDRP system without preventing the registration of conflicting domain names. This lead to innocent persons registering domain names only to lose it out in a IPR battle with the large corporations who owned trade marks.

Subsequently, ICANN introduced the Country Code domain names but failed to ensure proper use of the country codes so that it only multiplied the IPR issues.

More recently, ICANN gave room for Privacy Protection of WhoIs register which is a boon for Cyber Criminals.

Thus time and time again, ICANN failed in its fundamental duty to set a proper path for the Cyber Space administration.

In particular, ICANN considered domain name system as a money spinner for itself and appointed registrars with a hefty registration fee and did not exercise the required control over them.  This enabled registrars to cheat the public by allowing arbitrary pricing of domain name registrations, appointment of unverified sub contractors for domain name registrations etc leading to the public being at the mercy of the registrars and exposing the registrants to various frauds.

Now in India one of the ICANN’s faults has exploded into a major problem causing a  disruption in the Internet system.

Naavi.org had brought to the attention of the public way back in July 2017 raising a question “Is Net4India closing its operations?” .

This article highlighted the then just developing problem with Net4India appearing to indulge in some accounting malpractices and failing to respond to customer queries.

In more recent times, the problems escalated and Naavi.org  followed up with  the following several articles

ICANN Has to find a solution to Net4India problem
ICANN should release Domain Secret Code for transfer on request from the Consumer
Net4India discontinuance of service..Towards finding a solution

Unfortunately, the MeitY appeared to be completely oblivious of the seriousness of the issue. The India representative of ICANN Mr SamiranGupta failed to find a solution and ICANN was totally disinterested.

As a result today thousands of customers of Net4India are having problems of not being able to renew their domain names transfer their domain names. Many have their hosting stuck up, E mail servers not serviced.

Even today there appears to be nearly 73261 domains registered with Net4India and the chaos that the freezing of these domain names have created in the Indian Cyber Space is unimaginable.

At such a time, it looked funny that National Security Advisor today was speaking in a conference about “Cyber Security” without having any idea of what is the role of domain names in the healthy functioning of the Cyber Space.

It is unfortunate that the Ministry of Information Technology, is either unable to understand the gravity of the problem or is uninterested in resolving the issue.

For the records, it may be stated that Net4India may have filed an insolvency petition and neither ICANN nor MeiTy has any idea of how to tackle such a situation.

Given the fact that Naavi.org gave a three year advance warning the failure of ICANN and MeitY to find a solution during this period is simply unacceptable.

Who ever is the “Receiver” who is handing the bankruptcy proceedings should also be questioned about their inability to ensure the continuity of the service even while the proceedings of winding down is being attended to.

Since it was found out that another registrar namely Open Provider.com had some interest in Net4India’s domain activities, Naavi.org contacted them to take over the operations of the servers of Net4India so that the domain name services can be continued. Unfortunately, Open Provider replied

“Thanks for reaching out to us.

But as per our commitments with our Reseller, we do not target their end customers and it will be against our protocol to on-board our Resellers end customer. 

However, you are free to use our services for all your new registrations. 

Incase if you are facing any problems, please mention it so I can pass this information and ask them to respond you. “

Obviously this registrar to whom Net4India may be financially related in some form is not interested in resolving the customer issue and is speaking of “ethics” of business.

Naavi.org has been receiving a number of queries from individuals and companies about what is the solution to this problem.

Though Naavi.org has tried to elicit response from MeitY, Mr Samiran etc, there is no response from any of them.

It is therefore time that a PIL is required to be filed in Supreme Court with a request for ICANN to introduce an automatic system of transfer of domain registrar services to an alternative service provider in case of such defaults.

It is also the responsibility of the Ministry of IT in India to ensure that under the Intermediary Guidelines of ITA 2000, the registrars should be made answerable for such defaults.

At present, Net4India has committed a fraud on the public by first causing denial of service and then disabling some of their services with a view to shut off enquiries from the customers. A criminal case can be filed on this company and appropriate changes need to be brought to ITA 2000 to prevent such happenings in future.

Some advocates are already planning to file a PIL on this matter and I urge them to expedite their petition and ensure that they make MeitY, the Receiver to the bankruptcy proceedings, Openprovider.com as well as the ICANN and its India representative parties to the suit.

Naavi.org has also urged clients at different places to file adjudication applications with the respective adjudicators in their states so that they can also take up the complaints and try to find solution.

Looking forward to the PIL lawyers who understand the issue to act without further delay.

Naavi

P.S: Submitted the following complaint at ICANN today on 19th September 2020..at https://www.icann.org/complaints-office

A domain name registrar by name ‘ net4india’ operating from Delhi, India has ceased operations. It is not issuing AuthCode for transfer of domains, not responding to any customer queries. It is receiving inward payments with no accountability. Over 70000 domain names may be in the limbo along with e-mail services, domain hosting services.

There is a need to transfer the registry to another operating registrar immediately.

For the future a system has to be made available to handle such withdrawal of registrars from business.

Problem was first pointed out in July 2017 by Naavi.org and more recently a number of persons have reported the issue in India to authorities including Mr Samiran Gupta, the ICANN representative.

If ICANN does not handle the issue immediately, a class action suit may be filed against ICANN and its executives.

Request immediate attention and action.

 

 

Posted in Cyber Law, ITA 2008 | 2 Comments

Getting Ready for the New Era of Personal Data Protection

Posted on September 11, 2020 by Vijayashankar Na

Personal Data Protection Act is round the corner. Every organization handling personal information both of their employees or their customers need to get ready in understanding what we need to do for compliance.

FDPPI as the pioneering Data Protection Organization in India is organizing a free webinar on 23rd September 2020 between 10.30 am to 12.30 pm focussed on the SMEs and MSMEs.

The program is free to participate.

 

Request each one of you to spread the word so that maximum number of persons and organizations can take advantage of the webinar.

Those of you who are associated with industry organizations may kindly spread the word in your community so that your members can benefit.

Naavi

Posted in Cyber Law | Leave a comment

Divide and Destroy Policy to delay Passing of PDPB 2019

Posted on September 10, 2020 by Vijayashankar Na

Hindustan Times has carried an article today under the title “RBI Seeks exemption from Data Protection Law”.  At first glance it appears to be a serious opinion from the financial regulator but on deeper verification, appear to be a planted story to support views of some lobbies.

Given an opportunity, there is no doubt that even FaceBook wants to be exempted from Data Protection Law and may be even other organizations. Just as the Parliament session is about to commence on September 14th and we are expecting that the JPC would place its recommendations to get the Personal Data Protection Bill 2019 (PDPB 2019) to the next stage, HT’s article suggests that there is an attempt to plant dissidence among the regulatory agencies.

In the next few days we may expect articles suggesting that even TRAI, IRDAI, SEBI etc all would like to be exempted from the PDPA.

It appears that this article is part of the propaganda unleashed to scuttle the passage of the Bill. In all probability this could be a fake story published to stir up a controversy.

The approach of PDPB is similar to GDPR in that it is not a sectoral approach to Privacy protection but an across the board approach. It will affect Financial information, Health Information, stock market information etc. To some extent it will disrupt the existing regulators. But this is natural and inevitable. In fact PDPB is a continuation of ITA 2000/Section 43A and hence there is no reason why RBI which was comfortable all these years when 43A defined financial information is “Sensitive Personal Information”, should raise an objection now.

In all probability the views expressed in the article are not that of RBI. In fact RBI was more stringent regarding the data localization and PDPB is far more lenient.

There is a strong lobby of credit card processors lead by NASSCOM which does not want “Financial Information” to be within the PDPB. The reason is that Financial information is the most valuable personal information and several organizations are making money in processing the information in a manner in which PDPB will not allow.

PDPB does not exempt even the DPA from the provisions of being considered as a Data Fiduciary and there is no reason why RBI or any other organization should seek exemption. It is also not clear why RBI should be concerned since the personal data it handles is minimal and is restricted to that of the employees. It is the individual Banks who would be subject to PDPB and hence RBI need not worry about any serious disruption of its activities.

When RBI collects any financial information of a data subject, it may come through a Bank and hence its role may be only that of a data processor. Also most of the time the data is used for monitoring the security of the financial transactions as well as for statistical purpose and hence PDPB has in built exempts for RBI.

There are several other points mentioned in the article as if they are stated by some anonymous representative of the RBI. It is however more likely that this is a planted story of some vested interests who are worried about the loss of their commercial opportunities to exploit the financial data of individuals.

The report is also false when it mentions that “Data Retention Norms” are mentioned in PDPB. There is no such norms and RBI’s regulations will determine how long Banks keep the personal data. Similarly it is wrong to say that PDPB does not allow storage of payment data abroad at least in the current version. It only says that a copy should also be kept in India.

RBI”s role as operator of RTGS and NEFT are technology platforms which are managed through the Banks and hence the role of RBI is only as an intermediary through which the data passes through and not as a Data Fiduciary.

The report therefore needs to be ignored as yet another attempt by lobbyists to check the passage of PDPB in the current session. It would be advisable that RBI comes up with its official view whether the comments attributed under the article are official views of the RBI.

Just as the CDS has to manage the relationship with the three service chiefs, the regulators like RBI, IRDAI, TRAI, SEBI etc., need to manage the relationship with the DPA and unless there are ego issues, senior people should be able to manage the overlapping issues that may come from time to time.

It is unfortunate that the media is trying to create a divide between RBI and the Government to help some industry interests to prevail.

Naavi

Posted in Cyber Law | Leave a comment

The Man Who Saw Tomorrow

Posted on September 6, 2020 by Vijayashankar Na

M.K Anand, of Seechange Consulting recently interviewed Naavi and captioned the release with an attractive title “The Man who saw tomorrow”.

The video is now available on line.

Naavi

Posted in Cyber Law | Leave a comment

“Defamation” as Business Strategy

Posted on September 6, 2020 by Vijayashankar Na

Among the many abuses of the great innovation called Internet and World Wide Web is the misuse of the technology for organized defamation like what we used to refer in the physical world as “Yellow Journalism”.

While some adopt abuse through obscenity or abuse through manipulated information which are considered offences under ITA 2000, “Abuse through Defamation” and “Abuse through an Online Threat” are no longer offences under the ITA 2000 because our honourable Supreme Court took a wrong decision in the in famous Shreya Singhal case by scrapping Section 66A which has not been replaced so far.

I have recently come across a “Death Threat” on Whats App which cannot be booked under ITA 2000 and another incident of defamation through postings on some websites/blogs dedicated to defamation, which also cannot be booked under ITA 2000.

Such cases have to be booked under IPC but the evidence is in the electronic form and has to be supported by Section 65B certificate.

Unless the Government of India re introduces Section 66A or its equivalent or files for a review with the Supreme Court and the Supreme Court reviews it and allows the section to come back at least in a “read down version”(Please refer to discussions on Section 66A here), there is no relief to the victims.

Similarly, there is no relief to Cyber Crime victims if the MeitY and the MOF continues to ignore the immediate need to ban Crypto Currencies in India. These issues have also been highlighted in this website in the past.

Now I would like to bring to the notice of the public some websites such as shesahomewrecker.com, fraudsters.online and exposecheaters.online.

These are websites which encourage posting of defamatory content. We have earlier discussed in these columns about the “Glassdoor attack” and also referred to the law in NewZealand to prevent such harmful effects of Social Media misuse. In one dimension of job market we pointed out to “Glassdoor attack”  which involved posting of bad reviews about companies by disgruntled employees.

For these websites, and even for the Twitters and Face Books,  attracting visitors is the criteria. If this can be done with sensational news often created out of AI robots, they would grab it with both hands. What is lacking here clearly is “Ethics of Business”.

While Internet provides the freedom of expression which can be used effectively when incidents like suspected murders in the cases of Sushant Rajput or D K Ravi or Sunanda Pushkar, Palghar sadhus, Sridevi etc takes place and the Police under the influence of corruption fail to take appropriate steps, there are also instances when innocent persons are harassed through wrongful posts in some of the websites mentioned earlier.

Of course, these issues have to be handled on a case to case basis and we cannot impose censorship that could prevent good use of Internet freedom.

However, in most cases, it is difficult to find the owners of these websites since the Registrars promoted by ICANN have a false sense of Privacy and mask the identity of the business information called “Ownership of domains” as if they are “personal data. Hence even if our neighbor is indulging in slander, we will be running behind companies registered in Panama to request for the Who Is records. Similarly G Mail does not want to reveal the originating IP address for emails that land in my InBox for which I should have the right of information.

In a recent incident we also pointed out that Net4India a sub registrar of domain names and ISP services in India suspended many of its activities inconveniencing hundreds or thousands of web users.

The ICANN is not taking any responsibility for misuse of Internet and its approach to Cyber Crimes is the biggest challenge to Cyber Security at this point of time.

If we want not to depend on ICANN for securing the Cyber Space, it is only the individual countries who have to ensure that the Cyber Space does not become a menace.

In India therefore the responsibility falls on the MeitY to address some of these issues.

Despite our repeated nudges, MeitY has not taken action for resolving the Net4India issue or the Crypto Currency issue. It has earlier indulged in half hearted attempts to amend Section 79 intermediary rules but backed out when Urban Naxalites launched action in the Supreme court. Though it has taken steps to block Chinese Apps, it has not taken steps to block the websites who have made it a business out of defamation.

Now we need to again remind MeitY that reintroduction of “Harassment through messaging” which was present in Section 66A along with the Cyber Bullying, Cyber Stalking, Spamming, Phishing, Cyber threats which were all present in Section 66A but the Supreme Court failed to see as it was after its own desire to assert its support to freedom of expression calling Section 66A as a “Chilling” effect on the society.

We are not sure that MeitY has an ear to listen to these aspects. MeitY appears to be mortally afraid of PIL lawyers who may get a sympathetic hearing by the Supreme Court also. Our Attorney General is more concerned with letting off persons with a history of contempt of Court proceedings rather than protecting the victims of Cyber Abuse.

But it is our duty to record our observations and hope that some Court at least will take note of the vows of Internet abuse when some defamation cases are brought before them like the Baba Ramdev case which was heard by the Delhi High Court.

Naavi

Posted in Cyber Law | Leave a comment

Atleast Now Mr Modi should know the Villain called Bitcoin

Posted on September 3, 2020 by Vijayashankar Na

It is reported that Mr Narendra Modi’s twitter account was hacked and a request was placed for contribution to the PM’s fund through Bitcoins.

It is obvious that this is the work of fraudulent hackers who must have been able to get some benefit by way of Bit Coin contributions before the hack was detected and removed.

Naavi has been urging the Government of Mr Modi to ban Bitcoins through a number of articles here but the request has gone unheeded.

It is our firm belief that unless Bitcoin is banned the Government of India’s effort to remove black money is only to be considered as half hearted.

Unfortunately the Supreme Court paved the way for a surge in Bitcoin usage in India by scrapping the RBI notification preventing Banks from dealing with companies engaged in Crypto Coin exchange.

The Finance Ministry has quietly looked the other way and even the RBI has withdrawn to the back ground since the lobby behind the Bitcoins is so powerful that even Mr Modi is hesitant to act.

Now that Bitcoins have been demanded and received in the name of Mr Modi, we can expect the opposition to demand an enquiry on whether this was really a hack or was only stage managed.

It would not be possible for BJP to prove that no body paid in bitcoins because that is the nature of secrecy that sorrounds this “Currency of Criminals”.

We hope that at least now, Mr Modi and Mr Shah would realize the damaging potential of Bitcoins and issue an ordinance to ban Crypto Currencies forthwith.

Naavi

 

Posted in Cyber Law | 1 Comment