Bill to ban Bitcoin Introduced in Parliament

Posted on January 31, 2021 by Vijayashankar Na

The budget session 2021 of the Indian Parliament is being eagerly watched for several reasons. While the traditional financial pundits will look forward to the Post Covid budget to take the country on a revival path, observers of the Data Privacy scenario are waiting for the PDPB 2019 to be introduced for final passage with the amendments suggested by the JPC. This bill is yet to be placed before the Parliament as it has to be cleared first by the Cabinet. This may happen during the end of week 1 of the session.

In the meantime, the much awaited bill to regulate crypto currency system and to more specifically, ban the Bitcoin and its brother crypto systems which are the “Digital Black Money” of India is being taken up in the Parliament for discussions and passage during this session.

Considering the high stakes of political parties in Bitcoins and crypto currencies, we may expect a fight to scuttle this bill in this session much more than the fight on the farm bills. However, it is our hope that the bill will finally be passed and one of the long fought battles of Naavi.org will come to a welcome conclusion.

The Bill is called “Banning of Crypto Currency & Regulation of Official Digital Currency Bill 2019” (Crypto bill). It has 27 sections.

According to the Act,

Whoever directly or indirectly mines, generates, holds, sells, deals in, transfers, disposes of or issues Cryptocurrency or any combination thereof or

Whoever directly or indirectly promotes, issues any advertisement, solicits, abets or induces any participation in any activity involving the use of Cryptocurrency

shall be punishable with imprisonment which may go upto 10 years and a fine upto Rs 25 crores.

The second schedule makes consequential amendments to the Money Laundering Act 2002 and brings mining, holding, selling, dealing in, advertising, soliciting etc etc of Crypto currencies within the provisions of this Act under which an imprisonment of upto  10 years is provided for.

The definition of Crypto currency as per the Act is

―Cryptocurrency‖, by whatever name called, means any information or code or number or token not being part of any Official Digital Currency, generated through cryptographic means or otherwise, providing a digital representation of value which is exchanged with or without consideration, with the promise or representation of having inherent value in any business activity which may involve risk of loss or an expectation of profits or income, or functions as a store of value or a unit of account and includes its use in any financial transaction or investment, but not limited to, investment schemes;

The Act at the same time introduces the concept of an official crypto currency which may be called a “Digital Rupee”. The Act recognizes “Foreign Digital Currency” as “any class, category or type of digital currency recognised as legal tender in a foreign jurisdiction;”.

The prohibition under the Act is that

” No person shall mine, generate, hold, sell, deal in, issue, transfer, dispose of or use Cryptocurrency in the territory of India.”

Exception are available for research, education and does not affect the use of blockchain technology.

The possible recognition of a foreign digital currency is an enablement which requires specific notification.

Prohibition also extends to use of Crypto currency as a medium of exchange or a store of value or a unit of account and as a legal tender or currency in any place in India.

It may be noted that

Where a violation under this Act has been committed by a body corporate, every officer of the body corporate who at the time the violation was committed, was in charge of, and was responsible to, the body corporate for the conduct of the business of the body corporate, as well as the body corporate, shall be liable for the commission of the violation;

Provided that an officer of a body corporate shall not be liable to be proceeded against for a violation committed by the body corporate under this Act, unless such violation is, – (a) shown to have been committed with the consent or connivance of that officer; (b) shown to have been committed with the knowledge of that officer, attributable to such officer due to the internal processes of the body corporate; or (c) attributable to the gross neglect on the part of the officer.

The passage of the bill will bring the long standing demand of Naavi.org to a conclusion. We hope the passage of the bill goes through without a problem.

We would like to point out the authorities to however include in the rules an exception that the definition of “Crypto Currency” as per Section 2(1)(a) does not include the value of Non Personal Data proposed to be unlocked in the “Non Personal Data Governance” regulation as envisaged.

P.S: The explanation that may be added could be as follows:

Explanation : The definition of “Crypto Currency” above excludes value assigned to any set of data  representing an inherent right such as a domain name, trademark, copyright, patent or other right classified as an Intellectual property, and also any valuation of “data” or “personal data” as defined under Information Technology Act 2000.

Naavi

(Earlier articles on this site on Bitcoin may be accessed here)

 

Posted in Cyber Law | Leave a comment

Please donot misuse Naavi.org

Posted on January 30, 2021 by Vijayashankar Na

I have been informed by some alert observers that some persons are contacting the visitors of Naavi.org who post comments and soliciting business of there own.

While building a network based on the interactions on a website outside the activities of the website cannot be objected to or prevented, Naavi.org cannot be an instrument to be used for spamming the persons who post comments or using the comments for unfair business gains.

I would request visitors to refrain from such practice.

I hereby give notice that Naavi.org is not associated with such persons and is not liable for any of their activities.

Naavi

Posted in Cyber Law | Leave a comment

Data Protection Journal of India launched

Posted on January 28, 2021 by Vijayashankar Na

To mark the international privacy day of 2021, Foundation of Data Protection Professionals in India (FDPPI) launched a journal titled “Data Protection Journal of India”.

The journal will be available at www.dpji.in

Naavi

Posted in Cyber Law | Leave a comment

Privacy Challenge..Article published in India Legal Magazine

Posted on January 18, 2021 by Vijayashankar Na

This is the article published in India Legal magazine dated January 25, 2021.

PDF link 

Posted in Cyber Law | Leave a comment

Zoho’s “Arattai” app to challenge WhatsApp

Posted on January 18, 2021 by Vijayashankar Na

Zoho is an unique Indian Company that is promoted by Mr Sridhar Vembu, a man whose vision is an inspiration for many.

It appears that Mr Shridhar Vembu is responding to the call for an Indigenous app to replace Whats App.

The app is called Arattai.

I wish we all try this app. More details are available at https://www.arattai.in/

I have one suggestion for Arattai in terms of their terms of use. The app has indicated that dispute resolution is through a “Binding Arbitration”. However in India, since there is a statutory judicial process involving “Adjudication” to resolve disputes between the users of Arattai and the Company, the arbitration has to be non-binding.

DDMAC (Data Disputes Mediation and Arbitration Center) of FDPPI has therefore adopted  non binding arbitration as the means of dispute resolution in an online system.

Naavi

Posted in Cyber Law | Leave a comment

RSA.COM remains silent

Posted on January 18, 2021 by Vijayashankar Na

In continuation of the report of the incident of illegal blocking of Naavi.org on 17th January 2021, I would like to inform the readers of Naav.org that Union Bank of India has expressed regrets for the incident. A senior executive of the Bank called yesterday evening to express his regrets on behalf of the Bank.

However, so far there has been no response from RSA.COM

I have therefore raised a complaint with CERT-In today as follows:

Quote:

To

The Director General
CERT-IN
Delhi
Subject: Complaint against RSA.COM, wherever they are located
I write to report an incident of security breach caused by RSA.COM  and request you to investigate the same and take action under Section 70(B) of ITA 2000.
The details of the incident are reported at https://www.naavi.org/wp/union-bank-and-rsa-fiasco/
It is understood that Union Bank of India, an Indian public sector Bank has engaged the services of RSA.COM for certain cyber security related services, under terms of contract which are not known.
However on 15th January 2021, RSA.COM caused the website www.naavi.org to be interrupted through a false accusation and notice sent to M/s Square Brothers Info Tech (P) Ltd (squarebrothers.com) which is the hosting company for naavi.org. As has been explained in the article which was accused of containing a phishing link, I had alerted Union Bank that if they donot take corrective action, the erstwhile Internet banking URLs of the merged banks could be used for Phishing. This was a sort of alert which normally should be given by CERT_In.
In the notice sent to the service provider, RSA.COM  however made unsubstantiated and defamatory statements about the website www.naavi.org which has an impeccable history of over 20 years as the custodian of Netizens interest in India.  The take down demand accused  that the website www.naavi.org was “Fraudulent”, “Fake” and “Hosting a phishing link”. The notice was so drafted as to create panic in the minds of the service provider and force them to take down the website.
I however record that after my complaint, the service provider (Squarebrothers.com) restored the service quickly.
However, the action of RSA.COM needs to be investigated and necessary counter action has to be taken by CERT-In to prevent recurrence of such events to other website owners in India.
The action of RSA.COM was arbitrary and caused  a “Denial of Service” under Section 43 (f) of ITA 2000 and an offence under Section 66.
Further, the notice sent by RSA to my service provider was a violation of Section 69 of ITA 2000 since it did not follow the due process indicated there in.
As the owner of the website www.naavi.org, I demand that action be taken against RSA.COM under the powers available with CERT-In under section 70(B) of ITA 2000.
In particular, I would like to know
1. why Indian Banks are allowed to obtain services from such foreign agencies which involve sharing of sensitive personal information of Banks. Does it not violate the Data Localization requirement of RBI?
2.Is RSA.COM have any accreditation with CERT-IN as a reliable security agency?
3.Do they have a system to analyze a Phishing Complaint before they issue take down orders on service providers.
4. Are they authorized to issue such “Orders”? as per the decision of the Supreme Court of India under the Shreya Singhal case?
5. Have they reported this as an “Incident” to either RBI or to you?
6.Does the contract between Union Bank of India and RSA.COM incorporate any indemnity clause to protect the Bank against legal action arising out of such reckless action by RSA.COM? since their action exposes Union Bank to legal liabilities.
7. Does the contract between Union Bank of India and RSA.COM provide for jurisdiction of Indian Courts and application of laws in India?
8. You can observe from the notice of RSA.COM that they are demanding certain data arising out of the incident. Under what law are they entitled to the data even if it has been collected through phishing?
I request CERT-IN  to issue a circular to all service providers in general that
a)  Companies like RSA.COM donot have any authority to issue demand for take down of any web service and such requests should be considered valid only if it is a “Verified” order from a “Competent Court in India” nor they have any rights to ask for customer data to be shared.
b) Service providers receiving such requests should be guided by a policy for addressing such take down requests which should normally come from the Courts or in an emergent situation from CERT_IN. Private Companies should in no circumstance be allowed to exercise judicial powers in the manner RSA.COM has done in this instance.
c) The policy (“Take down of services Policy” ) should ensure that the service provider should check if the allegation is true and ensure that a show cause notice is issued to the owner of the web asset which is sought to be removed before taking further action.
d)  In all such cases a report should be shared with CERT IN
In the instant case, I have received an expression of regret from Union Bank of India and profuse apologies from the service provider who also restored the service quickly However so far no response has come from RSA.COM.
CERT In failed to intervene when Net4India customers were denied access through an wrong order from the NCLT. I wish CERT IN will not fail again to act in this case against RSA.COM.
I hope to receive a confirmation of the action taken. The Indian security community will be eagerly looking forward to the response from your end.
Naavi
(Na.Vijayashankar)

Unquote

I am looking forward to the action to be taken by CERT IN.

Naavi

Posted in Cyber Law | Leave a comment