The Adjudicating officer of Telengana on 30th September 2019 awarded compensation to a victim of a fraud in ICICI Bank. The total amount which the customer (an NRI) had lost was Rs 43,07,525/-. The Bank had alleged that this was a Phishing case and hence the Bank is not liable.
However, the adjudicator considered that the Bank was negligent under Section 43 and 43A of ITA 2000 and hence liable to pay back the amount lost along with a further compensation of Rs 5,00,000/- towards mental agony, Rs 50000/- towards expenses and 9% interest from the date of loss.
The Copy of the judgement is available here
Along with other cases from TDSAT, this is yet another case where the Bank was being held liable for the fraud.
Naavi
Published in India Legal dated 12th November 2019. PDF version of the article is available here:
 |
 |
 |
 |
Naavi
The last few moths have seen a flurry of activity on Naavi.org related to Privacy and Data Protection. In order to bring all the articles published during this period into one list for easy reference, containing 39 articles.
It would be interesting for me to receive comments from industry experts and academicians on the different views expressed in these articles and contribute further into the knowledge base.
I invite any of the viewers to submit their views and counterpoints on the issues discussed here for publication in these columns.
Naavi
The California Consumer Protection Act which has a bearing on the Indian IT industry processing personal data of Californian citizens is getting ready for implementation from 1st January 2019.
On October 13, 7 amendments have been passed for the earlier Act which was passed on June 28 2018.
More importantly, a draft regulation has also been released by the Attorney General on 10th October 2019 for public comments.
Public Comments may be filed by December 6 2019.
Interested persons may study the Act as it has now emerged and also submit their comments. Naavi.org and FDPPI is collating views on the regulations and would submit its views.
Details of the Act and the regulations can be found here:
Naavi
WhatsApp has sued the Isreli Company NSO for creating and distributing the Pegasus trojan. Pegasus has been a trojan that infects mobiles (Andoriod and ios) through a mobile call even if unanswered. Once infected, it enables the hacker to silently watch the activities on the phone including reading of the messages. The virus is unremovable even with a factory reset.
It has been alleged to have been used for surveillance of Bhim Koregaon activists and their supporters in India by the Indian Government, which the Government sources predictably have denied.
This is not the first time that Israel or any other hacker group has created such tools and Governments of many countries bought the tools for their surveillance requirements. Stuxnet itself was one such example. While most of the population are not worried about Government surveillance of criminal activities, the technical possibility of a trojan that can infect mobiles through an unattended whatsapp call which can take over the mobile is alarming. If today Israel can develop Pegasus, tomorrow a criminal gang can develop a variant for similar purpose.
We already know that a virus called Xhelper has already been infecting some of the phones with properties similar to Pegasus.
While the NSO has stated that it has sold Pegasus only to some Governments and the Indian Government has itself issued a notice to WhatsApp to explain how the virus was used to snoop on Indians, WhatsApp itself has filed a complaint against NSO.
A Copy of the Complaint available here makes an interesting academic study.
The Complaint mainly alleges that WhatsApp violated the terms of use since the planting of the virus involved creation of WhatsApp accounts and making WhatsApp calls for sending the malicious codes to target phones. This also resulted in “Unauthorized Access” to WhatsApp servers which is an offence under Computer Abuse Act. It appears that WhatsApp has provided some evidence and the phone numbers used for infection which indicates the area code of Washington, USA.
The Complaint has been filed at the US district court, Northern District of California naming NSO group as the defendants. The telephone company which was a party to the activity has not been arraigned.
Charges have been brought under Computer Fraud and Aubse Act, California Comprehensive Computer Data Access and Fraud Act, Breach of Contract and Tresspass to Chattels.
Relief sought includes permanent injunction besides damages.
As regards the allegation that Indian Government has used Pegasus for snooping on some activists, it is a Canada based organization called Citizen’s Lab which has released a report. The Citizen Lab is an interdisciplinary laboratory based at the Munk School of Global Affairs & Public Policy, University of Toronto, focusing on research, development, and high-level strategic policy and legal engagement at the intersection of information and communication technologies, human rights, and global security.
According to Citizenlab after the report from the Lab in May 2019, WhatsApp fixed the vulnerability. Hence the current versions of WhatsApp may not be vulnerable to this attack.
Behind this Pegasus incident lies the discussion on ethics and security. While criminals continue to make use of all the tools of crime available in the deep web to create havoc on the organized society, when the Governments try to use similar counter Cyber crime strategies, the human rights activists start complaining.
Should Human Rights be used to defend the rights of criminals? is itself a question that needs to be answered by Courts. It is not uncommon in India that a large part of the time and energy of Supreme Court is spent in hearing cases of these “Human Right Activists” who specialize in defending the criminals by invoking the human right principles. Most of the times, the beneficiaries are the inhuman terrorists and criminals.
It is time for the Courts to draw a line on who can invoke “Human right” protection before trying to adjudicate on the ethics of Governments using tools such as Pegasus as”Tools of War”. Just as weapon manufacturers need to restrict the sale of military grade weapons only to sovereign Governments, any agency developing such tools should be considered responsible to ensure that it does not fall into wrong hands.
Perhaps the Court case in USA will determine whether NSO is a “Cyber Weapon Manufacturing Company” that deals with sovereign Governments only or tries to commercialize its weapons by selling it over to criminals and terrorists.
Naavi
Naavi