Naavi.org was started way back in 1998 with a motto “Let’s Build a Responsible Cyber Society”. The “Cyber Laws” were identified as a “Norm” of the Cyber Society and hence “Cyber Law Compliance” has been a long term slogan of Naavi. It was way back in December 2000 that I made a statement in a CII seminar in Chennai stating that “Cyber Law Compliance is the Corporate Mantra for the Digital Era”.

It is of course another matter that nearly two decades afterwards we are still searching for Companies and Individuals who are keen to follow “Principles of Ethics” in their activities. Companies go after “Profits at all costs” and would not hesitate to cut corners and even down right cheat if there is an extra buck to be made. Cyber Criminals of course think it is their birth right to adopt any form on unethical behavior to reach their ends.  Some of them use technology to seek revenge on others and some use technology for financial gains.

Law enforcement tries to put barriers on such Cyber Crimes with limited success. Incidence of unethical behaviour of Law Enforcement itself is also not uncommon. Behind this is the force of our political system where the corruption of the past generation such as Bofors still make headlines today and our Ministers indulge in malpractices which are specially designed to put even disciplined army officers behind bars for extended periods just to gain some political credits. Our Judiciary can also deliberately make arithmetic addition mistakes to acquit an influential politician and even Supreme Court can conveniently reserve their judgement in such open and shut cases, until the influential politician respectfully leaves the world so that his/her reputation remains in tact at death.

It is a common observation today in the Job circles particularly in the IT Segment that people seem to keep jumping from company to company at frequent intervals without any loyalty to their employers. Some times the reasons for change is genuine as when the skills of the employee does not match the job profile or growth opportunities are blocked for reasons beyond the control of the individual but mostly it is pursuit of a few more rupees in salary and nothing else.

In certain cases, inefficiency sets in with the operation of “Peter’s Principle” and employers are also required to take the tough decision of giving out pink slips.

In certain other cases, some employees commit mistakes, land the Company in trouble but quietly move off to another company before their mistakes surface.

For example, in the Cyber Security domain, we say that on an average it takes more than 270 days for a security breach to be noticed by the organization and another 90 days for corrective measures to be applied. An intelligent CISO who comes to know of the issue much before others can very well leave the organization quietly so that during his tenure everything seems to be fine and some thing happened immediately after he left. This makes a great note for the CV but it is certainly not ethical to jump the sinking ship without even warning others and take shelter in a safe haven before things go wrong and suck others into the whirlpool of doom.

Whenever we discuss Cyber Law Compliance or even Cyber Insurance, we often come across situations where the CISOs donot want to admit that there are short comings in their actions and hence keep off further compliance actions until it may be too late.It is only the owners of establishments and Promoter Directors who are really concerned about Cyber Law Compliance and Cyber Insurance since they cannot run away.

In many cases of frauds, the owners go to jail themselves for negligence though the media often makes it out as if they were criminals themselves. But they often leave the controls of Compliance to their employee subordinates who may not have the same level of commitment that the entrepreneurs themselves have on the long term stability of the organizations and suffer.

Of course this argument excludes those entrepreneurs who specialize in setting up start ups without properly securing the businesses so that they can transfer them to some venture capitalist and run away  before it is too late.

Some times the Job shifts donot work out smoothly despite no ill will to start with. The current employers refuse to accept resignations and force employees who are no longer interested in continuing and in the process lose alternate opportunities.

Some times this may lead them to indulge in unethical practices such as abandoning the current employer and reporting at the new place without a relieving letter or a forged relieving letter. Some of them post derogatory messages in Glassdoor or Sarahah forcing the employers to seek legal remedies.

All these lead to an unpleasant employer-employee relations which is dysfunctional and unproductive for all. In certain cases it will kill the career of the employees who cross the limits of decency and indulge in contravention of law and end up in crimes such as  defamation and hacking of their old employer systems.  At that time it will be too late to put the clock back.

At the same time we also see some unethical employers who look at all outgoing employees as despicable and institute false cases against them only to prevent them from taking up other jobs.

In such an environment, seeking “Ethics” from ordinary people appears to be a little too much for this Kaliyuga. However, in every situation, there will always be some people who may still consider that if “Every One of us endeavors to be as clean as possible, the Society will be cleaner than what it is today”.

In pursuance of this “Eternal Goal”, it is our duty to recognize and appreciate the efforts of one Company in Bangalore which wants to create a business model out of an interesting concept “Ethical Job Seeker”.

This interesting concept was observed in a website www.iaccept.in belonging to a company called iAcccept Softwares Pvt Ltd, operating in Bangalore under what is indicated as a patented service.

The iAccept service tries to register employers and employees on its platform to build some kind of ethical behaviour during the time when a person is seeking the job, attending multiple interviews, accepting an offer at one place but getting a better offer in another and finally ending up up displeasing one or more employers.

The Employee thinks that it is his right to chose the best offer and the employer thinks that once he has issued an appointment letter and the person does not either accept it for an indefinite time or accepts it and later rejects it or does not simply report, is upsetting his plans for recruitment and wasting his time and money.

Often recruitment process runs for a long time for a month or two and if the candidate who has been interviewed by three or four executives and has been issued with the appoint letter makes it necessary for the organisation to go through the frustration of repeating the process once again, it leaves bad blood behind. In the meantime, if the acceptance of the resignation of its own employee who is being replaced is delayed, there is a problem for that individual also.

In a bid to find a solution to this problem, What iAccept proposes is to create a “Ethical Job Seeker” who registers on this platform. Simultaneously, potential employer organizations also register in the same platform.

The job seekers who register commit themselves to the following code of ethics:

I affirm that I have not and will not misrepresent about my educational qualifications.

I affirm that I have not and will not misrepresent about my employment status or my past or current employers

I shall always strive to keep my word and will honour any commitments made and believe that this is the foundation of my personal integrity.

I will not lay blame, try to justify, or give excuses. I will take prompt actions to innovate and improve to achieve better results. I will be accountable and I will take full responsibility to initiate all necessary actions.

It is expected that the candidates who accept an employment seeks a “release request” if he changes his mind and wants to accept another offer.

The job seekers would be evaluated with a “iAccept Score” which is computed out of a “Credibility Score” and “Ethic index”. When a candidate accepts a job, does not cancel or send regret letter and does not report would be considered as a “No Show” and his “Credibility Score” would suffer. Similarly when a candidate absconds from work without proper resignation and settlement of dues, his “Ethics Score” would suffer.

This means that a candidate who has built up a “Good iAccept Score” over a period is likely to get better attention from employers.

The registered employers on the platform submit themselves to the following code of ethics on their part.

As an organization, we will maintain positive, open, and value-added communication at all times and establish standards for ethical behaviour and integrity

We take pride in according individual respect, trust and teamwork.

We endeavour to sustain a work environment founded on dignity and respect for all employees

We help to make employees feel their jobs are important and cultivate the full potential of all employees

We encourage individual pursuit of work/life balance

We enable the well-being of individuals and their families through compensation, benefits, policies and practices

We appreciate and recognize the contributions of people who work here

We encourage employees to get involved in community endeavours

We consider the human toll when making business decisions

Obviously the concept will start providing benefits to the registered job seekers and employers over a period of time. The Companies are likely to have a higher concentration of ethical employees and the employees may get offers from companies good to work with.

The portal does not focus on being a “Job Portal” but encourages use of the platform to generate Service Letters/Experience letters without the need for contacting the old employers, send regret letters and also send in resignation letters.

Probably the concept can be further refined and additional value added. But we need to recognize that the idea is innovative and has a strong ethical objective to clean up the chaotic job market.

It is time for all job seekers and employers to take a look at this service and use it if it suits them.

Comments are welcome.

Naavi

We have discussed at length the subject of P2P lending platforms in the past and highlighted the need for proper regulation. Some of the earlier discussions can be found in the following articles.

Peer to Peer Lending Platforms and Regulatory Compliance

FinTech Companies need to watch out for the new regulations from SSWG

Will PSD2 have an impact in India?

RBI’s FinTech Working Group needs to secure Consumer interests also

Now RBI has finally come out with a notification that P2P lending platforms will be treated as “NBFCs”. (See Report here)

According to the notification

the term “the business of a peer to peer lending platform” shall mean the business of providing under a contract, the service of loan facilitation, via online medium or otherwise, to the participants who have entered into an arrangement with that platform to lend on it or to avail of loan facilitation services provided by it.

This is the correct interpretation as otherwise there would have been chaos in the financial services industry.

The P2P lending platforms raise funds at one end and lend it at the other end. While Banks absorb the funds into their account and then lend it out of their own kitty, P2P platforms may match the buyers and lenders directly and earn commission in between.

However, in practice it would be the platform that would be guaranteeing the repayment of loan participation coupons to the suppliers of lendable resources and recover the funds from the borrowers. If this had not been regulated, there would have been scope for many scams.

Though the Fintech company’s representative publicly states that they welcome the development, it is clear that many of the companies who were planning to come out with their Start Up operations have not factored in the regulations and need to completely revamp their proposed operations.

We welcome the move of the RBI.

Naavi

There is an entity called namo smartphone at IPO Building, 7 Race Course Street, Delhi 110001, with phone +91 7905457748 and e-mail address namo.smartphone@outlook.com.

This entity seems to own a domain name called FLIPKART-BIG-BILLION-DAY-SALE.COM and is offering some special gifts and sending out the following message through WhatsApp.

At first glance it appears as if it is a Flipkart official site since there is such a sale presently going on. Obviously, it is not.

The domain name has been registered at godaddy.com in the name “Namo Smartphone” which uses the familiar nick name of Mr Narendra Modi.

This therefore represents violation of two trademarks with an objective of misleading the public through “Impersonation”. It is therefore both an offence under Trademark Act and Section 66C of ITA 2000/8.

From the registration details, it appears that the domain name has been running since last 10 days without Flipkart recognizing it.

A little while earlier another WhatsApp message with special offers under the domain name flipkart-gst-sales.in was also received .

This domain is registered in the name of “GHFTYD FTYFT”, with phone number +91.9876545367 and e-mail ID, yogeshbtrn23@gmail.com. It appears that this person must be having several domain name registrations and all of them could be considered as tools for committing frauds.

With little effort, both these fraudsters can be traced if either Flipkart or the Police is really interested in public good.

It is only because companies like Godaddy.com are only interested in making money in domain names and not interested in public welfare and ICANN Is also encouraging this tendency to book domain names in fictitious names of registrants that such frauds are being facilitated.

I urge the Police to initiate action in these two cases which we are placing in the public domain and I urge Flipkart to register a complaint.

We have seen that whenever a new film is released, hundreds of websites are blocked under the suspicion that links to pirated copies would be made available in these sites, and even some Courts have issued orders of such nature on  “Unknown Potential Offenders”.

In such cases there is a producer who loses money and hence takes some action.  But in the Flipkart case, it is only the public who may lose money and hence no body seems to be bothered.

At least in this case since the reputation of Mr Modi is involved, will the Police take action?

Naavi

The system of Section 65B (IEA)  Certification was born along with Information Technology Act 2000 and has been in place  with effect from 17th October 2000. However, it was only in 2015, after the P.K.Basheer judgement of the Supreme Court stating that Section 65B certificate is mandatory for all electronic documents, that there was a realization by the legal community. Now in many of the lower Courts, judges are asking for electronic documents to be certified under Section 65B.

As a result, there is now a scramble for finding out  the format in which the certificate is required to be provided. Many are trying to find out a “Standard” format that can be used in all certificates.

One such standard format which is being floated around is an “Affidavit” format since “Affidavit” is the most familiar document in our legal system.

Every body in the legal fraternity has respect for the document when it is called “Affidavit” and wants to file an affidavit as a ritual for any statement to be made to the Court. Courts also look at it as a procedural requirement rather than a committed declaration.

There are not many instances where a person giving a false affidavit is punished for perjury though every body knows that when the petitioner and the respondent both present affidavits swearing some thing exactly opposite, only one is swearing on a truthful statement and the other is making a false statement under oath.

Technically there could be a case where both the petitioner and the respondent may believe that their statement is true and are therefore not making the statements in bad faith. But such cases are few where some interpretation or inference is involved and not facts. Most are cases where on a matter of fact two diametrically opposing affidavits will be filed in a Court as if it is a matter of right to lie before the Court in self interest. Courts are also lenient in such cases and are not punishing people who deliberately file false affidavits to mislead the Court.

We must first agree that just because a statement is made under the title of an “Affidavit” and on a stamped paper, it does not acquire sanctity. What is stated there in and whether the person has the knowledge that the statement is true is important.

In the case of the Section 65B affidavits, the statement may only say that the document filed as a print out “identical to the electronic document” which is available in the computer or mobile. But this is not sufficient for the document to be accepted under Section 65B.

In our previous article “An Affidavit will not be a proper format for Section 65B Certificate”, we had indicated why the Affidavit format used by some is not the correct format. Many have since asked me to clarify why I think so, particularly when some courts have accepted the affidavits.

Without meaning any disrespect to any Court, I would like to say that from 17th October 2000 till date many Courts have been accepting electronic documents without any certificate, let alone in the correct format in which Section 65B certificate is required. This does not make such submissions as acceptable under law.

During all these years, CEAC has been producing certificates in the “CEAC Format” which according to our humble opinion was what is envisaged under Section 65B and Courts have accepted this without any problem.

However, if some body asks me to publish a “Standard” format which others can also use, it is not possible. I am not saying this because the format is a “Trade Secret” but because each certificate is unique and distinct to the type of document and the manner in which it was observed and recorded.

In this respect I consider that a Section 65B Certificate is like the “Digital Signature”.

A Digital Signature is a combination of a representation of the person signing an electronic document and the content of the electronic document. Hence if the person is different or the document is different, the digital signature file is different.

Similarly, a Section 65B Certificate is uniquely tied to the content of the electronic document which is the subject of certification and the process in which they were experienced by the person who is providing the certificate. Hence there is no single format fit for all cases.

In the first ever case (State of Tamil Nadu Vs Suhas Katti, AMM Court Egmore, Chennai) in which CEAC filed a certificate signed by Naavi, the subject document was in a server of Yahoo Inc and was accessible within a “Group”. The document was certified in support of the Prosecution and I was also examined as an “Expert Witness” and cross examined. What the Court thought of the process was also briefly reflected in the judgement (Copy available on www.ceac.in).

Immediately there after, the same Court invited me to observe a “CD seized from a crime scene” and certify the contents there in. I did it for the Court.

Subsequently, I have certified a variety of documents such as “Web Pages”, “Documents in a Corporate Network computer”, “Mails received or sent by a person visible in his/her email server”, SMS or WhatsApp messages on a mobile, Blackberry encrypted files saved on a computer, CCTV footage, Audio visual files etc.

As one can guess, each of these instances are unique and my observations run in some cases to hundreds of pages and the Certified copies submitted have even run to around 1700+ pages in one case.

Most of the times the electronic documents are on an “As is where is” basis. In some cases, the report may view further documents with a forensic tool which also is certified under Section 65B.

I suppose people will now appreciate why a Section 65B Certificate cannot be put on a standard format atleast when CEAC is involved with its own reputation to maintain.

I also make it clear that CEAC Certification like any Section 65B Certificate is for admissibility of the electronic document and subsequently Court may invite a Section 79A registered “Digital Evidence Examiner” (Government Agency registered for the purpose…none has been registered so far) and subject the electronic document to any further forensic examination.

In some cases, I am being asked if the Section 65B Certificate can be given by the plaintiff or the respondent himself or his lawyers. I have maintained that this will be considered “Self Serving” and reduce the value. Further the advocate giving a certificate may not be advisable since he becomes a witness to his own case.

A “Trusted Third party” is always preferred.

CEAC may be one such choice but need not be the only choice. If the trusted third party is credible, it would make the work of the Judge easier and he may avoid the need for every electronic document to be submitted to a Section 79A certified Government agency for verification.

If the certification agency is credible as per the Judge, there may also be no need to examine the Certifier as a witness also. Further, the Certificate given by the Certifier to the person at whose instance it is provided, may be submitted by him to the Court under his affidavit stating that this is the document submitted by the Certifier and this should be sufficient for the Court to admit the electronic document.

There could be some minor disagreements as to the procedure involved in submission which each Court may try to decide on its own but this would get standardized over a period of time.

While on the subject, I will also have to mention another issue that confronts CEAC from time to time which arises from the lack of understanding the Section 65B certification process and format.

Many times the users are unable to understand the effort required in extracting the electronic documents and provide the certificate and often are disappointed that even me known for free service most of the time quote a minimum of Rs 5000/- for the service. On the average the actual cost could be even higher and those who are accustomed to paying Rs 1000 for a lawyer to send a notice find it difficult to appreciate the value. Similarly, some ask for certification of a print out taken by them which I refuse. I have however done many “Remote Observation and Certification” where the user is not right in front of me but sitting say in USA.

In one recent case, a software professional engaged in a matrimonial dispute used the services for CEAC certified E Mail Delivery to the respondent which was critical to the case. But even he was unable to appreciate the value of the service. Many times, when we approach a company for a software and they quote a few lakhs of rupees, we wonder why a software should cost so much. Similarly those who donot understand the service  are unable to also understand the value of the service and the cost involved.

It is only when the see that the CEAC certification under Section 65B is not a simple affidavit will they realize that the costs are not only reasonable but down right a steal.

I have elaborated this process for the reason that some of the persons asked me specifically to explain why the affidavit format is not favoured by me and I could sense that some of them may be having doubts as to whether I am rejecting a simple and cost effective requirement with some thing more complicated and expensive for personal vested interests.

I hope I have made things clear at least now.

Naavi

We speak a lot about “SPAM” and need to prevent it. We also speak of Phishing and other forms of impersonation that arises because people can send out e-mails (and also hide their domain registration details) all in the name of “Privacy”.

Actually, “Hiding the originating IP address” which both Google and Microsoft as well as other service providers do actually is a boon to criminals to the extent that we can say that there is a “Conspiracy” to promote spam and help criminals.

Whenever law enforcement need to identify the source of an e-mail, they need to raise a CrPc notice and seek the information. Even then these “Privacy Protectors” who are themselves the biggest Privacy invaders try to frustrate the law enforcement by not providing the information until they are forced.

It is time for all Privacy protagonists to self introspect if this practice is actually protecting the “Privacy” and if so is it the “Privacy of the Criminal” that it is protecting while at the same time invading the privacy of an honest internet user.

If as a spam filtering mechanism we disable all incoming e-mails which donot allow the recipient to view the originating IP address then technically we can prevent spamming and perhaps even phishing. Unfortunately, this is not  practical at present since this would block almost all incoing e-mails.

We therefore need a solution where by the e-mail service providers like Google or Microsoft should enable an automatic process by which a “Recipient of an E-Mail” should be provided a direct request for originating IP option  so that at the click of a button, he should be able to get the Originating IP address.

The header information without originating IP address is of no use to the recipient and hence there should be some provision by which an “Expanded header with originating IP address” can be requested and immediately responded to by the ISPs.

This can also be enabled through a change of law making such a provision mandatory and I urge the Government of India to consider this change of law in the next amendment of ITA 2008.

Hopefully this will ease the burden on our law enforcement people and also reduce the need for the service providers to spend time attending to law enforcement demands.

Naavi

Today’s Kannada Prabha (Bangalore Edition) has carried an article as above. It is titled “Online Property Registration System: Confusion”. The article goes on to indicate that the Government of Karnataka has prepared itself for introducing a new system of property registration called “Easy Registration” in which part of the registration process is completed without the property owner presenting himself before the registrar.

A Complete English version of the circular is not available at this point of time and when available, the same will be posted here.

We had on September 19, 2015 posted an article titled “ Has Karnataka Legislature passed a faulty legislation and set to create a new Telgi ?“. In this article we had referred to an amendment that the Karnataka Government proposed for Indian Registration Act 1908 to enable registration of properties and Power of attorney documents without the presentation of the executant in front of the registrar.

We had highlighted that this was ultra vires the central Act namely Information Technology Act 2000 (ITA 2000/8) and hence cannot be passed.  There is no need to repeat this again here.

Subsequently we had also posted an article on August 11, 2017, titled Calling Attention of Dr Ponnuswamy Venugopal- AIADMK MP- on Proposed Amendment to Indian Registration Act 1908 ” where in we had indicated that the Parliament may also pass a bill which is ultra vires the ITA 2000/8.

The current article in Kannada Prabha under the credit line of Shivakumar Belitatte, appears to indicate that the Government has proceeded to act on this proposed amendments. I am not aware if the Government got the assent of the President for the proposed amendments. My request to the Government officials on this has remained unanswered and some body has to file an RTI to get the information.

Under the circumstances we proceed with the assumption that the Government is trying to introduce the system in defiance of the Central Government’s authority which has become a sort of political bravado some State Governments are trying to show as a part of their personal vendetta against the Prime Minister. Ms Mamata Bannerjee of West Bengal is in the forefront of such “Rogue States” opposing every action of the Central Government solely for the sake of opposing Mr Modi. Unfortunately, Karnataka Government run by Congress Party seems to be also following the footsteps of “Didi” and I would like to caution the IAS officers who advise the Government in this regard to show wisdom and courage to provide correct advise to the politicians who are blinded by their personal political agenda.

The purpose of this article is not to start a political debate on whether Karnataka is becoming a “Rogue State” like West Bengal. However, it is our duty to point out if any of the decisions proposed to be introduced by the Government has the danger of an adverse impact much beyond the immediate political obectives. This decision to introduce “Online Registration of Property documents without the physical presence of the registrant” is one such decision that has the potential impact of facilitating large scale frauds in the real estate transactions in the State and therefore needs to be guarded against.

I foresee the possibility of the real estate mafia to register benami properties and conduct land grab operations by initiating false and fraudulent property transfers without the knowledge of innocent property owners.

The urgency for introducing the online registration which is illegal at this point of time and ultra vires the powers of the State Government could have been felt because some of the properties of influential people are benami holdings and with the pressure on black money elimination, the benami properties need to be converted into other forms or sold off. The online registration system will be helpful for this purpose.

Along with the Benami property holders taking advantage of the system, there will be Cyber Criminals who will devise new forms of attack where by the properties of innocent citizens would be transferred without their knowledge. Some of this could be the properties of NRIs who may not know what is happening here or properties of deceased persons or properties which are in legal dispute.

As a result, all real estate property holders will be exposed to a Cyber Crime Risk which will render holding of property in Karnataka more risky than in other places. Those IT employees working abroad and holding locked flats in Bangalore may find that new flat owners could have been created overnight and properties sold off.

According to the news paper report referred to above, some of the senior officials have objected to the system but it appears that the political leadership has over ruled them.

I wish the IT Secretary and the Law Secretary stand up and resist this ill advised move.

Those in the public service who will read this and the local media should take up this matter with the High Court and ensure that the move is stayed with immediate effect.

I hope the CM of Karnataka realize that this move is very dangerous and will create an irreversible situation as was created by the incident of fake Stamp papers created by Mr Telgi because of which many property documents today are in use though the stamp papers used in the documentation are fake.

My friendly advise to the Chief Minister of Karnataka is that his political fortunes are better secured by not pushing through this “Online Registration System for Immovable Properties” and he should not succumb to the pressures from outside despite the need to raise funds from real estate operators to fight the next elections.

I also take this opportunity to call the attention of the Central Government to ensure that the move is stopped along with the bill in the Parliament which is under consideration.

Naavi