Naavi.org

“One fraudster has opened a current account in bombay. Deposited high value cloned cheques of another bank in his banks branch at surat. His banker is a collecting bank. Collecting bank officials have verified the chqs in UV Lamp and the official has signed and confirmed as”Verified under UV lamp”. City Back Office has sent it in CTS clg and the paying banker has passed the same eventhough the signature of the customer are not matching. Who can be held responsible? Is the collecting banker liable to refund the amount. If yes, who is answerable in collecting bank?”

I have received a query as above to an earlier article titled “Cheque Cloning Fraud that exposes the weaknesses in the Banking system”.

Many of the followers of this blog may not know that I was a Banker in my initial professional career and was also a faculty member for a long time teaching Negotiable Instruments Act in particular before the Banking system went digital and integrated Banking laws with Information Technology Act which is the law applicable to electronic documents. Many of the current day Bankers are “Computer Experts” and not experts in “Negotiable Instruments Act”. Veteran Bankers like us some times feel that current day Bankers do Banking as dictated by the systems and many times ignore the transaction behind the computer clicks. I therefore would like to respond to the above query in a little detail.

Before the ITA 2000 came into being, Banking was run on the principles of Banking law and Practice developed over a long time particularly under the British legal system. In India, Banks were administered through the RBI Act 1934, Banking Regulation Act 1939 and Negotiable Instruments Act 1881 among others. After the advent of ITA 2000, “Electronic Documents” were provided with legal recognition along with “Digital Signature”. Initially, Cheque along with Bill of Exchange and Promissory Note (together constituting the family of Negotiable Instruments) were outside the purview of ITA 2000. However, “An Electronic Letter with digital signature” addressed to the Branch manager could be treated as an operating instructions under which debits could be passed to the customer’s account. Later in February 2003, after the Negotiable Instruments Amendment Act 2002 came into force, Cheques in Electronic Form and Truncated Cheques were brought into the system. Since then RBI has been introducing many technical innovations. The Payment and Settlement Act and the more recent UPI and other digital payment systems have brought many changes which often appear to be in conflict with some of the established Banking law provisions.

In June 2001, the RBI under its Internet Banking Guidelines (Following the Mittal Group Report) clearly mentioned that Internet Banking cannot side step Banking laws and Consumer protection regulations applicable to Banking. In 2011, the GGWG Committee (G Gopalakrishna Working Group on E Banking, Information Security and Cyber Frauds) also reiterated that the current legal provisions endorsed by the Internet Banking Guidelines 2001 prevail. Despite this, the current generation of E Bankers often are oblivious to the existence of laws that affect Banking beyond the ITA 2000 and Payment and Settlement Act.

Even the NIBM and the Indian Banker’s Institute have been guilty of neglecting the conventional Banking laws when discussing the technology innovations and hence there is a wide spread ignorance in the industry about how to interpret the Technology along with the legacy laws.

Banking runs on the principles of “Banker-Customer Relation” that has been existing as the foundation of Banking and there is no reason this should be considered as not relevant today. However some aspects of the established principles such as whether  “Banker-Customer Relationship” is between the Customer and his Branch or between the Customer and the Bank as a whole, whether the timing of Banking, the holidays etc require to be re-interpreted in the light of the Anytime, Anywhere Banking and the use of ATMs, Cards, UPI type apps etc., needs elaborate discussion with the Banking law experts.

The query raised above open up an interesting debate on how should we interpret the Paying Bank and Collecting banker’s responsibilities in the current systems.

As per the Negotiable Instruments Act (NI Act), the paying bank is responsible  for “Payment in Due Course” under Section 85 of NI Act. He has to follow the “mandate” of the drawer of the cheque and when alterations have been made, it is liable irrespective of the expertise of a fraudster in committing the fraud through alterations.

The Collecting Banker is responsible for checking and ensuring that the apparent tenor of the cheque makes his customer the payee or the last endorsee of the cheque. He is responsible under Section 131 of NI Act for collection without negligence.

Once the system of “Truncated Cheques” came in to being, the responsibilities of the Paying Banker and Collecting banker has been re-defined to some extent.

In the Truncated cheque system, since the physical custody of the cheque remains with the collecting bank and only an image is sent to the paying Bank, the responsibility to check material alterations shifted from the Paying Banker to the Collecting Banker.

The responsibility of the Paying Banker is stated with the provisio “..Where the cheque is an electronic image of a truncated cheque, any difference in apparent tenor of such electronic image and the truncated cheque shall be a material alteration and it shall be the duty of the bank (Ed: the collecting Bank) or the clearing house, as the case may be, to ensure the exactness of the apparent tenor of electronic image of the truncated cheque while truncating and transmitting the image”. (P.S: Since the words while truncating is used in this section, it is considered to be a direction to the collecting banker and not the paying banker)

Only in case the paying banker had a reasonable suspicion about the possibility of material alterations, he was to call for the physical copy of the cheque. Otherwise the certificate of the collecting banker should suffice. The collecting Banker should digitally sign the truncated image and therefore takes the responsibility for the image as transmitted by him. The CTS officer should be personally responsible for applying his digital signature.

The amended Section 131 of the NIAct states “It shall be the duty of the banker who receives payment based on an electronic image of a truncated cheque held with him, to verify the prima facie genuineness of the cheque to be truncated and any fraud, forgery or tampering apparent on the face of the instrument that can be verified with due diligence and ordinary care.”

The 2015 amendment to NI Act further expanded the definition of the Cheque in Electronic form but did not affect the operations of the Truncated cheques.

In the case the query has referred to,  the collecting Bank (Surat?)  is responsible to check the material alterations. I am not sure if the collecting bank has actually checked the cheque under UV lamp and it went undetected. The Certificate may therefore be a “False” certificate.

In the event the UV lamp did not detect the erasure, it means that either the UV lamp could be faulty or the printing of cheque leaves was not on proper security form. The UV lamp deficiency is the collecting Bank’s responsibility.

The improper Cheque leaf or the inability to detect the specimen signature difference squarely belongs to the domain of the paying banker.

Paying Banker can be held liable in the above case if the background printing on the cheque did not get erased when the writing was erased.

If the signature is “Forged”, Paying Banker must reject payment and there is no escape even if the forgery is perfect.

If the signature is of the genuine customer only but differs from the specimen, then the issue is different. The Paying Banker may not be held liable for the signature difference since the mandate is to pay if “Signature is Genuine even if there is any difference” not where “Signature is tallying but not genuine”.

In summary, there is negligence both by the Paying Banker and the Collecting Banker. The relationship between the victim and the bank exists at the paying banker’s level and the Paying Banker by virtue of not being able to identify the material alteration is liable to compensate the drawer of the cheque even if the signature is genuine.

The Collecting Banker is liable to the Paying Banker for not being able to detect the material alteration and for failing to do a proper KYC on the fraudster and contributing to the crime.

Since the privity of contract is between the victim and the paying bank, the Paying Bank should be the first accused and the collecting bank should be the second accused. The fraudster could be the co-accused and I would place him in the last.

Victims should not fall into the trap of filing a complaint against the unknown fraudsters leaving the bankers even if it is suggested by the Police.

Simultaneously victims should launch adjudication since Police may fail to locate the fraudster and not keen on pursuing the case against the bankers and the case will eternally lie in the files of the Judiciary.

After the adjudication, it is likely that the Bankers will continue the legal challenge in an appeal and since TDSAT is the appeal authority for adjudication awards, it will be a pain for the victims to follow. They should therefore escalate the issue directly to the High Court since the merger of Cyber Appellate Tribunal with TDSAT is under challenge in Chennai High Court at present.

When the paying banker pays the customer by reinstating the balance in the account, he can claim the money from the collecting Bank. The collecting Bank can in turn collect the money from the fraudster customer for whom he has opened the account. Internal responsibilities (CTS officer or Account opening officer etc) are the issue of the bank to settle.

I hope this throws some light on the points raised in the query.

Naavi

Related Articles:

Cheque In Electronic Form, redefined, Implications on E Banking

ITA-2000 stands amended through NI Act Amendment: 6th December 2002

ITA-2000 and Negotiable Instruments Act : (2nd Nov 2000)

Virtual Negotiable Instruments…A Fantasy?: 22nd Feb 2001

Naavi.org was started way back in 1998 with a motto “Let’s Build a Responsible Cyber Society”. The “Cyber Laws” were identified as a “Norm” of the Cyber Society and hence “Cyber Law Compliance” has been a long term slogan of Naavi. It was way back in December 2000 that I made a statement in a CII seminar in Chennai stating that “Cyber Law Compliance is the Corporate Mantra for the Digital Era”.

It is of course another matter that nearly two decades afterwards we are still searching for Companies and Individuals who are keen to follow “Principles of Ethics” in their activities. Companies go after “Profits at all costs” and would not hesitate to cut corners and even down right cheat if there is an extra buck to be made. Cyber Criminals of course think it is their birth right to adopt any form on unethical behavior to reach their ends.  Some of them use technology to seek revenge on others and some use technology for financial gains.

Law enforcement tries to put barriers on such Cyber Crimes with limited success. Incidence of unethical behaviour of Law Enforcement itself is also not uncommon. Behind this is the force of our political system where the corruption of the past generation such as Bofors still make headlines today and our Ministers indulge in malpractices which are specially designed to put even disciplined army officers behind bars for extended periods just to gain some political credits. Our Judiciary can also deliberately make arithmetic addition mistakes to acquit an influential politician and even Supreme Court can conveniently reserve their judgement in such open and shut cases, until the influential politician respectfully leaves the world so that his/her reputation remains in tact at death.

It is a common observation today in the Job circles particularly in the IT Segment that people seem to keep jumping from company to company at frequent intervals without any loyalty to their employers. Some times the reasons for change is genuine as when the skills of the employee does not match the job profile or growth opportunities are blocked for reasons beyond the control of the individual but mostly it is pursuit of a few more rupees in salary and nothing else.

In certain cases, inefficiency sets in with the operation of “Peter’s Principle” and employers are also required to take the tough decision of giving out pink slips.

In certain other cases, some employees commit mistakes, land the Company in trouble but quietly move off to another company before their mistakes surface.

For example, in the Cyber Security domain, we say that on an average it takes more than 270 days for a security breach to be noticed by the organization and another 90 days for corrective measures to be applied. An intelligent CISO who comes to know of the issue much before others can very well leave the organization quietly so that during his tenure everything seems to be fine and some thing happened immediately after he left. This makes a great note for the CV but it is certainly not ethical to jump the sinking ship without even warning others and take shelter in a safe haven before things go wrong and suck others into the whirlpool of doom.

Whenever we discuss Cyber Law Compliance or even Cyber Insurance, we often come across situations where the CISOs donot want to admit that there are short comings in their actions and hence keep off further compliance actions until it may be too late.It is only the owners of establishments and Promoter Directors who are really concerned about Cyber Law Compliance and Cyber Insurance since they cannot run away.

In many cases of frauds, the owners go to jail themselves for negligence though the media often makes it out as if they were criminals themselves. But they often leave the controls of Compliance to their employee subordinates who may not have the same level of commitment that the entrepreneurs themselves have on the long term stability of the organizations and suffer.

Of course this argument excludes those entrepreneurs who specialize in setting up start ups without properly securing the businesses so that they can transfer them to some venture capitalist and run away  before it is too late.

Some times the Job shifts donot work out smoothly despite no ill will to start with. The current employers refuse to accept resignations and force employees who are no longer interested in continuing and in the process lose alternate opportunities.

Some times this may lead them to indulge in unethical practices such as abandoning the current employer and reporting at the new place without a relieving letter or a forged relieving letter. Some of them post derogatory messages in Glassdoor or Sarahah forcing the employers to seek legal remedies.

All these lead to an unpleasant employer-employee relations which is dysfunctional and unproductive for all. In certain cases it will kill the career of the employees who cross the limits of decency and indulge in contravention of law and end up in crimes such as  defamation and hacking of their old employer systems.  At that time it will be too late to put the clock back.

At the same time we also see some unethical employers who look at all outgoing employees as despicable and institute false cases against them only to prevent them from taking up other jobs.

In such an environment, seeking “Ethics” from ordinary people appears to be a little too much for this Kaliyuga. However, in every situation, there will always be some people who may still consider that if “Every One of us endeavors to be as clean as possible, the Society will be cleaner than what it is today”.

In pursuance of this “Eternal Goal”, it is our duty to recognize and appreciate the efforts of one Company in Bangalore which wants to create a business model out of an interesting concept “Ethical Job Seeker”.

This interesting concept was observed in a website www.iaccept.in belonging to a company called iAcccept Softwares Pvt Ltd, operating in Bangalore under what is indicated as a patented service.

The iAccept service tries to register employers and employees on its platform to build some kind of ethical behaviour during the time when a person is seeking the job, attending multiple interviews, accepting an offer at one place but getting a better offer in another and finally ending up up displeasing one or more employers.

The Employee thinks that it is his right to chose the best offer and the employer thinks that once he has issued an appointment letter and the person does not either accept it for an indefinite time or accepts it and later rejects it or does not simply report, is upsetting his plans for recruitment and wasting his time and money.

Often recruitment process runs for a long time for a month or two and if the candidate who has been interviewed by three or four executives and has been issued with the appoint letter makes it necessary for the organisation to go through the frustration of repeating the process once again, it leaves bad blood behind. In the meantime, if the acceptance of the resignation of its own employee who is being replaced is delayed, there is a problem for that individual also.

In a bid to find a solution to this problem, What iAccept proposes is to create a “Ethical Job Seeker” who registers on this platform. Simultaneously, potential employer organizations also register in the same platform.

The job seekers who register commit themselves to the following code of ethics:

I affirm that I have not and will not misrepresent about my educational qualifications.

I affirm that I have not and will not misrepresent about my employment status or my past or current employers

I shall always strive to keep my word and will honour any commitments made and believe that this is the foundation of my personal integrity.

I will not lay blame, try to justify, or give excuses. I will take prompt actions to innovate and improve to achieve better results. I will be accountable and I will take full responsibility to initiate all necessary actions.

It is expected that the candidates who accept an employment seeks a “release request” if he changes his mind and wants to accept another offer.

The job seekers would be evaluated with a “iAccept Score” which is computed out of a “Credibility Score” and “Ethic index”. When a candidate accepts a job, does not cancel or send regret letter and does not report would be considered as a “No Show” and his “Credibility Score” would suffer. Similarly when a candidate absconds from work without proper resignation and settlement of dues, his “Ethics Score” would suffer.

This means that a candidate who has built up a “Good iAccept Score” over a period is likely to get better attention from employers.

The registered employers on the platform submit themselves to the following code of ethics on their part.

As an organization, we will maintain positive, open, and value-added communication at all times and establish standards for ethical behaviour and integrity

We take pride in according individual respect, trust and teamwork.

We endeavour to sustain a work environment founded on dignity and respect for all employees

We help to make employees feel their jobs are important and cultivate the full potential of all employees

We encourage individual pursuit of work/life balance

We enable the well-being of individuals and their families through compensation, benefits, policies and practices

We appreciate and recognize the contributions of people who work here

We encourage employees to get involved in community endeavours

We consider the human toll when making business decisions

Obviously the concept will start providing benefits to the registered job seekers and employers over a period of time. The Companies are likely to have a higher concentration of ethical employees and the employees may get offers from companies good to work with.

The portal does not focus on being a “Job Portal” but encourages use of the platform to generate Service Letters/Experience letters without the need for contacting the old employers, send regret letters and also send in resignation letters.

Probably the concept can be further refined and additional value added. But we need to recognize that the idea is innovative and has a strong ethical objective to clean up the chaotic job market.

It is time for all job seekers and employers to take a look at this service and use it if it suits them.

Comments are welcome.

Naavi

We have discussed at length the subject of P2P lending platforms in the past and highlighted the need for proper regulation. Some of the earlier discussions can be found in the following articles.

Peer to Peer Lending Platforms and Regulatory Compliance

FinTech Companies need to watch out for the new regulations from SSWG

Will PSD2 have an impact in India?

RBI’s FinTech Working Group needs to secure Consumer interests also

Now RBI has finally come out with a notification that P2P lending platforms will be treated as “NBFCs”. (See Report here)

According to the notification

the term “the business of a peer to peer lending platform” shall mean the business of providing under a contract, the service of loan facilitation, via online medium or otherwise, to the participants who have entered into an arrangement with that platform to lend on it or to avail of loan facilitation services provided by it.

This is the correct interpretation as otherwise there would have been chaos in the financial services industry.

The P2P lending platforms raise funds at one end and lend it at the other end. While Banks absorb the funds into their account and then lend it out of their own kitty, P2P platforms may match the buyers and lenders directly and earn commission in between.

However, in practice it would be the platform that would be guaranteeing the repayment of loan participation coupons to the suppliers of lendable resources and recover the funds from the borrowers. If this had not been regulated, there would have been scope for many scams.

Though the Fintech company’s representative publicly states that they welcome the development, it is clear that many of the companies who were planning to come out with their Start Up operations have not factored in the regulations and need to completely revamp their proposed operations.

We welcome the move of the RBI.

Naavi

There is an entity called namo smartphone at IPO Building, 7 Race Course Street, Delhi 110001, with phone +91 7905457748 and e-mail address namo.smartphone@outlook.com.

This entity seems to own a domain name called FLIPKART-BIG-BILLION-DAY-SALE.COM and is offering some special gifts and sending out the following message through WhatsApp.

At first glance it appears as if it is a Flipkart official site since there is such a sale presently going on. Obviously, it is not.

The domain name has been registered at godaddy.com in the name “Namo Smartphone” which uses the familiar nick name of Mr Narendra Modi.

This therefore represents violation of two trademarks with an objective of misleading the public through “Impersonation”. It is therefore both an offence under Trademark Act and Section 66C of ITA 2000/8.

From the registration details, it appears that the domain name has been running since last 10 days without Flipkart recognizing it.

A little while earlier another WhatsApp message with special offers under the domain name flipkart-gst-sales.in was also received .

This domain is registered in the name of “GHFTYD FTYFT”, with phone number +91.9876545367 and e-mail ID, yogeshbtrn23@gmail.com. It appears that this person must be having several domain name registrations and all of them could be considered as tools for committing frauds.

With little effort, both these fraudsters can be traced if either Flipkart or the Police is really interested in public good.

It is only because companies like Godaddy.com are only interested in making money in domain names and not interested in public welfare and ICANN Is also encouraging this tendency to book domain names in fictitious names of registrants that such frauds are being facilitated.

I urge the Police to initiate action in these two cases which we are placing in the public domain and I urge Flipkart to register a complaint.

We have seen that whenever a new film is released, hundreds of websites are blocked under the suspicion that links to pirated copies would be made available in these sites, and even some Courts have issued orders of such nature on  “Unknown Potential Offenders”.

In such cases there is a producer who loses money and hence takes some action.  But in the Flipkart case, it is only the public who may lose money and hence no body seems to be bothered.

At least in this case since the reputation of Mr Modi is involved, will the Police take action?

Naavi

The system of Section 65B (IEA)  Certification was born along with Information Technology Act 2000 and has been in place  with effect from 17th October 2000. However, it was only in 2015, after the P.K.Basheer judgement of the Supreme Court stating that Section 65B certificate is mandatory for all electronic documents, that there was a realization by the legal community. Now in many of the lower Courts, judges are asking for electronic documents to be certified under Section 65B.

As a result, there is now a scramble for finding out  the format in which the certificate is required to be provided. Many are trying to find out a “Standard” format that can be used in all certificates.

One such standard format which is being floated around is an “Affidavit” format since “Affidavit” is the most familiar document in our legal system.

Every body in the legal fraternity has respect for the document when it is called “Affidavit” and wants to file an affidavit as a ritual for any statement to be made to the Court. Courts also look at it as a procedural requirement rather than a committed declaration.

There are not many instances where a person giving a false affidavit is punished for perjury though every body knows that when the petitioner and the respondent both present affidavits swearing some thing exactly opposite, only one is swearing on a truthful statement and the other is making a false statement under oath.

Technically there could be a case where both the petitioner and the respondent may believe that their statement is true and are therefore not making the statements in bad faith. But such cases are few where some interpretation or inference is involved and not facts. Most are cases where on a matter of fact two diametrically opposing affidavits will be filed in a Court as if it is a matter of right to lie before the Court in self interest. Courts are also lenient in such cases and are not punishing people who deliberately file false affidavits to mislead the Court.

We must first agree that just because a statement is made under the title of an “Affidavit” and on a stamped paper, it does not acquire sanctity. What is stated there in and whether the person has the knowledge that the statement is true is important.

In the case of the Section 65B affidavits, the statement may only say that the document filed as a print out “identical to the electronic document” which is available in the computer or mobile. But this is not sufficient for the document to be accepted under Section 65B.

In our previous article “An Affidavit will not be a proper format for Section 65B Certificate”, we had indicated why the Affidavit format used by some is not the correct format. Many have since asked me to clarify why I think so, particularly when some courts have accepted the affidavits.

Without meaning any disrespect to any Court, I would like to say that from 17th October 2000 till date many Courts have been accepting electronic documents without any certificate, let alone in the correct format in which Section 65B certificate is required. This does not make such submissions as acceptable under law.

During all these years, CEAC has been producing certificates in the “CEAC Format” which according to our humble opinion was what is envisaged under Section 65B and Courts have accepted this without any problem.

However, if some body asks me to publish a “Standard” format which others can also use, it is not possible. I am not saying this because the format is a “Trade Secret” but because each certificate is unique and distinct to the type of document and the manner in which it was observed and recorded.

In this respect I consider that a Section 65B Certificate is like the “Digital Signature”.

A Digital Signature is a combination of a representation of the person signing an electronic document and the content of the electronic document. Hence if the person is different or the document is different, the digital signature file is different.

Similarly, a Section 65B Certificate is uniquely tied to the content of the electronic document which is the subject of certification and the process in which they were experienced by the person who is providing the certificate. Hence there is no single format fit for all cases.

In the first ever case (State of Tamil Nadu Vs Suhas Katti, AMM Court Egmore, Chennai) in which CEAC filed a certificate signed by Naavi, the subject document was in a server of Yahoo Inc and was accessible within a “Group”. The document was certified in support of the Prosecution and I was also examined as an “Expert Witness” and cross examined. What the Court thought of the process was also briefly reflected in the judgement (Copy available on www.ceac.in).

Immediately there after, the same Court invited me to observe a “CD seized from a crime scene” and certify the contents there in. I did it for the Court.

Subsequently, I have certified a variety of documents such as “Web Pages”, “Documents in a Corporate Network computer”, “Mails received or sent by a person visible in his/her email server”, SMS or WhatsApp messages on a mobile, Blackberry encrypted files saved on a computer, CCTV footage, Audio visual files etc.

As one can guess, each of these instances are unique and my observations run in some cases to hundreds of pages and the Certified copies submitted have even run to around 1700+ pages in one case.

Most of the times the electronic documents are on an “As is where is” basis. In some cases, the report may view further documents with a forensic tool which also is certified under Section 65B.

I suppose people will now appreciate why a Section 65B Certificate cannot be put on a standard format atleast when CEAC is involved with its own reputation to maintain.

I also make it clear that CEAC Certification like any Section 65B Certificate is for admissibility of the electronic document and subsequently Court may invite a Section 79A registered “Digital Evidence Examiner” (Government Agency registered for the purpose…none has been registered so far) and subject the electronic document to any further forensic examination.

In some cases, I am being asked if the Section 65B Certificate can be given by the plaintiff or the respondent himself or his lawyers. I have maintained that this will be considered “Self Serving” and reduce the value. Further the advocate giving a certificate may not be advisable since he becomes a witness to his own case.

A “Trusted Third party” is always preferred.

CEAC may be one such choice but need not be the only choice. If the trusted third party is credible, it would make the work of the Judge easier and he may avoid the need for every electronic document to be submitted to a Section 79A certified Government agency for verification.

If the certification agency is credible as per the Judge, there may also be no need to examine the Certifier as a witness also. Further, the Certificate given by the Certifier to the person at whose instance it is provided, may be submitted by him to the Court under his affidavit stating that this is the document submitted by the Certifier and this should be sufficient for the Court to admit the electronic document.

There could be some minor disagreements as to the procedure involved in submission which each Court may try to decide on its own but this would get standardized over a period of time.

While on the subject, I will also have to mention another issue that confronts CEAC from time to time which arises from the lack of understanding the Section 65B certification process and format.

Many times the users are unable to understand the effort required in extracting the electronic documents and provide the certificate and often are disappointed that even me known for free service most of the time quote a minimum of Rs 5000/- for the service. On the average the actual cost could be even higher and those who are accustomed to paying Rs 1000 for a lawyer to send a notice find it difficult to appreciate the value. Similarly, some ask for certification of a print out taken by them which I refuse. I have however done many “Remote Observation and Certification” where the user is not right in front of me but sitting say in USA.

In one recent case, a software professional engaged in a matrimonial dispute used the services for CEAC certified E Mail Delivery to the respondent which was critical to the case. But even he was unable to appreciate the value of the service. Many times, when we approach a company for a software and they quote a few lakhs of rupees, we wonder why a software should cost so much. Similarly those who donot understand the service  are unable to also understand the value of the service and the cost involved.

It is only when the see that the CEAC certification under Section 65B is not a simple affidavit will they realize that the costs are not only reasonable but down right a steal.

I have elaborated this process for the reason that some of the persons asked me specifically to explain why the affidavit format is not favoured by me and I could sense that some of them may be having doubts as to whether I am rejecting a simple and cost effective requirement with some thing more complicated and expensive for personal vested interests.

I hope I have made things clear at least now.

Naavi

We speak a lot about “SPAM” and need to prevent it. We also speak of Phishing and other forms of impersonation that arises because people can send out e-mails (and also hide their domain registration details) all in the name of “Privacy”.

Actually, “Hiding the originating IP address” which both Google and Microsoft as well as other service providers do actually is a boon to criminals to the extent that we can say that there is a “Conspiracy” to promote spam and help criminals.

Whenever law enforcement need to identify the source of an e-mail, they need to raise a CrPc notice and seek the information. Even then these “Privacy Protectors” who are themselves the biggest Privacy invaders try to frustrate the law enforcement by not providing the information until they are forced.

It is time for all Privacy protagonists to self introspect if this practice is actually protecting the “Privacy” and if so is it the “Privacy of the Criminal” that it is protecting while at the same time invading the privacy of an honest internet user.

If as a spam filtering mechanism we disable all incoming e-mails which donot allow the recipient to view the originating IP address then technically we can prevent spamming and perhaps even phishing. Unfortunately, this is not  practical at present since this would block almost all incoing e-mails.

We therefore need a solution where by the e-mail service providers like Google or Microsoft should enable an automatic process by which a “Recipient of an E-Mail” should be provided a direct request for originating IP option  so that at the click of a button, he should be able to get the Originating IP address.

The header information without originating IP address is of no use to the recipient and hence there should be some provision by which an “Expanded header with originating IP address” can be requested and immediately responded to by the ISPs.

This can also be enabled through a change of law making such a provision mandatory and I urge the Government of India to consider this change of law in the next amendment of ITA 2008.

Hopefully this will ease the burden on our law enforcement people and also reduce the need for the service providers to spend time attending to law enforcement demands.

Naavi