Naavi.org

Mr Raghuram Rajan, Governor of RBI sprang a surprise during the press interaction on 14th May following the Board meeting at Goa, by hinting at setting up of a subsidiary to meet the Cyber Security requirements of the sector.

This in fact is great news for the sector and we hope that the idea is taken forward in the right direction.

Our own perception about the tenure of Mr Raghuram Rajan has been that so far he has been focussing more on the monetary policies and is actually neglecting the “Banking Regulation” aspect. This is the first time that RBI under Rajan has expressed a recognition of the fact that “Cyber Crime Risks” are  a concern.

The undersigned has repeatedly pointed out that RBI does not walk the talk when it comes it its policies on Cyber security. There is Internet Banking guidelines of June 2001 which mandated Cyber Crime insurance which Banks never implemented. There is April 2011 guideline following the G Gopalakrishna Working group committee report implementation of which is also lagging behind. The Damodaran Committee report was sidelined and not notified. Many guidelines on ATM security have remained unimplemented. RBI has never proceeded with suitable penal action which would have instilled a greater sense of responsibility in Banks. The undersigned has a personal experience of how RBI ignored taking actions against ICICI Bank, PNB, SBI and AXIS Bank which were in the forefront of bullying the Internet customers who had suffered losses on account of Cyber Security failures.

At the same time, even before securing the more than decade old Internet Banking system, Bankers  have been able to push advanced cyber Banking products such as Social Media Banking. Mobile Banking itself has moved into the second generation “App based Banking” which will revolutionize the way people use the Banking system. Recently we had lot of legal controversies surrounding App Based Taxi services. Similar issues may in future arise if RBI does not handle the App Based Banking regulations properly.

There is no doubt that technology will make a lot of difference to Banking. In the recent press interaction, Rajan repeated the words which have been part of my presentation slides for a long time that “Banking no longer belongs to Bankers. It belongs to Technologists”, the words of wisdom first uttered by Mr A.T. Panner Selvam, previously my senior colleague in Indian Overseas Bank, who later on went on to become the Chairman of other Banks.

But the undersigned has also repeatedly pointed out that any innovation in technology cannot be at the cost of “Security” of banking transactions using Bank customers as Guinea Pigs. The mandate for RBI is to manage the Indian Banking system with the core beneficiary being the “Customer”, who is the “Purpose” of Banking as Mahatma Gandhi put it.

In this connection, the undersigned suggested that RBI should make Cyber Insurance mandatory when the new Banking licenses were considered since the new generation banks are likely to have a larger stake in technology and therefore a greater technology risks. Of course RBI ignored such suggestions and did not even make a mention of Cyber Security as part of Bank licensing criteria.

So far, the perception of the undersigned (which I hope is not correct) is that RBI is subordinating its regulatory responsibilities to the commercial interests pushed through by IBA. It is for this reason that some Banks are pushing technology that is not compliant with law and exposes customers to greater fraud risks. If Mr G Gopalakrishna the former ED had not been vigilant, some of the Banks which were members of the working group headed by him would have pushed through certain suggestions which were bad in law.

During some of my interactions with RBI through RTI applications, I have even been told that RBI does not collect fraud data which can identify Phishing type of frauds from loan frauds. A recent RTI has given at least some information on the number of Cyber Crimes though there is no consistency with the figures of similar nature revealed by the IT Minister in the Parliament. The Cyber Crime metrics in banking industry is still unreliable and is a big hindrance to the development of Cyber Crime Insurance industry.

I hope all these apprehensions are things of the past and RBI has now recognized the need for a change of heart and recognized the need to address Cyber Security as a core issue. We therefore warmly welcome the development suggesting that there could be a focus on Cyber Security through a separate IT division.

The exact shape this suggestion will take needs to be watched.

We know that there is already an institution such as IDRBT under direct control of RBI with a reasonable expertise in technology and significant contribution to the Indian Banking system and its technology developments.  Will the new idea be an extension of IDRBT? or will there be a new Subsidiary? or will there be a new division of RBI? are some of the issues to be decided.

It is necessary that whatever be the status, the focus has to be on “Information Security” and not limited to “Information Technology”.

Presently the division of RBI which supervises payment settlement system has been providing enough impetus to technology through its own policy formulations often ignoring the security concerns. It will continue to promote IT and no new division is required for this purpose.

There is also a “Risk Monitoring” Department which does some good work on protecting consumer interests though little away from the technology aspects.

It would therefore be appropriate for RBI to consider a separate division or subsidiary which is called “Information Security” division/subsidiary. This division can also set information security standards for the financial sector and also work as CERT for the industry. Such a division can work closely with Cyber Insurers and develop actuarial data to help the industry to develop affordable cyber crime insurance products both for the industry and the individuals.

Also, if the entity is an external subsidiary, how will it be managed? What will the representation of RBI in the board? Vis a Vis the commercial Banks?.. is an issue to be settled.

I  have  suggested in the past creation of a fund for Cyber Crime loss reimbursement out of the KYC fines imposed from time to time. Such projects can be integrated with the Cyber Crime insurance and the activities of Information Security of the proposed department. In such a case multiple divisions of RBI may have to be represented in the activities of this new division/subsidiary.

Presently, the IT initiatives of RBI are often dictated by ICICI Bank and SBI.  These Banks in pursuance of their commercial objectives tend to relegate Information Security to “What is Commercially Feasible”. Some vendors also wield enormous influence in the decisions. We apprehend that there will be an attempt by these vested interests to take over this new “Cyber Security” entity  and ensure that it will also dove tail the commercial interests.

Mr Raghuram Rajan who appears to be dependent on his other colleagues on the subject of Information Security, should ensure that he is not misguided by vested interests in implementing these new Cyber Security initiatives.

I request all Information Security professionals to keep track of the developments in this regard and raise red flags when required.

Naavi

The strange ways of the functioning of Justice Karnan of the Madras High Court took another ugly turn with the Judge defying the order of the Supreme Court to open another area of confrontation. (See the report)

Earlier, the Judge had taken on his fellow Judge, Justice Dhanapalan as well as the Chief Justice of Tamil Nadu, Justice Sanjay S Kaul by raising the objection to Dhanapalan’s inclusion in a civil Judge recruitment committee alleging that Dhanapalan’s educational qualification was bogus. He did not stop at requesting the CJ to remove Mr Dhanapalan from the committee. He went ahead and suo moto ordered a stay on the committee and peppered the order with a threat that if it is violated, he would launch contempt of court proceedings against the CJ along with charging him under the Prevention of atrocities against SC & ST  Act.

This was therefore not a simple case of a vigilant Judge trying to bring to the open an irregularity or fraud. It was a case of a Judge threatening his superior with his judicial powers and also invoking the caste card.

It may be noted that Justice Karnan has a history of such “Threat to use Contempt of Court” and “Threat to use SC/ST Card” even in earlier occasions against the previous CJ also.

When confronted with the threat and the Judicial order issued by Karnan, the CJ approached the Supreme Court for direction and a thre Judge bench stayed the order of Karnan. It had ordered that Justice Karnan shall not interfere with the Civil Judge recruitment process.

Now. according to today’s report, Justice Karnan has indirectly defied the Supreme Court order by another suo moto order. Now he has issued a direction to CBI Chennai to conduct an enquiry on Justice Dhanapalan’s educational qualifications. He has also furnished some information obtained through RTI.

While one can appreciate the commitment of Justice Karnan to oppose an irregularity if present, his frequent threats of invoking the Caste Card as well as the Contempt card projects him as a Caste activist. In the recent incident he has also threatened to open up “Muslim” and “Christian” issues  indicating that he would go to any length to achieve his goal. An analysis of the events indicates that he holds a  a personal grudge against Justice Dhanapalan and wants to settle it with all the powers at his command.

The lack of self restraint and diplomacy is an issue that must be making both the Chief Justice of Madras High Court and the Supreme Court wonder how to handle this unprecedented situation.

The controversy has many possible outcomes and it would be interesting to see how it develops into any of the following situations.

Will CJ of Madras and India continue to remain within the strict boundaries of petitions before them and ignore the move of Justice Karnan dragging CBI, Chennai into the controversy? Or

Will they suo moto order another stay on this order?

Will CBI or CJ- Madras move the SC in the matter?

Will Justice Dhanapalan move SC in the matter?

Will SC move a contempt of Court action against Justice Karnan?

Will there be any impeachment motion against Justice Karnan?

Will any responsible member of the public move the Supreme Court to stop this washing of dirty linen in the public by the Judge?

….Let’s wait and see the drama unfold

In the meantime we reiterate that when a person takes the oath of a Judge, he must also give up his rights under the Caste and Gender based legislations that our society has adopted to protect the lesser mortals.

Such laws are blatantly against the “Principle of Equality” and  related to “Vote Bank Politics”. They need to be amended to exclude the “Creamy layers” so that it protects those who need protection and does not become a tool in the hands of empowered people to misuse.

While they remain in the books, they need to be upheld by Courts when citizens invoke them. But when Judges  invoke such laws with suo moto orders, to protect their own causes, the laws may be considered as  being used for  “Self serving” purpose.

We need to therefore find a method to exclude exercise of such rights by Judges.

The Supreme Court now has an opportunity to look into this matter and pass appropriate ruling to prevent similar incidents in future.

Supreme Court may therefore consider  if a Judge should voluntarily excuse himself from using  caste or religion or gender based protection to further his own causes by an appropriate oath.

The use of Contempt law against another Judicial person should also be excused since any disagreement can always be handled through appeal in the proper course to a superior judicial authority.

If Supreme Court remains silent, we may see more of such incidents in the future and the respect the Judiciary should enjoy with the public will be severely eroded.

Naavi

I am suddenly reminded by linked in that today naavi.org completed 17 years of existence. I was woken up to this reality by the congratulatory messages sent by some of my friends. 17 years has been a long time and changes have occurred in all aspects of life. Normally we say that the Internet world moves 4 times faster than the physical world and hence these 17 years are equivalent to nearly 68 years of development in the physical space.

It is interesting to place on record here some of my immediate thoughts on this long journey….

When I entered the Internet space, it was through my journalistic credentials. At that time I was writing a regular column in Indian Express as a finance specialists advising investors on “Investment for the week”. Besides this, I was a reasonably prolific writer in news papers with regular contributions of research on investment trends, public issue trends etc. By that time I had already been involved in the designing of websites for Corporation Bank, Sundaram Finance and several other clients of RKSWAMY/BBDO advertising. I was therefore tempted to host a website just to host my personal information. Naavi.com and Naavi.org were registered in this context. Over a period of time Naavi.com was lost to a cyber squatter due to a mistake of delay in renewal and Naavi.org continued.

What was initially a personal site of the undersigned then was turned into a Cyber law site with the draft of E Commerce Act 1998 being put up for public information and feedback. Since then with the pumping in of information and views on various developments, Naavi.org developed into a portal. There was an attempt to convert it into a bigger portal with sections on information security etc but finally, it was only practical to retain it as a personal blog.

After lot of persuasion from friends, the word press version was launched from 12.12.12 and the older model of the site was relegated to the background with a link from the home page.

Many of my friends may not be aware that the postings on the site include some serious work on Cricket ratings for World cup which is even more relevant during the IPL. It also had links to other personal interests such as elections in India though the central theme has been “Cyber Laws”. Moving with the times, there have been several Netizen issues that have been taken up with missionary zeal often resulting in brushing the authorities on the wrong side.

During these days, there have been many successes and perhaps as many failures and disappointments and frustrations. Often these have been put forth on the website such as when the Cyber Appellate Tribunal becoming defunct, the Bangalore Adjudicator shutting off further activity of adjudication etc. But after a brief period of disillusionment with the authorities, we have moved on with renewed hopes that one day things will be better.

In the meantime Modi came and created a new hope. Though this hope is also on the wane, the eternal optimist in me says that “some thing positive is around the corner”.

The good wishes of all my friends has renewed this eternal hope as I continue to search for something more encouraging than the present…..just around the next corner…Thank you…

Naavi

NASDAQ is reported to have started a pilot project to use Block Chain technology which is the foundation of all Virtual Currencies including the well known “Bitcoin”, for the trading of shares in the Pre-IPO stage.

Some details are available in this article in WSJ.

This is an innovative attempt that commends appreciation. It is considered that the technology may pave the way of real time settlement of trading. Presently stock markets operate on T+2 settlement cycle where as Bitcoin transactions are often settled in 15 to 20 minutes.

The system may require two kinds of users namely the investors themselves and the other service providers who provide the settlement services. These settlement service providers would have to be provided a “fee” for their services which will have to be boarne by the investors or the underlying companies.

Each time a transaction is reported, it is sent to the central system and the settlement service providers pick up the transactions and try to create a link to the existing block chain based on the rules set by the algorithm. The first person to crack the solution would be rewarded with the fee and the solution adds the transaction to the existing block chain. Then the next transaction is taken up for addition. The additions can be on a single transaction or a set of transactions at a time and perhaps the fee may have to be determined on the basis of  the number of transactions added.

While the existing stock brokers can be the logical settlement providers, there is scope for the public at large also providing similar services so that the settlement times shrink and tend towards real time settlement.

Despite the bad reputation which Bitcoin gathered because of its use by Cyber Criminals, Naavi has been one of those who has been indicating that a “Virtual Currency” or a “Crypto Currency” like Bit Coin is only a technology innovation and has a huge potential for multifarious use. RBI has created a perception that “Bitcoin” is not acceptable and is illegal per-se and hence the Crypto Currency technology has not taken off in India.

We urge RBI to reconsider its decision and for SEBI to also start thinking on whether a NASDAQ initiative can be tested even in India.

Naavi

There is a strange a set of developments that has been reported from Madras High Court which reflects a serious threat to the way people look at Judges.

For records, I refer to the article “Judge Threatens Madras HC Chief Justice with contempt”. 

According to this report, a Judge of the Madras High Court, has issued a  Suo moto judicial order against an administrative order of the Chief Justice constituting a recruitment committee to select civil judges.

The objection raised is to the presence of one individual member in the committee and not any decision of the committee. While raising the objections, the Judge Karnan has invoked caste and community considerations and passed remarks on his colleagues which could be considered as defamatory.

Additionally, he has held out an open threat to the Chief Justice that SC and ST atrocities (prevention) act will be invoked by him against the Chief justice Sanjay Kaul besides a contempt of Court proceedings, if his order is interfered with.

The bone of contention is the recruitment committee comprising 5 judges, namely Justices, V Dhanapalan, R Sudhakar, D Hariparanthaman, N.Kirubakaran and R Mala along with TN public Service Commission Chairman and other officers, which is to interview candidates for selection as civil judges. Justice Karnan has raised objection that Justice Dhanapalan has allegedly produced “bogus educational qualifications” about his bachelor and masters degree in law and also raised objections that the committee does not have a representation of a “Muslim Judge” and a “Christian Judge”.

Obviously, the Chief Justice of Madras High Court has referred the matter to the Supreme Court and a bench of the Supreme Court headed by the Chief justice of India will consider the reference on Monday (11th May 2015).

The incident has raised many issues that need to be addressed by the Highest Court and is likely to be a starting point for a greater debate on where our Judiciary is heading? and how our Government’s policies of appeasement of vote banks is corrupting the Judicial system in the country.

The incident has first of all raised an issue of whether a “Judge of a High Court can over rule the administrative decision of the Chief Justice by a suo moto judicial order?”. The alternate option available to the judge if he was aggrieved was to move the Supreme Court as a petitioner objecting to the Chief Justice’s order. There was also an opportunity for a member of public  to raise the issue before the Court through a PIL and if it had come before him, he could have acted. However the judge has taken the decision to use his Judicial powers to pass an order against the administrative decision of the Chief Justice and also tried to tie up the hands of the Chief Justice with a notice of “Contempt of Court” if he decides to use his judicial powers to over rule the decision. By this yard stick, any order of the single judge if taken up by a larger bench of the same court would be constituting a “Contempt of Court” according to the precedent set by this Judge.

The moot point now is that when the Supreme Court hears this matter,

Will this Judge also take a suo moto case against the Chief Justice of India that he has also committed a Contempt of Court?

If not, how does he distinguish that there would be contempt of court if the Chief Justice of Madras takes a decision to say constitute a larger bench of the Madras High Court to consider the objections raised by a brother judge but not when the Supreme Court takes it up?

Does this mean that in future objections against a single judge of a High Court can only be appealed or reviewed by a higher court and not the same court with larger bench?.

What will then happen to the decision of a single judge of the Supreme Court itself?

Will it be immune to further revision of any kind?

Obviously, Justice Karnan has raised an issue which is likely to cause a type of constitutional crisis.

Another issue that Justice Karnan has raised is on the educational qualifications of a fellow Judge. If the allegations are being made, they are defamatory in nature and possibly the victim fellow Judge has a case for “Suo Moto Registration of a defamation and Contempt of Court” case in his Court and pass orders that Justice Karnan should be further charged. If he does it, it will be an amusing  battle of the two judges each taking up contempt charges against the other and using their individual judicial powers to summon each other and pass orders against each other!.

(This hypothetical possibility reminds me of instances in the Indian mythology, about discussions on whether a Bramhastra can be invoked in defence against Bramhastra. Normally it is said that it is disrespect for the astra to do so. In Ramayana, at one instance Hanuman out of respect for Bramhastra submits himself to be bound by Indrajit though he had a boon of immunity against Bramhastra. This Judge Vs Judge fight each using the Contempt astra is similar to such an incident.)

At this point of time we donot know what evidences Justice Karnan has with him to prove his charge on Justice Dhanapalan, based on which he has pronounced some Judicial orders. If he is not able to provide the proof himself immediately before the Supreme Court on Monday when the hearing takes place, there will be a prima facie case of “Contempt against Justice Dhanapalan”. If he produces evidence, that will be a separate dispute where Justice Karnan is the petitioner and Justice Dhanapalan is the respondent and perhaps CBI will investigate. The Court of Jurisdiction for this is perhaps the Supreme Court and not the High Court of Madras.

Yet another dispute which has now come on the table is whether there can be “Dalit Judge”, “Muslim Judge” and “Christian Judge”?… And by implication, is Justice Karnan suggesting that there should be tags of  a “Hindu Judge”, “Jain Judge”, “OBC Judge”, “Yadav Judge”, “Reddy Judge”, “Khamma Judge”, “Lingayat Judge”, ..etc etc…?

This tagging of judges on the basis of caste and religion and threat of invoking SC & ST Atrocities (Prevention) Act for routine judicial matters such as a judgement of a Dalit Judge, is a worrying indication of corruption in the system. Justice Karnan is implying that if any of his decisions are questioned, there is a Caste angle to the opposition. This very implication itself is objectionable. His attempts to draw other controversies based on religion is likely to arouse further divide in the Judicial circles based on religion. The next logical objection will be whether in every case we need to check the religious affiliations of the Judge vis a vis the caste and religion of the litigants. If the two litigants are of different castes, may be it is necessary that the Judge should belong to neither of their castes (!).

If respect has to prevail in Judiciary, Judiciary should shed the tag of “Dalit Judge” or “Muslim Judge” or “Christian Judge” and declare that once a person assumes charge of a “Judge” at whatever level, he ceases to be recognized for his religion or caste. He should be considered to have given up his religion at least as far as his professional standing is considered. He should not seek any favours because of his caste or religion. This also means that any promotions of Judges should not be based on his being from a particular caste or religion.

I wish that the Supreme Court makes such a declaration when it hears the reference of the Madras High Court and declares that there is no religion for a Judge, he is deemed to have given up all his rights based on caste and religion as soon as he became the Judge and no law based on religion can be invoked by any judge.

As regards the alleged fraud by a fellow Judge on educational matters, the Supreme Court perhaps has the option to suggest that the complainant judge can petition with the Supreme Court with evidence and it could be a taken up as a separate litigation. It can also provide an option to the alleged Co-Judge to initiate defamation proceedings at the Supreme Court at a personal level.

All in all, the developments at Supreme Court tomorrow will be highly interesting and perhaps will be much more important than the Judgement in Jayalalitha case which is expected from the Karnataka High Court on the same day.

Will the media recognize the importance of the two disputes “Justice Karnan Vs Justice Dhanapalan and “Justice Karnan Vs Chief Justice of Madras High Court” both of which will simultaneously be before the Supreme Court tomorrow?.

Will Arnab Goswami have the guts to challenge if Justice Karnan is a real victim or a person suffering from persecution complex?

PS: This is not a “Fake News” nor an imaginary case study of “Karna”, the legendary character of Mahabharata. This is “Real” and belongs to the category of “Believe it or Not”.

We believe there is no “Contempt of Court” since what is presented here is based on facts before the public and the comments constitute a reasonable journalistic remark on a development of public interest.

If any Judicial person or authority is hurt by this report, (I am sure there will be many such souls living and dead), my sincere apologies to them since I share the same acute agony with them that the Indian Judiciary should come to this state of affairs and the highly respected Madras High Court has become an object of such discussion.

Naavi

Related Article:

Justice Karnan continues tirade against judges selection

SC slams Madras HC judge’s conduct

Madras HC Chief Justice seeks transfer of Justice Karnan

Karnan moves SC panel against Chief Justice Agrawal

Judge Karnan Takes Fight to SC/ST Panel

In an answer given in the Parliament, the IT Minister, (based on RBI records) has reported  the following information on Cyber Frauds in Banks.

At the same time, as per the Minister’s statement,  CERT IN has provided some details on the phishing incidents.

Reference: Article in Business Standard

The undersigned had also asked for similar information from RBI through an RTI application which has resulted in the following data as on April 30, 2015

One can see that there is no correlation between what RBI has given to the undersigned directly and what the Minister has stated in the Parliament.

This lack of reliability of Cyber Crime data is what is making it extremely difficult for the industry to understand the impact of Cyber Crimes on business.

I recently had an an occasion to discuss this with the representatives of the Insurance industry also and found that there is virtually no clarity on the domain of Cyber Crime insurance though some of the insurance brokers have been offering it in the form of liability insurance. But if the Cyber Crime Insurance industry has to come out with useful offers that would provide confidence to the IT user community, then there is a need for a major initiative by the Government to give a boost to the industry in some form.The Information Security professionals in the country need to put their heads together and work out a plan  of action to leverage the Information security initiatives of user industries by appropriate cyber insurance coverage.

Naavi