Naavi.org

In what should be an eye opener for the new generation tech companies, who are unmindful of legal compliance, In Mobi, the mobile advertising company has been fined US $ 950,000 (approx R 6.39 crores) for collecting information about children without their consent and violating the provisions of COPPA (Children’s Online Privacy Protection Act ).

FTC (Federal Trade Commission) initially fined US$ 4 million and later reduced it to $950,000. InMobi claimed that due to a technical error that led to the process not being correctly implemented. As a result information was collected even when the privacy settings of the consumers were configured otherwise.

Naavi has many times warned the Start Ups to undertake an “ITA 2008 compliance” as part of the “Techno Legal Feasibility” before scaling up their activities. Unfortunately these companies have other priorities for their scarce resources in the initial days and later become too engrossed in business development to take care of legal compliance. The result of such ignorance and negligence is what results in liabilities such as these. It is possible that the company would not have covered themselves with appropriate insurance also and hence has to absorb the loss from their revenue itself.

Hope the company is able to absorb the loss and proceed.

Related Article

Naavi

It appears at this point of time that BrExit is really happening.  As the effects of the unexpected result unwinds, the debate now is what will be the effect of the BrExit on India in general and Indian stock markets and Indian Economy in particular.

Before we start discussing the impact, we need to first congratulate the British public for perhaps what can be their first “Independence Day Feeling”. We in India and even US have an experience of an “Independence” but Britain perhaps did not have one and this occasion has given them a new experience. Let them enjoy.

As regards the impact of the result, there is a reasonable expectation that there will be a new election in England and a new Government as well. There will be lot of changes happening in England and the rest of EU. The exchange rates will readjust with US $ becoming stronger as well as Japanese yen. The EU currencies and the British Pound may become weaker. Those companies who have a trade surplus in EU area and have not hedged their exchange risks will be adversely affected. The IT Companies of India which have a huge exposure to the EU market need to check if they have been holding any open positions and re assess the impact.

The next quarter announcements of financial performance of these companies will indicate that they may have to revise their guidance mostly downwards.

The stock markets in the next one month will be down by atleast 5% from current levels.

However, in the long run, the business in EU will remain whether the contracts are decided by a new leader or by the old leader. Hence the overall business opportunities will remain. Probably the IT companies will gain new business since what they did so far for EU will have to be re-done with EU-UK and UK as two different entities. It will be like the Y2K moment where any change will lead to re-work of software and additional business for IT service providers.

It is now open to the Indian IT companies to quickly make a Business impact analysis and put together a response team that can immediately suggest revised versions for all they did in the last few years as software solution to Banks and other financial institutions as well as Government institutions and review what needs to be done now.

Then BrExit may actually benefit India.

I think that the days are interesting and innovators will make a kill. I am sure India has many of these innovators and we can look for an overall benefit to India being carved out. This will ofcourse be a challenge to the Government also and it has to come up with its own strategies to take advantage of the situation and act with a nimble foot.

Let’s watch and enjoy..

Naavi

P.S: If EU economy weakens by breaking into parts, the benefit will be for US and probably for economies emerging into the top of the heap and that includes India.

Naavi has been repeatedly emphasizing the need for banks to provide mandatory Cyber Insurance for the benefit of the customers as a support to the technology related innovations which have changed the threat landscape in the Banking industry.

While new technologies have reduced the costs and improved the profits of Banks, the customers are left to handle the increasing risks in exchange of the “Convenience” which is part of the new life style to which we are getting accustomed to.

The possibility of a major Cyber Heist wiping out the bank accounts of a large number of Bank customers and eventually the Bank itself is looming large on the Indian scene and I repeat that Mr Modi and Arun Jaitely will be considered unimaginative if they donot see the risk and take steps to mitigate the risk.

In this context, it was refreshing to hear that a Los Angeles bank namely Grand Point Bank introduced cyber insurance policies for it customers for covering against wire-transfer fraud schemes.

According to the report, ” the coverage includes losses from wire-transfer scams including business email compromise. In business email compromise schemes, fraudsters pose as executives or vendors from a business, sending requests for money transfers to accounts controlled by criminals.”

FBI data shows that criminals have sought to use such “Business Email Compromise scams” to steal more than $3 billion since June 2013.

The policy, which is underwritten by Hiscox Inc, a unit of Hiscox Ltd, costs $30 to $70 per month for up to $1 million in coverage.

India also have seen many such incidents and instead of exposing the business to such risks, companies would be happy to spend some money and cover the risks.

We look forward to Insurance companies in India pushing such policies and Banks adopting them.

However, unless the Government or the new RBI Governor who may take over RBI Governance in the next couple of months takes this up as a part of its initiative to secure E-Banking in India, it is unlikely to be a reality.

The regulators should however ensure that the cost of such insurance should be shared between the Bank and the Customer with a weightage of at least 70% for the bank and 30 % for the Corporate customer. The risk sharing may be higher for the Banks at 90%:10% for the retail customers.

Naavi

Related Article:

Tata Asset Management CEO’s E mail hacked

Currently, the Government has announced a merger of SBI with some of the associate Banks including SBM.

It is reported that a new fraud has surfaced in which fraudsters are calling associate bank customers and informing them that due to the merger, they need to change their ATM card and collecting the card details to fraudulently withdraw the money.

All Customers are warned not to fall to such fraud attempts.

I also urge Banks and Police to immediately take steps to ensure that the fraudsters donot continue with the fraud.

Naavi

The hallmark of Democracy is that every Citizen has a right to be entitled to Quick and Fair Justice. But when the system fails to provide this fundamental right of a citizen, the society faces the danger of the raise of extra constitutional forces. Such failures encourage the growth of  “Naxalism” which soon escalates to anti national activities and terrorism.

It is therefore essential for the “System”, which consists of the Government, the Judiciary and the Administrators to do their very best at all times to ensure that the “Rule of Law” prevails in the country.

The Government is responsible to frame proper laws, the Judiciary is responsible to deliver the justice and the Administrators which includes the law enforcement machinery is responsible to provide the support required by the Judiciary.

Karnataka has been often hailed as a technology savvy state and Bengaluru is recognized as the “Silicon Capital” of India in view of the presence of a large number of IT industries. It is also of late trying to be the “Start Up Capital”. The perception therefore is that Bengaluru in particular is endowed with rich IT talent and sets an example to the rest of the country in all matters related to IT.

However, despite specific efforts, Bengaluru has failed to make progress when it comes to delivery of Justice to Cyber Crime victims and I would like to highlight one of the major shortcomings in the administration of Cyber Justice in Karnataka and the specific role of the IT Secretary of the State in this regard.

The law relevant to delivery of Cyber Justice in India is the “Information Technology Act 2000 amended in 2008” (ITA 2000/8).

Under this law, any person who has suffered a financial loss of an amount upto Rs 5 crores, arising out of any contravention of ITA 2000/8 should approach the IT Secretary of the State for seeking damages. The IT Secretary is called the “Adjudicator” who has been bestowed the powers of a Civil Court without the burden of the archaic procedures of the Civil Procedure Code to conduct an enquiry and render his award within 4 months. The Adjudicator has the sole jurisdiction in this regard and no other Court can hear a matter that comes under his jurisdiction.

The net effect of this legislation is that a Cyber Crime victim who has suffered a financial loss can be provided quick justice through an “Enquiry Process” by the Adjudicator. The process of filing a complaint is simple and the cost is less than going to a Civil Court (which option is anyway not available for claims upto Rs 5 crores).

Though the law makers who wrote ITA 2000/8 provided for this special judicial process called the “Adjudication”, the IT Secretaries of Karnataka have not been keen to accept this responsibility and do everything in their powers to discourage public from approaching them with a complaint under Section 46 of ITA 2000/8.

Chennai was the first City from which an IT secretary  started his adjudication activities, way back in 2008. Suequently, an IT Secretary from Mumbai continued the tradition and now the Chattisgarh IT Secretary seems to be active.

The techno savvy IT Secretaries in Karnataka donot seem to be interested in pursuing their statutory responsibilities as “Adjudicators” and have  found a clever way of keeping the applicant’s off. The Government and the High Court of Karnataka are not concerned with the plight of Cyber Crime victims in Karnataka and allowed the lawlessness in Cyber space thrive in Karnataka.

Whenever we speak of Cyber Crimes, we immediately turn our attention to the Cyber Crime police station which is doing an excellent job of investigation. But the role of Police ends with investigation and their success in prosecution depends on the Criminal Justice system which is in the hands of the Courts and administrators.

ITA 2000/8 envisaged that while the Police may pursue prosecution of a Cyber Crime perpetrator, the system of Adjudication may parallely be used by a Cyber Crime victim to claim financial damages not only from the ultimate perpetrator of a cyber crime but also from others who aided and abetted in the crime.

In most of the financial cyber crimes such as Bank frauds or Credit card frauds, the perpetrator may be hard to find but the intermediaries who aided and abetted the crime such as the Banks who opened the accounts for the fraudster and helped him launder the fraud proceeds or the Mobile Service providers who issued duplicate SIM card without verification or a merchant establishment whose employee stole the credit card data can be identified and held liable under ITA 2000/8. If therefore the Adjudicators are interested in dispensing justice to Cyber Crime victims and do their duty cast under law, many Cyber Crime victims can find relief much before the Police are able to find the Cyber Crime perpetrator who may sit in Nigeria or a far corner of India and prosecute him.

In one of the cases which was brought before a Karnataka Adjudicator, the cyber crime victim had lost money due to the negligence of Axis Bank and hence claimed the money from Axis Bank which was vicariously liable under ITA 2000/8. Unfortunately, Axis Bank also happens to be the Bank which does e-Governance work for Karnataka Government and there was a conflict of interest for the IT Secretary to take up the complaint against Axis Bank.

However, the IT Secretary not only went ahead of the proceedings without recusing himself from the proceedings but also passed an award which was bad in law and prevented any further complaints being filed on any Banks under Section 46 of ITA 2000/8. Though the Karnataka Human Rights Commission intervened and the Law department of the State also gave its opinion that the award was legally incorrect, due to the failure of the Karnataka High Court to review the decision and the non functioning of the appellate authority in Delhi, the flawed award remains a law in Karnataka since 2011.

The responsibility for correcting the situation lies primarily with the current IT Secretary of the State. But the silence of the IT Minister, the Chief Minister as well as the Chief Justice of Karnataka who has the ultimate responsibility for maintaining the judicial system in Karnataka are also unpardonable.

Are all of them ignorant? Are all of them unconcerned?

History will judge how the cyber judicial system was trampled upon by the system in Karnataka and the failure of the political leaders as well as the Judiciary in Karnataka.

Naavi

It will appear strange that Naavi is calling for “Save Facebook” when most think that it is in great shape and thriving to challenge Google today which itself has dwarfed even Microsoft. But for those of us who have seen Napster and Orkut go into oblivion and Bitcoin becoming too shady to touch, the possibility that Facebook may also go the way of these “Once giant and now an orphan” group of activities is becoming visible and motivating me to start this initiative on a trial basis.

Since Facebook has gained a greater proximity to our society and today even the not so IT savvy persons around us are becoming addicts of Facebook there would be undesirable consequences around us if Facebook fails and more so if it falls into the hands of criminals as a platform of their communication more than that of the law abiding Netizens. Whenever some regulations affect the freedom of expression in the social media, all of us jump to defend the media and its sovereignty. (…though Naavi never supports the concept of “Freedom to Abuse” as being part of “Freedom of Speech” as many others may consider)

While speaking on a TV channel a few days back, I had suggested that in order to bring some orderliness to the use of Facebook for the benefit of the society, people should organize themselves into “Special Interest Groups” and try to follow an ethical and useful way of using Facebook as a medium of communication. (This also applies to other social media vehicles including WhatsApp.

Now I am looking at the other side of what my suggestion pointed at which unfortunately is not so palatable and is actually a threat that is looming over our heads. This threat arises from the misuse of the “Facebook Groups” by criminals and terrorists which needs to be checked by all of us who consider that Internet is good and Social Media is also good and needs to thrive.

Facebook provides three different privacy settings for the “Groups” namely, “Public”,”Closed” and “Secret”. Most of us who use Facebook as a medium of communication to the world at large prefer to use the “Public” mode and allow the postings to be picked up by search engines and read by all Any body can join the group and post on the group.

Those who have certain reservations on who can post on a given group and some who want to use it as a communication only among friends, use the “Closed” settings so that though the content is visibe to all, only “members” have access to the information posted there in only if they are invited or endorsed by an existing member.

The groups designated as “Secret” are not visible to non members and also to search engines and remain  truly private platforms. In a way this affords the highest privacy and is good for some groups.

However, of late, it has been observed that this “Secret Groups” are being created by anti social elements including terrorists to communicate among themselves. They are trying to entice children in particular and other vulnerable sections of the social media users to become members and thereafter exploit them.  When our children are members of such group,s we never know if they are in the midst of a bad company.

Such groups may be used for distribution of “Drugs” and by “Pedophiles” and may be other “Cyber Criminals” of any description.

If Responsible Netizens” donot take preventive steps today, soon we may find that more and more such “Dark Facebook Groups” will emerge and lure innocent persons as targets of crime (such as child abuse) or as tools of crimes (such as mules in a phishing fraud).

At the same time,such groups may be used for spreading terrorist messages and radicalize the members of the society and later to recruit them for terrorist acts including the dreaded “Lone Wolf Attacks” which are extremely difficult for the law enforcement to detect and prevent.

Once this trend becomes more rampant, we can expect law enforcement to turn more aggressive and start squeezing for more and more access to private conversations and users resorting to encryption of different types to avoid them. Then law enforcement will further tighten the “Right to decrypt” and make life difficult for honest citizens.

Since “Security” is always a priority over “Privacy”, in the end we all have to support measures which some may find “Draconian” but others find it inevitable. Then there will also be Snowden leaks, Neera Radia tapes or Essar tapes and every body starts blaming the system.

Ultimately a day may come when honest people will leave Facebook and the entire Facebook may become part of an underground movement against the society. This is precisely the danger which Bitcoin finds itself in at present.

Since I donot want this to happen, I call for this campaign to “Save Facebook” through an effort of the “Responsible Netizens” who shall be also the “Watchdogs of the Social Media”.

For this purpose I have created a separate Facebook group and invite members to participate in its activities to contribute towards “Responsible use of Facebook”. Though Naavi.org itself was born under this concept “Let’s Build a Responsible Cyber Society” and since 1998, Naavi has been trying to do whatever is required to meet this objective, to tackle the growing menace of the Dark Facebook Group, it is considered that it is better to have a Facebook group itself.

What this group essentially has to do is that if the members come across any activity on the Facebook that indicates an “Anti Social” tendency, a redflag will be raised in this Special Interest Group (SIG). This is just for the information of the members and when required to be shared with the law enforcement.

Members will ensure that they will be careful not to do anything that may be considered defamatory in the process and when in doubt will get their postings moderated.

The group is named “Let’s Build a Responsible Facebook“. (Name can be changed if a better name is available).

I will send invitations to my facebook friends separately. If you like the idea, you can join and contribute. “My Facebook Profile is available under www.facebook.com/naavi

I once again call upon all Responsible Netizens who want to prevent misuse of Facebook to join the group and use it to put in their message.

Naavi