Naavi.org

Naavi started his sojurn in Cyber Space in 1998 with the slogan “Let’s Build a Responsible Cyber Society”.  This initiative was focussed more towards the individual Netizens being made aware of the Cyber Laws and making them law abiding netizens, though from time to time the need for Cyber Law Compliance at corporate level was being highlighted.

After 15 years of this journey it appears that a time has come to push the initiative further in the Indian Corporate Sector. So far Corporates excused themselves from compliance for lack of clarity and some times out of ignorance. But now it is time that Corporates come out of this self imposed blind and take a firm and positive step towards compliance.

Our Prime Minister has called for a “Clean India” campaign with every Street and Mohalla, Village and city to be kept clean. If Mr Modi has the optimism to achieve such a gigantic task, should we not be confident of achieving a much less daunting objective of achieving a “100% ITA 2008 Compliant Corporate Society in India”?

It is possible that during the next few years, ITA 2008 may undergo some changes. But if a compliance program to ITA 2008 is in place, it should not be difficult to make course corrections to adapt to any changes that may come up in the next few years.

Naavi.org has started the “Hall of Fame” to start listing those who can claim that they are ITA 2008 compliant. This list will be maintained under the website www.ita2008.co

Presently the list is blank. Let’s see how it starts filling up.

There are many organizations specially Banks who claim to be ITA 2008 compliant. I invite them to include their name in the Hall of Fame. I also invite customers of different organizations to urge their service providers to self introspect and take steps to get the names of their organizations included in the list.

Let’s start a race today…. Race with Modi’s ambitious plan of creating a “Swachh Bharat by 2nd October 2019”. Let’s try to meet our goal of “100%  ITA 2008 Compliance by 2019” ITA 2000 was notified on 17th October 2000 and ITA 2008 amendments were notified on 27th October 2009. By 2019, it will be a decade of ITA 2008 regime and it should be more than a reasonable time for corporates to show their respect to law by declaring themselves to be “ITA 2008 Compliant”. Let’s try to make every Company, IT or Non IT, Every E Commerce website and Every E Governance department ITA 2008 Compliant by 27th October 2019.

I invite the Ministry of Communications and Information Technology to initiate the “ITA 2008 Compliance Andolan” as a national project and challenge the PMO on who would be the first to achieve their goal. Netizens and Citizens of India would be happy if both the goals are achieved.

I declare the race open!

Naavi

Information Technology Act 2000 (ITA 2000) came into effect on 17th October 2000. Apart from the legal recognition of electronic documents provided under the Act, certain offences and contraventions were defined in the Act. One important aspect of the ITA 2000 was the introduction of the concept of “Due Diligence” failure of which could land a Company and its executives in trouble.

Under sections 79, intermediaries could be held liable for offences attributable to the third party information handled by them and under Section 85, Companies could be held liable for offences attributable to the Company. In either case the liability could be both civil and criminal. Because of section 85 the liability on a Company could also be extended to its officials.

This meant that Companies having the risk exposure to the commission of contraventions under the Act either by its employees or by others who use their information assets. Hence it became critical for companies to protect their and their executives interest by adequately following due diligence.

Though there was an attempt to get these provisions diluted through the “Expert Committee” constituted by the Government in the aftermath of the baazee.com developments, the final outcome in the form of ITA 2008 (ITA 2000 with amendments under Information Technology Amendment Act 2008) was perhaps more stringent than ITA 2000. It retained the provisions of Section 85 and 79 along with an expansion of the contraventions and crimes recognized by the Act.

The need for companies to be ever more vigilant about “Due Diligence” increased with the introduction of the ITA 2008 with effect from 27th October 2009.

It is now 5 years since ITA 2008 came into being and ITA 2008 mandated several security measures cumulatively requiring an ITA 2008 compliance audit and compliance program for every IT User.

We hope all corporate managers have taken note of this requirement which is also a pre requisite for Clause 49 compliance under SEBI listing norms for listed companies.

Naavi.org requests every company to self introspect and ask a question to themselves, “Am I compliant with ITA 2008?”

If not it is necessary to take suitable steps to implement such a compliance program at the earliest. If any company has completed an ITA 2008 compliance implementation program, Naavi.org thinks that such companies deserve to be placed in the “Hall of Fame” for ITA Compliant Organizations.

Naavi has therefore launched a new website www.ita2008.co   to represent the rare companies which deserve to be called an “ITA Compliant Organization” and request Cyber Law Consultants and Techno Legal Information Security consultants to report the names of organizations who have completed a proper ITA 2008 compliance audit along with the date of such completion and the consent of the company to place their names in the list.

Simultaneously another website,  www.ita2008.in has also been launched and is dedicated to carrying a copy of the Act and rules for immediate reference.

While Naavi or Naavi.org or ita2008.co does not take the responsibility to independently verify the claim, it would like to provide an opportunity for companies and consultants who have taken steps to reach certain satisfactory levels of compliance. We do grant that at this point of time there may not be a standardization of evaluation and different auditors may have different evaluation standards.

Naavi  invites leading Techno Legal consultants of India to come together and form an informal forum so that we can try to develop some standard practices  that would be acceptable to all. This would be an attempt at developing a “Standard” for “ITA 2008 Compliance Audit and Implementation”. As some of the observers of this site are aware, Naavi.org has suggested a framework called IISF-209 v-5 which is an attempt to provide some road map for such standardization. . Naavi has also developed some thoughts on how to measure the progress of ITA 2008 compliance over a period of time to establish the maturity levels reached by an organization.

There can be scope for further development of this concept  if the leading ITA 2008 compliance consultants in India can come together.

I look forward to comments and suggestions in this regard so that we can take this effort beyond launching of a website and declaring an intention to create a “Hall of Fame” for ITA 2008 compliant organizations.

Naavi

1st November 2014

The Rajyasabha MPs who are visiting Chennai and Bangalore are collecting views about whether ITA 2000 should be amended to fight Cyber Pornography.

Naavi.org has been fighting for action to eliminate Cyber Pornography for over a decade and has discussed what needs to be done in this regard.

To refresh the minds of those who are concerned with the problem, I draw their attention to the following articles:

1. Responsibilities of the School Administration

2.Declare A War On Cyber Pornography !

3.Govt Can Ban Porn websites for obscenity

4.The War on savitabhabhi.com needs to be continued

5.Should we legalize por.n?

After the introduction of ITA 2008, Section 67B has stringent provisions that can be used to control Cyber Pornography. In fact Section 67B is so stringent that it is considered as amenable for misuse by Police.

Under these circumstances, it is our considered opinion that it is not  necessary to amend ITA 2008 to control Cyber Pornography.  Even if more stringent changes are made to the law, it will not make any difference and will only increase the possibility of abuse.

If there was a will to control Cyber pornography, by this time we could have done it. But the industry is completely against the idea since banning pornography will reduce internet traffic and also eliminate an  important channel of virus distribution. The criminals and the greedy businessmen are therefore lobbying against elimination of Cyber Pornography.

Recently there was a new search engine created by some technologists to provide for “Anonymous Pornographic content Search”.  

However, so far there is no news of the Government taking any steps to prosecute these persons for promoting a service to break Indian law.

Section 79 of ITA 2008 along with the rules notified in April 2011 has specific “Due Diligence Mandate” which includes steps to prevent posting of any obscene content on websites. This law is more than sufficient to fight Cyber Pornography if we have the will.

After the recent crimes in Mumbai, Delhi and Bangalore where sex related offences have been committed with unbelievable atrocities and strange circumstances, it can be said without doubt that youngsters are being corrupted with cyber pornographic content that makes them behave like animals at times.

There is therefore an immediate need to take suitable steps to ensure that the Indian Cyber Space is cleared of this filth called pornography.

Naavi welcomes the initiative of the standing committee under the chairmanship of Sri Bhagat Singh Koshyari in trying to find a solution to this menace.

During their meetings, the MPs will find many technology specialists discouraging them and saying that we cannot block pornographic content since they will resurface in a different name. This is an excuse that the pornography supporters present to prevent action from the Government. It is necessary for us to remember that today around 74000 viruses are appearing each day and the industry is fighting it constantly. The total population of viruses and malware in the world could well be running into more than 21 million. Perhaps the war against virus would never be won completely but the menace is kept in check with some minimal investment from the user’s side.

If 74000 viruses per day can be kept in check and more than 20 million malwares have been pinned down, it is not impossible to eliminate Cyber Pornography at least from India if there is a serious effort.

What we may need is to develop a mechanism for reporting of pornographic URLs and development of a central data base of all such reports. Then all ISPs should create a black list of URLs by linking their DNS cache with the black listed URLs. If we take up this effort on a war footing the way Mr Modi has launched the “Clean India Campaign”, it is possible to create a “Clean Indian Cyber Space” in no time.

It is possible that many users may start using proxy servers to beat the system. It does not matter. If we can eliminate 90% of pornography, then the damage would be significantly curtailed. The incentive to maintain the savitabhabhi.com or its alternative kirtu.com would die down gradually.

Naavi.org therefore calls upon the Bhagat Singh Committee to declare a “Swachh Bharatiya Cyber Space (Antarjaal) Abhyan” and work on how to develop the system of identifying pornographic content and encouraging development of  more and more “Net Nanny” type of filters for schools and other organizations so that we can reach our “Swachh Bharatiya Antarjaal ” goal in 2015 itself.

Naavi

It is reported that a group of Rajyasabha MPs are visiting Chennai today and Bangalore tomorrow to discuss issues on how to control Cyber Pornography.

Persons interested in providing their views may contact the Cyber Crime police station or the IT Secretaries in each of these states and ensure that their views are heard.

There is a huge economy riding on cyber pornography and hence any attempt to control the menace will have opposition from certain quarters.

There is a view that vested interests are trying to prevent wider discussions on the subject and donot want the members to meet a larger section of the public.

Hence interested persons may take special efforts to reach out to the MPs. The press release indicates the details of how to reach out to the committee.

Related Article

Press Release

Naavi