Naavi who is an alumni of Mahajana High School, Mysore addressed a group of Mahajana Alumni members and members of public on Saturday, the 16th November 2013 on Cyber Crimes and what public needs to do to protect themselves from Cyber Crimes.
A report in Deccan Herald, Mysore edition is available here.
Naavi
Quick action by Police in Ahmedabad helped a Bank customer recover Rs 18 lakhs lost out of a phishing attack.
The incident highlights how quick action by Police and the Bank can reduce/eliminate the losses in such frauds.
Naavi
Internet users are familiar with the CAPTCHA system of identifying website users where the users will be presented with a picture which is humanly readable but difficult for a machine to read. When CAPTCHA is used in this manner the website presents a CAPTCHA picture and asks the user to enter the word or number shown in the CAPTCHA in another box. Since CAPTCHA cannot be read or identified by a machine it is believed that only humans will be able to pass through this CAPTCHA test. In many cases CAPTCHA is used independent of a password just to prevent automatic robotic access.
CAPTCHA test can also be used after the password entry if the objective is to prevent a computerized log in after a password has been stolen by fraudsters. In such a case it becomes a second line of defense with the limited objective of preventing mass break ins.
In India, some Banks use a picture as a second factor of identification at the time of log in. In this case after the user enters the password, some picture is displayed which the user has to confirm as his preferred choice. However this system is being implemented very poorly (eg: Corporation Bank website) and does not seem to offer any additional security. It is also reported now that the system of CAPTCHA has now been completely broken and it is possible to run an algorithm which breaks the CAPTCHA with 90 to 97% success.
In order to replace the CAPTCHA system now a new system of GOTCHA ink blot test has been developed by a team in Carnegie Mellon university which is referred to as the “Ink blot test” which is being hailed as a significant improvement over CAPTCHA and is being recommended as a second factor authentication to fortify the password system. It is a a randomized puzzle generation protocol, which involves interaction between a computer and a human. In such a system, after the password entry is successful (or simultaneous to the password entry), the user is presented with a set of ink blot pictures along with some phrases associated with the ink blots. The user is required to match the pictures with the phrases. The ink blot pictures are randomly developed by the system when the password is created. The phrases are created by the user himself when he first selects the password and ink blot pictures are presented to him and associated with the pictures at his choice.
Though the system appears a bit complicated and could be considered as an irritant (as all security measures are) it would be welcome if it can improve the security of the system to some extent. Though the system in theory appears to be innovative, it is necessary to see how it would be adopted by an average Internet user. If he finds ti too cumbersome and face too many rejections the system may ultimately become unpopular unless the users device their own innovative methods to remember the patterns and the associated phrases.
Naavi
Continuing the relentless effort to restore the availability of Judicial support to the Cyber Crime victims of India, the undersigned has recently written a letter to the Chief Minister of Karnataka namely Mr Siddaramaiah. This is the fourth time the undersigned has approached the Chief Minister of the State in this connection. Earlier similar letters have been written to Mr Yeddyurappa, Mr Sadananda Gowda and Mr Jagadish Shettar. None of them had time to respond since they were busy with their infighting. Now we need to wait and see if Mr Siddaramaiah has the time to look into the vows of the people of Karnataka.
(Refer Article in Vijya Karnataka, a Kannada daily)
For the information of those who have not followed the fight on this website, I would like to provide the essence of the dispute.
The essence of the issue is
a) The Adjudicator of Karnataka (the IT Secretary) on 27th December 2011 gave a judgement that Section 43 of Information Technology Act 2000 cannot be applied to any complaint where the complainant or the complained entity is a corporate entity. It therefore ruled that a Company namely Ms Gujarat Petrosynthese Ltd cannot file a complaint under Section 43 which can be invoked only by individuals. Also the adjudicator opined that an individual such as one Mr Rajendra Prasad Yadav could not file a complaint against ICICI Bank which was a company.
b)When the decision was sought to be reviewed with reference to the General Clauses Act, the Adjudicator remained silent and non responsive. The fact that the beneficiary of the decision was Axis Bank which was a contractor of the same IT department and could benefit to the extent of Rs 50 lakhs by the decision made the decision look murky.
c) When the next Adjudicator took over and referred the matter to the Law department based on a query by the Karnataka Human Rights Commission, the law department gave an opinion that the earlier decision was wrong. This prompted the new Adjudicator to issue fresh notices to parties to continue the hearing.
d) Axis bank attended the hearing, took time to reply and before the next date of hearing moved the vacation bench of Karnataka high Court alleging that the hearing should not have been reopened without giving prior notice to them and hence there was a failure of natural justice.
e) The vacation bench of Karnataka High Court agreed with the contention of Axis Bank that natural justice was denied to them by reopening of the hearing and there was no need to provide natural justice to the cyber crime victim. The Court also opined that Axis bank had the right to move the High Court ignoring the presence of Cyber Appellate Tribunal as the appellate authority but the Cyber Crime Victim can only seek redressal of his grievance at the Cyber Appellate Tribunal.
The Court did not recognize the inherent discrimination of a Cyber crime victim against a commercial entity in arriving at this decision and showed that the Court has less appreciation of the problems of cyber crime victims as compared to the profitability concerns of a Commercial Bank. The decision of the High Court suggesting the cyber crime victim to approach the Cyber Appellate Tribunal has to be seen in the context of the Tribunal not being in operation since June 2011 since the Chair person has not been appointed by the Kapil Sibal’s department in the center.
d) In the process, Axis Bank has been able to use the law to its advantage defering even a judicial review of the complaint which claims a compensation from the bank for money lost by a customer due to the failure of security in the Banking system and possible connivance of Bankers in robbing the customer.
e) Thus both the Adjudicator of Karnataka who is also an official of the Government of Karnataka as well as the High Court of Karnataka are unresponsive to the plight of Cyber Crime victims.
f) Though the matter has been brought to the notice of the Chief Justice of India formally and informally, there has been no suo-moto corrective action
In the background of these developments, the undersigned has now asked the Chief Minister to refer the legal issue namely “Whether the term PERSON used in Section 43 should be restricted to mean only an individual and not a corporate entity” to the Chief Justice along with an enquiry on whether there was any vested interests behind the decision.
I would like to point out that if Section 43 is restricted to “individuals” as what the Adjudicator appear to believe, then all cyber crimes under Section 66 will also be restricted to individuals. hence no company can either commit a cyber crime under Section 66 nor any complaint can be made by a company under section 66. Additionally, if this interpretation of “Person” means an “individual” is extended to other sections in ITA 2008, there will be chaos in the cyber judicial system.
I suppose those on whose laps the next level of decision lies namely the Chief Minister of Karnataka and the Chief Justice of Karnataka will remember the interlinking of Section 43 and Section 66 and how the continued validity of the erroneous order dated 27th December 2011 of the Adjudicator of Karnataka has made Karnataka a “Cyber Crime Heaven” where no cyber crime such as “Unauthorized Access”, “Unauthorized Downloading”, “Virus introduction”, “Damage of a computer”, “Denial of Service”, “Wrongful charging”,”Assisting contravention”, “diminishing value of information”,”Deleting source code” etc which are all part of Section 43/66 can be tried under ITA 2000/8.
Since Chief Minister Mr Siddaramaiah himself was once a law teacher, he must be able to appreciate the legal issue involved here without the assistance of any body else. But will he have the political will to take up the issue and see it to the logical end?… only time will tell.
Naavi
Earlier Related Posts:
It is reported that a Cyber Crime complaint has been filed in Hyderabad by IRDA against persons who highlighted corruption and irregularities in IRDA.
In February 2013 and earlier, the IRDA officer’s association had reportedly brought to the notice of the Chairman various irregularities. Since no action was taken by the Chairman, the Vice President of the Association had shared the details with CEOs of insurance companies.
Now in July 2013, an FIR has been filed because IRDA received by IRDA where the irregularities committed by one of the executives had been reported. It appears that the complaint letter has been considered as an offensive material warranting the invocation of Section 66A of ITA 2008.
Related Article in indiartinews.com
While it is possible that the email might have caused “annoyance” to a person , it is unclear how Sec 66A will be fitted in the case since E Mail was received by IRDA and some body else is alleging having felt “annoyed”. If the sender of the email believed it to be true, then it is difficult to invoke section 66A (b). If he knew it to be false then the message should be considered as “Grossly offensive” or “Menacing”. The sender of the message appears to be a person other than the accused and we can presume that the accused believed that the allegation was true. Hence the police have to first find out if the allegation was true or false and then whether the accused knew it to be false and that the accused himself had sent the message. If any of these conditions fail, it may be difficult to sustain the FIR.
Naavi
After a long period of lull, the IT department of Karnataka appears to have woken up. Under the leadership of the new IT Secretary, the State has unveiled certain welcome policies to give a boost to IT in Karnataka. One of the key policy announcements is the declaration of IT services as “Essential Services” and to protect it from the risks of bundhs, strikes and other interruptions to its 24X7 operations. Though the workforce in the IT industry may find it uncomfortable and claim that they may be exploited by the companies, this sacrifice is essential to keep the IT industry going and retain the global services running.
While we welcome the initiatives announced by the Karnataka Government in encouraging the industry in Karnataka particularly in Tier II and III centers, it is necessary to point out that IT cannot prosper in the State without adequate attention to Information Security and Cyber Law implementation. A law less jungle cannot be a fertile ground for attracting investment.
At present, Karnataka Government and more particularly the earlier IT Secretary (Mr M.N.Vidyashankar) has rendered Karnataka to be a State which can be called a “Cyber Crime Haven”. In Karnataka a cyber crime victim cannot seek cyber judicial assistance if the crime is committed by a company. Also no Company can seek redressal of its grievance under ITA 2008 since substantial parts of the Act have been ruled to be out of bounds for corporate entities.
Karnataka High Court has declined to intervene and correct the ridiculous state of law-less ness in the State and has contributed to the problem.
The undersigned has for the umpteenth time taken up the matter once again with the Chief Minister of the State. A copy of the letter written to the Chief Minister Mr Siddaramayya in this regard is available here.
Let’s hope that the new IT Secretary and the new Chief Minister understands why the undersigned is calling the State as “Cyber Crime Haven” and takes the necessary steps to correct this anomaly.
Without a correction of the Cyber Judiciary Status in India, international investors have no reason to look at Karnataka as a destination for their investments despite any other advantages that the Government may promise.
Naavi
