IRDA files Sec 66A complaint against an activist

Posted on November 3, 2013 by Vijayashankar Na

It is reported that a Cyber Crime complaint has been filed in Hyderabad by IRDA against persons who highlighted corruption and irregularities in IRDA.

In February 2013 and earlier, the IRDA officer’s association had reportedly brought to the notice of the Chairman various irregularities. Since no action was taken by the Chairman, the Vice President of the Association had shared the details with CEOs of insurance companies.

Now in July 2013, an FIR has been filed because IRDA received by IRDA where the irregularities committed by one of the executives had been reported. It appears that the complaint letter has been considered as  an offensive material warranting the invocation of Section 66A of ITA 2008.

Related Article in indiartinews.com

While it is possible that the email might have caused “annoyance” to a person , it is unclear how Sec 66A will be fitted in the case since E Mail was received by IRDA and some body else is alleging having felt “annoyed”. If the sender of the email believed it to be true, then it is difficult to invoke section 66A (b). If he knew it to be false then the message should be considered as “Grossly offensive” or “Menacing”. The sender of the message appears to be a person other than the accused and we can presume that the accused believed that the allegation was true. Hence the police have to first find out if the allegation was true or false and then whether the accused knew it to be false and that the accused himself had sent the message. If any of these conditions fail, it may be difficult to sustain the FIR.

Naavi

Posted in ITA 2008 | Leave a comment

Karnataka IT Administration Wakes up

Posted on October 23, 2013 by Vijayashankar Na

After a long period of lull, the IT department of Karnataka appears to have woken up. Under the leadership of the new IT Secretary, the State has unveiled certain welcome policies to give a boost to IT in Karnataka. One of the key policy announcements is the declaration of IT services as “Essential Services” and to protect it from the risks of bundhs, strikes and other interruptions to its 24X7 operations. Though the workforce in the IT industry may find it uncomfortable and claim that they may be exploited by the companies, this sacrifice is essential to keep the IT industry going and retain the global services running.

While we welcome the initiatives announced by the Karnataka Government in encouraging the industry in Karnataka particularly in Tier II and III centers, it is necessary to point out that IT cannot prosper in the State without adequate attention to Information Security and Cyber Law implementation. A law less jungle cannot be a fertile ground for attracting investment.

At present, Karnataka Government and more particularly the earlier IT Secretary (Mr M.N.Vidyashankar) has rendered Karnataka to be a State which can be called a “Cyber Crime Haven”. In Karnataka a cyber crime victim cannot seek cyber judicial assistance if the crime is committed by a company. Also no Company can seek redressal of its grievance under ITA 2008 since substantial parts of the Act have been ruled to be out of bounds for corporate entities.

Karnataka High Court has declined to intervene and  correct the ridiculous state of law-less ness in the State and has contributed to the problem.

The undersigned has for the umpteenth time taken up the matter once again with the Chief Minister of the State. A copy of the letter written to the Chief Minister Mr Siddaramayya in this regard is available here.

Let’s hope that the new IT Secretary and the new Chief Minister understands why the undersigned is calling the State as “Cyber Crime Haven” and takes the necessary steps to correct this anomaly.

Without a correction of the Cyber Judiciary Status in India, international investors have no reason to look at Karnataka as a destination for their investments despite any other advantages that the Government may promise.

Naavi

Refer article in DH

Posted in Cyber Law | Leave a comment

Rs 24600 crores per annum is the cost of Cyber Crimes in India

Posted on October 23, 2013 by Vijayashankar Na

According to the 2013 Norton Report, the total cost of cyber crimes to India during August 2012 to July 2013 is estimated to be $4 billion (about Rs 24630 crores). This is 8% more than what was estimated for last year.

The basis for this cost is based on the “Amount spent by a user on replacing hardware or software as well as data after he/she has been subjected to a cyber attack”.

From the definition of the cost it appears that Norton has only taken the “Technical aspects of Information Security” into consideration and used the “replacement cost” as the basis. The estimate appears to have not considered the “Legal Dimension” of the information security or the financial losses suffered by the victims or the liabilities faced by the victims (whether actually incurred or not). Hence the estimate  has completely ignored what the common man considers as “Cost of Cyber Crimes”.

It is high time that security firms such as Norton realize that Information Security cannot be looked from a uni dimensional concept of technology. The total cost of cyber crime includes the legal liabilities that may arise on account of a security breach incident. Additionally, costs related to manpower hardening (covering the third dimension in Naavi’s Total Information Assurance model) is also a cost of cyber crime.

However, from a corporate perspective and technical investments into information security tools, the Norton estimate may provide a useful insight.

Refer Report in ET

The study also revealed that nearly 48% of smart phone and tablet users do not take even the basic precautions such as using passwords, having security software or backing up files from their mobile devices.

Norton Press Release

India Report

Naavi

Posted in Cyber Crime | Leave a comment

Board Room Responsibility for Cyber Security

Posted on October 19, 2013 by Vijayashankar Na

The undersigned has been highlighting the need for Directors of Companies and the CEO to take responsibility for Cyber Security in an organization. Section 85 of ITA 2008 as well as Section 79 has clearly laid out the need for “Due Diligence” without which Directors of Companies may find themselves saddled with civil and criminal liabilities.

The infamous Baazee.com litigation dragged the CEO Mr Avnish Bajaaj to a Court battle which prolonged for 8 years. Though he escaped conviction because of a technical error by the Police which in reasonable probability could be deliberate, the need for due diligence at Board levels was well emphasized in the process.

This article in Forbes titled “Boards are still Clueless about Cyber Security” highlights that even in US the level of Board attention on Cyber Security is still lacking. According to a Carnegie Mellon report,

71% of their boards rarely or never review privacy and security budgets
79% of their boards rarely or never review roles and responsibilities
64% of their boards rarely or never review top-level policies
57% of their boards rarely or never review security program assessments.

If this is the situation in a Compliance sensitive corporate community like US, one can imagine that the status in India can be pretty bad.

The undersigned has a personal experience of how the well known CEOs of ICICI Bank, Axis Bank and PNB have shown absolute incompetence and arrogance in understanding the cyber security risks which have landed some of their customers in trouble when confronted with complaints on Phishing and other frauds. It is only when one or more of such celebrity CEOs find themselves confronting FIRs like Avnish Bajaj, they will realize their true responsibilities. However as the wheels of justice grind slowly, it is possible that these executives may be long retired when law tries to catch up with them. However, if law can catch up with a retired executive like the Coal Secretary Mr Parakh, may be one day law will also catch up with the current CEOs of Banks who are playing with Customer’s lives by adopting a commercially motivated risky banking policies.

It is high time that the Boards of all IT user organizations to start devoting some attention on Cyber Security before it is too late.

Naavi

Also Read:

“Cyber Risk and the board of directors-closing the gap”

New Measures to Mitigate Mobile Banking Risks

Posted in Cyber Law | Leave a comment

13th Anniversary of the Indian “Digital Society Day”

Posted on October 17, 2013 by Vijayashankar Na

It is 17th October once again. The day is of significance to all Cyber Space watchers in India since it was on this day in the year 2000 India notified the Information Technology Act 2000 (ITA 2000) bringing in legal recognition for digital documents, digital signing and digital contracts.

Unfortunately this anniversary has not been a day to rejoice since there is an increasing feeling that India is fast turning out to be a Cyber Jungle. On the one hand the Government is having no concern for Netizen welfare but is doing everything to misuse the Internet for its own political interests.

The first aspect that strikes us is the continued absence of the Chair Person at the Cyber Appellate Tribunal with Mr Kapil Sibal refusing to appoint a replacement to the previous Chair person who retired on June 30, 2011. It is not as if Mr Sibal is unmindful of the requirement under the responsibilities cast on him as the Union Law Minister trying to defend the UPA ministers and the PM from all the scams that they have been accused of having been indulging in in the last 9 years of their  UPA model of  Governance. The problem is that he wants just one specific person to be appointed as the Chair Person and it appears that the Chief Justice of India is not in agreement with the choice. Mr Sibal is holding his fort and saying “My Choice or No Choice”.

In the bargain the apex judicial authority that has to take the appeals from the adjudicators of all States and Union Territories is remaining closed for business. Victims of Cyber Crimes such as Mr S.Umashankar and several others are waiting for Mr Kapil Sibal to see reason. Recently Karnataka High Court heard a PIL on the delay in the appointment of the Chair Person. However after several months of futile proceedings the Court ended up the proceeding with just a word of advice to the Ministry of Communications and Information Technology that they should complete the process of appointment within a reasonable time. It is unlikely that such a reasonable time will not come before the next Loksabha elections. It is unfortunate that our Judicial System has also failed in this case to respond to the woes of the common men who are suffering because of this lack of Cyber Judiciary in India and gives a long rope to the Government to continue to be in power without working.

To Compound the problem, in a State like Karnataka, the decision of the Adjudicator Mr M.N.Vidyashankar that “no Company can take recourse or No Company can be accused under Sec 43 of ITA 2008” has made most of ITA 2008 in-effective in the State of Karnataka. Since Sec 43 is linked to Section 66, the judicial precedent set by this Adjudicator is that no Cyber Crime under Section 66 can be recognized against a Company or on a Company. This decision got a relief of a possible liability of around Rs 50 lakhs to Axis Bank which is a Government Contractor for the State’s E -Governance department also headed by the same official indicating the possibility of vested interest influence in corrupting the decision. Karnataka High Court again failed when it had an opportunity for correcting the anomaly.

The undersigned has now represented to the Chief Minister of the State to take necessary action to avoid Karnataka being branded as the “Cyber Crime Heaven”.

Under these circumstances, the 13th Anniversary day of ITA 2008 has to go down as one of the most depressing anniversaries since 2000.

We however hope that things would change in 2014 when there would possibly be a change of Government at the center.

It is necessary however to point out that while politicians have their own reasons to play foul, the officials often fail to  resist the politicians and take decisions that should help the society. The plight of the ex-Coal secretary Mr Parakh who remained silent and allowed the scam to take place and is now finding himself in the docks is a reminder to the officials of the IT Ministry that if they think they are honest but remain silent when things are going wrong around them, they may also soon find themselves in the same discomfort as what Mr Parakh is finding himself in today. If they realize that their duty is to the society and not only to their political masters of the day, Indian Citizens/Netizens would be happier.

Naavi

Posted in Cyber Law, ITA 2008 | Leave a comment

Adobe Hacked

Posted on October 5, 2013 by Vijayashankar Na

It is reported that the systems of Adobe have been hacked and sensitive information of 2.9 million users have been compromised.

See report

The compromised information includes credit card information which can be misused.

Users who have bought Adobe products need to check if their credit card access can be further secured.
Naavi

 

Posted in Cyber Crime | Leave a comment