ITA 2008 may be up for review

Posted on May 18, 2013 by Vijayashankar Na

It is reported that the MCIT has set up a committee to consider if it is feasible to integrate Indian Telegraph Act, the Indian Wireless Telegraphy Act, the Telegraph Wires (Unlawful Possession) Act, the Information Technology Act. into a single comprehensive legislation.

More information available here: Business Standard

The committed is being  chaired by DoT Advisor Ram Yagya,and  is being asked to give its opinion regarding three other key points of the final recommendations – arbitration, definition of licence and definition of telecommunication, according to a recent discussion.

It is not clear if the intention is to improve the legislative framework or it is designed to protect inefficiency and corruption in the system and to avoid the legal issues on constitutional validity of ITA 2008  that have come under Supreme Court scanner.

Will the committee strengthen the hands of the Netizens? or the “Netas?” is a point to be observed. Will it support  “Internet Freedom”? or “Internet Control” are issues to be watched.

Naavi

Posted in Cyber Law | Leave a comment

Developer? or Virus Writer?

Posted on May 18, 2013 by Vijayashankar Na

Naavi.org had once reported the story of an IT professional who had developed and distributed an IRCTC hacking code not knowing that it was an offence which could have landed him in jail for 3 years or more. Fortunately he realized his mistake and removed the code from the public domain.

Now another similar incident seems to have been reported in the case of a developer from Chandigarh. It is reported that a malware written by him has been found to take screen shots in the destination computer at periodical intervals without the knowledge of the owner of the computer. It is an application written for Mac Computers.

According to this report

The malware starts working every time the computer is restarted, and it takes screenshots in regular intervals and uploads them to two C&C servers – one of which is currently unavailable, and the other impossible to access without permission.

Under Section 43 of ITA 2008, the activity of the backdoor classifies itself as a “Computer Contaminant” or “Virus” and by virtue of Section 66, the peron who introduced it is liable for imprisonment and payment of compensation to any person who may suffer damange.

Interestingly the report also says

“the backdoor was signed with a legitimate Apple Developer ID associated with a developer by the name of Rajinder Kumar, and thus was able to bypass Apple’s Gatekeeper.”

Apple has reportedly revoked his authorization since the discovery.

However the person whose profile is said to be available on LinkdedIn is now in a situation where he may be accused of an offence under ITA 2008. There is also a view that this could be a case of mistaken identity. We need to wait and observe the developments.

Naavi

Posted in Cyber Crime | Leave a comment

Karnataka High Court in defiance of State Human Rights Commission

Posted on May 16, 2013 by Vijayashankar Na

It is reported that the Vacation bench of the Karnataka High Court has on a petition from Axis Bank issued an interim stay on the proceedings of Adjudication until 27th May when the regular bench will hear the petition.

The objective of Axis Bank was to bring an adjudication of a dispute under Information Technology Act 2000/8 to halt.  Since the next hearing of the adjudicator in the disputed case was only on 31st May 2013, the order may not have significance unless the Court does not vacate the stay on 27th.

It must be noted that this “Stay” is not on an operating decision which could have any adverse impact on any party. It is just to stop one wing of the Judiciary from doing its statutory duty.  It is also an open defiance of the State Human Rights Commission which had taken note of the fact that the Adjudication system in Karnataka was dormant for 17 months and had ordered the Adjudicator to start action in respect of the disputed case.

It is possible that the Court was not made aware of proper facts by the petitioner and could have been misled into taking this confrontational attitude with the State Human Rights Commission. If so, it is for the same Court to make amends at the earliest opportunity and also chastise the petitioner for misleading the Court.

It is a tragedy in India that Courts are often used by people to deny justice instead of providing justice. Of course one may argue that one man’s justice is another man’s injustice and hence it is incorrect to criticize the system.

However a decision after due process of law that leads to one person being declared a winner and another a loser is a fair game when the Court does an honest job. But delaying justice through frequent adjournments and by playing one Court against the other is a matter that needs some serious thought by people in the higher echelons of judiciary.

No doubt the initiation of playing one Court against another is always started by an advocate who has a weak case on merits. But the Judiciary needs to ensure that they donot play into the hands of unscrupulous advocates.

One of the frequent victims of such a tendency arises in the system of Cyber Justice since the system is still in the development stage. The “Adjudicators” are often questioned about their jurisdiction and frequently a High Court is brought to the picture only to stay the proceedings of the Adjudicator. By intervening in such matters and granting a stay on the proceedings of the Adjudicator, the High Court often is responsible for the delay in the delivery of justice to the aggrieved.

I recall here a case which was filed in Madras High Court by PNB in July 2011. The Adjudicator of Tamil Nadu was then hearing two cases against Punjab National Bank in which the victims had suffered losses through Cyber Frauds. The PNB’s counsel tried to delay the proceedings as much as possible and when the adjudicator was not willing to play by the wishes of the counsel for adjournment and posted the case for judgement, the counsel went to the vacation judge in Madras High Court and filed a Civil Revision Petition stating that the Adjudicator was not following proper procedure and sought a stay on the proceedings. As it often happens the vacation judge did not apply his mind and granted an interim stay until the case was posted for hearing in the Court after vacation. It took about a month for getting the stay vacated when the Court delivered its view that the Adjudicator may follow the procedure as stated in the rules under ITA 2008. This could have and should have been done by the vacation judge himself but he refused to apply his mind in the interest of justice and went by the petitioner’s plea without verifying the credibility of the petitioner. Though the case was dismissed it gave a critical one month time to the Bank to postpone the decision of the adjudicator.

We are now seeing a repeat of this strategy being used in Bangalore by  Axis Bank seeking and successfully getting an interim stay  on the Adjudication proceedings in one of the cases  until the normal operations of the Court resumes. However since the adjudication proceedings had been in progress and the next hearing was only a few days after the posting of the hearing of this petition in the High Court, unless Axis Bank succeeds to further delay the proceedings on some pretext, there is an opportunity for the Court to review the vacation bench decision  and remove the stay so that the Adjudication system is allowed to function without interference. There is always an opportunity to consider an appeal if the decision of the Adjudicator is not to the liking of the petitioner.

It is regrettable that the Adjudication system in Karnataka which was dormant for the last 17 months and had opened up with the intervention of the State Human Rights Commission is once again sought to be shut up by the Karnataka High Court.

The net effect of this order for grant of interim stay, however routine it may seem to normal Court goers, is not only a blow to the Adjudication system  but also an open confrontation with the State Human Rights Commission.

It is not clear whether the petitioner had disclosed proper facts to the Vacation judge before seeking the remedy such as

– the honourable Judge was being requested for granting of  stay for an adjudication process which had commenced on 15th May 2013 after a lapse of 17 months

-the Adjudicator had re commenced his work based on a direction from the Karnataka Human Rights Commission

The order has therefore simultaneously taken on two different Judicial authorities without consideration of the petition on merits.  The fact that the next hearing of the disputed proceedings with the Adjudicator was only on 31st May 2013 and that there was no urgency for an interim stay was also missed by the Honourable Court probably because the petitioner did not present the correct information.

The hearing which was posted for 27th may 2013 after the vacation for consideration of the petition on merits could very well have also been granted without the grant of the “Interim Stay”. It would have made no difference to the petitioner.

The “Interim Stay” therefore was infructuous and does not serve any genuine purpose. It is however possible that the petitioner may use other stalling tactics when the case comes up for hearing on 27th and seek continuation of the interim stay.

If the interim stay is extended in such a manner that the Adjudicator cannot hold the hearing on 31st May 2013, then the Karnataka High Court would be in confrontation with the State human Rights Commission.

The long term implications of such a development would be interesting for the academicians but a sad development for Cyber Crime victims.

I wish the Chief Justice of Karnataka takes note of such developments and avoids confronting other judicial authorities without appropriate reason.

Naavi

Posted in Cyber Crime, Cyber Law, ITA 2008 | 1 Comment

No Arrests under Section 66A without prior approval of higher officers

Posted on May 16, 2013 by Vijayashankar Na

The Supreme Court on has said that no person should be arrested for posting objectionable comments on social networking sites without taking prior permission from senior police officials.

Details here: http://m.timesofindia.com/india/No-arrest-for-posts-on-social-sites-without-senior-cops-nod-Supreme-Court-says/articleshow/20082102.cms?intenttarget=no

Naavi

Posted in Cyber Law | Leave a comment

Axis Bank Files Writ petition against Adjudicator of Karnataka

Posted on May 16, 2013 by Vijayashankar Na

In an interesting development in Bangalore, Axis Bank which is a business client of the Government of Karnataka for e Governance payment system management  has filed a writ petition against the Principal Secretary IT and BT of the Government of Karnataka in his capacity as the “Adjudicator of Karnataka”. It may be noted that  “Adjudication” is an institution having powers of a Civil Court, regarding the administration of the Adjudication system under Information Technology Act 2000 amended in 2008 (ITA 2000/8) and the “Adjudicator” is having the powers equivalent to a Civil Judge. Hence the writ petition is on a judicial authority filed before the High Court.

The Writ petion number WP 21049 of 2013 will be heard for admission by the Principal bench of the High Court of Karnataka today in Bangalore.  The Writ petition has been filed objecting to the proceedings in the adjudication complaint filed by M/S Gujarat Petrosynthese Ltd. (GPL) a company which as a customer of Axis Bank had lost Rs 39 lakhs due to a suspected Phishing activity.

GPL had  filed an adjudication complaint in 2011 against Axis bank and several other Banks involved in the laundering of the proceeds. In December 2011, the then Adjudicator had abdicated jurisdiction on the issue and dismissed the complaint as not maintainable under Section 43 of ITA 2008.

The ground for rejection was that Section 43 can be invoked by a “Person” and the term “Person” means only an “Individual” and GPL was a Corporate entity and hence it cannot invoke the section. Immediately thereafter the same Adjudicator dismissed another Complaint of Mr Rajesh Yadav Vs ICICI Bank  again on phishing (filed earlier and held pending for judgement), under the same premise holding that “ICICI Bank” is a corporate entity and hence deciding that the complaint was not maintainable.

Thus the adjudicator had categorically opined that Section 43 cannot be invoked either against a Company or by a Company.

It may be noted that Section 43 inter alia also defines the offences under Section 66 which covers almost all Cyber Crimes arising out of unauthorized access, unauthorized downloading, Virus introduction, causing damage or denial of service, assisting another person to contravene, charging a service to another person (creidt card frauds) and any offence involving modification, deletion of data or diminishing in the value of information residing inside a computer etc.

As a consequence of the decision, Section 43 and by implication Section 66  could not be invoked by any company nor against any company. This meant that a substantial part of ITA 2008 was made irrelevant for the corporate sector. It also introduced anomalies such as rendering around 15 lakh digital certificates issued by Corporate Certifying Authorities infructuous by questioning the validity of the license issued to the Certifying Authority itself.

The undersigned therefore found that the decision  created an unhealthy precedent. It was considered so bad that the image of the Adjudication system in general which involved IT Secretaries across the country as well as the image of Karnataka as an IT Savvy State were seriously jeopardized. Readers may refer to other articles written in this blog over a time on this aspect.

A review petition had bee filed by the complainant (GPL) a day after the decision in December 2011  to protect the image of the State’s legal system for Cyber Crimes apart from protecting its own right to fair and equitable justice.

Unfortunately the Adjudicator kept the review pending without assigning any reason. During this period no adjudication applications could be filed in Karnataka against any companies or by any companies. There was therefore a void in the judicial system concerning contraventions of ITA 2008.

With several complaints being made to different authorities on the prevailing “No Judicial Redresss through Adjudication for Cyber Crime Victims in Karnataka”, the Karnataka State Human Rights Commission took cognizance of the adverse impact of the state of affairs on the Human Rights aspect and took up the issue with the State Government.

It is understood that the current Adjudicator (IT Secretary) sought the opinion of the Law department and upon their advise considered that the ground “Person does not include Corporate entity for the purpose of Section 43” was not tenable and accepted the request for review made by GPL and re started the process with a hearing scheduled for May 15, 2014.

On 14th May 2013, a day earlier around 4.00 pm, Axis Bank filed a Writ Petition (WP 21049/2013) at the High Court of Karnataka against Mr S.N.Prasad, the Adjudicator of Karnataka seeking cancellation of the order to re start the hearing. On the basis of the petition which was pending admission, Axis Bank requested the Adjudicator to stop the hearing on 15th May 2013. However the request was rejected and next date of hearing was posted for May 31, 2013.

In the meantime the writ  petition was modified  by naming  the “Adjudicator” by designation as the first respondent and GPL as the second respondent instead of S.N.Prasad as the only respondent. This petition is coming up for consideration of admission on 16th May 2013 at the principal bench of the Karnataka High Court.

The issue is of great importance since it challenges the provisions of Section 61 of ITA 2008 along with powers of Adjudication under Section 46 of ITA 2008. It also challenges the views of the State Human Rights Commission though the fact might not have been brought out in the petition.

It is pertinent to note that a similar petition had been filed by Punjab National Bank in the High Court of Madras last year challenging the jurisdiction and procedures adopted by the Adjudicator. The Honourable High Court of  Madras however dismissed the petition and directed that the Adjudicator may continue the proceedings.

We hope that Axis Bank would disclose the background to the Karnataka High Court before seeking any remedy.

I request the media in Bangalore to take note of the incident and ensure that the process of speedy justice envisaged under ITA 2008 is available  to the Cyber Crime victims of Karnataka.

Naavi

 

Posted in Bank, Cyber Crime, ITA 2008, Uncategorized | Leave a comment

$100 million stolen every day on the Internet

Posted on May 15, 2013 by Vijayashankar Na

The recent $45 million ATM fraud has attracted the attention across the globe for the ingenuity and global coordination of criminals that it represents. However it is good for people to realize that experts believe that this was only a “Half day” remuneration of the cyber criminals. It is estimated that over $100 million is stolen each day on the internet.

Probably the Information Security specialists should take note that the challenge ahead of them is enormous.

Naavi

Posted in Cyber Law | Leave a comment