Karnataka Human Rights Commission forces reopening of Adjudication in the State

Posted on May 3, 2013 by Vijayashankar Na

Karnataka State Human Rights Commission has done a yeomen service to the Cyber Crime victims of Karnataka by facilitating the reopening of the Adjdudication under ITA 2008 in the State.

It may be recalled that the IT Secretary of a State is the “Adjudicating Officer” of a State under ITA 2008 and has sole jurisdiction to adjudicate civil compensation claims under iTA 2008 for any contravention of ITA 2008 where the compensation claimed is less than Rs 5 crores.

Unfortunately, the earstwhile IT Secretary of the State namely Mr M.N.Vidyashankar had ruled that no cases can be registered for contraventions under Section 43 of the Act either by a Company or against a Company. This ruling though absurd defined the legal position in the State since around December 2011.

Naavi has been fighting to get this ruling reviewed and had been repeatedly knocking at the doors of the IT Secretary, Chief Secretary as well as the ministers such as Mr Suresh Kumar, Mr Yeddyurappa, Mr Sadananda Gowda and Jagadish Shettar. However none had taken any action so far.

The last letter written in this regard to the new IT Secretary had been marked as a copy to the Karnataka State Human Rights Commission since non availability of judicial redressal is a matter concerning “Human Rights”. The Commission took cognizance of the matter and issued notices to the parties mentioned in the complaint which included the Chief Minister of the State.

A few days back, the Chief Minister’s secretariat had sent an acknowledgement stating that necessary directions had been given to the IT Secretary. Yesterday, one of the complainant who has been adversely affected in the process received a communication that the current IT Secretary has decided to review the case and take up fresh hearing. We hope that other pending cases in a similar status will also come up for review.

Naavi.org welcomes the decision of the new IT Secretary and thanks the Karnataka Human Rights Commission for having taken up the cause of the public of Karnataka. Even before the Commission could have a hearing, positive action has already been initiated by the IT Secretary and it comes as a very pleasant surprise.

Naavi

Posted in Cyber Crime, ITA 2008 | Leave a comment

Competitive Compliance is the need of the hour.. Naavi

Posted on May 3, 2013 by Vijayashankar Na

Speaking at the workshop on Safe E Banking, Naavi highlighted the regulatory aspects of Information Security in E Banking and the need for compliance. Speaking on the Risk mitigation guidelines released by RBI on February 28, 2013 and the fast approaching deadline for implementation by June 30, 2013, Naavi indicated that the regulations were a continuation of the G.Goplakrishna Working group (GGWG) recommendations and various other guidelines. He also pointed out that the GGWG as well as other regulatory guidelines had provided a time bound implementation plan for Bankers.

Refering to the comment of Mr G.Gopalakrishna during his introductory speech that the compliance of GGWG recommendations were only aroudn 38%, Naavi urged bankers to take urgent steps to improve the level of compliance.  In this context Naavi stated that what is required for Bankers is not only comply with the provisions of the GGWG recommendations but try to excel further as new technologies unfold. He pointed out that some Banks have a tendency to wait for other larger banks to comply before undertaking their own compliance measures and expressed his wish that Banks develop a sense of “Competitive Compliance” trying to do things better than other peers. He reminded that GGWG provided the “Flexibility” for the use of technology except where it was legally mandated and hence each Bank can explore better ways of achieving the security objective considering the GGWG recommendations as the base requirement.

Naavi

Posted in Bank, Information Assurance, RBI | Leave a comment

Security Protocol for Bankers

Posted on May 3, 2013 by Vijayashankar Na

E Mudhra consumer Services, a company associated with the certifying authority, E Mudhra, has announced launch of what it calls as an online banking security protocol. The product named “TRUSTFACTOR” is a combination of an authentication server solution, digital signature certificates, customized crypto-tokens and a secured process for issuance, The Company is also setting up certain dedicated centers which will provide a customer interface for issuance of digital certificates.

(See report here)

The initiative appears promising.

Naavi

Posted in Cyber Law | Leave a comment

Cyber Warriors under production-

Posted on May 3, 2013 by Vijayashankar Na

In recent days the media has highlighted some statements from the Central Government about the need of 5 lakh Cyber Security professionals in India. In order to address the skill gaps in Cyber Security professionals  that India may require in the future, EC Council (International Council of E-Commerce Consultants), a provider of certifications and training on information security has launched a publicity drive  to market its services.  In association with its training partners in India, the US-based company is expecting to offer training to about 40,000 people on areas such as Ethical Hacking, Computer Hacking Forensics Investigation, Security Analysis and Penetration Testing.

EC Council has been in business in India for quite some time and has been focussing on its “Ethical Hacking” programs. While such programs are attractive to youngsters, it is necessary for Cyber Security professionals to be developed on a foundation of “Responsibility”. Merely training youngsters on skills of hacking would lead to development of a large number of potential problem elements.

It is essential for every “Ethical hacking” training programs to be peppered with a teaching of “Cyber Law” as well as fortified with a proper “background Checks”, “Post training monitoring” and behavioural training.

There is therefore an urgent need for proper supervision of all “Ethical Hacking” training programs.

It is not clear if the Department of IT, Government of India nor DSCI, the Nasscom initiative is addressing this issue before trying to create a Frankenstein.

A serious national debate is required to evaluate the outcome of this publicity blitz undertaken by E C Council whose press release is cleverly implying endorsement of INCERT and DSCI. (See this report of Business Standard).

Naavi

Posted in Cyber Law | Leave a comment

National Law School to launch Cyber Law and Cyber Security Course

Posted on May 2, 2013 by Vijayashankar Na

National Law School University of India (NLSUI), Bangalore the premier law education center in the country  is launching a distance learning course on Cyber Law and Cyber Security from the next quarter.

Admissions are now open. However the admissions may be open only for a short period and interested persons may take this opportunity to enroll themselves immediately.

Presently not many traditional law colleges have been conducting courses on Cyber Law. Also this course is a combination of Cyber Law, Cyber Security and Cyber Forensics and it is expected that apart from Legal professionals, Police and Technology professionals may also find the course useful. The course would be a one year course with contact classes.

For more information visit : http://ded.nls.ac.in/courses_available#PGDCLCF

Naavi

Posted in Cyber Crime, Cyber Law | 15 Comments

Aadhar Nightmare continues

Posted on May 2, 2013 by Vijayashankar Na

Ever since the Aadhar scheme was introduced, security specialists have been warning about the large scale problems that may be caused by loss of identity of individuals.

The UIDAI authroities have been going ahead with spending of public money and enrolling the individuals who report at the counters of the registration agents.  Fraudulent registration agents have been creating their own enrollments with false identities as was revealed some time back when an aadhar card was issued in the name of “Coriander” (“Kottambari soppu” in Kannada. s/o Palav. (See the story here). In the meantime the UIDAI Bill is yet to be passed and several cases are pending in different Courts challenging the scheme altogether.

In the meantime many State Governments have been forcing citizens to go for Aadhar and linking mandatory public services to the Aadhar registration.

UIDAI however has been as irresponsible and as arrogant as the UPA Government and has continued with the project unmindful of the risks it is hoisting on the country. There have been many instances of data losses reported from different States. Even the successful registrants are battling with the practice of UIDAI sending aadhar registration cards by ordinary post which are reportedly dumped in dust bins in some places.

Now a massive data loss of 14 lakh cards has also been reported from Andhra Pradesh due to reasons that can be attributed either to negligence of UIDAI or criminal activities. (Report available here)

The fact that such large scale Aadhar related mischief is reported from Andhra Pradesh where the terrorist organizations from Pakistan are operating sleeper cells indicate the possibility of an organized threat to national security arising out of the stolen identities.

The stolen data can be used to create Aadhar ID for terrorists with different photographs. The biometrics can be switched if required. Even if the current biometrics is retained, since most of the ID use centers are unlikely to check biometrics and accept the parameters of name and address available in the given aadhar number and accept it as satisfactory identification of a person, (Eg Banks), the 14 lakh lost identities can be used to create that many false identities. using this false identity other IDs such as PAN cards and driving licenses can be created by terrorists.

This means that the system has been completely compromised and India is under threat.

It is therefore time for the Government to think of scrapping the scheme before further damage is done.

Naavi

Posted in Cyber Law | Leave a comment