Bandit Veerappan and his Wife’s claims of Copyright

Posted on February 17, 2013 by Vijayashankar Na

Recently a film has been released in Kannada called “Attahasa” which documents the story of Veerappan a notorious bandit who worked as a sandalwood and ivory smuggler in the forests in Karnataka,TN and Kerala. He was known for many notorious and brutal killings of Police officers and suspected informers. People in Karnataka will never forget the fact that he finally kidnapped Dr Rajkumar a matinee idol of Karnataka one of the most respected figures in karnataka.

Coincidentally four persons of the Veerappan Gang are now facing death sentence (Veerappan himself was killed in an encounter) and are now on the verge of execution with the rejection of their mercy petition by the President. In the light of the impending execution some supporters of the bandit are raising objections to the execution. In connection with this yesterday there was a heated debate in one of the Kannada TV channels where Mrs Muttulakshmi the wife of the bandit particiapted. She had a view that she had a “Copyright” on any film that is produced on Veerappan and the film producer had failed to get her permission to produce the film.

In this connection I have a serious doubt on how “Copyright” can be claimed by Veerappan’s wife for the story that involves Veerappan and his criminal deeds which are a representation of actual facts. It is not an artistic or literary creation of either Muttulakhsmi or even Veerappan himself. At best Muttulakshmi may have an objection that the depiction of Veerappan in the film is “Defamatory”.

I request other legal experts to comment on this academic issue.

Naavi

Posted in ITA 2008, Uncategorized | Leave a comment

RBI Move will encourage Private Cash Management Services

Posted on February 17, 2013 by Vijayashankar Na

The ill advised and illegal move of RBI to “Disincentivise usage of Cheques” through policy measures of penalizing cheque issuers and cheque beneficiaries is likely to have a serious negative impact on the economy with a significant increase of cash in private hands.

The apprehension that penalizing Cheque usage may lead to slippage of the economy into more cash usage has been recognized by the RBI but is being wished away as an issue that can be addressed with further penalization of cash transactions. The discussion paper suggests charging for Cash withdrawals and Cash deposits may be for transactions beyond a minimum number or value.

Penalizing an alternate that a consumer may use with further penalties is a “Negative Approach” to management and is likely to only trigger an “Emotional Disconnect” between the consumer and the service provider. We see this in the Income Tax arena where no IT payer is friendly with the IT collector. He sees the IT system as an unwelcome robber of legitimate revenue earned by him. This feeling has been reinforced over a period of time with every genuine tax management effort of a citizen being penalized with further provisions while the money collected is visibly used for the benefit of corrupt politicians in the Government. If Banks slip into this mode of penalizing every alternate measure adopted by the customer to avoid charges on cheques, then we will gradually see a build up of anti-bank sentiments. While RBI allows usurious charges to be made on say credit card borrowings both in terms of interest at the rate of over 36% p.a. and late payment fee of over 1000% p.a, pre-closure charges etc., if Banks start charging for switching over from cheque system to cash since they consider it more convenient, we will see bank customers trying to build some alternate methods of cash management to avoid the Banking system itself.  . RBI will then have to keep a separate division to check the violation of banking laws by citizens and start prosecuting such persons all over the country. Like IT department running a large enforcement wing, RBI will also need to have an enforcement wing for the purpose with the attendant costs.

In the meantime the private sector will be finding its own Cash Management syndicates where cash will be collected from the doorsteps of a business each evening and managed for the benefit of the customer. Members of a closed system may even find ways of inter account transfer and we will soon have a local money exchange service which may provide door delivery of cash withdrawals also. “Door to Door Cash Service” will therefore spring up initially in small communities and later as networks. Money will move out of the Bank system and remain in this alternate system. As the volume grows RBI needs to step in to plug this as a “loophole” and take up enforcement of its ill advised policies. If Desk to Desk couriers can survive the competition of the mammoth Postal service, it is not unthinkable for the Door to Door cash managers to carve out a profitable business model. Afterall the system is already in place in the Havala market defeating the Exchange contro regulations which is basically illegal. On the other hand the local cash exchange may be more legal until such time that laws are changed to make them illegal.

I hope RBI will realize its folly and withdraw the discussion paper and the suggestions contained there in at the earliest.

You can read the discussion paper and Naavi’s response here:

Naavi

Posted in Bank, RBI | Leave a comment

Why Cheque System is also important for Netizens

Posted on February 16, 2013 by Vijayashankar Na

Naavi.org has been in the forefront of discussions on E Banking security and how the bank customer needs to be protected from liabilities arising out of E Banking risks. At the same time we have also been opposing RBI’s discussion paper on Disincentivising cheque usage. At first glance it may appear that Cheques are a concern for the physical banking domain and Netizens need not show undue concern on the same. Many of the readers may also feel the same since like the undersigned they are also using E Banking and they may prefer E Banking to Cheque or Cash Banking anyway.

However the issue on hand is not just whether Cheques are important for people like me or not since we may be already well into the Cyber world. The issue is about preserving the basic structure of the Banking business. E Banking as we know in India is “Banking” through “E Channels”. It is not a different type of Banking. Way back in 2000 RBI gave up the idea of developing a “Virtual Banking network” independent of the current banking system. In fact this was one of the suggestions that the undersigned was speaking about some time around 1998-2000. The idea being pursued then was that Banks should treat the Internet Bank site as a “Virtual Banking branch” and open accounts separately for people who wanted to operate on the Internet maintaining their existing accounts as they do now with multiple branches. This would have enabled Internet banking risks to be contained within one account of the customer where he could keep minimum balance as he may require commensurate with his ability to absorb E Banking risks.

However Bankers in India opted to convert the existing accounts as E Banking accounts and linked the Internet directly to the existing account so that E Banking risks impacted the entire Banking relationship of a person. It is therefore seen today that when a customer’s SB account is compromised on the net, by virtue of its linkage his assets in the overdraft account secured by shares or stocks or the fixed deposits also get drawn out. Overinight we have seen people losing their life savings. This happens not only for people who may be not Internet aware but also to software professionals, Ex Bankers etc. The reason is that the world of malware is so well developed that even the normally prudent E Banking aware person may fall into a trap through a virus that enters his system through completely unrelated spam mail. This situation will continue and all of us who are happy with and use E Banking alternative constantly live under this risk.

What RBI is now proposing to do is to make E Banking a monopoly and force every person to use only E Banking. If and when this happens, apart from the non Internet savvy persons who would be drawn into the risky domain of E Banking and suffer losses, the pressure on the Banks to improve security for E Banking will vanish since it becomes a TINA (There is no alternative) option for customers. Whether I like it or not, whether I think it is risky or not, I will have no alternative.

Today I can tell my Bank that I am not using your ATM or Internet Banking because I consider that you have not adequately safeguarded it. This option will be lost.

Second and most important aspect is Cheque based Banking has centuries of history and a well developed Banking Law and Practice. We know what is the Banker Customer relationship, what are the rights and liabilities of the the drawer ordrawee, endorser or endorsee, holder or holder in due course etc. We know what is the liability of the customer on a forged cheque, a cheque which is materially altered, a cheque which is presented beyond a reasonable time etc.

If we look at the E Banking scenario, RBI has clarified that E Banking is Banking only and all the legal aspects applicable to physical banking also apply to E Banking. As a result the security responsibilities that apply to cheque based Banking also apply to E Banking with proper interpretation. It is for this reason that the undersigned argued with the Adjdudicator of Tamil Nadu in the S. Umashankar Vs ICICI Bank case that any banking instruction without a “Digital Signature” in the place of “Physical signature” is not binding. Simialrly the laws applicable to Forged cheques, provisions of NI Act on Paying and Collecting Banker’s responsibilities have all been extended to the case of Internet payment instructions.

Already current day Bankers have forgotten Banking law and conduct banking just as a computer application. Today’s bankers have little idea about endorsements and how to verify physical signatures. Once the use of cheques decline, Bankers who are aware of banking law and ability to check physical signatures will decline and this will adversely affect the whole banking system. At the same time when Cyber frauds occur and people like us draw attention to Banking principles, Bankers will be unable to appreciate the law and tend to fight all disputes in courts of law where they have the advantage of time and money. A Bank customer who has already lost money in a fraud is unable to fight for years in a Court for his rights where as for the Bank it is not difficult at all. We are already seeing this tendency in about a dozen Phishing cases that are lying with several Adjudicators and the Cyber Appellate Tribunal.

I therefore consider that existence of physical banking on a sound footing is essential for the increased attention of Bankers on E Banking security. I therefore urge Netizens for whom E Banking is always preferable to physical banking will also support this initiative where Cheques continue to be used. Additionally, If cheque usage has to shrink without “disincentivisation”, the Banks will have to provide more concessions to E Banking customers. Hence as long as cheques thrive, E Banking customers can expect reasonable charges. Once E Banking becomes the only option, Banks will certainly start increasing the charges on E Banking since there will be no option for customers to switch.

I request Netizens therefore to also join our protest against “Dsincentivisation” of the usage of cheques by sending their opposition to the suggestions made on the discussion paper to RBI.

You can read the discussion paper and Naavi’s response here:

Naavi

Posted in Bank, Cyber Crime, ITA 2008, Netizen's Forum, RBI | Leave a comment

RBI is impotent.

Posted on February 16, 2013 by Vijayashankar Na

The hard hitting articles on this website on E Banking insecurity and therefore an assertive opposition to the current RBI move to hard push customers from cheque disincentivsation measures towards E Banking may annoy some of the technology followers both within RBI and outside. They may think that we are only trying to object what should be a normal technology development.

But it must be remembered that in advanced countries such as US technology is being encouraged along with security initiatives on the part of the Banks. It is only in India that this is not happenning in the right measures. Naavi.org has time and again acknowledged that GGWG recommendations as well as the Damodaran Committee recommendations are good and show case the intentions of RBI to protect customer’s interests. But what is lacking with RBI is the ability to implement its own recommendations against the objections from the commercial world.

For this impotence, RBI needs to be criticised.

I am enclosing a white paper on E Banking security which documents some of the threats that Bank customers face today in the Internet Banking scenario. There are more threats in the ATM transactions that this white paper does not cover. The FFIEC has also issued its own authentication guidelines for Banks to follow. The regulation E also limits customer’s liability for Cyber Frauds to US $50/-

In India we have the ITA 2008 which recommends Digital Signatures. We have the law as well as RBI guideline that Bank alone is liable for Cyber frauds. But yet there are backdoor attempts to give a misleading picture to the public that cyber fraud liability is that of the customer. RBI places reliance on ISO 27001 audit certificates as if it is a panacea for all E Banking security issues. This shows gross ignorance of the Cyber Security scenario and needs to be corrected quickly.

We need RBI to ensure that its own guidelines of the past are promptly implemented and if not it should take strict disciplinary action against the Chair persons of the concerned banks including their removal from the responsibility.

Will they respond ?

White paper on E Banking security

 FFIEC authentication guidelines

Naavi

Posted in Cyber Law, ITA 2008, RBI | Leave a comment

RBI’s conspiracy by silence

Posted on February 16, 2013 by Vijayashankar Na

Often we find in political circles that there is a wide spread corruption indulged by some while a few remain honest by themselves but fail to check the corrupt due to various compulsions. Many senior officials of RBI are typically in this state. They know that Banks are practicing insecure E Banking practices. They know that Banks are following security practices neither supported in law or in practice. They infact know that if properly challenged, every transaction of E Banking done in India through the use of Passwords and or Passwords with OTP or Passwords with RSA key token etc are not supported by the present Indian laws and donot constitute Banking.

RBI is also aware that in Banking the relationship between the Banker and Customer is that of “Debtor” and “Creditor” and hence whenever a customer’s money is robbed it is in fact the Bank’s money which is being robbed and except in the event of a collusion of the customer with the fraudster, the customer cannot be held liable. Yet Banks continue to claim that customers should shoulder the cyber fraud liability and vigorously defend their stand in courts.

RBI has so far remained a silent spectator in this whole game of bullying the hapless customer.

Some influential Banks including ICICI Bank and SBI have been associated with every recommendation of RBI on E Banking since 2000. They have tried time and again to get a policy statement from RBI that “Customer is responsible for Cyber Frauds”. They first tried this during the S R Mittal Group when the ICICI representative who was a member of the committee submitted a dissenting note. This was rejected by the committee which went on to confirm to the effect that “E Banking is only an extension of traditional banking in a new channel”. “All rights of a Bank customer in traditional banking will be retained during the E Banking”, “Banks should use Digital signature for authentication which is the only legal method of authentication”,”If Banks use any other system of authentication, they have to take the liability for cyber frauds”.”Banks have to obtain insurance against cyber frauds” etc. The present set of executives who drafted the discussion paper on “Disincentivisation of Cheques” seem to have cleverly feigned ignorance of the presence of the S R Mittal Group report which was followed by the RBI notification circular on June 14, 2001 called the “Internet Banking Guidelines”.
For example the discussion paper states in one place as follows:

“Customer Liability: another factor of equal importance which is very crucial in ensuring greater adoption of electronic payments relates to the matter about the responsibilities and obligations of customers as well as banks and service providers. For instance, in case of an unauthorised transaction taking place using a customer’s credentials, the customer needs to know to what extent he/she would be protected, what is the extent of liability to be borne by him/her and what is his/her obligation towards the bank/service provider. In the absence of such clarity, there would always be an apprehension that in case of any unauthorised transaction, the customer would have to ‘shoulder the loss’ while the bank/service provider may go away free.”

The ED in his speech at Trivandrum passed the following remark

Under cheques, consumer protection is provided by the nature of the banker-customer contract, which is not imposed by either of the parties but has been historically defined by ‘practice’ as a series of common law cases (which is true in most countries). However, with the introduction of electronic funds transfer systems and also the entry of non-bank entities, many contractual terms and conditions began to be imposed on consumers who often ended up bearing all the losses for unauthorised transactions.” (Ed: Is he implying that  the contractual terms can override the banking practice?)

I challenge the author of the discussion paper to come clean on what was his intention of making such a statement so as to plant a doubt in the minds of the customers that they “would have to shoulder the loss”. RBI is aware of the S. Umashankar Vs ICICI Bank verdict of the TN Adjudicator as well as the several decisions of the US Courts in this regard. It appears that there was a malicious intention in introducing this sentence in the report which also got reflected in the speech of the Executive Director Mr G Padmanabhan in the Banker’s Club Trivandrum recently.

Again when in 2011 the G.Gopoalakrishna Committee on E Banking security report gave its recommendations, the participating bankers namely ICICI Bank and SBI tried to get some statements included in the report to get the two factor authentication declared as sufficient security. it was only a sustained attack of Naavi.org which ensured that such illegal recommendations deservedly got removed in the final notification.

The authors of the discussion paper as well as the current ED ought to be aware of these developments and hence their statements appear to have been made with a deliberate intention to mislead the public.

We need to recognize these as unacceptable and condemn them. Whether these were deliberate in which case they become “Fraudulent” actions or they were the result of ignorance can only be proved by an internal enquiry at RBI. I trust some RTI activists will probe the process of evolution of this discussion paper to reveal if such a “Conspiracy” existed in the release of this discussion paper. It is for this reason that we need to know what was the consultation process adopted by RBI for release of this discussion paper and who were the stake holders contacted. Did they restrict their consultation process to only the beneficiary Banks such as ICICI Bank or SBI or HDFC bank or AXis Bank etc and a couple of friendly experts? or did they meet any Netizen activists. A prompt disclosure is required.

Related Articles:
Rs 10000 crores being robbed
Impact on SMEs
E D’s speech
Naavi’s response to the discussion paper
UK withdrawal of similar move
Discussion Paper

Naavi

Posted in Bank, Information Assurance, ITA 2008, RBI | Leave a comment

RBI set to rob Rs 10000 crores from Bank customers!

Posted on February 15, 2013 by Vijayashankar Na

The discussion paper on Disincentivisation of cheques  issued by RBI envisages charging bank customer for every cheque book issued by the Bank, every cheque issued by the customer and every cheque deposited by the customer for clearing. This means that each cheque will be charged at least 3 times. The number of cheque leaves issued will be charged around Rs 5 per cheque. The charges for issue of cheques could be around Rs 25 per cheque. Charges for collection could be at least another Rs 25/- per cheque or it could be higher.

This means that each cheque could earn a revenue of around Rs 50 to Rs 60 to the banking system.

Today it is estimated that around 3 crore cheques are presented in clearing each month in different clearing houses. Suppose we consider this as the volume of cheques in the system, this means that around Rs 165 crores will be collected as additional revenue each month by the Banking system on account of the proposed regulation. The annual robbing would therefore be around Rs 1980/-crores or nearly Rs 2000 crores !

To this we need to add the free float interest that Banks enjoy on the balances of the customers on which they donot pay interest and the usurious charges they levy on various services and it will be clear how RBI is letting the Bankers loot the Indian public.

If RBI says that this Rs 2000 crores can be avoided if all customers switch to E Banking then we need to also factor in Rs 8000 crores which is being annually robbed out of Indian bank customers by Cyber Criminals which is also set to raise at least by 100%. Additionally customers have to pay to the banks charges for lost debit cards, resetting of passwords etc which will be direct additional revenue for the Banks.

Thus the current move of RBI is set to rob Indian Bank customers about Rs 10000 crores to Rs 16000 crores per annum because of the direct charges on cheques and the indirect loss due to cyber crimes arising out of insecure E Banking systems supported by RBI.

I therefore urge the wise men in RBI at the top to completely reject the suggestions of the Payment and Settlement Department for disincentivisation of cheques and bring relief to the Bank customers.

Naavi

Posted in Bank, Cyber Crime, ITA 2008, Netizen's Forum, RBI | Leave a comment