Need for Netizen’s Forum

Posted on January 17, 2013 by Vijayashankar Na

It is being increasingly observed in India that the Cyber Law space is in need of a major overhaul. Cyber Crimes are increasing and the Government machinery as well as the Police are acting dangerously showing apathy for genuine victims and aggression for political opponents.

ITA 2008 has bestowed enormous powers on the Police and if a tendency develops int he police to misuse them then there would be danger for the society.

Our Human Rights Organizations are incapable of understanding the requirements of Netizens, protecting their rights and preventing their unfair victimization.

Examples of Government apathy is evident in the Government of India remaining silent on the appointment of chair person for the Cyber Appellate Tribunal in Delhi. In Karnataka apathy of the Government is evident from the action of the earlier Adjudicator who has kept the service out of reach of cyber crime victims in Karnataka with a tainted decision and the new administration remaining silent.

Examples of Police atrocities is raising. Honest Small business owners in Internet space are in danger of being harassed by excessive use of force

There is a need for change in some of the laws to make them more effective without being repressive.

Naavi.org has been a spokes person for such issues on cyber space for nearly 15 years. But the anti netizen forces have now become so strong that unless a larger movement of netizens takes up the responsibility for fighting for netizen’s rights, the future of Cyber space dwellers from India looks bleak.

Naavi.org therefore proposes setting up of an All India Netizen’s Forum with the sole objective of being a representative body of Netizens which can take up issues of importance to the Netizens with the appropriate authorities from time to time.

Initially, Naavi.org will be the base and an attempt to build a critical mass of Netizens into this forum will be started. If sufficient support is received, the movement will be taken forward.

The outline of what this “All India Forum of Netizens” (AIFON) is expected to do will be presented through this site.

I look forward to support from all like minded persons for this initiative.

Naavi

Posted in Netizen's Forum | Leave a comment

Domain Registrars under threat of arrest across India

Posted on January 17, 2013 by Vijayashankar Na

Across India a wave of fear is spreading amongst Domain Name registrars that they may be arrested by the local police. The fear psychosis has been created by  the news item that in Noida, Police have arrested the domain registrar who had provided links to  of 36 websites on which pornographic content was uploaded. (See report in TOI: Report in HT)

Though there might have been a justification for penal action against the owners of pornographic sites and also for indirect action against the intermediaries who facilitated the crime, the action of “Arresting” the domain name registrars appear to be an excessive reaction by the Police. This follows the trend where Police appear to be using Cyber Laws as the new weapon of aggression against the society.

So far, we were only worried of politicians misusing the arrest provisions through the subservient police as in the case of Pondicherry and Palghar  But now we have the incidence of Police getting intoxicated with the arbitrary power of arrest. Every law provides for such powers as an enabling provision so that the law enforcement does not feel deprived of powers when there is a need to exercise them. But if Police think it is a license to harass public, then it is time to curb the powers of the police. After all “Arrest” is not a “Right” of the police. It is meant to be resorted to only as an extreme measure to deter an accuse from getting away. While the police deliberately let some criminals to get away some time while in custody or while on parole, their penchant for arresting ordinary persons is revolting.

While Naavi.org supports police action against companies who run their business solely for the purpose of committing crimes such as the recent report on BPO for Financial scam  indicated,  we strongly oppose using arrest of business executives such as domain registrars .

It is necessary that such  attitude of the police is resisted by the society. I therefore call for Noida police to offer a public explanation on why the arrest in this case was found necessary.

Simultaneously this is time for Netizens to think of how to protect themselves from the police atrocities in cyber space.

Naavi

Posted in Cyber Crime, Cyber Law, Information Assurance, Uncategorized | 1 Comment

59% growth in Phishing

Posted on January 17, 2013 by Vijayashankar Na

According to the estimate of RSA, the total number of phishing attacks in 2012 were around 445,004. This was up 59% from the previous year’s number of 279,580 and estiamted to have created a loss of around US$ 1.5 billion (Rs 7500 crores). The financial loss is an estimated 22% higher than the previous year.

Apart from the growth, the sophistication of the attacks also seem to have increased. While “Spear phishing” where specific persons are targetted is already known, a new technique that has evolved is a “real time filter” that allows only the attacked person to visit the phishing websites and bouncing others. This also means that security agencies trying to take down phishing sites would be warded off with a 404 error page and it becomes difficult to eliminate such sites quickly. These “bouncer Phishing Kits” developed by the malware manufacturers uses a target e-mail list and creates unique URLs for phishing which are accessible only by the targetted email link. Everybody else would receive a bouncing message.

This development has to be now factored in by the “Anti Phishing” security mechanisms. …Related Article

Naavi

Posted in Cyber Crime, Cyber Law, Information Assurance, Uncategorized | Leave a comment

Indian Loan Fraudsters swindle UK clients

Posted on January 14, 2013 by Vijayashankar Na

An Indian Call center in Delhi is reported to have made nearly 1000 calls every day to UK clients enticing them with Bank loan offers and extracting money in the form of advance fee.

A ‘conservative estimate’ of the loss is  around £10 million. Related Article

Police have arrested three persons two of them namely Mr Yasheen Nagpal and Rajat Bhayana who are  the Directors of the company (max infotech in Pitampura, Delhi ) and the other Mr Saurabh Gupta who is a free lancer.

It must be remembered that a scam of this nature cannot be committed without the connivance of a large number of persons including the employees of the call center. Each of the employees of the call center are accomplices and the Police need to take appropriate action against them.

Even the recruitment firm which would have recruited employees for this fraudulent firm needs to be questioned and booked for contributing to the offence. There are still a few online advertisements of this firm which are floating around. The advertisers need to remove such advertisements as part of their cyber law compliance. One such ad may be found on justdial.com (see here)

Naavi

Posted in Cyber Crime, Cyber Law, Information Assurance | Leave a comment

Employee Fights against Unlawful activities of Employer

Posted on January 13, 2013 by Vijayashankar Na

An interesting legal suit is being fought in US which has implications for any honest employee who is in a dilemma when he/she observes that the organization in which he/she works is engaged in unlawful activities or trying to cover up its mistakes for the fear of legal repraisals. (Refer details here)

This is the case of Barbara Peterson, an ex-employee of Woodwinds Hospital in Woodbury.  She was working as a “Patient Advocate” at Woodwinds and alleges that she was ordered to destroy notes and e-mails about incidents that could damage the hospital’s reputation. She instead carried the records home and preserved them as “Evidence” for the negligence of the Hospital in certain issues. She later had resigned from the job as well.

As a “Patient Advocate”, Barbara was responsible  for liasoning between the medical staff and patients and to investigate grievances. According to her version she was asked by her supervisor to clean up the grievance files before an impending accreditation audit and removing of records which showed the hospital in bad light. Though distraught, she removed about 233 pages of information from the hospital records but preserved them under her custody at home. After leaving the hospital she went through a bout of depression and later filed a case against the hospital for infliction of emotional distress and violation of her employee rights.The hospital however denies having instructed Barbara to clean up the records which if proven would be a fraud.

The case is of relevance to many ethical employees who face a dilemma when they observe illegal activities in their employer’s business and feel an obligation to the society to divulge the same. At the same time, “Employee Ethics” , “Privacy Regulations” as well as fear of losing the job etc make it difficult for them to turn into whistle blowers. In the process they may undergo stress and consequential problems.

In most such cases one can envisage a legal fight later between the employee and the employer in which all the evidence related to the incident will be only with the employer and the employee will be left to defend himself/herself against a powerful adversary without proper evidential background.

This case represents one such situation where the employee either in anticipation of such developments or more appropriately in this case faced with the guilt of doing a wrong thing, keeps the information that is considered necessary for his/her self-preservation and presents it as “Evidence” in a court of law. While the act of taking away the property of the employer without authority may be incorrect and punishable under law in normal circumstances,  the “Intention” of such act and “How it is used” on a later day determines whether the act was done for “Self Defense”  or for “Inflicting malicious damage on the employer” or for making a “Wrongful gain”. If it is proved that there was in deed a prima facie  case to believe that an irregularity was indeed being committed by the employer, then his/her conduct becomes more of a “Potential Whistle Blower”.

If any irregularity is proved, then there is a case for even rewarding the employee for his/her sense of commitment to the society which cannot be subordinated to the commercial interests involved in an employment. Any person who is not compliant with law can claim protection under excuses of “Employee Ethics”.

The above case also has relevance to “Company Secretaries” and “Independent Directors” who often come to possess confidential company information that may indicate illegal activities by the employer. In all such cases such Company Secretary or an Independent Director would have to decide whether his duty to the investor should rank higher than his loyalty to the employer.

The debate in this case may also contribute to discussions  on the Wikileaks issue.

Perhaps the Corporate Circles need to debate on this issue.

Naavi

Posted in Cyber Law, Information Assurance, Privacy, Uncategorized | Leave a comment

Security Awareness For every Computer buyer

Posted on January 12, 2013 by Vijayashankar Na

Government of India is suggesting that a security awareness brochure should be mandatorily inserted in every Computer/Mobile product package delivered to a customer.

Report

Though some have raised “logistic issues”, Naavi.org considers that the proposal is a move in the right direction. It is also possible that the brochure can be sent by manufacturers upon registration of the warranty and also in soft form  as part of the software package  installed .

There could be many other ways to deliver the information package and the objections raised by manufacturers only seem to indicate their unwillingness to undertake the responsibility.

Naavi

Posted in Cyber Law | Leave a comment