Kapil Sibal on Headlines Today with Rahul Kanwal

Posted on January 28, 2013 by Vijayashankar Na

On 26th and 27th of this month, Headlines Today broadcast an interesting discussion  with Mr Kapil Sibal, the minister of Communications and IT. The discussion put Mr Sibal in the center stage and direct questions were put to him by the recent victims of Section 66A arrests including Mr Assem Trivedi, (Cartoonist who published anti corruption cartoons) the Palghar girl (who opposed Mumbai Bundh on Bal Thakre’s death on Facebook) and Mr Ravi Srinivasan( who tweeted about Karti Chidambaram’s wealth). There were also a few eminent Cyber Law aware professionals in the audience along with general public. Mr Rahul Kanwal moderated the show.

Mr Sibal being an excellent orator and an experienced advocate himself easily warded off the questions from the audience. He generally defended Section 66A stating that it only provides for “Reasonable restrictions” to the “Freedom of Expression” guaranteed by Article 19(1) (a) of the Constitution and the stray cases that are being talked about are errors of judgement on the part of the Police. He also stated that since the matter of constitutionality of Secion 66A is with the Supreme Court now, Government will wait for the views of the Supreme Court and take an appropriate decision.

Neither Mr Rahul Kanwal or the audience were able to confront and effectively argue against Mr Sibal. The advocates present were too tight-lipped to be able to provide a credible counter argument. Mr Sibal was even able to bully the advocates regarding whether Section 66A provided for arrest without warrant.

While watching the program I was reminded of an NDTV Big Fight debate in the year 2000 when the same Mr Kapil Sibal criticized ITA 2000 as a “Draconian Law” because Section 80 of the Act allowed “Arrest without warrant”. At that time, Pramod Mahajan was the IT Minisiter and Mr Sibal was an advocate in the opposition Congress party and he was reacting as a “Political Opponent” and not as a “Professional”.

Presently in ITA 2008, the same Section 80 remains and provides powers of arrest without warrant. In ITA 2000 passed by the NDA, the powers were vested only with the DSPs. Now ITA 2008 vests the same powers with the Inspectors. No body asked Mr Sibal if this did not make the law more draconian than what it was in 2000?

Secondly, I have maintained from the beginning that in all the recent cases of police excesses, it is not the law to blame but the Police misinterpreting the law. (Please see earlier article 1 in Naavi.org earlier article 2 in Naavi.org) .

I therefore expect that the Supreme Court is most likely to come to the conclusion that Section 66A is not against the Constitutional provision of “Freedom of Expression”. However the wide mis-perception about the section and the inability of the media to project the correct information to the public has created a situation where any decision by Supreme Court stating that “We donot think Section 66A should be scrapped or changed” would be seen as an endorsement of the actions taken by Police in all the recent cases. This should be avoided at all costs. In case the Supreme Court clarifies its decision in detail it will help marginally. But even that clarification will be lost in the din of the media misrepresentation.

The Headlines Today debate only extended this mis perception and did not provide the proper clarification on the topic.

It was necessary for the debate to corner Mr Sibal on whether mandatory provisions can be added to ITA 2008 in the next amendment for “Punishment of the Police officers” found to misuse the law. Police will continue to misuse the law with impunity since they act under instructions from the political leaders. Every time it is not possible to invoke Human Rights Commission. The vocal human rights activists only act when they have to support terrorists and criminals. When an ordinary citizen is wronged no human rights activists dear to the media would come forth to defend.

Mr Kapil Sibal is therefore responsible for ensuring that the law (ITA 2008) itself incorporates some safeguards for misuse. However despite many suggestions in this regard from Naavi.org itself, Mr Sibal is guilty of inaction. Mr Sibal is also directly responsible for the closure of Cyber Appellate Tribunal which is the apex judicial body specially formed under ITA 2000/8 to redress the grievances of Cyber Crime victims.

Unfortunately, Mr Rahul Kanwal or any of the advocates present in the debate who are supposed to be informed about these aspects on which Mr Sibal has a direct control raised these issues with him.

In summary, we can say that the debate was good and useful but could have been more useful if it had been properly handled. I must however congratulate Mr Sibal for his ability to convert an adverse situation to his advantage and his comments that there are many criticisms about himself including comments such as “Kill Mr Sibal” on the Internet and he has chosen to ignore them. This would have certainly evoked lot of sympathy amongst the audience and a projection of a freedom friendly attitude of the Minister. The audience was hardly a match for the wit and intelligence of Mr Sibal and he came out as a clear winner of the debate.

I take this opportunity to reiterate that Netizens in India are terrorised  by the Section 66A arrests and Mr Sibal’s assurances not withstanding the terror will only grow. Law will not come to our help since political masters and Police control the law to their advantage. In between the discussions, Mr Sibal has held out a mild threat that he is prepared to pass the law to make “Posting of comments on the Internet in anonymous names will be made punishable”. Though this was stated more in the course of the debate, the possibility of this being made real is very very high.

There is therefore an urgent need for Netizens of India to organize themselves into a strong outfit and be prepared to come together to fight for the freedom of speech. Naavi is therefore suggesting Netizens to come together in the platform of “All India Forum of Netizens” (www.aifon.org.in). This should not remain just a website but should develop itself in strength so that it acts as a pressure lobby to represent the interest of the Netizens. It should also grow into a platform where referendum can be held on various Netizen’s issues and before 2014 should gain such strength as to influence the election results at least in some cities where the Netizen population is decisive.

Naavi

Posted in Cyber Crime, Cyber Law, Netizen's Forum, Privacy | Leave a comment

Mobile Apps.. Guidelines on Privacy

Posted on January 28, 2013 by Vijayashankar Na

California Department of Justice has released a set of guidelines for Mobile Apps developers which act as “privacy Practice Recommendations”. The practices recommended here are expected to help in the compliance of the California Online privacy protection Act (COPPA) Being perhaps the first of such codes, this is a useful document to be adopted by all mobile apps developers as well as other stakeholders such as app platform providers, mobile networks etc.

These principles include making an app’s privacy policy available to consumers on app platform, before they download the app. It is stated that major app platform providers such as Amazon, Apple, Google, HP, Microsoft, RIM< and Facebook have agreed to the principles.

Highlights of the recommendations are:

For App Developers

•Start with a data checklist to review the personally identifiable data your app could collect and use it to make decisions on your privacy practices.
•Avoid or limit collecting personally identifiable data not needed for your app’s basic functionality.
•Develop a privacy policy that is clear, accurate, and conspicuously accessible to users and potential users.
•Use enhanced measures – “special notices” or the combination of a short privacy statement and privacy controls – to draw users’ attention to data practices that may be unexpected and to enable them to make meaningful choices.

For App Platform Providers

•Make app privacy policies accessible from the app platform so that they may be reviewed before a user downloads an app.
• Use the platform to educate users on mobile privacy.

For Mobile Ad Networks

•Avoid using out-of-app ads that are delivered by modifying browser settings or placing icons on the mobile desktop.
•Have a privacy policy and provide it to the app developers who will enable the delivery of targeted ads through your network.
•Move away from the use of interchangeable device-specific identifiers and transition to app-speciic or temporary device identifiers.

For Operating System Developers

•Develop global privacy settings that allow users to control the data and device features accessible to apps.

For Mobile Carriers
• Leverage your ongoing relationship with mobile customers to educate them on mobile privacy and particularly on children’s privacy

This is a good starting point for a new regime on privacy protection on the mobile platform. Hopefully it would be adopted at the earliest by responsible apps developers and distributors.

Naavi

Copy of Guidelines

Posted in Cyber Law, Privacy, TELCO | Leave a comment

Mis-perceptions about Section 66A

Posted on January 24, 2013 by Vijayashankar Na

Section 66A of ITA 2008 has been one of the most abused sections of the Act in recent days. There is also a discussion about the constitutional validity of this section on  whether this section infringes on the constitutional “Right to Freedom of Expression” as provided in Article 19(1) (a) of the Constitution. The discussion has arisen due to the filing of criminal cases in recent days in the case of Ravi Srinivasan of Pondicherry over a tweet, and two ladies in Palghar over postings in Facebook,

Article 19(1)(a) of the constitution is subject to “Reasonable Restrictions” as mentioned in Article 19(2) which provides discretion for any Government to frame and implement laws  infringing on the freedom of expression under the following condition namely,

“in the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States, public order, decency or morality or in relation to contempt of court, defamation or incitement to an offence”

The question therefore is whether Section 66A of ITA 2008 is a legislation framed under the exceptions provided under Article 19(2) of the Constitution.

This discussion would be relevant only if there is an impact of this section 66A on the “Freedom of Expression” under Article 19(1) in the first place. The perception of the community is of course that section 66A does infringe on the “Freedom of Expression” as otherwise the police action in the case of Ravi Srinivasan and the Palghar ladies were unwarranted.

However when we analyze the situation we need to also consider  whether the action of the Police in the above two cases were in fact because the Police considered that Section 66A was an exception under Article 19(1) or simply because they misread the law.

If the Police had misread the law the remedy is not in removing the section but in punishing the Police for “Human Rights Violation” and providing such clarifications as would ensure that in future similar mistakes would not be done.

In this context it becomes necessary to discuss if Section 66A of ITA 2008 was indeed meant to address the situation where a Facebook post or a Twitter post could cause annoyance to another individual and that the person who had expressed the objectionable view could not be protected under Article 19(1).

Section 66A has three parts.

It is reproduced below for immediate reference.

Section 66A: Punishment for sending offensive messages through communication service, etc

Any person who sends, by means of a computer resource or a communication device,-

a) any  information that is grossly offensive or has menacing character; or

b) any   information which he knows to be false, but for the purpose of causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred, or ill will, persistently  by making use of such computer resource or a communication device,

c) any electronic mail or electronic mail message for the purpose of causing annoyance or inconvenience or to deceive or to mislead the addressee or recipient about the origin of such messages

shall be punishable with imprisonment for a term which may extend to two three years and with fine.

Explanation: For the purposes of this section, terms “Electronic mail” and “Electronic Mail Message” means a message or information created or transmitted or received on a computer, computer system, computer resource or communication device including attachments in text, image, audio, video and any other electronic record, which may be transmitted with the message

This section  applies to “Any Person” who “Sends” by means of a computer resource or a communication device, “any Information” or “Electronic Mail” or “Electronic Mail Message”.

It may be noted that this section is applicable to “Messages” and not for “Publishing” a content on a web platform. Under ITA 2008 offenses related to “Publishing” were covered under Sections 67, 67A and 67B and were restricted to content which was “Obscene”.

Then does it mean that ITA 2008 did not address situations where “Defamation” could occur through non obscene content being published on the web as in the case of the above cases?. The clear indication in the legislation is “Yes”. ITA 2008 did not try to address “Defamation” in electronic space except where the content was obscene.

The perception that Section 66A addressed defamation arose from the fact that it referred to “Information that is grossly offensive or menacing” under Section 66A(a)  as well as “information” that could cause “annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred, or ill will” under Section 66A(b) and “Causing annoyance” under Section 66A(c).

The first time the section was invoked to address defamation was in the Delhi High Court case of E2labs Vs Zone-H.org. In this case the remedy sought was shutting down of a website which allegedly hosted some defamatory content. Since the defendant in this case was a foreigner and chose not to respond to the notices of the Court for reasons of his own, the Court passed an interim order blocking the website which has remained in place permanently since the defendant will never contest the injunction.

The interim judgement has therefore created a perception that the Court agrees that “Defamation” was caused by the publication and hence the site was blocked. This perception provides a sort of legitimacy to the claim that “Section 66A can be invoked when defamatory content is published on the web platform and it does not get restricted by the constitutional rights of freedom of expression”.

It must however be noted that Section 66A was meant to address “Information” that can be “Sent” and not “Information which is static”. Information which is “Sent” is a “message” and is sent from one person to another. It is “Pushed” . On the other hand a content which is “Posted” is  not directed at any person. It is only “Pulled” by persons who have become part of a “Community” who have agreed to exchange information with other members of the community.

A “Facebook” post or a “Twitter Post” falls into this category of “Hosted content” and does not fall into the category of “messages”. They can be dealt with under the Section 499 of IPC and there is no need to invoke Section 66A.

The fact that Section 66A was meant for “messages” is also evident from the fact that Section 66A(b) used he word “Persistently”. This means that if a person is again and again sending a message (which he knows to be false and is sending it with the malicious intention of causing annoyance etc). In a website posting, the content is posted and not sent again and again to another person.

Section 66A(a) does not use the word “Persistently” but it applies only to such messages which can be considered as “Grossly offensive or Menacing”.

Section 66A(c) also does not use the word “Persistently” but it is specifically mentioned that it is addressed to an “Electronic Mail”.

Thus it can be inferred that Section 66A was meant only for “messages” and not for “Content”. This is justifiable since Section 499 may not be apt for “letters sent from one person to another” and also that the web presented the possibility of a higher level of annoyance than the physical equivalent of “Bulk letter mailing” since “Bulk email bombardment” is more likely.

Section 66A addressed the message because there were offences such as Cyber bullying and Cyber Stalking as well as “Spam” which could not be effectively dealt with under Section 499.

In view of the above we can conclude that Section 66A ITA 2008 was never meant to address “Defamation” and never meant to overlap Section 499 of IPC but was meant to address situations which in the cyber space were significant threats and were not addressed effectively by the physical world equivalent addressed by IPC.

If therefore we come to the conclusion that “No change is required in Section 66A” it will be because the section was never meant to address “Defamation” and  exclusions under Article 19(2) of the constitution and not because we endorse the view that Section 66 A is within the constitutional validity of Article 19(2).

Media needs to understand the issues involved and does not misinterpret the views that may be expressed by the Court in this regard.

Naavi

Posted in Cyber Law, Netizen's Forum | Leave a comment

Silicon India interview

Posted on January 22, 2013 by Vijayashankar Na

Naavi was recently interviewed by Silicon India. The interview is available in the community page of Silicon India. A link is available here.  The interview is presented in the physical society identity of Naavi.

The theme of the interview is basically my views on “Leadership”.

Naavi

Posted in Uncategorized | Leave a comment

RBI’s responsibility in preventing Aadhar Misuse for Bank Frauds

Posted on January 22, 2013 by Vijayashankar Na

I refer to the news report in Midday indicating a new modus operandi in the commission of a Bank fraud in India. This fraud has been committed as a combination of “Phishing”, “Security lapses at the victim’s Bank”, “Compromise of KYC by the mobile operator” and “Compromise of KYC by the collecting Bankers”. The compromise of KYC at the fraudster’s bank has been caused by the use of Aadhar identities.

So far we have seen the  first generation Bank frauds of this nature consisting of “Phishing” associated with the opening of fraudulent accounts at receiving branches. To complete this fraud the fraudster had to steal the password of the customer and then also use several recipient accounts. To open such accounts he normally used fake PAN card or other strategies. Opening and maintenance of such accounts as well as inability to spot the unusual nature of transactions during the fraud amounted to “Negligence” of the collecting Banker and failure of KYC process. This made the collecting bankers liable for the fraud along with the victim’s bank where the authentication system used passwords instead of the legally mandated “Digital Signature”. As a result, the victim’s bank as well as the banks where the fraudster’s accounts were held vicariously liable for the fraud.

This aspect has been brought to the attention of RBI and RBI has been issuing periodical guidelines to the Banks. Banks, on the other hand have formed a cartel to oppose any moves by RBI to secure the Bank transactions by improving the security. On the other hand they have pushed RBI to introduce more of insecure technology such as Mobile Banking. RBI has been a mute spectator to this technology invasion and gradual erosion of Bank security.

It is not out of place here to mention that the Ministry of Communication and Information Technology has been procrastinating on the appointment of the Presiding Officer of Cyber Appellate Tribunal and preventing legal remedies to be available for the victims of cyber crimes.

RBI has to take the responsibility for having made the Bank security dependent first  on the OTP system and now on the Aadhar system. The linking of Aadhar to ban accounts was suggested by the UPA Government as a means of transferring certain subsidies directly to the beneficiaries. What this has achieved is a dilution of KYC at the bank level and dependence on Aadhar as the sole KYC to open the accounts. These Aadhar account holders have now become the facilitators of the fraud and have to face jail prospect. They can thank UPA for this favour!.

There is an immediate need for RBI to re consider its wisdom of linking Aadhar to the opening of Bank accounts and alert all the Banks to the possibility of Aadhar being misused.

 naavi

Posted in Bank, Cyber Crime | Leave a comment

Donot link Aadhar to your Bank account

Posted on January 22, 2013 by Vijayashankar Na

I observed during the Aadhar registration process in Bangalore that by default the registrar was encouraging registrants to link their Bank accounts to the Aadhar application. Risk associated with such process has been highlighted by the fraud reported in Midday

According to this report a fraudster operating from China had used the information to open fake accounts in the name of several Aadhar card holders in six different locations and transfer about Rs 1.75 lakhs to those accounts from the account of the victim.

This is an indication that the bank which opened the fake accounts was grossly negligent in opening the accounts using the Aadhar linkage as a KYC process.

Of course the case also involves fraudulent access at the Bank where the account was kept and the failure of the OTP system relied upon by the RBI is also indicated. The fraudster seems to have blocked the SIM card of the bank customer and diverted the SMS messages as well as probably the OTP messages. The mobile company also appears to be at fault in the process.

Though legally the Bank where the account was kept, the Mobile Company and each of the Banks where the fake accounts are opened are all liable for both civil and criminal consequences and liability to compensate the victim, the process of initiating suitable action in this regard and recovering the amount requires efforts. ..More so since Bankers act as rogues and bully the customers into absorbing the liability themselves or persuade them to follow up with the Police.

Naavi has been pursuing several cases of this sort and found that Banks have friends in many places to delay delivery of justice. Hope RBI will wake up to recognize its folly to depend on OTP in the first place and then on the Aadhar in the second place. These strategies have subordinated Bank security to the security of the Mobile and Aadhar systems. Since these are weak at present, Bank systems have also been rendered weak. This is a serious policy lapse. In future cases of such nature, I will not be surprised if RBI is also made a party to the fraud for its own negligence.

Naavi

Posted in Bank, Cyber Crime, Cyber Law, Uncategorized | Leave a comment