Naavi.org

On 17h December 2022, Cyber Society of India, ExNoRa and SPIN-to Chennai conducted an event in Chennai in which Naavi was conferred a Life Time Achievement Award for his contributions to the Cyber Jurisprudence. Simultaneously three other persons who along with Naavi were instrumental in the first conviction under ITA 2000 which occurred in 2004 namely the Magistrate Sri Arul Raj, The IO, Sri Balu Swaminathan and Special Public prosecutor, Mr Kodandaraman were also facilitated with life time achievement awards.

PROGRAM

The event was held at Hotel Raj Sundar Palace, Raja Annamalai Puram. Several dignitaries including senior advocates participated in the event.

Sitting Judge of Madras High Court, Honourable Sri Bharata Chakravarthy gave away the awards.

Further, Advocate M A Ranganath who argued the Umashankar case in the Madras High Court was also facilitated as a Guest of Honour.

Suhas Katti case was historical because it was the first criminal conviction under ITA 2000 which occurred in the year 2004. It was also the first case in which Section 65B certificate was admitted as an evidence and was the main evidence of the offence. Naavi had presented the evidence. (Copy of the judgement is available here:

Copy of Suhas katti Judgement

Umashankar Vs ICICI Bank adjudication was historic because it was the first instance of Adjudication under ITA 2000 resulting in the liability of the Intermediary Bank was upheld in a Phishing Case. The award was given by the then IT Secretary of Tamil Nadu, Mr P W C Dawidar in 2010.

It was subsequently confirmed by the TDSAT under the chairmanship of Honourable Retired Supreme Court Justice, Sri Shiva Kirti Singh in 2019. (During the intervening period the trial continued in Cyber Appellate Tribunal for 2 years before the Tribunal became dysfunctional and later re-started its activities under TDSAT in 2018).

Further the Bank filed an appeal in Madras High Court and the trial was concluded and Judgement dismissing the appeal was released on November 9, 2022.

Naavi argued the case under a Power of Attorney on behalf of the victim Sri S Umashankar who is an NRI, in Adjudication, Cyber Appellate Tribunal and TDSAT. In Madras High Court he was the Expert to assist the Court and Advocate Ranganath presented the arguments.

The  judgement copies in S Umashankar case are available below:

1. Adjudication award from Adjudicator of Tamil Nadu
2. TDSAT Judgement of January 2019 and Reviewed Judgement from TDSAT of March 2019
3. AO’s order following TDSAT Review
4. Madras High Court order on Naavi as PIP
5. Judgment of Madras High Court.

Naavi

Also read: Magistrate D Arul Raj is an unsung hero in development of Jurisprudence under Section 65B of Indian Evidence Act : December 9, 2017 The beginning The End Also view the Discussion on the case at FDPPI Some videos I found on Youtube :

RBI has released an instructive booklet on Cyber Frauds  which should be of great use to common people.

Since this is meant for public awareness, a copy is provided here. 

Naavi

 

While we carry on a discussion on the “Right to Privacy” as a fundamental right and what should be the provisions of regulation such as Digital Data Protection Act or GDPR etc., there is a need to also have a firm understanding of the foundation and legislative background for the law.

The DPDPB2022 has skirted the issue by making this Bill only as an attempt to regulate Governance of Digital Personal Data in a manner that it would ensure that Personal Data is not misused to cause infringement of Privacy Right.

But the real nature of the Right to Privacy beyond it being a part of the Fundamental Right to Life and Liberty under the Article 21 of the Indian Constitution is not clearly explained even in the Puttaswamy Judgement.

There is therefore a need for a continued academic debate on this topic since this will come to haunt us even when regulations are notified under DPDPB 2022.

Naavi.org would like to start a debate on the “Theory of Privacy” for academic purpose with the hope that we would add to the global knowledge base on the topic.

I invite participation of other academicians in this respect. Watch out for series of articles that would be released over a period of time.

Naavi

 

Naavi has embarked on a major project to bring together all Data Protection Consultants into one common platform.

By “Data Protection Consultants”, I mean individuals who  are capable of providing guidance to an organization in implementing Privacy or Information Security related compliances.

The set of such consultants also include  firms which have teams of multiple consultants and divisions of some large companies which have a vertical for extending such services.

The instrument through which these consultants would interact is a techno legal platform presently identified as “Federation of Data Protection Consultants” (FDPC).

The platform will have multiple objectives.

The first objective is to get together all consultant and consultancy organizations in the domain of Privacy, Data and  Protection as well as and Information Security consultancy on one platform as a “Self help Group” with its own self regulatory practices for Ethical business.

The second objective is to enable the consultants to offer their services through the platform.

The third objective is to enable the organizations most of whom may be SME/MSMEs to access the services of these consultants through the platform.

The platform may be considered as a “Data Protection Services Exchange”

The platform will be managed by a “Registrar” who will maintain the technical services.

The platform will be an affiliate of FDPPI but will be a subcontractor.

The platform will be an “Intermediary” under ITA 2000 and act as an aggregator of services and not the service provider himself.

The actual consultancy contract would be between the consultant and the client which will be facilitated by the platform.

In order to improve the credibility and ensure smooth service, the platform may organize secondary back up services under a separate “Contingent Service Contract”.

The process of empanelment of consultants, receiving enquiries from prospective clients, short listing of consultants to a given project, receiving bids, managing preliminary negotiations, as well as dispute resolution will be provided as the platform service. In this process principles used in Arbitration Councils, Tendering processes, Service aggregators etc will all be used appropriately.

It is envisaged that the platform could emerge as a Service Start up under Ujvala Consultants Private Limited and partners to such a project are welcome.

In order to explain the concept further, Naavi conducted an open house discussion today the 11th December 2022 at 11.00 am on Zoom.

The recording of the session is here:

 

Naavi

We  are aware that RBI is implementing a pilot project to introduce E Rupee as its CBDC. The E-Rupee or CBDC-Retail will be a tokenized version of a currency denomination. It will therefore be a digital document that is stored in a digital container which can be a software wallet or a hardware device.

The critical part of the implementation which we are not certain if the RBI  has sorted out is the ability for the public to view the Digital Token, identify it as a digital currency, validate  its authenticity and transfer it from one wallet to another.

As long as there is a Bank as an intermediary, the transferee can rely on the Bank to confirm the authenticity of the transaction. This happens in the Virtual currency transactions today. But the RBI seems to have a necessity to introduce a Digital Currency that may or may not have  an intermediary like the Bank

The undersigned is not in favour of complete disintermediation which will enable the digital currency to be “Anonymous” since it may then be used easily like cash for corruption and holding of black wealth.

Whether RBI finally adopts an anonymous version or an identifiable version of the digital currency, the E Rupee will be ultimately an electronic information which is stored somewhere.

If it is associated with the identity of the owner it would be “Personal Data”, If it is completely anonymous, it would be “Non personal Data”.

There will be  in future some instances where a owner of a digital currency may die leaving the  Digital Currencies held by him in his wallet with a bank or a private sector service provider or on his personal digital wallet device. This needs to be passed on to the legal heir like any other property.

In case there is no claimant to such digital currency, it cannot be left to be used by the wallet service provider but surrendered to the Government.

If the digital currency is held in a bank Wallet, it can be settled just like settling a claim on the Bank accounts.

While a “Will” cannot be made in digital form, a “Will” can be made in writing for a “Digital Property” and hence the owner may leave a written will and the digital currency would become a property that is settled through a succession certificate or a probate.

Since it is possible that non banking institutions may hold the digital currency and it may even be found as attachments to an e-mail or whatsApp message etc, the digital currency assets will be left with private people and  in case of death of the owner, the asset may illegally be appropriated by such intermediaries.

In the DPDPB 2022, a provision has been introduced for “Nomination” of personal data and this may apply to e-mails or WhatsApp accounts or other digital data. Legally this nomination may also include the digital currencies and will be subject to the limitations imposed by Section 1(4) of ITA 2000 which requires a written will to be made for digital assets.

The recent changes made on October 4 2022, removing the immovable property documents from exceptions under Section 1(4) which we consider as an ill advised move has also increased the financial stake in digital documents since we may now find a property worth crores of rupees for which a digital document may exist as sale deed or partition deed and may surface after the death of the property owner. This will be a new form of Cyber Crime which the Government has now unleashed on the public in India with the amendment of Section 1(4) of ITA 2000 and deletion of one of the sub clauses on immovable property.

It is possible that the DPDPB 2022 has not taken into account the huge values that may be contained in the personal data that may lie around or may be fraudulently created to commit frauds related to property.

Even if “Nomination” is considered only an authority to operate the property and not to transfer the ownership, the current provisions on “Nomination” is not robust enough to take care of the risks.

It would be necessary to ensure that DPDPB 2022 either deletes the nomination feature completely and makes it an obligation on the Data Fiduciary to settle the claim on personal data like settling the Bank assets.

Alternatively the DPDPB2022 should  make specific mention that “Nomination” does not amount to transfer of the right to the digital property, Will cannot be made in digital form and the responsibilities of the Data Fiduciary to ensure that the genuine legal heirs receive the property is not extinguished because of nomination.

Further any consent to Nomination should be suitably witnessed and not be subject to the usual “Click here” option.

Hope the MeitY takes note of this aspect when they finalize the draft of DPDPB 2022.

Naavi

Comments are welcome.