Cyber Laws For CxO
Be Aware... Be Empowered
March 2010
Editor
Naavi
www.naavi.org
Publisher
Ujvala Consultants Pvt Ltd
www.ujvala.com
News Snippets
Delhi High Court Orders Blocking of Zone-h.org
Recently it was noticed that the website of a company called zone-h.org was blocked for Indian view. This raised queries from many security watchers speculating the reason for such a step since this followed the recent attacks by a section of the media on the earlier Government action to ban savitabhabhi.com for pornographic content.
It was however interesting to note that the case of blocking of zone-h.org was different. It had followed from an ex-parte order from Delhi High Court for an interim blocking of the site as prayed for in a “Defamation Suit” between a Hyderabad based Company called E 2 Labs Pvt Ltd and the owners of the zone-h.org.
It was also interesting to note that in this case the order was made on a charge of “Defamation” under the sections 66 and 66 A of the ITA 2008 which was apparently endorsed by the High Court through the interim decision to accept the prima-facie occurrence of the alleged offence.
Yet another interesting aspect of this case was that the Court has relied on the complainant’s counsel himself to deliver the copy of the order and the summons for the counter to be sent to the defendants through e-mails by the complainant’s counsel.
In case the summons are not delivered and the defendants donot respond in time, the Court may proceed to decide the case ex-parte and make the injunction permanent.
This incident underscores the need for the Registrars of High Courts to develop the minimal expertise of sending digitally signed notices to the defendants rather than relying on the complainant himself.
Also this is a case where the High Court has accepted a complaint for trial which ought to have come under the jurisdiction of the adjudicators and CRAT since the offences alleged are under Sections 66 and 66A of ITA 2008. Perhaps these aberrations would be corrected when the Court takes up the hearing of the case next time.
Gorakhpur Fraud
It is reported that a BPO in Gorakhpur is running a business model where it is appointing franchisees by collecting a franchise fee of Rs 1 lakh and providing them with some business to be executed for which they will be paid at the rate of Rs 14000/- per computer per month. For a 10 seat franchisee the scheme projects a monthly income of Rs 1 lakh which is 100 % of the franchisee fee.
However the work which the franchisees are expected to get executed includes “Creation of imaginary log in IDs and Passwords” for a target website in US possibly as a criminalware for spamming or phishing.
Since this business is reported from Gorakhpur, it is referred to as the Gorakhpur Fraud. Similar schemes of collection of advance money and passing on what is touted as a “Home Based business opportunity” is prevalent in other places.
This business model is a fraud and involves many contraventions of ITA 2008 making both the franchisor and the franchisee liable for imprisonment and fine. It also endangers many genuine Internet business houses by spoiling the public confidence on “Internet business offers”, requiring the law enforcement to step in even if no complaint is made by any victim.
Columbian Voting System attacked by Hackers
Unidentified hackers reportedly struck the computerized system used to transmit voting data in Colombia's legislative elections, disrupting the vote count between March 14th and 15th.
India which heavily depends on the Electronic Voting System to protect its democracy should be wary of the Risks of Electronic Voting since it has continued to adopt a “Non Cyber Law Compliant EVM system” for a long time now. In the present EVM system, a physical document is linked to an electronic document and the link or the voting is not adequately authenticated as per ITA 2008. Though our EVM system is not Internet dependent and therefore not prone to the risks which the Columbian System has been exposed to, it is necessary for the CEC of India to review the process from Information Security perspective and Cyber Law Compliance.
Internet Investment Fraud hurting the Advertising Industry
In one business model operating from Bangalore, Delhi, Coimbatore and other places, a company is offering 100% investment return for the investors opening a given hyperlink and viewing an Internet Advertisement for a few seconds. Further it is found that the investors are often given no returns in cash and only shown credits in the account . The marketing is done using the MLM strategy and one investor helps raise money from another until the entire group has lost lakhs of rupees and made the website owner rich enough to run out of the country and settle in a foreign land.
This in turn cheats the advertiser by providing him an advertisementbenefit which is of no commercial value but still he charging him for the same. Since the money is raised as an “Investment”, it violates the SEBI control on raising funds from public.
Law enforcement is finding it difficult to take up investigations of such cases for lack of the victims coming forward to complain. But we need to realize that this kind of a fraud is also a fraud on the “Advertising Industry” and diminishes the confidence of the advertisers on Internet advertising system.
Many Internet advertisers in India are being defrauded in this incident since they have paid for advertising that is part of a fraudulent advertisement exposure system. This is like a print publication system which claims false circulation figures to get advertising from clients.
The Internet advertising industry has to therefore take up such incidents as frauds on the industry and bring the law enforcement into action.
Admitted Section 66F and Sec 70 Crime on Internet go Uninvestigated
Section 70 of ITA 2000/2008 deal with hacking or attempt to hack a “Protected System” as defined by the Government and makes it punishable with 10 years imprisonment. Similarly, under Section 66F of ITA 2008, a Cyber Terrorism offence is recognized when a sensitive information of the Government is accessed or a Government property is damaged (if there is an intention to harm the interest of the country etc).
In cases of suspected Cyber Terrorism it is not necessary for the Government to wait for somebody to file a formal complaint befire initiating action. In fact it is the duty of the intelligence wing of the Government to discover such information and act even if no complaint is made.
Recently some documents on the Internet revealed that Several Government websites were hacked by an employee of a company called E 2 Labs based in Hyderabad and the information was used to bid for security business with the same Government Agencies.
Though this information was made public by the said website and was accessible to the intelligence wing of the Government of India, no action was apparently initiated by the Government in this regard to investigate, find out the truth, take corrective action and inform the public.
This indicates that our security agencies may not be fully prepared to conduct Cyber Intelligence activities. May be there is a need for building a National Cyber Crime Information Collection Network with direct participation of the public to support the Government in its Cyber Patrolling requirements.
[Collected from various sources]
A PDF Copy of the News Letter would be sent by e-mail to all persons who subscribe. Subscription is free.