India Business Law Journal

Book sheds new light on cyberlaws

A new book outlining the fundamental concepts and key principals of cyberlaw has been released in Delhi. Written by prominent lawyer Karnika Seth and published by Butterworths Lexis Nexis Wadhwa, the book, titled Cyberlaws in the Information Technology Age, provides practical tips on e-contracting and e-commerce issues, e-payment systems and taxation considerations for e-commerce businesses. It also explores online privacy and security, defamation, freedom of speech on the internet, intellectual property piracy and cybercrime.

The book was officially launched by the chief justice of India, KG Balakrishnan, at a ceremony in Delhi on 7 October. Attendees included Supreme Court judges Altamas Kabir and Dalveer Bhandari, the additional solicitor general of India, Indira Jai Singh, and Gulshan Rai, head of the computer emergency response team at the Ministry of Information Technology. Seth, who is a partner at Seth Associates and the founder of the firm�s Cyberlaws Consulting Centre, has diverse transactional experience encompassing cyberlaws and e-commerce. She has helped to resolve many cybercrime cases in conjunction with the cybercrime cell in Delhi and other law enforcement agencies in India. She has also delivered specialist workshops on IT law and practice to judges, lawyers, senior government officers, police officers and IT professionals.

Seeking fingerprints in cyberspace

–Karnika Seth, cyber lawyer and Chairperson of Cyberlaws Consulting Centre, Seth Associates

‘Parents must monitor PC usage’
Most colleges in Mumbai have blocked ‘unwanted’ websites. Students in their computer labs can only access educational websites, in some schools and colleges, internet access is barred and is activated only when needed.

We hear of cases where students use cyberspace to get at someone or ridicule rivals.

They are at a vulnerable age, and they make commit an act without knowing the consequences of their behaviour.

They don’t know that what they might think is harmless or fun is considered a crime and they can be hauled up for the same.
Hence, students should be taught not only in school and colleges, but also at home about the ill effects of such actions.

In most cases, students use either cyber cafes or the internet facility at homes to surf pornographic websites. They rarely abuse the internet facility in educational institutes because they know that they will be caught due to the constant surveillance.

Hence the onus doesn’t lie on teachers but on parents because today everyone has a computer and internet access at their residence.

Therefore, parents need to keep a tab on their children and see what they are the surfing on the internet.They must warn them about the consequence of abuse.

The police plan to get cyber owners to install fingerprinting systems and webcams to deter any possible misuse of public computers is good. Now, people will think twice before misusing cyberspace.
There should also be surveillance on the computer monitors in cyber cafes, cameras should be able to record the activity on computer screens.

SME TIMES

Saurabh Gupta | 08 Oct, 2009

New book highlights safeguarding online security, privacy

To create awareness among common people about cyber laws a new book ‘Cyber laws in the Information Technology Age’ was released in Delhi on Wednesday evening.

This book authored by Karnika Seth, Cyber-lawyer & Managing Partner of Seth Associates law, presents an insight into different interesting cyberspace issues such as online privacy, defamation, freedom of speech on internet, intellectual property piracy on internet, and cyber crime with case studies and landmark precedents from different parts of the world.

It provides practical tips on safeguarding one’s security and privacy in the online world and will enlighten readers on their legal rights and obligations in cyberspace and legal implications of their actions on the Internet.

Butterworths lexisnexis Wadhwa in collaboration with the Karnika Seth has launched this book. The Book was released by Justice Altamas Kabir, Judge, Supreme Court of India.

Justice Dalveer Bhandari , Judge Supreme Court of India, Gopal Subramanium, Solicitor General of India , Indira Jai Singh, Additional Solicitor General of India and Gulshan Rai, Director General , CERT, Ministry of Information Technology also graced the occasion and delivered their address at the book release function.

“The prime objective of this book is to introduce its readers to the subjects of cyber laws, elucidate key operative principles and to discuss the key developments in the field of Cyber laws across many important jurisdictions India, United States and European nations,” said Karnika Seth.
“The book not only explains the fundamental concepts in cyberspace laws, but also aims to present a fair overview of the evolution of cyber laws across many jurisdictions.”

The book also discusses pertinent e-contracting and e-commerce issues, and describes popular e-payment systems and taxation regimes which are indispensable to e-commerce businesses.

“It elucidates the key principles for determining jurisdiction in cyber law disputes, significance of electronic signatures and admissibility of e-evidence, which are subjects of interest to readers’ world over,” the author added.

IBNLive

What do you do when you see yourself defamed online?

Nilanjana Bose/ CNN-IBM

Published on Thu, Feb 19, 2009 at 01:20 in Sci-Tech section

New Delhi: We have come to see rather innovative uses of this relatively new medium called social networking sites, from home loan defaulters getting summons posted on their facebook accounts to being informed of your change in marital status online, what do you do when you see yourself defamed online?

Thirty-five-year-old Emma Brady thought her six year old marriage was fine till she found out from her husband’s status on facebook that all wasn�t well. Their marriage ended – and in a way created history – by becoming the first divorce on facebook.

Social networking sites have been the bearer of bad news in the past as well. Carmel Corbo and Gordon Poyser in Canberra in Austalia owed a lending institution more than 100 thousand dollars. The company after failing to reach them at their house chose a far less conventional approach – They sent a notice to the couple via facebook.

Law Institute of Victoria Tony Burke says, “Well it’s a very interesting development, it shows in Australia, our courts are flexible and adaptable and willing to embrace new technologies, but I guess there are messages for those who choose to have a presence on facebook, you are liable to be found.”

There have been numerous cases of people being defamed on social networking sites, of groups being set up against well known faces. Blogs and social netoworking sites often use the freedom of expression to vent and be nasty. But what is wrong with that.

While the law is grainy when it comes to online defamation – cyber lawyers say…there is a way you can defend yourself.

Cyber lawyer Karnika Seth says, “You can file a complaint against the person who has filed the case and if they still don�t take off the offending stuff then the police can be involved.

But while the debate ranges on about freedom of speech and expression, for the moment its open season on social networking sites

IBNLive

What do you do when you see yourself defamed online?

Nilanjana Bose/ CNN-IBM

Published on Thu, Feb 19, 2009 at 01:20 in Sci-Tech section

New Delhi: We have come to see rather innovative uses of this relatively new medium called social networking sites, from home loan defaulters getting summons posted on their facebook accounts to being informed of your change in marital status online, what do you do when you see yourself demafed online?

Thirty-five-year-old Emma Brady thought her six year old marriage was fine till she found out from her husband’s status on facebook that all wasn�t well. Their marriage ended – and in a way created history – by becoming the first divorce on facebook.

Social networking sites have been the bearer of bad news in the past as well. Carmel Corbo and Gordon Poyser in Canberra in Austalia owed a lending institution more than 100 thousand dollars. The company after failing to reach them at their house chose a far less conventional approach – They sent a notice to the couple via facebook.

Law Institute of Victoria Tony Burke says, “Well it’s a very interesting development, it shows in Australia, our courts are flexible and adaptable and willing to embrace new technologies, but I guess there are messages for those who choose to have a presence on facebook, you are liable to be found.”

There have been numerous cases of people being defamed on social networking sites, of groups being set up against well known faces. Blogs and social netoworking sites often use the freedom of expression to vent and be nasty. But what is wrong with that.

While the law is grainy when it comes to online defamation – cyber lawyers say…there is a way you can defend yourself.

Cyber lawyer Karnika Seth says, “You can file a complaint against the person who has filed the case and if they still don�t take off the offending stuff then the police can be involved.

But while the debate ranges on about freedom of speech and expression, for the moment its open season on social networking sites

DNA- Wednesday, March 4, 2009 22:17 IST

Watch that e-motional trap

Mumbai: A city doctor succumbs to the charms of an online lover and shares with him intimate photographs of herself. A Delhi collegian allows her boyfriend to take candid mobile images of her. Emotionally vulnerable women can be exploited easily in the cyber and mobile space, Mumbaikars tell DNA

Expert view
Avoid disclosing sensitive info online
In this particular case, if the content was given by consent and then misused a complaint can be filed under the IT Act of India, Section 67 which prohibits the usage of pornographic material online.

Also, Section 292 of the IPC sets out the circumstances under which dealing with ‘obscenity’ and / or any ‘obscene’ material is treated as an offense. Whoever sells, allows hiring, distributes, publicly exhibits or in any way puts into circulation or has in his possession, any obscene material is punishable with imprisonment and / or fine.

People need to be very careful with the data they share online. Indian laws don’t permit sharing of pornographic material. In some cases the victims do not even know who posted the offensive material online. Some people create fake accounts just to commit cyber crime and then one has to track down the offender. For this we sometimes need the support of the Internet Service Provider (ISP) and the police as well.

So here are some tips for online behaviour:
avoid disclosing sensitive information online
maintain cyber decorum
be vary of the content you share on social networking sites, blogs etc
two people may share some information with a fair intention but this information can be misused by a third party
–Karnika Seth. Cyber law expert

Watch that e-motional trap

Mumbai: A city doctor succumbs to the charms of an online lover and shares with him intimate photographs of herself. A Delhi collegian allows her boyfriend to take candid mobile images of her. Emotionally vulnerable women can be exploited easily in the cyber and mobile space, Mumbaikars tell DNA

Expert view
Avoid disclosing sensitive info online
In this particular case, if the content was given by consent and then misused a complaint can be filed under the IT Act of India, Section 67 which prohibits the usage of pornographic material online.

Also, Section 292 of the IPC sets out the circumstances under which dealing with ‘obscenity’ and / or any ‘obscene’ material is treated as an offense. Whoever sells, allows hiring, distributes, publicly exhibits or in any way puts into circulation or has in his possession, any obscene material is punishable with imprisonment and / or fine.

People need to be very careful with the data they share online. Indian laws don’t permit sharing of pornographic material. In some cases the victims do not even know who posted the offensive material online. Some people create fake accounts just to commit cyber crime and then one has to track down the offender. For this we sometimes need the support of the Internet Service Provider (ISP) and the police as well.

So here are some tips for online behaviour:
avoid disclosing sensitive information online
maintain cyber decorum
be vary of the content you share on social networking sites, blogs etc
two people may share some information with a fair intention but this information can be misused by a third party
Karnika Seth. Cyber law expert<-->

COMMENTS OF KARNIKA SETH, CYBERLAW EXPERT & CHAIRPERSON, CYBERLAWS CONSULTING CENTRE ON THE AMENDMENTS PROPOSED BY INFORMATION TECHNOLOGY AMENDMENT BILL 2008

The Information Technology Amendment Bill 2008 was passed by the Lok Sabha and the Rajya Sabha in the last week of December 2008 and received the President�s assent on 5th February 2009. The Bill aims to make sweeping changes in the existing Indian cyber law framework, including inserting new express provisions to bring more cyber offences within the purview of the Information Technology Act, 2000.

On a comparative analysis of the provisions of the IT Act,2000 and the IT Amendment Bill 2008, my Observations & Comments are as below-

• With the passage of the Information Technology Amendment Act 2008, India would become technologically neutral due to adoption of electronic signatures as a legally valid mode of executing signatures. This includes digital signatures as one of the modes of signatures and is far broader in ambit covering biometrics and other new forms of creating electronic signatures.
• The Corporate responsibility for Data protection is greatly emphasized by inserting Section 43A in the IT Amendment Act 2008 whereby Corporate bodies handling sensitive personal information in a computer resource are under an obligation to ensure adoption of reasonable security practices to maintain its secrecy , failing which they may be liable to pay damages. Also, there is no limit to the amount of compensation that may be awarded by virtue of this Section.
• The Bill introduces the distinction between ‘contravention’ and ‘offence’ by introduction of the element of mens rea for an offence ( refer to- Section 43 & Section 66 of the Act). We note that no ceiling limit for compensation is prescribed under Section 43 of the Amendment Bill 2008 which was One crore in the IT Act 2000.
• As per proposed amendment in Section 66 of the Act, the explanation states that the word ‘dishonestly’ & the word ‘fraudulently’ shall have the meanings assigned to them in Section 24 and Section 25 respectively.When we refer to IPC�s Section 24 and section 25, it is important to incorporate the meaning elucidated in Section 32 of IPC also under explanation to proposed amendment to Section 66 i.e. ‘words referring to acts include illegal omissions’-i.e in IPC except where a contrary intention appears from the context, the words which refer to acts done also refer to illegal omissions.
• Further, clarification mentioned in section 33 of IPC may also be incorporated in explanation to Section 66 of the Act i.e. wherever the word ‘Act� is used it denotes a series of acts and where the word ‘omission� is used, it also could denote a ’series of omissions�.
• Many cybercrimes for which no express provisions existed in the IT Act 2000 now stand included by the IT Amendment Bill 2008. Sending of offensive or false messages ( section 66A), Receiving stolen computer resource ( Section 66C), Identity theft ( Section 66C), Section 66 D Cheating by personation , violation of privacy (66E). Barring the offence of Cyber terrorism ( 66F ) punishment prescribed is generally upto three years and fine of one/two lakhs has been prescribed and these offences are cognizable and bailable. This will not prove to play a deterrent factor for cybercriminals. Further, as per new Section 84 B, abetment to commit an offence is made punishable with the punishment provided for the offence under the Act and the new Section 84 C makes attempt to commit an offence also a punishable offence with imprisonment for a term which may extend to one-half of the longest term of imprisonment provided for that offence.
• In certain offences, such as Hacking (Section 66) punishment is enhanced from 3 years of imprisonment and fine of 2 lakhs to fine of 5 lakhs. In Section 67, for publishing of obscene information imprisonment term has been reduced from five years to three years ( and five years for subsequent offence instead of earlier ten years)and fine has been increased from one lakh to five lakhs ( Rupees ten lakhs on subsequent conviction) .Section 67A , adds an offence of publishing material containing sexually explicit conduct punishable with imprisonment for a term that may extend to 5 years with fine upto ten lakhs. Section 67B punishes offence of child pornography, child’s sexually explicit act or conduct with imprisonment on first conviction for a term upto 5 years and fine upto 10 lakhs.
• Section 69 is an example of internet censorship which can be justified on sound reasons. This Section empowers the Central Government/State Government/ its authorized agency to intercept, monitor or decrypt any information generated, transmitted, received or stored in any computer resource if it is necessary or expedient so to do in the interest of the sovereignty or integrity of India, defence of India, security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of any cognizable offence or for investigation of any offence . Section 69A also allows blocking of certain websites if its content is of such nature as described in Section 69.This provision is in conformance with the reasonable restrictions that are envisaged to be imposed on fundamental rights guaranteed under the Constitution of India incase the same is found necessary to maintain public order, national integrity, sovereignty and allied interests.
• There was a great deal of ambiguity in the earlier Section 79 of the IT Act 2000 . The extent of liability of Intermediaries stands clarified in the amended Section 79 whereby an intermediary shall not be liable for any third party information, data, or communication link made available or hosted by him if the function of the intermediary is limited to providing access to a communication system over which information made available by third parties is transmitted or temporarily stored or hosted; or the intermediary does not initiate the transmission, select the receiver of the transmission, and select or modify the information contained in the transmission and the intermediary observes due diligence while discharging his duties under the Act . However, intermediaries will be held liable if the intermediary has conspired or abetted or aided or induced, whether by threats or promise or otherwise in the commission of the unlawful act; or upon receiving actual knowledge, or on being notified by the appropriate Government or its agency that any information, data or communication link residing in or connected to a computer resource controlled by the intermediary is being used to commit the unlawful act, the intermediary fails to expeditiously remove or disable access to that material on that resource without vitiating the evidence in any manner.
• As per Section 72(A) proposed in the Bill , an intermediary is required to act as per the terms of its lawful contract and not to disclose any personal information to cause wrongful loss or wrongful gain to any other person. It is important to clarify here that this intermediary is also under obligation not to “USE” the personal information gained for purpose other than specifically authorized under terms of its lawful contract.

• CONCLUSION: India�s Information Technology Act, 2000 is comprehensive legislation but contains many lacunae. The passage of the IT Amendment Act 2008 will resolve many practical difficulties faced in the implementation of the Act. The IT Amendment Bill 2008 aims to bring significant changes in extant cyber laws in India, interalia, introducing legal recognition to electronic signatures, data protection obligations and mechanisms, provisions to combat emerging cyber security threats such as cyber terrorism, identity theft, spamming, video voyeurism, pornography on internet, and other crimes. There may be still some lacunae which will surface with passage of time .Hence, constant amendments in the legal statutory framework will always be essential. With growing dynamics of technology in India, the legal matrix needs to be strengthened at every milestone to fill up lacunae that remain in Information technology laws .To cope with the multifarious challenges that technological advancement may bring, be it issues of cyber security , privacy or cybercrimes, in my opinion India will call for more efficacious and stricter regime of cyberlaws.

For easy reference, a brief overview of the significant changes brought out by the IT Amendment bill,2008 is as given below :-

Data theft could be on the rise in 2009

Himanshu Mehta / CNN-IBN

Published on Fri, Feb 13, 2009 at 18:50, Updated on Fri, Feb 13, 2009 at 19:36 in Sci-Tech � Tech section

New Delhi: Data is precious. And Indians are increasingly stealing it.

Laid off employees, looking for revenge or for quick money, could be this year�s biggest cyber threat, say security firms like McAfee.

By copying digital data from their employers and selling it to crooks, they�ll cost their parent companies millions of dollars.

McAfee Inc, Director Kartik Shahani says, “Intellectual property data worth $4.6 billion was stolen last year. $600 million were spent for damages, $12 million of data is out-sourced to countries without any data protection.

Why should you care? Because the data stolen could be yours. A crook with your 16-digit credit card number, the three-digit CVC number at the back and your name, could buy anything with your money. It�s data like that that�s stored on company servers.

And it�s very easy to steal. Thanks to the tools we all use everyday. Banning them isn�t always practical. Software solutions do exist. But experts say more than the technology, it�s people who have to be changed.

Marketing Manager, Trend Micro Abhinav Karnwal says, “People need to be educated. They have to be told that information is confidential. That there are repercussions if it is taken out or shared with outsiders.”

Indian law threatens severe punishments in cases of data theft. A recent amendment even holds companies responsible for theft by their employees, of other firm�s data. Yet, compared to the value of the data stolen, the fines levied are just peanuts.

Cyber Lawyer Karnika Seth says, “I am of the opinion that punishments should be made more vigorous. They should be a deterrent for cyber crime.

Sixty seven per cent of data stolen from companies world wide, was stolen by insiders. Not by some sinister hacker, as you and I would assume.

However, only 40 per cent of the technology chiefs of companies worry about this threat. This year, that laxity could be suicidal.

Is Blogging A Crime?

Making nasty comments online can land you in jail

Pallavi Paul/ CNN-IBN

Published on Wed, Mar 04, 2009 at 21:25, Updated on Wed, Mar 04, 2009 at 22:33 in Sci-Tech section

New Delhi: Do you open up most when you’re online? Well, don’t. Nineteen-year-old Ajith rallied against the Shiv Sena on his Orkut community. Now he risks being thrown in jail. Thanks to a recent observation by the Supreme Court, which could become a template for all future cases.
“There are so many charges against Ajith, such as x, y, z. Our constitution does not allow such activity so it is not acceptable,” says Cyber lawyer Karnika Seth.
There are punishments for posting obscenity, inciting public disharmony, intimidation, even defamation. The problem is that how will these laws be interpreted.
In the heat of the Mumbai attacks, Cheytanya Kunte blogged against journalists revealing vital info on TV. He was forced to apologise by the channel.
Gaurav Sabnis complained about the standards of teaching at a Management institute. His write-up was forced off the net. Rashmi Bansal, who wrote about the same topic faced the music too.
“I personally don’t believe in deleting comments, the blog is like my living room, the door is open and people can come and join it but I can’t be held responsible for what they say,” says Founder and Editor of youth magazine JAM, Rashmi Bansal.
What is worrisome about the Supreme Court’s latest stand is that people like Rashmi could be threatened with jail, if anyone finds her writing offensive or untrue.
Bloggers are now crying foul and demanding freedom of expression online. If someone finds this offensive can they be hauled to court too?
“With the kind of laws that exist, it is very easy for a blogger to be dragged to court. Now, a journalist has the means to fight such cases, but a poor fellow sitting in Bangalore, him getting out or work to go defend himself is very problematic,” says blogger Amit Varma.
So, next time you upload a video to youtube or a photo to Flickr, message your friends on Facebook or update your blog make sure you aren’t breaking the law.

Cyber-venture for Seth Associates

Seth Associates, a full-service law firm based in New Delhi, has launched a specialist arm focusing on cyberlaw and information technology. Cyberlaws Consulting Centre (CCC) is headed by Karnika Seth, a noted specialist in the area. CCC has been established to act as a research centre as well as to provide consultancy services and represent clients in litigation.

The consultancy will advise on internet and cyberlaw-related issues. These include the viability of e-commerce models, legal and regulatory compliance in different jurisdictions, Cyber investigations and litigation, hacking, credit card frauds, online defamation and impersonation, cyber stalking, phishing, taxation issues, Copyright and trademark infringements on the internet and data protection issues.

Seth said: “As most businesses depend on use of computers and internet technology and new forms of transacting business through e-commerce, knowledge of cyberlaw is becoming indispensable”. She pointed out that conventional laws of contract such as trademark and copyright would be insufficient in offering protection in the online world, which requires special modifications, “considering the nature of the medium and complexity of cyberspace”.

“A few countries have already acknowledged this fact and have passed specific legislation with respect to information technology”, adds Seth. “The legal matrix, the role of the judiciary and other enforcement agencies can be better understood through a fair knowledge of cyber laws”.

Is Blogging A Crime?

Making nasty comments online can land you in jail

Pallavi Paul/ CNN-IBN

Published on Wed, Mar 04, 2009 at 21:25, Updated on Wed, Mar 04, 2009 at 22:33 in Sci-Tech section

New Delhi: Do you open up most when you’re online? Well, don’t. Nineteen-year-old Ajith rallied against the Shiv Sena on his Orkut community. Now he risks being thrown in jail. Thanks to a recent observation by the Supreme Court, which could become a template for all future cases.
“There are so many charges against Ajith, such as x, y, z. Our constitution does not allow such activity so it is not acceptable,” says Cyber lawyer Karnika Seth.
There are punishments for posting obscenity, inciting public disharmony, intimidation, even defamation. The problem is that how will these laws be interpreted.
In the heat of the Mumbai attacks, Cheytanya Kunte blogged against journalists revealing vital info on TV. He was forced to apologise by the channel.
Gaurav Sabnis complained about the standards of teaching at a Management institute. His write-up was forced off the net. Rashmi Bansal, who wrote about the same topic faced the music too.
“I personally don’t believe in deleting comments, the blog is like my living room, the door is open and people can come and join it but I can’t be held responsible for what they say,” says Founder and Editor of youth magazine JAM, Rashmi Bansal.
What is worrisome about the Supreme Court’s latest stand is that people like Rashmi could be threatened with jail, if anyone finds her writing offensive or untrue.
Bloggers are now crying foul and demanding freedom of expression online. If someone finds this offensive can they be hauled to court too?
“With the kind of laws that exist, it is very easy for a blogger to be dragged to court. Now, a journalist has the means to fight such cases, but a poor fellow sitting in Bangalore, him getting out or work to go defend himself is very problematic,” says blogger Amit Varma.
So, next time you upload a video to youtube or a photo to Flickr, message your friends on Facebook or update your blog make sure you aren’t breaking the law.

By-Karnika Seth, Cyberlaw expert & Partner, Seth Associates Advocates & legal Consultants

Can we regulate the internet?

The unprecedented advent of Internet is challenging many existing models of Information society and forms of regulation. Internet is a global communication network and in its quintessence, beyond the national frontiers and does not fit into the existing regulatory regimes. While it stands clear that internet based activities are subject to legal regulation, it also clear that no single State can exert control over Internet as a whole. Further, the notion of convergence is assuming increasing importance in the development of regulatory policy. Traditionally, technologies such as the telephone, broadcasting, cinema and the printed word have been considered discrete and subject to quite different regulatory regimes. The technologies are converging and in my considered opinion, regulatory regimes should also move together. David R Johnson and David G Post advocate that online service users and providers are aiming to create a self regulation mechanism. An example in this direction is the ICANN�s Domain name dispute resolution policy adopted by WIPO and administered by it to resolve domain name disputes between parties that may belong to different jurisdictions. Also, widespread agreement already exists about basic netiquettes of using the Internet. It is felt that in cross border online disputes International law principles of delegating authority to self regulatory mechanisms and comity will play a significant role. It is also incorporated into the principles set forth in the Restatement ( third of Foreign Relations law of the United States in Section 403 which states that .
“a state may not exercise jurisdiction to prescribe law with respect to a person or activity having connections with another state when the exercise of such jurisdiction is unreasonable”.

And that when a conflict between two States arises-

“each State has an obligation to evaluate its own as well as other States interest in exercising jurisdiction and should defer to the other state if that States�s interest is clearly greater”.

In the 1990�s self regulatory measures were seen to provide the basis of ethical regulation of the internet. John Perry Barlow then published a “Declaration of Independence for the Internet” (1996) which stated as follows:

“Governments of Industrial world, you weary giants of flesh and steel, I come from Cyberspace, the new home of mind. We have no elected government, nor are we likely to have one,. I declare the global social apace we are building to be naturally independent of the tyrannies you seek to impose on us”

The rapid growth of internet demanded a more sophisticated notion of legal regulation. By 1997 , the then president of US, Bill Clinton issued internet related declaration titled A framework for Global electronic commerce that elucidated principles of “Private Sector should lead”. “Facilitation of e-commerce by government” and “encouraging Industry self regulation” although Government were invited to act if necessary . The Australian government endorsed this reasoning and developed Co – regulatory regimes in the areas of content regulation (Broadcasting Services ( online services) Amendment Act 1999)and privacy ( privacy amendment ( Private Sector) Act 2000). “Co- regulation” defined a scheme where government and industry work hand in hand to develop a regulatory framework.
In 1999, Lawrence Lessig, then a professor of law at Harvard University law school released a book called Code and other laws of Cyberspace. In his book Code, lessig explains just as architecture in real space can constrain our actions, architecture in digital world (Code) can regulate what we do. If we want to stop our copyrighted works from being copied over net, we may use technological methods apart from resorting to copyright law. In response to the increasing copyright infringements online in December 1996 , WIPO Copyright Treaty came into force Article 11 of which provided that States should enact laws to prevent circumvention of technological protection measures that protect copyright information. USA did this through Digital Millennium Copyright Act 1998 and so did the European Union in its directive on Copyright and other related Rights in Information Society 2001.

The core principles of Cyber Regulation

The quandary over application of traditional rules to online transactions has brought a common consensus on atleast few basic principles that are accepted worldwide to regulate the cyberspace.
Firstly, equivalence of traditional and electronic transactions. Much of the legislative reform across nations is based on the UNCITRAL model law of electronic commerce, 1996 .
Secondly, establishing of trust in e-transactions. In 1995, the EU responding to the concerns over the invasive nature of internet and its dramatic capability to trace and profile individual identity promulgated the European Directive on Data Protection .
Broadly speaking, the Directive requires States to enact legislation covering the processing of data collection in the private sector requiring, interalia, the purpose for which the information is gathered to be disclosed at the point of receipt, that the information should only be used for that purpose and the individuals have the right to see and update their data. Most importantly, Article 25 of EU Directive stipulates that EU Businesses cannot disclose data to members of third party states unless it is shown that effective data protection regimes are in place in those states. Canada has responded by enacting similar obligations in Privacy and Electronic Documents Act passed in April 2000 and likewise Australia enacted the Privacy Amendment (Private Sector) Act 2000.

Thirdly, there is a universal consensus on encouraging participation of non governmental entities in regulation of e-commerce ( e.g operation of WIPO domain name dispute Resolution policy), and fourthly, preserving openness of channels of e-commerce and maintaining free competition.

Conclusion

It is reasonable proposition to leave the internet space free but subject to certain governmental restrictions which are extremely necessary in public and national interest. This is important to promote the technological and utilitarian growth of Information technology. Hence, unless any particular activity on the Internet cannot be controlled through the rules adopted by Internet service providers and users (together with the use of technological tools) and has unacceptable adverse consequences from a public policy perspective (which would need an international consensus through treaties or otherwise), there seems to be no good reason against allowing Internet users themselves to choose self regulation mechanisms.

We welcome responses to the issues raised here. Please mail your comments to this address:Karnika@sethassociates.com

Himanshu Mehta / CNN-IBN

Published on Fri, Feb 13, 2009 at 18:50, Updated on Fri, Feb 13, 2009 at 19:36 in Sci-Tech � Tech section

New Delhi: Data is precious. And Indians are increasingly stealing it.

Laid off employees, looking for revenge or for quick money, could be this year�s biggest cyber threat, say security firms like McAfee.

By copying digital data from their employers and selling it to crooks, they�ll cost their parent companies millions of dollars.

McAfee Inc, Director Kartik Shahani says, “Intellectual property data worth $4.6 billion was stolen last year. $600 million were spent for damages, $12 million of data is out-sourced to countries without any data protection.

Why should you care? Because the data stolen could be yours. A crook with your 16-digit credit card number, the three-digit CVC number at the back and your name, could buy anything with your money. It�s data like that that�s stored on company servers.

And it�s very easy to steal. Thanks to the tools we all use everyday. Banning them isn�t always practical. Software solutions do exist. But experts say more than the technology, it�s people who have to be changed.

Marketing Manager, Trend Micro Abhinav Karnwal says, “People need to be educated. They have to be told that information is confidential. That there are repercussions if it is taken out or shared with outsiders.”

Indian law threatens severe punishments in cases of data theft. A recent amendment even holds companies responsible for theft by their employees, of other firm�s data. Yet, compared to the value of the data stolen, the fines levied are just peanuts.

Cyber Lawyer Karnika Seth says, “I am of the opinion that punishments should be made more vigorous. They should be a deterrent for cyber crime.

Sixty seven per cent of data stolen from companies world wide, was stolen by insiders. Not by some sinister hacker, as you and I would assume.

However, only 40 per cent of the technology chiefs of companies worry about this threat. This year, that laxity could be suicidal.

Saurabh Gupta | 05 Aug, 2008
Most of the owners of businesses are not aware about the possibilities and the effects of cyber crime or click frauds happening in the corporate world around us. It is a serious threat to the nation, Attorney-at-law & Partner, Seth Associates, Karnika Seth told SME Times in an exclusive interview.

Excerpts of the interview…

What are the major cyber frauds (Business to Business) faced by corporate world while doing business with overseas companies?

Karnika Seth: In most of the transactions in the corporate world there are chances of various types of online fraud. First of all if someone is dealing with companies which are based abroad, there is a problem of credibility check for these overseas companies. We don�t know exactly who the owner is and where it is established because there are various virtual offices and there are no registered or incorporated offices of their companies. So there are chances of fraud or cheating.

Then there are cases of phishing or commonly called Nigerian fraud. Phishing is the luring of an internet user to reveal personal details (like passwords, credit card information, etc.) on a fake webpage or email form pretending to come from a legitimate company or banks. These cheaters make a fake bank account and ask the details online.

Then there is possibility of cheating by impersonation, where a person is imitating the mannerisms of another person X or Y.

The corporate world has a major problem of data theft, which can easily be transferred from one computer to the other with just a single click of mouse. So the corporate world needs to be aware and should be alert about the possibilities and harm of the cyber crime.

What is internet marketing or SEO fraud?
Karnika Seth: Search engine optimization (SEO) is method which can be applied to a website to increase the ranking of your website on the search engines. People sometimes deliberately optimize the pages by those particular keywords to attract customers and traffic, but the intention is not to deliver service.

This activity is also a type of fraud. The technical experts deliberately optimize a website to seek credibility of the products or services on their website.

What are the types of investment fraud seen online?
Karnika Seth: One should always think twice before he/ she invests money through the Internet because now a days the internet is also an important tool for fraudsters. One of the major investment fraud seen at present is credit card frauds. In this category credit card frauds are majorly there. Credit cards can easily be screened by a single swapping at restaurant or at a petrol pump, which leads to fake online shopping and all.

Another thing is online banking frauds. I will like to say that never give your internet banking id and password to anyone not even to the bank itself. Banks too advise their account holders to not to disclose their details.

There are several agents who act as middleman in the tendering process for mostly overseas bidders. In many cases these middlemen have been found to be frauds. What is your comment on this? And how can one take care of online tender frauds?
Karnika Seth: We do get various clients who are involved in the tendering activity. Our role is to check the credibility of the company and the tender too…whether these tenders are fair and the process and rule of tendering is compliant as per the laws. We have to check that is there any scope of fraud or cheating.

I have seen a case of tendering in which hundreds of terminals start filling tenders at the last hour of closing a tender may be from a same company which is illegal and also depends upon the bidding conditions of the company. So any sort of tampering with technology is not allowed.

And this middle man case is the case of cheating by impersonation. Again the credibility and authenticity needs to be checked of this kind of middleman. And as per my opinion, none of the overseas companies hire such types of middleman. So need not to go through this channel in the process of tendering.

I keep receiving mails from different ids, some promising money or business, while many ask for providing samples of my products to them. Once or twice I did send, but I received no replies after that. Some of my colleagues tell me that they might be 409 or 419 frauds. What it means?
Karnika Seth: Frauds 409 or 419 are basically the lottery scam in which some overseas persons are involved to cheat innocent persons or organizations by promising to give a good amount of money at nominal fee charges. Their intention is to steal money in the form of fee against the lottery prize.

It is popularly known as the ‘Nigerian Scam’. The 419 fraud is a sub-classification of Advance Fee Fraud crime in which the target person receives an unsolicited fax, email, or letter often concerning Nigeria or another African nation containing either a money laundering or other illegal proposal or he/ she might receive a legal and legitimate business proposal by normal means.

How can one find the right person online?
Karnika Seth: While doing business globally the common hurdle is conducting a credibility check of mushrooming overseas companies with their registered virtual offices, which is a new concept. But the fraudster is using these means very often to cheat companies off their hard-earned money.

While doing overseas businesses, a businessman need to check the credibility of the company through its corporate history, through its client database and if needed, can go through the financial details of the company.

How efficient is the Indian cyber law in handling internet fraud?
Karnika Seth: Although the Indian cyber law is to some extent very competitive. However there is a need to amend the Information Technology Act (ITA), 2000. ITA-2000 is versatile enough to accommodate the aspects of crime.

Under ITA-2000 the offense is recognized both under Section 66 and Section 43. Accordingly, the persons involved are liable for imprisonment and fine as well as a liability to pay damage to the victims to the maximum extent of Rs 1 crore per victim for which the “Adjudication Process” can be invoked.

The punishment for cyber crime is somewhere around three years to seven years depending upon the offense.

How can one avoid online banking fraud?
Karnika Seth: In this age and time, we need internet banking and other internet services, yet it needs to be full-proof which is however very difficult. Technically we are trying a lot to do away with these short comings. One should be competitive enough at the technological front like we have RSH feed for security.

These crimes are happening at a very fast rate. So lot of IT audit is required, which will make sure few things like password allocation which is given to the clients should be very-very complicated and companies need to keep changing from time to time.

Changing the password and access to the confidential machines should not be allowed to the employees after the office hours and also not from their home.

Now offices are based on sharing basis or on the network where lots of folders are shared and these folders keep some confidential and sensitive information. There is also a need of proper maintenance of the log by the IT department.

While doing the overseas businesses a businessman need to check the credibility of the company through its corporate history, through its client data base and if needed can go through the financial details of the company.

I will suggest that one should do good research before he/ she sends any kind of money to anyone over the internet. And never pay anything upfront for any reason and never extend credit for any reason.

Cyber crimes @ Web 2.0

With over 77 per cent cyber crimes targeted at corporates, Web 2.0 increases the quantum of exposure and damage done

Thursday, May 10, 2007

December 2006: The Economic Offences Wing (EOW), Crime Branch, Delhi Police,

unearthed a major phishing scam involving fake emails and websites of UTI Bank. An analysis of the accounts of the four arrested Nigerian nationals indicated financial transactions of over Rs 1 crore in an eight-month period till December 2006. This indicates the estimated amounts involved. Investigations revealed that the scam is multi-layered with pan-India and international characteristics.

This is the direction in which cyber crimes are increasingly moving, a marked shift from the unorganized and casual cyber crimes of two years back, driven more by vindiction or some casual fun. As cyber crime graduates to the Web 2.0 level, it’s sophisticated and lethal.

“With the little offences came the larger ones involving huge money, and one has seen this sudden jump from smaller crimes to financial crimes in the last one year” -Karnika Seth, partner, Seth Associates, Advocates and Legal Consultants

According to Captain Raghu Raman, CEO, Mahindra Special Services Group (SSG), the contributing factors are high volume of data processing, rapid growth and major migration into the online space, especially of financial institutions and their customer transactions.

However, actual numbers continue to elude, considering the fact that a majority of the cases go unreported. Most victims, especially the corporates, continue to downplay on account of the fear of negative publicity thereby failing to give a correct picture of the cyber crime scene in the country. According to Cyber law expert Na Vijayashankar (popularly known as Naavi), it is difficult to measure the growth of Cyber Crimes by any statistics, the reason being that a majority of cyber crimes don’t get reported. “If we, therefore, focus on the number of cases registered or number of convictions achieved, we only get diverted from real facts,” he adds. Duggal points out to the results of a survey he conducted in early 2006 on the extent of under-reporting. For every 500 instances of cyber crimes that take place in India, only fifty are reported and out of that fifty, only one is registered as an FIR or criminal case. So, the ratio effectively is 1:500 and this, he points out, are conservative estimates. Giving an insight into the reasons for low reporting, Nandkumar Sarvade, director, Cyber Security and Compliance at Nasscom, points out that very often, people are not aware whether an incident is a cyber crime; there is also lack of awareness on where to lodge a complaint or whether the police will be able to understand. “Added to this is the fear of losing business and hence, many cases don’t come to light,” he adds.

CHANGING FACE OF CRIME

The last year has seen a quantum jump not only in the quantity and quality but also the very nature of cyber crime activities. According to Naavi, a perceptible trend being observed is that cyber crimes are moving from ‘Personal Victimization’ to ‘Economic Offences’. SD Mishra, ACP, IPR and Cyber Cell, Economic Offences Wing, Delhi Police concurs that the cases that are now coming up are more related to financial frauds. As opposed to obscenity, pornography, malicious emails that were more prevalent in the past, now credit card frauds, phishing attacks, online share trading, etc. are becoming more widespread. As Seth points out, initially, when the Internet boom began, certain crimes were noticeable and cyber stalking was one of the first ones. “However, with the little offences came the larger ones involving huge money and one has seen this sudden jump from smaller crimes to financial crimes in the last one year,” she adds.

CNN-IBN

ANTI-SOCIAL NETWORKING Panelists on Face the Nation discuss how safe social networking websites are.

The murder of 16-year-old Adnan Patrawala, who was allegedly abducted and later killed by his friends, has brought to the fore the potential dangers of the Internet.

Adnan was reportedly lured into meeting someone he established contact with on the social networking site Orkut. The boy then disappeared only to be found subsequently strangulated to death.

The blogosphere is alive with debates around the destructive potential of sites like Orkut with one website even alleging that Orkut brought death for Adnan.

As police grapple with clues and scan suspicious profiles on the social networking site, CNN-IBN debates if social networking websites can be destructive.

On Face the Nation conducted by Sagarika Ghose, the panel of experts discussing the issue were blogger and Editor of JAM magazine Rashmi Bansal, psychiatrist Dr Anjali Chabria and cyber law expert Karnika Seth.

The web of crime

According to statistics available with the Delhi Police, a total of 17 cases related to hacking, obscenity, e-commerce fraud and Internet-related crimes were registered last year. This was against 12 cases registered in 2005, indicating a 42 per cent rise.

With a raging debate online and offline regarding social networking sites, the question which is on everybody’s minds is should sites like Orkut be banned and if not then how can such kinds of cyber crimes be curbed?

To which Bansal said, “It’s a terrible tragedy and we feel for them but what we are discussing here is a larger social issue. Orkut is just one aspect of the Internet. It’s easy to blame technology but what we are seeing on the net is what is happening in the real world.”

Bansal explained that the access to easy money and freedom has led to a spurt in such crimes amongst the youngsters.

“What’s happening is that there are a lot of children nowadays who have a lot of money and freedom. Now this is a potent combination. So, whether or not Orkut existed tragedies like this could happen because there are a lot of people who don’t have access to this kind of money but want the lifestyle. There is bound to be friction when two different sets of people meet,” she reasoned.

So, it’s not technology that should be blamed but the social milieu.

Now one of the beauties or flaws of the Internet is that it is lawless. One can write whatever one wants and yet not be prosecuted for it. Anonymous identities can be made and one could also attack people viciously. But is that changing, is the Internet being policed a little more now?

Agreeing Seth said, “Yes, because we do need censorship of the Internet to a certain extent. It is a borderless space no doubt but needs to be regulated. Reasonable restrictions can be placed by the government or legal authorities.”

Explaining how this can be achieved, Seth said, “We do have the IT Act in place in India which is fully functional and operative. The case that we are referring to is a crime of kidnapping and murder. So these crimes are punishable.”

IT’s not all safe on the net

As Bansal said there is a social malaise but is technology creating a fantasy world where common sense is being lost and people are living in a kind of fantasia where the grip on reality is being lost?

Agreeing Chabria said, “Nowadays a lot of kids may use Orkut just for entertainment but what happens many a times is that children only use this form of communication and so their loneliness in this kind of life increases. Now what happens is that this is an unsupervised form of communication. So, the more they get into that world they seem to be withdrawing from the real world. A world where one can say anything and yet not be liable to prosecution can create a lot of complications. And it is happening and we can see that.”

Adnan left his house late on Saturday night to meet a girl called Angel D making no effort to actually find out whether she was a real person or not. Taking this case into consideration, do teenagers need counselling before they the approach the Internet?

Taking a practical approach to the issue Bansal said, “I think it’s just unfortunate and a case of bad luck. Most of the young people who use the net know that a person who is listed as a girl maybe a boy. People do use multiple profiles and identities on the net. So, it’s something that everyone is aware of and maybe the young man thought that he could deal with it.”

Bansal believed that “this whole thing of trying to supervise young people nowadays is very difficult because they have a mind of their own and they do manipulate their parents in such a way that it’s difficult to police them. You have to give them freedom and hope that they use it responsibly.”

Taking a cue from Bansal, Seth said that with such instances happening there is some sort of awareness in the youngsters.

“What is required for them to know is that they should be on guard. One needs to be serious while interacting with strangers. Secondly, there should be a conscious effort on the part of youngsters on what they are doing on the net.”

The dark side of Internet

There are two major worrying factors on the Internet. One is falsification of identity and the other is defamation or hate speak – the web is full of varied kinds of ideologies like Nazism which is being propagated or different kinds of hate propaganda. So, is falsification of identity and hate speech punishable?

“Yes, they are. When you talk of impersonation or when one is committing a crime with a mental intention to actually commit a crime then it is a crime under the Indian Penal Code. Also, the intention to defame somebody is also prosecutable. As regards hate speeches, one does not have the freedom to say whatever they wish to. It has to be policed to a certain extent. Freedom of speech is not infinite or undefined. Even in the offline world hate speeches are actionable. So, the same things are applicable on the Internet. People are failing to realise this but with more such instances coming to light these issues will have to be covered,” Seth explained.

She also said rules need to be applied to the Internet. It is a free world but it does need to abide by certain rules.

However, Bansal believed that the Internet is a responsible medium.

“We are looking at a specific case. There are over two million Indians who have registered on Orkut and only few odd cases have come up. So, it doesn’t mean that the entire medium is destructive. On the Internet destructive behaviour tends to be self-destructive like if you are a raving lunatic then people don’t want to listen to what you have to say. In general people are responsible and keep away from the extremism that is being discussed,” she added.

According to her even in this specific case if the boy was lured through Orkut then “they will be tracked down in no time and it will be far easier to track the case. I think technology has a lot of positive sides to it.”

So, is the Internet a vent for the criminal side of young people? Is it some sort of a safety valve where one unleashes his dark or criminal side and then becomes a normal human being in real life?

Concluding the discussion Chabria said, “In the real world there are a lot of things that one cannot do. But abusing people like teachers and creating a hate gang on the net is easy. So, definitely there is a side which comes out. What is dangerous is when people are leading parallel lives on the net and the real world. The warning sign is when your child starts coming into his own inner world and stops interacting with the outer world. When he spends more time with the computer than his real friends then that is the time to worry.”

Money Plus

Play Safe with Plastic Money

CNN-IBN | Jun 12, 2007

New Delhi: Ghaziabad resident Naresh Verma wasn’t worried when he had to rush to the hospital for an emergency even though he was short on fuel and cash. Thanks to his credit card.

Verma doesn’t hesitate in paying his bills by his card, but the exercise is a strict no-no for another card user.

“One should never give the card at such petrol pump stations because you don’t know how many times they will swipe it,” says another card user, Ashwini Chaudhury.

Ashwini himself however doesn’t think twice before paying his food bill through a credit card.

“As far as these restaurants are concerned, it’s safe,” he says.

Thousands of people across the world are relying on plastic money to pay their bills. Statistics show that that 60 per cent of card-related frauds happen in the airline sector, where to book an e-ticket you are not only asked for your 16 digit credit card number but also the three digit CVC code – a give away of your financial stake.

“Sometimes airlines insist on your credit card code. You never know if it will be used responsibly by the call center executive,” says Cyber Law expert, Karnika Seth.

Here are some safeguards for safer transactions -

• Beware of phishing – don’t respond to mails that ask for your password.
• Use secure websites, look for a’s’ after the ‘http’ in the web page address.
• Never send payment information through email.
• Ensure that your card is swiped in your presence.
• Do not reveal your CVC code to anyone.
• Monitor your statement every week.

But if you are duped lodge despite following all those rules, you can lodge an FIR at the earliest because a credit card fraud is treated as cheating for which the offender can spend seven years in jail

Prevent online frauds

25 Sep 2008, 0000 hrs IST, Preeti Kulkarni, ET Bureau

MUMBAI: The recent spate of incidents pointing to misuse of Internet by terrorists has exposed users’ vulnerability to frauds like hacking and identity thefts, underlining the need for constant vigilance. Apart from routine emailing and surfing, an increasing number of users in urban India are turning to the Internet for settling their utility bills and transferring funds, which means that even a minor lapse could result in their funds being siphoned off.

You needn’t be an IT wizard to circumvent such frauds – just using your common sense would suffice. “Most online frauds have their genesis in the offline world. How responsibly you handle your online payment tools has an impact on security,” points out MN Srinivasu, director, BillDesk.

For instance, basic measures like making sure that you log out of your net banking account once your transaction is done – particularly if you are accessing it from a computer at a public place – will leave little scope for unauthorised access to your personal information. In addition, you can adopt the following measures to eliminate chances of misuse.

Use Secure Portals

If you do not take care to ensure that the site you are visiting for making an online payment is technically secure, your passwords and credit card details can be compromised and a duplicate credit card bearing the same data as yours can be generated. A typing error while entering the website address may lead you to a fraudulent website specifically created to capitalise on such errors – which is why you need to make sure the website address is correct before you initiate a transaction.

“While making payments online, using secure portals with a trust e-seal and tested payment gateways such as Paypal and CCavenue can keep tricksters at bay,” suggests Karnika Seth, partner at law firm Seth Associates.
Exercise Caution

“While making purchases online, you need to ensure that you are doing business with a reputable Internet merchant, and study the website’s privacy policy carefully. A reputable website often has a clearly stated privacy policy at an accessible place. Your computer browser can tell you if the place where you are about to send the information is secure. If you cannot determine this, do not put your payment card information over the Internet,” advises Barry Wong, senior business leader and regional head, security and risk services, Asia/Pacific, MasterCard Worldwide.

You would also do well to seek all information about the offer, including contact details of the Internet merchant.
Keeping a record of your online shopping, by taking a printout of the transaction details, is important. Also, while using the net banking facility, if the online shopping portal prompts you for username and password, steer clear of it. You should trust only those portals that redirect you to your bank’s website for such purposes.

Watch Out For Phishing

Never respond to �phishing’ emails asking for your personal information and passwords. You need to remember that no bank or financial institution will ask for such sensitive information over email. Installing an anti-virus software application would also go a long way in keeping your computer and, thereby, all your private information secure.

Know Your Rights
If you ignore the fineprint of your bank and credit card documents, it deprives you of the knowledge of your rights. “For example, if you see a transaction on your credit card statement which you haven’t executed, you have the right to raise the issue with the bank,” says Mr Srinivasu. For this purpose, you need to constantly monitor your statements. With the advent of bank and card statements, many tend to neglect going through the documents, unlike earlier, when the good-old habit of updating the pass book kept them abreast of their account details.
Legal Recourse
Finally, if you believe that your account has been misused, you have the option of seeking legal help. The law provides for civil as well as criminal remedies if your bank account /credit card/ debit card has been misused.
“An FIR should be filed immediately for theft (section 378 IPC), fraud and cheating (Section 415 IPC) and criminal breach of trust (Section 405 IPC, if the crime is committed by a person known to the victim).

Usually these offences attract a punishment of approximately three years or fine or both. In case the bank is involved in this conspiracy, a consumer action can also be initiated for unfair trade practice and deficiency in services where compensation can also be awarded, apart from criminal remedies,” informs Ms Seth.

Moreover, the Information Technology Act, 2000 has laid down provisions for punishing those indulging in hacking or gaining unauthorised access to others’ computers

Sify.com (Mumbai Live)

Gurgaon: Twenty-four-year-old Sandeep Mohanty (name changed) is an executive with Keane Worldzen, a multinational Business Process Outsourcing (BPO), based in Gurgaon. He is required to realise debt amounts from customers based in the US and the UK. In an eight-hour shift in one night he speaks to more than two hundred customers, and, if lucky, collects more than $10,000 for his company.

Mohanty is well versed in the debt collection rules and regulations of the US and the UK. He is familiar with the different Acts and provisions that could land an offender in jail. During interaction with his customers, he repeatedly enquires about their confidential information, like credit-card details, bank accounts, passport number, driving licence particulars, and social security number.

Except for his wallet, he is not allowed to take personal belongings to the work floor; he keeps them in lockers provided by the organisation. However, he still manages to sneak out confidential information, gathered during his conversations with foreign-based customers. “The security is tight but not up to the mark, and information can be leaked out easily. I have details of hundreds of credit cards stored in my email account and I can use them for petty shopping sometime in the future. I can use them to surf paid websites and can even sell the list to someone in the US,” reveals Mohanty.

He considers purchasing anything online risky because he could get caught due to his location. Hence he prefers to use the cards on the Internet for pornography and other online-payment sites. “I am not the only one doing this,” defends Mohanty.

In the recent past, India has witnessed scores of incidents of data theft and Intellectual Property Rights (IPR) violations, which have made foreign investors re-think their plans of investing in India. These incidents have made headlines all across the globe and especially in the UK and the US where there is already a strong backlash on the issue of outsourcing to India.

Customers abroad seem to be dissatisfied with the adequacy of data protection and privacy laws in India. During his visit to the UK, Prime Minister Manmohan Singh had to reassure investors that India would take into cognisance their concerns about data theft and IPR laws.

Subsequently, the government has proactively responded to these concerns by proposing amendments to the IT Act of 2000, which will be tabled in the next session of the Parliament. Although the Act has been subjected to various amendments since its inception, loopholes remain and surface every now and then.

Acme Tele Power Private Limited, a Manesar-based IT company, has decided to shift its $10 million R&D facility to Australia because of a recent incident of data theft that caused it a loss of Rs 750 crore. Kapil Kathpaliya, CEO, Acme, narrating the incident to Hardnews, said, “We developed a product called Power Interface Unit (PIU) and had it patented by the government of India. The patent was valued at Rs 750 crore by Ernst and Young. One of our employees, Sachidanand Patnaik, worked on the project and leaked the patented software of PIU to Lambda Eastern Telecom Limited.”

According to him, Patnaik got a huge increase in his salary after he left Acme and joined Lambda, where he has been working for the past five months. “The product Lambda is selling-BTS Shelter-was made only after Patnaik shifted to Lambda. And this cannot be prepared in such a short period without proper R&D,” said Kathpaliya.

“The role of the police amazes me. When they went to Lambda to check if Patnaik had leaked information to his present employer, they took only Patnaik’s computer and didn’t check the rest,” said a frustrated Kathpaliya. He blamed the Gurgaon police for giving a clean chit to Lambda and its Managing Director Sunder Goyal and Director Gunjan Arora, who, he alleges, were the masterminds behind the data theft.

The cyber crime wing of Gurgaon police had proof that the data had been transferred to Patnaik’s email ID, but could not establish if it had been transferred to any other host. Patnaik was arrested and then let out on bail. Both Goyal and Arora were unreachable when Hardnews tried to contact them.

This was a perfect example of IPR violation and data theft, but due to lack of tighter provisions and stiffer penalties in the IT Act, the offenders were freed without much interrogation and investigation. The IT Act, 2000, is not complete and doesn’t even define the term �cyber crime’. In fact, the Act lists such thefts under Chapter XI, entitled �Offences’, in which various crimes are described as penal offences punishable with imprisonment or fine.

“The IT Act still has lot of scope for amendments, to be at par with developed countries’ data security practices. There is weak enforcement of IPR in India. In this age of globalization it is a business imperative to conform to the IPR regime. We are the IT superpower in the world, but our laws don’t reflect that. We are still in a nascent stage of creating laws, but these laws are not in tandem with rising economic growth. We need a devoted legislation on cyber crime that can complement the Indian Penal Code,” stressed Karnika Seth, cyber lawyer, practicing at the Supreme Court.

There is also a need for IT-savvy lawyers and judges, as well as skill- training for government agencies and professionals in computer forensics. There are few attorneys, judges and police officers well-versed with the IT Act.

“I don’t think the police know much about data theft and IPR violations. They don’t value IPR and are not trained to handle such cases,” complains Kathpaliya. Gurgaon, the IT hub of North India, has only two cops in its cyber cell. The police personnel need to be skilled in understanding and fighting this kind of crime, which involves data theft and IPR violation.

However, Kiran Karnik, NASSCOM president, says, “There is no room for complacency. In India, we are determined to keep all procedures under review in order to stay ahead of criminals. Security is and will remain our Number One priority.” He added that NASSCOM is providing training to police personnel and opening cyber labs across the country to handle cyber crimes, data theft and IPR violations. It has initiated a national registry of employees in the IT industry, conducts �Cyber Safety Weeks’ for consumer awareness, is establishing a self-regulatory organisation to ensure highest standards across the industry, while working closely with the government to evolve amendments to India’s already tight laws. NASSCOM wants to ensure a globally best cyber environment in India.

“Strict precedents have to be set. We must make sure that the data-theft criminal is taken to court and is penalised strictly so that potential thieves do not resort to data theft,” says Sam Chopra, President of the Call Centre Association of India.

Cynics still argue that it is a long haul before cyber crime can be effectively countered. Till then, all confidential information could become public property. So, watch out…

Prevent online frauds

25 Sep 2008, 0000 hrs IST, Preeti Kulkarni, ET Bureau

MUMBAI: The recent spate of incidents pointing to misuse of Internet by terrorists has exposed users’ vulnerability to frauds like hacking and identity thefts, underlining the need for constant vigilance. Apart from routine emailing and surfing, an increasing number of users in urban India are turning to the Internet for settling their utility bills and transferring funds, which means that even a minor lapse could result in their funds being siphoned off.

You needn’t be an IT wizard to circumvent such frauds – just using your common sense would suffice. “Most online frauds have their genesis in the offline world. How responsibly you handle your online payment tools has an impact on security,” points out MN Srinivasu, director, BillDesk.

For instance, basic measures like making sure that you log out of your net banking account once your transaction is done – particularly if you are accessing it from a computer at a public place – will leave little scope for unauthorised access to your personal information. In addition, you can adopt the following measures to eliminate chances of misuse.

Use Secure Portals

If you do not take care to ensure that the site you are visiting for making an online payment is technically secure, your passwords and credit card details can be compromised and a duplicate credit card bearing the same data as yours can be generated. A typing error while entering the website address may lead you to a fraudulent website specifically created to capitalise on such errors – which is why you need to make sure the website address is correct before you initiate a transaction.

“While making payments online, using secure portals with a trust e-seal and tested payment gateways such as Paypal and CCavenue can keep tricksters at bay,” suggests Karnika Seth, partner at law firm Seth Associates.
Exercise Caution

“While making purchases online, you need to ensure that you are doing business with a reputable Internet merchant, and study the website’s privacy policy carefully. A reputable website often has a clearly stated privacy policy at an accessible place. Your computer browser can tell you if the place where you are about to send the information is secure. If you cannot determine this, do not put your payment card information over the Internet,” advises Barry Wong, senior business leader and regional head, security and risk services, Asia/Pacific, MasterCard Worldwide.

You would also do well to seek all information about the offer, including contact details of the Internet merchant.
Keeping a record of your online shopping, by taking a printout of the transaction details, is important. Also, while using the net banking facility, if the online shopping portal prompts you for username and password, steer clear of it. You should trust only those portals that redirect you to your bank’s website for such purposes.

Watch Out For Phishing

Never respond to �phishing’ emails asking for your personal information and passwords. You need to remember that no bank or financial institution will ask for such sensitive information over email. Installing an anti-virus software application would also go a long way in keeping your computer and, thereby, all your private information secure.

Know Your Rights
If you ignore the fineprint of your bank and credit card documents, it deprives you of the knowledge of your rights. “For example, if you see a transaction on your credit card statement which you haven’t executed, you have the right to raise the issue with the bank,” says Mr Srinivasu. For this purpose, you need to constantly monitor your statements. With the advent of bank and card statements, many tend to neglect going through the documents, unlike earlier, when the good-old habit of updating the pass book kept them abreast of their account details.
Legal Recourse
Finally, if you believe that your account has been misused, you have the option of seeking legal help. The law provides for civil as well as criminal remedies if your bank account /credit card/ debit card has been misused.
“An FIR should be filed immediately for theft (section 378 IPC), fraud and cheating (Section 415 IPC) and criminal breach of trust (Section 405 IPC, if the crime is committed by a person known to the victim).

Usually these offences attract a punishment of approximately three years or fine or both. In case the bank is involved in this conspiracy, a consumer action can also be initiated for unfair trade practice and deficiency in services where compensation can also be awarded, apart from criminal remedies,” informs Ms Seth.

Moreover, the Information Technology Act, 2000 has laid down provisions for punishing those indulging in hacking or gaining unauthorised access to others’ computers