Cyber Law, IPRs, Privacy, Data Protection And E-Discovery Updates 08-02-2012

This work is providing some very crucial updates provided by many blogs in the fields like cyber law, intellectual property rights (IPRs), privacy rights and privacy laws, data protection, data security, Internet intermediary liability, content removals, e-discovery, etc.

The following posts are worth considering in this regard:

(1) Data protection laws in India,

(2) Privacy rights and laws in India,

(3) Civil liberties protection in cyberspace,

(4) Privacy rights, privacy laws and data protection laws in India

(5) Google’s strategy to tackle Indian legal disputes

(5) Google and Facebook to remove offending contents

(7) Google must address trademarks violations complaints

(8) Remedies for small copyright claims in United States

(9) DMCA compliant to Google Incorporation and legal notice to Google India

(10) Google’s Adwords and Adsense trademark policy

(11) Google’s new privacy policy and terms of service (ToR)

(12) India must invent alternative to DMCA complaints to Google and others

(13) Google and Facebook must comply with Indian laws

(14) National telecom security policy of India

(15) National Telecom Network Security Coordination Board (NTNSCB) of India

(16) Are Google, Facebook, etc heading for a trouble?

(17) Modernisation of Postal Department Of India

(18) Internet Intermediary Liability In India

(19) Legal arsenal for Delhi High Court to decide Google and Facebook case

(20) Will Delhi High Court deliver cyber justice to India?

(21) Video conferencing is a trouble technology in India

(22) Is Google deliberately avoiding compliance with Indian laws?

(23) Blogger is making country specific redirections

(24) Cyber litigations against foreign websites in India

(25) Websites blocking in India

(26) Information Technology (Intermediaries Guidelines) Rules, 2011

(27) Google, Facebook, etc must appoint nodal officers in India

(28) E-discovery for social media in India

(29) Data rooms and legal compliances in India

(30) Virtual data rooms and legal compliances in India

(31) Online legal due diligence in India

(32) Virtual legal due diligence in India

We hope you would find these updates useful.

Google Blogspot Platform Is Providing Country Specific Results

As you are aware, Google is planning to use a new privacy policy and terms of service (ToS) on 01-01-2012. Many people have raised valid concerns that this may be adoption of a more intrusive and e-surveillance oriented approach by Google. On the other hand, consolidation of various privacy policies and ToS at a single place has many benefits and advantages as well.

Only time would tell whether the new privacy policy and ToS of Google would be beneficial or counter productive. However, its effects have already been visible. In the past, Google has been giving country specific news and SERPs. To meet this objective Google has been using the internet protocol (IP) address of the user.

This is a serious issue that may have grave privacy violation implications. IP based results are also the requirement for Google to place the most relevant online advertisement based upon users location, behaviour and tastes. This policy of Google deserves to be taken note of by the federal trade commission and department of justice of United States.

However, the most bizarre act of Google is bifurcation of blogspot domain into India specific results and non India specific results. If you are an Indian blogger at blogspot domain, you must have realised that your blog’s address is automatically assigned to ***.blogspot.in instead of the ***.blogspot.com.

The legality of various acts and omissions of Google Incorporation and Google India need to be legally scrutinised. Google is already facing a criminal trail in India for non removal of objectionable contents. Similarly, a DMCA notice to Google Incorporation and legal notice to Google India has also been served. In other cases, it appear that Google is deliberately ignoring and violating Indian laws like copyright law, trademarks law and cyber law of India.

Undoubtedly, Google must comply with Indian laws to escape various civil and criminal liabilities. Similarly, India must also develop alternative mechanisms to DMCA notice that Google and others must follow. This is more so when the cyber litigations against foreign websites would increase in India.

The latest privacy policy and ToS of Google as well as providing Indian and non Indian based blogspot results is not going in the right direction. There is a need to analyse the same and federal trade commission and department of justice of United States and Indian government must legally scrutinise the same. The possibilities of any unfair trade practice by Google must be ruled out before Google’s new privacy policy and ToS are made operational.

Is Google Deliberately Avoiding Compliance Of Indian Laws?

Something terribly wrong is happening at Google India office and functions. Whether it is compliance with Indian intellectual property laws or cyber law or screening of India specific search results, everything seems to be in real mess at Google India’s part.

Recently, posts pertaining to the controversial non allowance of video conference of Salman Rushdie were mysterically removed from India specific SERPs and blog search. They reappeared only after this issue was publically discussed by us. Now SERPs of DMCA complaint with Google are not appearing properly in India.

However, the real problem seems to be that Google India in general and Google Incorporation in particular is not complying with the laws of India and legitimate demands arising out of the same. Even if DMCA procedure is followed, Google Incorporation and Google India are not complying with US and Indian laws respectively.

This situation urgently demands that India must establish an alternative legal regime that does not need to be DMCA compliant. In fact, Perry4Law Techno Legal Base (PTLB) has recommended some measures that can solve this problem of non following of Indian laws by companies like Google, Facebook, Wordpress, etc.

PTLB has suggested the following:

(1) All subsidiary/Joint ventures companies in India, especially those dealing in information technology and online environment, must mandatorily establish a server in India. Otherwise, such companies and their websites should not be allowed to operate in India.

(2) A stringent liability for Indian subsidiaries dealing in information technology and online environment must be established by laws of India.

(3) More stringent online advertisement and e-commerce provisions must be formulated for Indian subsidiary companies and their websites.

These are strong suggestions that can provide the requisite legal arsenal to the Delhi High Court that is currently hearing the case of Google, Facebook, etc. The Delhi High Court would hear Google, Facebook, etc on 02-02-2012 and there is nothing that prevents it from taking a judicial note of these suggestions.

Video Conferencing Is A Troubled Technology In India

Information and communication technology (ICT) is increasingly posing challenges before Indian government. Sometimes, novel situations and challenges are posed before Indian government that they have to resolve. This is the reason why companies like Google and Facebook are fighting legal battles in India.

There is no second opinion that India is anxious to control information technology. Measures like Internet censorship, websites blocking, etc have been devised by India to take control of technology. However, no matter howsoever hard Indian government would try; technological issues would keep on teasing Indian government.

The latest to add to this list is use of video conferencing in India. The recent episode of Rajasthan government and Rajasthan police not allowing the video conferencing of Salman Rushdie affirms this struggle.

We have no dedicated video conferencing laws and regulations in India. Obviously, we have no dedicated video conferencing blocking laws in India as well. In the absence of a clear cut law, Indian government is following procedures that do not justify its stand.

There is an urgent need to formulate sufficient rules or guidelines in this regard so that illegal vide conferencing blocking in India can be curbed.

Ministry Of Home Affairs Would Scrutinise Online Contents

Foreign websites and social media platforms are defending themselves in India under the cyber law of India. In fact, the cyber law due diligence and social media due diligence have emerged as the perspective cyber law trends of India in 2012. Clearly, foreign companies and websites must keep in mind the conflict of laws across the world that they have to adhere to.

Although cyberspace is not a safe place for any person yet children are more vulnerable to the evils of cyber crimes. Protecting children in cyberspace is of utmost importance. Realising this requirement, the home ministry of India would scrutinise social networking sites for the risks they may pose before children. Home ministry plans to monitor social networking sites that host obscene material that induces children to sexually explicit acts or crimes.

In fact, the home ministry has communicated to other states that it is essential to monitor and regulate various websites, including social networking websites, and to train teachers, cyber café owners and parents on deploying parental control software to mitigate spoofing of age, gender and identity.

B Bhamathi, additional secretary at the home ministry has issued a letter to all state police chiefs and chief secretaries and has directed that in appropriate cases, the police should request social networking sites to remove undesirable contents. Bhamathi has also suggested that police officers must act as undercover agents to identify internet criminals and apprehend them to safeguard children’s interests.

According to Praveen Dalal, managing partner of law firm Perry4Law and leading techno legal cyber law expert of Asia, if Websites are “Violating” Laws of India and they have been “Notified” to this effect and still they “do not Remedy the Situation”, then the Safe Harbour Protection under Indian Information Technology Act, 2000 is “Lost” and such Websites/Owners can be Prosecuted in India.

Thus, social networking websites that are duly notified by police officers in India are required to take down contents that are detrimental to children and may pose threat to them. If these social media websites refuse to or fail to do so, they may be prosecuted in India.

This is a reasonable step on the part of home ministry as cases of child pornography, online harassment, cyber stalking and cyber bullying are increasing world over. In fact, recently Interpol helped India to track child porn surfers in Kerala. Clearly the grip of Indian cyber law is tightening upon websites and social media platforms and they cannot afford to ignore cyber law due diligence any more.

Google, Facebook, Microsoft, Yahoo Etc Summoned Before Indian Court

There are certain offences against the State that cannot be tried by any court in India till central/state government grants its permission. Such permission is granted under section 196 of the Code of Criminal Procedure (CrPC), 1973 and once granted certain criminal offense committed against a nation/state can be prosecuted.

Lack of cyber due diligence and weak arguments before the Delhi High court has brought a situation where websites like Google, Facebook, Microsoft, Yahoo, etc would have to face criminal trial in India. The Indian government has sanctioned prosecution of social networking sites like Facebook, Google, Microsoft and Yahoo India over objectionable content on their sites and with this the criminal trial process has begun. Even these websites may be blocked in India if they fail to comply with Indian laws.

Meanwhile, the trial court adjourned the matter till March 13, 2012. The trial court has also directed the external affairs ministry to serve the summons issued to foreign-based social networking sites. With this the excuse of being an Indian subsidiary is also gone and now parent companies would have to face the heat.

Indian government, while granting such permission, said “Government of India, after being satisfied that such content are violative of the provisions of the Information Technology (Intermediaries Guidelines) Rules, 2011, and after due application of judicious minds finds it appropriate to grant sanction under section 196 of CrPC to proceed against the accused persons in the aforesaid complaint in national harmony, integration and national interest”. This was said in a report submitted by the department of information technology to the trial court.

According to Praveen Dalal, managing partner of law firm Perry4Law and leading techno legal expert of India, if Websites are “Violating” Laws of India and they have been “Notified” to this effect and still they “do not Remedy the Situation”, then the Safe Harbour Protection under Indian Information Technology Act, 2000 is “Lost” and such Websites/Owners can be Prosecuted in India.

This entire situation could have been avoided by simply removing the offending contents. I do not know why websites failed to consider such request. Even otherwise when such a media rage was raised over the issue, there was nothing that prevented such websites to remove the offending contents on their own. Now these websites cannot even claim that they had no knowledge of such offending contents.

The best option for these websites seems to be to remove the infringing material and report to the concerned courts. The sooner they do it the better it would be to diffuse this tension and situation.

Can Google And Facebook Be Blocked In India?

Recently we covered an article titled should Wordpress be blocked in India? The article was a result of the increasingly denial of US based and foreign companies to comply with Indian laws like copyright law and cyber law of India. As matters of fact foreign companies are openly violating the intellectual property rights and cyber law of Indians and even if contacted they are not willing to remedy the situation.

Techno legal experts in India have even suggested that US must change its policy towards foreign IP infringements and must stay away from getting involved in controversial laws and actions. However, it seems foreign companies are not listening and experts in India have suggested taking drastic steps like reasonable judicial blocking of such offending websites in India.

According to Praveen Dalal, managing partner of law firm Perry4Law and leading techno legal expert of India, Websites Blocking in India by Judiciary must be Just, Reasonable and Fair. There should not be an “Unreasonable” or “Casual Approach” towards Blocking of Websites in India by Indian Courts. If Websites are “Violating” Laws of India and they have been “Notified” to this effect and still they “do not Remedy the Situation”, then the Safe Harbour Protection under Indian Information Technology Act, 2000 is “Lost” and such Websites/Owners can be Prosecuted in India, informs Praveen Dalal.

This explains the prosecution part of such websites. However, what happens if the prosecuted websites fail to comply with court’s directions? Such Websites can be “Legally Blocked” in India if they fail to “Comply” with Court’s Directions or Directions of Indian Government Agencies like Computer Emergency Response Team, India (CERT-IN) that are duly ordered in this regard by a Designated Officer, informs Praveen Dalal.

The way foreign websites are refusing to comply with Indian laws, blocking of such websites in India is going to increase. In fact, US has proposed laws like Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act of 2011 (PIPA) and the "Stop Online Piracy Act (SOPA) that are primarily targeted toward foreign websites blocking, including those of India. India must also enact such law that can block foreign websites if they do not comply with Indian laws.

While pre screening of contents is not possible yet there is nothing that prevents foreign companies from removing objectionable contents. In fact, they are legally bound to remove such offending contents once they become aware of such contents. Cyber due diligence for India companies and foreign websites is now well established and websites owners cannot deny the same.

In fact, the Delhi High Court has today reiterated this position that websites of social networking site Facebook India and search engine Google India can be "blocked" like in China if they fail to devise a mechanism to check and remove objectionable material from their web pages.

The court proceedings against Google and Facebook would continue before the magistrate's court and it would decide the fate of these two companies as per Indian laws. The arguments put forward on behalf of Google and Facebook seem to be weak and they must come up with something really brilliant to show that they are compliant with Indian laws.

Cyber Crimes And Role of Media In India

Cyber crimes in India are increasing rapidly. With the proliferation of social media websites in India, cyber crimes have not spared even such social media websites. A lot of cyber crimes, cyber contraventions, intellectual property rights (IPRs) violations, etc are committed due to lack of awareness about cyber law of India.

Further, there are very low cyber crimes convictions in India. This is because the cyber crime investigations in India are not proper due to lack of cyber law and cyber forensics knowledge. There is an urgent need to ensure cyber skills development in India so that cyber crimes can be prosecuted successfully.

Even judiciary needs to reform its practices and working style. Presently civil and criminal cases take decades to resolve and this frustrate the cause of justice. Technological innovations like e-courts, online dispute resolution (ODR), digital evidencing, e-discovery, cyber forensics, etc are still missing from Indian courts. These technological innovations can greatly reduce the time taken by Indian courts to decide cases.

Similarly the role of media in expediting the trials in courts is also well known. Media highlights the societal issues and this force the courts to speed up the matter. While media trial must be avoided yet public awareness must be spread by media so that cases can be debated among Indian masses. Cyber crime cases generally do not attract media attention.

Social media websites are popular places for building new relationships and contacts. However, social media websites are also becoming a place for cyber criminals to indulge in various cyber crimes.

We have no dedicated social media laws in India although guidelines for social media contents monitoring in India may be prescribed. Although we have a cyber law in India in the form of information technology act 2000 (IT Act 2000) yet we have no dedicated social networking laws in India. The cyber law for social media in India needs to be strengthened further keeping in mind a balance between civil liberties and law enforcement requirements.

E-Banking In India Is Not Safe

Electronic banking (e-banking) in India is seen as a viable and alternative mechanism to do traditional banking business. Even banking customers are happy to use the same for reasons of efficiency and time saving. However, there are many e-banking security related issues that are not paid attention to by Indian banks.

Cyber security of banking transactions in India is an important aspect that must be of paramount importance to all banks and financial institutions operating in India and elsewhere. Even Reserve Bank of India (RBI) has recommended ensuring strong cyber security for banking and financial institutions in India. RBI has even made the appointment of chief information officers (CIOs) mandatory for all banks operating in India. However, till now there is no sign of compliance with this requirement of RBI and online banking system of India is not cyber secure.

E-banking risks in India are increasing and cyber security of e-banking in India must be strengthened by various banks. In fact, e-banking cyber security in India needs to be strengthened so that customers’ confidence can improve. ATM frauds in India are increasing and so are e-banking related and credit cards frauds. RBI’s ombudsmen office is already flooded with ATM related complaints. Other banking financial frauds in India are also widespread.

Recently, Indian electronic delivery of services bill 2011 has been proposed by Indian government. The moment it becomes an applicable law, government departments and public authorities would be required to deliver public services in an electronic form. This makes using a strong cyber security essential for banks and financial institutions operating in India.

Similarly, the cyber law of India mandates cyber due diligence for Indian companies and other stakeholders. Banks of India are also required to ensure cyber law due diligence in India to escape financial, civil and criminal liabilities. Cyber security due diligence for banks in India must be taken very seriously by banks and financial institutions in India. Banks must ensure good chief information officers (CIOs) training for their staffs so that they can meet the cyber security requirements effectively.

For long banks have ignored cyber law due diligence and cyber security requirements and this has made e-banking transactions unsafe in India. E-banking in India is not safe and both Indian government and RBI must immediately step in to remedy this situation.

India Is Anxious To Control Information Technology

This is the updated version of my previous article titled India is desperate to control technology. It has been censored by Google through manual action penalty so it requires reposting for the larger interests of viewers and netizens.

This post has also been censored by Digital Journal where it was originally posted through the infamous trump card of spam communication used by Internet intermediaries and online community.

Of late, spam communications has been used as a façade to violate speech and expression right. It is high time to ensure civil liberties protection in cyberspace as merely saying that Internet access is a human right by United Nations is not going to serve any purpose. If posts are censored by Google after posting, freedom of speech and expression is definitely violated and so are human rights in cyberspace.

Adoption of information and communication technology (ICT) by Indian government seems to be a herculean task. Naturally, if India cannot understand the technology, it would prefer to block the same as whatever we do not understand we fear of the same.

This holds true for India. Instead of befriending technology, Indian government is considering the same its enemy. From Internet censorship to e-surveillance, Indian government has not left any stone unturned.

India has been struggling to deal with technological issues for long. Unable to deal with the same in a constitutional manner, India adopted measures that are detrimental for the growth of the same. These measures can only increase e-corruption and they are detrimental to the interest of India in the long run.

The worst affected area seems to be the cyber law of India incorporated in the information technology act 2000 (IT Act 2000). Cyber law for social media in India is draconian in nature that forces social media websites and Internet intermediaries in India to follow Indian government’s directions.

Recently, Internet intermediaries in India were asked to pre screen contents of users. Companies like Google opposed such move of Indian government. However, this does not stopped Internet censorship in India, e-surveillance in India, etc. Further, even incidences of manual action and censorship and blocking of accounts were witnessed regarding companies like Google and Facebook. In an interesting development Yahoo took Indian government to court over e-surveillance.

It seems human rights in cyberspace need to be strengthened and protected. United Nations needs to step in to prevent encroachment upon civil liberties in cyberspace. Protection of human rights in Indian cyberspace also needs to be taken seriously by Indian government. European Council has already expressed its concerns for cyber attacks and political pressures upon cyber dissidents. It is working in the direction of protecting privacy rights and free speech in cyberspace.

The recent cyber law trends in India and cyber security trends in India are pointing towards reformation of Indian cyber law. Further, even a constitutional phone tapping law in India is urgently required. The year 2011 was a bad year for legislative reforms in India and I hope the year 2012 would not be same.

India Is Desperate To Control Technology

Adoption of information and communication technology (ICT) by Indian government seems to be a herculean task. Naturally, if India cannot understand the technology, it would prefer to block the same as whatever we do not understand we fear of the same.

This holds true for India. Instead of befriending technology, Indian government is considering the same its enemy. From Internet censorship to e-surveillance, Indian government has not left any stone unturned.

India has been struggling to deal with technological issues for long. Unable to deal with the same in a constitutional manner, India adopted measures that are detrimental for the growth of the same. These measures can only increase e-corruption and they are detrimental to the interest of India in the long run.

The worst affected area seems to be the cyber law of India incorporated in the information technology act 2000 (IT Act 2000). Cyber law for social media in India is draconian in nature that forces social media websites and Internet intermediaries in India to follow Indian government’s directions.

Recently, Internet intermediaries in India were asked to pre screen contents of users. Companies like Google opposed such move of Indian government. However, this does not stopped Internet censorship in India, e-surveillance in India, etc. Further, even incidences of manual action and censorship and blocking of accounts were witnessed regarding companies like Google and Facebook. In an interesting development Yahoo took Indian government to court over e-surveillance.

It seems human rights in cyberspace need to be strengthened and protected. United Nations needs to step in to prevent encroachment upon civil liberties in cyberspace. Protection of human rights in Indian cyberspace also needs to be taken seriously by Indian government. European Council has already expressed its concerns for cyber attacks and political pressures upon cyber dissidents. It is working in the direction of protecting privacy rights and free speech in cyberspace.

The recent cyber law trends in India and cyber security trends in India are pointing towards reformation of Indian cyber law. Further, even a constitutional phone tapping law in India is urgently required. The year 2011 was a bad year for legislative reforms in India and I hope the year 2012 would not be same.

Cyber Law, Cyber Security And Educational Updates 31-12-2011

This post covers some recent updates regarding cyber law, cyber security, ethical hacking education and skills development in India, censorships by Google and Facebook, cyber security of ICICI bank’s products like Internet banking and credit cards, cyber due diligence in India, malware and virus attacks, etc.

(1) Virus Attack On ICICI Bank Transactions: A Cyber Security Lapse

2) After Google It Is Facebook’s Turn To Adopt Censorship

(3) Manual Action Penalty And Censorship By Google

(4) Are ICICI Credit Cards In India Insecure?

(5) Is Facebook The Most Appalling Spying Machine?

(6) Why Google Censored Cyber Laws In India Blog?

(7) Who Is Manipulating Blogspot Blogs: Google Or Malicious Competitors?

(8) Social Media Due Diligence In India

(9) Indian Electronic Delivery of Services Bill (EDS) 2011

(10) Cyber Laws In India

(11) Cyber Due Diligence For Indian Companies

(12) Corporate IT Frauds And Cyber Crimes Investigation In India

(13) Financial Frauds And IT Crimes In Indian Companies Is Increasing

(14) Ethical Hacking Training And Courses In India

(15) Digital Preservation In India Needed

(16) Ethical Hacking Training Providers In India

(17) Ethical Hacking Training Institutes In India

(18) Chief Information Officers (CIOs) Training In India

(19) Chief Information Officers (CIOs) Made Mandatory For All Banks In India (Old Update)

(20) Indian Judiciary, Cyber Law and Websites Blocking

(21) Techno Legal E-Learning Courses In India

(22) Electronic Discovery And Litigation Support Services In India

(23) Ignorant Judicial Blocking Of Website In India

(24) Legal Issues Of Entertainment And Media Industry In India

(25) Aadhar Project Of India Is Unconstitutional Says Praveen Dalal

(26) The power of social networks

(27) WiFi Protected Setup vulnerable to Reaver tool attack

(28) Stuxnet, Duqu and the sons of the “Tilded” platform

(29) GSM mobile … the insecure network

I hope readers would find this useful.

Is Facebook The Most Appalling Spying Machine?

I am no big fan of conspiracy theories but I am a big fan of civil liberties protection in cyberspace. I also believe that when rights are outlawed only outlawed would have rights. If you add e-surveillance to this situation, the plight of civil liberties in cyberspace is well understood.

If a company engages in online profiling and data mining, something is grossly wrong with its policies and intentions. Further, the unilateral websites censorships by sites like Google and accounts censorship by sites like Facebook further adds woes to this situation.

WikiLeaks founder Julian Assange has labelled Facebook as “the most appalling spying machine that has ever been invented” although Facebook denied the same. Now Richard Stallman has declared Facebook and Google+ are mistreating their users. Furthermore, he points out Facebook performs massive surveillance with its tracking cookies.

Over the last few months, Facebook was accused multiple times of using cookies to track users even after they log out of the service, though it has since fixed the issues and explained how its system worked. Facebook has also been sued in multiple states for tracking its users even after they logged out of the service. All the lawsuits allege the company violated federal wiretap laws.

Recently 10 consumer and privacy groups have asked the Federal Trade Commission (FTC) to investigate Facebook. This is the second request to the FTC for a probe of the social network this week. Even Edward Markey, a Massachusetts Democrat, and Joe Barton, a Texas Republican, have asked the Federal Trade Commission (FTC) to investigate how Facebook’s cookies behave. However, Facebook has denied its recently-granted patent is used for tracking logged-out users. The company says it just describes the Facebook Platform.

A security researcher claims that Facebook alters its tracking cookies the moment you log out, instead of deleting them. Since your uniquely identifying account information is still present in these cookies, Facebook can continue to track you. This means that if you log out of Facebook, you’re not really doing much. If you then head to a website that contains a Facebook plugin, your browser will continue to send personally identifiable information back to Facebook.

Now Facebook is planning to gradually roll out sponsored stories in news feed, beginning next year. From January 2012, sponsored stories or advertisements, which now appear on the right side of the page, will be part of the news feeds of the users - along with other normal updates and posts. Every time a Facebook user clicks on the 'like' button for certain brands or pages, the ad would display the user's name, picture and a line, saying he/she likes the advertiser.

It seems Facebook is well committed to engage in e-surveillance and privacy violations of its users. Further Google, Microsoft, Yahoo, Adobe and many other companies also exhaustively track users’ online activities.

It is for the users to adopt privacy protection mechanisms to defeat such attempts of Facebook. Some good options include using plugins like Do Not Track Plus, Ghostery, Adblock Plus, etc. These plugins allow you to have a good control over your browser that sends referrer data through which these companies are misusing users’ data and information.

Do not trust these companies alone for your privacy protection and you must also take some pro active steps to enforce your privacy.

Are ICICI Credit Cards In India Insecure?

Recently news about virus attack upon ICICI bank transactions was reported. While it is premature to consider this fact true or false yet truth and authenticity of the claims of either the security professional or the ICICI bank must be established through an official channel.

Now another person has raised hypothetical doubts about the security of ICICI Credit Card in India. The author has tried to explain the hypothetical weakness in ICICI Credit Cards, as issued in India. On plain reading of the fact, the doubts also seem to be very genuine and reasonable.

This may be a single case or this may be the regular practice adopted by ICICI bank. But at this stage it is too early to comment upon that aspect. Let us analyse the facts provided by the author of the website. He writes:

“When a card is blocked and new card is reissued by ICICI Bank, the first 14 digits of the new card are the same as the old card. The 2 changing digits are also in a series. I did it twice on the same card i.e. block a card and request for a reissue. So the three card numbers were having same first 14 digits and the following last two digits.

(1) xxxx xxxx xxxx xx08
(2) xxxx xxxx xxxx xx16
(3) xxxx xxxx xxxx xx24

So say if your card details was leaked online and you request ICICI to block the old card and get a new one, then all the attacker has to do is wait for a month for a hypothetical new card to reach and then use all other details (except for the CVV of course, but cvv is just a 3 digit attack vector) and guess the last two digits. The last two digits also following a series. According to my totally unlearned eyes, this is a weakness. What do you say?”

He further explains in the comment “Once you have a card number + personal details from previous attack, expiry date is the lamest to crack. Cards are issued for years and not months, so it will mostly be the same month as when the card was issued, i.e. the same month as the card was blocked. Year part will be a company policy right? i.e. from the year of issue + x years types. CVV is just a 3 digit numerical hack. If you have all other info, cracking CVV should not be a challenge”.

Can somebody shed light upon this hypothetical doubt?

Manual Action Penalty And Censorship By Google

For long Google denied the concept of manual action penalty against websites. Google maintained that websites are only algorithmically demoted if they are found violating the guidelines and quality standards of Google. However, this assertion of Google cannot be trusted if we analyse the numerous cases of websites delisting and demotion that is frequently conducted by Google.

The real question that must be analysed here is there a system to uncover what a rogue employee of Google is doing under the garb of manual action penalty? Clearly either Google or malicious competitors are manipulating websites and blogs.

Even Matt Cutts has publicly acknowledged that Google uses whitelists as well as manual actions penalties to demote and delist websites and blogs. This contradicted the earlier stand of Google and this acknowledgement is a direct result of the antitrust investigations from the EU, the Texas attorney general, and possibly the US Federal Trade Commission.

Matt has provides examples of cases where a manual action penalty can be imposed by Google. It includes cases where Google receives reports of spam, off-topic porn, things like that, etc. This list is not only vague but is also a potential source of imposing censorship and websites filtering by Google without following the due process of law. Surprisingly, after Google even Facebook used censorship to block my Facebook account without citing any reasons.

There is no doubt that whenever companies like Google or Facebook have to adopt measures that are neither strictly legal nor in conformity with their own policies, they always invoke the trump card of “spam communications”. Of course, spam is a violation of terms of services (TOS) of any company, including Google and Facebook, but a resource must actually be spam to invoke such penalty. Both manual action penalty and algorithm demotions methods of Google are prone to misuses and they may actually be misused in many cases by Google employees.

There is no second opinion about the fact that manual interventions are an important part of any search engine. The problem is that for so many years, Google has largely avoided acknowledging that these interventions exist, and it has said almost nothing about how they work. So the question why has Google censored cyber laws in India blog would remain unanswered by Google.

After Google It Is Facebook’s Turn To Adopt Censorship

It seems the guys at Google and Facebook have nothing better to do than messing up with accounts of their users. While Google demoted my block after its initial censorship, Facebook has altogether blocked me from my account.

Surprisingly whenever companies like Google or Facebook have to adopt measures that are neither strictly legal nor in conformity with their own policies, they always invoke the trump card of “spam communications”. Of course, spam is a violation of terms of services (TOS) of any company, including Google and Facebook, but a resource must actually be spam to invoke such penalty.

We have been experiencing censorship by various online platforms from time to time. This may be due to the critical and bold analysis that we make from time to time. Critical analysis is definitely protected under Indian and US constitution as freedom of speech and expression. If a post or resource is well within the limits of constitutional right to speech, it cannot and should not be curtailed.

It seems commercial interests and draconian laws are forcing companies like Google and Facebook to censor users’ accounts, posts and messages. Clearly this is an illegal and unconstitutional act on their part and they must cease to indulge in these practices.

While I am still continuing my blog, it seems time to say goodbye to Facebook has arrived. All those individuals who were following my activities there and wish to continue to do so are invited to the Priyanka Sharma Daily. It seems to be a better alternative to Facebook and is more comfortable and user friendly.

However, this episode of Facebook has reminded me of the statement by Julian Assange that Facebook is an “appalling spying machine” and its insistence upon mobile number is sufficient proof of the same. It is better to leave Facebook than giving a mobile number, so goodbye Facebook.

It is well known that spy agencies and intelligence agencies world over use social media for open source intelligence (OSINT) purposes. US even plans to use, perhaps already using, fake virtual people botnet and persona management software to gather inputs from social media websites. Time has come to question the dubious practices of social media websites and blogging platforms so that they can be sterilised from malicious people violating civil liberties of netizens.

Virus Attack On ICICI Bank Transactions: A Cyber Security Lapse

The online banking system of India is not cyber secure. Take the recent example of virus attack upon ICICI Internet banking transactions. It proved that Internet banking system and mechanism of ICICI bank is not cyber secure. It is not even clear whether ICICI bank has appointed a chief information officer (CIOs) to manage its Internet banking functions that has been made compulsory by the Reserve Bank of India.

Cyber security of banks in India is in bad shape despite mandatory guidelines by RBI in this regard that has asked Indian banks to ensure cyber secure due diligence for banks in India.

The cyber law due diligence in India requires Indian banks to ensure compliance with information technology act, 2000 (IT Act 2000) otherwise stringent penal and pecuniary penalties can be imposed.

Similarly, cyber due diligence for Indian companies is now a well known responsibility. A failure to observe cyber due diligence by banking companies in India is neither good for their business nor for their customers.

Surprisingly, till now ICICI bank has not officially come forward to repudiate this claim of the security professional Yash who has claimed to discover this vulnerability in the Internet banking system of ICICI.

Internet banking risks in India are increasing and cyber security of Internet banking in India must be strengthened by various banks. In fact, Internet banking cyber security in India needs to be strengthened so that customers’ confidence can improve.

Now the Indian banks may use two methods to solve this problem. They may use dubious and illegal methods of false complaints and pages/websites/blogs removal requests to various hosting companies like Google, Facebook, etc and thereby remove the negative reporting about their business. Or they may improve the cyber security of their systems and thereby gain more respect and trust of their customers.

Unfortunately, many prefer the former option that is seldom productive and is injurious to own interests in the long run. What is more surprising is that Internet intermediaries like Google, Facebook, etc are in fact acceding to these requests and are messing up with accounts of their users. Let us hope things would change very soon on all fronts.

Cyber Law, Cyber Security, Websites Blocking And Internet Censorship Updates

There are many significant developments happening in India and abroad in the fields like cyber security, websites blocking, Internet censorship, skills development an trainings, etc. Some of such developments have been covered by my digital paper titled The Priyanka Sharma Daily.

This post is summarising and giving the account of the some of these articles posted in the past few weeks.

Some of the posts worth reading are:

(1) Indian electronic delivery of services bill (EDS) 2011

(2) Social media due diligence in India

(3) Financial frauds and IT crimes in Indian companies are increasing

(4) Corporate IT frauds and cyber crimes investigation in India

(5) Ethical hacking trainings and courses in India

(6) Ethical hacking training providers in India

(7) Ethical hacking training institutes in India

(8) Chief information officers (CIOs) trainings in India

(9) E-surveillance in India

(10) Internet censorship in India

(11) Ignorant judicial blocking of websites in India

(12) Cyber law on social media and networking sites in India

(13) Social networking laws in India

(14) Social media laws in India

(15) Techno legal e-learning courses in India

(16) Legal issues of entertainment and media industry in India

(17) Google outcry lack of proper Internet intermediary laws in India

(18) Aadhar project of India may be scrapped

(19) Aadhar project of India is unconstitutional says Praveen Dalal

(20) Data security, cyber security and privacy in Indian banking industry

(21) Is online banking system of India cyber secure?

(22) Is ICICI Internet banking system cyber secure?

(23) Internet banking cyber security in India

(24) Who is manipulating and censoring Blogspot blogs: Google or malicious competitors?

(25) Why has Google censored cyber laws in India blog?

(26) Cyber security of Internet banking in India

(27) Internet banking risks in India

(28) Startfor hack, not so private and secret anymore?

(29) Israeli spy gear sent to Iran via Denmark, the dirty trade

(30) Iran, the cyber threat … are we creating a new enemy?

(31) E-Corruption … “who controls the controller?”

I hope readers would find these updates useful.

Internet Banking Cyber Security In India

Internet banking is both a necessity and evil. As a necessity it brings conform and time efficiency. As a drawback, it attracts various forms of financial frauds and cyber crimes. With the removal of limits for financial transaction through mobile banking in India, more such cyber crimes and financial frauds are anticipated.

These are the few good posts in this regard that have been shared in the last week:

(1) Internet Banking Risks In India

(2) Cyber Security Of Internet Banking In India

(3) Indian Internet Banking Risks

(4) Indian Cyber Security Of Internet Banking

(5) Insecure Online Banking

(6) Data Security And Privacy In Indian Banking Industry

(7) Data Security, Cyber Security And Privacy In Indian Banking Industry

(8) Online Banking System Of India

(9) ICICI Online Banking System

Clearly, there is an urgent need on the part of Reserve Bank of India (RBI) to ensure that the guidelines prescribed by it are immediately implemented by the banks of India. Let us hope that banking customer’s interests would be safeguarded by RBI and Indian banks that is neglected for the time being.

Cyber Security Of Internet Banking In India

Internet banking in India or e-banking in India is a process that involves use of information and communication technology (ICT) for doing various banking related transactions. While use of ICT for banking purposes in India has many advantages yet there are certain cyber law, cyber security and due diligence tasks as well that Indian banks must perform to escape civil and criminal liabilities.

Banks in India are required to not only ensure cyber due diligence in India but also cyber security due diligence in India. Reserve Bank of India (RBI) has very categorically told Indian banks to ensure effective cyber security in their day to day affairs and banking transactions. However, banks in India are not complying with RBI’s cyber security due diligence requirements.

Internet banking risks in India are increasing rapidly. Even the RBI acknowledged Internet banking risks in India. Although electronic banking in India has many advantages and convenient to handle yet online banking risks in India cannot be ignored by either the banks or its customers.

Unfortunately, Indian banks are poor at cyber security. This is resulting in an increase in banking related cyber crimes and financial frauds. For instance, Citigroup Inc recently confirmed that computer hackers breached the bank's network and accessed data on hundreds of thousands of bank card holders. Similarly, a security researcher has recently proved that Internet banking system of ICICI is not cyber secure.

Obviously, Internet banking in India is not cyber secure and RBI must urgently step in to remedy this situation. RBI’s ombudsman office is already flooded with complaints of ATM frauds. Similarly, phishing complaints are also on rise where customers’ money is misappropriated. Banks in India must voluntarily build cyber security mechanism and also implement the recommendations of RBI in this regard. Even better would be to enact a dedicated Internet banking law in India.

Internet Banking Risks In India

Technology has brought many benefits for banking consumers in India. However, technology has also given birth to many unforeseen challenges. Cyber security challenges of Internet banking in India have grown tremendously in the past. In fact, Internet banking in India is not cyber secure despite the recommendations of Reserve Bank of India (RBI). Banks in India are ignoring the cyber security due diligence requirements prescribed by Reserve Bank of India (RBI).

Internet banking is a very important aspect of Indian banking industry. Internet banking not only provides instant banking facilities but it also confers mobility to the account holders. However, cyber security of internet banking infrastructure of India is the need of the hour. Instances of theft of money through hacking of accounts of the accounts holders are fast becoming a trend in India.

This is partly due to the ignorance of the accounts holders and partly due to the weak cyber laws of India. The account holders are increasingly targeted for phishing attacks that result in loosing of sensitive banking information.

According to Praveen Dalal, Managing Partner of Perry4Law and the leading Techno-Legal Expert of India, the Information Technology Act 2008 has made most of the cyber crimes and cyber offences “bailable”. India has made its cyberspace a “free zone” and “safe heaven” for cyber criminals and cyber offenders. He says that now even after committing hacking in India a person would be entitled to “bail” as a matter of right. There is nothing that prevents such cyber criminals from committing cyber crimes in India in the absence of a deterrent law.

This has resulted in an increased spate of cyber crimes including hacking of the e-mail IDs of the Internet banking users and stealing of their money.

Further, India has also become one of the most endemic surveillance societies of the World. Confidential information is already vulnerable and with the proposed Indian plans of installing key loggers at cyber cafes, the same would exclude the use of cyber cafes for these purposes. Although cyber cafés are not a good place to transact confidential matters yet with a poor Internet penetration in India this may still happen, says Dalal.

With a weak cyber law, lack of cyber security awareness and increasing e-surveillance initiatives in India, Internet banking disputes are bound to increase in India. The government is least bothered about these issues and ultimately the account holders would have to bear the financial losses.

Is ICICI Online Banking System Cyber Secure?

Online banking transactions in India and electronic banking in India are in a real mess. Thanks to the defunct cyber law of India, inadequate cyber security mechanisms like encryption usages for banks, ignoring the cyber security due diligence requirements prescribed by Reserve Bank of India (RBI) and many more such issues.

Naturally, online banking risks in India have increased tremendously. We have no dedicated Internet or e-banking laws in India. Further, online banking systems in India are not cyber secure. Even mobile banking in India is risky.

This position is obvious if we analyse the present trends occurring in India. For example Citigroup had recently confirmed cyber attack upon bank’s network. It is also well known that a timely and appropriate cyber due diligence could have prevented such attacks and various cyber frauds that are growing in the banking sector of India.

Now it has been reported that a proof-of-concept virus has been developed by a security professional to attack the ICICI Online banking using the Man-in-Middle / Man-in-Browser attack method. It shows what an attack can do to an online banking customer who uses ICICI online banking facility and how it can result in financial loss.

Naturally, cyber security of banks in India is not in order at all. Cyber Security Policy for Banks in India is an issue that is very important for Banks of India, says Praveen Dalal, managing partner of New Delhi base ICT law firm Perry4Law and leading cyber law expert of India. With the growing use of Internet Banking, ATM machines, Credit and Debit Cards, Online Banking, etc, Banks of India must also upgrade their Cyber Security Infrastructure and establish a Cyber Security Policy, suggests Dalal.

An integrated modern banking law for India is in pipeline and it would be a good idea to make it techno legal in nature so that it can address cyber crimes and cyber security in a more effective manner. Corporate and banking laws in India are in the process of being streamlined. RBI has even issues a notification prescribing enhanced due diligence measures for high risks customers in India. RBI is planning to boost ATM security in India. On similar lines, RBI must curb online banking crimes and frauds in India.

Banks in India need to adopt techno legal measures to prevent ATM and other similar financial frauds and cyber crimes. Further, cyber due diligence trainings for bank employees can also be beneficial in this regard. Banks must also appoint steering committees and CIOs as soon as possible.