Daily Archives: April 26, 2015
IT Vulnerability | B-Cognizance
Superfish Visual Discovery: Lenovo’s preloaded bloat ware
Lenovo, the Chinese laptop manufacturing group has recently come under the media scanner for preinstalling the ad-serving software Superfish into its laptops. Lenovo is the world’s largest vendor of personal computers and Superfish Visual Discovery vulnerability immediately harmed the consumer giant’s reputation in the global market.
What is Superfish?
Superfish is a third party software that came preloaded with Lenovo consumer laptops, which altered search results to show different advertisements than what one would usually see. In addition, Superfish had Microsoft level permission access that means it can snoop SSL level security such as entered online banking passwords or credit card details. Attackers could even tamper and snoop with the web browser’s security, no matter what browser was being used.
The threat:
Initially introduced as a ‘shopping aid’ to include more search results and enhance the shopping experience of users, Superfish Visual Discovery was found to cause problems with browser rendering and random pop-ups as early as September, 2014. However, it was the black hat hacking group, Lizard Squad, which hacked the Lenovo website in a revenge attack that finally brought this issue before the entire world in February, 2015.
The Superfish Visual Discovery was not created by Lenovo but instead by the third-party, Superfish and the data collected could be sent back to the third-party. There’s no indication as to whether either of Lenovo or Superfish did this intentionally but there is no denial that if a hacker were to get hold of the root certificate and the private key, they could have gained access to the user’s personal data. Also, the fact that Superfish used the same private key for all installations made it worse.
In January, 2015, Lenovo stopped preloading Superfish into its consumer systems. Simultaneously, it disabled existing systems from activating Superfish.
How to detect and remove Superfish?
Any laptop bought from Microsoft’s signature range of laptops are bloat free and do no come pre-installed with Superfish. Others can simply head on to the Superfish detection webpage, https://filippo.io/BadFish/ and the test site will simply tell the user if Superfish is preloaded on their system. The lastpass website, https://lastpass.com/superfish/ has a colourful step-by-step guide on how to detect and deal with Superfish. Microsoft too, released a critical security update which automatically removes Superfish. All the user needs to do is install the latest security updates.
The future?
Moving ahead, Lenovo should now be concerned about the long term implications of this incident. They need to rebuild customer trust and they have to be more transparent about their new policies regarding security and privacy. Consumers need to put their trust on their products especially in a device such as their laptop which stores all their critical personal and financial data. An in an era, which is digital, a lack of such trust can and will damage the brand of any well reputed company, even one such as Lenovo.
Siddharth Narayan
IMB2013027
MBA-IT 4th Semester,
IIIT Allahabad
WAKE UP CALL !!!!
The prognosis can be changed. It’s about the future of us, Indians. We must get enthralled about the present situation and do something about it. The situation mentioned is terrorism and about the torch bearers or cornerstone of it. These forces are rising unabated and curtailing the rights of ours. The terror spread by these particular religious community is an open secret. No one is unaware of their modus operandi in achieving their gory motives. 9/11 in U.S. & 26/11 Taj attack and the Pune bomb blasts, still speak of the aims they want to achieve .Other menaces and actions done by them are also partly not made public by the powerful media and the people behind it.
The Amarnath Shrine Board issue and the final answer to that just want is known to everybody. In this democratic and republic country where every religion finds a place, it is still dominated and occupied by Hindus, but such incidents of such big scale speak the other side of the picture. We in our country are not even able to find a little space for us. These forces are accruing and the time is not far when they will have the lion’s share in everything they want. The situation is still not immutable and some audacious steps can still mitigate the situation. A solemn assurance will have to be granted by every youth of our group to prove a deterrent .One can contribute in any other way towards this cause. We must not squander our energy but we should contribute in one way or the other. As the days are passing on, we are becoming more and more inept and pressed and simultaneously they are becoming our nemesis. So, let’s stop this ongoing process and turn the tables and show them that we too have something in us. We need astute and prudent personalities especially youth to carry out this process.
RSS (Rastriya Swayamsevak Sangh) is one such organization which provides a platform to us to work in the required direction.VHP (Vishwa Hindu Parishad) & ABVP are two amongst many of its branches of this silent organization which is working in background since many years against the ugly forces. Its action and modus operandi is very simple but has been in much negative in media. This again is media’s concocted views for it. It’s not so intricate policies and deeds are not imbibed by all. 1992 Kar Seva and many more activities are some of its events which shows that though silent, we can show our concern and power when water rises above the danger level. RSS is a self organism in which individuals meet in a day once or twice and just assemble to play few indigenous games and discuss on few regional or national matters. The working of this organization is in much contrast to one which is practiced by the other mentioned terrorist groups. There, even in places of worship, a feeling of hatred and terrorism is injected or installed by the religious leaders. Forget about the special camps where handling and use of arms and ammunition is taught in open air. They are filled with the thought of dislike and religion which outbursts in many forms and this action of theirs brings no reaction as they don’t react in anyway.
So, all and sundry should wake up and do something for ourselves and our religion. Joining the process or passing the ordeal can only prove us.
Bhartrihari Pandiya
RS178
HYPE OF ACHE DIN
814.5 million voting population, 8251 candidates and the so called theme “ACHE DIN”. The image of developed India was well depicted by now prime minister Mr. Narendra Modi. But has the picture been delivered right, are the promises come true, does he have a magic wand in his hand ?
As soon as the budget came out the tax payers were happy as the tax slab was reduced . establishing 4 AIIMS is a big step towards better medical treatments. 10,000 crore fund for soft loans was a good scheme. Swachch Bharat abhiyan must be implemented decades ago but no issue. 100 smart cities was a intriguing idea which no one has ever thought of. Though the ideas are big enough but in a country like India where everyone is pulling your leg ideas alone cannot bring down miracle.
The philosophy of minimum government and maximum governance must be shown to others , though we know ROME WAS NOT BUILT IN A DAY but it has been built in a week, so in order of that were the promises nothing but a mere mirror to voters that you have been fooled again or Mr. Prime minister can bring the change which he is talking about. Though we can no change can be brought so soon but its been over 8 months and no such significant change is seen. Nothing which Mr. Narendra Modi claims can be seen no Gujrat model in India nothing.
May be its time that he has to show the change he is talking about, may be the time has come for rigorous action plans. High inflation, no jobs , slow down in economy , falling price of rupee should be the main concern of government not the holidays of opponent leader Rahul Gandhi. If you can’t deliver what you promise than you should not comment on others’ failure too. There is been much said about UPA government and there failures but Dr. Manmohan Singh has improved out foreign relations to such extent that all other foreign countries are now eager to invest in India. Creating jobs for local workers. Having a plan on paper and having the same in reality are two different issue and in my opinion the time has come that the theory must be implemented in reality.
“CHANGE MUST COME.”
Shubhranshu Agarwal
IMB2014023
WHAT ARE WE HEADING TOWARDS?
INDIA’S GAY DAY
It was a big day for India on July 2nd 2009. India took a giant, although belated, step towards globalization when Delhi High Court, in land mark ruling said ‘Homosexuality not a crime’. This was a historic judgement to amend 149 old colonial era law Section 377 of IPC and decriminalize private consensual sex between adults of the same age. It is the biggest victory yet for gay rights and major milestone in the country’s social evolution. India became the 127th country to take the guilt out of homosexuality.
But let’s stop and have introspection of ourselves and of our victory. Is this right? What are we heading towards then? Perhaps a world whose not only homosexuality but also coitus between an individual and an animal i.e. between any two forms of nature is ethical. Isn’t this against the law of nature? Perhaps it is. My personal views suggest the same. I am ably supported by various leaders of religious communities, preachers, Sadhu’s and many others. Not orthodoxy but may be a long term vision is the basis of theirs for such a stand. Baba Ramdev, the spiritual and yoga guru also asserts that pollution, deforestation, etc are still harming the world then again this homosexuality is adding to the woes, especially in the spiritual and religion country like India. Is this what we are presenting to the new generation? This will surely create an illusion in their minds and lead them nowhere. This is not the way in which our civilisation should have headed.
This historic judgement was given by a bench comprising Chief Justice AP Shah and Justice S Muralidhar. The petition was filed in the year 2001 by NGO Naz foundation seeking a reading down of section 377. The matter was dismissed on the ground by Delhi High Court in Sep 04 that no cause had been made out. The former didn’t surrender and moved to the Supreme Court, the apex court in India against the HC order. The apex court in a dramatic action sent back the issue to the High court in April 06. After a long time, in July 2, 2009, the historic judgement came in which Delhi HC legalised gay sex among consenting adults. Points supporting this discussion are that almost unanimous medical and psychiatric opinions that homosexuality is not a disease or a disorder and is just another expression of human sexuality. Also, the LGBTs (lesbian, gays, bisexuals and transgender) can also enjoy equality and forget discrimination.
This verdict trigged protests from religious leader across the country, claiming that this world lead to ‘ruining’ of society and family values. On the other hand, as mentioned, workers and psychologists welcomed the order, describing it as “scientific and humane” .Political parties were divided in their approach. The CPM welcomed the judgement, while Samajwadi Party said it totally opposed it. Both Congress and BJP said they would have to study the order first.
Earlier, Sec 377 of IPC imposed a maximum penalty of life sentence on anybody who has ‘carnal intercourse‘against the order of nature, with any man, woman or animal. But since the 150 year old law in acted by British was overturned, it says that the act violates articles 21, 14 and 15 of the constitution. Article 21 deals with personal liberty, 14 with right to equality, and 15 is the right against discrimination (on ground of sex). The main benefit of the judgement to homosexuals is psychological as it reduces scope for their harassment. It may also over time reduce the social stigma. The verdict applies to the entire country according to the Supreme Court.
The final note according to me is that we, Indians, the torchbearers of civilization can’t afford to have this in our culture. We have to present a better and congenial world to our offsprings and this is certainly not an ingredient of it. Many people may term this thought or action plan as a reaction by an orthodox but that’s a different thing. Culture and civilization stand where they should be.
Thus, we should discourage ongoing process so that we get a better place to live in. Emotions and liberty can’t be extended to such a range by which others may suffer.
Bhartrihari Pandiya-
RS178
AU REVOIR SECTION 66A
Article 19 of Indian Constitution States ‘Protection of rights regarding Freedom Of Speech’. Undoubtedly Article 19 was traduced by Section 66A of Information Technology Act. There were slew of cases wherein the individuals have been incarcerated. The arrests of the cartoonist Aseem Trivedi on sedition charges ; the cases against two girls who argued for Mumbai shutdown after Bal Thackeray’s demise ; the arrest of a UP boy after his post on Facebook against Azam Khan, a Cabinet Minister of UP triggered immense outrage.
Shreya Singhal,a free speech activist and a petitoner clamouring for the repeal of Section 66A got a ruling in her favour by the Honourable Supreme Court of India. She grittily batted for ‘Abhivyakti Ki Azaadi’ and what beleaguered her the most was that anyone could allege anything on television or media and nobody would excoriate you and on the contrary if you have asseverated the same thing online and ended up enkindling another person you can be prosecuted.
The IT Act which was implemented in the year 2000 encompassed Section 66 which solely dealt with cyber crimes. Section 66A being a subsection of Section 66 was a deterrent to scurrilious contents which are posted online against the assailable sections of the society. However,the court didn’t shrugged off the prosecution of the pertinent hooligans in cases related to cyber crimes under Indian Penal Code (IPC).
Justice Nariman and Justice Chelameshwar gave a landmark judgement on 24th March,2015 by scrapping Section 66A of IT Act and consequently rebuffing all the cases in this regard and granting the malefactors a sedate ‘Ghar Wapsi’. The judges gave their assent that Section 66A hits hard at the roots of freedom and is seemingly vague. It’s a brazen attack on the liberty of individuals. The Apex Court was of the view that Section 66A is untenable.
Formely,it was like we were combating with our own Fundamental Rights tabled in the Constitution. This Act intented to swagger and browbeat the netizens over contentious issues. The Apex Court decision of Section 66A was also warmly welcomed by the political parties and partisans.
A petition filed by a young law graduate gave teeth for the crusade against Section 66A which later on brought other noted activists,advocates and journalists to bat for this atrocity. We are deeply overwhelmed by Supreme Court discernment.
Hail Honourable Supreme Court..!! Au Revoir Section 66A..!!
Utkarsh Jaiswal
IMB2013026
Advantages and disadvantages of rooting android OS devices
When we talk about rooting the first question that comes in our mind is what is rooting? And why do we need it . Rooting is basically a process of allowing users of android based smart phones, tablets and other devices to get privileged control i.e access over various Android’s subsystems. In other words we can say that rooting eliminates the limitation and allows full access. Rooting gives the capability to modify system applications and settings and helps in running some applications that need administrator permissions, which can’t be performed by normal users. Rooting can help in removing or replacing with different versions of android OS.
Disadvantages of rooting.
- Phone’s warranty voids: as soon as we root the android device its warranty voids .
- Bugs: device becomes more prone to bugs and viruses .many users flash their ROM’s with custom programs which increases the risk of virus.
Advantages of rooting.
- Access of special apps-rooting of devices helps in accessing of special applications which enhance the ability of android device .example super user app.
- Release memory- Rooting helps in releasing phone memory by moving the applications and additional files to external storage available in device like SD card..
3 ROM’s-Users by rooting device can enable to flash ROM’s with custom programs available. Which speeds up the processing speed of the device?
Thus before rooting the device one should know the pros and cons of it.
References:
Wikipedia , Thomas Phelps “to root or not to root”
Shrut Kirti Nandan
MBA –IT , IIIT-A
Deeper dive to Methods of Hacking
In the previous article, we have discussed about the basics of ethical hacking. In the current one,
we will dive little deeper into different methods used for the purpose of hacking. Recalling once
again, I should state that hackers are the persons who have deeper knowledge of programming
languages, operating system, and networking concepts. Not only knowledge of above mentioned
topics, they have keen interest in exploring different kind of things into learning anything to a
much deeper level.
There are various methods that are used for the purpose of hacking. Some of them are:
1. Digital Footprinting: Digital footprints, also called digital shadow are the track of all
the data that user leaves when he was online. Digital footprints can be Passive or Active.
a. Passive footprints are created when data are collected without letting user know.
When you come online then you might have noticed on different webpages that
they are showing ads of your choice. In fact they come to know about your choice
based on your browsing history, search history and cookies. Advertisers read data
from your browser and show you the relevant ad. None of the advertiser asks you
for the permission for showing their ad, it clearly means they do all these things
without letting you get noticed.
b. Active Footprints are created when user willingly release their data by sharing
their details on social sites or any other webpage.
2. Social Engineering: It’s a non-technical method used by hackers to intrude into
someone’s account. It relies heavily on the human interaction to break the normal
security procedure. It includes the process of guessing, and hence is performed on
someone about whom you know well. If you know anyone closely then you can guess
answer of security questions and recover his account.
3. Denial of Service: In DoS attack, some of the specific service is made unavailable from
target user. These attacks can have three types of targets:
a. Network connection that provides access to the service
b. Operating system that hosts the service
c. Application program that provides the service
4. Keyloggers: Keyloggers are the programs / device that keeps log of each keystroke in a
file. A keylogger can be software based or hardware based.
a. Software Based Keylogger: It is the software program that needs to be installed
on victim’s system. Attacker use to configure his email address on the victim
machine so as all these log files are sent to his email address. Not only the textual
log, but screenshot of the victim machine is also sent at particular time interval
that is being configured in the setting of keylogger.
5. SQL Injection: It’s a code injection technique that inserts some malicious SQL statement
into the entry field and executes them. In simple words, we can say SQL injection as
running my SQL statement on the target site. This technique is applied on the web-apps
and web-pages. It can reveal all data from the database of the website to the attacker,
even your username and password.
6. XSS (Cross Site Scripting): XSS vulnerabilities can also found in the web applications.
Hackers use this to intrude some script to the webpage, and security risk varies
significantly depending on the nature of script. Various threats may be:
a. Cookie stealing: Cookie stores user data in the browser. Stealing cookie will
definitely led to data theft.
b. Session hijacking
c. DoS attack
7. Spoofing: Spoofing is the process of falsifying data and gaining benefits of the same.
Various techniques that are covered under spoofing are:
a. Email spoofing: It includes sending mail from anonymous email.
b. Call spoofing: It includes making fake phone calls. One can use this trick to call
you with your own number too.
c. IP address spoofing: It involves changing the IP address of your computer.
d. GPS spoofing: It attempts to deceive a GPS receiver so as to deliver wrong
location.
e. DNS spoofing: It’s a trick where data is intruded to the DNS resolver’s cache that
cause the name server to return an incorrect IP address which further leads to
divert all traffic to the attacker’s computer or any other computer.
8. Steganography: It’s the process of masking a file into other. File may be text, image,
audio or video. They are treated as normal file by the victims, but hackers unmask them
to reveal hidden data from it. Main advantage of the steganography is to transfer secret
messages. Again, steganography can be of different type:
a. Text steganography: Hiding messages inside the texts, it is not to be confused
with cryptography.
b. Email steganography: Similar to the text steganography, it is also used to deliver
short messages. Original message is masked and a fake message is displayed
which can later be unmasked.
c. Audio / Video steganography: Hiding data in the audio and video files
d. Image steganography: Hiding data behind the image files
9. Man in the Middle: When we open any webpage then the corresponding request is made
to the server, in the form of packet. MITM attack is used to capture these packets while it
travels through the network. Once the hacker intrudes into the packet, he can easily
extract data from it.
10. Trojans and bombs: These are the malicious programs that when executed performs
some action depending on the type of Trojan, which led to system harm and data theft. To
access victim’s system remotely, hackers may use trojans as backdoor, and after gaining
access hacker can perform any action including:
a. Formatting hard disk
b. Crashing computer
c. Corrupting data
d. Data theft
e. Keylogging
f. e-Money theft
g. Controlling system remotely
h. And many others…
Kamal Nayan
Shadow IT
Shadow IT, once confined to unapproved macros in MS Excel has now grown exponentially over the
years becoming a major part of IT firms and introducing new security risks arising from unsupported
hardware or software.
What is Shadow IT?
It is any hardware or software inside the organisation which hasn’t yet been approved by the IT
department of that organization, thus, information technology projects managed without the
knowledge of the IT department.
The rise in Shadow IT and its increased usage was due to desire of the employees to get direct and
instant access to any software or technology without the need to go through any corporate
channels. Recently, this has spread to the need to use their own personal technology at work (such
as BYOD).
A McAfee sponsored study brings out 6 key points on Shadow IT and its true nature.
1. More than 80% of the surveyed respondents admitted using it.
2. The biggest users are not the general users, but they are in fact the… IT employees!
3. There is no clear communication or rules regarding SaaS policies.
4. Employees do not want to put their organisation at any risk, they just want to get their work
done comfortably.
5. Web based analytical tools, word processing/spreadsheet tools and even web conferencing
platforms are the most common types.
6. Around a half of the surveyed individuals recognize the risks of Shadow IT but even this
sense of risk is not stopping these employees from deterring from its usage.
By 2020, 40% of the IT budget will be spent outside the IT department according to estimates. With
this widespread use to Shadow IT, the risks it brings along has become quite obvious. It can easily
become a barrier to an enterprise’s IT compliance, such as when a user is using Google Drive for
storing company data in place of the company provided cloud storage service(s). It can also impact
the experience of other employees in the organisation. Free flow of data across the organisation
may be hampered and monitoring of such data flow can become a concern.
But, even with the severity of the risks involved, it is necessary to understand that the world will not
recognize a ban of Shadow IT, if ever there is going to be one. It is here to stay, that’s for sure.
Employees will not stop bringing or using their own personal cloud services or their mobile phones
or tablets at work. The best IT organisations can hope for is to embrace Shadow IT and create
restrictions at proper junctions. After all, Shadow IT is making employees more innovative at their
work and making their jobs a little more likeable, thereby, increasing the overall productivity.
Arshad Ahmed
IIIT Allahabad,
MBA-IT/Semester: 04, IMB2013023
Compliance Hiccups and Cure
IT, security and compliance officers discuss the issues relating companies these days and what steps organizations can take to reduce potential regulatory compliance risks and security threats.
“Failure to meet rules and guidelines set by compliance standards could mean fines, penalties and loss of trust.” Andrew Hodes
IT departments are not only to be entangled by the security risks these days but also have to comply with the various industry and federal regulations to keep sensitive customer data safe and to uphold the trust levels of the potential customers. With the ongoing notion of BYOD
(Bring Your Own Device) it’s an up keeping task for the organizations to comply to the industry and federal regulation standards. Its very vital for the organizations to tap these potential compliance vulnerabilities to function and deliver in alignment to the industry and federal regulations. Some of the biggest hiccups to the organizations to keep complaint are
- Employees: Employees play a vital role in compliance .Adherence to industry and federal standards are purely employee oriented and controls to tap this leakage is very essential for an organization. To overcome this threat, it’s important to educate all employees on different ways information can be acquired through very low-tech methods and give them tools they can use.
- Cloud Service Providers.To ensure that sensitive data is being properly protected in the cloud, choose a trusted service provider. Cloud services present significant benefits in of cost savings, scalability, flexibility, however, to ensure that your or your customer’s data is properly protected and in compliance with all relevant regulations, the vendor/service provider should meet the underlying regulatory requirements, whether the cloud is engineered to be HIPAA-ready or to comply with PCI or FISMA standards.
- To avoid the potential theft of data from mobile workers, provide travel laptops to employees and create specific information security policies to protect the network from cyber penetration.
- Third-Party Apps (S hadow IT).The biggest compliance-related issue facing CIOs today is shadow IT, a threat caused by the use of unseen third-party solutions including devices and apps, the flow of data and information in an unregulated unchecked manner causes a potential compliance threat to the stakeholders. Educate end users; give CIOs the controlled power to constantly assess services for suitability; and deploy modern enterprise cloud solutions to solve overall compliance problems.
ASHUTOSH JOSHI
MBA (IT) 4th SEM
Wake up — it’s time to be aware about Information Technology Act
With the vast expansion of Internet services and their necessities in the digital world, awareness about Internet regulation is must. The great majority of Internet users are not aware that they access a regulated version of World Wide Web where doing something to anything may result to a very dangerous transgression for the future. A lot of discussion and debate has taken place about privacy and IT act, whether with regard to freedom of speech, citizens’ rights, state surveillance or the Internet licensing stand. However, the most critical aspect that gives way to all these discussions and debates is, what should the citizens’ in India must know about Internet laws? How Internet users can make themselves more secure and safe by ensuring better protection of personal data?
Often laws are defined in a manner that it lay down all the substantive rights of the citizens. But it is due to lack of awareness of beneficiaries that most of the time they fail to respect and realize rights, demand justice, accountability and effective remedies at all levels. Recently, after hearing batch of public interest litigation on ambit, Honorable Supreme Court finally quashed down section 66(A) which allowed arrests for “inconvenient, abusive, and annoying messages on any online media, including ones involving freedom of expression”. The government also admit that section 66(A) of the Information and Technology Act had certain “aberrations amounting to abuse”. It means from now on section 66(A) atleast doesn’t have any legal standing.
Indians would have rejoice this decision, but wait how many of us know, that by striking down section 66(A), the Supreme Court of India paved the path for other challenges in cyber space for citizens’. Until the issue of further amendments in IT Act, every citizen must be aware about his/her privacy and cyber laws which will be helpful to exercise their rights. There are certain sections and articles which must be understood by every Indians in cyber space. These are discussed below:
- Article 19 of the Constitution of India states:
- Article 19(1)(a): grants every citizens with the right to freedom of speech and expression.
- Article 19(2): states, that nothing in sub-clause (a) of clause (1) shall affect the operation of any existing law, or prevent the State from making any law, in so far as such law imposes reasonable restrictions on the exercise of the right conferred by the said sub-clause in the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States, public order, decency or morality or in relation to contempt of court, defamation or incitement to an offence.
Thus there is distinct contradiction between section 66(A) and article 19(2) of the Indian Constitution, which provides government to issue another amendment to exercise powers under Article 19(2).
Section 69(A) ” Power to block any content ” of Information Technology Act states:
Section 69(A) allows the Indian government the power to block/censor any website or internet service, without giving the creator or provider of the content a chance to defend the material or even to get it unblocked. Within this, any information generated, transmitted, received, stored or hosted on any computer resource, if found offending or annoying can be blocked for access by the public.
Section 79 “Punishment for platforms like YouTube, ISP, etc.” of Information Technology Act states:
The “intermediary” such as ISP, YouTube, Twitter, Facebook, etc. can be punished if they does not actively censor material that the government or any person complains about, without giving intermediary any chance to defend the content. This section provides a dangerous tool to disrupt the business of an intermediary by flooding it with baseless complains and notices.
Section 84(B)”Punishment for abetment of offences” and Section 84(C) “Punishment for attempt to commit offences” of Information Technology Act states:
This gives the powers to police officers of the rank of an Inspector to arrest any person without a warrant in case of any instigation or attempt of committing any offense under IT Act. There is no defined objective guidelines, which could help police officer in arresting any person in a public place who is about to commit a cyber crime.
Section 118(D)”Punishment for causing annoyance by sending mails” of Kerala Police Act states:
Like section 66(A), it is illegal to cause annoyance to anyone in an “indecent manner” by sending messages or mails by any means. This was meant to be a safeguard against stalkers and spammers, but unfortunately becomes a way of suppressing certain kinds of speech as “online illegal speech” is not defined under this act.
Section 43(A) “Compensation for failure to protect data” and Section 72(A) “Punishment for disclosure of information in breach of lawful contract” of Information Technology Act states:
These sections provide the concept of data privacy and its protection. Section 43(A) helps in getting compensations from any corporate body for the negligence in implementing or maintaining reasonable security practices and procedures by complying with the best standards like ISO 27001, etc. for safeguarding the sensitive personal data or information (SPDI). Here SPDI includes:
- Passwords
- Financial information such as bank account or credit card or debit card or other payment instrument details
- Biometric information
- Deoxyribonucleic acid data
- Sexual preferences and practices
- Medical history and health
- Political affiliation
- Commission, or alleged commission, of any offence and
- Ethnicity, religion, race or caste
Further section 72(A) also deals with personal sensitive information and provides punishment for disclosure of information without the information provider’s consent or in breach of lawful contract. Both of these sections are at a nascent stage which needs to be stringent.
Apart from urgent amendments in IT Act, a special attention must be paid to the data privacy rights in India which is an essential part of civil liberties protection in cyberspace. A right to privacy bill, 2014 is in draft phase, which will help individuals to protect against misuse of data by government or private agencies. Until then each one of us must be careful while accessing, downloading or uploading different contents and stuffs on internet.
Akansha Pandey
MS- Cyber Law Information Security
IIITA