Advocate (Dr.) Prashant Mali's Blog

What do we mean by a “right of privacy” in India? Justice Cooley in 1888 defined it simply as a right to be left alone. Alternatively, it may be defined as a right to be anonymous. The two definitions are quite different but both are important, and the right to be anonymous is a form of privacy that has particularly significant implications in cyberspace. In legal terms, our right of privacy amounts to a right to be free from government intrusion into certain areas of our lives and a right to be free from intrusion by other individuals into our “private” lives. The former is protected largely through Constitutional interpretation and a number of statutes; the latter is protected largely through the common law under tort principles. Before 1890 no English or American court had ever granted relief based on such a claim as “invasion of privacy.”  However, in 1890 a Harvard Law Review article by Samuel Warren and Louis Brandeis examined a number of cases ostensibly decided on other gr

Why does India need a Data Protection Law? Apart from appeasing European Union for sharing data with Indian companies, One of the reason is presently all Data of ours -Search, Emails, Chats of Google, FB, Hotmail, Whatsapp are stored in Californian Servers, USA Jurisdiction. US Foriegn Intelligence Survivelenace Court (FISA) with a single penstroke court gag order can take all Indian MPs, PMO, Home Minister,MEA's etc Email data and Analyse them for leverage in Intl' Affairs, Thats a severe Threat, #privacy intrusion.  Not to mention even the Locations of each Citizen,Official in India can be monitored by US NSA analysts as of now with #Whatsapp, Android Phones relaying data back to USA servers.  Hence a Data Protection Law in India is a need of the Hour. " How to turn Android Phone or Tablet into a Server " .You can check it out here -  https://joyofandroid.com/use-old-android-phone-as-server/

Ransom-payers are also the cause of ransomware proliferation: Prashant Mali The ransom to retrieve files was reportedly $300, to be paid in virtual currency bitcoins Nikita Puri   July 1, 2017 Last Updated at 21:20 IST Operations at a terminal of the country’s largest container port,  Jawaharlal Nehru Port Trust  in Mumbai, came to a standstill earlier this week. The process of loading and unloading containers was halted as the port’s computers shut down after a major  cyber attack  that swept across the globe. The aggressiveness of the malware showed that such attacks were capable of bringing both corporate and government networks to a sudden halt. The ransom to retrieve files was reportedly $300, to be paid in virtual currency bitcoins.  Cyber law  expert  Prashant Mali , also an advocate at the Bombay High Court, tells  Nikita Puri  how to prevent mass-scale civil disruptions that future cyber attacks can result in. Edited excerpts:   First  we had individual com

Petya/Petwrap ransomware What is Petya Ransomeware do? Ans:  Ransomware, Petya does not encrypt files on a targeted system one by one. Instead, Petya reboots victims computers and encrypts the hard drive's master file table (MFT) and rendering the master boot record (MBR) inoperable, restricting access to the full system by seizing information about file names, sizes, and location on the physical disk. Petya replaces the computer's MBR with its own malicious code that displays the ransom note and leaves computers unable to boot. Why it spreads fast? Ans : Petya ransomware successful in spreading because it combines both a client-side attack (CVE-2017-0199) and a network based threat (MS17-010) So patch both first! Affected countries: UK, Ukraine, India, the Netherlands, Spain, Denmark, and others Behavior: Encrypts MFT (Master File Tree) tables for NTFS partitions and overwrites the MBR (Master Boot Record) with a custom bootloader that s

Electronic Evidence where to find in files  Windows Searches — For years, one challenge in digital investigative analysis has been proving a user not only had something significant to an investigation on their computer, but that he knew it was on there. Two of the easiest ways help prove knowledge of a file is to prove the user was searching for it or accessed it. In order for Microsoft to enhance the user experience, Windows tracks the names of files you access and search for in multiple locations. As previously discussed, the Windows registry is essentially several databases called registry hives. Each user has his own primary registry hive called the NTUSER.DAT. This registry hive tracks information specific to each user’s activity and preferences. Starting in Windows 7, when a user conducts a search on his computer using the Windows search function or the “Charm Bar” in Windows 8-10 (the magnifying glass that appears when you move your mouse to the right edge of the screen

Cybercrime : HOW TO SERVE SUMMONS, PROCESS, WARRANT TO PARTY RESIDING ABROAD- Comprehensive guidelines referred to in Letter No. 55019/17/2017-Legal Cell, dated ______ of Internal security Division, Ministry of Home Affairs regarding service of summons/notices/judicial process on persons residing abroad. -- 1. Section 105 of Criminal Procedure Code (CrPC) speaks of reciprocal arrangements to be made by Central Government with the Foreign Governments with regard to the service of summons / warrants / judicial processes. The Ministry of Home Affairs has entered into Mutual Legal Assistance treaty/Agreements with 22 countries which provide for serving of documents. These countries are Switzerland, Turkey, United Kingdom, Canada, Kazakhastan, United Arab Emirates, Russia, Uzbekistan, Tajikistan, Ukraine, Mongolia, Thailand, France, Bahrain, South Korea, United States of America, Singapore, South Africa, Mauritius, Belarus, Spain and Kuwait. In other cases the ministry makes a

Cyber Security Questions for Board of Directors. Although Board of directors have added cybersecurity risk to their agendas, there is no standard way for boards to think about cybersecurity, much less time-tested guidelines to help them navigate the issue. For boards, cybersecurity is an issue of enterprise risk. As with all enterprise risks, the key focus is mitigation, not prevention. This universally understood enterprise risk guideline is especially helpful in the context of cybersecurity because  no one can prevent all cyber breaches . Every company is a target, and a sufficiently motivated and well-resourced adversary can and will get into a company’s network. Consequently, terms like “cyber defense” are insufficient descriptors of an effective posture because they evoke the image that corporations can establish an invincible perimeter around their networks to prevent access by bad actors. Today, it’s more accurate to think of the board-level cybersecurity review goa