Deep Web What it is ?

 Deep Web What it is ? 

By Prashant Mali

The surface web is the entire Internet for most users, but it represents a fraction of available content. The surface web is that part of the Internet that is accessible by standard search engines, either by indexing, or through use of the site’s IP address. By contrast, the deep web is unfamiliar to most of the public and is larger by orders of magnitude. 

Characterised as the submerged part of the iceberg, researchers describe the deep web’s size in various and conflicting ways: over 96 percent of content on the world wide web, unguessable, 7500 terabytes, infinite, and 500x the size of the surface web. Although imprecise, these estimates indicate that the deep web contains much more content than the surface web. Generally speaking, the deep web is the content not indexed by standard search engines, like Google.

The only U.S. court that has attempted to define the deep web, described it as follows:

"The portion of the Web that is not theoretically indexable through

the use of “spidering” technology, because other Web pages do not

link to it, is called the “Deep Web.” Such sites or pages can still be

made publically accessible without being publically indexable by,

for example, using individual or mass emailings (also known as

“spam”) to distribute the URL to potential readers or customers, or

by using types of Web links that cannot be found by spiders but can

be seen and used by readers.

The deep web contains all manner of content including text, photographs, videos, and music. Large academic, library, and proprietary databases are stored on the deep web, including core content from the U.S. Patent and

Trademark Office, Thomson Reuters Westlaw, and NASA.

The distinctions between the deep web and the surface web are sometimes imprecise because content on the deep web can be “surfaced” in several ways. Similarly, the deep web can be searched even though it is not indexed like the surface web. While research in the deep web requires considerable technical facility, specialized deep web browsers, like Tor, allow visitors to browse the deep web without having to rely entirely on pre-identified URLs.

The dark web has been characterized as a subset of the deep web. Controversial and illicit transactions reputedly transpire on the dark web, including human trafficking, narcotic sales, and contracts for killings. The dark web relies on anonymity tools to conceal both the seeker and the provider of such services.It is not accessible through surface web browsers like Internet Explorer or Firefox, but is accessible via specialized and anonymized browsers such as Tor or I2P. 

Tor facilitates browsing of dark web services without disclosing the user’s IP address, which would otherwise reveal the user’s network identity and location.

The Tor protocol leverages pseudomains like .onion as well as anonymous introduction points and relays between users, making de-anonymization difficult.

While the dark web and deep web contain criminal elements, both are routinely used for less nefarious purposes by those seeking anonymity. The U.S. Navy uses Tor for intelligence gathering. Journalists pursue controversial leads in the deep web to avoid government monitoring.An array of law enforcement agencies search for illicit conduct using Tor because Tor hides government IP addresses, ensuring covert surveillance.Whistleblowers reveal corporate and governmental malfeasance on the deep web to avoid retribution.

But increasingly, normal Internet users opt for deep web browsing simply for additional privacy. Tor’s website states that Tor “prevents somebody watching your Internet connection from learning what sites you visit, and it prevents

the sites you visit from learning your physical location.” Invasive commercial browsers and search engines cannot monitor, collect, aggregate, and sell user information, like browsing history, if the user is effectively hidden while searching the web. Similarly, governmental surveillance is

rendered substantially more difficult.

Bitcoin Tax by Indian Government: How

TAXATION  OF  BITCOIN  AND  OTHER  CRYPTO CURRENCIES IN  INDIA 😊

To understand the tax implications of Cryptocurrencies in India, the following points need to be understood under the context of the Income Tax Act:

1) Business Income - These are the profits and gains received from any business or profession carried on by the tax payer at any time during the Financial Year. It includes 'any' compensation received or other payment due to be received. Further, the compensation may be received in Cash or Kind.

2) Capital Gains - It means any income which has been derived from a 'Capital Asset' (whether movable or immovable)

3) Capital Asset - It means property of any kind held by the taxpayer, whether or not connected with his business or profession.

However, this does not include any Stock in Trade

Note: Since the cryptocurrencies have not been declared as legal tender by the Reserve Bank of India, these cannot be considered as legal tender (cash) and shall be considered as an asset. With a general understanding of the above terms, we move on to understand how cryptocurrencies would be taxed under different scenarios:

Scenario 1: When a person receives Cryptocurrency as payment for rendering goods or services

If a provider of goods or services receives any payment by cryptocurrency, then, the fair market value of the cryptocurrency received as consideration for rendering the goods or services will be considered as the consideration (that is the sale amount). Hence, the difference between the Fair Market Value of the cryptocurrency and the cost of provision of goods or services will be treated as Business Income in the hands of the taxpayer and the resultant Business Income will be charged to tax at the applicable slab rate.

Let us take the following example to understand the above more clearly:

Mr. A provides services for which he agrees to receive 2 Bitcoins. For simplicity purpose, assume the cost of provision of service as Rs. 5,00,000/- and the Fair Market Value of 1 Bitcoin = Rs. 5,50,000/-. Hence, by applying simple mathematics we can conclude that the total consideration for the services rendered is Rs. 11,00,000/- (5,50,000*2) and therefore the Business Income is Rs. 6,00,000/-

Continuation of Scenario 1: The person receiving cryptocurrency as consideration sells the cryptocurrency

Now as soon as the person receives the cryptocurrency as consideration, it becomes his capital asset under the assumption that it is not Stock in Trade (which is discussed later). Therefore, as and when the person sells the cryptocurrency, the resultant difference between the Fair Market Value on the date of receipt of cryptocurrency (from the provision of goods or services) and the date of sale of cryptocurrency will be treated as Capital Gain.

Further, if the cryptocurrency is held for 36 months or less, it will be treated as Short Term Capital Gain. If it is held for more than 36 months it will be treated as Long Term Capital Gain.

While computing Long Term Capital Gain, the taxpayer will get the benefit of indexation.

The bifurcation of Short Term Capital Gain and Long-Term Capital Gain is important since the Short Term Capital Gains are taxed at Slab Rates and Long-Term Capital Gains are taxed @ 20%.

Let us continue the example taken in Scenario 1:

Suppose the bitcoins received by Mr. A is sold by him @ Rs. 5,75,000/- per Bitcoin then the value of the consideration that will be received by Mr. A is Rs. 11,50,000/-. Hence, the Capital Gains would be Rs. 50,000/- (11,50,000 - 11,00,000) and depending on the period of holding of the cryptocurrency, it will be taxed as Short Term Capital Gain or Long Term Capital Gain

Scenario 2: A person paying consideration by cryptocurrency for receiving any goods or services

If a person availing any goods or currency pays consideration in the form of cryptocurrency, then in such a case there will be aspects which will need to be considered:

i) Capital Gains
ii) Amount (Quantification) of the expense

Capital Gains: The Capital Gains will be determined in the same manner as discussed in 'continuation of scenario 1' and will be taxed accordingly. However, in this case the relevant dates for determination of period of holding shall be the date of acquisition of the currency and the date of payment

Amount of expense: The amount of expense shall be the Fair Market Value of the cryptocurrency on the date of payment

Let us take the following example to understand the above clearly:

Mr. A avails goods worth Rs. 11,50,000/- the payment for which is discharged by paying 2 Bitcoins (5,75,000 * 2). Assuming the cost of acquisition of 2 Bitcoins to be Rs. 10,00,000/- (5,00,000 * 2), the resultant Capital Gain will be Rs. 1,50,000/- and will be taxed as Short Term Capital Gain or Long-Term Capital Gain depending on the period of holding.

The amount of expenditure will be the Fair Market Value of the Bitcoins that is Rs. 11,50,000/-

Scenario 3: A person Investing / Trading in cryptocurrency

This is the simplest to understand. However, the important aspect to be to be considered is whether the activity is to be considered as Investment or Trading.

If the activity is considered as Investment the difference between the sale price and purchase price will be treated as Capital Gains (the treatment will be as discussed earlier) and on the contrary if the activity is considered as Trading, the difference will be treated as Business Income irrespective of the period of holding.

Determining whether the difference will be considered as Capital Gains or Business Income will depend solely upon the intention of the person at the time of acquisition of the cryptocurrency.

Conclusion: The Indian Tax laws do not have a specific mention on how cryptocurrencies are to be taxed in India and remains a grey area, particularly as the exposure of people increases until a specific mention in the law is made. Even thou Chairman of direct tax has announced that the profit earned from bitcoin trading would be taxed.

The cryptocurrencies are not declared as legal tender by the RBI and spelled by Finance Minister himself in the budget speech, it hence may be treated as an asset.

Further, it shall be kept in mind that the cryptocurrency market is an unregulated market and risk of investment remains high without support of Indian Law.

Can GDPR Fines be covered under Cyber Insurance in India?

Can GDPR Fines be covered under Cyber Insurance coverage in India?

By Prashant Mali, 
Cyber Law & Privacy Expert.

Cyber policies usually grant cover for civil fines provided that these fines are “insurable at law”.

Where insurance for fines and penalties is available, this is usually as part of an operator’s general liability policy, although, as set out above, there is no general rule and some such policies routinely exclude such cover). In addition, prudent directors of port and terminal operators who are faced with the possibility of personal exposure to civil fines will take steps to ensure that their D&O policy will cover them if they are investigated personally. 

Example Policy Terms

Insurance coverage is available for fines and penalties. A popular form of cyber insurance includes, as an item of covered loss:

[C]ivil fines or penalties imposed by a governmental agency and arising from a Regulatory Action, unless the civil fine or penalty imposed is uninsurable under the law of the jurisdiction imposing such fine or penalty.

Another popular policy form provides coverage for "Penalties," defined as:

[A]ny civil fine or money penalty payable to a governmental entity that was imposed in a Regulatory Proceeding by the Federal Trade Commission, Federal Communications Commission, or any other federal, state, local or foreign governmental entity, in such entity's regulatory or official capacity; the insurability of Penalties shall be in accordance with the law in the applicable venue that most favors coverage for such Penalties.

Based on these definitions (which are typical), several features are prominent:

• The fines or penalties must be "imposed by" a governmental agency.
• The fines or penalties must be insurable under the applicable law.
• The fines or penalties must be paid to a governmental entity or to a consumer redress fund.

While it is not an inbuilt coverage, fines and penalties can be covered under a D&O policy by suitably modifying the definition of loss or in other appropriate manner. Reproduced below is one of the definitions as found in the policy wording.

“Loss also includes civil and administrative fines and penalties, awarded against Insured Persons, to the extent such are insurable by law, and the multiplied portion of multiple damages”

There is no express law in India including Companies Act, 2013 which declares any fine and penalty as uninsurable.

Sec 197 of Companies Act, 2013, reproduced below for brevity

Section 197(13) of Companies Act, 2013:

“(13) Where any insurance is taken by a company on behalf of its managing director, whole-time director, manager, Chief Executive Officer, Chief Financial Officer or Company Secretary for indemnifying any of them against any liability in respect of any negligence, default, misfeasance, breach of duty or breach of trust for which they may be guilty in relation to the company, the premium paid on such insurance shall not be treated as part of the remuneration payable to any such personnel:

Provided that if such person is proved to be guilty, the premium paid on such insurance shall be treated as part of the remuneration.”

Surprising as it seems, there appears to be no section in the Companies Act 2013 which prohibits indemnification of any nature .

It needs to be clearly understood that as in the case of other payments, prior approval of insurance company is a prerequisite for claiming this loss. One of the policy wordings is reproduced below. Provision relating to non-admission of liability is present in all policy forms, while the language may vary from insurer to insurer.

“The Insured shall not admit or assume any liability, enter into any settlement agreement, or consent to any judgment without the prior written consent (which shall not be unreasonably delayed or withheld) of the Insurer. Only liabilities, settlements and judgments resulting from claims defended in accordance with this policy shall be recoverable as a loss under this policy”

It is good for the directors to seek, in their letter of appointment, appropriate and adequate indemnity provisions – indemnity against all losses and expenses incurred by them in relation to the discharge of their duties unless such loss/ expense is caused by their own deliberate and malicious actions. It pays to be explicit and have more inclusive provisions.

Insurability

A looming question in the case of insurance for fines and penalties is whether such items can be insured despite policy language expressly providing for such coverage. As with the insurability of punitive damages, there is no uniform view. However, one can make several general observations:

1. Fines or penalties that are based on intentional or willful conduct are likely to be challenged by the insurer based upon public policy arguments.
2. Fines or penalties that are "punitive" in nature are more likely to be challenged by the insurer than those that are "compensatory" in nature.
3. Penalties that are assessed vicariously against a policyholder (such as when a corporation is held liable for an unauthorized act of its employee) are less likely to be challenged.

Case law exists under a variety of statutes, and in a variety of state and federal jurisdictions, that assesses whether particular fines or penalties are punitive or compensatory, or are insurable. Cyber policies address insurability through choice of law and choice of venue. As can be seen from the example language quoted above, there are two basic approaches:

1. One version permits coverage except to the extent that the law of the jurisdiction imposing the penalty forbids such coverage;
2. The other version permits coverage so long as the most favorable applicable venue permits such coverage.

Under conventional choice of law procedures, an "applicable venue" is likely to be one that has some sort of relationship to the parties or to the underlying facts. A standard provision for punitive damages directs that the applicable law is

"the law of the jurisdiction most favorable to the insurability of such [punitive] damages, provided such jurisdiction has a substantial relationship to the relevant Insured, to the Company, or to the Claim giving rise to the damages."

This type of formulation appears to provide more flexibility for coverage of such penalties than one in which the penalty-imposing jurisdiction is selected.

International variation

Internationally the position is likely to be similar, albeit with some noteworthy differences, in other jurisdictions. For example, it is common in Australia for cover to be provided in respect of civil fines and some insurers have extended liability insurance to include criminal fines imposed in circumstances other than where the insured has behaved in a reckless manner (or worse). Whether or not such policies are legally enforceable remains a hotly contested issue, but despite the difference in approach from the English position, the underlying public policy issues are the same.

In the US, a number of products are available which provide cover in respect of investigations under the Foreign Corrupt Practices Act, although in keeping with the policy considerations described throughout this article, cover is limited to the costs of such an investigation and coverage for any fines or penalties is specifically excluded.

In UK the leading case law under on whether regulatory fines are “insurable at law” is decision of the Court of Appeal in Safeway Stores Ltd v Twigger [2010] EWCA Civ 1472. In this case, pursuant the Competition Act 1998, the Office of Fair Trading issued a regulatory fine against Safeway.  As a result, Safeway sued its own directors in order to claim under their D&O policy.

The First Instance Judge, Flaux J, noted that:

“…the real target of the present claim is not the assets of the individual defendants, many of whom are of modest means, but the directors’ and officers’ liability insurance available to the defendants…”

Flaux J, after reviewing the previous authorities, held that the “illegality defence” applied to the regulatory fine relating to the breach of the Competition Act 1998.  The breach was held to be sufficiently serious and “morally reprehensible”, even where it had been committed without intention.

Although potential exposure to fines and penalties is an important risk management consideration for port and terminal operators, it appears that the extent to which insurance for liabilities of this nature can be obtained is limited, at least in England and Wales. It is clear that as a matter of English law, criminal fines and penalties cannot be insured for public policy reasons and, although there is no law in this area, similar considerations are likely to apply in the case of civil fines, so that these will only be insurable where the conduct in respect of which they are incurred does not involve deliberate wrongdoing.

The ex turpi causa maxim means that even where such cover can be obtained, an insured will be precluded from making a claim if the conduct to which the fine or penalty attaches involved intentional or negligent conduct.

Conclusions

Legally: While many insurance policies provide cover so far as insurable by law the reality is that GDPR fines themselves will likely not fall for cover. There may be cover for the costs associated with complying with, defending or appealing investigations from the ICO. And insurers may, of course, elect to pay out an amount in respect of the fine (potentially leading to issues in respect of reinsurance recovery). Note, also, that Bermuda legislation does not prohibit passing on liability for fines and may therefore provide some excess options worth considering.

Commercially: Regardless of any debates around the legal position in coverage of fines, the commercial reality is that the value of cyber cover comes in the knowledge and expertise that can be provided by the insurer, particularly in terms of responding to a data security breach. Cyber policies will generally cover systems failure, data restoration, as well as third party claims for damages for lost data or breaches of security and privacy and may also cover amounts paid in response to cyber extortion. Crucially, they will usually also provide access to necessary and pre-approved vendors and a package of cover that includes: 

• pre-breach offerings; 
• disaster recovery costs; 
• communication and notification costs; 
• paying for forensic investigations to determine the cause of the breach; 
• legal advice; 
• engaging experts to manage public relations and protect the company's reputation; 
• lost income and payroll as a result of a breach; and 
• credit monitoring for customers.

Of course, insurance can be no substitute for robust data protection policies - and the potential to be on the wrong end of a GDPR penalty makes it all the more important for companies to invest in such policies and procedures. However, in today's climate of increased cybercrime, it is vital for businesses to arrange cyber-cover and to partner with insurers in order to assess its exposures and be in a position to respond swiftly and effectively as and when a security breach occurs. Just don't have an unrealistic expectation that it will provide indemnification in respect of any GDPR fines.

Prashant Mali images of Gartner Security & Risk Conference in Dubai

Prashant Mali images of Information Intelligence Conclave 2017

 My favourite picture

 my favourite portrait

Prashant Mali SKYDIVING Thrilling Experience in Dubai

Prashant Mali SKYDIVING Thrilling Experience in Dubai

16th October first day of Diwali festival in India, so when India started their Diwali celebrations i was booked for my life time experience at the Dubai Skydive i.e the agency which helps people sky dive in dubai. The cost is around Rs. 35000 which includes flying, diving and photography with storage device.
i was called to checkin at 12:00 had a long wait till 2:15 PM as i had a long rush before and a lunch break. I found many girls from Asia and americas and 20 percent boys strange but true. there 2-3 type of divers like professionals, amateurs and first timers like me. The energy in the camp is vibrant and radiant. Jumpers go and come back in regular time intervals, it is a 20 minute journey.
I dont know but i had a sheer determination and focus so even beautiful girls around me didn't bother me much nor did i was talking to any one. I waited for my chance to come, once my name was announced i found out one guy from mumbai with me too, i could than lodge my belongings to his bag as no lockers are provided.
The companion trainer and diver was allocated along with my camera lady. My companion name was Joseph Junior, he looked very serious types but confident . my camera lady took some videos of me and introduced her to me. A small electric vehicle took us to the close by airport or flying strip which runs into the ocean.
We are ready to be boarded in the plane , the air strip is noisy as the plane makes rattling noise of its 

turbo prop. In side the plane dont expect any air hostesses, its a bench type sitting on both sides. we were 15 of us, 4 were self jumpers. Every sky diver like me as 2 persons for support. first the plane flies almost horizontal and then suddenly the angle changes and some us slide down as it starts climbing. We can the picturesque buildings, the sky line of dubai below.





In the plane some are somber, some are preparing, some watching out of window and some are super excited for the jump of their life.










I was cheerful as if i jump daily, i had put complete confidence in God and my pillion diver . i was waiting for the experience

i was second in line to jump and i was prepared and tied along with my jumper, i got ready without a single point of fear in mind, frankly saying i never saw myself being so much patient and calm and that to 18000 ft up above in the sky. Probably i was feeling like Darr ke agey jeet hai.. there is a win ahead of fear. 18,000ft extreme jumps (altitude only available at CSC): approximately 90 seconds in freefall, 5-7 minutes under the parachute before landing 
i was readied to jump, my photographer went ahead to take my pictures and video of my jump, kudos to her coz when we jumped on chest she jumped on back to catch our jumping moments, she kept smiling and that made me smile to. you can see i was so tempted to jump.

After i jumped or sky dived few seconds were out of the world, the air guzzles around you as you go keep falling from the sky to the beautiful Palm islands. those few seconds are important if you loose your concentration and mind you loose the experience of your life and even the pictures taken of you will be spoilt. you need to focus on three things, what is your trainer telling you, where is your photographer and enjoy the fall and scene around you.

All good scene is accompanied with good amount of air pressure as your face is unprotected but your eyes are. The feeling of leaving the plane is similar to when you've just jumped on a trampoline and you're in mid air, starting to descend back down. It only takes a few seconds after leaving the plane for you body to reach terminal velocity. After that, it feels more like moving down a cushion of air. You can feel the pressure of the wind on your body. 

The scenic Palm, a man made island in dubai with the help of land filling is a marvellous treat to your eyes. Then comes a spin, which confused me a bit but was joyful.

The best picture which i have, where i was smiling as if i only smiled through the diving experience was one below. i even used it as diwali greetings and as DP on my WhatsApp.

One of the other scenes you see is the incomplete Dubai World islands, the other ambitious project which seems to be stalled as of date. the small islands which you see below me in next picture is the Dubai World project where there would be islands in the shape of countries.

The picture below depicts the pressure on my face, when i opened it to smile for the camera. you can zoom to see it. It's too loud to carry on a conversation, but not loud enough that you have to wear earplugs in freefall. You may be able to hear screams, but that's about it. Once the parachute opens, it's actually pretty quiet, with the sound of a light breeze. You will be able to speak in a normal voice with your instructor while flying the canopy

  

The best part is when the parachute opens and the fall stabilises, i small thud a pull and the parachute opens which also tightens your gear around you. It doesn't hurt. The harness is adjusted to you before your jump and tightened so that there's no real shock from it pulling when the parachute opens. Grab your belt and pull your pants up. It's about like that.You suddenly are in standing and then sitting position carrying your weight. The scene becomes awesome when the parachute goes around the Dubai skyline. I felt a bit fearful when the partner was loosening the harness, i felt like the harness would but cut loose and i may go down.

Flying, Diving and on parachute all experience are  highly recommended and i wish to do it again, i  had a perfect landing as the photo shows below, cleberating my triumph 

  

I have uploaded complete video on youtube and the link is below, enjoy and comment too

https://youtu.be/SPFPFOALLRU