Advocate (Dr.) Prashant Mali's Blog

Strategic Cybersecurity Thinking The ability to come up with effective plans in line with an organization's objectives within a particular cybersecurity situation. Strategic thinking helps cybersecurity managers review policy issues, perform long term planning, set goals and determine priorities, and identify potential risks and opportunities. Clearly, there needs to be a clear strategy as to what needs  to be done with respect to security. Such a strategy should determine the policies and  procedures. However in practice rarely a strategy for security is created. Most emphasis  is placed on policies, implementation of which is generally relegated to the lowest levels.  Rather it is assumed that most people will follow the policy that is created.  A strategic cybersecurity programme does not begin with tools and tactics, but with an articulation of one or more programme goals. Sun Tzu once said in The Art of War: “If you know the enemy and know yourself, you need not fear the resul

E-pharmacy or Online Medical Shop  :   Legal Framework in India In India, 50-plus e-pharmacies including Medlife, 1MG, NetMeds, PharmEasy and others continue to do online sale-purchase of drugs, medicines, etc. even today. Because they have physical  medical stores that are licensed to sell drugs. In India, the legal and regulatory provisions for manufacture and sale of medicines are covered under the Drugs and Cosmetics Act, 1940 (D&C Act), Drugs and Cosmetics Rules, 1945 (D&C Rule), Pharmacy Act, 1948, The Information Technology Act, 2000 (IT Act,2000)., Indian Medical Act, 1956 and Code of Ethics Regulations, 2002, Narcotic Drug and Psychotropic Substances Act, 1985 and Drugs and Magic Remedies (Objectionable Advertisement) Act, 1954.   Consumer Protection (E-Commerce) Rules, 2020 However, these donot define the regulations for online sale and monitoring of pharmaceutical medicines clearly. Accordingly, various stakeholders approached the government which then constituted an

Jurisdiction of Courts in India under The IT Act,2000 A Division Bench of the Allahabad High Court had occasion to deal with the statutory framework pertaining to data breaches in a proceeding for quashing of FIR. In   Amit Kumar Jaduan v State of UP and  others [MANU/UP/3289/2018] the court examined Sections 43, 47 and 66 of the Act. Some of the important observations of the court are summarised hereunder: The act of default must have been committed without the permission of the person who is owner or a person-in-charge of the computer, computer system or computer network. The act of the defendant must have caused some damage or loss to the person so affected. The difference between Section 43 and 66 is that the pre-requisite of the latter is the existence of  mens rea , while under Section 43 of the Act, it is whether the Act committed is without the permission of the owner or person who is in charge of the computer, computer network, or computer system Simultaneous actions can be m

The Consumer Protection Act, 2019 today becomes a Law in India: Whats New? Why New Law was needed ? New modes of business like telemarketing, direct selling, multilevel marketing, e-commerce etc which were not envisaged thirty years before and now had made consumers more vulnerable to unfair trade practices. Earlier, direct selling and multilevel marketing were regulated through guidelines issued by state governments and the consumer affairs ministry. This new Consumer Protection Act brings these activities in its fold. Besides expanding the scope of grievances that consumers can complain against, the new framework also gives the regulator suo moto powers. The 1986 Act had a three-tier structure that could be utilised by an aggrieved consumer for adjudicating any complaint. However, it did not provide for a regulator who could initiate or intervene on a preventive basis. For instance, direct product recalls or withdrawal of services which are dangerous or unsafe, directing di

Certificate Under Section 65B(4) Evidence Act Is Compulsory for Admissibility of Electronic Evidence: Three Judge Bench of SC - 14 July 2020 Case Law :   Arjun Panditrao Khotkar v. Kailash Kushanrao Gorantyal,  2020 SCC OnLine SC 571   , decided on 14.07.2020 The Indian Supreme Court has held in the above case that the certificate required under Section 65B(4) is a condition precedent to the admissibility of evidence by way of an electronic record. The bench headed by Justice RF Nariman further held that, in a fact-circumstance where the requisite certificate has been applied for from the person or the authority concerned, and the person or authority either refuses to give such certificate or does not reply to such demand, the party asking for such certificate can apply to the Court for its production under the provisions aforementioned of the Evidence Act, CPC or CrPC. The bench has also clarified that the required certificate under Section 65B(4) is unnecessary if the original docume

Zohnerism Why we need to Avoid watching too much of breaking news, panel discussions, twitter feeds, WhatsApp university gyan on Cyberspace and TV news channels now a  days! Specially local TV channels. The notorious concept of  Zohnerism  Z ohnerism -  all about twisting of simple facts to confuse people.  In 1997, 14 year old Nathan Zohner presented his science fair project to his classmates, seeking to ban a highly toxic chemical from it’s everyday use. The chemical in question? Dihydrogen monoxide. Throughout his presentation, Zohner provided his audience scientifically correct evidence as to why this chemical should be banned. He explained that dihydrogen monoxide: Causes severe burns in while it’s in gas form Corrodes and rusts metal Kills countless amounts of people annually Is commonly found in tumors, acid rain etc. Causes excessive urination and bloating if consumed Zohner also noted that the chemical is able to kill you if you depend on it and then experience an extended wit

TikTok was a data collection service that was thinly-veiled as a social network, for tons of data few rupees were paid to TikToker’s. It use to get information on you, your contacts, or your device,  Phone hardware (cpu type, number of course, hardware ids, screen dimensions, dpi, memory usage, disk space, etc),  Other apps you have installed. Privacy Violated to the core. Everything network-related (ip, local ip, router mac, your mac, wifi access point name),  Whether or not you're rooted/jailbroken. Some variants of the app had GPS pinging enabled at the time, roughly once every 30 seconds - this is enabled by default if you ever location-tag a post IIRC. They set up a local proxy server on your device for "transcoding media", but that can be abused very easily as it has zero authentication. The scariest part of all of this is that much of the logging they're doing is remotely configurable, and unless you reverse every single one of their native libraries and manual