Advocate (Dr.) Prashant Mali's Blog

 Cyber Security Threats in Online Schooling and Colleging With all the talk about washing hands, students need to also think about how to practise good cyber hygiene using encryption, VPNs, software updates and password management. Software that takes over a device can expose the user to spyware, malware or data exfiltration that can compromise health and personal information, or academic research and intellectual property in a competitive field. With more teachers and students online, particularly if they’re doing it from less controlled environments outside of the school, the attack surface of the school community is increased, Schools and Universities tend to be quite careful about doing intrusion detection, and putting up fairly sophisticated access controls. Threat from Zoom Video meetings Video-teleconferencing platform Zoom has security and privacy issues, prompting Indian Government and later even New York’s Department of Education to ban its use as a digital classroom, Singapo

Digital Wallets unawareness and greed  have created an enabling environment for fraud, the explosion of smartphones with internet and multiple modes of payment through apps. While there is enough protection built into UPI and card payments, fraudsters use various tricks to get users to part with critical information.  Methods used by tricksters range from payment requests made on the Unified Payments Interface (UPI) to sharing of QR codes on WhatsApp. Here are some common ones doing the rounds. 1.  Pre approved link fraud Fraudsters misuse the request feature on UPI by sending fake payment requests with messages like ‘Enter your UPI PIN to receive money, “Payment successful receive Rs. xxx” etc. You need to enter PIN only for sending money. Do not:  'Pay' or enter your UPI pin to receive money. 2. QR Code Fraud Fraudsters share a QR code over WhatsApp asking for the code to be scanned to receive money in their account. This QR code, a feature in some UPI apps, is in fact a col

Strategic Cybersecurity Thinking The ability to come up with effective plans in line with an organization's objectives within a particular cybersecurity situation. Strategic thinking helps cybersecurity managers review policy issues, perform long term planning, set goals and determine priorities, and identify potential risks and opportunities. Clearly, there needs to be a clear strategy as to what needs  to be done with respect to security. Such a strategy should determine the policies and  procedures. However in practice rarely a strategy for security is created. Most emphasis  is placed on policies, implementation of which is generally relegated to the lowest levels.  Rather it is assumed that most people will follow the policy that is created.  A strategic cybersecurity programme does not begin with tools and tactics, but with an articulation of one or more programme goals. Sun Tzu once said in The Art of War: “If you know the enemy and know yourself, you need not fear the resul

E-pharmacy or Online Medical Shop  :   Legal Framework in India In India, 50-plus e-pharmacies including Medlife, 1MG, NetMeds, PharmEasy and others continue to do online sale-purchase of drugs, medicines, etc. even today. Because they have physical  medical stores that are licensed to sell drugs. In India, the legal and regulatory provisions for manufacture and sale of medicines are covered under the Drugs and Cosmetics Act, 1940 (D&C Act), Drugs and Cosmetics Rules, 1945 (D&C Rule), Pharmacy Act, 1948, The Information Technology Act, 2000 (IT Act,2000)., Indian Medical Act, 1956 and Code of Ethics Regulations, 2002, Narcotic Drug and Psychotropic Substances Act, 1985 and Drugs and Magic Remedies (Objectionable Advertisement) Act, 1954.   Consumer Protection (E-Commerce) Rules, 2020 However, these donot define the regulations for online sale and monitoring of pharmaceutical medicines clearly. Accordingly, various stakeholders approached the government which then constituted an

Jurisdiction of Courts in India under The IT Act,2000 A Division Bench of the Allahabad High Court had occasion to deal with the statutory framework pertaining to data breaches in a proceeding for quashing of FIR. In   Amit Kumar Jaduan v State of UP and  others [MANU/UP/3289/2018] the court examined Sections 43, 47 and 66 of the Act. Some of the important observations of the court are summarised hereunder: The act of default must have been committed without the permission of the person who is owner or a person-in-charge of the computer, computer system or computer network. The act of the defendant must have caused some damage or loss to the person so affected. The difference between Section 43 and 66 is that the pre-requisite of the latter is the existence of  mens rea , while under Section 43 of the Act, it is whether the Act committed is without the permission of the owner or person who is in charge of the computer, computer network, or computer system Simultaneous actions can be m

The Consumer Protection Act, 2019 today becomes a Law in India: Whats New? Why New Law was needed ? New modes of business like telemarketing, direct selling, multilevel marketing, e-commerce etc which were not envisaged thirty years before and now had made consumers more vulnerable to unfair trade practices. Earlier, direct selling and multilevel marketing were regulated through guidelines issued by state governments and the consumer affairs ministry. This new Consumer Protection Act brings these activities in its fold. Besides expanding the scope of grievances that consumers can complain against, the new framework also gives the regulator suo moto powers. The 1986 Act had a three-tier structure that could be utilised by an aggrieved consumer for adjudicating any complaint. However, it did not provide for a regulator who could initiate or intervene on a preventive basis. For instance, direct product recalls or withdrawal of services which are dangerous or unsafe, directing di

Certificate Under Section 65B(4) Evidence Act Is Compulsory for Admissibility of Electronic Evidence: Three Judge Bench of SC - 14 July 2020 Case Law :   Arjun Panditrao Khotkar v. Kailash Kushanrao Gorantyal,  2020 SCC OnLine SC 571   , decided on 14.07.2020 The Indian Supreme Court has held in the above case that the certificate required under Section 65B(4) is a condition precedent to the admissibility of evidence by way of an electronic record. The bench headed by Justice RF Nariman further held that, in a fact-circumstance where the requisite certificate has been applied for from the person or the authority concerned, and the person or authority either refuses to give such certificate or does not reply to such demand, the party asking for such certificate can apply to the Court for its production under the provisions aforementioned of the Evidence Act, CPC or CrPC. The bench has also clarified that the required certificate under Section 65B(4) is unnecessary if the original docume