Sunday, March 28, 2010

RMNLU Centre of Cybercrime Laws and Computer Forensics.

The Ram Manohar Lohiya National Law University (RMLNLU) is going to start a center on cyber crime laws and computer forensics. Modalities to this effect are being worked upon by the university administration.

Vice-chancellor, RMLNLU, Prof Balraj Chauhan, is in touch with the respective experts in the two fields -- information technology and law.

There are whole lot of issues pertaining to cyber crimes and computer forensics need to be addressed. Enactment of communication convergence bill which was otherwise mooted in 2001 happens to be one. Secondly, the issue which also needs to be taken is that of centres of learning on computer forensics.

There is a great need of special training to crack various cyber crimes including phishing, bank related frauds and even pornography. It can be claimed that it is no so that any thing can be deleted from the computer. This is a fact that a computer registers each and every thing which is sent to and from it. Virtually, every lost information can be retrieved, provided that new information does not replace it.

But while technical aspects of the subject are being taken care of by the computer engineers, it's the enforcement of the laws which still remains a challenging task. The proper awareness amongst the people needs to be imparted. At times we come up with situation where in people are not aware of even the basic cyber laws and therefore land in trouble. For example, a terrorist casually walks into a cyber cafe and sends a threatening mail anywhere he likes, even as the cafe owner sits unaware of how the computer next to him was used.The mail is traced back and it's the owner who finally lands in trouble.

This is a great step taken by The Ram Manohar Lohiya National Law University (RMLNLU) under the able leadership of the Vice-chancellor, Prof Balraj Chauhan. This will certainly pave the way for the production of specialists in the field of cyberforensics and Cybercrimes.

--
Dr.Tabrez Ahmad,
Associate Professor of Law, KIIT Law School
KIIT University, Bhubaneswar, Odisha, India, 751024.
Website: www.site.technolexindia.com
Blog: http://tabrezahmad.technolexindia.com http://iplexindia.blogspot.com
Profile: http://www.google.com/profiles/tabrezahmad7.
Blogs: http://www.blogger.com/profile/15337756250055596327
Blog: http://drtabrez.wordpress.com
   http://tabrezahmad.typepad.com/blog/
Research Papers: http://papers.ssrn.com/sol3/cf_dev/AbsByAuth.cfm?per_id=1189281

Call for Worldwide Implementation of the Budapest Convention on Cybercrime


At its 5th annual conference held in Strasbourg, 25th March 2010 on Cybercrime, the Council of Europe called for a worldwide implementation of its Convention on Cybercrime to sustain legislative reforms already underway in many countries and a global capacity-building initiative to combat web-based crimes and enhance trust in information and communication technologies.

'The UN Crime Congress in April 2010 will be an opportunity to reinforce our global response to the global threat of cybercrime and cyberterrorism. I think we will have the best chance to succeed if we unite around one international instrument which already exists – namely the Council of Europe Cybercrime Convention,' said Council of Europe Deputy Secretary General Maud de Boer-Buquicchio, speaking at the opening of the conference.

The conference also highlighted the need to further establish dynamic partnerships between the public and private sectors and their shared responsibility in ensuring security and protecting human rights on the Internet. In this context, the conference proposed the establishment of a contact list for enhanced co-operation between law enforcement and industry.

The Council of Europe will continue to address the issue of 'cloud computing' and intends to ensure that globally trusted privacy and data protection standards and policies are put in place, and that both its Cybercrime Convention and its Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data are applied more widely and efficiently. A human rights and privacy dimension should be brought in the discussions of next year's conference on cybercrime.

Countries worldwide have been turning to the Budapest Convention since its adoption in 2001. During the conference, Portugal announced the ratification of the Convention and Argentina has made a request for accession. Participants called on ICANN (Internet Corporation for Assigned Names and Numbers) to strengthen its oversight role of the Internet domain name registration process in order to allow both the protection of private data of individual registrants (in particular in the WHOIS database) as well as the opportunity for law enforcement to use the database to fight cybercrime and cyberterrorism. They also  underlined the need to make the best possible use of existing tools, instruments, good practices and initiatives. They recommended that a global action plan be launched by the Council of Europe and the United Nations to get a clearer picture of criminal justice capacities and urgent needs, mobilise resources, provide support and assess progress made.

--
Dr.Tabrez Ahmad,
Associate Professor of Law, KIIT Law School
KIIT University, Bhubaneswar, Odisha, India, 751024.
Website: www.site.technolexindia.com
Blog: http://tabrezahmad.technolexindia.com http://iplexindia.blogspot.com
Profile: http://www.google.com/profiles/tabrezahmad7.
Blogs: http://www.blogger.com/profile/15337756250055596327
Blog: http://drtabrez.wordpress.com
   http://tabrezahmad.typepad.com/blog/
Research Papers: http://papers.ssrn.com/sol3/cf_dev/AbsByAuth.cfm?per_id=1189281

Tuesday, March 16, 2010

Specialist Legal Recruitment Website in Asia Pacific for Legal Professionals and IP Lawyers

Hong Kong based online recruitment specialists CQrecruit have launched a new online recruitment portal focused on the legal profession across the Asia Pacific region. https://www.cqrecruit.com will carry positions for both lawyers and legal support staff including legal secretaries, paralegals, H.R. and marketing professionals and other key support functions. Press Release http://tinyurl.com/ykkqgvv

--
Dr.Tabrez Ahmad,
Associate Professor of Law, KIIT Law School
KIIT University, Bhubaneswar, Odisha, India, 751024.
Website: www.site.technolexindia.com
Blog: http://tabrezahmad.technolexindia.com http://iplexindia.blogspot.com
Profile: http://www.google.com/profiles/tabrezahmad7.
Blogs: http://www.blogger.com/profile/15337756250055596327
Blog: http://drtabrez.wordpress.com
   http://tabrezahmad.typepad.com/blog/
Research Papers: http://papers.ssrn.com/sol3/cf_dev/AbsByAuth.cfm?per_id=1189281

Sunday, March 07, 2010

Digital Economy Bill Changes of UK Threat to File Sharing on Internet

Internet freedom campaigners have reacted with dismay to the proposed changes to the Bill. Supporters of Open Rights Group, warned many websites could be forced offline simply by the prospect of expensive legal proceedings. Individuals and small businesses would be open to massive 'copyright attacks' that could shut them down, just by the threat of action. It is pertinent to mention that the Digital Economy Bill of UK was announced in the Queen's speech in November 2009, with a major section dedicated to how best to deal with illegal file sharing. The Bill, currently in the report stage at the House of Lords before its third reading in the Commons, proposes a solution of several steps, which begins with a warning letter sent to those illegally downloading from their internet service provider and could end with the internet connection being temporarily suspended.

Under amendments to the Digital Economy Bill the High Court could be given the power to issue an injunction against a website accused of hosting "substantial" amounts of copyright-infringing material. It means popular websites, such as YouTube, which often unwittingly carry content uploaded without the permission of copyright holders, could be "blocked" or forced offline if the amendment is upheld.

The Internet Service Providers Association, which represents ISPs, said it was "outraged" by the plans, while TalkTalk said the plans would force ISPs to restrict access to specific sites.

The proposed law do not restrict access to a few sites but only in the most serious cases, for instance those involving child pornography or issues of national security. But more to the point, making the restriction of websites a more widespread policy would be dangerous given its major impact on internet users' human rights, freedom of expression and privacy.

However the changes would be welcomed by content creators. This is going to send a powerful message to the creative industries that the value what they do, is well respected and it is not censoring the internet, but a genuine approach to copyright protection on internet. The companies like Google, which do major file sharing are planning to face the challenges.


--
Dr.Tabrez Ahmad,
Associate Professor of Law, KIIT Law School
KIIT University, Bhubaneswar, Odisha, India, 751024.
Website: www.site.technolexindia.com
Blog: http://tabrezahmad.technolexindia.com http://iplexindia.blogspot.com
Profile: http://www.google.com/profiles/tabrezahmad7.
Blogs: http://www.blogger.com/profile/15337756250055596327
Blog: http://drtabrez.wordpress.com
   http://tabrezahmad.typepad.com/blog/
Research Papers: http://papers.ssrn.com/sol3/cf_dev/AbsByAuth.cfm?per_id=1189281

Growing Boundaries of E-Commerce Law

In essence, e-commerce involves the buying and selling of products or services over the Internet and other computer networks.  Substantial commerce has been generated in this way, resulting in new patents for such developments as electronic funds transfer, supply chain management, online transaction processing, inventory management systems, and automated data collection systems.

Due to fast growth of e-commerce, law professionals with expertise knowledge are required for drafting e-commerce related patent applications and securing patent protection for inventions regarding the use of wireless telecommunications systems, automatic teller machines, computer networks and combinations thereof in support of a wide range of e-commerce activities for businesses around the world including the India, United States, Germany and Japan.

E-commerce practice also includes securing intellectual property protection and initiating and defending causes of action in courts regarding patent infringement, domain name disputes and cyberpiracy causes of action and before international domain name dispute organizations organized under the Internet Corporation for Assigned Names and Numbers (ICANN).

--
Dr.Tabrez Ahmad,
Associate Professor of Law, KIIT Law School
KIIT University, Bhubaneswar, Odisha, India, 751024.
Website: www.site.technolexindia.com
Blog: http://tabrezahmad.technolexindia.com http://iplexindia.blogspot.com
Profile: http://www.google.com/profiles/tabrezahmad7.
Blogs: http://www.blogger.com/profile/15337756250055596327
Blog: http://drtabrez.wordpress.com
   http://tabrezahmad.typepad.com/blog/
Research Papers: http://papers.ssrn.com/sol3/cf_dev/AbsByAuth.cfm?per_id=1189281

Saturday, March 06, 2010

INTERNATIONAL CONFERENCE ON “CYBER CRIMINOLOGY”


Organized by
DEPARTMENT OF CRIMINOLOGY
UNIVERSITY OF MADRAS
Knowledge Partners
Ernst & Young,
Valiant Technologies Pvt. Ltd, and
Indian Society of Criminology
Dates : March 23rd and 24th , 2010
Venue of the Conference: Hotel Breeze,
No. 850, Poonamallee High Road,
Chennai 600 010
Legislating against electronic crimes such as
spam and ID fraud will not reduce the problem;
instead, education for small businesses and
consumers and cooperation between countries is
the answer. Although some legislation is
required to fight internet-based crimes, alone, it
will make no difference unless backed up by
corporation between international law
enforcement agencies and education for
computer users - EURIM, and Institute for
Public Policy Research (IPPR).
As long as people are so easily fooled by
scammers, no amount of legislation will solve
the problem of phishing, where fake emails are
sent to online banking users asking them to
"confirm" their password and username; under
no circumstances are you supposed to reveal the
whole password - nobody at the bank will ask
for more than a few random letters from it - and
yet people have been giving the complete phrase
to the phishers, says Philip Virgo, Secretary
general of EURIM.
The above statement clearly emphasizes the
importance of imparting cyber crime awareness
and education to end users. At the same time
there is also a need to understand cyber crime
from a non-technical approach like
understanding the criminological and
victimological aspects, how it can effect various
affected parties and how we can protect and
prevent malicious and damaging attacks on our
network and business both in private and
government sector. It is with this idea, the
present International Conference on Cyber
Criminology is being organized during 23rd
and 24th of March 2010.
The aim of this conference is to establish a
multidisciplinary forum for information sharing,
team building and the development of
innovative debate on cyber security,
investigations, forensic techniques /technologies
and legal concerns amongst investigators,
criminologists, victimolgists, information
assurance and network security professionals.
Registration:
The registration for the conference is open to
anyone who is interested in the field of
information security, cyber forensics, cyber
laws, intellectual property rights and related
areas.
The registration fee for the conference is
Rs. 4,000/- for the delegates and Rs. 500/- for
the students (limited entries only)which may be
sent as a Demand Draft drawn in favour of
"Cyber Criminology" to "Professor and
Head, Department of Criminology" payable
at University of Madras, Chennai 600 005.
The Demand Draft should be sent along with
the registration form to "Dr.R. Thilagaraj,
Professor and Head, Department of
Criminology, University of Madras, Chennai
600 005" who is the Organizing Secretary of
the conference on or before 25th of February
2010.
Organizing Committee:
Organizing Secretary:
Dr.R. Thilagaraj,
Professor and Head,
Department of Criminology,
University of Madras, Chennai 600 005
Organizing Committee Members:
1. Dr. K. Rama Subramaniam, Director
and CEO, Valiant Technologies Pvt.
Ltd.
2. Mr. M.P. Badrinath, Director(Risk
Advisory Services), Ernst & Young.
3. Mr. A. Vijayakumar, AGM
(Information Security), Karur Vysya
Bank, Chennai.
2
4. Dr.S. Latha, Secretary, Indian Society
of Criminology and Faculty of
Criminology.
5. Mr.A.R. Raghavan, Chief Operating
Officer, Valiant Technologies Pvt. Ltd.
Any further queries can be sent to the organizing
secretary to the above mentioned address or to
the e-mails: cybercriminology@gmail.com,
rthilagaraj@gmail.com or
lathasubramanian@gmail.com ,
ph: 044 – 25366988, 9840247256
University of Madras & Department of
Criminology : The University of Madras was
established in the year 1857. This University is
the mother of almost all the Old Universities of
Southern India. This University has been
growing from strength to strength while
widening its teaching and research activities.
The University is situated just before the Asia's
2nd longest beach viz., Marina Beach. The new
Department of Criminology came into existence
in the University of Madras in April 1983.
Though it is a new department, the Department
of Criminology is striving for academic
excellence through its various research and
training activities over the last 26 years. The
Department offers the following courses:
1. M.A. in Criminology & Criminal Justice
Administration
2. M.Sc., in Cyber Forensics & Information Security
3. Diploma in Cyber Crime and Information Security
The Department is selected as the Centre for
Excellence in Cyber Forensics by the
Government.
Ernst & Young' (or "EY") is one of the largest
professional services firms in the world and one
of the Big Four auditors, along with
PricewaterhouseCoopers (PwC), Deloitte and
KPMG.
Ernst & Young is a global organization of
member firms in more than 140 countries. Its
global headquarters are based in London, UK
and the U.S. firm is headquartered at 5, Times
Square, New York. According to Forbes
magazine, as of 2008 it is also the 9th largest
private company in the United States.
Valiant Technologies Pvt. Ltd. (V-Tech) is
established in the year 2002 with the objective
of emerging as a reliable provider of end-to-end
information security consulting and training
solutions to enterprise operating in different
business segments – commercial enterprises,
government departments, law enforcement,
judiciary, and armed forces. In addition, V-Tech
has worked very closely with academic
institutions by offering expertise to design and
implement education programs in the areas of
information security and digital forensics.
Valiant provide to its clients with the kind of
assurance and comfort level that they would
require when it comes to information security.
Their 'security-only' approach differentiates
them from other consulting organizations that
'also' offer security services. This differentiator
permits the consultants who bring with them
over 100 consultant-years of experience, to offer
solutions that assist clients in identifying,
assessing and minimizing virtually every type of
risk associated with information security
activities. Valiant's Director and CEO,
Dr K Rama Subramaniam who has over two
decades of experience in the areas of
information security management, technology,
assurance and digital forensics, heads the team
of consultants who bring in a rich blend of
academic excellence and proven consulting
delivery capability.
The Indian Society of Criminology was
established in the year 1970. The Society, which
was started with the objectives of advancing the
study and application of Criminology and allied
sciences for the welfare of society and for
facilitating co-operation among persons
interested in the prevention and control of crime
developed in a short period, into a pioneering
national organization due to the efforts of the
dedicated founders. The Society has been
seeking to attain its objectives by organizing
annual conferences, seminars, workshops,
periodical symposia, training programmes and
public lectures with themes of current interest in
society, crime and its prevention and
rehabilitation of the offenders, thus involving the
people against crime and delinquency and also
stimulating interest among the members of the
Criminal Justice System in applying
criminological approach to the problem of
crime.
3
INTERNATIONAL SEMINAR ON
CYBER CRIMINOLOGY
Department of Criminology
University of Madras
Registration Form
Name :
Gender :
Educational Qualifications :
Occupation and designation:
Address:
Office :
Residence:
Phone: ( O )……………… (M)
Email :………………………….
Registration fee particulars:
Amount: Rs…………………………
Demand Draft No…………………, Bank
drawn……..
Date……………………
Signature

--
Dr.Tabrez Ahmad,
Associate Professor of Law, KIIT Law School
KIIT University, Bhubaneswar, Odisha, India, 751024.
Website: www.site.technolexindia.com
Blog: http://tabrezahmad.technolexindia.com http://iplexindia.blogspot.com
Profile: http://www.google.com/profiles/tabrezahmad7.
Blogs: http://www.blogger.com/profile/15337756250055596327
Blog: http://drtabrez.wordpress.com
   http://tabrezahmad.typepad.com/blog/
Research Papers: http://papers.ssrn.com/sol3/cf_dev/AbsByAuth.cfm?per_id=1189281

Friday, March 05, 2010

Are We Forensically Ready to Face the Challenges of Cybercrimes?

The latest trends in cybercrimes  mandates that we have to have at-least Minimum Mandatory Forensic Readiness Policy in place. The new measures should be designed to better manage information risk, protect personal information of citizens and minimise risk surrounding authorised access to protectively marked information.
 
But how exactly can we become 'Forensically Ready'? The term itself relates to the ability to forensically examine our data estate so that we know where all of our data resides, we know who has accessed, copied or moved individual files, and we are capable of conducting a forensic data audit in the event of a breach. This level of security can't be handled with simple intrusion detection tools. What's needed is a comprehensive cybersecurity platform to deliver the Privacy Impact Assessments. 
 
A simple litmus test can help us to understand whether we are ready and able to face new challenges. Ask ourself these three simple questions:
 
• Do we know where all your data resides?
• In the event of a breach, can we prove that all the correct processes and procedures are in place?
• Does our agency/department fully understand and follow the elements of good data handling practices?
 
The ability to audit our data will enable us to track the flow of sensitive data within our organisation and ensure that only authorised movement occurs. For example, employees are going to move around an organisation internally. Are we able to assess whether they have taken data with them when they move? Are they authorised to do so? Is data where it is supposed to be or allowed to be? When unauthorised movement takes place, this can be flagged and corrective action can be taken. 
 
Have we analysed out the financial price of non-compliance with data reporting requirements, e.g. increased legal fees related to the disclosure of an increased number of custodians? Investment in an effective data audit solution can reduce long term spending by eliminating the need for expensive third party consultants. 
 
Are we able to manage the risk to our reputation if a data breach occurs on our watch? Public sector organisations handling data relating to the most vulnerable in society carry a burden of trust. Private sector organisations that suffer a data loss are likely to pay the price in loss of customers and a falling share price; public sector organisations may not suffer such tangible consequences directly, but the risk to their reputation and governance is as real.
 
Forensic Readiness – Five Key Guidelines
To have a robust Forensic Readiness Plan in place, organisations and departments need to be able to gather evidence on potential criminal activity or disputes legally and without causing disruption to day-to-day business. 
 
This must also be done cost-effectively and in proportion to the incident - don't go spending crores of rupees of taxpayers' money on a simple data access request. On the other hand, don't scrimp on spending if it's a major criminal investigation. Some of the key elements of putting together a Forensic Readiness Plan are:
 
1. Define the business scenarios that require digital evidence. When is it appropriate to gather evidence and when is it not? 
 
2. Identify sources of evidence and what sort of evidence it is. Make sure you have the resources to hand to look for it. 
 
3. Know what you're looking for before you go and look for it. Don't gather too much or too little. Have a clear idea of what circumstances need to be in place to trigger a fuller investigation.
 
4. Establish security and storage rules for the handling of evidence.  Keep an eye on the evidence once you have it – and make sure staff understand the consequences of not following these procedures.
 
5. Provide a documented a real-world example that everyone can run through in advance.  Ensure that all parties, including legal, are confident that the processes in place are correct.

So there is a real challenge to forensic computing and cyberforensics and these branches are not yet fully developed. But by following the guidelines provided above we may reduce the danger to data protection and cyberevidnece/computer evidence  to a greater extent.


--
Dr.Tabrez Ahmad,
Associate Professor of Law, KIIT Law School
KIIT University, Bhubaneswar, Odisha, India, 751024.
Website: www.site.technolexindia.com
Blog: http://tabrezahmad.technolexindia.com http://iplexindia.blogspot.com
Profile: http://www.google.com/profiles/tabrezahmad7.
Blogs: http://www.blogger.com/profile/15337756250055596327
Blog: http://drtabrez.wordpress.com
   http://tabrezahmad.typepad.com/blog/
Research Papers: http://papers.ssrn.com/sol3/cf_dev/AbsByAuth.cfm?per_id=1189281