cybersecurity

Delaying the inevitable: Implementation of CERT-In’s Cybersecurity Directions gets a piecemeal extension

CERT-In has extended the timeline for partial enforcement of Cyber Security Directions dated April 28, 2022. The timeline for enforcement of the directions by MSMEs and enforcement of Direction 5 (a) and (f) by entities mentioned in Direction 5 is September 25, 2022.

CERT-In Directions on Cybersecurity: An Explainer

On April 28, 2022, CERT-In issued directions aimed at strengthening India's cybersecurity. Issued without public consultations, these directions raise concerns related to state sponsored surveillance and data retention beyond need or purpose. We thus call on CERT-In to recall these directions.

Explainer: Bharat Financial Inclusion Limited Loan 'glitch'

Bharat Financial Inclusion Limited recently admitted to disbursing 84,000 loans without customer consent owing to a ‘technical glitch’. Though the bank took some steps upon the receipt of the complaints, there is little regulatory oversight and acknowledgement of these instances in general.

IFF writes to the Parliamentary Standing Committee on IT on the “Bulli Bai” and “Sulli Deals” Incidents

The Mumbai and Delhi Police have arrested the perpetrators of the fake online auction of Muslim women. But what took so long? We wrote to the Standing Committee with a few recommendations

Amina writes to the National Commission for Women and the Telangana State Women’s Commission against targeted harassment of Muslim Women

After much furore around the Bulli Bai incident, some arrests have been made and the investigation is still pending. One of the victims of this incident wrote to the National Commission of Women and the Telangana State Women Commission seeking their intervention in ensuring fair investigation.

Over to you MeitY: IFF's representation on CERT-In's Responsible Vulnerability Disclosure and Coordination Policy

CERT-In responded to our representation on the Responsible Vulnerability Disclosure and Coordination Policy and clarified that the Policy is following the existing provisions of the law. Therefore, now we ask MeitY to amend the law to provide a safe harbour for security researchers.

Don’t penalise cybersecurity researchers!

We wrote to CERT-IN regarding their new Responsible Vulnerability Disclosure and Coordination Policy that penalises cybersecurity researchers for vulnerability disclosures. Such a policy would make researchers reluctant about reporting vulnerabilities and so a robust disclosure mechanism is needed.

#4 Cybersec Charcha: A Global overview of the state of surveillance after the pegasus revelations

Your monthly round-up of all things cybersecurity! This edition of Cybersec Charcha focuses on spyware, the Pegasus Project reports and the booming surveillance industry.