WTF Idea To Tackle Scam Websites? More Red Tape

Discussion in 'General Indian Domain Name Discussion' started by CyberKing, Nov 1, 2017.

  1. CyberKing

    CyberKing India Domain Investor

    Joined:
    Jun 21, 2013
    Messages:
    784
    Likes Received:
    245
    Trophy Points:
    43
    Location:
    Bangalore
    Currently, a 15-member panel appointed by the government to recommend amendments to the Information Technology Act, 2000 – the country’s primary law dealing with cybercrime – and bring cyber security under its ambit is deliberating on the prospect of a government registry for all domain names generated in India. Other than government officials, the panel consists of bankers and cyber security experts. The proposal for a registry for domain names was tabled at its meeting in October.

    “Having a government registry for domains and recording basic details about the individuals procuring those domains can help investigation of crimes to a great extent,” said a member of the panel. “It is a proposal which the panel members are still deliberating on. The process of control on domain names is not supposed to end with the registry. It is also supposed to include scrutiny and periodic verification of domain names in order to regularly identify the dubious ones.”
    https://scroll.in/article/856043/as...r-indian-internet-domains-may-be-in-the-works
     
    Jeff likes this.
  2. marsh

    marsh Kenya Active Member

    Joined:
    Dec 23, 2016
    Messages:
    227
    Likes Received:
    29
    Trophy Points:
    28
    Location:
    TA
    I'd like to hear your thoughts on this. Cyber crime is advancing each day and I think more people are falling prey to these fake websites. In my view, more attention should be paid to making people more knowledgeable and tech-savvy.
     
  3. CyberKing

    CyberKing India Domain Investor

    Joined:
    Jun 21, 2013
    Messages:
    784
    Likes Received:
    245
    Trophy Points:
    43
    Location:
    Bangalore
    There is a reason why I shared this article with all in the domain community, suprised with the muted response, guess no one cares about the implications. What got me with this half baked reporting or article was this:

    a) Whenever I hear a 15 Member Panel - visualize me as such, arms akimbo and smoke coming out of my ears, ever heard of such a panel making rational choices, no - so there goes one strike
    b) Notice how the so called cybersec expert is not named? If you have been watching the Digital India initiative and other payments breach related news over the last year, you could perhaps guess who this individual is...another also ran IMO with no depth or background in the subject matter and with a vested commercial interest milking the wave. So with zero credibility strike two
    c) Now there is NO NEED to REINVENT the wheel and create another MONSTER database when you have a QUASI GOV ORG to administer the existing database. The issue is POOR GOVERNANCE FRAMEWORK, INFRASTRUCTURE and IMPLEMENTATION by NIXI (at the risk of sounding a NIXI Basher instead of a well wisher, which I actually am I have been raising this for years) So more Red Tape, hence strike three.

    Now as far as bogus scam sites and fraudulent domain owners etc. yes awareness aside enforcement by responsible parties needs to be made with accountability. We have the laws, we always had dismal implementation.

    Here is an example of how the ccTLD .us enforces ownership checks: http://www.about.us/policies/ustld-nexus-requirements

    Now this link is about the "legal requirements for ownership" which IMO is well laid out and a stringent framework. However enforcement is the key, and the Registrar is held accountable. Similarly for websites and content the Hosting provider should fulfill all KYC Norms. For Social Media obviously the networks are held accountable. In relevant cases the ISPs (or gateways) are held accountable, example emails fradulent payments etc. This will increase the cost of operations and procedural burdens that accompany such a step - however the ecosystem needs to be made "secure and trustworthy" and prevention is better than cure for sure.

    Overarching all this several institutions and acts exist already to ensure security across all geos in the world. Those institutions or governing bodies must act swiftly when at lower levels there is a breach i.e. quick escalation path should be well defined.

    Here is where I have had an issue with existing systems and institutions in India, slow and "sarkari" having near zero response and redressal mechanisms (99% of emails get ignored - just an email address on the website is not a mechanism, no audit no accountability no system)!

    So, if the panel has its way, if this article is factual I dread a monster database, to monitor another monster database which is nothing but red tape and serves no purpose.
     
    Jeff likes this.
  4. JackD

    JackD United States Active Member

    Joined:
    May 1, 2017
    Messages:
    752
    Likes Received:
    234
    Trophy Points:
    43
    Location:
    USA
    Home Page:
    @SuperSoftware You said it better than I could. Sounds like it could be a total screwed up mess.