WTF Idea To Tackle Scam Websites? More Red Tape

[CyberKing]

Currently, a 15-member panel appointed by the government to recommend amendments to the Information Technology Act, 2000 – the country’s primary law dealing with cybercrime – and bring cyber security under its ambit is deliberating on the prospect of a government registry for all domain names generated in India. Other than government officials, the panel consists of bankers and cyber security experts. The proposal for a registry for domain names was tabled at its meeting in October.

“Having a government registry for domains and recording basic details about the individuals procuring those domains can help investigation of crimes to a great extent,” said a member of the panel. “It is a proposal which the panel members are still deliberating on. The process of control on domain names is not supposed to end with the registry. It is also supposed to include scrutiny and periodic verification of domain names in order to regularly identify the dubious ones.”
https://scroll.in/article/856043/as...r-indian-internet-domains-may-be-in-the-works

 

[marsh]

I'd like to hear your thoughts on this. Cyber crime is advancing each day and I think more people are falling prey to these fake websites. In my view, more attention should be paid to making people more knowledgeable and tech-savvy.

 

[CyberKing]

There is a reason why I shared this article with all in the domain community, suprised with the muted response, guess no one cares about the implications. What got me with this half baked reporting or article was this:

a) Whenever I hear a 15 Member Panel - visualize me as such, arms akimbo and smoke coming out of my ears, ever heard of such a panel making rational choices, no - so there goes one strike
b) Notice how the so called cybersec expert is not named? If you have been watching the Digital India initiative and other payments breach related news over the last year, you could perhaps guess who this individual is...another also ran IMO with no depth or background in the subject matter and with a vested commercial interest milking the wave. So with zero credibility strike two
c) Now there is NO NEED to REINVENT the wheel and create another MONSTER database when you have a QUASI GOV ORG to administer the existing database. The issue is POOR GOVERNANCE FRAMEWORK, INFRASTRUCTURE and IMPLEMENTATION by NIXI (at the risk of sounding a NIXI Basher instead of a well wisher, which I actually am I have been raising this for years) So more Red Tape, hence strike three.

Now as far as bogus scam sites and fraudulent domain owners etc. yes awareness aside enforcement by responsible parties needs to be made with accountability. We have the laws, we always had dismal implementation.

Here is an example of how the ccTLD .us enforces ownership checks: http://www.about.us/policies/ustld-nexus-requirements

Now this link is about the "legal requirements for ownership" which IMO is well laid out and a stringent framework. However enforcement is the key, and the Registrar is held accountable. Similarly for websites and content the Hosting provider should fulfill all KYC Norms. For Social Media obviously the networks are held accountable. In relevant cases the ISPs (or gateways) are held accountable, example emails fradulent payments etc. This will increase the cost of operations and procedural burdens that accompany such a step - however the ecosystem needs to be made "secure and trustworthy" and prevention is better than cure for sure.

Overarching all this several institutions and acts exist already to ensure security across all geos in the world. Those institutions or governing bodies must act swiftly when at lower levels there is a breach i.e. quick escalation path should be well defined.

Here is where I have had an issue with existing systems and institutions in India, slow and "sarkari" having near zero response and redressal mechanisms (99% of emails get ignored - just an email address on the website is not a mechanism, no audit no accountability no system)!

So, if the panel has its way, if this article is factual I dread a monster database, to monitor another monster database which is nothing but red tape and serves no purpose.

 

[JackD]

@SuperSoftware You said it better than I could. Sounds like it could be a total screwed up mess.