Saturday, 29 September 2012

judgement on phishing

 'Phishing' is a form of internet fraud. In a case of 'Phishing', a person pretending to be a legitimate association such as a bank or an insurance company in order to extract personal data from a user such as access codes, passwords etc. which are then used to his own advantage, misrepresents on the identity of the legitimate party. Typically 'Phishing' scams involve persons who pretent to represent online banks and siphon cash from e-banking accounts after conning consumers into handing over confidential banking details.
Delhi High Court
National Association Of Software ... vs Ajay Sood And Ors. on 23 March, 2005
Equivalent citations: 119 (2005) DLT 596, 2005 (30) PTC 437 Del
1. Plaintiff has filed the present suit inter alia praying for a decree of permanent injunction restraining the defendants or any person acting under their authority from circulating fraudulent E-mails purportedly originating from the plaintiff of using the trade mark 'NASSCOM' or any other mark confusingly similar in relation to goods or services. Prayer for rendition of accounts as well as damages has been made in the plaintiff.
2. Application being IA. 2351/2005 has been filed by the parties under Order 23 Rule 3 CPC. Application is signed on behalf of defendant No. 1 in person. On behalf of defendant No. 4, Mr. Shiv Agrawal a Director of defendant No. 4 has appended his signatures. Application is supported with the affidavits of Mr. Ajay Sood and Mr. Shiv Agrawal. On behalf of plaintiff application has been signed by Mr. Mohan Khanna. His affidavit has been enclosed Along with the application. There are 4 defendants to the suit. Defendants 2 and 3 being Ms. Shweta Ganguli and Mr. Preeti Malotra. As per averments made in the plaint said two defendants were the authors of the offending E-mails which came to the notice of the plaintiff.
As per the application filed under Order 23 Rule 3 CPC it is stated that defendants 1 and 4, through the medium of the present suit learnt about the offending acts and identified one Ms. Tithpoorna Ganguli as the person who was responsible for the offending acts. It is stated that defendants 2 and 3 were fictitious identities created by said Ms. Tithypoorna Ganguli.
3. As per the compromise application, defendants 1 and 4 have agreed to suffer a decree in terms of paras 35 'a', 'b' and 'g' of the plaint. Defendants have further agreed that the hard disc seized from the office of the defendants by the local Commissioner appointed by this Court could be delivered up to the plaintiff. Needless to state application records that since defendants 2 and 3 are fictitious identities created by Titypoorna Ganguli said defendants be deleted from the array of parties.
4. Mr. Ajay Sood and Mr. Shiv Agrawal are present in court. They affirmed the Settlement. Their statements have been recorded.
5. IA. 2351/2005 brings on record a settlement which in the opinion of the court is a bona-fide settlement and does not suffer from any illegality. Settlement is taken on record and is accepted.
6. IA stands disposed of. CS (OS) No. 285/2005
1. Normally where a suit is compromised and terms of compromise are brought on record, a short cryptic order is required to be passed decreeing the suit in terms of the compromise, but the fact as have emanated in the present case require this Court to pass a reasoned order.
2. The plaint sets out the following case:--
(i) NASSCOM is India's premiere software association representing 850 members of which nearly 150 are global companies. NASSCOM is a well known name in India and has a wide range of activities detailed in paras 13 and 15 of the plaint.
(ii) Masquerading as NASSCOM, defendants, in order to obtain personal data from various addresses, which they could then use for head-hunting, went on the website as if they were a premiere selection and recruitment firm.
3. That from the office of defendants No. 1 and 4, offending e-mails were transmitted is not in dispute as defendants 1 and 4 have suffered a consent decree. On 2nd March, 2005, I have granted an ex-parte ad-interim injunction against the defendants restraining them from using the trade name NASSCOM or any other name deceptively similar thereto. Defendants were further restrained from holding themselves out as being associates or a part of NASSCOM. I had also directed execution of a commission to visit the premises of the defendants and take into custody the hard disc as it was reasonably to be expected that the fraudulent e-mails sent by the defendants to various parties would be located on the hard-disc. Commission was executed on 2.3.2005 itself. Two hard discs were recovered on which offending e-mails were found. One e-mail dated 10.1.2003 written by defendant No. 3 (a fictitious person), another e-mail dated 11.1.2005 (another fictitious person) were down-loaded from the hard-disc.
4. As per the compromise application filed, it transpired that a lady, Tithypoorna Ganguli, an employee of defendant No. 4 created fictitious e-mail, Ids in the name of defendants No. 2 and 3 and sent the e-mails in the name of NASSCOM to third parties with a view to extract personal data. In other words, head hunting was on. May be, head hunting was on behalf of defendant No. 4 but the truth would never surface in the present case for the reason parties have entered into a compromise.
5. Internet has spawned novel and interesting methods to defraud individuals and companies, 'Phishing' is a form of internet fraud. In a case of 'Phishing', a person pretending to be a legitimate association such as a bank or an insurance company in order to extract personal data from a user such as access codes, passwords etc. which are then used to his own advantage, misrepresents on the identity of the legitimate party. Typically 'Phishing' scams involve persons who pretent to represent online banks and siphon cash from e-banking accounts after conning consumers into handing over confidential banking details.
6. The internet these days is full of scams. E-mail that form the basis of phishing attacks and pose as a security cheek. These messages trick users into handing over their account details and passwords. The quoted details are subsequently used for fraudulent transfers. It was only towards the end of 2003 that phishing e-mals were spotted. Unfortunately, these are becoming increasingly sophisticated. It appears that the expression 'phishing' comes from the word fishing whereby a bate is set in the hope that someone will bite. Article titled "Plugging the Phishing Hole": Legislation v. Technology by Robert Louis B Stevenson dated 17th March, 2005 talks about the Act in the following terms:
"The Act, if passed will add two crimes to the current federal law; It would criminalize the act of sending a phishing email regardless of whether any recipients of the email suffered any actual damages. It would criminalize the act of creating a phishing website regardless of whether any visitors to the website suffered any actual damages. Senator Leahy described the effects of the Act in this way; The Act protects the integrity of the Internet in two ways. First, it criminalize the bait. It makes it illegal to knowingly send out spoofed email that links to sham websites, with the intention of committing a crime, Second, it criminalize the sham websites that are the true scene of the crime. The Act is also notable for what it does not contain. The bail provides no guidance or allocation of additional resources for its enforcement. This is in contrast with a recently proposed bill in the House of Representatives aimed primarily at "spyware," While the House bill adds no law related to phishing, it does provide for the appropriation of "the sum of $ 10,000,000 to the Attorney General for prosecuting needed to discourage the use of spyware and... phishing." Because the House bill adds no new law directed at phishing, this Brief does not further discuss or analyze. It is noted here only for the purpose of pointing out a possible deficiency in the Act."
7. I find no legislation in India on 'phishing'. An act which amounts to phishing, under the Indian law would be a mis-representation made in the course of trade leading to confusion as to the source and origin of the e-mail causing immense harm not only to the consumer but even the person whose name, identity or password is misused. It would also be an act of passing off as is affecting or tarnishing the image of the plaintiff, if an action is brought by the aggrieved party.
8. Whether law should develop on the lines suggested by Robert Louis B Stevenson in his article noted above is left by this Court for future development in an appropriate case.
9. As far as the present case is concerned, defendants 1 and 4 have acknowledged their employees' illegal action as being violative of plaintiffs right and have recognized the plaintiffs in sum of Rs. 16,00,000. They have also consented to suffer a decree as recorded in the application under Order 23 Rule 3 CPC.
10. Suit would stand decreed in terms of the compromise effected between the parties and as contained in IA No. 2351/2005. Said application shall form part of the decree to be drawn.
11. Hard-discs seized for the defendant's premises by the Local Commissioner on 2.3.2005 are hereby ordered to be turned over to the plaintiff who would be the owner of the hard-discs. Defendants 1 and 4, their servants and agents would be injuncted from circulating fraudulent e-mails purportedly originating from the plaintiff or using the trade name NASSCOM or any other name/mark and address of the plaintiff amounting to passing off and tarnishment.
12. No costs.
Print Page

No comments:

Post a Comment