The Net Neutrality regulations & what they mean for you

While the proponents of "Net Neutrality" bring out their expensive champagne and caviar, yesterday's Telecom Regulatory Authority of India (TRAI) regulations actually make it very easy and cheap for service providers to kick net neutrality into oblivion.

Before we get into that, let's take a quick background check. A 24-year-old security guard in my building used to load his smart-phone with a super cheap data pack for WhatsApp and Facebook. And he was able to meet all his communication needs virtually free. Long chats with his family, living hundreds of miles away, helped him keep his sanity despite a 12 to 16 hour daily shift.

Then a bunch of people decided that this was somehow a bad thing. They huffed and puffed and tried convincing the world that differential pricing of internet data packs was a bad idea.

We live in a world where there is differential pricing everywhere— from electricity bills (residential units are charged at a lower rate that commercial premises) to LPG gas and highway tolls to income tax (the rich pay tax at a higher rate than the poor, and most farmers don't pay tax at all).

Keeping with that logic, differential pricing of internet packs shouldn't have been an issue. But net neutrality means that service providers cannot charge different prices based on the content you download. So irrespective of which website or apps you use, your charges would be at the same rate.

In December 2015, the TRAI invited comments on whether service providers should be allowed to have "differential pricing for data usage for accessing different websites, applications or platforms".

Based on the responses and discussion, the TRAI passed the Prohibition of Discriminatory Tariffs for Data Services Regulations, 2016 which says that:

"No service provider shall offer or charge discriminatory tariffs for data services on the basis of content".

This means no more schemes like "1 Gb 3G night data packs 12AM to 6AM @ just Rs. 49". On the face of it, this also means the end of Free Basics and Airtel Zero. Now, if you are a budget conscious college student who primarily needs WhatsApp and Facebook (and maybe a little Wikipedia), this sounds like really bad news.

But don't worry - there are a bunch of awesome loopholes in this new law.

Firstly, the fine for violating this law is just Rs 50,000 per day of contravention, subject to a maximum of Rs 50 lakh. Let's take an example of a service provider and a social media site that partner to break this law for a two-year period. They would be liable to pay a total fine of Rs 50 lakh over this two year period - that's Rs. 6,849 a day. Presuming they have 1 crore customers between them (that's less than 1 per cent of India's population), the fine boils down to less than 0.0007 rupees per customer per day! So service providers can consider this a minuscule tax and go right ahead with differential pricing and super cheap data packs.

Secondly, a "service provider may reduce tariff for accessing or providing emergency services, or at times of grave public emergency". An example: in the midst of the recent Paris attacks, Google offered free international calls, to France, over the Google Hangouts Dialer.

Let's take a hypothetical situation - a service provider feels that the spread of the Zika virus is alarming enough to be considered "grave public emergency". So it launches a service, which gives users a health safety tip every day through a WhatsApp message. To receive this tip, users can sign up for a very cheap (or free) data pack, which provides access only to WhatsApp.

Interestingly, these regulations do not apply to tariffs for data services over"closed electronic communications networks" - which is defined as a communications network where data is neither received nor transmitted over the internet.

And, by the way, currently valid data packs, plans or vouchers must be consumed within the next six months.

The next few months will make it clear whether these regulations kill net neutrality or nurture it.

Rohas Nagpal is the co-founder, Asian School of Cyber Laws. The opinions expressed in this article are the author's own and do not reflect the view of Asian School of Cyber Laws.

Read this at my column for the Mumbai Mirror.

Text of the Prohibition of Discriminatory Tariffs for Data Services Regulations, 2016

Collaborative Online Investigation Network

25 essential skills for a cyber crime investigator

We live in a world where EVERYONE (from Airports, Banks & eCommerce to Tax departments, Telecom giants & Universities) and EVERYTHING (from Airplanes, Apps & ATM machines to Self aiming rifles, Smart-watches & Wifi networks) seems to be getting hacked.

The last few years have seen some of the world's largest institutions fall prey to cyber crime - JP Morgan Chase, Sony, AT&T, eBay, Google, Apple, Dairy Queen International, Domino's Pizza and half of the South Korean population!

The global cost of cyber crime is estimated to be more than $100 billion a year.

This phenomenal increase in cyber crime has led to a massive surge in the demand for cyber crime investigators. The 25 skills every cyber crime investigator must have are:

  1. Basic Web Programming skills.
  2. Working knowledge of Web Technologies.
  3. Strong working knowledge of Web Hacking.
  4. Effective suspect interviewing skills.
  5. Thorough understanding of documentation.
  6. Sound knowledge of the relevant law.
  7. Practical knowledge of phishing tools, techniques and counter-measures.
  8. Strong knowledge of the working of Virtual Payment Systems.
  9. Understanding of financial instruments and concepts.
  10. Basic understanding of forensic accounting.
  11. Practical knowledge of Fraud Investigation.
  12. Practical knowledge of investigating Bitcoin & other crypto-currencies.
  13. Strong understanding of malware incident prevention & incident response
  14. Thorough practical knowledge of the Dark Web.
  15. Strong practical knowledge of email investigation.
  16. Thorough practical knowledge of Server Log analysis.
  17. Strong practical knowledge of browser forensics
  18. Thorough understanding of Social Media Forensics.
  19. Thorough understanding of the Google Ecosystem & its Forensics.
  20. Strong working knowledge of forensic technologies.
  21. Understanding of the ISO/IEC 27037 standard.
  22. Basic working knowledge of cyber security.
  23. Working knowledge Cryptography & Steganography.
  24. Strong practical knowledge of password recovery & forensics.
  25. Updated knowledge of the latest cyber attacks around the world.

Looking to develop these skills?

Check out the ASCL Certified Cyber Crime Investigator program.


Skill 1:
Basic Web Programming skills

From the 1990s upto 2010, a cyber crime investigator’s job revolved heavily around disk and network forensics. The last several years have seen a huge surge in ecommerce and smart phone usage. And where the money goes, crime follows.

The massive increase in web hacking has made it necessary for a cyber crime investigator to understand the basics of web programming – HTML, PHP and MySQL.


Skill 2:
Working knowledge of Web Technologies

Considering the magnitude and impact of web attacks, it is necessary for a cyber crime investigator to understand some of the technologies that run the Internet and the World Wide Web.

This includes practical activities including hosting a domain, creating SFTP users, setting up custom MX records, setting up, configuring & administering private email accounts, MySQL databases and Virtual Private Servers, configuring SSL for secure websites and deploying cloud infrastructure.

The investigator must also understand installing, configuring & deploying content management systems and ecommerce platforms.


Skill 3:
Strong working knowledge of Web Hacking

Since a majority of cyber crime cases involve web-hacking or web-attacks, it is essential for cyber crime investigators to have a strong knowledge of the techniques of web hacking such as Footprinting, Bypassing Authorization Schema, SQL injection, Cross Site Scripting (XSS), Broken Authentication, Session Hijacking, Unvalidated Redirects & Forwards, and Cross Site Request Forgery (CSRF).


Skill 4:
Effective suspect interviewing skills

Effective suspect interviewing is an essential skill for cyber crime investigators. The investigator must understand the difference between an interrogation and an interview and how to prepare for and conduct a suspect interview.

The investigator must be able to detect deception, document an interview and get an admission from a suspect. An investigator must also know how to conduct an inquiry in an organisation.


Skill 5:
Thorough understanding of documentation

Even the best investigation is worthless if it is not supported by accurate and relevant documentation and that's why a thorough understanding of documentation is essential for a cyber crime investigator.


Skill 6:
Sound knowledge of the relevant law

Every step of an investigation must be in compliance with the law and that's why a thorough understanding of the applicable law is essential for a cyber crime investigator.


Skill 7:
Practical knowledge of phishing tools, techniques and counter-measures

Phishing is one of the most popular techniques amongst hackers and financial cyber criminals. This makes it important for a cyber crime investigator to understand phishing tools, techniques and counter-measures.


Skill 8:
Strong knowledge of the working of Virtual Payment Systems

Virtual Payment Systems have taken the global money markets by storm. A cyber crime investigator must have a strong understanding of how these systems work.


Skill 9:
Understanding of financial instruments and concepts

Financial crimes are some of the most interesting cases that cyber crime investigators are called upon to solve. These include including advance-fee scam, bank frauds & carding, charge back fraud, check washing, check fraud, credit card fraud, identity theft, insider trading, insurance fraud, mortgage fraud, ponzi schemes, securities fraud, skimming, wireless identity theft and more.


Skill 10:
Basic understanding of forensic accounting

Forensic Accountants are called upon in cases involving economic damages calculations, bankruptcy, securities fraud, tax fraud, money laundering, business valuation and e-discovery. It is important for a cyber crime investigator to have a basic understanding of forensic accounting.


Skill 11:
Practical knowledge of Fraud Investigation

Many times a cyber crime investigator is called upon to handle fraud investigations. An investigator must understand Fraud (its extent, patterns and causes), Fraud Risk Assessment & Management, Fraud Prevention, Detection & Reporting.


Skill 12:
Practical knowledge of investigating Bitcoin & other crypto-currencies

Bitcoin is, without doubt, the most famous crypto-currency. It gained a lot of notoriety during the crackdown on Silk Road, an underground online market place trading in drugs, stolen financial information, weapons & more.

Considering the use of bitcoin (and other crypto currencies) by criminals, a strong understanding of bitcoin forensics is essential for cyber crime investigators.


Skill 13:
Strong understanding of malware incident prevention & incident response

Considering the impact of malware, it is essential for a cyber crime investigator to have a strong understanding of malware incident prevention and malware incident response.


Skill 14:
Thorough practical knowledge of the Dark Web

The World Wide Web that the vast majority of netizens use is also referred to as the clearnet – since it primarily is unencrypted in nature. Then there is the deepweb – the part of the clearnet, which is not indexed by search engines. Deep web includes data stored in password-protected pages and databases.

The darkweb is a small part of the deepweb. The deepweb consists of darknets including peer-to-peer networks, Freenet, I2P, and Tor. The Tor darkweb is also called onionland, since its top level domain suffix is .onion and it uses the traffic anonymization technique of onion routing.

Considering the popularity of the darkweb amongst the organized criminals groups, a cyber crime investigator must have a thorough working knowledge of the dark web.


Skill 15:
Strong practical knowledge of email investigation

Despite the popularity of instant messengers (such as Whatsapp) and social media, email remains one of the most popular methods of online communication in the world.

This makes it essential for a cyber crime investigator to have a strong knowledge of email tracking & tracing.


Skill 16:
Thorough practical knowledge of Server Log analysis

In a large number of cyber crime cases, the investigation begins with an analysis of server logs. It is essential for a cyber crime investigator to have a sound working knowledge of server log analysis.


Skill 17:
Strong practical knowledge of browser forensics

In many cases of cyber crime, valuable evidence can be obtained from web browsers. This makes it important for a cyber crime investigator to have a strong practical knowledge of browser forensics.

These evidence points include history, bookmarks, credit card information & contact information stored in autofill, saved passwords, files in the download location. Browser forensics also involves analysis of cloud printers and other connected devices, extensions, cookies and site data, location settings and exceptions, media settings (like camera and microphone permissions) & exceptions, unsandboxed plug-in access & exceptions, automatic downloads and exceptions and more.


Skill 18:
Thorough understanding of Social Media Forensics

It’s probably not incorrect to say that almost every Internet user is part of at least one social media platform. This makes social media forensics an essential skill for a cyber crime investigator.


Skill 19:
Thorough understanding of the Google Ecosystem & its Forensics

Google isn’t just a search engine anymore. The Google ecosystem is all around us – Gmail, YouTube, Google groups, Google sites, Google plus, Google keep and so much more.

This makes Google forensics a must have skill for cyber crime investigators.


Skill 20:
Strong working knowledge of forensic technologies

It is essential for a cyber crime investigator to have a strong working knowledge of forensic technologies and cyber forensic concepts.


Skill 21:
Understanding of the ISO/IEC 27037 standard

A cyber crime investigator must have a strong understanding of ISO/IEC 27037 - the most important global standard for identification, collection, acquisition and preservation of potential digital evidence.


Skill 22:
Basic working knowledge of cyber security

A basic working knowledge of cyber security is essential for everyone and more so for cyber crime investigators. Aspects of information security include Application Security, Cloud Computing Security, Computer Security, Cyber Security Standards, Data Security, Database Security, Information Security, Internet Security, Mobile Security, and Network Security.


Skill 23:
Working knowledge Cryptography & Steganography

Many people use cryptography and steganography. And these include criminals and terrorists. Hence a working knowledge of these is useful for cyber crime investigators.


Skill 24:
Strong practical knowledge of password recovery & forensics

In many cases it is found that potential evidence is locked up in password protected files. This makes it essential for cyber crime investigators to have a strong practical knowledge of password recovery & forensics.


Skill 25:
Updated knowledge of the latest cyber attacks around the world

Every major new cyber-attack must be analysed by a cyber crime investigator to understand the evolving tools, techniques and motives of malicious hackers and cyber criminals.


Looking to develop these skills?

Check out the ASCL Certified Cyber Crime Investigator program.

Master the art of Cyber Crime Investigation with the CCI+ course

Cyber Crime Investigators play a crucial role in eCommerce companies, audit firms, banks, IT companies, Government, police, enforcement & military agencies agencies and manufacturing companies.

We live in a world where everything seems to be getting hacked - not just laptops, smartphones & websites but also cars, aeroplanes, ships, drones, self aiming rifles, ships, CCTV cameras, medical devices, bitcoin wallets, smart-watches and more...

The ASCL Certified Cyber Crime Investigator + course prepares you to handle cases involving digital evidence and cyber trails.

Cyber Crime Investigators are an integral part of:

  • Information Security teams,
  • Incident Response teams,
  • Fraud Control teams.

These teams are crucial in eCommerce companies, audit firms, banks, IT companies, Government agencies and manufacturers.

Cyber Crime Investigators are also required by police, enforcement and military agencies.

Cyber Crime costs the world more than Rs. 57,000,000,000,000 every year. Companies and Governments need skilled cyber crime investigators to contain this US $ 114 billion annual cost.

The 25 skills every cyber crime investigator must have

  1. Basic Web Programming skills.
  2. Working knowledge of Web Technologies.
  3. Strong working knowledge of Web Hacking.
  4. Effective suspect interviewing skills.
  5. Thorough understanding of documentation.
  6. Sound knowledge of the relevant law.
  7. Practical knowledge of phishing tools, techniques and counter-measures.
  8. Strong knowledge of the working of Virtual Payment Systems.
  9. Understanding of financial instruments and concepts.
  10. Basic understanding of forensic accounting.
  11. Practical knowledge of Fraud Investigation.
  12. Practical knowledge of investigating Bitcoin & other crypto-currencies.
  13. Strong understanding of malware incident prevention & incident response
  14. Thorough practical knowledge of the Dark Web.
  15. Strong practical knowledge of email investigation.
  16. Thorough practical knowledge of Server Log analysis.
  17. Strong practical knowledge of browser forensics
  18. Thorough understanding of Social Media Forensics.
  19. Thorough understanding of the Google Ecosystem & its Forensics.
  20. Strong working knowledge of forensic technologies.
  21. Understanding of the ISO/IEC 27037 standard.
  22. Basic working knowledge of cyber security.
  23. Working knowledge Cryptography & Steganography.
  24. Strong practical knowledge of password recovery & forensics.
  25. Updated knowledge of the latest cyber attacks around the world.

As per Ministry of Human Resources Development estimates - India needs 2.5 lakh cyber experts and professionals to effectively tackle cyber crimes. (Source: Times of India Feb 10, 2011).

Course History

This course was launched in February 2002. In the last 13 years it has been completed by 1000s of participants including:

  • Police Officers,
  • Lawyers & law students,
  • IT professionals & Engineering students,
  • Chartered accountants & CA students,
  • Company Secretaries & CS students,
  • Tax & other Government officials,
  • Military personnel,
  • Management Professionals,
  • Commerce Graduates and students.

The ASCL Certified Cyber Crime Investigator + course was launched in February 2002. In the last 13 years it has been completed by 1000s of participants.

Course Syllabus

This course has 24 modules:

  1. Cyber Crime - Global Scenario
  2. Web Technologies
  3. Web Programming
  4. Web Hacking & Investigation
  5. Suspect Interviewing
  6. Documentation & Legal Issues
  7. Phishing
  8. Virtual Payment Systems
  9. Investigating Financial Crimes
  10. Forensic Accounting
  11. Fraud Investigation
  12. Bitcoin Forensics
  13. Malware
  14. Dark Web
  15. Email Investigation
  16. Investigating Server Logs
  17. Browser Forensics
  18. Social media forensics
  19. Google ecosystem & forensics
  20. Forensic Technologies
  21. Cyber Security Fundamentals
  22. Cryptography & Steganography
  23. Password Forensics
  24. Real World Case Studies