Hi
Below is the clarification Ebay India has sent.
Regards
Urvashi
August 12, 2005
Ms. Urvashi Kaul
Asian Age
Delhi
Dear Ms. Kaul
This has reference to your article of August 11, 2005 published in Asian Age and titled ?Is encryption legal in India?. We would like to point out certain factual errors in your article and request that you contact us when you next plan a story.
Specifically, Paisa Pay has instituted a specific authentication process to protect users from potential misuse of credit cards online. This is for all high value credit card payments. To ensure the user is putting in details of his / her own credit card while making a payment, we request the buyer to send the front and back of his credit card trough an efax. This efax is only accessible online to authorized PaisaPay employees and is never printed. The documents come to a secure server and is then forwarded to the authorised representatives in the PaisaPay team. Information collected via this process is treated as confidential information & we use these documents only to verify the authenticity of the payment.
The entire process is only there to protect users from someone else punching in their credit card information without their knowledge and permission. As an ecommerce company, we are keen to provide users with a safe and secure trading environment and employ many best practices to protect users.
Another such best practice is encryption which is actually now an industry standard. All ecommerce sites including eBay use 128 bit encryption to protect user data from being hacked into. Our understanding is that 128 bit encryption is allowed and encourage by the Indian IT law for all ecommerce sites or even banks and payment gateways. Basically, a 128 bit encryption scrambles the data (say 16 digit credit card number) to the power of 128 different combinations which prevents a malicious hacker from accessing your data.
I am enclosing an extract from Verisign?s site explaining the crucial role played by encryption in ensuring online data security. You could access some white papers on the subject from their site.
When an SSL handshake occurs between a client and server, a level of encryption is determined by the browser, the client computer operating system, and the SSL Certificate. Low-level encryption, 40 or 56 bits, is acceptable for sites with low-value information. However, a hacker with the time, tools, and motivation can crack the code in a matter of minutes.
High-level encryption, at 128 bits, can calculate 288 times as many combinations as 40-bit encryption. That?s over a trillion times stronger. That same hacker with the same tools would require a trillion years to break into a session protected by an SGC-enabled certificate. (Source: www.verisign.com).
Additionally, there is a notification issued to ISPs (Internet Service Providers) by the Department of Telecom setting out the provisions under which they need to operate.
"1.10 SECURITY CONSIDERATION:
1.10.1 Individuals / Groups/ Organisations are permitted to use as customer encryption upto 40 bit key length in the RSA algorithms or its equivalent in other algorithms without having to obtain permission. However, if encryption equipments higher than this limit are to be deployed, individuals/groups/organisations shall do so with the permission of the Telecom Authority and deposit the decryption key, split into two parts, with the Telecom Authority."
eBay India is not an ISP and nor are we defined as a Telecom Service Provider and hence are not governed by this License.
I will call you up later today to clarify any aspects you may have questions on. I would request that you definitely contact us on any future stories you may plan involving eBay so that we have an opportunity to clarify and respond. My contacts are dthomas@xxxxxxxx and telephone: 91-22-56690000 or 919821214599.
Cheers
Deepa M Thomas
Manager-Corporate Communications
sarbajit roy <sroy1947@xxxxxxxxx> wrote:Dear Gita,
CHILL !!
I appreciate that MPSIG is an extremely serious forum.
No disrespect was meant or intended to other Respected
MPISG friends.
This thread has somehow meandered into non-issues.
Sorry...
Sarbajit
--- Gita Dewan Verma wrote:
> --- sarbajit roy wrote:
>
> > re:
> > "> huh? which plannerly type is suckling up to
> which
> > > dairy mafias?"
> >
> > A person is known by the company (s)he keeps ...
> > old
> > jungle saying!! :-)
> >
> > "The following is translation of the draft of the
> > response to DMP2021 Public Notice response from
> > Masudpur Dairy that friends in Masudpur showed me.
> ...
>
>
> best friend in masudpur is ajit singh ji, about 60,
> respected 'social worker', mpisg convener on village
> issues, closely involved in mpisg PIL. he is largely
> responsible for, among other things, construction on
> the mighty malls going slow and without boring and
> the
> mighty goenkas having had to demolish their illegal
> construction in their school, etc. his family owned
> the land on which common-cause, etc, now illegally
> sit. he has no personal stake in masudpur dairy, but
> wrote the letters mentioned in their public notice
> response after it got water logged due to the malls.
> it is an honour to be known by his company. i might
> not have the right to ask this for myself, but i
> insist on temperate language for others on mpisg,
> this
> is an mpisg list. ajit singh ji is no mafia.
>
>
>
>
>
>
>
> ____________________________________________________
> Start your day with Yahoo! - make it your home page
> http://www.yahoo.com/r/hs
>
> _______________________________________________
> mpisgmedia mailing list
> mpisgmedia@xxxxxxxxxxxxxxxxx
>
http://mail.architexturez.net/mailman/listinfo/mpisgmedia
>
____________________________________________________
Start your day with Yahoo! - make it your home page
http://www.yahoo.com/r/hs
_______________________________________________
mpisgmedia mailing list
mpisgmedia@xxxxxxxxxxxxxxxxx
http://mail.architexturez.net/mailman/listinfo/mpisgmedia
---------------------------------
Check out Yahoo! India Rakhi Special for Rakhi shopping, contests and lots more.
http://in.promos.yahoo.com/rakhi/index.html