Note: A significant development since this post: Indian Government Blocks Typepad, Mobango, Clickatell

As a part of the rules being finalized to supplement India’s Information Technology Amendment Act 2008, which, lest we forget, was hurriedly passed without debate in Parliament, a draft set of rules governing Cybercafes in India has been outlined. Our take on these rules are not consumer friendly, tedious to follow for businesses, and if enforced will end of choking public access Internet in the country, whether through Cybercafes or at Wifi hotspots, which would cover all regular cafes that offer Internet access, the airport, where some telcos allow access, or even on-campus connectivity. The last date for submission of comments to these rules is tomorrow, the 28th of February. Please mail your comments to grai AT mit.gov.in. Download the rules here.
Update: Chakshu Roy of PRS Legislative has written about the issues here)

Here’s what we think the impact of the rules will be (correct us if you think you have a different interpretation):

– Definition of Cybercafe: According to the IT Act, “Cyber Cafe means any facility from where access to the Internet is offered by any person on the ordinary course of business to the members of the public,” and this is where a large part of the problem lies. By saying that the rules are applicable to any facility, it could refer to all WiFi hotspots, whether run by Aircel, Tata Indicom, or even small cafes and restaurants that want to offer patrons free WiFi access. And I’m not sure if those who framed these rules are aware, but today you can use an Android phone to set up a WiFi connection, and offer public Internet Access.

– Licensing of Cybercafes: Cybercafes in India will be licensed, and there will be an agency that issues license to cybercafes. Just the fact that each entity will need to apply for a license is enough for them to put it off, and stop providing Public Internet Access. How many small restaurants or cafes will sign up for a license?

– User Identification: “Cyber Café shall not allow any user to use its computer resource without the identity of the User being established.” This is archaic, again, because in many cases, people use their own laptops to access the Internet at WiFi hotspots. Additionally, the identity will have to be established by the production of any of the following: School or college ID, Photo Credit card or Debit Card, Passport, Voters ID Card, PAN Number, Government or employer issued Photo ID Card, Driving license.

Now, what’s not clear here is how this impacts WiFi services being provided by telcos at airports, or Aircel’s ambitious WiFi rollout: we know that user verification in case of mobile phones is not always substantive, and both these entities use mobile numbers for authentication by SMS’ing a username and/or password. It’s unlikely that the ID proof will be checked at each and every hotspot, especially at the Airport.

– Logs: Cyber Cafe’s will have to keep a log register, whether a physical register or online, and will have to “submit a hard and soft copy of the same to the person or agency as directed by the licencing agency by 5th day of next month.”

They’ll have to store and maintain backups of logs and computer resource records for at least six months for each access or login by any user:
(i) History of websites accessed using computer resource at cyber cafe
(ii) Logs of proxy server installed at cyber café
(iii) Mail server logs
(iv) Logs of network devices such as router, switches, systems etc. installed at cyber café
(v) Logs of firewall or Intrusion Prevention/Detection systems, if installed.

– Filters And Other Obscenities All the computers in the cyber cafe need to be equipped “shall be equipped with the safety/filtering software to the avoid access to the websites relating to pornography, obscenity, terrorism etc and other objectionable materials.” Another rule states that “Cyber Café shall take sufficient precautions to ensure that their computer resource are not utilized for any illegal activity.”

Again, this is bizarre: are they trying to prevent laptop usage? They cant force customers using WiFi to install filtering software on their computers, or for that matter, log access according to each computer. And what do they mean by take precautions to ensure their premises are not used for an “illegal activity”? A cybercafe owner or a restaurant owner can’t be an expert in cybercrime. And someone please explain to me how one can set up a filtering software to avoid access to website relating to terrorism.

– Inspection: “An officer, not below the rank of Police Inspector as authorised by the licensing agency, is authorized to check or inspect cyber café and the computer resource or network established therein at any time for the compliance of these rules. The cyber café owner shall provide every related document, registers and any necessary information to the inspecting officer on demand.”

What this does, given the stellar track record of our police force, is open up every establishment offering Internet access to extortion.

Here’s the problem: most outlets, other than cybercafes, that offer WiFi services are just taking an Internet connection, and connecting it to a WiFi router, to offer complimentary Internet access to patrons. If these rules are enforced, then their workload and operating costs are going to increase substantially – whether it is about maintaining logs, setting up firewalls, submitting documents to the licensing agency each month, or have to deal with the police on a regular basis, regarding, of all things, Internet security.

Not everyone has a personal data card connection (whoops – MTS’s taxi initiative will have to be shelved), and they’re dependent on cafes. By putting in such stringent and archaic norms for cybercafes, the government is making it difficult for businesses to provide Internet access, and for people to get access. Also, how many restaurants will put up a visible board prohibiting users from viewing pornographic sites?

So much for making the Internet more accessible.