India’s CyberCafe Rules Finalized; Foundation For Harassment


It’s about time all restaurants and cafes in India got rid of their public WiFi connections – forget having to keep a register where they ask you to write a few personal details and sign, to let you use their complimentary Internet connection: under a final set of rules on CyberCafe regulations, they’ll have to register as a Cybercafe with a “Registration Agency”, maintain detailed logs, and compulsorily put up a board asking you not to surf pornography. All because, under the IT Act, a “Cyber Cafe means any facility from where access to the Internet is offered by any person on the ordinary course of business to the members of the public”.

Oops.

Under these rules, all “CyberCafe’s” will have to:

- Identification: Keep a scan or a photocopy of an identification document duly authenticated by the user and authorised representative of cyber cafe for a year, and “may be photographed using a web camera for establishing the identity of the user”; the web camera photograph then has to be authenticated by a the user and an authorised representative of the cyber cafe, logged and maintained for a year. Under the draft rules, this wasn’t mandatory, and was only to be used when a user was not able to satisfactorily establish his/her identity, but under the final rules, it is.

- Logs: The Cyber Cafe has to maintain a log of users with the following details – Name, Address, Gender, Contact Number, Type and detail of identification document, Date, Computer terminal identification, Log in Time, Log out Time – and prepare a monthly report of the log register showing datewise details on usage of computers. Apart from maintaining logs, the Cyber Cafe owner has to “submit a hard and soft copy of the same to the person or agency as directed by the registration agency by the 5th day of next month.” The Cyber Cafe owner also has to maintain a history of websites accessed, and logs of a proxy server installed at cybercafes. Talk about wasting paper and adding unnecessary processes by asking for these submissions. Isn’t maintaining internal logs for a year enough, so that they’re available when requested, instead of mandating that cybercafes submit all this data to the government? Who ensures that someone in the government doesn’t misuse this data? What about privacy?

- Pornography and ‘obscene information’: An addition to the Cyber Cafe rules is that all computers have to be equipped with the “commercially available safety or filtering software so as to the avoid, as far as possible, access to the websites relating to pornography including child pornography or obscene information.” I’m sorry, but if I call someone an ass, can’t that be interpreted as ‘obscene’, and will this very page where I’ve used the word ass (oops, there I go again) be deemed obscene by a filtering software? What’s next? Will the Indian government mandate that YouTube has ‘bleeps’ whenever words like fuck or bitch are used in a video? Walk in any crowded market in Delhi, and you’ll hear a lot worse. How is ‘obscene information’ defined, and who defines it?

The other part is that “Cyber Cafe’s are mandated to display a board, clearly visible to the users, prohibiting them from viewing pornographic sites as well as copying or downloading information which is prohibited under the law.” Which restaurant which gives users Internet access will want to do this?

- Illegal activity: This is epic: “Cyber Cafe shall take sufficient precautions to ensure that their computer resource are not utilised for any illegal activity.” How in the world is a Cyber Cafe owner going to take precautions to ensure that nothing illegal is done using their computer resource (which would include routing of traffic, so all usage)? Do they expect anyone managing Cyber Cafe to know what each user is doing? What about privacy?

One positive change in the rules is that of inspection. In the earlier rules, an office not below the rank of Police Officer was authorized to inspect the Cyber Cafe and network; in the changed rules, an officer of the registration agency will be authorized. This means that the harassment of Cyber Cafe owners/managers would probably not be done by a police officer.

Imagine a restaurant with WiFi, say, the Market Cafe in Khan Market, Delhi, having to conform to these rules. Or imagine us wanting to give WiFi access at a conference – will we need to register as a Cyber Cafe? It just won’t happen. As with most other rules, these rules will probably not be enforced, but the problem is in the exceptional cases, when they are used in order to harass establishments. Most of us reading this think that it can’t happen to us, but the fact is that it can. I’ve heard a case of bizarre requests being made of a website owner because of something he published and later retracted, as long as four years after the retraction.

The provisions in the law need to be more liberal in order to prevent its misuse by lawmakers, and in our opinion, these CyberCafe guidelines have created the foundation for further harassment.

Note: this comes at a time when the Electronic Frontier Foundation has made a call to action for an Open Wireless Movement.

Download IT Rules: Final (Page 15), Draft

Related:
- How India’s Draft Cybercafe Rules Could Strangle Public Internet Access

Category : DoT, Government, Mobile, Policy | Tags :

  • Parashu

    obviously the fellows drafting these laws have not heard of tethering, that the next generation smart phones are capable of. http://en.wikipedia.org/wiki/Tethering

  • http://www.techpavan.com Pavan Kumar

    This should not cause adverse effects on WiFi sharing in public events…

  • http://www.dealite.in Sam Khandelwal

    We should be focusing on getting more Internet users and driving broadband usage, not restricting a golden goose that hasn’t hatched. We need to resist the attempt to be a police state.

  • http://www.facebook.com/vishal.gondal Vishal Gondal

    cyber cafes were dying due to many issues like expensive real estate, poor management, high cost of broadband and had become ‘dens’ for some not so good people.
    these rules will one make the cafe extinct!

  • http://www.facebook.com/vishal.gondal Vishal Gondal

    cyber cafes were dying due to many issues like expensive real estate, poor management, high cost of broadband and had become ‘dens’ for some not so good people.
    these rules will one make the cafe extinct!

  • Shitij

    cant most of these issues be managed by a slick software which will keep track of the user, the logs, take a pic with a web cam etc etc. or am i missing something over here.
    cafes are critical for a large part of the population who don’t feel an investment in a computer is justified, but still need internet cause everything is moving onto it.

    • http://www.medianama.com Nikhil Pahwa

      sure it can be managed, but is it necessary to take photocopies of ID cards of each and every user? also, you’re only looking at it from the perspective of cybercafes…what about restaurants with WiFi? given the definition of cybercafe, this applies to restaurants as well

      • Shitij

        while not agreeing with the framework and too much paper work, i somewhat agree with the govt and see where this is coming from, its important to keep a check on public Wifi, with what happened in Navi Mumbai and all.
        compliance might not be that difficult but would require investment and motivation from the coffee -cafes, and since it’s not their core revenue stream they might just prefer to shut down wifi than start complying……
        i think cyber cafe’s can easily comply since it’s their core business and they have the infrastructure in place

        cant they just do SMS verification, since the mobile is already verified…..just thinking aloud

  • Naavi

    There is a need to make DIT realize that the rules are impractical.

  • Rakesh Goyal

    What is the harm, if these rules are followed. Only those people, who wants rights with out responsibilities and duties, cry foul. Don’t we provide identification at the time of boarding a train / plane, while booking ticket by internet; or entering/exiting any country. Can you open a bank account without KYC? This is KYC for usage of public internet. Once a person knows that he can / will be monitored, he will think many times before sending a scare mail to airlines to delay a flight or threat mail to a friend / foe or even a terror mail, for which he can be booked for life term in any Indian jail.

    Did not terrorist used wifi before many bomb blasts in India? These rules seems to be a reasonable control, which is far better than no control.

    Most of these rules exist even today for cyber cafes but not on all-India level. The rules were made and enforced by respective state / city police. Now, these rules have uniform structure for whole India, which is much better and will be devoid the whims and fancies of respective police chiefs.

    Indian society draws heavy sadistic pleasure in breaking rules / controls habitually. This can be seen on any road or anywhere, where a queue is required. Controls work as deterrent. Absence of controls means free for all, which generates anarchy at the cost of one set of people in the society. At the same time, too much controls may lead to misuse of power and then absolute power. And all of know – power corrupts and absolute power corrupts absolutely. So, there has to be balance between two extremes.

    I believe, if implemented properly, these rules are balanced controls.

    In any case, we are a democracy, where everyone has right to have an opinion and dissent. So, if you have different views, that is perfectly OK.

    Rakesh Goyal

    Disclaimer – I am NEITHER Cyber Cafe owner/interested party NOR a regular user NOR belongs to the group, which framed these rules NOR belongs to the group, which will implement these rules. Thus, I believe that my views are free from any bias.

    • Paresh

      I think, you have analysed the matter in depth and seems to be right.

      • http://www.medianama.com Nikhil Pahwa

        Rakesh and Paresh, terrorists also do a recce in a bus or a taxi, or use local trains. Is it mandated for taxi drivers, bus conductors or local train ticket sellers to take a photocopy of each and every ID, and maintain a record of each locality that they went to?

        • Rakesh Goyal

          You have your right to have your opinion and view.
          Neither make it a free-for-state nor a communist/dictator state. Both extremes are bad.
          Keep balance.

        • Sameer Nigam

          Rakesh- Not all controls act as deterrents. Many of them have the exact opposite result.

          Alcohol prohibition is a flawed form of moral control. License Raj was a draconian form of economic control. 97% taxation was a draconian form of socialistic control. People dont always break rules because they hate the law. Sometimes the laws themselves are stupid.

          A cyber cafe operator being told to ask customers for a valid state id is a reasonable measure. Asking them about private details is wholly a different matter. A cyber cafe operator sells a service- Internet access. If you make it impossible for the guy to do his business legally, then he/she will ignore the law.

        • Rakesh Goyal

          You are comparing apples with oranges.

          What is the problem for a cyber cafe owner to fill up a form or getting it filled by the user, containing identification details. You may say these details as personal, but then your name is also an item of personal detail.

          As you say that not all controls act as deterrent. I consider this control is not part of
          that set. You have the right to differ.

  • Hexade

    So from  nw onwards i can’t acess ny porn sites? :O

  • Nagaraj

    the gov just  sit in a AC room and make the rules  & laws with some stupid person, with out knowing the root level. a person who is earning a handful of money for his leaving is put all type of new law and rules within few days. the person who have eaten black money and under going scam to implement lok pal bill on them they required months to years

    coming to point on collecting ID in cyber.

    1. if we collect the ID of the user. what is the confirm that the illegal user have give the correct id? do you say us that we have to take to respected office for the confirmation.

    2. if we are collecting the id the why should again note down there name and address sex and contact again in our log book? do you think that the illegal user give correct details in log book?

    3. saying to but filters to Pornography sites. whats illegal in that, when gov is giving free condoms and saying to use it in red light areas is it good?

    ok i will accept that i give permission to user above 18 years but saying no to site is not acceptable

     

  • Coolguy It

    Coming to Identification. The corrupt govt officials are issuing ID cards / Passports without even properly checking the authenticity of the person then how can we believe that the ID proof submitted to cafe is genuine?

    ID Proof : As Shitij mentioned SMS verification is acceptable and more tech savvy.

    Log : Logging part some how we can manage using a cyber cafe management software by Clinck. Can’t they take the log records from Click servers directly so that we can be spared of doing it mannually?

    Pornography : If Govt. dont want pornography can’t they install some system to block all pornographic sites at national level instead of telling each and every cyber cafe to implementing a commercially available software to do so. What’s the interest there? are they favoring these commercial softwares indirectly?

    Illegal Activity : Can they clearly mention what is illegal activity and how we can ensure that nobody do illegal activity? Do we need to keep poking to all the terminals installed?

    Definitly if this rules are strictly enforeced half of the cyber cafes will close the business.