It’s about time all restaurants and cafes in India got rid of their public WiFi connections – forget having to keep a register where they ask you to write a few personal details and sign, to let you use their complimentary Internet connection: under a final set of rules on CyberCafe regulations, they’ll have to register as a Cybercafe with a “Registration Agency”, maintain detailed logs, and compulsorily put up a board asking you not to surf pornography. All because, under the IT Act, a “Cyber Cafe means any facility from where access to the Internet is offered by any person on the ordinary course of business to the members of the public”.


Under these rules, all “CyberCafe’s” will have to:

– Identification: Keep a scan or a photocopy of an identification document duly authenticated by the user and authorised representative of cyber cafe for a year, and “may be photographed using a web camera for establishing the identity of the user”; the web camera photograph then has to be authenticated by a the user and an authorised representative of the cyber cafe, logged and maintained for a year. Under the draft rules, this wasn’t mandatory, and was only to be used when a user was not able to satisfactorily establish his/her identity, but under the final rules, it is.

– Logs: The Cyber Cafe has to maintain a log of users with the following details – Name, Address, Gender, Contact Number, Type and detail of identification document, Date, Computer terminal identification, Log in Time, Log out Time – and prepare a monthly report of the log register showing datewise details on usage of computers. Apart from maintaining logs, the Cyber Cafe owner has to “submit a hard and soft copy of the same to the person or agency as directed by the registration agency by the 5th day of next month.” The Cyber Cafe owner also has to maintain a history of websites accessed, and logs of a proxy server installed at cybercafes. Talk about wasting paper and adding unnecessary processes by asking for these submissions. Isn’t maintaining internal logs for a year enough, so that they’re available when requested, instead of mandating that cybercafes submit all this data to the government? Who ensures that someone in the government doesn’t misuse this data? What about privacy?

– Pornography and ‘obscene information’: An addition to the Cyber Cafe rules is that all computers have to be equipped with the “commercially available safety or filtering software so as to the avoid, as far as possible, access to the websites relating to pornography including child pornography or obscene information.” I’m sorry, but if I call someone an ass, can’t that be interpreted as ‘obscene’, and will this very page where I’ve used the word ass (oops, there I go again) be deemed obscene by a filtering software? What’s next? Will the Indian government mandate that YouTube has ‘bleeps’ whenever words like fuck or bitch are used in a video? Walk in any crowded market in Delhi, and you’ll hear a lot worse. How is ‘obscene information’ defined, and who defines it?

The other part is that “Cyber Cafe’s are mandated to display a board, clearly visible to the users, prohibiting them from viewing pornographic sites as well as copying or downloading information which is prohibited under the law.” Which restaurant which gives users Internet access will want to do this?

– Illegal activity: This is epic: “Cyber Cafe shall take sufficient precautions to ensure that their computer resource are not utilised for any illegal activity.” How in the world is a Cyber Cafe owner going to take precautions to ensure that nothing illegal is done using their computer resource (which would include routing of traffic, so all usage)? Do they expect anyone managing Cyber Cafe to know what each user is doing? What about privacy?

One positive change in the rules is that of inspection. In the earlier rules, an office not below the rank of Police Officer was authorized to inspect the Cyber Cafe and network; in the changed rules, an officer of the registration agency will be authorized. This means that the harassment of Cyber Cafe owners/managers would probably not be done by a police officer.

Imagine a restaurant with WiFi, say, the Market Cafe in Khan Market, Delhi, having to conform to these rules. Or imagine us wanting to give WiFi access at a conference – will we need to register as a Cyber Cafe? It just won’t happen. As with most other rules, these rules will probably not be enforced, but the problem is in the exceptional cases, when they are used in order to harass establishments. Most of us reading this think that it can’t happen to us, but the fact is that it can. I’ve heard a case of bizarre requests being made of a website owner because of something he published and later retracted, as long as four years after the retraction.

The provisions in the law need to be more liberal in order to prevent its misuse by lawmakers, and in our opinion, these CyberCafe guidelines have created the foundation for further harassment.

Note: this comes at a time when the Electronic Frontier Foundation has made a call to action for an Open Wireless Movement.

Download IT Rules: Final (Page 15), Draft

How India’s Draft Cybercafe Rules Could Strangle Public Internet Access