What's happening: The Indian Computer Emergency Response Team (CERT-In) might soon be exempted from the Right to Information (RTI) Act, 2005, on the grounds of data sensitivity, Economic Times reported. What is CERT-In? CERT-In is the government-appointed nodal agency tasked with performing cybersecurity-related functions in the country. What happens if CERT-In is exempted? If exempted from RTI, CERT-In will no longer have to respond to right to information requests filed by the public. The RTI Act was enacted to ensure transparency of government agencies, but exceptions such as these dilute its purpose. Why does it matter? It's important that public institutions are answerable to the public and are transparent about their workings. For example, CERT-In released a cybersecurity directive last month that has been criticised by a long list of people. The directive has a significant impact on cybersecurity, privacy, freedom of expression, surveillance, etc, and there are plenty of questions around the directive; if CERT-In is exempted from RTI, getting answers to these questions becomes a whole lot harder. On the one hand, CERT-In wants our logs, non-compliance with which will lead to one year jail time, but on the other hand, doesn’t want to be transparent to the citizens in return. (3/3)https://t.co/yEyOOTn13f — Internet Freedom Foundation (IFF) (@internetfreedom) May 20, 2022 https://twitter.com/OfficialSauravD/status/1527565820380860416?s=20&t=XS-hkL8gkrcEHFgCskTn5A RTIs filed by MediaNama with CERT-In: MediaNama filed three RTI requests this month with CERT-In (Department of Electronics and Information Technology) concerning the cybersecurity directive. These RTIs should give you a sense of why it is important to have CERT-In as part of…
