wordpress blog stats
Connect with us

Hi, what are you looking for?

Why India’s cybersecurity watchdog should not exempted from RTI

CERT-In might soon be exempted from the RTI Act; here’s why that matters.

What’s happening: The Indian Computer Emergency Response Team (CERT-In) might soon be exempted from the Right to Information (RTI) Act, 2005, on the grounds of data sensitivity, Economic Times reported.

What is CERT-In? CERT-In is the government-appointed nodal agency tasked with performing cybersecurity-related functions in the country.

What happens if CERT-In is exempted? If exempted from RTI, CERT-In will no longer have to respond to right to information requests filed by the public. The RTI Act was enacted to ensure transparency of government agencies, but exceptions such as these dilute its purpose.

Why does it matter? It’s important that public institutions are answerable to the public and are transparent about their workings. For example, CERT-In released a cybersecurity directive last month that has been criticised by a long list of people. The directive has a significant impact on cybersecurity, privacy, freedom of expression, surveillance, etc, and there are plenty of questions around the directive; if CERT-In is exempted from RTI, getting answers to these questions becomes a whole lot harder.

RTIs filed by MediaNama with CERT-In: MediaNama filed three RTI requests this month with CERT-In (Department of Electronics and Information Technology) concerning the cybersecurity directive. These RTIs should give you a sense of why it is important to have CERT-In as part of the RTI Act:

RTI 1:

Advertisement. Scroll to continue reading.

With respect to new directions issued by the Indian Computer Emergency Response Team (CERT-In) on April 28, I have the following questions about NIC and NPL time servers that companies must synchronise their ICT clocks with:

  1. How many time servers do National Informatics Centre (NIC) or the National Physical Laboratory (NPL) run?
  2. What are their IP addresses?
  3. What geographical locations are they configured in?
  4. What are their average latency times?
  5. Do they publish the uptimes and downtimes of their NPT servers?
  6. What is the hardware and software configuration of their NTP servers?
  7. If these servers go down who should be contacted?
  8. Who is the primary and secondary ISP for these servers?
  9. What is the ASN these servers are operated in?

These questions are highly relevant to the public interest as CERT-In has asked all companies in India to synchronise their time with NIC and NPL servers. As syncing time is a critical and complex issue, it is of importance that companies are aware of the technical details of the servers that they are being asked to follow.

RTI 2:

With respect to the financials of the Indian Computer Emergency Response Team (CERT-In), I have the following questions:

  1. What is the capital budget that was allocated to CERT-In in the last five years?
  2. How much of it is spent on software and how much on hardware?
  3. What is the total amount of budget allocated to personnel?
  4. What is the management vs engineer ratio?

RTI 3:

Prior to the release of CERT-In directions on April 28, were there any internal government consultations held. If so, can you please share the details of the various departments that participated and the submissions made by them including any record of minutes that are not confidential?

Are any other government agencies exempted? There are many intelligence and security agencies such as the Intelligence Bureau, CBI, Narcotics Control Bureau, and RAW that are exempt from the RTI Act for security reasons.

What next? The Department of Personnel and Training is finalising the modalities of the exemption regime for which a notification is likely to be issued soon, Economic Times stated.

Advertisement. Scroll to continue reading.

Also Read:

Have something to add? Post your comment and gift someone a MediaNama subscription.

Written By

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



The Delhi High Court should quash the government's order to block Tanul Thakur's website in light of the Shreya Singhal verdict by the Supreme...


Releasing the policy is akin to putting the proverbial 'cart before the horse'.


The industry's growth is being weighed down by taxation and legal uncertainty.


Due to the scale of regulatory and technical challenges, transparency reporting under the IT Rules has gotten off to a rocky start.


Here are possible reasons why Indians are not generating significant IAP revenues despite our download share crossing 30%.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ