New rules proposed by the Indian government would require users at cyber-cafes to establish their identities, while placing the onus on cyber-cafe operators to take precautions to ensure that their computers are not utilized for any illegal activity.
The proposed rules, which would come into effect under the country’s Information Technology Act, reflect concerns that the Internet is being used for illegal activities such as planning terrorist attacks and viewing pornography in public, which is illegal in India. The government has viewed public Internet services offered by cyber-cafes with suspicion for some time, and more recently it has scrutinized other online communications, including through mobile phones, according to analysts.
The government is already putting pressure on Research In Motion, maker of the BlackBerry, to give security agencies access to communications on its services.
RIM said it has so far provided mobile operators with technology that enables lawful access to its consumer services like BlackBerry Messenger and BlackBerry Internet Service e-mail. The company, however, said it is not technically possible to provide access to its corporate e-mail service, BlackBerry Enterprise Server.
Under the proposed rules for cyber-cafes, operators cannot allow a user to use computer resources without the person’s identity first being established. Users will be asked to establish their identities by producing documents such as their passport, voter identity card, photo credit card, driver’s license, or identity cards issued by schools and colleges.
Users who cannot establish identity to the satisfaction of the cyber-cafe operator might be photographed by the cyber-cafe using a Web camera. The photographs are to be part of the log register, which may be maintained in physical or electronic form.
The Ministry of Communications and Information Technology has invited public comments on the new rules.
The rules would require cyber-cafe owners to store and maintain certain backups of logs and computer resource records for at least six months for each access or login by any user. These include the history of websites accessed, mail server logs as well as logs of any proxy servers, network devices, firewalls or intrusion prevention and detection systems that are installed.
Partitions of cubicles in the cyber cafe would not be allowed to be higher than four and a half feet from the floor level, and minors would be denied access to computers from these cubicles unless they are accompanied by parents or guardians.
The draft rules, if they come into effect, would also require that all the computers in a cyber-cafe be equipped with safety and filtering software to avoid access to websites relating to pornography, obscenity, terrorism and other material deemed objectionable. Cyber-cafes would also have to display a board, clearly visible to users, prohibiting them from viewing pornographic sites, according to the proposed rules.
John Ribeiro covers outsourcing and general technology breaking news from India for The IDG News Service. Follow John on Twitter at @Johnribeiro. John’s e-mail address is firstname.lastname@example.org