On May 20, 2001, naavi.org (also Naavi.org) had commented on
the proposed move of the Mumbai Police to introduce ID cards for all Cyber
Cafes. naavi.org had highlighted the practical difficulties in imposing such
measures.
On May 29, 2001, M/s Jayesh Thakkar and Sunil Thacker
wrote a letter to the Hon’ble Chief Justice of the Bombay High Court
complaining about the proliferation of pornographic sites on the Internet. The
letter was treated as suo motu Writ Petition and came to be numbered as
Writ Petition 2611 of 2001. During the subsequent hearings, the Internet Users
Association of India (IUAI) was permitted to intervene in the matter. The
Government of Maharashtra and the Union of India were also before the Court.
On September 28, 2001, the Division Bench of the High
Court, presided over by the Learned Chief Justice passed an order appointing a
Committee to suggest and recommend ways, measures and means to protect/shield
minors from access to pornographic and obscene material on the Internet. The
High Court Committee comprised the Deputy Commissioner of Police, the Chairman
and Managing Director of VSNL; Mr Vijay Mukhi or another authorised
representative of the IUAI; Mr S K Nair, Advocate, and Mr Gautam Patel,
Advocate.
The committee submitted its report on January 30th, 2002, making
recommendations on the regulatory and educational issues concerning
"PROTECTING MINORS FROM UNSUITABLE INTERNET MATERIAL"
The Committee felt it was inherently impossible – or, at
the very least, impractical – to evolve a common set of regulations governing
all classes of service providers.
In analysing these individual capabilities and limitations,
the Committee narrowed its focus – bearing in mind the overall objective
reflected in the High Court order – to the following issues:
(a) Blocking of sites, generally;
(b) Preventing minors from accessing unsuitable material
from Cyber Cafés;
(c) Preventing the publication or propagation of
pornography from Cyber Cafés;
The Committee dealt separately and extensively with issues
raised by Cyber Cafés. Matters related to online portals, ISPs and ASPs were
considered less extensively.
Regarding Cyber Cafés, the Committee further separated the
general issues into subsidiary components:
(a) Issues specifically involving minors;
(b) Issues applicable to Cyber Cafés generally, whether
used by minors or adults;
(c) Issues relating to licensing and regulation of Cyber
Cafés;
On February, 13,2002, the High Court ordered that Copies of the
entire report be made available to the public for downloading on the VSNL
website, the NIC website that runs the High Court daily board and the Bombay
Bar Association website to invite suggestions and comments from the
public upto March 30, 2002.
The Committee was directed to analyse all comments
and to present a summary thereof to Court within 2 weeks thereafter. Matter
was posted for further orders on April 13, 2002.
naavi.org had invited the public to send their comments in
this regard as it was a unique occassion where the Court had called for public
comments on a report otherwise prepared in camera by an expert committee so as
to provide an opportunity for the public to participate in the discussions.
The expert committee is now about to submit its
next report to the Court. In spite of the request made to many ISP s, no
ISP other than VSNL highlighted the issue and alerted their customers. It is
therefore not clear if any significant comments might have been filed. If so,
we can expect that the earlier recommendation of the Expert Committee is
likely to find favour with the Court.
It is therefore necessary to once again bring before the
public the nature of the recommendations made by the expert committee in this
case, so that Cyber Cafe owners all over India understand their new
responsibilities.
Additionally, on several issues the report affect ISP s.
In as much as Dishnet and Satyam are two large ISP s in
the country also having a chain of Cyber Cafes the case is of interest
to such Corporates also.
The next generation of services under the Convergent
economy will also throw up several more telephony and broadcast services
within the gamut of Cyber Cafe's rendering their role more complicated.
The recommendations on the implementation of E-Governance
in the tenth plan period has envisaged setting up of public internet access
centers in all rural areas and any legal restrictions that are now
imposed on the Cyber Cafe's by virtue of the subject report will have its
impact on them also.
In view of the above considerations a brief review of the
recommendations made by the committee is taken up here.
Those persons or Companies who failed to respond to the
earlier call have to now review if there is a need for them to move the court
directly to implede in the matter and present their views.
The summary of the recommendations of the Expert Committee
is as follows:
1 Site Blocking. The Committee comprehensively
rejected the proposal for site blocking as being technically and legally
unsound.
2 Cyber Cafés. The Committee’s recommendations
include:
A suggested definition of Cyber Cafés to be
included in the Rules under the Bombay Police Act.
Procedures for licensing Cyber Cafés as none are as
yet licensed or regulated;
Regulations requiring Cyber Café operators to
demand photo id cards (of any kind) from all users;
Requiring that minors be restricted to using
machines in the common open space of Cyber Cafés (i.e., not in cubicles)
Requiring that these machines be fitted with
software filters;
Providing for the maintenance of Internet Protocol
address allocation time-stamped logs for all machines in the Cyber Café
network.
3 Service Providers. The recommendations cover
Requirements for maintenance of time-stamped logs
of different descriptions
Requirements for synchronization of internal clocks
and connectivity authentication logs
4 Educational Measures.
These include
Email and website information to be provided by
ISPs informing the public about hazards and possible solutions;
Offering filter software to subscribers as an
option;
Setting up a hotline to the Cyber Crime
Investigation Cell;
Taking steps to increase awareness about cyber
crime in general.
Some quick comments on the above are given here for general
information:
1. Definition of the Cyber Cafe:
The Definition of Cyber Cafe as recommended by the
Committee is:
A Cyber Café means and includes any
establishment by whatever name called, the object of the business of which
is to make available to the general public, either for a fee or gratis or as
part of rendering or supply of any other goods or services, access to and
use of the Internet (in any of its forms or protocols, whether now in
existence or yet to be implemented) for any purpose, including but not
limited to, recreation and amusement, but does not include any place used
purely as a residence or as an office or a place where access to the
Internet is restricted to employees, staff or similarly authorised
personnel; and a Cyber Café shall be deemed to be a place of public
amusement under Section 2(9) of the Bombay Police Act, 1951
The above is a very broad definition that would cover all
"Public Kiosks" that are planned and would be planned for various
Citizen-Government interfaces as well as commercial establishments. The idea
of identifying a Cyber Cafe as an "Place of Amusement" throws open the
question why Cyber Cafe cannot be considered a "Library", "Education
Institution" or a "Shopping Mall", since these centers would be not only
giving access to the Information Super highway but also will carry Tele
Education and E-Commerce. Considering that 75 % of people use Internet for
E-Mail purposes, it is also possible to consider that Cyber Cafe's are
"Digital Post Offices". Ignoring all these alternate uses of the Cyber Cafe,
declaring it as an "Amusement Place" shows a total lack of understanding of
the Internet usage by the Committee.
2. Licensing of Cyber Cafes:
The Committee approved a licensing application form
required for Cyber Cafés. This pro-forma is an Annexure to this Report.
The Committee recommends the adoption of this pro-forma.
According to the suggestion, the Police Commissioner would
be the licensing authority and an application has to be made in the prescribed
form along with a grand list of collateral documents.
The documents to be submitted includes licenses issued from
other authorities such as the Municipality, Health Department, Fire Brigade,
Taxation, Electrical Contractor, MTNL, BMC etc.
It is also indicated that no religious, educational or
hospital is within a radius of 100 meters from the Cyber Cafe.
Cyber cafe is also expected to submit a certificate from
the ISP that he is permitted to resell or distribute ISP services.
List of hardware (Including make and brand names) and
licensed software used and installed in the premises as well as telephone
numbers and the name of the hardware and software consultant, are also
to be submitted along with the application.
Particulars of software being used for
prevention of access to pornographic and objectionable web sites should also
be separately listed.
Particulars of
internal networking computers and other peripherals and the site map of the
network along with Ethernet addresses should also be submitted along with the
application.
Additionally, the Cyber Cafe
owner has to provide the following undertaking:
1) that he will
maintain logs of IP addresses as allocated within to all machines within the
Cyber Café along with corresponding time and date stamps of such
allocations.
2) that he shall
permit use of the Cyber Café only against production of a suitable photo id
card and that he shall ensure that no unauthorised or illegal activity
takes place within the said premises;
3)
that he will ensure that minors shall be allowed to use only those
machines that are in the common open area and not any machine that is behind
a partition or in a cubicle, cabin or other similar enclosure.
4) that he will
regularly supply and provide information in the prescribed time to the
Licensing Authority, as provided under the Rules for Licensing and
Controlling Places of Public Amusement (other than Cinemas) and Performances
for Public Amusement including Cabaret Performances and Tamashas-1960
(public amusement rules in short) framed by the Commissioner of Police,
Greater Mumbai under section 33 of Bombay Police Act – 1951;
5)
that he will ensure and maintain the correctness of date and time on the
computer system in the said Cyber Cafe;
6) that he will
inform the Licensing Authority immediately the particulars of any changes in
the data storage media (eg hard disks, tape drives, zip drives, JAZ drive,
CD/DVD RW and other similar hardware for storage media) made with the
computer systems in the said Cyber Café and also to the Cyber Crime
Investigation Cell, Mumbai;
If any Cyber Cafe owner can
state that he can effectively fulfill the above conditions, it would be
nothing short of a miracle or that it only means that he has put up the
necessary "Firewall" to protect himself from being hauled up by the Police for
any of the innumerable conditions that are prescribed above.
Photo ID Card:
The Committee recommends that every visitor to a Cyber Café
be required to produce any photo-id card. Children without photo id cards
should be accompanied by an adult with a photo id card.
Physical Layout
The Committee recommends that all Cyber Cafés that have
cubicles or partitions be required to ensure that minors are not allowed to
use machines in cubicles or behind partitions.
All ‘open’ machines must face ‘outward’, i.e., must
be facing the common open space of the Cyber Café.
Software:
The Committee recommends that all ‘open’ machines, to which
minors are restricted, be equipped with suitable safety software.
Special Regulatory Recommendations for ISP s
E-Mails
(a) Accurate time stamps must be incorporated by the
outward SMTP server. The time should be synchronised with the local ISP in
order to maintain coherence.
(b) Also the entitlement of the customer must be ensured;
all ISPs must deny relaying. For example xyz@vsnl.com customer should not be
able to send mails from rediffmail.com’s smtp server. (Ed: Please see the
article
Please Do not Play around with Digital Identities, and
Block Spam
Not Customers!!! for detailed comments)
Using Third Party Services
(a) As the authentication of identity cannot be ensured in
a third party free web-based service, proper logs with time stamps should be
maintained and forwarded immediately to investigating agency in case of
enquiry.
Connectivity and Authentication: ISP Level
All the dialup customers should have non-repudiatable
authentication and usage records.
The Remote Access Servers should have the some form of
Caller Identification feature set up so as to log the telephone number from
where the connection was established
All Remote Access Dial In User Service/Server (RADIUS) logs
should be saved on some reliable removable media for permanent storage and
easy retrieval. It may
be stored in a universal zipped format in order to conserve space and recorded
on a monthly basis.
Time Clock Coordination
All time clocks on ISP systems must be regularly
checked and synchronized with universally accepted time synchronization
services such as the Cesium Atomic Clock.
Record Keeping:
As part of the terms of licensing of every ISP, every
ISP should be required to include on all application forms for an Internet
connection information as to whether the connection is being taken for use in
a Cyber Café. If so, further information, sufficient to ascertain the Cyber
Cafés control systems, should be separately taken by the ISP and kept on file.
Educational Measures:
E-Mail News Letters
The Committee recommends that every ISP be required
to send out periodic email newsletters to all subscribers (not just Cyber
Cafés). This newsletter must contain information and warnings directed
to parents about the ill effects of cyber pornography on minors and possible
remedial measures.
Online Information
Similarly, the ISPs portal pages online must include
information and warnings directed to parents about the ill effects of cyber
pornography on minors and possible remedial measures. This is, typically,
visualized as being more detailed than the information contained in the
newsletter.
Protective Software
The Committee recommends that every ISP be required
to offer its subscribers protective software, either for online download or on
the Compact Discs containing the dial up connection installable and executable
files.
The software may be offered free, or at a price in Indian
rupees, or combined with some Internet connection package. Users have the
option of taking the software.
The Internet Service Providers Association of India and the
CCIC must co-ordinate among themselves and with experts in Internet technology
and social sciences, to conduct online and offline camps and seminars,
including at school and college levels, to educate the public about the
adverse effects of cyber pornography on children, protective and remedial
measures and detection mechanisms. These camps must be scheduled on a regular
basis. (Ed: Cyber Law College Stands Vindicated on its stand!!!)
The above recommendations raise serious doubts about
whether the Committee has far exceeded its brief and is trying to rewrite the
Information Technology Act-2000 and imposing conditions that can never be
properly complied with so that the Cyber Cafe owners and the ISP s are for
ever be at the mercy of the Police.
naavi.org reiterates that any regulation which is
considered an over regulation can only be a breeding ground for corruption and
needs to be avoided.
naavi.org urges ISP s and Cyber Cafe associations to
represent to the Court before it is too late to see that the recommendations do not create a new power center which the Cyber Cafes and ISP s need to
nurse.
The measures will be a serious blow to the E-Governance
efforts to encourage setting up of Public Internet Access Centers and the
Ministry of Information Technology should also immediately intervene.
The least that can be done is for Ministry of
Information Technology to review the Expert Committee report and submit a
recommendation to the Court.
Naavi
April 4, 2002
Related Articles:
The Dilemma
of ID s for Cyber Cafe..Fit Case for a Big Debate.
Please Do not
Play around with Digital Identities,
Block Spam
Not Customers!!!
Detailed
Report and Court Order
Your Views
can be sent here