Let's Build a Responsible Cyber Society




ITA 2008 Compliance Blanket for Cyber Cafes

The terror mail threat received by the Sri Lankan Cricket team before the Ahmedabad Test has once again brought focus on the Cyber Cafes. The mail was sent from a Cyber Café in Chattisgarh and promptly the Police have arrested the Cyber Café owner. For records, Police are happy that an arrest has been made but it is unlikely to lead to the finding of the real culprit since the Cyber Café may not be maintaining proper records.

 This is a typical scenario in respect of all crimes of this nature where a Cyber Café is used for sending e-mails by terrorists or pranksters.

 With the introduction of the ITA 2008 (ITA 2000 amended with effect from October 27, 2009), the responsibilities of Cyber Café owners have only increased. In the event they fail to maintain a “Due Diligence” plan for the Cyber Café, they run the risk of being accused directly for such crimes as above or for “Vicarious Liabilities” under different sections of ITA 2008 such as Section 67C, Sec 69,69A,69B etc.

 Cyber Café owners as a category are therefore worried because they are caught in the crossfire between the terrorists and naxalites on the one side and the State on the other side.

 One obvious reaction to this is to blame the Police for the wrongful arrest. Though the arrest may be faulted under the sections relating to say Section 66A (sending threatening e-mails) or Section 66F (Cyber Terrorism), arrest can be justified when read along with  Section 85 and  a failure of defense under Section 79.

 Though ITA 2008 has been notified with effect from October 27, 2009, the rules regarding Cyber Café regulations have not been notified separately by the Government. It is expected that specific rules would be notified before December 2009 in this regard.

 In the meantime, Cyber Cafes need to follow “Due Diligence” in a manner that is considered as “What a prudent man under similar circumstances” would do. The undersigned has developed a security framework under ITA 2008 which applies even to Cyber Cafes under which Cyber Cafes are audited and certified for Cyber law Compliance. This could be one option available to the Cyber Café owners.

 In Bangalore, recently the Police started promoting a software for Cyber Cafes which is supposed to maintain Visitor’s registers as per the Karnataka Cyber Café regulations notified in 2004. Though this is touted as ITA 2008 compliant, and Cyber Café owners are being urged by the Police to install the software, it is necessary for the Cyber Café owners to realize that this software by itself may not be fully compliant with ITA 2008 prescriptions and the Cyber Café owners may need to supplement the software with other initiatives.

 Cyber Café owners in Bangalore are perhaps being pushed to a false sense of compliance by the Police in this regard. In fact the software is being promoted by the Police department outside the Cyber Crime Police Station where as the current Cyber Café regulations in Karnataka designate the Cyber Crime Police Station under COD as the designated authority for regulating Cyber Cafes.  While one appreciates the enthusiasm of the Police in regulating Cyber Cafes, it is necessary to suggest that it is better if the implementation itself is compliant to  ITA 2008.

 Now it is the turn of Chattisgarh Police to perhaps think of effective Cyber Café regulations in their state. At the same time it is time for the Cyber Cafe owners in Chattisgarh to face the challenge that will be thrown at them in the process.

 I hope that the Cyber Cafes in Chattisgarh immediately organize themselves into a coordinated group, introduce voluntary compliance measures and save their fraternity from being arrested whenever e-mails are sent from their network. They need to draw a “ITA 2008 compliance Blanket”  over the Cyber Café network to protect themselves and also simultaneously assist the Police in investigation of such cases.

The undersigned has developed such an “ITA 2008 Compliance Blanket for Cyber Cafes”  which satisfies the needs of the Police and frees the Cyber Café owners from harassment. The details of the security blanket cannot be discussed over a public forum but if the Police in Chattisgarh and the Cyber Café owners are both interested in a cooperative format for developing the security, Naavi.org would be happy to assist them.

 This is the need of the hour for sustaining the business of Cyber Cafes in India as we can neither prevent criminals from using the Cyber Café network nor the Police from blaming the Cyber Café owners for negligence.



November 15, 2009

Related Articles:



 Comments are Welcome at naavi@vsnl.com