Let's Build a Responsible Cyber Society




Draft Regulations-Cyber Cafe

After ITA 2008 was notified on October 27, 2009, there was an expectation of new Cyber Cafe regulations being notified as part of the ITA 2008 notifications. After more than 15 months of deliberations, a draft regulation has been released by MCIT with a request for public comments to be sent to grai@mit.gov.in before 28th February 2011.

I request all stake holders to go through the guidelines and respond so that they need not regret later if they cannot comply with the regulations.

Following comments are provided to enable the stake holders to study and derive their own conclusions.

1. Licensing:  Under Section 2(h) there is a provision for the "Appropriate Government" to introduce a licensing system for Cyber Cafes. The "appropriate Government" for this purpose may be considered as the respective State Government. Since the licensing would be under the provisions of this notification, the terms of licensing has to be within the provisions of this guideline. The State Governments need to notify an appropriate agency for this purpose.

2. Identification : The Cyber Cafe user needs to identify himself with an ID document. An inclusive list of 6 types of documents has been indicated but this list is not to be construed as "Restrictive". There can be other documents which can be relied upon by the Cyber Cafe owner also. In case the ID document is not available the user can be photographed and the photograph kept as part of the log record.

3. Log Register: The log register is expected to be kept for a period of one year. Maintenance of an "Online" version of the log register is permitted.

A monthly report of the log register showing date-wise details on the usage of the computer resource and submit a hard and soft copy of the same to the person or agency as directed by the licensing authority by 5th of each subsequent month.

Additionally, backups of log records are to be maintained for 6 months. Such log records should include

i) History of websites accessed

ii) logs of proxy server

iii)Mail server logs

iv)logs of network devices

v) logs of firewall or IDS systems

It has been suggested that the guidelines of CERT-In for maintenance of logs may be referred to for this purpose.

This provision is likely to evoke resistance from the Cyber Cafe owners since the expertise and training required for complying with this provision is beyond the scope of the current generation of Cyber Cafe owners.

It may be necessary for Cyber Cafe owners to use appropriate software and to use expert advice to be able to comply with this provision.

4. Physical Layout: Recommendations have been also made on the layout of cabins and display of notices regarding prohibition of viewing pornographic sites etc.

5. Security Software: Cyber Cafes will be required to introduce appropriate security software to prevent tampering with computer system settings and for filtering websites with objectionable materials.

6. Inspection: Inspection is envisaged from an officer not below the rank of a Police inspector " As authorized by the licensing agency".

It is not clear in the guidelines what would be the penalty in case of non compliance.

There is a huge requirement for awareness building and training of the Cyber Cafe owners and if the guidelines are to be respected and complied with, Governments at the Center and the States should undertake appropriate measures to create an infrastructure for education of the Cyber cafe owners and provide some reasonable time for compliance.

Naavi.org had earlier suggested use of a software from One Roof.Inc which if installed, makes the Cyber Cafe owner compliant with all the regulations that are to be managed at the system level. This software which is available free of cost and also provides for generation of ad-revenue to the Cyber Cafe owner could be a good solution to most Cyber Cafe owners.

I presume that the software would be appropriately customized to meet the requirements of the proposed guideline.


February 20, 2011

Any Comments on this article can be sent to naavi@vsnl.com


Draft Guideline-Cyber Cafe Regulations

Guidelines for maintenance of server logs


 Comments are Welcome at naavi@vsnl.com