Draft Regulations-Cyber Cafe
After ITA 2008 was notified on October 27, 2009, there was an expectation
of new Cyber Cafe regulations being notified as part of the ITA 2008
notifications. After more than 15 months of deliberations, a draft
regulation has been released by MCIT with a request for public comments
to be sent to grai@mit.gov.in
before 28th February 2011.
I request all stake holders to go through the guidelines and respond so
that they need not regret later if they cannot comply with the
regulations.
Following comments are provided to enable the stake holders to study and
derive their own conclusions.
1. Licensing: Under Section 2(h) there is a provision for the
"Appropriate Government" to introduce a licensing system for Cyber
Cafes. The "appropriate Government" for this purpose may be considered
as the respective State Government. Since the licensing would be under
the provisions of this notification, the terms of licensing has to be
within the provisions of this guideline. The State Governments need to
notify an appropriate agency for this purpose.
2. Identification : The Cyber Cafe user needs to identify himself
with an ID document. An inclusive list of 6 types of documents has been
indicated but this list is not to be construed as "Restrictive". There
can be other documents which can be relied upon by the Cyber Cafe owner
also. In case the ID document is not available the user can be
photographed and the photograph kept as part of the log record.
3. Log Register: The log register is expected to be kept for a
period of one year. Maintenance of an "Online" version of the log
register is permitted.
A monthly report of the log register showing date-wise details on the usage
of the computer resource and submit a hard and soft copy of the same to
the person or agency as directed by the licensing authority by 5th of
each subsequent month.
Additionally, backups of log records are to be maintained for 6 months.
Such log records should include
i) History of websites accessed
ii) logs of proxy server
iii)Mail server logs
iv)logs of network devices
v) logs of firewall or IDS systems
It has been suggested that the guidelines of CERT-In for maintenance of
logs may be referred to for this purpose.
This provision is likely to evoke resistance from the Cyber Cafe owners
since the expertise and training required for complying with this
provision is beyond the scope of the current generation of Cyber Cafe
owners.
It may be necessary for Cyber Cafe owners to use appropriate software and
to use expert advice to be able to comply with this provision.
4. Physical Layout: Recommendations have been also made on the
layout of cabins and display of notices regarding prohibition of viewing
pornographic sites etc.
5. Security Software: Cyber Cafes will be required to introduce
appropriate security software to prevent tampering with computer system
settings and for filtering websites with objectionable materials.
6. Inspection: Inspection is envisaged from an officer not below the
rank of a Police inspector " As authorized by the licensing agency".
It is not clear in the guidelines what would be the penalty in case of non
compliance.
There is a huge requirement for awareness building and training of the
Cyber Cafe owners and if the guidelines are to be respected and complied
with, Governments at the Center and the States should undertake
appropriate measures to create an infrastructure for education of the
Cyber cafe owners and provide some reasonable time for compliance.
Naavi.org had earlier suggested use of a software from One Roof.Inc which
if installed, makes the Cyber Cafe owner compliant with all the
regulations that are to be managed at the system level. This software
which is available free of cost and also provides for generation of
ad-revenue to the Cyber Cafe owner could be a good solution to most
Cyber Cafe owners.
I presume that the software would be appropriately customized to meet the
requirements of the proposed guideline.
Naavi
February 20, 2011
Any Comments on this article can be sent to
naavi@vsnl.com
Reference:
Draft Guideline-Cyber Cafe Regulations
Guidelines for maintenance of server logs
Comments are Welcome at
naavi@vsnl.com