This TOI report does not seem to have a basis
A front-page
report appeared today (April 8, 2009) in Times of India
(Bangalore-India ) titled "E Mail Providers will need to have servers in
India". The report credited to a reporter by name Vinay Madhav made further
comments which appear to have arised on a wrong analysis of the provisions
and have the effect of misleading the public. Hence this clarification.
Presently the amendments have
been passed by the Parliament and gazetted. The rules are under formation.
We donot know if the report is based on any leak from the Ministry about
the proposed rules or simply a speculation of the media to spread
misinformation about the amendments as what TOI had done earlier. (Refer
article:
Please do not try to manipulate public opinion with planted stories )
The report suggests that the
amendments require Indian nationals to be provided e-mail addresses only in
the .in domain and hence there will be a need for consumers to change their
e-mail IDs consequent to the new regulations.
The amendments have
prescribed
a) Intermediaries need to
retain data as may be prescribed for designated periods. (We may recall
that on April 6th, UK also notified a similar data retention guideline)
b) Intermediaries need to
submit "Traffic data" when called for by a designated agency.
c) Intermediaries need to
follow "Reasonable Security Practices" as may be prescribed
d) Intermediaries need to
exercise "Due Diligence" in providing their services
There is no specific
recommendation that the e-mail servers have to be in India even though this
may be contemplated as part of the rules to be notified. Even the IT Vision
document of BJP has indicated its desire to encourage hosting services to
be run from India as a part of moving the business into India for its
economic benefit.
Even if the servers are
located in India, there is no reason why the users need to be compelled to
change their e-mail addresses. e-mail identities are as important as domain
name identities and people have built them over time. Many have also
obtained digital signature certificates tagged to the respective e-mail
IDs. Hence if there is any crazy idea of "Only .in addresses to be used by
Indian Citizens", it needs to be nipped in the bud. To the best of my
knowledge, the persons framing the rules are not so naive as to prescribe
such a condition.
Presently public in
India have invested more than Rs 100 crores in digital signatures and a
majority of them are on gmail.com addresses. If these are made "illegal"
there will be a loss of RS 100 crores to the Indian public and I am sure
that Ministry of Communications and Information Technology will take this
into account while framing the rules.
It is true that if the
servers are located in India, the law enforcement may have better
monitoring over them. In fact ITA 2008 enables the Government to
intercept, monitor, decrypt messages or even block websites. As it happened
in the case of Blackberry case, law enforcement is worried about terrorists
hiding their nefarious activities under the "Privacy Protection" measures
undertaken by the e-mail/mobile service providers. Such monitoring would be
easy if the servers are situated in India.
In fact, in recent days,
Yahoo and Google are both hiding the IP address of senders of e-mail and
providing their own proxy addresses. As a result, the law enforcement has
to every time demand IP address details from the e-mail service providers
to assist in their investigation or intelligence activities. There is a
loss of time in the process and the delay only assists criminals. Hence
location of servers in India is desirable from law enforcement view. This
however does not require change of e-mail address.
There is no doubt that there
are Civil Liberty concerns on the powers conferred on the Government
agencies by the amendments. But this unfortunately is a trend all over the
world and electronic surveillance is part of Government functions even in
USA, UK, Australia or elsewhere. In the current era of terrorist threats,
it is necessary for the law enforcement to be given enough powers. ITA 2008
has done just that.
If abuse of these powers have
to be prevented, we need a "Netizen Rights Commission" or "Netizen
Protection Advisory Group".
In summary, we can say that
the amendments donot propose that Indians need to give up their .com e-mail
addresses and switch to .in addresses. Hence concern on this appears to be
misplaced.
I would like the media to
focus more on the "Safeguards" that ITA 2008 has suggested under Sections
69, 69A and 69B rather than focusing only on the difficulties of the
"Intermediaries".
Naavi
April 08, 2009
