Replies to This Forum

Permalink Reply by Dr Intekhab Alam Siddiqui on July 11, 2012 at 21:49

The Guideline for Cyber Café notified in 2011 by the Central Government in exercise of the power conferred by the clause (zg) of the sub-section (2) of section 87 read with sub-section (2) of the section 79 of the Information Technology Act, 2000.

Clause (zg) of the sub-section (2) of section 87:

The guidelines to be observed by the intermediaries under sub-section (2) of section 79;

Sub-section (2) of section 79:

The provisions of sub-section (1)[1] shall apply if -

(a)        the function of the intermediary is limited to providing access to a communication system over which information made available by third parties is transmitted or temporarily stored or hasted; or

(b)        the intermediary does not—

(i)         initiate the transmission,

(ii)        select the receiver of the transmission, and

(iii)       select or modify the information contained in the transmission;

(c)        the intermediary observes due diligence while discharging his duties under this Act and also observes such other guidelines as the Central Government may prescribe in this behalf.

 

Who are the Intermediaries?

            An Intermediary is defined in clause (w) of sub-section (1) of section 2 of the Information Technology (Amendment) Act, 2008 as:

"intermediary" with respect to any particular electronic records, means any person who on behalf of another person receives, stores or transmits that record or provides any service with respect to that record and includes telecom service providers, network service providers, internet service providers, webhosting service providers, search engines, online payment sites, online-auction sites, online-market places and cyber cafes.

 

What is a Cyber Café?

Cyber Café as defined in clause (na) of sub-section (1) of section 2 of the Information Technology (Amendment) Act, 2000:

“cyber cafe” means any facility from where access to the internet is offered by any person in the ordinary course of business to the members of the public.

Cyber Café vs. Digital Library

            Now the question is whether the Public Library or Academic Library, if provides access to the Internet and other e-resources, will be covered under the definition of Cyber Café or not, however they are not business institutions and not established under any Shops and Commercial Establishment Act. They are established under the Societies Registration Act, 1860 or any Public Trust Act as the Public Libraries and Academic Libraries are directly or indirectly established by the Society or Trust (except those established by the Central Act or State Legislature) including Libraries of Schools, Colleges, Deemed Universities and Private Universities. The Societies Registration Act, 1860 is for the registration of Literary, Scientific and Charitable Societies and Trust are established for various lawful purposes. According to Information Technology (Guidelines for Cyber Café) Rules, 2011, all Cyber Café shall be registered with a unique registration number with the agency called as registration agency as notified by the Appropriate Government in this regard.

The establishments which are running the Cyber Café, whether individual or partnership or sole proprietorship or society or company have to register and produce a copy of the registration certificate they have got from Registrar of Firms or Registrar of Companies or Societies. It is not clear from these rules that which societies are covered here, whether societies registered under Societies Registration Act, 1860 or any Co-operative Societies Act. Suppose Public Libraries or Academic Libraries are not under the purview of this law but they are also an ‘intermediary’ because they are providing access to the Internet. The possibility of any cyber crime can not be ignored in the library. The libraries provide Internet access to the library members and maintain the records in their own format but now it will be better for libraries to follow the suitable sub-rules of Rule No. 4, 5 & 6 of Information Technology (Guidelines for Cyber Café) Rules, 2011 because ultimately the same law will be applicable if there is any cyber crime activity in the library premises.

Rule 4. Identification of User.

(1)        The Cyber Café shall not allow any user to use its computer resource without the identity of the user being established.  The intending user may establish his identify by producing a document which shall identify the users to the satisfaction of the Cyber Café. Such document may include any of the following:

(i)         Identity card issued by any School or College; or

(ii)        Photo Credit Card or debit card issued by a Bank or Post Office; or

            (iii)       Passport; or                        

(iv)       Voter Identity Card; or

(v)        Permanent Account Number (PAN) card issued by Income-Tax Authority; or

(vi)       Photo Identity Card issued by the employer or any Government Agency; or

(vi)       Driving License issued by the Appropriate Government; or

(vii)      Unique Identification (UID) Number issued by the Unique Identification Authority of India (UIDAI).

(2)        The Cyber Café shall keep a record of the user identification document by either storing a photocopy or a scanned copy of the document duly authenticated by the user and authorised representative of cyber cafe. Such record shall be securely maintained for a period of at least one year.

(3)        In addition to the identity established by a user under sub-rule (1), he may be photographed by the Cyber Café using a web camera installed on one of the computers in the Cyber Café for establishing the identity of the user.  Such web camera photographs, duly authenticated by the user and authorised representative of cyber café, shall be part of the log register which may be maintained in physical or electronic form.

(4)        A minor without photo Identity card shall be accompanied by an adult with any of the documents as required under sub-rule (1). 

(5)        A person accompanying a user shall be allowed to enter cyber café after he has established his identity by producing a document listed in sub-rule (1) and record of same shall be kept in accordance with sub-rule (2).

(6)        The Cyber café shall immediately report to the concerned police, if they have reasonable doubt or suspicion regarding any user

Rule 5. Log Register:-

(1)       After the identity of the user and any person accompanied with him has been established as per sub-rule (1) of rule 4, the Cyber Café shall record and maintain the required information of each user as well as accompanying person, if any, in the log register for a minimum period of one year.  

(2)        The Cyber Café may maintain an online version of the log register. Such online version of log register shall be authenticated by using digital or electronic signature. The log register shall contain at least the following details of the user, namely:

            (i)         Name

(ii)        Address

            (iii)       Gender           

            (iv)       Contact Number

(v)        Type and detail of identification document

            (vii)      Date

(vii)      Computer terminal identification

            (viii)     Log in Time 

            (ix)       Log out Time

(3)        Cyber Café shall prepare a monthly report of the log register showing date-wise details on the usage of the computer resource and submit a hard and soft copy of the same to the person or agency as directed by the registration agency by the 5th day of next month.

(4)        The cyber café owner shall be responsible for storing and maintaining backups of following log records for each access or login by any user of its computer resource for at least one year:

             (i) History of websites accessed using computer resource at cyber café;

             (ii) Logs of proxy server installed at cyber café.

Cyber Café may refer to “Guidelines for auditing and logging – CISG-2008-01” prepared and updated from time to time by Indian Computer Emergency Response Team (CERT-In) for any assistance related to logs. This document is available at www.cert-in.org.in.

(5)        Cyber café shall ensure that log register is not altered and maintained in a secure manner for a period of at least one year.

Rule 6. Management of Physical Layout and computer resource.

(1)        Partitions of Cubicles built or installed if any, inside the Cyber Café, shall not exceed four and half feet in height from the floor level.

(2)        The screen of all computers, installed other than in Partitions or Cubicles, shall face ‘outward’, i.e. they shall face the common open space of the Cyber Café.

(3)        Any Cyber Café having cubicles or partitions shall not allow minors to use any computer resource in cubicles or partitions except when they are accompanied by their guardians or parents.

(4)        All time clocks of the computer systems and servers installed in the Cyber Café shall be synchronised with the Indian Standard Time.

(5)        All the computers in the cyber café may be equipped with the commercially available safety or filtering software so as to avoid, as far as possible, access to the websites relating to pornography including child pornography or obscene information.

(6)        Cyber Café shall take sufficient precautions to ensure that their computer resource are not utilised for any illegal activity.

(7)        Cyber Café shall display a board, clearly visible to the users, prohibiting them from viewing pornographic sites as well as copying or downloading information which is prohibited under the law.

(8)        Cyber Café shall incorporate reasonable preventive measures to disallow the user from tampering with the computer system settings.

(9)        Cyber café shall maintain the user identity information and the log register in a secure manner.

(10)      Cyber café shall also maintain a record of its staff for a period of one year.

(11)      Cyber café shall not misuse or alter the information in the log register.

Many organisations including educational institutions are providing internet access through Wifi technology and even today we can use Android phone to set up a WiFi connection to offer public internet access. People use their own laptops to access internet where Wifi is available. The guidelines will also restrict the easy access to internet through Wifi. Internet is a revolutionary communication medium, the government talks to bridge the digital divide and making policies for implementation of information and communication technology and at the same time restricting public access to internet. Any way the guidelines have been published in the Gazette and now everybody has to follow. The enactment of IT Act and Rules, will increase the responsibilities of the librarians not only professionally and but also legally.

---

[1] Sub-section (1) of Section 79:  Notwithstanding anything contained in any law for the time being in force but subject to the provisions of sub-sections (2) and (3), an intermediary shall not be liable for any third party information, data, or communication link made available or hasted by him.

Sub-section (3) of Section79: The provisions of sub-section (1) shall not apply if—

(a) the intermediary has conspired or abetted or aided or induced, whether by threats or promise or otherwise in the commission of the unlawful act;

(b) upon receiving actual knowledge, or on being notified by the appropriate Government or its agency that any information, data or communication link residing in or connected to a computer resource controlled by the intermediary is being used to commit the unlawful act, the intermediary fails to expeditiously remove or disable access to that material on that resource without vitiating the evidence in any manner.

• ▶ Reply

Permalink Reply by R K on July 11, 2012 at 23:53

Thanks sir

• ▶ Reply