If new rules framed by the Department of Information Technology for using cyber cafes are implemented in letter and spirit, they could well force people without their own computers to stay away from accessing the Internet, besides compelling the owners of these small businesses to store minute details about the surfing habits of their customers at the cost of penal action.
Notified last month, the IT (Guidelines for Cyber Café) Rules, 2011, require cyber cafe customers to furnish proper identification proof, a copy of which must be stored for a year. Acceptable identity cards include those issued by any school or college, or photo credit card, passport, voter identity card, PAN card, driving license or any card issued by any government agency, including UID number.
Schoolchildren who do not have a photo ID will not be allowed entry unless accompanied by an adult possessing proof of his or her identity. Additionally, cyber café owners must photograph their customers and maintain a detailed time log of each of their visits. A soft and hard copy of these usage logs, which will include the photograph and ID proof of customers, must be submitted to a government-designated “person or agency” every month.
In addition, the cyber cafe owner “shall be responsible for storing and maintaining backups of [the] following log records for each access or login by any user of its computer resource for at least one year” including the “history of websites accessed”.
Incredibly, the new rules, framed under the Information Technology Act, 2008, also specify the kind of furniture a cyber cafe must have. Cubicles with partitions higher than four and a half feet will be illegal and cafes are obligated to place terminals in such a way that computer screens face “outward” (towards common open space of the cafe) and can be easily monitored.
The new guidelines say that computers in cyber cafés should be equipped with “commercially available safety or filtering software so as to avoid, as far as possible, access to the websites relating to pornography including child pornography or obscene information”.
Further, cyber café owners need to put a display board, clearly visible to users, prohibiting them from viewing pornographic sites as well as copying or downloading information which is prohibited under the law. “Cyber cafes shall take sufficient precautions to ensure that their computer resources are not utilised for any illegal activity,” the rules say.
Alleging that the new cyber cafe guidelines have created the foundation for further harassment of their owners as well as users, Nikhil Pahwa, editor and publisher of the website MediaNama, said the provisions in the law need to be more liberal in order to prevent its misuse by lawmakers.
Pointing out that the new regulations were impractical and could not be applied, Mr. Pahwa said: “As with most other rules, these rules would probably not be enforced…but the problem is in the exceptional cases, when they are used in order to harass establishments.”
However, there is one silver lining in the new guidelines. “In the earlier rules, an officer not below the rank of police officer was authorised to inspect the cyber cafe and network; in the changed rules, an officer of the registration agency will be authorised. This means that the harassment of cyber cafe owners/managers would probably not be done by a police officer,” Mr. Pahwa said.