Owners have to keep logs of customers' ID, photo
If the new rules framed by the Department of Information Technology for using cyber cafés are implemented in letter and spirit, they could well force people without their own computers to stay away from accessing the Internet, besides compelling the owners of these small businesses to store minute details about their customers' surfing habits in the face of penal action.
Notified last month, the IT (Guidelines for Cyber Café) Rules, 2011, require cyber café customers to furnish proper identification proof, a copy of which must be stored for a year.
Acceptable identity cards include those issued by any school or college, or photo credit cards, passports, voter identity cards, PAN cards, driving licences or any cards issued by a government agency, including the UID number.
Schoolchildren who do not have a photo ID will not be allowed entry unless accompanied by an adult possessing identity proof.
Additionally, cyber café owners must photograph their customers and maintain a detailed time-log of each of their visits. A soft and hard copy of these usage logs, which will include the customer's photograph and ID proof, must be submitted to a government-designated “person or agency” every month.
In addition, the cyber café owner “shall be responsible for storing and maintaining backups of [the] following log records for each access or login by any user of its computer resource for at least one year,” including the “history of websites accessed.”
Incredibly, the new rules, framed under the Information Technology Act, 2008, even specify the kind of furniture a cyber café must have. Cubicles with partitions higher than four-and-a-half feet will be illegal, and cafés are obligated to place terminals in such a way that computer screens face “outward” (towards common open space of the café) and can be easily monitored.
The new guidelines say that computers in cyber cafés should be equipped with “commercially available safety or filtering software so as to avoid, as far as possible, access to the websites relating to pornography including child pornography or obscene information.”
Further, cyber café owners need to put a display board, clearly visible to users, prohibiting them from viewing pornographic sites as well as copying or downloading information that is prohibited under the law.
“Cyber cafés shall take sufficient precautions to ensure that their computer resources are not utilised for any illegal activity,” the rules add.
Alleging that the new guidelines could cause further harassment of cyber café owners as well as users, Nikhil Pahwa, editor and publisher of the website MediaNama, says the provisions in the law need to be more liberal in order to prevent its misuse by lawmakers.
Pointing out that the new regulations are impractical and cannot be applied, Mr. Pahwa says: “As with most other rules, these rules would probably not be enforced… but the problem is in the exceptional cases, when they are used in order to harass establishments.”
However, there is one silver lining. “In the earlier rules, an officer not below the rank of police officer was authorised to inspect the cyber café and network. But in the changed rules, an officer of the registration agency will be authorised. This means that the harassment of cyber café owners/managers would probably not be done by a police officer,” Mr. Pahwa says.