Thursday, May 12, 2011

Technology (Guidelines for Cyber Cafe) Rules, 2011

[To be published in THE GAZETTE OF INDIA, EXTRAORDINARY, Part II,Section 3, Sub-section (i) of dated the ----------, 2011]

Government of India
(Department of Information Technology) NOTIFICATION New Delhi, the ------------, 2011
-section (2) of section 87, read with sub-section (2) of section 79 of the InformationTechnology Act, 2000 (21 of 2000), the Central Government hereby makes thefollowing rules, namely: 1.

Short title and commencement 

Technology (Guidelines for Cyber Cafe) Rules, 2011.(2) They shall come into force on the date of their publication in the OfficialGazette. 2.
ese rules, unless the context otherwise requires,--(a) “Act” means the Information Technology Act, 2000 (21 of 2000);(b) “Appropriate Government” means Central Government or State Governmentor Union Territory Administration;(c) “Cyber Cafe” means cyber café as defined in clause (na) of sub-section (1)of section 2 of the Act;(d) “computer resource” means a computer resource as defined in clause (k) ofsub-section (1) of section 2 of the Act;(e) “Data” means data as defined in clause (o) of sub-section (1) of section 2 ofthe Act;(f) “Information” means information as defined in clause (v) of sub-section (1) ofsection 2 of the Act;(g) “Intermediary” means an intermediary as defined in clause (w) of sub-section(1) of section 2 of the Act;(h) “Licencing Agency” means an agency designated by appropriate governmentto issue licences to cyber café for their operation;

(i) “Log Register” – means a register maintained by the Cyber Café for accessto computer resource;(j) “User” means a person who uses the computer resource and includes otherpersons jointly participating in using the computer resource in a cyber café.
3. Agency for issuance of licence :
Appropriate government will notify an agencyto issue license to cyber cafes.
4. Identification of User
: (1) Cyber Café shall not allow any user to use itscomputer resource without the identity of the User being established. The intendinguser may establish his or her identify by producing a document which shall identifythe users to the satisfaction of the Cyber Café. Such document may include any ofthe following :(i) identity card issued by any School or College;(ii) Photo Credit Card or debit card issued by a Bank or Post Office;(iii) Passport;(iv) Voters Identity Card;(v) Permanent Account Number (PAN) card issued by Income-Tax Authority;(vi) Photo Identity Card issued by the employer or any government agency;(vi) Driving License issued by the appropriate government. (2) When an user cannot establish his/her identify to the satisfaction of theCyber Café as per sub-rule (1), he/she may be photographed by the Cyber Caféusing a web camera installed on one of the computers in the Cyber Café forestablishing the identity of the user. Such web camera photographs shall be partof the log register which may be maintained in physical or electronic form. (3) Children without photo Identity card shall be accompanied by an adultwith any of the documents as prescribed in sub-rule (1). (4) In case, the user does not agree to reveal his or her identity or refusesto be photographed as mentioned above, the Cyber Café shall not allow the Userto access any computer resource of the Cyber Café.

(5) Cyber Café shall incorporate sufficient measures, to ensure that theidentity of user availing or accessing the services of the Cyber Café through anymeans is established.
5. Log Register 
: (1) After the identity of the user has been established as persub-rule (1) of rule 4 above, the Cyber Café shall record and maintain therequired information of each user in the log register for a minimum period of oneyear. Also, Cyber Café may maintain an online version of the log register. (2) Cyber Café shall prepare a monthly report of the log register showingdate-wise details on the usage of the computer resource and submit a hard andsoft copy of the same to the person or agency as directed by the licencing agency by 5 th day of next month. (3) The cyber café owner shall be responsible for storing and maintainingfollowing backups of logs and computer resource records for at least six monthsfor each access or login by any user : (i) History of websites accessed using computer resource at cyber cafe(ii) Logs of proxy server installed at cyber café(iii) Mail server logs
Logs of network devices such as router, switches, systems etc. installedat cyber café
Logs of firewall or Intrusion Prevention/Detection systems, if installed.
Cyber Café may refer to “Guidelines for auditing and logging – CISG-2008-01”prepared by Indian Computer Emergency Response Team (CERT-In) for anyassistance related to logs. This document is available at
Management of Physical Layout and computer resource
: (1) Partitions ofCubicles built or installed if any, inside the Cyber Café, shall not exceed four andhalf feet in height from the floor level.
Page 4 of 4
(2) The screen of all computers, installed other than in Partitions or Cubicles,shall face ‘outward’, i.e. they shall face the common open space of the CyberCafé. (3) Any Cyber Café having cubicles or partitions shall not allow minors to useany computer resource in cubicles or partitions except when they areaccompanied by their guardians or parents. (4) All time clocks in the Cyber Café System shall be synchronized with theIndian Standard Time.
(5) All the computers in the cyber café shall be equipped with thesafety/filtering software so as to the avoid access to the websites relating topornography, obscenity, terrorism and other objectionable materials. (6) Cyber Café shall take sufficient precautions to ensure that their computerresource are not utilized for any illegal activity. (7) Cyber Café shall display a board, clearly visible to the users, prohibitingthem from viewing pornographic sites. (8) Cyber Café shall incorporate sufficient preventive measures to disallow theuser from tampering with the computer system settings.
7. Inspection of Cyber Café
: (1) An officer, not below the rank of PoliceInspector as authorised by the licensing agency, is authorized to check or inspectcyber café and the computer resource or network established therein at any timefor the compliance of these rules. The cyber café owner shall provide everyrelated document, registers and any necessary information to the inspectingofficer on demand.

No comments:

Post a Comment