A front-page report appeared today (April 8, 2009) in Times of India (Bangalore-India ) titled “E Mail Providers will need to have servers in India”. The report credited to a reporter by name Vinay Madhav made further comments which appear to have arised on a wrong analysis of the provisions and have the effect of misleading the public. Hence this clarification.
Presently the amendments have been passed by the Parliament and gazetted. The rules are under formation. We donot know if the report is based on any leak from the Ministry about the proposed rules or simply a speculation of the media to spread misinformation about the amendments as what TOI had done earlier. (Refer article: Please do not try to manipulate public opinion with planted stories )
The report suggests that the amendments require Indian nationals to be provided e-mail addresses only in the .in domain and hence there will be a need for consumers to change their e-mail IDs consequent to the new regulations.
The amendments have prescribed
a) Intermediaries need to retain data as may be prescribed for designated periods. (We may recall that on April 6th, UK also notified a similar data retention guideline)
b) Intermediaries need to submit “Traffic data” when called for by a designated agency.
c) Intermediaries need to follow “Reasonable Security Practices” as may be prescribed
d) Intermediaries need to exercise “Due Diligence” in providing their services
There is no specific recommendation that the e-mail servers have to be in India even though this may be contemplated as part of the rules to be notified. Even the IT Vision document of BJP has indicated its desire to encourage hosting services to be run from India as a part of moving the business into India for its economic benefit.
Even if the servers are located in India, there is no reason why the users need to be compelled to change their e-mail addresses. e-mail identities are as important as domain name identities and people have built them over time. Many have also obtained digital signature certificates tagged to the respective e-mail IDs. Hence if there is any crazy idea of “Only .in addresses to be used by Indian Citizens”, it needs to be nipped in the bud. To the best of my knowledge, the persons framing the rules are not so naive as to prescribe such a condition.
Presently public in India have invested more than Rs 100 crores in digital signatures and a majority of them are on gmail.com addresses. If these are made “illegal” there will be a loss of RS 100 crores to the Indian public and I am sure that Ministry of Communications and Information Technology will take this into account while framing the rules.
It is true that if the servers are located in India, the law enforcement may have better monitoring over them. In fact ITA 2008 enables the Government to intercept, monitor, decrypt messages or even block websites. As it happened in the case of Blackberry case, law enforcement is worried about terrorists hiding their nefarious activities under the “Privacy Protection” measures undertaken by the e-mail/mobile service providers. Such monitoring would be easy if the servers are situated in India.
In fact, in recent days, Yahoo and Google are both hiding the IP address of senders of e-mail and providing their own proxy addresses. As a result, the law enforcement has to every time demand IP address details from the e-mail service providers to assist in their investigation or intelligence activities. There is a loss of time in the process and the delay only assists criminals. Hence location of servers in India is desirable from law enforcement view. This however does not require change of e-mail address.
There is no doubt that there are Civil Liberty concerns on the powers conferred on the Government agencies by the amendments. But this unfortunately is a trend all over the world and electronic surveillance is part of Government functions even in USA, UK, Australia or elsewhere. In the current era of terrorist threats, it is necessary for the law enforcement to be given enough powers. ITA 2008 has done just that.
If abuse of these powers have to be prevented, we need a “Netizen Rights Commission” or “Netizen Protection Advisory Group”.
In summary, we can say that the amendments donot propose that Indians need to give up their .com e-mail addresses and switch to .in addresses. Hence concern on this appears to be misplaced.
I would like the media to focus more on the “Safeguards” that ITA 2008 has suggested under Sections 69, 69A and 69B rather than focusing only on the difficulties of the “Intermediaries”.
Naavi
Loading ...
5 users commented in " Times of India appears to be wrong on ITA 2008 amendments "
Follow-up comment rss or Leave a TrackbackThis is insane. I do not know who is giving these stupid ideas to Indian government. The proposed server approach is not going to serve any purpose. This is just another excuse to extend the surveillance powers over Indians in an illegal manner. This may be the reason why Indian government has withdrawn the recent amendments and abstained from implementing them. The proposed amendments have already provided enhanced surveillance powers to Indian govt. I hope after the elections the Indian govt would start thinking rationally so that India may have good laws and effective cyber security. Otherwise morons would keep on ruling India and make absurd laws and experiments.
Act has already been gazetted and not withfrawn. Information posted by John is incorrect.
Rules are under formation in consultation with the industry representatives.
Very confusing. The amendment has been notified or not? The bill has been withdrawn or notified? Can anybody give me a link where the amended bill has been notified as i tried all sites but with no info?
Naavi is the act notified or simply published in gazzette for public information? Because if it is the former, the govt must have informed the same? If the act has not been notified it must be withdrawn. I have read the opinion of other experts as well but nowhere i could find the notification. Kindly clarify.
Act has been notified. Rules are under formation. Once the rules are finalized, the rules will be notified along with the date of effect of the provisions of the Act.
Rajesh the Bill has received the assent of the president and become the Act. However, the Act 2008 is of no legal significance till concerned provisions of a section(s) or the entire Act is “notified” by the central govt u/s 1(2). The legal position is that till now only IT Act, 2000, as unamended, would govern the position.
Naavi is right in his assertion that the Bill has become the Act but wrong in assuming that it has legal significance even without notification.
For instance, the Delhi Rent Control Act, 1995 has received the President;s assent but till now it has not been notified. So Delhi is still governed by the 1958 law in this regard.
Naavi seems to be over exicted over the matter and is simply ignoring the fact of non notification.
Leave A Reply