CERT India is the apex authority in India for Cyber Safety. It is therefore having a responsibility to take action whenever a complaint is brought to their attention as well as when they otherwise have information of a Cyber threat.

 Normally CERT acts in the case of technical threats such as Viruses or security vulnerabilities observed. A question arises if CERT has a similar responsibility when there is an attack on the moral fabric of the society. This has come up for discussion through the following event.

On 28th of this month, existence of a sinister website was brought to the notice of Naavi.org. It was felt that the website was of such nature as to warrant immediate criminal action against the owners. However in order to find out the owners, there would be a need for a thorough investigation which can be done only with the intervention of CERT and CBI. Naavi.org therefore brought the need for action to the notice of CERT. However, the current published procedure in such complaints require such requests to emanate from either the DGP of a State or an appropriate Court etc and there is a possibility that if CERT decides to stick to the procedure, action would be delayed.

We therefore request through these columns that Ministry of Information Technology(of which CERT is a part) amends its procedures for receiving complaints by CERT by enabling public spirited persons lodge complaints directly with CERT. Simultaneously, in order to ensure prompt action in deserving cases, CERT should be made responsible to file a “Compliance Statement” on all public complaints received, preferably through a transparent web based information system.

 It may be recalled that the ongoing ITA amendment exercise seeks to make CERT a powerful apex authority for Cyber Security in India with quasi judicial powers. At the same time there is a public demand for RTI coverage of Judiciary. Under such circumstances it is necessary that CERT should take voluntary steps to open its doors of complaint to the public and to respond them in a professional manner. We hope that “Due Diligence” which is mandated on all IT users under ITA 2000 is also mandated for CERT so that in the event no action is taken by CERT when it was warranted, it would be deemed as a violation of ITA 2000.

Naavi of www.naavi.org

Be Sociable, Share!