HIDAYATULLAH NATIONAL LAW UNIVERSITY, UPARWARA, NEW

RAIPUR

PROJECT ON:

NEED OF REGULATION FOR CYBER CAFE

SUBMITTED TO SUBMITTED BY

Mr. ATUL S. JAYBHAYE MAHUA DUTTA

SEMESTER VII
Roll. No. 93

SUBMITTED ON
25/10/2018

1
 DECLARATION

I, Mahua Dutta, hereby declare that, the project work entitled, “Need of regulations for cyber cafe”
submitted to H.N.L.U., Raipur is record of an original work done by me under the able guidance of
Mr. Atul S. Jaybhay,Assistant Professor, H.N.L.U., Raipur.

Mahua Dutta

B.A, LL.B (Hons.)

Roll no. 93

VII Semester

2
 ACKNOWLEDGEMENTS

I would like to sincerely thank the Cyber law teacher; Mr. Atul S. Jaybhaye for giving me this project
on “need of regulations for cyber cafe” which has widened my knowledge on the scope and relevance
of it in the study of cyber . His guidance and support has been instrumental in the completion of this
project. Thank you sir.

My heartfelt gratitude also goes out to the staff and administration of HNLU for the infrastructure in
the form of our library and IT lab that was a source of great help in the completion of this project.

I also thank my friends for their precious inputs which have been very helpful in the completion of
this project.

3
 CONTENTS

DECLARATION…………………………………………………………..……………..02

ACKNOWLEDGEMENTS…………………………………………………………...…03

INTRODUCTION……………..…….......................................…………………………..05

 OBJECTIVES…………………………………………………….....……………..……05

 METHODOLOGY……………………………………………………………………...06

 MODE OF CITATION………………………………………………………………….06

 SCOPE OF STUDY………………………………………………………………..……06

CHAPTER 1:- WHAT IS CYBER CAFÉ?................................................................07

CHAPTER 2:- INFORMATION TECHNOLOGY (Guidelines for Cyber Cafe)

RULES, 2011 AND IT’S NEED……….………………….………….…10

CHAPTER 3:- MAJOR OJECTIONS ON INFORMATION TECHNOLOGY

(Guidelines for Cyber Cafe) RULES, 2011…………………..……14

CONCLUSION……………………………,,,………………………………………....…18

REFERENCES…………………………………………………………………………...19

4
 INTRODUCTION

Today, Internet is one of the best inventions in the history of Information Technology sector. The use
of Internet has been increased by leaps and bounds in the world. India has maximum number of
Internet users after China which makes India 2nd most Internet addicted nation. Internet has made life
of the person easy because it provides users with a wide range of Information through its different
sources.One of the salient features of cyber cafes is the fact that they are far less expensive than
personal ownership of computer hardware or software as they make use of the shared access model.
Most cybercafes have printers, scanners and other similar peripherals for customer use. They usually
have high performance computers and are frequently suited for PC gamers. Another feature is that the
average internet speed is faster than home internet, and this helps in reducing the timeouts or any lag
due to interrupted internet connections.

There are many advantages associated with cybercafes. In countries where internet or computer
access is not affordable or available, a cybercafe can provide the benefits of both computers and
internet to the local population. For short durations of time, usage of an internet cafe is cheaper than
renting a computer for computer-related tasks. In most countries, the internet cost at cybercafes is
much cheaper than other alternatives. In many cases, cybercafes have all the necessary accessories
and software for any visitor, making their experience worthwhile.

There are certain drawbacks related to cybercafes. For one, cybercafes are never suited for work-
related or sensitive information, as they have considerable security risks. Additionally, cybercafes are
generally not as comfortable as one's own home. They can be crowded and can sometimes operate on
a limited schedule, thereby limiting the customers' options. At times, downloads at cybercafes can be
limited to preserve bandwidth.

Cyber Café or Internet café has been started with the intention to provide internet services and other
services to its users. It is the place where you can access the Internet, play games, view your emails,
chat with relatives and friends, access videos etc. Cyber Café has become one of the businesses
nowadays where you are charged in exchange of the services. These businesses also provide drinks
and snacks, so the name “café” is attached in it. These café has several computer stations connected

5
to LAN. There are hotels, resorts and ships which provides internet access to the guests. Our own pc
and laptops can be also used by connecting it to cyber cafe’s LAN via wireless connection. Cyber
Café’s also gives training to the person who does not know the usage of internet and other activities
available there. Cyber Café is also defined under Information Technology Act 2000and rules and
regulations are been mentioned under Information Technology Rules 2011.

RESEARCH QUESTION:
What is a Cyber Café and need what is the nedd of regulating an Cyber Cafe ?

OBJECTIVES:
To study concept of cyber café and critically analyse the regulations for cyber café and its need.

RESEARCH METHODOLOGY:
This research project is descriptive in nature. Accumulation of the information on the topic includes
wide use of primary sources such as cases as well as secondary sources like books, articles etc. The
matter from these sources have been compiled and analyzed to understand the concept

6
 CHAPTER 1:- WHAT IS CYBER CAFÉ?

Today, Internet is one of the best inventions in the history of Information Technology sector. The use
of Internet has been increased by leaps and bounds in the world. India has maximum number of
Internet users after China which makes India 2nd most Internet addicted nation. Internet has made life
of the person easy because it provides users with a wide range of Information through its different
sources.One of the salient features of cyber cafes is the fact that they are far less expensive than
personal ownership of computer hardware or software as they make use of the shared access model.
Most cybercafes have printers, scanners and other similar peripherals for customer use. They usually
have high performance computers and are frequently suited for PC gamers. Another feature is that the
average internet speed is faster than home internet, and this helps in reducing the timeouts or any lag
due to interrupted internet connections.

There are many advantages associated with cybercafes. In countries where internet or computer
access is not affordable or available, a cybercafe can provide the benefits of both computers and
internet to the local population. For short durations of time, usage of an internet cafe is cheaper than
renting a computer for computer-related tasks. In most countries, the internet cost at cybercafes is
much cheaper than other alternatives. In many cases, cybercafes have all the necessary accessories
and software for any visitor, making their experience worthwhile.

There are certain drawbacks related to cybercafes. For one, cybercafes are never suited for work-
related or sensitive information, as they have considerable security risks. Additionally, cybercafes are
generally not as comfortable as one's own home. They can be crowded and can sometimes operate on
a limited schedule, thereby limiting the customers' options. At times, downloads at cybercafes can be
limited to preserve bandwidth.

Cyber Café or Internet café has been started with the intention to provide internet services and other
services to its users. It is the place where you can access the Internet, play games, view your emails,
chat with relatives and friends, access videos etc. Cyber Café has become one of the businesses
nowadays where you are charged in exchange of the services. These businesses also provide drinks
and snacks, so the name “café” is attached in it. These café has several computer stations connected
to LAN. There are hotels, resorts and ships which provides internet access to the guests. Our own pc

7
and laptops can be also used by connecting it to cyber cafe’s LAN via wireless connection. Cyber
Café’s also gives training to the person who does not know the usage of internet and other activities
available there. Cyber Café is also defined under Information Technology Act 2000and rules and
regulations are been mentioned under Information Technology Rules 2011.

Registration of Cyber Café

(1) All cyber cafes shall be registered with a URN (Unique Registration Number) through an agency
called as registration agency has been notified by the state Government in this regard. The
requirements of registration shall include:

(i) Name of establishment.

(ii) Address with contact details including email address.

(iii) Whether individual or partnership or sole proprietorship or society or company.

(iv) Name of owner.

(v) Date of Incorporation

(vi) Whether registered or not (if yes, copy of registration with Registrar of Firms or Registrar of
Companies or Societies).

(vii) Type of service to be provided from cyber café

Officer is appointed by the registration agency to inspect the registration of the cyber cafe. It is the
duty of the director to give each and every details to the registration agency so that the details of the
cyber café are been made available on the website of the registration agency. The detailed process of
registration that is followed by the state government is also notified by the central government.

Identification of User

(1) The Cyber Cafe should not allow any person to access the services of cyber café without the
identity of the user. The user has to produce certain documents before having the access to the
services of the cyber café so that proper identification of user is known. Such documents are as
follows:

8
(i)  Identity card issued by any School or College.

(ii) Photo Credit Card or debit card issued by a Bank or Post Office.

(iii) Passport or

(iv)  Voter Identity Card or

(v) Permanent Account Number (PAN) card issued by Income-Tax Authority or

(vi)  Photo Identity Card issued by the employer or any Government Agency or

(vi)  Driving License issued by the Appropriate Government or

(vii) Unique Identification (UID) Number issued by the Unique Identification Authority of India
(UIDAI).

In this way, Cyber Café demonstrates helpful to the individuals who don’t have the web association at
home. In India many individuals go to Internet bistro to complete their everyday online exercises.
Web cafes, or cybercafés, are spots that give administrations of web and different exercises and
consequently clients need to pay them according to the time they have gotten to the administrations.
Web cafes can be set up in genuine eating/drinking foundations, voyage ships, or different sorts of
areas. Other than utilizing the PC workstation, you may likewise have the capacity to print or sweep
reports, contingent upon the Internet cafe. Yet, today the matter of Cyber Café has been declining in
light of the fact that individuals get access of web at home, as they have the wide band association at
home. Building up the cyber bistro is not a major ordeal, it has less prerequisites as contrast with
different organizations however proprietors must be more secure on the grounds that cyber
wrongdoing is been expanding in present day world.

9
CHAPTER 2 INFORMATION TECHNOLOGY (Guidelines for Cyber Cafe)
RULES, 2011 AND IT’S NEED

In exercise of the powers conferred by clause (zg) of subsection (2) of section 87, read with sub-
section (2) of section 79 of the Information Technology Act, 2000 (21 of 2000), the Central
Government hereby makes the following rules, namely:

1. Short title and commencement.― (1) These rules may be called the Information Technology
(Guidelines for Cyber Cafe) Rules, 2011.
(2) They shall come into force on the date of their publication in the Official Gazette.

4. Identification of User : (1) Cyber Café shall not allow any user to use its computer resource
without the identity of the User being established. The intending user may establish his or her identify
by producing a document which shall identify the users to the satisfaction of the Cyber Café. Such
document may include any of the following :

(i) identity card issued by any School or College;

(ii) Photo Credit Card or debit card issued by a Bank or Post Office;
(iii) Passport;
(iv) Voters Identity Card;
(v) Permanent Account Number (PAN) card issued by Income-Tax Authority;
(vi) Photo Identity Card issued by the employer or any government agency;
(vi) Driving License issued by the appropriate government.

(2) When an user cannot establish his/her identify to the satisfaction of the Cyber Café as per sub-rule
(1), he/she may be photographed by the Cyber Café using a web camera installed on one of the
computers in the Cyber Café for establishing the identity of the user. Such web camera
photographs shall be part of the log register which may be maintained in physical or electronic
form.

(3) Children without photo Identity card shall be accompanied by an adult with any of the documents
as prescribed in sub-rule (1).

10
(4) In case, the user does not agree to reveal his or her identity or refuses to be photographed as
mentioned above, the Cyber Café shall not allow the User to access any computer resource of the
Cyber Café.
(5) Cyber Café shall incorporate sufficient measures, to ensure that the identity of user availing or
accessing the services of the Cyber Café through any means is established.

5. Log Register: (1) After the identity of the user has been established as per sub-rule (1) of rule 4
above, the Cyber Café shall record and maintain the required information of each user in the log
register for a minimum period of one year. Also, Cyber Café may maintain an online version of the
log register.
(2) Cyber Café shall prepare a monthly report of the log register showing date-wise details on the
usage of the computer resource and submit a hard and soft copy of the same to the person or agency
as directed by the licencing agency by 5th day of next month.
(3) The cyber café owner shall be responsible for storing and maintaining following backups of logs
and computer resource records for at least six months for each access or login by any user :

(i) History of websites accessed using computer resource at cyber cafe

(ii) Logs of proxy server installed at cyber café
(iii) Mail server logs
(iv) Logs of network devices such as router, switches, systems etc. installed at cyber café
(iv) Logs of firewall or Intrusion Prevention/Detection systems, if installed.

6. Management of Physical Layout and computer resource.— (1) Partitions of Cubicles built or
installed if any, inside the Cyber Cafe, shall not exceed four and half feet in height from the floor
level.
(2) The screen of all computers installed other than in Partitions or Cubicles shall face 'outward', i.e.
they shall face the common open space of the Cyber Cafe.
(3) Any Cyber Cafe having cubicles or partitions shall not allow minors to use any computer resource
in cubicles or partitions except when they are accompanied by their guardians or parents.
(4) All time clocks of the computer systems and servers installed in the Cyber Cafe shall be
synchronised with the Indian Standard Time.

11
(5) All the computers in the cyber cafe may be equipped with the commercially available safety or
filtering software so as to avoid as far as possible, access to the websites relating to pornography
including child pornography or obscene information.
(6) Cyber Cafe shall take sufficient precautions to ensure that their computer resource are not utilised
for any illegal activity.
(7) Cyber Cafe shall display a board, clearly visible to the users, prohibiting them from viewing
pornographic sites as well as copying or downloading information which is prohibited under the law.
(8) Cyber Cafe shall incorporate reasonable preventive measures to disallow the user from tampering
with the computer system settings.
(9) Cyber cafe shall maintain the user identity information and the log register in a secure manner.
(10) Cyber cafe shall also maintain a record of its stafr for a period of one year.
(11) Cyber cafe shall not misuse or alter the information in the log register.

7. Inspection of Cyber Café : (1) An officer, not below the rank of Police Inspector as authorised by
the licensing agency, is authorized to check or inspect cyber café and the computer resource or
network established therein at any time for the compliance of these rules. The cyber café owner shall
provide every related document, registers and any necessary information to the inspecting officer on
demand.

NEED OF CYBER CAFÉ REGUALTION

Various risks are inherent in the role of a Cyber Cafe operator. However, considering their
importance in this cyber age, it is imperative that their business must go on. There have been various
cases in India where cyber cafe owners have been put behind bars for the misuse of their computer
systems by their customers, when we kept wondering why the innocent cyber cafe owner was being
made liable for the offence committed by his customers. Cyber cafes have always acted as an easy
medium for the commission of illegal activities in cyberspace and Cyber Cafe operators have many
times been implicated for the acts of their customers. 

In the first week of January, 2009, several mails were sent to some of the IT companies of Bangalore,
from a Cyber Cafe, threatening terrorist attacks. There have been many such instances in the past

12
where Cyber Cafes have been used, as a medium, for either real or false terrorist
communication. Several Cyber Crimes such as stealing of online banking passwords and consequent
fraudulent withdrawal of money have also occurred through Cyber Cafes. Cyber Cafes have often
been used for sending of obscene mails to harass people. Keeping in view these instances, Cyber
Cafes have been regarded as one of the key intermediaries which need to be regulated. Therefore, in
order to regulate Cyber Cafes, several States had passed various regulations, some under the
Information Technology Act, 2000 and some under the State Police Act.

The issue of liability of Cyber Cafe operators has gained importance with the increase in offences
being committed using them as a medium. They are being held for abetting these offences by
providing the necessary infrastructure for the commission of the offence. 

Earlier, the liability of cyber cafe operators was not directly discussed under the Information
Technology Act, 2000 but it was implied within the term “Network Service Providers" and they were
required to observe due diligence which was stipulated under the erstwhile Section 79 of the Act, in
order to evade the liability for the offences being committed by using their facilities. However, the
amendments in the Act in the year 2008 made the liability direct.

If there is any allegation against the operator under the Act, rules or regulations, for any third party
data made available by using his facilities, he shall not be liable if he is able to prove that the offence
was committed without his knowledge or that he exercised all the due diligence to prevent the
commission of that offence. However, in this case, the onus of proof lies on the operator to prove that
he exercised due diligence.

13
 CHAPTER 3- MAJOR OJECTIONS ON INFORMATION TECHNOLOGY
(Guidelines for Cyber Cafe) RULES, 2011

Statutory rules ought to be framed and notified not only in time but utmost care and caution should also
be exercised in their formulation and finalization so as to get rid of any avoidable discrepancies. As far
as possible, the aim should be to prevent needless litigation arising subsequently from badly framed
rules. Unfortunately, the Cyber Café Rules have been poorly drafted, contain several discrepancies and,
more seriously, may impinge upon constitutionally guaranteed freedoms of Indian citizens.

These specific objections are in addition to the above-stated general objection, and do not detract from
out recommendation that these rules should be deleted in their entirety.

Rule 2(c): “Cyber Cafe” means cyber café as defined in clause (na) of sub-section (1) of section 2 of
the Act

Objection: The Act defines a cyber cafe as meaning “any facility from where access to the internet is
offered by any person in the ordinary course of business to the members of the public”.  This would
include internet access provided in airports, in restaurants, and in many other places where the
provisions of these rules (such as those about height of partitions, etc.) just will not be practicable. 
Thus, this provision will have unintended consequences.

Rule 3: Agency for issuance of license: Appropriate government will notify an agency to issue license
to cyber cafes.

Objection: Rule 3 requires the issuing of a license for the establishment of a cyber café. We believe
this is unwarranted since cybercafes, like most commercial establishments are already subject to
registration and licensing under the “Shops and Establishments Acts” which have been enacted in all
states. These Acts already specify an elaborate procedure for the application, registration and
monitoring of all establishments and there is no need to multiply the levels of permission a cyber café
must obtain. The current rules do not specify an application procedure, fee, and a maximum or
minimum time frame within which such a license must be granted or denied nor does it specify the
criterion on which such license applications will be evaluated. We think that in the absence of such
legislative guidance, this provision is likely to be abused. Cyber cafes in India contribute greatly to
India’s increasing internet penetration and inserting a licensing regime would greatly impede access to

14
the internet.We believe that cyber cafes should be allowed to be established in the same manner as
other shops and establishments, without the requirement of a special license.

Rule 4(2): When an user cannot establish his/her identify to the satisfaction of the Cyber Café as per
sub-rule (1), he/she may be photographed by the Cyber Café using a web camera installed on one of the
computers in the Cyber Café for establishing the identity of the user.

Objection: Sub-Rule 4 (2) Requires that if an individual is unable to establish identity, their
photograph must be taken if they wish to use cyber café facilities. We believe that an individual’s
photograph should be taken only as a last resort, where identity has been established.

Rule 4(3): Children without photo identity card shall be accompanied by an adult with any of the
documents as prescribed in sub-rule (1).

Objection: We recommend that children below 18 years should be specifically exempt from proving
their identities to cyber café owners. Children are usually the quickest to adopt technology, and the
requirement of possessing a valid identity might prove to be a deterrent to their developing computer
skills. Likewise, being accompanied by an adult is also an onerous obligation since children’s access to
the internet would depend on the availability of an adult/parent who may be too busy to accompany the
child on every occasion the child wishes to access the internet or use a computer.
To reiterate, we feel that the current provision specially and adversely targets children from poorer
classes (since they are most likely to routinely access internet through cyber cafes) and denies them the
opportunity of developing their computer skills which are crucial for the growth of the “knowledge
economy” that India is trying to head towards.

In addition, we believe that children are more susceptible to exploitation and consequently have a
heightened privacy expectation which must be honoured. We recommend that the current sub-rule be
deleted and replaced with a clause which specifically exempts children from proving their identity and
forbids taking photographs of them under any circumstance.

15
Rule 5(1): Log Register: After the identity of the user has been established as per sub-rule (1) of rule 4
above, the Cyber Café shall record and maintain the required information of each user in the log
register for a minimum period of one year. Also, Cyber Café may maintain an online version of the log
register.

Objection: Rule 5(1) Provides a minimum period of one year that Cyber Cafes must retain their log
registers. The rule does not specify the details which the log register must provide. In the interests of
minimising threats to privacy, we recommend that these details recorded be confined only to the name
and duration of use. In addition, there should also be a coinciding mandatory deletion clause for the log
register requiring details to be purged after the minimum retention period.

Rules 5(3)and 6(2): “The cyber café owner shall be responsible for storing and maintaining following
backups of logs and computer resource records for at least six months for each access or login by any
user :
·    History of websites accessed using computer resource at cyber cafe
·    Logs of proxy server installed at cyber café
·    Mail server logs
·    Logs of network devices such as router, switches, systems etc. installed at cyber café
·    Logs of firewall or Intrusion Prevention/Detection systems, if installed.”
Rule 6(2): “The screen of all computers, installed other than in Partitions or Cubicles, shall face
‘outward’, i.e. they shall face the common open space of the Cyber Café.”
Objection: We recommend deletion of this rule since it is an unreasonable intrusion into a person’s
privacy and an indirect attempt to censor content which users may wish to access. There are many uses
of the internet for which a user may legitimately require privacy: For instance, patients, including HIV
patients and those with mental illness, may wish to obtain information about their condition. Similarly
sexuality minorities may wish to seek support or reach out to a larger community. Enforcing the
architecture stipulated in this rule would discourage their access to such vital information. In addition,
this architecture would make it easier for cyber crimes such as identity theft to take place since it would
be easier to observe the login details of other users at the cyber café.

16
Rule 7(1) Inspection of Cyber Café : “An officer, not below the rank of Police Inspector as authorised
by the licensing agency, is authorized to check or inspect cyber café and the computer resource or
network established therein at any time for the compliance of these rules. The cyber café owner shall
provide every related document, registers and any necessary information to the inspecting officer on
demand.

Objection: We recommend this clause be omitted since it confers unfettered and unsupervised powers
on any Police Inspector to examine any cyber café premises he may choose without any restriction on
time.
Additionally, the provisions of Shops and Establishments Acts of most states already prescribe a
procedure for inspection of establishments and examination of records. The current rules merely add
another layer of supervision to the existing laws without adequate safeguards.

Objection: Sub-Rule 5(3) holds cyber café owners responsible for the storage and maintenance of
back up logs concerning the following information: history of websites, logs of proxy servers, mail
server logs, logs of network devices, logs of firewalls installed. We believe that the maximum length
for retention of this data should be defined and a mandatory deletion clause should be inserted requiring
cyber café owners to delete these logs periodically. We further believe that access to the history of
websites and mail server logs is a serious invasion of a person’s privacy, and should be omitted from
the back up logs.
This is especially so when currently there is no requirement that cyber café owners maintain their logs
under conditions of utmost secrecy and confidence.

17
 CONCLUSION

Today, Internet is one of the best inventions in the history of Information Technology sector. The use
of Internet has been increased by leaps and bounds in the world. Internet has made life of the person
easy because it provides users with a wide range of Information through its different sources.One of
the salient features of cyber cafes is the fact that they are far less expensive than personal ownership
of computer hardware or software as they make use of the shared access model.

Various risks are inherent in the role of a Cyber Cafe operator. However, considering their
importance in this cyber age, it is imperative that their business must go on. There have been various
cases in India where cyber cafe owners have been put behind bars for the misuse of their computer
systems by their customers, when we kept wondering why the innocent cyber cafe owner was being
made liable for the offence committed by his customers. Cyber cafes have always acted as an easy
medium for the commission of illegal activities in cyberspace and Cyber Cafe operators have many
times been implicated for the acts of their customers. 

The issue of liability of Cyber Cafe operators has gained importance with the increase in offences
being committed using them as a medium. They are being held for abetting these offences by
providing the necessary infrastructure for the commission of the offence. 

Earlier, the liability of cyber cafe operators was not directly discussed under the Information
Technology Act, 2000 but it was implied within the term “Network Service Providers" and they were
required to observe due diligence which was stipulated under the erstwhile Section 79 of the Act, in
order to evade the liability for the offences being committed by using their facilities. However, the
amendments in the Act in the year 2008 made the liability direct.

As a part of the rules being finalized to supplement India’s Information Technology Amendment Act
2008, which, lest we forget, was hurriedly passed without debate in Parliament, a set of
rules governing Cyber cafes in India has been outlined. Our take on these rules are not consumer
friendly, tedious to follow for businesses, and  enforced it ended choking public access Internet in the
country, whether through Cyber cafes or at Wifi hotspots, which would cover all regular cafes that
offer Internet access, the airport, where some telcoms allow access, or even on-campus connectivity. 

18
 REFERENCES

 https://www.cps.gov.uk/legal-guidance/competence-and-compellability
 http://shodhganga.inflibnet.ac.in/bitstream/10603/8788/11/11_chapter
 http://www.wipo.int/edocs/lexdocs/laws/en/in/in100en.pdf
 https://cis-india.org/internet-governance/blog/cyber-cafe-rules
 https://blog.ipleaders.in/cyber-cafe

19