CERT-in may be exempted from giving information under RTI Act, says the Centre
- The Indian Computer Emergency Response Team (CERT-in) may soon be exempt from responding to queries under the Right to Information Act, the government informed Parliament on Friday.
- The Department of Personnel and Training has reviewed a proposal from the Ministry of Electronics and Information Technology to include CERT-in in the Second Schedule to the RTI Act, which deals with exempted organizations like the Central Bureau of Investigation (CBI) and the Border Security Force.
Points to ponder:
- The Indian Computer Emergency Response Team (CERT-in) may soon be exempted from responding to queries under the Right to Information Act.
- The proposal to include CERT-in in the Second Schedule to the RTI Act, which deals with exempted organizations like the CBI and the Border Security Force, is under review.
- Inter-departmental consultations are ongoing to examine the proposal, with the Ministry of Law and Justice participating.
- If the exemption is granted, CERT-in will be able to reject any application for information, including policy-related matters.
- CERT-in coordinates with public and private organizations in India to address cyber incidents like data breaches and ransomware attacks, and issues advisories for software vulnerabilities as guidance for organizations.
- In April 2022, CERT-in issued directions that required VPN providers and cryptocurrency firms to preserve data on all users. These directions are being challenged in the Delhi High Court.
- Several VPN providers have pulled their servers out of India in protest of the directions, arguing that they compromise users’ privacy on the internet.
- When deliberations on exempting CERT-in from the RTI Act were first reported in May 2022, the Delhi-based Internet Freedom Foundation expressed concerns about the lack of transparency this would create. The Foundation noted that CERT-In requires logs from users but does not want to be transparent in return.
- CERT-In is the national coordination point for reacting to computer security incidents as they arise. The Indian Cyber Community is CERT-In’s community. Cert-In was founded in 2004 as a Ministry of Electronics and Information Technology specialized organization.
- The IT Act of 2008 designated CERT-In as the national organization in charge of the following cyber security duties:
- Collection, analysis, and dissemination of data on cyber incidents.
- Forecasting emergencies relating to cyber security incidents.
- Emergency solutions for handling cyber security incidents
- Coordination of cyber incident response activities.
- Issue protocols and advisories on vulnerabilities.
- Security drills, procedures, and prevention of cyber activities.