CERT-in’s RTI Exemption: Centre’s Proposal

CERT-in's RTI Exemption: Centre's Proposal

CERT-in may be exempted from giving information under RTI Act, says the Centre

#GS02

Context:

  • The Indian Computer Emergency Response Team (CERT-in) may soon be exempt from responding to queries under the Right to Information Act, the government informed Parliament on Friday.
  • The Department of Personnel and Training has reviewed a proposal from the Ministry of Electronics and Information Technology to include CERT-in in the Second Schedule to the RTI Act, which deals with exempted organizations like the Central Bureau of Investigation (CBI) and the Border Security Force.

Points to ponder:

  • The Indian Computer Emergency Response Team (CERT-in) may soon be exempted from responding to queries under the Right to Information Act.
  • The proposal to include CERT-in in the Second Schedule to the RTI Act, which deals with exempted organizations like the CBI and the Border Security Force, is under review.
  • Inter-departmental consultations are ongoing to examine the proposal, with the Ministry of Law and Justice participating.
  • If the exemption is granted, CERT-in will be able to reject any application for information, including policy-related matters.
  • CERT-in coordinates with public and private organizations in India to address cyber incidents like data breaches and ransomware attacks, and issues advisories for software vulnerabilities as guidance for organizations.
  • In April 2022, CERT-in issued directions that required VPN providers and cryptocurrency firms to preserve data on all users. These directions are being challenged in the Delhi High Court.
  • Several VPN providers have pulled their servers out of India in protest of the directions, arguing that they compromise users’ privacy on the internet.
  • When deliberations on exempting CERT-in from the RTI Act were first reported in May 2022, the Delhi-based Internet Freedom Foundation expressed concerns about the lack of transparency this would create. The Foundation noted that CERT-In requires logs from users but does not want to be transparent in return.

CERT-IN

  • CERT-In is the national coordination point for reacting to computer security incidents as they arise. The Indian Cyber Community is CERT-In’s community. Cert-In was founded in 2004 as a Ministry of Electronics and Information Technology specialized organization.
  • The IT Act of 2008 designated CERT-In as the national organization in charge of the following cyber security duties:
  1. Collection, analysis, and dissemination of data on cyber incidents.
  2. Forecasting emergencies relating to cyber security incidents.
  3. Emergency solutions for handling cyber security incidents
  4. Coordination of cyber incident response activities.
  5. Issue protocols and advisories on vulnerabilities.
  6. Security drills, procedures, and prevention of cyber activities.