A glimpse into CERT-IN: An interview with Dr. Gulshan Rai

Sarai I-Fellowship Post 4.1

I had first met Dr. Gulshan Rai back in early 2006 when I was part of the Law and Technology Committee here at the National Law School, to publicize the first issue of the Indian Journal of Law and Technology. Dr Rai is an official with the Department of Information Technology, Ministry of Communications and Information Technology, Government of India, heading (at least at that time) ERNET (Education Resource Network) and part of the cyber laws drafting section, but far more famous for his role as head of the Computer Emergency Response Team for India, commonly knows as CERT-In. Originally set up on the pattern of Computer Emergency Response teams worldwide to deal with matters pertaining to analyzing and issuing advisories concerning internet security matters (i.e. with respect to viruses, worms, cracking attempts on servers etc), CERT-In was later oddly enough empowered to review requests for blocking website and order for the same to be complied with by means of Notification G.S.R.181(E) issued by the Department of Information Technology, Ministry of Communications and Information Technology on 27th February 2003. Granted this, plus Dr. Rai's considerable history with respect to technology law legislation in India owing to his involvement in the drafting of the Information Technology Act, 2000 I thought he would be a perfect person to interview in order to get into a glimpse of the plans and general approach towards Internet regulation matters at the central level of the Department of Information Technology.

I've posted a rough draft transcript of the audio record of my interview with Dr. Gulshan Rai in June 2007 up on Google Documents here. Once I convert the audio record into a usable digital format, I'll try posting that along with a further cleaned up version of the transcript.

Without going into every detail, the interview was quite interesting in several respects. Perhaps the most noticeable was the constant assertion that the Indian Government did not seek to "censor" the Internet in any way. That term in fact seemed to be anathema with Dr. Rai repeatedly going out of his way to state that it was the Government's aim to censor online content. Arguably, this would seem to be a fallout of the immense negative publicity that the Government in general and CERT-In specifically received due to the blog blocking controversy of July, 2006. Trying to find out more about that incident specifically was a dead end, with him pointedly stating that he did not want to touch upon that the details of that matter at all. He did reveal two interesting points though. Firstly, with respect to the authority under which the aforementioned notification was made empowering CERT-In to act as a nodal agency for site blocking, he said that it was under Section 67, dealing with obscenity, and Section 69, which actually only deals with the power to intercept and decrypt information. This is interesting since it seems to confirm the argument that the notification really doesn't have any explicit legislative authority, since these sections of the Information Technology Act doesn't talk about the general power to block sites anywhere. Secondly, on the point of dissent to site blocking, especially in relation to the blocking of blogs in July 2006, he put the source of all the protest raised as originating from bloggers who had lost access to their facilities and to the media, but of whom the latter had changed its stance concerning Internet regulation now. Essentially, citing Barkha Dutt of NDTV as an example for some reason, he said that incidents of defamation and stalking using networking sites like Orkut had made people change their minds since they were aware that the use the Internet "to malign anybody!". Using this, he seemed to be indicating that the need for the Government so have structures and mechanisms in place by which online content could be dealt with in certain circumstances was now accepted by the Indian public. However, with the exception of instances of defamation, he seemed to be strenuously avoid indicating in clear terms what other instances would necessitate the exercise of the power of the Government regulate Internet content, most notably with regards political speech and possible security related matters.

Notably, Dr. Rai seemed to agree with the oft-quoted position that the cultural background of nations such as the United States (of particular interest due to the fact of the regulation of speech and expression on the Internet being particularly focused upon and subject to oft-successful challenges) being different than that of India meant that we have to look at such matters in somewhat a different way owing for our particular conceptions regarding permissible speech. Yet, he went out of his way to dissuade any comparisons to China, stating that it was a dictatorship while India was a democracy. This emphasis on India's democratic protection of free speech even went to the point of claiming that it was more free than that of the US! Its an interesting reaction to all the negative publicity concerning the actions of the Indian Government in recent times with respect to Internet regulation.

It seemed to be a well accepted point from his various statements that the Internet was definitely regarded by the Government to be situated within the ambit of the power of the State to regulate. However, what seemed to be lacking here vis-a-vis such situations in other comparative nations was the clarity (at least with respect to what's accessible generally by the public) as to the rationale and authority for such regulation by the State, along with the question of whether any clear, explicit policy statements for how the State planned to engage in the same in the future. He was not able to clearly say as to how various proposed state level laws concerning the regulation of cybercafes were going to be taken up and coordinated, and also as to whether and how Parliament was going to address such issues in the form of legislation besides the proposed Information Technology Act Amendments (Notes: This was before the latest draft amendments, which now refer to CERT-In with respect to website blocking). He was clear however that encryption was one matter that the State had situated within its network of control. On the more sensitive matter of installing controls at the level of gateway servers in India, he placed it within the realm of the hypothetical and hence not answerable. More interestingly, he said that he had no information at all concerning the monitoring of Internet communication in India - he did not in any way say that it was in fact no happening but instead claimed that he knew nothing about it. It would seem that in that respect, the Indian State refuses to allow any peek into many aspects of its instruments and structures of power and control over speech and expression on the Internet. Its therefore an issue that begins with transparency as to current structures and proposed mechanisms, and whether the State can in fact do so as per the restrictions cast on it by our constitutional norms and legal framework.