Weaving a web of terror

The rules to ensure cyber security are stringent. But they are seldom followed. Subimal Bhattacharjee writes.

india Updated: Sep 08, 2011 21:25 IST
Subimal Bhattacharjee
Subimal Bhattacharjee
Hindustan Times

The bomb blast outside the Delhi high court on Wednesday has once again shown the involvement of cyberspace in terrorism. An internet cafe in Kishtwar, Jammu and Kashmir, was used to send an email to two media houses, notifying the motives behind the blast.

An email was sent from harkatuljihadi2011@gmail.com from the Global Internet Café, thereby identifying the militant group: Harkat-ul-Jihad-al-Islami (HuJI).

The police have detained the owner of the cyber café and his brother and the records of the users are being analysed. A second email came from the Indian Mujahideen on Thursday.

Hopefully, the digital trace of these emails and the physical chase would help in nabbing the culprits.

The issue remains that terrorists strike and use technology to support the strikes despite the stringent rules laid down by the government for monitoring cyberspace and internet cafes.

In the blasts preceding the 26/11 Mumbai incident, particularly the one in the Samjhauta Express in 2007 and in Mumbai in July 2006, cyber cafés were used by terrorists and their sympathisers. After these strikes, the law enforcement agencies started keeping a watch over them.

These efforts got a boost when in April this year the department of information technology notified the rules for cyber cafes on April 11. According to these rules, all cyber cafes were asked to register with a state-level registration agency.

Unfortunately, this move is yet to be implemented. Likewise, there are clearly defined steps for the identification of users like keeping an identification proof of the users.

However, most café owners still don’t follow this. Further, the cyber cafes are supposed to keep a record of the identification document in either a digital or physical form for at least one year. The identity of anyone accompanying a user must also be verified. But none of these are being followed.

The rules also require the creation of a logbook for records of the users to be maintained on a monthly basis. These records should be stored and backups must be maintained for all the websites visited by a user and also the logs of proxy servers installed at a cyber café.

The provision for regular and surprise inspection was also mentioned.

In other words, the rules to operate cyber cafés are quite stringent. But the fact remains that cyber café owners, despite the threat of punishment, don’t follow these rules as it impacts their business.

Now the issue is how the situation can be addressed and whether tough cyber laws and rules can really deter terrorists and criminals from using the internet.

Also, should cyber cafés be blamed? In this particular case, even the email address should have raised an alarm with the service provider when it was being registered as HuJI.

The Delhi blasts only prove that there needs to be much more coordination among law enforcement agencies and service providers on a daily basis.

(Subimal Bhattacharjee heads a defence multinational in India and writes on cyberspace and security issues. The views expressed by the author are personal)

First Published: Sep 08, 2011 21:23 IST