November 28, 2023 at 01:38AM
India’s Computer Emergency Response Team (CERT-In) has been granted immunity from Right To Information (RTI) requests. The reasons for the exemption are unknown, but it comes after an embarrassing incident where an RTI request revealed low compliance with CERT-In’s infosec incident reporting requirements. This move has been criticized by the Internet Freedom Foundation (IFF) for weakening public rights and accountability. The exemption joins CERT-In with 26 other intelligence and security organizations already exempt from the Act.
Key takeaways from the meeting notes:
– India’s government has granted its Computer Emergency Response Team, CERT-In, immunity from Right To Information (RTI) requests.
– CERT-In faced criticism due to an embarrassing case related to an RTI request.
– India implemented a requirement for businesses to report infosec incidents to CERT-in within six hours, which received local and international criticism.
– The reporting requirements even applied to cloud operators, which sparked opposition from Big Tech.
– CERT-In did not explain how it would handle and analyze the influx of data.
– MediaNama’s RTI request revealed that only 15 entities had complied, while India recorded a significant number of cybersecurity incidents.
– The exemption of CERT-In from the Right To Information Act has drawn criticism from the Internet Freedom Foundation (IFF).
– IFF believes that the exemption weakens accountability and erodes the rights of the people.
– According to IFF, any exemption from the RTI should be presented before parliament, but it’s uncertain if this will happen for CERT-In.
– Activists are concerned about the impact of the RTI ban on learning more about state-sponsored attacks on Apple devices.
– India’s IT minister, Rajeev Chandrasekhar, has not made any comments regarding the change and has focused on deepfakes instead.
– CERT-In joins 26 other intelligence and security organizations that are already exempt from the Act.