" Forbidden
              You were denied access because: 
               Access denied by access control list"

These were the words that thousands of computer users in India stared at when they attempted to access http://groups.yahoo.com. The fateful day was the 23rd of September 2003. The preparation for this assault had been in progress for a few months.

On the 27th of February, 2003 , the Computer Emergency Response Team (CERT-In) had been set up to function under the Union Government's Department of Information Technology (DoT). The CERT-In had supposedly been constituted under the provisions of Article 67 and 68 of the Information Technology(IT) Act of 2000 and designated as the sole authority to block web sites. A directive was issued five months later, stating which officials could issue orders and on what grounds.

In a notification dated Aug 10th 2003, Jayant Kumar, director of the DoT asked Indian Internet Service Providers (ISP's) to block access to the Yahoo group, Kynhun.

Kynhun was a yahoo group linked to the outlawed "Hynniewtrep National Liberation Council,", a minor separatist group from the North-Eastern state of Meghalaya, which espoused the case of the Khasi tribe. The reason stated for the blockage was that the group, "contained material against the Government of India and the state government of Meghalaya". At the time of notification, Kynhum had a membership of some 25 individuals with an average of 3 posts a month. Articles included calls for independence, corruption in the administration, police brutality against minorities and lack of public infrastructure in the state. Some articles were written in the native language of the Khasi people and apparently called for violence against other ethnic factions in the state and the ruling authorities. [1]

Apparently an earlier request had been made by the DoT to Yahoo India to block access to Kynhun. Yahoo India responded saying that the group was hosted in the main Yahoo Groups site and not in India. Yahoo inc. based in Sunnyvale California, when contacted with the request, refused to comply. In the year 2000 Yahoo had been requested by French authorities to bring down a pro-Nazi site. Initially Yahoo complied and removed a large part of the content but later took the matter to the United States Supreme Court, which ruled that Yahoo's compliance with the French request would be unconstitutional under US law.

The DoT notification was then sent out to Indian ISP's. Most Indian ISP's, especially top-level ISP's lacked the expertise to block access to a specific Yahoo group. They resorted to blocking Kynhun's IP address, which is the same as that of the Yahoo Groups web site. The net result was that every computer user in India, connected to the Internet and attempting to access Yahoo Groups was presented with the ominous words , " Forbidden ...."

What followed was a period of desperation and confusion on the part of Indian netizens as the various parties indulged in a blame game. The DoT pointed out that the request was made to block Kynhun and not Yahoo Groups. Top level ISP's contested that under the provisions of the IT act of 2000, they were responsible for content served to end users and had no option but to comply with the notification. Since they lacked the expertise to block a specific site they blocked the entire IP address. Smaller ISP's contested that since the top level ISP's had blocked the IP itself , there was nothing much that they could do.

Indian citizens flooded the site of the CERT-In calling the action arbitrary and unconstitutional. While most were concerned that it was the issue of free speech and democracy at stake, others questioned the legality of the CERT-In itself.

The CERT-In had been constituted under the provisions of Sections 67 and 68 of the Information Technology Act of 2000 by executive orders. Interestingly this section deals with the definitions of cyber obscenity, the cyber regulatory advisory committee and punishment for cyber crime. It has no provision for the creation of a body like CERT-In.

More interestingly, the IT act states that the government can intercept electronic and mobile communications. It has no provision to block content.

The Yahoo group blockage continued for 2 weeks. Finally, the ban was quietly lifted. At the end of this whole episode, the little known group Kynhun received a lot of unexpected publicity. Its membership rose to 214 with 24 posts in the first 4 days of this incident. India joined the not so enviable ranks of Russia, Burma, China and countries in the middle east that resort to blanket bans. The CERT-In received considerable negative publicity.

The CERT-In still exists. The IT act of 2000 remains unchanged. Interestingly, the Kynhun site is still up and accessible, with one member and no posts. Discussions on the provisions of the IT act of 2000 and issues relating to cyber crime, privacy, policy and data protection in India remains scant.

*************************************************************

Here are the url's of the major players in this Act.

The Department of Information Technology.

The Computer Emergency Response Team, India

The Kynhun group

Here is a copy of the order from the DoT to an ISP, ordering them to block Kynhun.

In writing this article I have tried to present the facts and the details of this particular case in an objective manner. Please look below on how I intend to follow up this article and for some personal opinions

[1] This is information I have obtained from my references during that period. I am now trying to locate authentic details to corroborate these.

********************************

I will be following up with more details on the above case and an article on the earlier incidence of Internet censorship, the long forgotten censorship of the Dawn newspaper.

In the coming months I hope to investigate the provisions of the IT Act of 2000 and some of its ambiguous and draconian sections, with comments on how I feel they should be modified so that the legitimate need of lawmakers can be addressed, while maintaining the spirit of our constitution and fundamental ideals.

The world is changing rapidly. While unfortunate, occasional censorship is now mostly seen as a legitimate need for law enforcement. The need to block pornographic and paedophilia sites to protect the vulnerable is a legitimate need but it is important that a due process is spelt out so that such powers are invoked for the intended purposes only. Abuse of these powers, either intentionally or due to incompetence is detrimental to the fundamental ideals of free speech and democracy.

Some larger and tougher questions need to be answered as well. This includes such questions as to whether it is unconstitutional to demand a separate state, or even a separate nation. What if this is done in an entirely peaceful manner? Is it unconstitutional to talk about police brutality and abuse by the very government we are supposed to turn to when we are oppressed? These are matters that must be dealt with, with maturity and compassion because they point to greater errors in our system. If we are to be the fair and just society we want to be, we must face these issues head on and not shy away from them.

Thank you for taking the time to read this article. I have presented to you the facts of the case - there should be no conflict as far as that is concerned. As far my personal opinions and some of the questions I have raised here to which I have tried to refrain from providing an answer based on my opinions, I understand you may have a view different from mine but that does not mean that we should be in conflict.

My main objective is to create on awareness of these issues. You can make a difference by being aware, talking to people about this and in the event that there is ever a need to challenge similar circumstances, by throwing your weight behind it.

If you have anything to add or comment on this article please use the comments feature. If you would like to offer your insights/help in what I hope to achieve as I have spelt out in the lines above or in the road map, you can reach me at sriram dot srinivasan at indosec dot org. Your help will me much appreciated.

Thank you