Daily Updates

Centre Exempts CERT-In from Ambit of RTI Act

• 29 Nov 2023
• 7 min read

Source: IE

Why in News?

The Centre, through the Department of Personnel and Training (DoPT), has recently issued a notification exempting the Indian Computer Emergency Response Team (CERT-In) from the purview of the Right to Information Act, 2005.

• CERT-In, will now operate outside the scope of the RTI Act,2005 limiting public access to information about its activities and functioning.

How was CERT-In Exempted?

• The Centre has used its powers given under Section 24(2) of the RTI Act to exempt CERT-In from the purview of the transparency law.
  • Section 24(2) of the RTI Act, 2005 allows the Central Government to change the Schedule by adding or removing intelligence or security organizations established by the Government.
    • However, the subsection does not apply to the information pertaining to the allegations of corruption and human rights violations, not to the cases where such allegations are made.
  • Moreover, the information related to the allegations of human rights violations can only be provided after the approval of the Central Information Commission.
• The Centre can amend the Second Schedule through a notification in the Official Gazette. However, every such notification shall be laid before each House of Parliament.
  • Similar powers have been given to the state government under Sub-section 4 of Section 24 of the RTI Act.
• Using those powers, the Centre has included CERT-In in the Second Schedule of the RTI Act, alongside 26 other intelligence and security organizations that are already exempted from the Act.
  • The list includes prominent intelligence and security organizations such as Intelligence Bureau, Directorate of Revenue Intelligence, Directorate of Enforcement, Narcotics Control Bureau, and others.

What is CERT-In?

• About:
  • CERT-In is the national nodal agency responsible for handling cyber security threats, such as hacking and phishing. It operates under the Ministry of Electronics and Information Technology.
  • CERT-In has been operational since January 2004.
• Functions of CERT-In:
  • According to the Information Technology Amendment Act 2008, CERT-In has been designated to serve as the national agency to perform the following functions in the area of cyber security:
    • Collection, analysis and dissemination of information on cyber incidents.
    • Forecast and alerts of cyber security incidents.
    • Emergency measures for handling cyber security incidents.
    • Coordination of cyber incident response activities.
    • Issue guidelines, advisories, vulnerability notes and whitepapers relating to information security practices, procedures, prevention, response and reporting of cyber incidents.
    • Such other functions relating to cyber security as may be prescribed.
• Importance for India:
  • CERT-In is important for India because it helps to protect the country’s critical information infrastructure and digital assets from cyber-attacks.
  • It also helps to enhance the cyber resilience and readiness of the country’s various sectors, such as government, defence, banking, telecom, etc.
  • It also contributes to the national security and economic development of the country by promoting a safe and secure cyber environment.