India's CERT Given Exemption From Right To Information Requests (theregister.com) 5
India's government has granted its Computer Emergency Response Team, CERT-In, immunity from Right To Information (RTI) requests, the nation's equivalent of the freedom of information queries in the US, UK, or Australia. From a report: Reasons for the exemption have not been explained, but The Register has reported on one case in which an RTI request embarrassed CERT-In. That case related to India's sudden decision, in April 2022, to require businesses of all sizes to report infosec incidents to CERT-in within six hours of detection. The rapid reporting requirement applied both to serious incidents like ransomware attacks, and less critical messes like the compromise of a social media account.
CERT-In justified the rules as necessary to defend the nation's cyberspace and gave just sixty days notice for implementation. The plan generated local and international criticism for being onerous and inconsistent with global reporting standards such as Europe's 72-hour deadline for notifying authorities of data breaches. The reporting requirements even applied to cloud operators, who were asked to report incidents on tenants' servers. Big Tech therefore opposed the plan.
CERT-In justified the rules as necessary to defend the nation's cyberspace and gave just sixty days notice for implementation. The plan generated local and international criticism for being onerous and inconsistent with global reporting standards such as Europe's 72-hour deadline for notifying authorities of data breaches. The reporting requirements even applied to cloud operators, who were asked to report incidents on tenants' servers. Big Tech therefore opposed the plan.
India has growing separatist movements (Score:2)
Imagine trying to keep a country of 1.2 billion together. Especially while trying to keep the unlimited greed of your ruling class satiated. It's not a surprise they're turning to stuff like this. It's just a question of whet
What kind of reasoning is this? (Score:2)
The Register has reported on one case in which an RTI request embarrassed CERT-In.
"Please stop allowing people to embarrass us" does not sound like the kind of justification you would need for an exemption of this kind. In fact, it's exactly the kind of thing these types of requests are designed to mitigate.
Re: (Score:3)
It's what you see in an actual fascist state. RTI is the canary in the coalmine for fascist governments.
Seems reasonable (Score:2)
If you are compelling companies to rapidly Report private information - such as the details of intrusions into their systems to a government agency, then those full reports should Not be discoverable by the public.
Now the idea of a blanket exemption seems excessive - They should've made a limited exception Requiring public disclosure After a period of time And after redacting company-specific identification and details (At the expense of the FOIA applicant for man hours required to retrieve and redact d
Evident foolishness (Score:2)
If there are sufficient reasons to implement a completely different process to what is used elsewhere then those reasons should be delayed fully and debated at length. I don't doubt there could be, India isn't a small land and the scale could create unique challenges. But the entrenched caste system there is entrenched and that sure as hell means appointments to positions can't be assumed to be meritocratic (not that they can anywhere else), and that the decisions made here are done for self interest and pe