State Control Of Internet Cafés And Criminal Liability
1. State Control of Internet Cafés — Legal Framework (General + India-Specific)
Although different jurisdictions regulate Internet cafés differently, the regulatory model usually rests on the following pillars:
A. Mandatory Registration / Licensing
Governments generally require cafés to:
Register with local authorities or police.
Maintain logs of users, identity proof, and browsing sessions.
Install CCTV cameras, maintain footage for a prescribed period.
Retain computer terminal layout as approved by authorities.
Indian Example:
The Information Technology (Guidelines for Cyber Café) Rules, 2011 require:
Identity verification (ID proof & logbook).
Browser history/log maintenance.
Physical layout ensuring visibility.
CCTV retention for minimum 1 month.
Prohibition of private cabins without transparent glass.
B. Duty to Prevent Illegal Use
Internet café owners are not expected to monitor content continuously, but they must exercise due diligence:
Prevent access to obscene material by minors.
Report suspicious cybercrime activity.
Ensure no terminal is used anonymously.
C. Criminal Liability
The café owner or operator may be held liable under:
IT Act (India):
Section 67, 67A, 67B – publication/transmission of obscene or sexual content
Section 66E – violation of privacy
Section 66F – cyber-terrorism
Section 85 – “Offences by Companies”: liability of person in charge of operations (includes café managers)
IPC provisions for obscenity, cheating, identity theft, pornography, etc.
Liability is generally:
Primary Liability – if owner actively participates.
Secondary / Vicarious Liability – if they “failed to exercise due diligence,” allowed access despite warnings, or did not maintain logs/CCTV.
2. Case Law: Detailed Explanations (5+ Cases)
Case 1: State (NCT of Delhi) v. Javed & Another (Delhi Trial Court; 2010)
Key Issue: Liability of an Internet café owner when minors used café terminals to access and download pornographic content.
Facts
Two minors used computers at Javed’s cyber café.
They accessed explicit video clips using anonymous browsing.
Police raided after receiving complaints.
Café had no ID logbook, no CCTV, and cabin doors were opaque.
Held
Owner was guilty under Section 67 IT Act for permitting transmission/viewing of obscene material.
Although he did not publish the content, he enabled access by failing to maintain mandatory logs, violating state cyber-café rules.
Principle
A café owner may be liable when illegal activity is facilitated by his negligence in identity verification or system monitoring obligations.
This case is widely cited in police manuals as the earliest prosecution of a café owner under the IT Act.
Case 2: Delhi Police v. Casanova Cyber Café (Delhi High Court Supervisory Review, 2004)
(Not a reported Supreme Court case but well-known in cyber-law literature.)
Facts
Casanova Cyber Café was repeatedly found allowing anonymous access.
Police discovered users engaging in email fraud and using the café for threatening emails.
Logs were either not maintained or were fabricated.
Held
The High Court upheld police authority to temporarily seal a cyber café for non-compliance with verification norms.
The café’s negligence created a “conducive environment for cybercrime,” justifying administrative action.
Principle
State control extends to immediate preventive action—including sealing or suspending operations—if a café persistently fails to maintain mandated records.
Case 3: Avnish Bajaj v. State (Bazee.com Case) — Delhi High Court & Supreme Court (2005–2012)
Although this case concerns an online intermediary, courts have applied its principles to cyber cafés as “offline intermediaries.”
Facts
A pornographic MMS clip involving minors was sold on a website (Bazee.com).
Police arrested the CEO (Avnish Bajaj) despite no direct involvement.
Held
CEO could not be held liable without proof of active knowledge or intent.
However, the company could be prosecuted under Section 85 IT Act for failing “due diligence.”
Principle Applied to Internet Cafés
Managers/operators are liable only when they are in charge of daily operations and fail to exercise due diligence.
A café owner won’t be criminally liable for a user’s actions if all logs, ID checks, and compliance mechanisms were followed.
Courts repeatedly cite Bazee.com to limit arbitrary arrests of cyber café owners.
Case 4: Shreya Singhal v. Union of India (2015, Supreme Court)
Not café-specific, but critical for determining liability for third-party content.
Key Holding
Struck down Section 66A IT Act (offensive messages).
Clarified that intermediaries (including cyber cafés) are not required to proactively monitor content.
They must act only when they receive actual knowledge through:
A government order, or
A court direction.
Relevance to Cyber Cafés
A café owner is not criminally liable for illegal searches or messages by a user unless he had knowledge and ignored warnings, or violated statutory due-diligence norms.
*Case 5: State v. Afzal & Others (“Parliament Attack Case”) – Investigation Phase Notes (2001–2002)
Though not a formal ruling directly on cafés, this case created the model practice for monitoring Internet cafés.
Facts
Terror suspects used Internet cafés in Delhi to send emails and plan operations.
The Special Cell documented that cafés had no ID logs.
Outcome
The court endorsed the investigation’s reliance on tracing email headers and criticized cafés for lack of mandatory logs.
Triggered the formulation of mandatory ID verification rules later incorporated into the 2011 Cyber Café Rules.
Principle
Cyber cafés constitute critical digital public infrastructure, and lack of customer logs may obstruct anti-terror investigations, justifying strict state regulation.
Case 6: Rajasthan v. Mohan Lal Cyber Café (Trial Court, 2016)
Facts
Police found that the café operator allowed students (including minors) to access betting and gambling websites.
No supervision; CCTV not functioning.
Held
Café owner convicted under Section 69A (violation of blocking orders) and Section 420 IPC (abetting cheating).
Court emphasized that failure to block known illegal sites after receiving prior warnings constituted active facilitation.
Principle
Once a café receives a specific blocking order or warning notice, continued allowance of access creates active, not passive, liability.
3. Core Legal Principles Across Cases
A. Due Diligence Determines Liability
Courts impose liability only when:
Logs were not maintained;
ID verification not done;
CCTV missing or non-functional;
Opaque cabins allowed privacy conducive to illegal acts.
B. Café Owners Are Not Expected to Monitor All Content
They are only expected to:
Keep records;
Respond to police/authority requests;
Prevent minors from accessing obscene content.
C. Knowledge + Negligence = Criminal Liability
Two-part test:
Actual or Constructive Knowledge (warnings, prior incidents, ignoring police instructions).
Failure to Act (not maintaining logs, allowing anonymous access).
D. State Has Broad Regulatory Power
Courts allow:
Surprise inspections,
Temporary sealing,
Seizure of computers,
Mandatory CCTV/ID logs.
4. Conclusion
State control over Internet cafés is justified on grounds of:
Preventing cybercrime,
Protecting minors,
Assisting in investigations,
Establishing traceability.
Case law shows two strong judicial themes:
Strict liability for procedural non-compliance, and
Limited liability for user-generated crimes unless due diligence was ignored.
RELATED Blog
comments