FATA Polices Internet Cafés with 20 New Regulations

In addition to confronting cyber attacks, Iran’s Cyber Police (FATA) monitors the services, and content offered to users by Internet service providers, and Internet cafés. According to FATA, about 22 percent of Iranian Internet users in 2012 accessed the Internet through these cafés. Given the popularity of these spaces, authorities have been attempting to control them as early as  2006, through policies such as segregating business hours for men and women. Implementation of these regulations often proved difficult to enforce, and were usually overlooked.

Recently there have been more stringent efforts by FATA to control these cafés. In 2010, news agencies reported the opening of Internet cafés were increasingly becoming difficult, as they were not permitted to open inside shopping malls, or close to schools for girls. Men and women, regardless of their relations, were warned not to sit next to each other in these spaces. These regulations were more often ignored than followed.

Again, in 2011, FATA issued a set of 11 rules cafés were to abide by. Last week however, FATA has further developed these guidelines to 20 rules and regulations, which requires “immediate implementation” by Internet café managers.

Government associated news sources have stated these new regulations are meant for the protection of Internet café users, and to legitimize the activities of café owners and managers. Managers have been given 15 days to put these guidelines into practice, after which, FATA will start inspection of cafés. According to the new notes 1 to 3 of Article 7 of Internet Cafés Bylaw, necessary legal steps will be taken, and violators will be prosecuted.

Whether or not this is a new rigid form of policing of Internet cafés by FATA is yet to be determined, but ASL19 will be closely monitoring reactions to the new regulations in the coming weeks.

FATA’s 20 New Regulations:

  1. Legal permits should be visible for users. Internet cafés should be located in the public realm, and they should follow the guidelines of public offices.
  2. Internet cafés are required to buy their bandwidth from authorized Internet Service Providers (ISPs). Obtaining bandwidth from illegal providers through satellite is strictly banned.
  3. Managers of the cafés and the license holders are required to follow article 3 of Internet Cafés Bylaw.
  4. Managers of Internet Cafés are required to share the necessary documents regarding provision of their bandwidth, and their compliance with the Article 3 of the Bylaw with the authorities per their requests.
  5. Internet cafés are not allowed to provide any services remotely.
  6. Except for Internet services, Internet cafés are not allowed to offer any other services, such as typing or printing, or sell software and hardware products.
  7. License holders should ensure that the staff at Internet cafés meet the following criteria:
  •                 committed, and professional
  •                 with no criminal records
  •                 married, and at least 25 years old
  1. Internet cafés should check user IDs (national ID is preferred). Providing services to users without IDs is prohibited.
  2. Internet cafés are also required to keep a record of the following information for each user:
  •                 First and last name
  •                 name of father
  •                 national ID number
  •                 postal code
  •                 phone number
  1.  Internet cafés are required to record the date and time that each user accessed the Internet, the IP allocated to them, and log file of the website and web pages they visited for at least six months.
  2. A receipt should be provided for the users, including the duration and cost of their Internet usage.
  3. Providing or recommending any type of circumvention tools and websites to users, or using and installing VPNs on computers in Internet cafés are prohibited.
  4. Staff at the Internet cafés are required to make sure that any type of information related to each user (such as their browsing history, email addresses, and other online activities) are erased after each use, and can not be retrieved by the next customer using the same computer.
  5. Users should have limited access to the computers in Internet cafés. USB ports, card readers, and other ports for plugging external drives should be blocked. If users need to transfer files to their working computer, the staff at the cafe should transfer the files through the internal network, only after scanning the files and ensuring they are not infected with viruses, or other malware.
  6. Managers are required to use anti-viruses, Internet security software products, and firewalls, and make sure they are up-to-date.
  7. Staff and managers are required to inspect all the computers at the end of each day to make sure that computers are not infected with viruses and malwares, that keylogger software product are not installed on them, and that users have not left any of their personal information on the computers.
  8. Internet cafés are required to set up 24-hour surveillance cameras, and to keep the videos for six months.
  9. Managers and staff at Internet cafés should be able to send messages to user computers about their time usages, and other warnings.
  10. Managers of the Internet cafés are required to display the new guidelines in their locations in a way visible by the users.
  11. Staff and managers should not allow more than one person on a given computer, except when users are unfamiliar with computers, and are thus accompanied by a friend or family member for assistance.

It has additionally been noted that Internet services for these businesses can only be obtained through legal permits from the authorities. Other businesses, such as computer repair stores, or video gaming businesses, are prohibited from providing public Internet service. In cases where this regulation is broken, legal steps will be taken by FATA to prosecute owners, or close down those businesses.