[moh_maya]

Yep. He circumvented rate-limiters that ensured that you couldn't game the booking system. The regulations very clearly prohibit this to ensure fair access.

Now, one can absolutely argue about whether this form of rate limiting is the right approach, but to circumvent something that is clearly prohibited & charge money to do that is illegal.

This does not mean that I think the current system is perfect OR that there aren't other players who also have backdoors into the process; just that the action is not as egregious as 'BUREAUCRATS STIFILING INNOVATION'. There is more nuance needed here [1].

"According to the sources, the apps enabled users to book Tatkal tickets bypassing security checks on the IRCTC portal. His mobile applications were unauthorized and had features to bypasses Completely Automated Public Turing Test (CAPTCHA), a security measure that users must fill in while logging in to IRCTC. As per reports the apps also bypassed other security measures installed by the IRCTC." ... "However, railway officials clarified Yuvrajaa bypassed the railway system and made money illegally which is a crime. He wasn’t event an authorized agent registered with IRCTC to book tickets. RPF has registered a case under section 143 (2) of the Railways Act (penalty for unauthorised carrying on of the business of procuring and supplying of railway tickets).

Developing an unauthorised software bypassing e-ticketing system is an offence. Such applications defeated the purpose of having a first-come-first-serve system and benefit only a few who use the software."

This govt., like most Indian govts, has a stupidly archaic & top-down / low-trust / risk-averse / bean-counter approach to innovation and transparency (case in point, the Covid tracking app Arogya Setu's sordid development & transparency issues), but this specific incident isn't the right stick, IMO. :)

[1] https://www.the420.in/conman-or-genius-arrest-of-iit-kharagp...

[smdz]

This is a case of 'BUREAUCRATS STIFLING INNOVATION' and this is how it often looks like. He could have gone through legal channels to approve his app and would not be able to find approvals even after being able to afford those financially.

Fair access is not provided by the official website. When one clicks "Book" and then suddenly get an Internal Server Error in network logs (while UI shows in-progress icon) or gets logged out - where is Fair Access? If Railways gave 10 Rs for each such failure, they will go bankrupt within 2 hours. First-come-first-serve does not mean fair access when they can't fix their technical problems.

And this guy charged money only after the cost of the servers was high. To give a context the alleged amount between 2016 and 2020 he earned in 4 years is in the range of 27k-30kUSD. That is as per Railways. It is likely to be inflated. Pretty sure he was running into losses.

However I doubt he is totally innocent. Most developers would know this app would be illegal. Or may be he is just too naive - hard to say that since he is an IITian. The railways will probably find out each ticket booked, heavily penalize each such booking, add huge interest to that till date and make the total amount sound like a huge scam. Adventures with Indian bureaucracy will cost him big unless he manages to heavily PR himself as a victim.

[inapis]

> Fair access is not provided by the official website. When one clicks "Book" and then suddenly get an Internal Server Error in network logs (while UI shows in-progress icon) or gets logged out - where is Fair Access? If Railways gave 10 Rs for each such failure, they will go bankrupt within 2 hours. First-come-first-serve does not mean fair access when they can't fix their technical problems.

I am not sure if you know the history of IRCTC and why it is slow (at times. Things have vastly improved in the last decade). People have asked this many a times and their explanation does make some sense, that if IRCTC is super fast and efficient, then people with cash to spare/with computers and good internet access will hog all the tickets, denying people in rural areas a fair opportunity to purchase tickets. That is still probably true in 2020, because a good chunk of Indians in rural areas either do not have good internet connectivity, lack digital means of payment or are simply flummoxed by the online process.

From your perspective, IRCTC is not fair access because the servers slow down but from the govt perspective, fair access is not limited to only IRCTC users. There might be an argument that railways has a low capacity overall and that there is a long way to go for efficiency improvements etc but given my experience over last 12 years, the experience has improved drastically. Wait times have gone down considerably on a lot of trains, you no longer have to plan your travel 6 months in advance, you can buy tatkal tickets without paying scalpers etc. In 2018 I could even book tickets (from home) on a train which had already departed from its source station (my departure point was halfway between the origin and destination) and people around me did not believe that this was possible.

[mcherm]

> their explanation does make some sense, that if IRCTC is super fast and efficient, then people with cash to spare/with computers and good internet access will hog all the tickets, denying people in rural areas a fair opportunity to purchase tickets.

If I understand correctly (and I might not) that sounds utterly absurd to me.

It sounds like you are saying "the official website is badly buggy and slow, but that's fair because some people in rural areas don't have good internet connections". I don't understand how a buggy and slow website helps those users! I would completely understand having a bug-free and fast website that reserved a certain proportion of the tickets for rural users or even for those with poor internet connections, but that doesn't sound like what you are describing.

> Wait times have gone down considerably on a lot of trains, you no longer have to plan your travel 6 months in advance, you can buy tatkal tickets without paying scalpers etc.

That certainly sounds good.

[inapis]

IRCTC is infrequently buggy (no more than an average website). They might not have optimised for poor connections and thats where most people's buggy experience is.

It is generally fast except between 10am-12pm every day (i.e. when the tatkal systems open) and that is what frustrates most people. When called out on these issues, IRCTC has consistently refused to add capacity to deal with the demand between 10am-12pm. You are correct that this could be solved by using quotas and reservations but they haven't done that. My only guess is that it is for political/bureaucratic reasons. It's easier to blame capacity issues than tell the reality.

>reserved a certain proportion of the tickets for rural users

This already happens. There are quotas of different kinds.

P.S. You know what? You are actually right. There's no technical reason for this to be the way it is. They are using that explanation as a cover for a political or legal problem or by occam's razor, they probably have a fixed budget (and not allowed to use on-demand services like AWS) and the govt won't approve the budget necessary to solve the capacity issues between 10am-12pm.

[sriku]

I believe this is the right explanation .. and I also agree that the experience has been readily getting better .. both the trains themselves and the ticketing system.

[C1sc0cat]

How do you mean "hog" all the tickets just make them non transferable if they are already not.

[inapis]

Tickets are non-transferable but bribery is still a thing, especially where demand far outstrips the supply.

Second, fake IDs are easy to make.

Third, it's impractical to enforce on the ground. Indian Railways is relatively open access compared to airlines. On average, trains begin boarding 15-30 mins prior to departure and have a very high number of passengers. With an avg of 16 coaches per rake, with each coach having 60-100 passengers, each train is carrying 960-1600 passengers. Some trains are even longer and most trains are over capacity because 2nd sitting has no reservation and people just pile on as far as there is room in the coach. It's pretty impractical to verify tickets of 1000+ people along with their ids. If you are departing out of a major city, its usual for TTEs to verify tickets after 2-3 hours (and after smaller stations have been crossed.)

Tickets have been hogged and scalped for a long time in India. I'm the first in my family who has no concept of bribing or buying scalped tickets or engaging an "agent." Everyone of the previous generation has plenty of stories about their experiences before. There is still a long way to go to improve access but I will also not deny that there has been a significant improvement compared to my parents experience.

[michaelt]

So the government-run rail services don't provide enough capacity, the government's employees are corrupt, the government-issued ID documents are easily faked, and the solution is... to make government's train website slow and unreliable?

[sriku]

I don't recall a single instance of corruption with the Indian railways at the consumer level in nearly 2 decades including an instance when I was fined for not purchasing a platform ticket which would've been an opportunity for the officer to ask for a bribe but he didn't.

I don't think I'd faking or bribery are big issues with ticketing any more. It is most likely equitable access between the "internet haves" and "the internet have nots".

[kranner]

> Fair access is not provided by the official website. When one clicks "Book" and then suddenly get an Internal Server Error in network logs (while UI shows in-progress icon) or gets logged out - where is Fair Access?

Inept as it is, the official website still intends to provides fair access. Just because it is buggy does not make it OK to circumvent it, especially when such circumvention only reduces access for users who are not using this developer's software.

I say this as someone who has used the IRCTC website to book tickets. Tatkal tickets especially are nightmarishly hard to book.

[smdz]

I am not saying it is OK to circumvent rules. BTW my access was revoked because they assumed I was using some automation - when I know I was not using any such thing. I am just good at computers and not even a fast typist. No response to my appeal - stopped using tatkal since then and fortunately never needed it after that.

[vijaybritto]

> hard to say that since he is an IITian

Sorry that's not a measurement of any quality.

[sriku]

I agree this needs more nuance instead of pitching it as a david-vs-goliath. The railways has made steady progress on making it easier to ticket starting with an old mainframe system and transitioning into the web age. Such transitions at the scale of Indian Railways are not to be underestimated and it is not only about a website as real physical trains are involved. They've introduced interim measures to ensure reasonably fair access to seats since they need to cater to a financially spread out populace and there is always someone waiting to make a quick buck out of it. The rate limits are important I think to not overwhelm the system and I do not for a moment believe that IRCTC is working against the people here. I say that from personal experience where one of the IT ops lead personally responded to an email suggestion I sent in (exchange was about 15y ago) to enable people without credit cards to more easily purchase tickets without dealing with long queues at counters.

[throwawaybutwhy]

> starting with an old mainframe system

(partly tongue-in-cheek) Maybe it was not that bad to start with (was it based on CICS?)

Are there any whitepapers or design overview presentations by CRIS or anybody else?

[yitchelle]

You see similar software used in Auction sites such as eBay and the likes. Are this type of software also banned in India?

[dathinab]

In many country's such software is illegal and you can be held accountable, especially if you provide it in a way which makes you earn money.

If you make sure your software is just more economical/accessible without giving a unfair advantage is often less illegal or at least tolerated in many counties.

And many counties include EU countries like Germany.

[moh_maya]

AFAIK, for railways ticket bookings, yes; not banned but illegal. However, it's common knowledge that they exist and are used.

[jaikant77]

India has a strong legal framework and unfortunately very poor implementation (the arrest is an example of poor implementation/bullying by the state). When you say illegal, you should be able to specify the law under which it is illegal.

Broadly classifying anything not convenient to the state as illegal does not stand ground, AFAIK there is no law which prohibits automation of forms on any website?

[jaikant77]

The car parking analogy does not fit. But if you want to use a similar analogy. Assume there is toll road which allows the first 100 cars. This guy uses his superior tech skills, to get his clients (cars) in the first 100. He charges them a premium.

Now the toll road keepers, arrest him for helping his clients? That I think is wrong. If his clients had complained that he didn't deliver on his promise but charged money, then that could amount to cheating. He didn't do that. He used code he wrote to provide a service to his clients.

Yes I agree, it could be hacky code, and it worked because the website was itself sub optimal. But putting him into prison because the website couldn't be made better (prevent his hack) amounts to bullying to hide the technical incompetence.

[OkayPhysicist]

Under that analogy, pretty much all cracking is fair game.

Reselling credit card numbers you pilferred from a poorly secured website's database? You just helped your customers access information that was basically already publically available.

[ch_123]

You're attacking a strawman here. The issue was that he was making a profit by reselling tickets, not by automating filling forms in a website. The mechanism is not particularly relevant.

By analogy, it is legal to park my car in my own garden, but not legal to park it in my neighbour's garden. If I were to do that, I might expect to be punished for "parking my car".

[jkoudys]

You start by accusing him of using a strawman, then using an analogy which doesn't even remotely apply. It's closer to your neighbour selling you the rights to park in their garden, then you selling those rights to someone else. Far from a criminal, arrestable offence, so their point on the broad-brush of being "illegal" stands.

Even my closer analogy is still pretty far off and it's much more innocent. Maybe closer to charging a fee to use a very tricky to figure out parking meter.

[ch_123]

> It's closer to your neighbour selling you the rights to park in their garden, then you selling those rights to someone else. Far from a criminal, arrestable offence, so their point on the broad-brush of being "illegal" stands.

That's a good analogy, but perhaps not for the reason you think. In many situations where you acquire property rights from an owner, there are clauses which restrict or limit sub-leasing to a third party, or using the land for commercial gain. If I was doing what you are describing, I would want to read the lease or agreement very carefully to see whether I am allowed to do that.

Again, I think the developer acted in good faith, but it seems a bit naive to resell something for profit (no matter how small) without seeking legal advice, or at very least reading the T&Cs. We also cannot accuse the government of setting arbitrary restrictions - ticket touting is a problem, even if the government probably could have done more to make it easier for people to buy tickets legitimately.

[sbmthakur]

The article itself mentions this:

Under the Railways Act, all those who help passengers with ticketing are expected to register with the IRCTC as an agent. Does this apply for app creators? The officer reserved his comment.

I think the case depends on how the court interprets that question.

[smdz]

There is a difference between "guilty until proven innocent" and "innocent until proven guilty". In India, the former is how the law-enforcement works for most people while the justice system says the latter. Most people entangled in the slow legal system just want to get out of it even if it means injustice towards themselves. And the laws are so convoluted and in this case he has a behemoth monopoly to fight against.