SUMMARY
Intermediaries have so far, been sheltered from direct scrutiny under the safe harbor provisions
What constitutes unlawful content is a complex question and is difficult to assess for an intermediary
Intermediaries will only have a 24-hour window to disable access to unlawful acts upon being notified
—In the landmark US Supreme Court case of American Communications Association v. Douds, Justice Jackson had observed
“It is not the function of our Government to keep the citizen from falling into error; it is the function of the citizen to keep the Government from falling into error. We could justify any censorship only when censors are better shielded against error than the censored”.
More than 50 years later, the Supreme Court of India revisited this observation in its watershed judgment (Shreya Singhal v Union of India) upholding freedom of speech and expression over the internet and striking down section 66A of the Information Technology Act, 2000 (“IT Act”) as being unconstitutional. In many ways, this 2015 judgement set out the ground rules for a more progressive and liberal understanding of free speech in a constantly evolving media – the internet.
On 24 December 2018, the Ministry of Electronics and Information Technology (MeitY) issued the Information Technology [Intermediaries Guidelines (Amendment) Rules] 2018 (“Draft Amendment Rules”) which is presently up for public consultation until 31 January 2019. The Draft Amendment Rules seek to replace the extant Information Technology (Intermediaries Guidelines) Rules, 2011 (“Intermediaries Guidelines”) which governs inter alia the conduct of ‘intermediaries’ – a term that has a wide connotation and includes all IT and ITeS platforms/ aggregators such as network service providers, ISPs, search engines, online payment sites, online marketplaces, etc.
The Draft Amendment Rules are being formulated with a view to increase accountability of social media platforms in order to curb the increasing misuse of such platforms to incite violence, spread disharmony and mislead the public.
Intermediaries’ Limitation Of Liability – The Way Forward
Intermediaries have so far, been sheltered from direct scrutiny under the safe harbor provisions set out in section 79 of the IT Act. In a nutshell, section 79 exempts intermediaries from liability for any third party information, data or communication link made available or hosted by it provided that, amongst others, the intermediary does not initiate the transmission, select or modify the information or select the recipient of the information.
As a safeguard, the intermediary is also required to expeditiously remove or disable access to any material hosted by it upon knowledge or notification that such material is being used to commit an unlawful act.
The Draft Amendment Rules cast an increased obligation on intermediaries to be in control of the information they host and to also exercise a degree of judgment in identifying unlawful content – a practical nightmare that was acknowledged by the Supreme Court in the Shreya Singhal case.
We dissect some of the key amendments below:
Identify Unlawful Content
As mentioned earlier, intermediaries will be required to deploy technology-based automated tools or “appropriate mechanisms” to “proactively identify” and disable public access to unlawful content. The Supreme Court, while upholding the constitutional validity of the Intermediaries Guidelines in the Shreya Singhal case, had held that any knowledge of an unlawful act must be read down to mean the actual knowledge of such intermediary by way of a court order or upon it being notified by the appropriate government.
Given this ruling, casting an obligation on intermediaries to proactively identify and disable access to unlawful content may be overreaching. What constitutes unlawful content is a complex question and is difficult to assess for an intermediary. Moreover, establishing controls to identify unlawful information may be a costly process given that many of these intermediaries use end-to-end encryption technology.
Pin Responsibility And Provide Access
Intermediaries are mandated to enable tracing of the originator of information, if required by legally authorised government agencies, in cases of threats tocybersecurity, State security, prevention of offences and incidental matters. Further, the intermediary is required to provide all such information or assistance to the government agency, when required by lawful order, within 72 hours of such request being made to it.
While the 3-day period is a new provision, one must bear in mind that the legal obligation to provide assistance and support for the interception or decryption of information has been in place under sections 69 and 69A the IT Act and the Information Technology (Procedure and Safeguards for Intercepting, Monitoring and Decryption of Information) Rules, 2009 (“Interception Rules”).
As an increased protection measure, MeitY should consider restricting ‘lawful orders’ under the Draft Amendment Rules to only orders issued by ‘competent authorities’ defined in the Interception Rules namely, the Secretary in the Ministry of Home Affairs or in charge of the State Home Department, as the case may be. Alternately, such orders should be by way of an order of a competent court in India.
It will also be necessary to map this requirement under the Draft Amendment Rules with the existing checks and balances under the Interception Rules to avoid any ambiguity.
Establish India Connect And Appoint A Nodal Officer
The Draft Amendment Rules lay down that intermediaries with more than 50 lakh users in India or if specifically notified by the Government, will need to be incorporated under Indian law and have a permanent registered office in India. Also, such intermediaries will be required to appoint a nodal compliance officer in India for 24×7 co-ordination with law enforcement agencies and monitoring compliance under Indian law.
This proposal is clearly a direct fallout of previous instances in which certain social media platforms have escaped liability under the Intermediaries Guidelines by maintaining that they do not have offices other than sales offices in India.
While the concept of a nodal officer or designated officer for compliances under the IT Act and various regulations thereunder is not new, it will definitely get more teeth if formalised under the Draft Intermediaries Rules.
Act Within 24 Hours
Intermediaries will only have a 24-hour window to disable access to unlawful acts upon being notified of such acts by court order or a government agency, provided that such unlawful acts fall within the purview of Article 19(2) of the Constitution of India imposing reasonable restrictions on the fundamental right to freedom of speech.
This requirement is directly in compliance with the Supreme Court’s ruling in the Shreya Singhal case. Further, intermediaries will be required to preserve records and information for at least 180 days for investigation purposes. In addition, intermediaries will need to establish a monthly reminder mechanism for the benefit of its users to ensure compliance with applicable laws, its user agreement and privacy policy.
To Proceed With Caution Is Key For MeitY And Intermediaries
The amendments discussed above are undoubtedly noteworthy. The increased use of social media, especially by first-generation internet users in India, increase the risk of misuse of these platforms. Even though there may be no silver bullet to address the Government’s concern regarding unregulated usage of social media, care must be taken to ensure that the amendments do not bring an element of arbitrariness or are disproportionate to the right of free speech enshrined in our Constitution.
The article has been co-written by Supratim Chakraborty (Partner) and Suhana Islam (Principal Associate), Khaitan & Co LLP (Kolkata.
