Previous Articles:
Outrage
Expressed at bazee.com CEO arrest :
What is Due Diligence?..1..Effect of Section 79 of ITA-2000
In continuation of the previous articles, let us now proceed to discuss the
effect of Section 85 in cases where a website owner is held responsible for
objectionable third party activity.
Section 85 refers to cases when it is established that a Cyber Crime has been
committed by an organization and proceeds to define the responsibilities of the
individuals including the Directors or CEOs.
Section 85 of the ITA-2000 talks about the offences of Companies and states:
Offences by Companies
(1) Where a person committing a contravention of any of the provisions of
this Act or of any rule, direction or order made there under is a Company, every
person who, at the time the contravention was committed, was in charge of, and
was responsible to, the company for the conduct of business of the company as
well as the company, shall be guilty of the contravention and shall be liable to
be proceeded against and punished accordingly:
Provided that
nothing contained in this sub-section shall render any such person liable
to punishment if he proves that the contravention took place without his
knowledge or that he exercised all due diligence to prevent such
contravention.
(2) Notwithstanding anything contained in sub-section (1), where a contravention
of any of the provisions of this Act or of any rule, direction or order made
thereunder has been committed by a company and it is proved that the
contravention has taken place with the consent or connivance of, or is
attributable to any neglect on the part of, any director, manager, secretary or
other officer of the company, such director, manager, secretary or other officer
shall also be deemed to be guilty of the contravention and shall be liable to be
proceeded against and punished accordingly.
Explanation-
For the purposes of this section
(i) "Company" means any Body Corporate and includes a Firm or other
Association of individuals; and
(ii) "Director", in relation to a firm, means a partner in the firm
The first observation that can be made about this section is
that the word "Company" used here need not be restricted to the classical
meaning of a Corporate Body registered under the Indian Companies Act 1956. It
includes a "Firm" or "other Association of Individuals".
The inference that can be drawn from the explanation is that
this section is meant to be applied in all cases where an organization is
involved with different individuals discharging different responsibilities. It
recognizes the fact that in an organizational maintenance of content there is a
possibility that there can be hierarchical division of responsibilities and the
owner of a website or a director or such person who may be technically
responsible for the facilities may be innocent and the crime could have occurred
despite his honest efforts to prevent such happenings.
Both sections 79 and Section 85 impose two conditions for
providing protection against Cyber Crimes which otherwise fall on the
organization or any of its employees. The conditions are
The concerned "Intermediary" or the official of the "Company"
a) Should not be aware of the offence.
b) Should have exercised Due Diligence
The "Awareness" factor has to be viewed with reference to the
type of organization involved. For example, if a fraud is committed by an
employee of Hindustan Lever in Kavindapady office, the Managing Director sitting
normally in Mumbai is not expected to know.
However it is not unreasonable for the immediate superior of
the fraudulent employee in Kavindapady to be more aware of the fraud than the
Managing Director, though even this may not be always true.
Similarly, if any of the 75000 members of an auction site
posts a product for sale in any of the web pages belonging to the web site, it
would be unreasonable to expect the knowledge to automatically reach the CEO.
Such knowledge can be implied only if an appropriate notice
has been sent to the CEO. It can of course be implied when the matter is
reported in the public media having a reasonable coverage in the area in
which the CEO resides.
For example, a report which appears in Nakkeeran need not be
a sufficient notice to the Mumbai based CEO while a report appearing in Times of
India or Economic Times, Mumbai edition can be considered an immediate notice.
In any professional organization however, it can be expected
that even if the notice appears in Hindu, Chennai edition, it would reach
the concerned official in Mumbai after a reasonable period of time through the
information channels of the Company. There is therefore a certain time lag that
is acceptable for the "Awareness" to be deemed to have been realized by
the employee.
Publication in a national TV channel or sending of an e-mail
to the concerned person's published e-mail address could be exceptions where the
"Awareness" can be presumed within a very short interval.
Now we come to the all important aspect of "Due Diligence".
The term "Due Diligence" is not a strange word in law. It is
used in many places where the law makers feel the necessity to provide for a
flexible benchmark which moves with the developments in the society. What is not
a due diligence requirement today may become a due diligence tomorrow if the
industry practice changes.
Generally "Due Diligence" and "Negligence" are considered the
opposites of each other. Understanding one will automatically define the other.
In the Banking Law, the term "Negligence" has been widely
discussed and debated. The accepted understanding of what constitutes
"Negligence" is "Doing of a thing which a prudent man under similar
circumstances will not do or not doing of a thing which a prudent man under
similar circumstances will not do".
Similarly, "Due Diligence" is understood as "the
level of judgment, care, prudence, determination, and activity that a person
would reasonably be expected to do under particular circumstances."
Thus the term "Due Diligence" in any context has to be
determined by the circumstances of the case and with reference to the prevailing
industry practice and what is considered "Prudent" by persons having the
knowledge of the industry. Obviously, the Judge evaluating the defence of "Due
Diligence" is likely to exercise his subjective opinion on the matter, but could
refer to industry experts to come to a conclusion.
The general practice in case of Auction sites and Online
service providers is to present a lengthy "Terms and Conditions" agreement and
request the user to click on a button "I Agree". It is presumed in the process
that the person has read and understood the entire agreement. While this can be
accepted as the general practice of due diligence, it is for the Judge in a
specific circumstance to consider where this was sufficient under the
circumstances.
There have been cases in India where the Judiciary has
rejected "Fine Print Disclaimers" and expressed preference for highlighting
certain aspects which are of critical importance. There are also cases where the
Courts have disallowed acceptance of certain conditions where it has felt that
there was an uneven strength between two contracting parties.
In the light of such precedences, we may presume that Courts
are at liberty to go into the minimum standards of "Content Monitoring" that is
expected of website owners.
Though the undersigned has been advocating a "Cyber Law
Compliance" programme for all companies and in particular the "Web Site Owners",
very few entrepreneurs have taken positive action on the same. Quite often this
is the result of "Arrogance" of the entrepreneurs and the ignorance of their
advisors. Some times Internet players fail to understand that they are subject
to laws of different lands and though certain things are acceptable under US
laws, they may not be so under Indian Cyber Laws.
In as much as the Indian Cyber Laws are four years old and it
is being repeatedly stressed by the undersigned and the like that "Obscenity on
a Website is punishable", Cyber Laws are being ignored with impunity. Many
technologists who head such enterprises are "Technology Intoxicated" and any
advise to them on the legal situation draws a comments such as " I Don't
Care", "It is Freedom of Expression". "It is done this way in US",etc.
It has been advocated by the undersigned that websites should
take up a Cyber Law Compliance Audit regularly and obtain "CyLawCom
Certification" to ensure that they are able to prove that they have taken
prudent steps to prevent commission of Cyber Crimes though their networks. The
undersigned has already started such a programme and Cyber Society of India is
taking it further into a movement.
Fortunately for the people caught in the current day problems
regarding Section 67 cases, the very fact that there is a large scale violation
of law could itself be used as a defense since this establishes that the current
level of "Due Diligence" is extremely low.
Also the Ministry of Information Technology has not shown any
initiative in supporting the efforts of the undersigned nor taken its own
initiatives. Hence it can be stated that no expectations of Cyber Law Compliance
under a structured format has been created in the society. It is therefore open
for the current players to defend that the recommendations of Naavi has to
be considered as an exception than the rule.
In the current circumstances therefore it can be categorically said that getting
an online "Terms and Conditions" document accepted by a simple click of the
mouse and removing an offensive material when it comes to the knowledge of the
concerned website owner or an official responsible for the content is sufficient
"Due Diligence".
It is however reiterated, that given the kind of media publicity that has been
generated by certain cases which have been reported in quick succession during
the last few days, the expected standard of due diligence will change by leaps
and bounds in future and anybody who continue to be reckless and does not
conform to a "CyLawCom" process, would be taking an undue risk for themselves
and for their business.
....To Be Continued
Naavi
December 19,2004
Also See
Bloggers Beware..Set of 10 articles
Advertising Code?..or Section 67 of ITA 2000?
Related Articles:
At
Sify.com
Sify.com :
Express India :
TOI :
HT
At Naavi.org:
Bazee Bite Wakes Up Sify
Are Mobile
Phone Service Providers Liable?
Buyers
of DPS Video also being Arrested
Bazee.Com
CEO Arrested
Wise Techies realize that Law Can Bite
US Video
Voyeurism Bill Goes for President's Signature
Delhi Police Register Case..Bazee Needs to Explain
