Proposed Rules U/s 79 and Internet Censorship
The draft rules notified under
Section 79 have evoked belated responses in the Press about the adverse
effect of some of the suggested provisions related to freedom of speech.
Let's therefore analyze the
complete impact of the draft rules.
The rules are to be considered as
subordinate to the parent provision in the Act and hence we need to
understand the scope of the relevant parent section before commenting on
the rule.
Section 79 of ITA 2008 has to be
read along with Section 2(w) of the Act which defines the term
"Intermediary".
For ready reference, Section 79
states as follows:
Sec 79: Exemption from
liability of intermediary in certain cases
(1) Notwithstanding anything contained in any other law for the time
being in force but subject to the provisions of sub-sections (2) and
(3), an intermediary shall not be liable for any third party
information, data, or communication link made available hosted by
him.
(2) The provisions of sub-section (1) shall apply if-
(a) the function of the intermediary is limited to providing access
to a communication system over which information made available by
third parties is transmitted or temporarily stored; or
(b) the intermediary does not-
(i) initiate the transmission,
(ii) select the receiver of the transmission, and
(iii) select or modify the information contained in the transmission
(c) the intermediary observes due diligence while discharging his
duties under this Act and also observes such other guidelines as the
Central Government may prescribe in this behalf
(3) The provisions of sub-section (1) shall not apply if-
(a) the intermediary has conspired or abetted or aided or induced
whether by threats or promise or otherwise in the commission of the
unlawful act
(b) upon receiving actual knowledge, or on being notified by the
appropriate Government or its agency that any information, data or
communication link residing in or connected to a computer resource
controlled by the intermediary is being used to commit the unlawful
act, the intermediary fails to expeditiously remove or disable
access to that material on that resource without vitiating the
evidence in any manner.
Explanation:- For the purpose of this section, the expression "third
party information" means any information dealt with by an
intermediary in his capacity as an intermediary.
According to Section 2(w) of ITA
2008,
"Intermediary" with respect
to any particular electronic records, means any person who on behalf
of another person receives, stores or transmits that record or
provides any service with respect to that record and includes
telecom service providers, network service providers, internet
service providers, web hosting service providers, search engines,
online payment sites, online-auction sites, online market places and
cyber cafes.
From the above, it can be seen that
the objective of Section 79 is to state
a) An Intermediary is prima-facie
liable for consequences arising out of third party information, data or
communication link hosted by him.
b) The liability will be exempted
if the conditions stated in the section are fulfilled. The conditions
can be roughly called "Due Diligence" and the proposed notification tries
to specify what may constitute "Due Diligence".
The current need for us is to
understand what are the conditions under which the exemptions apply. The
provisions of the section are further elaborated by the said draft
notification.
The first condition that needs to
be satisfied for the exemption is that the subject entity claiming
exemption must be an "Intermediary" as defined in Section 2(w) of the
Act.
The Act provides a generic
definition along with some examples. Accordingly, it includes
"telecom service providers , network service providers, internet
service providers, web hosting service providers, search engines, online
payment sites, online-auction sites, online market places and cyber
cafes."
In respect of Cyber Cafes, the
regulations are further described in another notification of which also
a draft has been released.
Beyond the examples provided, we
need to note that "any person" who on behalf of another person
receives, stores or transmits that record or provides any service with
respect to that record, can be considered as an intermediary.
Most of the present comments about
"Freedom of Speech" arises from the fact that the draft rules make
a
special mention of "Blogs" and "Bloggers" which was not defined in the
parent section.
In the case of a Blog there are
multiple persons who provide intermediary services. For example the Blog
platform is hosted by a "domain name owner" and by the "owner of the blog
hosting server". Content may be edited by an "Editor". The Blogger is
the person who may post content either in the body of the blog post or
as a comment.
The draft notification defines a
"Blog" as a "type of website, usually maintained by an individual
with regular entries of commentary, descriptions of events, or other
material such as graphics or video. Usually blog is a shared on-line
journal where users can post diary entries about their personal
experiences and hobbies;"
A close examination of the section
2(w) of ITA 2008 reveals that the examples quoted refer to auction sites
and market places and not "blogs". The generic definition speaks of an
"electronic record" which is sent by one person to the intermediary who
receives, stores and transmits that electronic record.
It is therefore clear that
"Intermediary" is the owner of the device that receives, stores and
transmits an electronic record namely the web hosting company which
hosts the content or the blog.
Blogs are of several kinds. One is
where the blogger owns the domain name and hires the hosting space from
another service provider. Another is a person who uses the blog platform
of another blogging service provider who himself hires the space and
application from another service provider. Any user of such a "Blog" is a person
who contractually obtains lease of the electronic space for the purpose
of "publishing" a content. The user may use the space for publishing a
content owned by him or use the space for publishing the content owned
by others. (including the comments).
The relationship of the Blog owner,
the person posting the comment and the Blog hosting company can be
equated to the following in a print publication.
a) Web hosting company=Printer
b) Blog owner= Publisher
c) Blog author=Author
d) visitor posting
comment=Co-author
Section 79 can be invoked by
an intermediary for claiming exemption whenever the authored content can
be held to contravene any of the provisions of law.
Section 79 is not a penal section
by itself where a person can be held liable under the section. A person
can only be given exemption from liabilities arising out of say Sections
66,66A etc by virtue of the content received, stored or transmitted by
the intermediary.
Hence if a person has to be held
liable, then he should satisfy the requirements of the specific
offensive section of the respective law. For example, if a person is to
be accused of violation of copyright law, then he should infringe the
copyright of another person as per the provisions of the Copyright Act.
The means of infringement may be an electronic document which is
recognized as a written document as per Sec 4 of ITA 2008.
The liability which can be ascribed to the Intermediary who hosts a
copyright violative content is the liability that can be ascribed to a
printer in case a book is published in violation of the copyright
Act.
A "Printer" cannot be expected to
be a "Copyright Policeman" who asks for documentary evidence that the
content being printed is not violative of any legal rights of another
person. At best he can take an undertaking from the person who pays for
the printing and maintains his identity so that he knows to whom the
service is being provided.
A similar responsibility is cast on
the Blog hosting intermediary. Hence the focus of the intermediary is to
ensure that there is
a) Proper identification of the
blog space buyer
b) a Contractual agreement by the
space buyer that declares that the content is not violative of any law.
Presently, blog owners are
identified by only an e-mail ID which itself is open to being anonymous
and pseudonomous.
Most web hosting companies already
have terms and conditions which take care of the declaration but such
contractual agreement is only as effective as the authenticity of the
identification.
The proposed notification
complicates the issue involved by being more detailed than necessary.
It would have been prudent for the
department to simply state that the "Intermediary shall obtain
appropriate assurances from the users that no law would be violated".
Instead, the guideline tries to repeat the penal provisions contained
elsewhere in the Act and other law by stating that the intermediary
shall notify that the users will not display content which belongs to
another person, which is obscene , may harm minors, infringes trademark, patent
or copyright etc.
By specifying the details, the
notification is opening itself to new interpretations that are not
required in the first place.
The current system of Blog hosting
does not enable the blog owner to do the policing since the identity of
the user is not adequately established.
The only way the identity of a
Netizen can be established to the satisfaction of the law is to insist
that any blog account may be opened only on the basis of an "Electronic Signature"
as per ITA 2008.
This may not be practical for the
time being and we need to carry on the activity without the
benefit of the electronic signatures.
Where the notification has failed
is in its duty to find solutions to such critical requirements.
The notification proceeds to
mandate that
"The intermediary upon obtaining
actual knowledge by itself or been brought to actual knowledge by an
authority mandated under the law for the time being in force in writing
or through email signed with electronic signature about any such
information as mentioned in sub-rule (2) above, shall act expeditiously
to work with user or owner of such information to remove access to such
information that is claimed to be infringing or to be the subject of
infringing activity. Further the intermediary shall inform the police
about such information and preserve the records for 90 days"
It is this clause which is being
commented by many as "making Censorship easy" etc.
We may however note that this
clause mandates that the person asking for removal of an objectionable
material should be an "authority mandated by law" and should take the
responsibility for the request by making the demand through an
"Electronically signed message".
Even then, the notification only
says that the intermediary takes steps to get the information removed in
consultation with the author. The author at this stage is open to raise
an objection and defend his right to publish the said content. The
notification also suggests that the Police should be brought in to
resolve the dispute.
There is no mandate that the
intermediary shall immediately remove the content upon receiving a
notice from some body.
However if an "Authority" mandated
for the purpose, issues a notification, then the intermediary need to
follow the instruction. It is open for the "Authority" to either order
removal of content or make the publication conditional that some
disclosure is made along with the publication. Such authority has to be
the judicial authority which alone can be considered as "mandated by
law".
If therefore the notification can
be abused, it can be done only by an abuse of the current provisions of
law where judicial orders may some times be obtained by parties without
proper opportunity for the defendant to express his views.
We may recall that in one such
instance last year, an ex-parte injunction was obtained by a party
against a well known website from a Court of law in Delhi without even
serving a proper notice to the defendant. The site remains censored till
date since the owner of the site has not bothered to contest.
Had the Court decided in this case
that the website owner will only publish the content along with a notice
that it is disputed in a Court of law, perhaps he would have obliged.
The fight against "Censorship" has
to be fought elsewhere rather than in an "Enabling" rule notification.
When ITA 2008 was first proposed,
Naavi had highlighted the various provisions which were amenable for
abuse and promoted an idea that there should be a "Netizen's Rights
Protection Authority" formed to ensure that there were adequate checks
and balances.
Unfortunately the suggestions went
unheeded and no action has so far been taken.
I think that it is once again the
time to revive the proposition of "Netizen's Rights Protection
Authority" which can address the various issues being raised now in the
press.
As regards the other aspects of
"Due Diligence" contained in the notifications, these are already being
suggested for implementation under the IISF 309 (Indian Information
Security Framework proposed by Naavi). They include designation of a
compliance officer, incorporation of a grievance redressal mechanism and
the use of disclosure, privacy and terms and conditions documents to
keep the users appropriately appraised of their liabilities.
I invite the readers to go through
my earlier articles on the subject available here and contribute towards
this thought process.
Naavi
9th March 2011
Related Article in ET:
Bloggers call content regulation a gag on freedom
Earlier related
Articles in Naavi.org:
Rules to be Framed under ITA 2008 by Central Government
Cyber Cafe Regulation.. Some thoughts
ITA 2008 Compliance Blanket for Cyber Cafes
Suggested Information Security Framework for ITA 2008 Compliance
Will the Government Consult Netizens?
Comments are Welcome at naavi@vsnl.com
