Facebook and ITA 2008-Need for Practicing Due Dilgence
Facebook has been under the center of a
controversy in India for "Non Compliance of ITA 2008". It is
reported that due to a security failure several thousands of
Facebook users received a spam content which was then used to
compromise the respective accounts of the user. Consequently
links were reportedly posted which introduced a "Trojan" . It is
reported further that the trojan stole some photographs posted
on the facebook profile, morphed it into pornographic pictures.
(See this TOI report)
Facebook however has denied any serious
damage and has stated that it has taken suitable steps to
correct the security issue. Commenting on the security lapses
frequently arising in Facebook, experts have warned Facebook
that legal action can be taken against Facebook for various
issues related to ITA 2008.
Facebook is considered an "Intermediary"
under Indian law and is expected to follow "Due Diligence" as
per the provisions of the Act. Failure to follow due diligence
could make Facebook liable for any offence committed by the
users making use of the Facebook platform. An offence for which
Facebook Inc is liable will also hoist civil and criminal
liability on any Facebook employee who is in charge of the
operations as well as on its CEO.
Facebook has consciously hid its presence in
India and though they have an office in Hyderabad, the contact
details are not available. Though this office may be a
development office, it is the representative of Facebook Inc in
India and is legally answerable to the Indian judicial system on
behalf of Facebook Inc. Hence civil and criminal action arising
out of ITA 2008 can be launched against Facebook officials
working in India. Alternatively as USA did in the case of Dmitry
Sklyrov, Indian law enforcement may catch a Facebook official
travelling into India. Additionally, Indian Government may also
block Facebook from India as a means of forcing compliance by
It is therefore essential that Facebook needs
to establish an ITA 2008 compliance regime for its services
offered in India. The recent mass hacking of Facebook provides
sufficient ground for the Indian Government to take action on
the company if required.
Naavi had an occasion to personally
correspond with Facebook authorities in the recent days
(described more fully below) and it appeared that Facebook has
not fully appreciated its responsibilities under ITA 2008.
Hopefully better counsel would prevail in the coming days.
Recently another interesting dispute came up
regarding the facebook account of the writer Salman Rushdie.
(See this article) It is stated that Facebook
deactiviated the genuine account of Salman Rushdie demanding
proof of his identity. Mr Rushdie was made to fight for his
right to be represented in his own name and eventually was able
to convince Facebook that he was the genuine Salman Rushdie.
Naavi also went through a similar experience
in the last two months. One fine day a few months back, Naavi
found that he could not register the short ID "Naavi" to be used
along with his main facebook account. When checked it was
http://www.facebook.com/naavi pointed to a profile of one Ms
Navaneetha Rajesh. Naavi then issued a notice to the user
through her message space and also served a notice to Facebook
under Section 79 of ITA 2008 stating that there is an
infringement of a registered trademark ("naavi" is a registered
trademark owned by me) by a user of Facebook and this should be
corrected. Subsequently Naavi also presented arguments how there
could be copyright implications also. Technically I was making
the same arguments as what Salman Rushdie was making to claim
the right to use the ID which we are entitled to use as per law
even on Facebook.
After a prolonged battle, Facebook finally
stated as follows:
the username "naavi" appears not to be associated with any
content at this time. We understand this to resolve your
issue. If as you read this, the username is not available to
be requested via our self-service system, it may become
available in the future on a first-come, first-served basis,
at which point you may request it for your own use.
What the above reply meant was that they had
disabled the use of "Naavi" as a short ID. As a result the URL
http://www.facebook.com/naavi" no longer pointed to a
profile of any user and returned "The page you requested was not
found." message. However the application has not released the
name for registration at this point of time.
While this has addressed the "Trademark
Infringement" issue, it has still not enabled the use of
the trademark by me as a natural claimant.
This issue brought to focus a new
responsibility on Facebook regarding how they need to address
the C2C disputes arising out of their service.
Since Facebook is trying to establish a
system of "Short IDs", it is to be expected that there will be
the same kind of disputes that we find in the domain name area
coming up in Facebook. There will be intended and unintended
impersonation, infringement of trademark etc and disputes will
be raised. ITA 2008 states that there needs to be a "Grievance
Officer" to attend to the grievances.
Additionally Facebook type of service
providers which includes all the social networking sites need to
put in place an appropriate dispute resolution mechanism on the
lines of ICANNs UDRP process or some thing better.
One suggested approach is
a) On receipt of a complaint, the matter
has to be brought to the attention of the other user who is
alleged to have committed the infringement for his/her
b) On receipt of the response an
"Ombudsman" attached to the service provider may take a call
if the dispute can be settled one way or the other or call
for further information until he is satisfied. The Ombudsman
may first make an attempt to mediate a settlement rather
than imposing his decision unless it is forced and the
evidence is compelling.
c) In the event of a failure to mediate,
the matter can be referred to an online arbitration system.
The above approach would be an improvement
over the current UDRP system where there is a direct escalation
of a complaint into an arbitration that is expensive. The
registrars of domain names at present donot operate dispute
resolution mechanism through mediation which could resolve at
least some of the disputes amicably without the hassles of an
I suppose other service providers would take
a cue from the above incidents and introduce appropriate dispute
resolution mechanism as a part of their service.
Nov 17, 2011