Let's Build a Responsible Cyber Society



 Proposed Rules U/s 79 and Internet Censorship

The draft rules notified under Section 79 have evoked belated responses in the Press about the adverse effect of some of the suggested provisions related to freedom of speech.

Let's therefore analyze the complete impact of the draft rules.

The rules are to be considered as subordinate to the parent provision in the Act and hence we need to understand the scope of the relevant parent section before commenting on the rule.

Section 79 of ITA 2008 has to be read along with Section 2(w) of the Act which defines the term "Intermediary".

For ready reference, Section 79 states as follows:

Sec 79: Exemption from liability of intermediary in certain cases

(1) Notwithstanding anything contained in any other law for the time being in force but subject to the provisions of sub-sections (2) and (3), an intermediary shall not be liable for any third party information, data, or communication link made available hosted by him.

(2) The provisions of sub-section (1) shall apply if-

(a) the function of the intermediary is limited to providing access to a communication system over which information made available by third parties is transmitted or temporarily stored; or
(b) the intermediary does not-

(i) initiate the transmission,
(ii) select the receiver of the transmission, and
(iii) select or modify the information contained in the transmission

(c) the intermediary observes due diligence while discharging his duties under this Act and also observes such other guidelines as the Central Government may prescribe in this behalf

(3) The provisions of sub-section (1) shall not apply if-

(a) the intermediary has conspired or abetted or aided or induced whether by threats or promise or otherwise in the commission of the unlawful act
(b) upon receiving actual knowledge, or on being notified by the appropriate Government or its agency that any information, data or communication link residing in or connected to a computer resource controlled by the intermediary is being used to commit the unlawful act, the intermediary fails to expeditiously remove or disable access to that material on that resource without vitiating the evidence in any manner.

Explanation:- For the purpose of this section, the expression "third party information" means any information dealt with by an intermediary in his capacity as an intermediary.

According to Section 2(w) of ITA 2008, 

"Intermediary" with respect to any particular electronic records, means any person who on behalf of another person receives, stores or transmits that record or provides any service with respect to that record and includes telecom service providers, network service providers, internet service providers, web hosting service providers, search engines, online payment sites, online-auction sites, online market places and cyber cafes.

From the above, it can be seen that the objective of Section 79 is to state

a) An Intermediary is prima-facie liable for consequences arising out of third party information, data or communication link hosted by him.

b) The liability will be exempted if the conditions stated in the section are fulfilled. The conditions can be roughly called "Due Diligence" and the proposed notification tries to specify what may constitute "Due Diligence".

The current need for us is to understand what are the conditions under which the exemptions apply. The provisions of the section are further elaborated by the said draft notification.

The first condition that needs to be satisfied for the exemption is that the subject entity claiming exemption must be an "Intermediary" as defined in Section 2(w) of the Act.

The Act provides a generic definition along with some examples. Accordingly, it includes "telecom service providers , network service providers, internet service providers, web hosting service providers, search engines, online payment sites, online-auction sites, online market places and cyber cafes."

In respect of Cyber Cafes, the regulations are further described in another notification of which also a draft has been released.

Beyond the examples provided, we need to note that "any person" who on behalf of another person receives, stores or transmits that record or provides any service with respect to that record, can be considered as an intermediary.

Most of the present comments about "Freedom of Speech" arises from the fact that the draft rules make a special mention of "Blogs" and "Bloggers" which was not defined in the parent section.

In the case of a Blog there are multiple persons who provide intermediary services. For example the Blog platform is hosted by a "domain name owner" and by the "owner of the blog hosting server". Content may be edited by an "Editor". The Blogger is the person who may post content either in the body of the blog post or as a comment.

The draft notification defines a "Blog" as a "type of website, usually maintained by an individual with regular entries of commentary, descriptions of events, or other material such as graphics or video. Usually blog is a shared on-line journal where users can post diary entries about their personal experiences and hobbies;"

A close examination of the section 2(w) of ITA 2008 reveals that the examples quoted refer to auction sites and market places and not "blogs". The generic definition speaks of an "electronic record" which is sent by one person to the intermediary who receives, stores and transmits that electronic record.

It is therefore clear that "Intermediary" is the owner of the device that receives, stores and transmits an electronic record namely the web hosting company which hosts the content or the blog.

Blogs are of several kinds. One is where the blogger owns the domain name and hires the hosting space from another service provider. Another is a person who uses the blog platform of another blogging service provider who himself hires the space and application from another service provider. Any user of such a "Blog" is a person who contractually obtains lease of the electronic space for the purpose of "publishing" a content. The user may use the space for publishing a content owned by him or use the space for publishing the content owned by others. (including the comments).

The relationship of the Blog owner, the person posting the comment and the Blog hosting company can be equated to the following  in a print publication.

a) Web hosting company=Printer

b) Blog owner= Publisher

c) Blog author=Author

d) visitor posting comment=Co-author

Section 79 can be invoked by  an intermediary for claiming exemption whenever the authored content can be held to contravene any of the provisions of law.

Section 79 is not a penal section by itself where a person can be held liable under the section. A person can only be given exemption from liabilities arising out of say Sections 66,66A etc by virtue of the content received, stored or transmitted by the intermediary.

Hence if a person has to be held liable, then he should satisfy the requirements of the specific offensive section of the respective law. For example, if a person is to be accused of violation of copyright law, then he should infringe the copyright of another person as per the provisions of the Copyright Act. The means of infringement may be an electronic document which is recognized as a written document as per Sec 4 of ITA 2008.

The liability which can be ascribed to the Intermediary who hosts a copyright violative content is the liability that can be ascribed to a printer in case  a book is published in violation of the copyright Act.

A "Printer" cannot be expected to be a "Copyright Policeman" who asks for documentary evidence that the content being printed is not violative of any legal rights of another person. At best he can take an undertaking from the person who pays for the printing and maintains his identity so that he knows to whom the service is being provided.

A similar responsibility is cast on the Blog hosting intermediary. Hence the focus of the intermediary is to ensure that there is

a) Proper identification of the blog space buyer

b) a Contractual agreement by the space buyer that declares that the content is not violative of any law.

Presently, blog owners are identified by only an e-mail ID which itself is open to being anonymous and pseudonomous.

Most web hosting companies already have terms and conditions which take care of the declaration but such contractual agreement is only as effective as the authenticity of the identification.

The proposed notification complicates the issue involved by being more detailed than necessary.

It would have been prudent for the department to simply state that the "Intermediary shall obtain appropriate assurances from the users that no law would be violated". Instead, the guideline tries to repeat the penal provisions contained elsewhere in the Act and other law by stating that the intermediary shall notify that the users will not display content which belongs to another person, which is obscene , may harm minors, infringes trademark, patent or copyright etc.

By specifying the details, the notification is opening itself to new interpretations that are not required in the first place.

The current system of Blog hosting does not enable the blog owner to do the policing since the identity of the user is not adequately established.

The only way the identity of a Netizen can be established to the satisfaction of the law is to insist that any blog account may be opened only on the basis of an "Electronic Signature" as per ITA 2008.

This may not be practical for the time being and we  need to carry on the activity without the benefit of the electronic signatures.

Where the notification has failed is in its duty to find solutions to such critical requirements.

The notification proceeds to mandate that

"The intermediary upon obtaining actual knowledge by itself or been brought to actual knowledge by an authority mandated under the law for the time being in force in writing or through email signed with electronic signature about any such information as mentioned in sub-rule (2) above, shall act expeditiously to work with user or owner of such information to remove access to such information that is claimed to be infringing or to be the subject of infringing activity. Further the intermediary shall inform the police about such information and preserve the records for 90 days"

It is this clause which is being commented by many as "making Censorship easy" etc.

We may however note that this clause mandates that the person asking for removal of an objectionable material should be an "authority mandated by law" and should take the responsibility for the request by making the demand through an "Electronically signed message".

Even then, the notification only says that the intermediary takes steps to get the information removed in consultation with the author. The author at this stage is open to raise an objection and defend his right to publish the said content. The notification also suggests that the Police should be brought in to resolve the dispute.

There is no mandate that the intermediary shall immediately remove the content upon receiving a notice from some body.

However if an "Authority" mandated for the purpose, issues a notification, then the intermediary need to follow the instruction. It is open for the "Authority" to either order removal of content or make the publication conditional that some disclosure is made along with the publication. Such authority has to be the judicial authority which alone can be considered as "mandated by law".

If therefore the notification can be abused, it can be done only by an abuse of the current provisions of law where judicial orders may some times be obtained by parties without proper opportunity for the defendant to express his views.

We may recall that in one such instance last year, an ex-parte injunction was obtained by a party against a well known website from a Court of law in Delhi without even serving a proper notice to the defendant. The site remains censored till date since the owner of the site has not bothered to contest.

Had the Court decided in this case that the website owner will only publish the content along with a notice that it is disputed in a Court of law, perhaps he would have obliged.

The fight against "Censorship" has to be fought elsewhere rather than in an "Enabling" rule notification.

When ITA 2008 was first proposed, Naavi had highlighted the various provisions which were amenable for abuse and promoted an idea that there should be a "Netizen's Rights Protection Authority" formed to ensure that there were adequate checks and balances.

Unfortunately the suggestions went unheeded and no action has so far been taken.

I think that it is once again the time to revive the proposition of "Netizen's Rights Protection Authority" which can address the various issues being raised now in the press.

As regards the other aspects of "Due Diligence" contained in the notifications, these are already being suggested for implementation under the IISF 309 (Indian Information Security Framework proposed by Naavi). They include designation of a compliance officer, incorporation of a grievance redressal mechanism and the use of disclosure, privacy and terms and conditions documents to keep the users appropriately appraised of their liabilities.

I invite the readers to go through my earlier articles on the subject available here and contribute towards this thought process.


9th  March 2011

Related Article in ET: Bloggers call content regulation a gag on freedom

Earlier related Articles in Naavi.org:

Rules to be Framed under ITA 2008 by Central Government

Cyber Cafe Regulation.. Some thoughts

ITA 2008 Compliance Blanket for Cyber Cafes

Suggested Information Security Framework for ITA 2008 Compliance

Will the Government Consult Netizens?

 Comments are Welcome at naavi@vsnl.com