Let's Build a Responsible Cyber Society




Facebook and ITA 2008-Need for Practicing Due Dilgence

Facebook has been under the center of a controversy in India for "Non Compliance of ITA 2008". It is reported that due to a security failure several thousands of Facebook users received a spam content which was then used to compromise the respective accounts of the user. Consequently links were reportedly posted which introduced a "Trojan" . It is reported further that the trojan stole some photographs posted on the facebook profile, morphed it into pornographic pictures. (See this TOI report)

Facebook however has denied any serious damage and has stated that it has taken suitable steps to correct the security issue. Commenting on the security lapses frequently arising in Facebook, experts have warned Facebook that legal action can be taken against Facebook for various issues related to ITA 2008.

Facebook is considered an "Intermediary" under Indian law and is expected to follow "Due Diligence" as per the provisions of the Act. Failure to follow due diligence could make Facebook liable for any offence committed by the users making use of the Facebook platform. An offence for which Facebook Inc is liable will also hoist civil and criminal liability on any Facebook employee who is in charge of the operations as well as on its CEO.

Facebook has consciously hid its presence in India and though they have an office in Hyderabad, the contact details are not available. Though this office may be a development office, it is the representative of Facebook Inc in India and is legally answerable to the Indian judicial system on behalf of Facebook Inc. Hence civil and criminal action arising out of ITA 2008 can be launched against Facebook officials working in India. Alternatively as USA did in the case of Dmitry Sklyrov, Indian law enforcement may catch a Facebook official travelling into India. Additionally, Indian Government may also block Facebook from India as a means of forcing compliance by Facebook.

It is therefore essential that Facebook needs to establish an ITA 2008 compliance regime for its services offered in India. The recent mass hacking of Facebook provides sufficient ground for the Indian Government to take action on the company if required.

Naavi had an occasion to personally correspond with Facebook authorities in the recent days (described more fully below) and it appeared that Facebook has not fully appreciated its responsibilities under ITA 2008. Hopefully better counsel would prevail in the coming days.

Identity Issues

Recently another interesting dispute came up regarding the facebook account of the writer Salman Rushdie. (See this article) It is stated  that Facebook deactiviated the genuine account of Salman Rushdie demanding proof of his identity. Mr Rushdie was made to fight for his right to be represented in his own name and eventually was able to convince Facebook that he was the genuine Salman Rushdie.

Naavi also went through a similar experience in the last two months. One fine day a few months back, Naavi found that he could not register the short ID "Naavi" to be used along with his main facebook account.  When checked it was found that http://www.facebook.com/naavi pointed to a profile of one Ms Navaneetha Rajesh. Naavi then issued a notice to the user through her message space and also served a notice to Facebook under Section 79 of ITA 2008 stating that there is an infringement of a registered trademark ("naavi" is a registered trademark owned by me) by a user of Facebook and this should be corrected. Subsequently Naavi also presented arguments how there could be copyright implications also. Technically I was making the same arguments as what Salman Rushdie was making to claim the right to use the ID which we are entitled to use as per law even on Facebook.

After a prolonged battle, Facebook finally stated as follows:


Hi Vijayashankar,


.. the username "naavi" appears not to be associated with any content at this time. We understand this to resolve your issue. If as you read this, the username is not available to be requested via our self-service system, it may become available in the future on a first-come, first-served basis, at which point you may request it for your own use.

Thank you,

User Operations


What the above reply meant was that they had disabled the use of "Naavi" as a short ID. As a result the URL http://www.facebook.com/naavi" no longer pointed to a profile of any user and returned "The page you requested was not found." message. However the application has not released the name for registration at this point of time.

While this has addressed the "Trademark Infringement" issue,  it has still not enabled the use of the trademark by me as a natural claimant.

This issue brought to focus a new responsibility on Facebook regarding how they need to address the C2C disputes arising out of their service.

Since Facebook is trying to establish a system of "Short IDs", it is to be expected that there will be the same kind of disputes that we find in the domain name area coming up in Facebook. There will be intended and unintended impersonation, infringement of trademark etc and disputes will be raised. ITA 2008 states that there needs to be a "Grievance Officer" to attend to the grievances.

Additionally Facebook type of service providers which includes all the social networking sites need to put in place an appropriate dispute resolution mechanism on the lines of ICANNs UDRP process or some thing better.

One suggested approach is

a) On receipt of a complaint, the matter has to be brought to the attention of the other user who is alleged to have committed the infringement for his/her counter.

b) On receipt of the response an "Ombudsman" attached to the service provider may take a call if the dispute can be settled one way or the other or call for further information until he is satisfied. The Ombudsman may first make an attempt to mediate a settlement rather than imposing his decision unless it is forced and the evidence is compelling.

c) In the event of a failure to mediate, the matter can be referred to an online arbitration system.

The above approach would be an improvement over the current UDRP system where there is a direct escalation of a complaint into an arbitration that is expensive. The registrars of domain names at present donot operate dispute resolution mechanism through mediation which could resolve at least some of the disputes amicably without the hassles of an arbitration.

I suppose other service providers would take a cue from the above incidents and introduce appropriate dispute resolution mechanism as a part of their service.



Nov 17, 2011


 Comments are Welcome at naavi@vsnl.com