The recent issue of Sulli deal and Bulli Bai apps being hosted on GitHub has exposed GitHub to liabilities under ITA 2000 as a Significant Social Media Intermediary (It is estimated that there are 5.8 million users from India).
According to Git hub it is primarily a “Repository” of code. At the same time it also provides services for hosting the code on a website which becomes a publishing service.
In the copyright law, software code is considered as “Literature” and an “Expression”. Hence hosting of codes to directly render services from Github servers like the Sulli deal and Bulli Bai can be classified as publishing activity.
Hence Git Hub is liable both under IAT 2000 and the new Intermediary Guidelines of February 25 as well as the new law coming under DPA 2021 applicable for Significant Social Media Platform.
As an Intermediary and a Paltform, GitHub has to provide for identification of the users, appoint a local compliance officer and be accountable. It cannot take excuse that it is not an Indian Company or it’s servers are in India etc even if it is owned by Microsoft.
Microsoft may claim that it is only the owner of the basic platform and each hosted app is a separate service provided by the users. This would mean that Microsoft itself is a cloud service intermediary and would escape direct liability as long as it can identify the wrong doers.
In the Sulli Deal and Bulli Bai cases therefore, the law enforcement has a strong case againstĀ Microsoft to enforce the law and expect them to co-operate beyond just removing the applications, which is the first step. Now Git hub should be able to preserve the evidence under section 65 and 79 about the transactions in the account including IP address information for a minimum period of last 6 months.
I hope the Government and CERT-IN should take steps to ensure that Git Hub does not make it difficult for law enforcement to get necessary information to continue their investigations.
Naavi
