It is a common practice for domain registrars to provide a facility called “Privacy Protect” where by the WhoIs information of a domain is hidden from the public view. Neither ICANN or some GDPR supervisory authorities have understood the proper concept of “Privacy” since in most cases, websites are owned by organizations and there is no “Privacy” involved. Even if some e-mail address is available, it is a “Business E Mail Address”.
The “Privacy” is a contention only in case of individual domain name owners and even here it is judicially unacceptable that an individual would like to place his views in the public domain but wants to hide his identity.
Every person who places information in the public must own the consequences of such publication and allow any recipient of the information an opportunity to take legal action where required. Intermediaries like GoDaddy who hide the information or Google which hides the originating IP address from the recipient are actually abetting the information owner to send messages which may be defamatory or threatening or otherwise illegal to remain anonymous and escape legal liability.
I give below an example of a website www.the-file.in which calls itself a “media” website and its contact page gives its address as “Bengaluru”
When we checked with the domain name registrar namely GoDaddy, we got a reply that they would respond only to a “Subpoena”.
Such practices must be stopped forthwith since such anonymous postings can be used by persons like Greta Thunberg or Disha Ravi to spread hate messages besides other cases of defamation etc.
Naavi.org has therefore sent a request to the MeitY to come out with a “Mandatory Disclosure Guideline” for Intermediaries under section 79 of ITA 2000 which already mandates that the name and address of a “Grievance Officer” nee be disclosed on the website but most websites ignore.
We need the Government to take suitable action to bring some order to the chaotic world of Internet if we want to avoid the use of Internet for spreading global chaos.
A Copy of the letter sent to the Ministry is available here:
The Honourable Minister of IT
Sub: Need to issue “Guidelines for mandatory Disclosure on Websites”
We are aware of the phenomenon of “Fake Social Media Accounts” which are used for spreading fake messages either for political reasons or personal reasons. This issue is being addressed in the new Personal Data Protection Act (PDPA) by providing an option to the Social Media User to get himself verified. Though Twitter has a system of “Verification” it is noted that the system is not transparent and is biased. As and when the new PDPA comes into effect, there would be a possibility that “Social media intermediaries” will be mandated to introduce an acceptable system of user verification.
However, the PDPA provision is not going to apply to ordinary websites and it does not even apply to sending of e-mails in false names.
It is often considered that “Right to hide the identity” is a part of the “Privacy Right”. But this is not fully correct and is often misused to commit offences. Many organizations which donot have “Privacy” rights also quote “Privacy” to hide their real identity.
In view of this when an individual gets an e-mail from say gmail.com, neither the published name nor the IP address is reflecting the sender. If the recipient is unhappy with the message and considers it either as defamatory or threatening or committing any other offence, he will not be able to take any legal action against the sender.
In the messaging applications like WhatsApp the identity of the user is the responsibility of the Admin who stands in the shoes of an “Intermediary”. In Gmail, Google is the intermediary and in the case of other websites, the hosting company or the domain registrant company are the intermediaries.
If the recipient of a message wants to initiate any legal action, he is now required to ideally file a case in a Court and request for an order to be issued on the intermediary. This is both expensive and time consuming. The other option is to file an FIR and request the Police to send a CrPc notice. This works only in case of criminal offences, and requires the police to agree to take action following the filing of a complaint. For various reasons we know that Police donot want to register and FIR and even when registered, do not take investigative action.
In such situations, the recipient has absolute right to know the sender’s details without any legal procedures. But at present getting such information requires either a registration of a complaint with the Police or filing of a case in the Court.
Most websites register their domain name under the “Privacy Protected” scheme where the registrar hides the WhoIs identity of the domain registrant. Under ITA 2000, websites are expected to provide the contact details of the “Grievance Officer”. Most responsible companies do give information on “About Us” but rarely provide proper physical address to which legal notices may be sent. Many times, Websites are created on the basis of “Brand Names” and the legal name of the organization is not revealed on the website at all.
For example, I am giving below a web page from the website of a company which calls itself as a “Media Company” and maintains a website under the URL www.the-file.in. This is the “Contact”
Page where the address is given as “Bengaluru”. There is no other contact information on any of the pages but it publishes many articles which border on defamation of some Government officials.
I have tried to contact the “Registrar”, GoDaddy.com indicating that the contact information is required for pursuing our legal rights and got the reply that they respond only on a subpoena.
(Full reply is enclosed in Annexure I)
The Godaddy website does not indicate the “Grievance Officer” and the e-mail address of the “contentcomplaints@godaddy” from which this reply was received, indicates that like Twitter, and WhatsApp, Godaddy does not respect Indian laws and does not give an Indian grievance redressal option.
There is therefore an urgent need to initiate action to ensure that all Websites which are available to the Indian audience and particularly those who are directing their services to Indian population, and more so those who call themselves as “Media”, need to follow certain norms of disclosure so that any aggrieved person can initiate action to either get a content removed or to take action for defamation etc.
If this is not done some unscrupulous persons will resort to “shoot and scoot” tactic to harass people and also to create chaos and anarchy.
I therefore request the MeitY to issue a guideline that the instructions under Section 79 of Information Technology Act 2000, every “Intermediary” including websites shall provide real and correct name and address of the owner of the website and the owner of the content to enable “Accountability” for the content.
Where the intermediary is unable to identify the end content owner, the buck should stop with the intermediary who should bear the civil and criminal liabilities arising out of the publication.
These websites though they may call themselves as “Media” or “TV” are not run by professional journalists and are often run as “Yellow Journals” to extort money with the threat of defamation. They should ideally be run by accredited “Journalists” or “Registered News Vendors” who may be registered by the Ministry.
The suggestion is not meant for censorship of any content but to ensure that the right of an Indian to take legal recourse through the appropriate judicial forum is not frustrated by hiding the identity of the persons who post content as “news”.
This instruction can also be given under the State Police Act but it is better if the MeitY issues a proper guideline under Section 79 of Information Technology Act 2000.
In all such cases, I have been requesting the Police to include the intermediary as the first accused in the FIR so that they either provide the information for further action or own the responsibility themselves. I request you to advise the Ministry of Home Affairs to issue necessary instructions to all the Cyber Crime Police Stations in India to take note of this.
I request you to kindly do the needful