More Comments on the Intermediary Guidelines

MeitY has released an addendum to the earlier 609 page consolidation of comments received  on the proposed amendments to the intermediary guidelines under Section 79 of ITA 2000.

This document is available here

This is a 85 page document (including the cover page) and contains the comments as listed below. (Page numbers as in the downloaded document).

Addendum

Sl No Name Category Page nos
1 Pawan Kaul Individual 2-5
2 J Sagar Associates Law Firm 6-9
3 ? ? 10-18
4 ? ? 19-37
5 ASSOCHAM Industry 38-53
6 US-India Strategic Partnership Forum ? 54-65
7 Global Network Initiative ? 66-69
8 Microsoft IT 70-78
9 MEDIANAMA NGO 79-83
10 ? Individual 84
11 ? Individual 85

It is interesting to observe that Microsoft has added its views to the kitty along with several NGOs active in such deliberations namely MEDIANAMA.

ASSOCHAM has provided its detailed views which is unfortunately concluding that “the interests of the Indian Internet users would not be met by enhancing the obligations of the intermediaries”. We would like ASSOCHAM to reflect on the issue of Cyber Crimes which are aided and abetted by the negligence of the Intermediaries and whether ASSOCHAM would be able to guarantee the Internet users their security against risks caused by lack of due diligence by the Intermediaries.

Some of the international fora such as US-India strategic partnership forum, Global Network Initiative have expressed their strong criticism stating that the proposed amendments are “Untra vires” the scope of Section 79 and lacks procedural safeguards.

Role of Negligent Intermediaries in Proliferation of Cyber Crimes

The concerns of these organizations may be appreciated. However, we need to find a solution to the problem of increasing Cyber Crimes, the role of negligent intermediaries in furthering the Cyber Crimes and the compelling need for the Government to safeguard the interests of the common citizen. This requires a proper regulation of the intermediaries.

All those who have commented on the notification should realize that these guidelines represent the “Due Diligence” requirement under Section 79. They are free to ignore the suggestions provided they are able to absorb the risk  of being held liable for contravention of any of the provisions of ITA 2000/8 which may arise  out of a “Message/Information” handled by them as an “Intermediary”.

It is to be also recognized that these guidelines donot create a penal provision in the law by themselves. It is only defining the conditions under which the consequences of violation of law will not result in liability against the Intermediary.

It is therefore incorrect to interpret the guidelines itself as a “Proposed Law” and invoke the bogey of infringement of constitutional rights and international conventions.

It is hypocritical for organizations in countries who specialize in introducing Stuxnet type of viruses into the system and buy viruses from underworld to carry out Information warfare,  to advise India on what it should do to protect its citizens from the impact of the Cyber Crimes.

 We rather invite these organizations to suggest measures to regulate intermediaries from the perspective of Cyber Crime control. The domain name registrars who register phishing domains, the Tor services which support the dark web etc are part of the “Intermediary”. We would like to demand if these organizations have done anything to stop the “DarkWeb” rather than crying out that it is “Impossible” to prevent the dark web which is larger than the over the ground internet activities.

Cyber Security is a Fundamental Right of “We the People of India”

The Government has an obligation to the Citizens of India for ensuring their “Security” and “Cyber Security is a fundamental Right of the Citizens” as much as “Privacy” and “Freedom of Expression”.

We strongly object to the tendency to undermine the “Cyber Security” aspect of the Fundamental Rights in preference to the protection of “Right of Exploitation of the masses by the Intermediaries” for financial gains.

The citizens of India who are concerned about Cyber Security are very much the key stake holders in this exercise and the Government cannot listen only to the business interests and take its decisions.

We strongly oppose any move of the Government to succumb to these pressures. We are aware that these vested interests are capable of moving the Supreme Court and the Supreme Court has the power and the inclination to take over day to day administration of the Executive by interfering in every administrative order of the Government.

We are also aware that this strategy to create policy paralysis by drawing the Supreme Court into every action of the Government suits the politicians who want to shut down the Government function and harm it’s agenda of progress.

Yet, we trust that the Government will not yield and face the challenge of the objections that will be raised in the Supreme Court.

We also trust that the Supreme Court which is headed by the CJI who not so long ago held a press conference and declared that it is accountable to the people of India, does not ignore the need for “Cyber Security” as fundamental to the exercising of “Other Fundamental Rights” including “unfettered right of abuse of law under the guise of Freedom of Expression”.

In this context, Intermediaries need to contribute to the protection of Citizens and “Due Diligence” is a legitimate expectation of the society. These guidelines are meant to ensure that Intermediaries are responsible and remain responsible.

Let us once for all decide if “Cyber Security” is a fundamental right or not and in a situation of conflict with other fundamental rights, whether it is desirable to subordinate the security to other rights.

FDPPI suggestions balance out the conflicts

The suggestions made by FDPPI (Foundation of Data Protection Professionals in India: www.fdppi.in ) have several features that balance out the requirements of the industry and the need for cyber security. It addresses most of the concerns expressed by others. I invite readers to examine it in depth.

The time available before 14th February for submission of counter comments may not be sufficient to analyze all the comments individually within this time frame, though I would like to do so. However, I will try to provide some additional comments in the coming days why the suggestions made in the FDPPI note (pages 21-28 of the first document of 609 pages) address most of the concerns expressed by others.

Naavi

 

This entry was posted in Cyber Law and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.