Allahabad High Court trapped in another political PIL

Posted on January 6, 2019 by Vijayashankar Na

We are aware that the innocuous MHA order on designating 10 agencies through which a competent authority can order interception of electronic communication for reasons of security of state etc., has already been questioned through two PILs in the Supreme Court. These PILs have been filed by the professional PIL advocates M.L.Sharma and Amit Sahni. They are now pending for admission.

We have already discussed the issue involved through several articles listed below.

The Second Awakening… What is there in Rules of Oct 27, 2009 on Section 69?
The Second Awakening… What is Section 69?
Snooping and Section 69 of ITA 2000: Beyond Politics, Distrust and Passion..The second awakening
Agencies empowered under Sec 69. No Need to raise a false alarm

We have categorically stated that Section 69 provides for empowerment of a “Competent Authority” which is the “Secretary of Home Ministry” at the Center and the State, for interception as per the provisions of law as stated in Section 69 of ITA 2000/8 read with the accompanying rules. The law provides for such interception for reasons which are specified in Article 19(2) as reasonable restrictions to the fundamental rights of Privacy. The rules are comprehensive and provides for “Written Instructions stating the purpose of intended interception” to be valid for a limited period of 60 days (renewable for a maximum of 180 days). It also provides for a review by another committee as provided under the Telegraph Act. There is also a provision for destroying the information after its use and punishment for contravention of the rules.

Under such comprehensive guidelines, what the recent MHA order did was to indicate which were the agencies through which the competent authority may exercise its powers. By designating 10 agencies for this purpose, the Government has restricted the use of the powers of interception and prohibited it’s use except through these agencies which will be accountable for following the guidelines through the “Nodal Officers” that they need to designate.

The different PILs were therefore drafted without a basic understanding of law and only for the purpose of publicity and placing hurdles on Governance by the Government.

While the PILs in the Supreme Court are pending, it is strange that the Allahabad High Court has admitted another PIL filed by one Mr Saurabh Pandey and issued notices to the Government. It is common sense that when the superior Court is considering a similar petition, the lower Court could have avoided a duplication of efforts by suggesting the petitioner to either approach the Supreme Court and join the other petitioners or advise him that the petition is redundant.

The Court should have considered that it is sitting on public expense and there should be some discretion  in taking up such worthless petitions. It is a waste of public money and a needless obstruction of the Government in discharging its legitimate duties.

In the continuation of this article, we shall address the issues raised point by point and show why the petition is not worth admission. The same arguments also hold good against the petitions of Amit Sahni and M.L.Sharma at the Supreme Court.

… Continued

Naavi

 

 

Reference:

The MHA Notification
Section 69
Section 69 Rules of 2009

Report at bar and bench

Posted in Cyber Law | Leave a comment

Anti Data Localization Lobby and Anti Aadhaar lobby working to push PDPA Bill to the June Session?

Posted on January 5, 2019 by Vijayashankar Na

A Strong lobby in the industry is working against the Personal Data Protection Bill being passed with the current provisions which the Justice Srikrishna Committee has suggested.

The principal objection of the lobby is to the provision of the Bill which will require applicable organizations to store such data within India.

This provision is similar to the restrictions placed under GDPR that data cannot be transferred outside the EU unless certain pre-conditions are satisfied and just as the GDPR provides exceptions under which personal data can be sent across the border, Indian law also provides that the data has to be stored locally and provides exemptions under which data can be sent outside India.

But the lobby which objects to these provisions has been trying its best to convince the Government to drop the data localization aspects of the Bill. However, it appears that the current Government is not so easily amenable to such pressures and is strongly inclined to retain the data localization aspects.

So, as a strategy to delay the inevitable and hopefully kill the provision, the lobby is now trying to plant stories that suggest that the Government may not introduce the bill now and wait for the next Government to take charge after the elections.

According to a news report in Economic Times an official of the Government either from the MeiTy or the Law Ministry  is reported to have stated that the Bill is sent to the Law Ministry for vetting and the Law Ministry feels that they can take time to complete their task since the Bill is not to be presented now.

The report has all the hall marks of a fake planted news to create a perception that this is the way to go…. Delay the passage of the bill so that the bill does not get passed for the time being and hopefully the next Parliament will be favorable to the influence of the lobby.

I request the Government not to fall prey to such a design of the Anti-Data Localization lobby. Firstly it is possible that the current Government may not be able to get a brute majority it wants to run the Country without interference from the corrupt. Even if they succeed to retain majority in the Loksabha, the problems of the Rajya Sabha will continue to prevent passage of any bill which the opposition does not like.

More importantly, if the Current Government does not show the resolve to pass the Data Protection Bill, it will give ammunition to the anti-Aadhaar lobby that the Government is never serious on Privacy and hence the commitments given by the Government during the Aadhaar judgement are not going to be fulfilled. This will be one of the strongest grounds on which the Aadhaar review petition would be argued.

I therefore urge the Government not to yield to the pressures of such officials (If the report is true) who want the bill not to be presented and passed while the current Government is under control.

The bill has been drafted by none other than under the supervision of Justice Srikrishna and substantial public debate has already taken place. Whatever further changes are to be made can be done within one or two sittings if necessary. There is no reason for the Law Ministry to take more than one week or 10 days to finalize the provisions and make further progress towards the passage of the Bill. I therefore consider that there is no reason for the law ministry to take a long time to finalize the changes.

I would even suggest that the Government should pass an ordinance before the Supreme Court tries to hear the Aadhaar review petition so that the Court will not have an excuse to believe the contention of the petitioners that the Government does not have intention of passing necessary legislation to protect the privacy.

Looking forward to the Government taking suitable action to ensure that PDPA bill is presented and passed at the earliest.

Naavi

 

Posted in Cyber Law | Tagged , | Leave a comment

Meity Needs to take assistance of techno legal experts on Section 79

Posted on January 3, 2019 by 98410spice

It has become a fashion for some advocates to raise an alarm on anything that the Government does to curb Cyber Anarchy. These people who consider that the Supreme Court is their backyard, keep lodging PILs opposing every action of the Government trying to clog the Indian judicial system and keep the Government from doing anything worthwhile.

I am not against “Criticizing” the Government which I have done in a large measure all through the years. But Criticism should be with an honest desire to improve the Governance and not to put hurdles on normal functioning of the Government. Most of the critics on Section 69 MHA order or Section 79 consultation note are only interested in preventing the Government from pursuing its routine functions.

The Section 79 issue where the MeiTy has issued a note for public comments is yet to reach the Courts since the public consultation process is on. The Ministry has called for a Round Table with public invitation for  participation on Twitter on 5th January 2019. (Link : https://twitter.com/goi_meity/status/1080702303445889025?s=21) .

In the meantime more public debates are likely to help better clarity.

FDPPI (Foundation of Data Protection Professionals in India) will also hold a web based round table next Thursday.

In the meantime, Naavi.org would like to place its views before the professional community so that when they interact with the MeitY on 5th, they can keep the following information in the back of their mind.

But whatever be the decision of the Government with or without public consultation, the matter is likely to be also challenged in the Supreme Court. In order to ensure that media does not hijack the debate with false narratives, we are providing here some additional information for the general understanding of all including the media persons.

What is New in the Guidelines?

For the convenience of all the readers, a comparison of the present guidelines and the proposed guidelines is available here. 

It must be remembered that Section 79 has been in existence since 17th October 2000 but modified on 27th October 2009. The Intermediary guidelines have also been in existence since 27th October 2009 and what we are discussing now is a modification to this.

The Critical Changes

There are three notable changes and two significant changes that need discussion.

The first notable change is that under Rule 3, two new paragraphs have been added to the content guidelines. It suggests that the intermediaries shall advise the users not to host, display, upload, modify, publish, transmit, update or share any information that

– threatens public health or safety; promotion of cigarettes or any other tobacco products or consumption of intoxicant including alcohol and Electronic Nicotine Delivery System (ENDS) & like products that enable nicotine delivery except for the purpose & in the manner and to the extent, as may be approved under the Drugs and Cosmetics Act, 1940 and Rules made thereunder;

– threatens critical information infrastructure.

The above is an addition to other points already mentioned in the earlier version.

This is the notice to be given to users of an intermediary service and by itself does not criminalize such action.

The suggested list of information which are not to be hosted etc., can be referred to as “Objectionable Content” and it is possible to interpret it as “Placing a curb on freedom of expression”. But we need to debate if it is reasonable and recognize that it is meant to afford protection to the intellectual property rights, crimes against minors, crimes such as defamation, impersonation, obscenity, spreading of virus etc besides the reasonable restrictions under Article 19(2) of the Constitution.

The second notable change is the replacement of Rule 3(4) with new paragraphs (5) and (8). This change is attributed to the Shreya Singhal judgement and inserts the words “When required by lawful order…” the intermediary shall provide information/assistance within 72 hours. It also provides that upon an order from a Court or an appropriate authority, and when it relates to Unlawful acts related to Article 19(2) of the Constitution of India shall remove the content within 24 hours thereafter.

These two new paragraphs are reproduced here.

(5) When required by lawful order, the intermediary shall,

-within 72 hours of communication, provide such information or  assistance as asked for by any government agency or assistance  concerning  security  of  the  State  or cyber  security;  or  investigation  or  detection  or prosecution or prevention of offence(s); protective or cyber security and matters connected with or incidental thereto.

-Any such request can be made in writing or through electronic means stating clearly the purpose of seeking such information or any such assistance.

-The intermediary shall enable tracing out of such originator of information on its platform as may be required by government agencies who are legally authorised.

(8) The intermediary upon receiving actual knowledge

–in the form of a court order, or on being notified by the appropriate Government or its agency under section 79(3)(b) of Act

–shall  remove  or  disable  access  to  that  unlawful  acts  relatable  to  Article  19(2)  of  the Constitution of India

–such as in the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States, public order, decency or morality, or in relation to contempt of court, defamation or incitement to an offence, on its computer resource without vitiating the evidence in any manner,

as far as possible immediately, but in no case later than twenty-four hours in accordance with sub-rule (6) of Rule 3.

Further the intermediary shall preserve such information and associated records for at least ninety days one hundred and eighty days for investigation purposes, or for such longer period as may be required by the court or by government agencies who are lawfully authorised.

The above two requirements are well within the reasonable powers of the Government and the legal provisions including the Supreme Court judgement.

The next important change suggested is that the intermediary shall inform its users,

-at least once every month,

– that in case of noncompliance with rules and regulations, user agreement and privacy policy for access or usage of intermediary computer resource, the intermediary has the right to immediately terminate the access or usage rights of the users to the computer resource of Intermediary and remove non compliant information.

This is a question of providing monthly reminders so that if and when this right is exercised, the user is not surprised and run to the Supreme Court with a complaint.

This requirement may require a tweaking of the technology to recognize the “Last Log in” and provide a pop up notice or an e-mail notice.

This would be an interesting development since in many cases the e-mails may bounce because they are false and then the Intermediary should recognize that there is a need to redflag the user. In a way this could put a check on the “Fake Accounts” by putting the intermediary on alert.

I request the Government not to yield if the intermediaries raise an objection on this provision.

Management Localization

One of the significant changes is that intermediaries having more than 50 lakh users now need to have a local establishment with a permanent local address and a nodal officer for 24×7 coordination with law enforcement agencies.

This would be sweet news for the Police because only those who have handled Cyber Crime investigations know how difficult the intermediaries get when a Cyber Crime investigator asks for information. The Google, Face Book and Twitter are in the forefront of such stonewalling of investigations and will obviously oppose this provision tooth and nail.

Again this is an issue on which the Government should not buckle down under pressure.

Proactive Tools

Another significant change is the imposition of a responsibility on the intermediary that they deploy

–technology based automated tools or

–appropriate mechanisms,

–with appropriate controls,

– for proactively identifying and removing or disabling public access to unlawful information or content

Opposition to this change has been mounted on the ground “How do we identify what is unlawful?

I would only like to say …Well, if you know what is lawful, you know what is unlawful and it is the duty of every one of us to know what is lawful.

We are today in the era of Artificial Intelligence. All the major intermediaries are already using AI for profiling the users from the content that they post or access. Despite the privacy regulations like GDPR, the Googles and FaceBooks or Twitters are unlikely to stop profiling and using it for generating revenue through targeted advertising.

If profiling for targeted advertising is possible, it is also possible for profiling for identifying the unlawful activities.

Encrypted Information

Problems will persist with WhatsApp where the company may actually dealing with “encrypted content” and therefore not amenable for content analysis. Considering that the rule talks about “Appropriate Controls”, “appropriate mechanisms”, it is possible for WhatsApp that in the honest case of it not being able to decrypt the message, it should be exempted from the obligation to decrypt content.

Alternatively, if they are technically capable of decryption and content analysis, then they can provide the necessary technology through technical means without any manual intervention so that “Privacy” of honest users is not adversely affected. If the algorithm decrypts and analyses the content for certain key words all within the application space, then confidentiality of information can be maintained to the satisfaction of the users from the “Privacy” perspective.

It may not however be easy to make the Supreme Court understand this concept of “Algorithmic decryption and content analysis not amounting to privacy infringement”.

I hope the techno-legal advisers of MeiTy would be able to provide assistance to the AG when this matter comes up with the Supreme Court. Just as the Supreme Court called upon the Airforce officials in the Rafael matter to understand the technical issues, the Court should not hesitate to ask the assistance of techno legal experts to understand how “Information can be decrypted and searched within the application data space” with only the identified objectionable content being taken out for legal action and leaving others to be kept confidential from the Privacy perspective.

I hope the above factors will be taken note of by the MeitY.

Naavi

Previous Articles:

Shreya Singhal is Back again!

New Intermediary Guidelines… Legitimate and Well within the rights of the Government: 
Proactive technology tools to identify violation..new intermediary rules: 
New Intermediary Guidelines.. Intermediaries need to have Indian Subsidiaries..: 
Intermediary Guidelines.. Who is and who is not an intermediary?: 
Draft Intermediary Guidelines 2018… Public Comments invited:
Copy of the guidelines: 

P.S: The last date for submission of comments extended upto 31st January 2019. The comments would be put up on the website on 4th February and counter comments accepted upto 14th February 2019… http://meity.gov.in/writereaddata/files/Extention_Guidelines_2018.pdf

Posted in Cyber Law | Tagged , , | Leave a comment

Naavi’s 5×5 Data Trust Score System… some clarifications

Posted on January 2, 2019 by 98410spice

Based on some of the comments received to my article on Data Trust Scoring System yesterday,  I am providing the following clarifications:

It is a Framework

The concept named “Naavi’s 5×5 Data Trust Score”© System  is a new concept introduced to meet the suggested requirements under the Personal Data Protection Act 2018. It is a framework under assessments can be converted into a “Score”.

Assessments will however be done by individual auditors and the detailed criteria for assigning the ratings for each of the domains would be left to the auditor based on their understanding of  PDPA 2018.

In the past (March 2009), Naavi had proposed a similar measurable criteria for assessing ITA 2008 compliance under the Indian Information Security Framework (IISF-309)  Under this framework, Ujvala Consultants Pvt Ltd had published detailed assessment guideline used for its audits.

The framework started as a 21 point system in 2009 and has now evolved into a 30 point framework represented below .

Just as the framework itself evolved from a 21 point system in 2009 to a 30 point system the detailed guidelines used within these different headings have also gone through some  changes.  Additionally, the Theory of Information Security Motivation and the Total Information Assurance Concept supplemented the framework.

Similarly, the DTS system as proposed is also expected to undergo a change as we go along. A decision to publish the detailed assessment criteria therefore may be taken after the concept  attains some maturity in the testing ground of Naavi.

Probably the framework will also assist the Data Protection Authority of India when it comes up with its own thoughts on this matter.

Subjectivity

The DTS scoring is an end result of an audit which includes evaluation of Technical controls based on a Risk assessment, Policies and Procedures that meet the legal interpretations in PDPA 2018 as well as an assessment of the behavioural state of the manpower involved.

Hence the system cannot eliminate subjectivity based on the experience and understanding of the Auditor.

However, if the interpretations are from the same school of thought, the differences in DTS score between different auditors could tend to a small range of uncertainty.

Weightages

The current article presents a framework and there could be an adaptation based on assignment of different weightages to different domains used by different auditors including Ujvala Consultants Pvt Ltd.

Within the five domains, there could be several sub domain definitions to narrow down the evaluation criteria.

Naavi.org may publish its recommended  weightage criteria from time to time  based on its assessment of the market environment. At this point of time when PDPA 2018 is still a draft, it is reasonable that the weightage is kept simple and equal.  Hence all the 5 domains have been given an equal weightage of 20% each. The auditor may assign values between 0-100 in each of the five domains and fit it into the grade between E to A and also present a consolidated DTS for an organization at a given point of time.

Hygiene Factor Treatment

While discussing motivational theories, we discuss what is known as a “Hygiene Factor” which Professor Herzeberg introduced.  Under this concept certain aspects if present has zero value as a motivator but if not present, would have a value as a de-motivator.

I have tried to suggest that this concept may be adopted into the assignment of either the wieghtage itself  or to the assignment of values under each domain.

What this means is that the weightage  or  value assigned may drop suddenly to zero at a threshold point. Values may be assigned on a continuous basis only above this threshold value.

Factors such as Commitment and Knowledge were referred to as “Hygiene” factors in my article yesterday. A similar approach could be extended to other domains as well. If adopted, the threshold level represents the values below which the auditor would not to even assign any score. These are the flexibilities that need to be considered as the system evolves over time.

Level II Score

The Level II criteria which indicates the trend over a minimum three year period will have a notation as an extention of DTS such as “DTS 55+” or “DTS 55-“ indicating whether it is improving or declining and may show even an acceleration factor by representing the score as“DTS55++” or “DTS 55–“. It can also be “DTS55+- or DTS55-+”. (Here 55 is the weighted score of an organization based on the approved weightages).

The Level II scoring is a thing of the future since it requires a minimum three year span to decide

Further Development

The Data Trust Score or DTS system proposed here is a concept which can be developed in due course with the assistance of other professionals who find the concept useful.

Probably some students or academically oriented practitioners may test the concept in specific corporate environments to make the concepts clearer.

Naavi

[P.S: We are in an academic debate on this concept and views from the readers will be very valuable]

Related Article in Computer Weekly.com

Posted in Cyber Law | Tagged , , , | 6 Comments

Naavi’s Data Trust Score Model unleashed in the New year

Posted on January 1, 2019 by 98410spice

At the dawn of the new year, India is on the threshold of a new “Data Protection Regime”. While the critics will continue to debate the Data Localization and the RTI related objections, the Government is likely to quietly go about its Governance duties by pushing through the bill currently titled “Personal Data Protection Act 2018”.

When the law eventually comes into operation, there will be a Data Protection Authority (DPA) which needs to provide several guidelines and rules of practice.

In the meantime, “We the Professionals shall adopt our own Data Protection Constitution of India” to protect the Data Sovereignty of our country, provide adequate “Data Security” for the e-Citizens of India and provide a Citizen’s model of Data Protection Regime that can make the work of the DPA easy. In order to ensure that the regulations eventually made by the DPA are complied voluntarily and without pain, there has to be a synchronization between what the Citizens perceive to be a reasonable self regulation and what the regulator eventually imposes.

Since it may take at least one more year for the DPA’s own regulations to be out with the public, Naavi.org with its associate activities such as Cyber Law College would try to put up its own methodologies which could be the thought starters.

In this journey towards a Responsible Data Protection Regime in India, Naavi presents the Data Trust Score model that he would be adopting for Data Audits conducted by him through Ujvala Consultants Pvt Ltd. This may be considered as a thought under development and would evolve over a period of time. Presently it is referred to as the “Naavi’s 5×5 Data Trust Score Model” (5×5 DTS)

What is Data Trust Score

Data Trust Score is a suggestion of the draft PDPA 2018 presented by Justice Sri Krishna Committee. Even if the concept is modified or even deleted when the draft becomes a law, the concept will always be relevant as a  rating of different organizations against how they adopt and implement the recommendations of PDPA 2018.

According to PDPA 2018, an annual “Data Audit” is mandatory for all organizations processing personal data and the data auditor may assign a rating in the form of “Data Trust Score” to the Data Fiduciary pursuant to such audit.

According to the Act, the DPA will specify the criteria for assigning a rating in the form of a Data Trust Score having regard to various factors such as

a) Clarity and Effectiveness of Notices under Section 8 (Collection of data)

b) Effectiveness of the measures adopted under Section 29 (Privacy by Design)

c) Transparency in relation to processing activities under Section 30(Transparency)

d) Security Safeguards adopted pursuant to Section 31 (Security Safeguards)

e) Instances of personal data Breach and response of the data fiduciary

Naavi’s Approach

Naavi has developed an approach to assigning a Data Score based on an assessment of  the requirements of compliance under 5 different base Foundation criteria on a scale of 5 namely A, B,C,D and E with A being at the top and E being at the bottom. C will be the minimum acceptable criteria for considering an organization compliant.

Naavi recognizes that “Compliance is a journey” over time and it is unfair to judge an organization as a snap shot. This is the fundamental weakness in many of the current rating mechanisms.

Naavi therefore considers rating of DTS over two levels. The first level is the snapshot at a particular point of time. The second level is the change over time with a minimum period of 3 years.

Just as in the financial analysis we use the Balance Sheet as a snap shot of the financial health of an organization and the Funds flow statement as a barometer of managerial prudence in funds management, the Level I and Level II DTS rating would capture the inherent strength of an organization in Data protection compliance.

For the Second level DTS to be evaluated, there has to be a minimum time span with annual data audits of atleast 3 consecutive periods to be available. It will therefore be a rating which can be released after next 3-5 years.

Level I DTS can however be a reality even now and continue when the DPA announces a formal criteria.

Five Foundation Domains

Naavi has clubbed all the requirements of PDPA into Five basic domains namely

  1. Commitment of the management
  2. Knowledge  of the Organizational manpower
  3. Controls for implementation
  4. Review mechanism for improvement
  5. Redressal mechanism for grievances for the Data Principals

On the vertical coordinates, the assessment on each of these principals is assessed on the scale of E to A from the bottom.

To reduce the DTS Score for a single parameter, a weightage of the evaluation on this 5×5 grid would be adopted. The weightage can be equal (20%) for all five domains and the vertical scale moving from 0-20, 21-40, 41-60, 61-80,and 81-100.

In due course, a view would be taken on whether the domain weightage can be changed from an equal 0.2 for each domain to a differential rating where say Commitment could be 25%, Knowledge could be 15%, Controls could be 30%, Review would be 10% and redressal 20% etc.

In the beginning years, weightage has to be more on Commitment and Knowledge. In later years Commitment would be a hygiene factor, Knowledge would be high. Controls need to be modified from time to time because technology would change and hence greater attention would be required. Review would be a managerial discretion supported by the mandatory requirements and hence would also be a hygiene factor. Redressal will be the distinguishing factor between organizations which would be protecting data because of regulatory compulsion vs its own belief systems and hence may require to have a high weightage along with Controls.

The Second level weightage would depend on the trend of the score whether it is improving or declining or is being maintained.

A typical representation of how the assessment may look for two different organizations is shown in the accompanying picture above.

Certified Data Auditor

The suggested system above will be part of the “Certified Data Auditor” training that Cyber Law College would be undertaking in the coming days.

Comments are invited from the readers on the above concept.

I urge entities like the Foundation of Data Protection Professionals of India (FDPPI) to take this idea further and develop.

Naavi

P.S:  The word “Hygiene”has been used here as some thing which would become a mandatory need which has low positive value if it is there but will have negative value if it is not there. It is a term used in the motivational theory of Professor Herzberg.

Some additional clarifications based on comments received have been posted as a follow up.

2nd January 2019

 

Posted in Cyber Law | Tagged , | 8 Comments

Shreya Singhal back again!

Posted on December 31, 2018 by 98410spice

The last time Ms Sherya Singhal approached the honourable Supreme Court with a PIL to squash Section 66A of ITA 2000/8, she was successful. The Supreme Court obliged her petition and scrapped Section 66A of the Act.

In the process, she exposed the vulnerabilities of the Court in its inability to understand certain aspects of technology particularly when the Attorney General was also not interested in making a fair argument.

It was interesting that the then CJI himself commented at the time of the admission of the case “We were wondering why no body had challenged this so far”, indicating that the Court had pre-determined to a certain extent on what to do.

She also exposed the vulnerability of the system that if a Police Constable makes a wrong interpretation of law, instead of challenging his mistake, the law itself may be removed. The only requirement was to some how link the mistake to Fundamental Rights in the Constitution so that the highest court of the land starts seeing the issue with blinkered vision.

Just to clarify, Section 66A addressed the harmful effect of an electronic message sent through a communication device (Say an E Mail or SMS or even the WhatsApp Message) which could cause annoyance to the recipient. But the Court got convinced that any “Publishing” such as Face Book, Twitter or even a website also came within the purview of the Section though ITA 2000/8 had provided different sections such as Sections 67/67A/67B to address the adverse effects of “Publishing” of obscene information and left out the Defamation issues through electronic documents to be handled by IPC.

The Police in Palghar Facebook case as well as other instances such as Karti Chidambaram’s Twitter related complaint and some cartoonist’s cases involving websites, had booked the FIRs under Section 66A by mistake and this mistaken inclusion of Section 66A became the reason for the litigation that Section 66A violated the Constitutional right of Freedom of speech which reached all the way to the Supreme Court .

In a bid to exhibit its commitment to “Freedom of Expression”, the Court  interpreted the provisions of the section as causing a “Chilling Effect” and struck it down. The Court refused to read down the section and insisted that the section has to be removed though a large part of the section also addressed spamming, phishing, cyber bullying and cyber stalking.

Though later other benches of the same Court agreed that Section 66A should be re-introduced with changes, the Government did not make the move since it did not like to open up another debate on curbing of freedom of expression.

In the bargain, “Freedom to Abuse” became “Freedom of Expression”. This will in my opinion remain as one of the dark moments of Cyber Jurisprudence in India.

Now it is reported that Ms Shreya Singhal is likely to approach the Supreme Court this time with an objection to the recent Section 69 related order of the MHA and the Amendments to the Intermediary rules under Section 79.

Refer report here

It would be interesting to note that already two PILs have already been filed on the MHA order and this will be the third PIL. Considering that the last Section 66A Case started with the bench remarking that “We were waiting…” the comments that will come up now at the time of admission are worth watching.

Naavi

Refer Earlier Articles

Previous Articles:

Shreya Singhal is Back again!

New Intermediary Guidelines… Legitimate and Well within the rights of the Government: 
Proactive technology tools to identify violation..new intermediary rules: 
New Intermediary Guidelines.. Intermediaries need to have Indian Subsidiaries..: 
Intermediary Guidelines.. Who is and who is not an intermediary?: 
Draft Intermediary Guidelines 2018… Public Comments invited:
Copy of the guidelines: 

P.S: The last date for submission of comments extended upto 31st January 2019. The comments would be put up on the website on 4th February and counter comments accepted upto 14th February 2019… http://meity.gov.in/writereaddata/files/Extention_Guidelines_2018.pdf

Posted in Cyber Law | 1 Comment