Naavi.org

Naavi’s Cyber Law Compliance Center (CLCC) has so far announced a program to build a Society of Cyber Law Compliant  Netizens/Organizations in India which requires a code of conduct to be developed. We intend suggesting the code of conduct through a series of policy documents published through CLCC which can be adopted as a “Standard”. We have already released a “WhatsApp Group Administration Policy” which may be adopted  by any WhatsApp group admin subject to a free registration of the group to the CLCC.

A question has been raised by one Admin if there is any way of getting a legally valid evidentiary confirmation for the users having adopted the policy. It has been suggested that at present the policy is notified by reference to the link to the document at the CLCC at the time a member joins the group.

However, it has been suggested that CLCC can act in conjunction with ceac.in to provide a “Certified E Mail Delivery Service” through which the notices can be served to the users. This may however be offered at a fee and details can be discussed when there is a specific enquiry.

In the meantime, CLCC has also worked on a Voluntary “Data Breach Notification Policy”. Such a policy is often mandated by regulators in many countries. In India there is no Privacy law for the time being and the reference to data breach notification as a policy is available in ITA 2000/8 but not very specific.

We however consider that such a policy is part of the recommended “Good Practice” for all entities which want to build a trust with its customers before picking up their data for any service. We also feel that such a practice will instill a sense of discipline amongst the Information Security Professionals in an organization. It is also envisaged that having a data breach notification practice  will also create a short circuiting of liabilities before they accumulate and blow up on a later day and hence should be of interest to Cyber Insurance Companies to suggest it as a mandatory practice.

Since Data Breach Notification Policy will be only of commercial interest, we intend to make it available on request at this point of time. Requests may be sent by email to Naavi indicating the organization for which it is expected to be used.

Naavi

Bengaluru is hailed as the Silicon Capital of the country.  A few years back there was an announcement made that Bengaluru would be made the Cyber Security Capital of the country. Startups still consider that this is the City to be in. Even established Start Up promoters like Mr Vijay Shekar Sharma of Paytm has indicated his interest in shifting his personal base to Bengaluru. We already have IT giants like Azim Premji, Nandan Nilekani and Mohan Das Pai with their own funding propositions for start ups.

These should be considered as opportunities to push growth of Start Up business which requires low infrastructure support and has high visibility. Unfortunately, the State Government does not seem to have a good understanding of the E-Business. Its past trophies such as the “First Cyber Crime Police Station in India”, E Governance initiatives such as “Bhoomi” and more recent achievements in the implementation of Aadhar etc are slowly gathering dust with either no achievements or more alarmingly some negative achievements.

One of the main areas of concern is the “Law and Order” in Cyber Space in India where the Government has failed miserably to put proper laws in place and is trying to do its best in creating hurdles which are discouraging the e-entrepreneurs.

Firstly, in January 2011, the then IT Secretary acting as the “Adjudicator” declared that the word “Person” used in Section 43 of ITA 2000/8 did not extend to corporate bodies. As a result any Corporate body was considered as not being capable of invoking Section 43 either for or against another corporate entity. As as result even Section 66 became purely a section meant for “individuals” and any cyber crime committed by a Company or against a Company was outside Section 43 and Section 66.

By an extension of this revised definition of the word “person” which is against the definitions used in other laws including the General Clauses Act, most sections of ITA 2000/8 have been rendered impotent forcing me to claim that Karnataka is now a “Cyber Criminal’s heaven”.

This issue remains unresolved since the appellate body namely Cyber Appellate Tribunal is dysfunctional for the last 4 years without a Chair person having been appointed and unlikely to be resolved until the NJAC stand off is amicably settled between the Government and the Judiciary.

More recently, the ignorance of the Government was also revealed in the passage of the Indian Registration Act 1908 amendment bill which has now gone to the President for assent which is considered ultra-vires ITA 2000/8. (Status of assent unknown at this point of time).

Now today’s Economic Times indicates that the Karnataka Government is expected to come out with a new rule called “On Demand Transport Technology Aggregator’s Rules, 2015”

This has raised or will raise a new controversy on the powers of the State to meddle with ITA 2000/8.

I wish the taxi companies such as Uber and Ola also watch this space since they have committed some mistakes in the past which has reduced their bargaining power as to the definition of the business of “Aggregations” over the electronic network. If this is not properly addressed now, there will be precedence s created which will hurt the interest of several other businesses.

I recall my own opinion expressed earlier on these columns in which I considered that what Taxi For Sure or Ola or Uber were doing was a glorified call center business (Now called by the fancy name aggregators) and they have to be treated as such and not as “Taxi Companies” requiring Taxi licenses.

The Kolkata Police authorities appear to hold a similar view though Delhi and Karnataka Governments may not agree because they are looking at it only from the point of view of taxation and not otherwise.

The proposed rules from Karnataka (details not yet available with Naavi) may further complicate the issue with a Government backed notification which may consider Uber/Ola as “Technology Aggregators” but would like to pass a regulatory notification.

The issue is similar to the issue of regulation of Cyber Cafes where State Governments in the past passed laws that are in conflict with ITA 2000/8. Similar situations may arise in the case of these Taxi aggregators.

If these companies are “Techology Aggregators”, they may come directly under some provision of ITA 2000/8. Then the power to make the rules may be in conflict with Section 90 of ITA 2000/8 which states as under.

Section 90 (ITA 2000/8): Power of State Government to make rules

(1) The State Government may, by notification in the Official Gazette, make rules to carry out the provisions of this Act.

(2) In particular, and without prejudice to the generality of the foregoing power, such rules may provide for all or any of the following matters, namely –

(a) the electronic form in which filing, issue, grant receipt or payment shall be effected under sub-section (1) of section 6;

(b)for matters specified in sub-section (2) of section 6;

(3) Every rule made by the State Government under this section shall be laid, as soon as may be after it is made, before each House of the State Legislature where it consists of two Houses, or where such Legislature consists of one House, before that House.

Apart from the immediate concern on the way Uber or Ola may be regulated,  the issue is of larger concern to the E Commerce industry in general.

For example, any legal precedence established and accepted in the case of aggregators of taxi services may directly affect the definition of an “Intermediary”. Technology based aggregations occur in cases such as Oyo rooms, Make My Trip, Flipkart, Paytm, 99acres.com and many many other services.

It is imprudent to consider each of the “aggregators” as carrying the same legal liability for the down stream domain business in which they operate.

For example,

If I am a real estate aggregator, am I liable as a real estate builder?, If I am a hotel room aggregators, do I need license to run hotel business? If I aggregate airline tickets, do I need to have air line ticketing license?,

Such discussions will directly hurt the growth of E Commerce in India and the “Digital India” project.

In the reverse,

If I am already an established aggregator who is accepted by the Government say as supplier of food to railway passengers, Can I claim to be part of the Indian Railways?..

If I am an aggregator of banking services, can I claim I already have a deemed banking license?

If I am an aggregator of medical services, can I claim myself to be a recognized hospital?… these are the issues which will come up for debate.

Such discussions will make the Government moves look absurd.

I therefore draw the attention of the Karnataka State Government and the Government of India to think twice before such legislations on E-Commerce are permitted under Section 90 of ITA 2000/8.

I call upon the industry to also respond immediately so that they will not be required to fight a “fait accompli” on a later date.

Naavi

Related Articles:

Govt frames rules for cab aggregators like Ola, Uber

New State policies could spoil the arty for taxi aggregators like Ola and Uber

Why It is a mistake to think of Uber as a Technology Company (January 15, 2015)

Government Fails to understand Uber Business (Dec 11, 2014)

Uber failed in ITA 2008 Compliance (December 11, 2014)

Cyber Law Compliance Center started by Naavi.org is a pilot project in pursuance of the fundamental objective of Naavi.org viz “Towards Building a Responsible Cyber Society”, in the immediate context of building a “Secure Digital India”.

“Securing” the digital space is a multi dimensional task which involves Technology, Cyber Law and Management of the Behavioural aspects of IT users. Of these three parameters, “Technical” aspects are being addressed by several technology specialists. Naavi.org will focus more on the Legal aspects of Information Security and would pursue the behavioural science aspects to a minor extent.

In actual application, Legal Aspects of Information Security manifest in the form of

a) Developing policies and procedures in the IT environment for the users to follow

b) Assisting the Government in the formulation of appropriate laws

c) Fighting for Better Cyber Laws from the Authorities

d) Fighting for Better implementation of Due Diligence requirements in the Corporate sector

e) Fighting against misapplication of law by law enforcement 

f) Fighting against mis-interpretation of law by the Judiciary

g) Working for better Cyber Law Education at all levels

h) Working towards the  wider acceptance of the concept of Cyber Insurance at all levels such as policy making levels in the Government, Service offerings at the Insurance Companies and the proper use of the services at the consumer levels

The past 17 years of work of Naavi since 1998 represent numerous activities towards achieving these objectives.

Continuing the activities of the past, it is felt that a greater emphasis is now required in spreading the message of Cyber Law Compliance and its benefits amongst the Corporate circles. While bigger companies have the resources to buy appropriate expert services and achieve a desired level of compliance, they still lack the appreciation of why they should work for better legal compliance in the IS environment.

Naavi has therefore proposed an intense “Cyber Law Awareness  drive in Corporate Circles” starting from Bangalore. This will be one of the objectives of the Cyber Law Compliance Center as proposed by Naavi.org.

Additionally, the Cyber Law Compliance Center (CLCC) intends to offer additional Cyber Law Compliance Services in the form of  sharing Policy Documents that can be used by Companies and Individuals as part of their due diligence requirements under law. This will be supplemented by consultancy services and support services as may be required.

While some of the services of the CLCC may be offered free, certain support services which will require time and efforts of Naavi may be offered at a price which ofcourse will be reasonable.

Some of the support services include the services explained under different arms of naavi.org such as CEAC (Cyber Evidence Archival Center), Cyber-Notice Service, e-Ombudsman Service, Online arbitration service, Domain Name related services, Cyber Insurance related services  etc. Readers can explore the menu links from which they can get more information on these services.

The model  WhatsApp Admin  policy document thrown open for adoption by the WhatsApp group admins in one such service which has now gone live. It is proposed that any person who would like to use the service may register himself by providing his name and Contact details besides some information on the group to which the policy is being adopted.

This process of registration is meant to build a community of  Cyber Space users who voluntarily comply with Cyber Laws . We call them the  “Society of Cyber Law Compliant Netizens”.  Such Netizens can be individuals or organizations. The basic premise is that any body who would be a member is interested in “Voluntary Cyber Law Compliance” as an ethical practice and would be taking whatever steps are possible within his domain of activity towards this goal.

Naavi has proposed such thoughts in the past in the context of Home Based Medical Transcription workers, though without much success.  However, with each passing year, it appears that the age old suggestions of Naavi.org are becoming more and more relevant and the prospect of the thoughts being accepted is increasing.

I therefore place this thought of “Society of Cyber Law Compliant Netizens” who by a voluntary self declaration to be Cyber Law Compliant, before the readers. Suggestions on how this can be implemented in practice are welcome. Similarly if there are any suggestions of developing any of the services envisaged on a larger scale with participation of other experts and even on a commercial platform if feasible are welcome.

Naavi

After the arrest of WhatsApp Group Admins by the Latur Police it has become necessary for all Netizens who want to use WhatsApp and more specifically create and become Admins, to protect themselves from possible prospect of arrest.

Though if the Police are knowledgeable, they should not arrest any WhatsApp admin for the content posted by the members, one cannot  trust the Police to apply law properly.

We can also not trust the judiciary to understand the intricacies of WhatsApp  usage.

Hence the possibility of Latur case being repeated is a distinct possibility.

Naavi in his bid to assist in the development of “Secure Digital India” has therefore suggested a model policy to be adopted by WhatsApp administrators which should satisfy the Police and Judiciary that the Admin is exercising “Due Diligence” and unless the admin himself is directly liable for any offence, he need not be charged with an offence attributed to a message that passes through the system.

As a part of the service of the Cyber Law Compliance Center, we therefore launch a model policy which can be adopted by any WhatsApp administrator.

We suppose that adoption of the policy will significantly mitigate the risk of the innocent group admins from being held liable.

There is also a suggestion that Cyber Law Compliance Center may provide assistance in grievance redressal through its e-ombudsman, or arbitration.in service.

The service of offering an adopted use of the policy document is a pilot service launched for the benefit of the Netizen community in India and  can be accessed through CLCC page in the menu item. The WhatsApp admin policy would be offered free for non commercial purpose but a “Registration” and “Getting Permission” from Naavi is essential.

We suppose this will be one of the first steps towards making the Indian Information Security Framework (IISF-309) an open source document for the benefit of SMEs who want to be Cyber Law Compliant.

Please send your comments and suggestions.

Naavi

We are familiar with the words “Ignorance is no excuse in law”.  But when law is in a state of constant evolution and re-interpretation, it is difficult not to question how will “Ignorance” be tested. Just as many other principles of law are being over turned, this adage also deserves a fresh look.

Normally this adage “Ignorance is no excuse” applies to “Ignorance of law”. “Ignorance of fact” cannot be put in the same light as such “Ignorance of Fact” may be argued as similar to “Mistake of Fact” that could be considered as a “Valid defense” particularly when it is supported  by “Due Diligence” and “Good Faith”.

Even the “Mistake of Law” is considered as capable of being held out as a valid defense under the following circumstances

-When the law has not been published;
-When the defendant relied upon a law or statute that was later overturned or deemed unconstitutional;
-When the defendant relied upon a judicial decision that was later overruled; or
-When the defendant relied upon an interpretation by an applicable official.

However some of the recent developments in India particularly involving the interpretation of Cyber Law indicate that often mistakes committed by the lower end of law enforcement often result in new laws being created out of ignorance.

One such example recently is the discussion on the liability of a WhatsApp group administrator on the contents posted in the group by an user. This discussion followed the action of the Latur Police in Maharashtra who arrested a Whats App group administrator for a content that was posted in the group.

According to this report in Deccan Chronicle , a rumoured message was doing rounds, which included the following message:

‘3,000 armed men are roaming in parts of Solapur district with the intention of kidnapping children.’

The Police have booked a case using sections 153 of the IPC (promoting enmity and ill will), section 34 and section 67 of IT Act, 2000.

To understand how “Ignorance creates new law”, we need to look back on the Shreya Singhal judgement of the Supreme Court on Section 66A of ITA 2000/8 delivered on 24th Marh 2015.  (Refer to the many articles on this site about the judgement)

In this case, Supreme Court ruled that Section 66A of ITA 2000/8 was unconstitutional since it violated Article 19 of our Constitution and went ahead to scrap the section. This famous (infamous?) case originated because the policemen in Palghar, Maharashtra arrested two ladies one for posting a message on a facebook page and the other for clicking on “I like” button against that message. The Supreme Court in its wisdom held that the action of the Police was violative of the “Freedom of Expression” guaranteed by our constitution.

It must however be reiterated that while it was correct for the Supreme Court to defend the freedom of expression and the freedom to say what the objected face book post said, it was incorrect for the Supreme Court to hold Section 66A of ITA 2008 as a law was made to curb such freedom of expression and hence the Court was wrong in scrapping the section.

However, if we turn the pages of the brief history of the Section as it appeared in the media and continues to appear in the media, it appears that Supreme Court did a great thing by defending the democratic principles which was being stiffled by the Section. Many experts also supported the scrapping of Section 66A on the grounds which the Supreme Court considered as correct.

In the process, a new law was created in India that the erstwhile provisions of Section 66A which the Supreme Court struck down was in deed violative of the constitutional right of freedom of speech. If in future similar laws are passed, then the judgement in this Shreya Singhal case can be held out as a precedent.

Naavi.org has consistently maintained that application of Section 66A to the Palghar case was wrong ab-initio and this mistake of the police should have been struck down by various Courts since Section 66A did not apply to “Publishing” of electronic content but only applied to “Message” sent from one communication device to another. This fundamental difference between “Publishing” and “Messaging” was blurred by the erroneous judgement of the Supreme Court in this case.

We donot know when this mistake of law will be corrected in future.

The Latur Case

Now the arrest of WhatsApp administrator by the Latur police (and earlier by Agra Police) and the media reports that are coming through there after indicate that we are in the process of re writing another piece of law based on the mistaken action of the police at the lowest rung of law enforcement.

I also note that many experts in the field of Cyber Law have endorsed the action of the Police either consciously or otherwise in the course of expressing their opinion which goes towards building an opinion that what the police have done is correct.

Naavi.org however does not want to contribute to the proliferation of an erroneous opinion being created and though it looks odd to contradict all other experts, we would like to go on record with our opinion.

Before I proceed further I would like to state however that if I am a policeman and I spot a message either on WhatsApp or in an Off the Air interception of a mobile communication or even a over hearing of a conversation in a bar in which one is speaking to another indicating commission of an offence of any nature, more so if it can disturb public peace or national integrity, I would swing into action and try to apprehend the alleged offenders to prevent commission of a crime. This does not mean however that I would arrest the owner of the bar in which the conversation was held or the mobile service provider who facilitated the conversation. I may however contact them for information on the conversatonists whom I need to identify and continue my further investigation. If I feel that they are aware of the identity of the conversationists but are not sharing the information, I will then threaten them with legal action and if they are obstinate, I may then arrest them “for withholding evidence and interfering with the lawful duty of the officer”. All my other comments must be viewed with this caveat.

Now coming back to the case of the arrest of the WhatsApp Administrators, I refer to the following reports

1.Indian Express of 10th October 2015

2.The Hindu Report of 8th OCtober 2015

3.The Hindu report of 13th October 2015

4.Newsminute Report of 20th October 2015

5.Track.in report of 12th October 2015

6.Deccan Chronicle Report of August 14, 2015

7.Times of India report of 9th February 2015 (Agra incident)

and many other similar reports.

To start with let’s see the sections under which Police seem to be building a case. There are three sections mentioned namely Section 153 and 34 of IPC and Section 67 of ITA 2000/8.

These sections are reproduced here for immediate reference:

Section 153 in The Indian Penal Code

 Wantonly giving provocation with intent to cause riot—if rioting be committed—if not committed.—

Whoever malignantly, or wantonly, by doing anything which is illegal, gives provocation to any person intending or knowing it to be likely that such provocation will cause the offence of rioting to be committed, shall, if the offence of rioting be committed in consequence of such provocation, be punished with imprisonment of either description for a term which may extend to one year, or with fine, or with both; and if the offence of rioting be not committed, with imprisonment of either description for a term which may extend to six months, or with fine, or with both.

Section 34 in The Indian Penal Code
Acts done by several persons in furtherance of common intention.—

When a criminal act is done by several persons in furtherance of the common intention of all, each of such persons is liable for that act in the same manner as if it were done by him alone.

Section 67 in The Information Technology Act, 2000
Punishment for publishing or transmitting obscene material in electronic form. –

Whoever publishes or transmits or causes to be published or transmitted in the electronic form, any material which is lascivious or appeals to the prurient interest or if its effect is such as to tend to deprave and corrupt persons who are likely, having regard to all relevant circumstances, to read, see or hear the matter contained or embodied in it, shall be punished on first conviction with imprisonment of either description for a term which may extend to three years and with fine which may extend to five lakh rupees and in the event of second or subsequent conviction with imprisonment of either description for a term which may extend to five years and also with fine which may extend to ten lakh rupees.

A quick glance at these section indicate that

a) Section 67 applies only to material which is lascivious or appeals to the prurient interests. The subject message is no where near this definition. Hence this section is not applicable. In the unfortunate event of the Shreya Singhal error repeating in this case, we will be redefining the meaning of “lascivious” and “prurient interest” to “alerting the community for a danger from kidnappers of children”.

b) Section  153 of IPC applies when an “illegal act” has been committed and some body uses it to provoke others into  causing “offence of rioting” and 

c) Section 34 applies when a “Criminal act” is committed by a number of persons.

In my reading of these sections, first an illegal act has to be committed, then there has to be a provocation to riots using the illegal act as a reason and there has to be several persons involved in such an act if Sections 153 and 34 of IPC are to be applied.

Here, Section 67 of ITA 2000/8 is an independent section that defines an illegal activity and Section 153 of IPC is dependent on Section 67 and Section 34 is further  dependent on Section 153.

Since Section 67 is considered applicable for “Publishing or Transmitting of Obscene Electronic Content”,  unless the “objectionable message” falls into the category of  “Publishing or Transmitting of Obscene Electronic Content”, no offence is made out under any of these sections.

Hence the entire case filed by Latur Police is without a proper basis and arrest of WhatsApp administrators is a gross misuse of law which should be questioned under the Human Rights Act. (Unfortunately Human Rights Activists in India are only interested in protecting terrorists and criminals and not genuine victims and hence no body may come to the rescue of these hapless WhatsApp administrators).

Now let us turn our attention to another aspect. If the content had been different and it was say promotion of terrorist ideologies. Then we need to discuss whether the WhatsApp platform can be considered as equivalent to a “Website” and can be treated as an “Intermediary”.

An “Intermediary” is defined under Section 2(w) of ITA 2000/8 and if any offence is committed by a third party with messages that are handled by an “Intermediary”, then as per provisions of Section 79 of ITA 2000/8 the liability of the Administrator would be determined.

Accordingly,

“Intermediary” with respect to any particular electronic records, means any person who on behalf of another person receives, stores or transmits that record or provides any service with respect to that record and includes telecom service providers, network service providers, internet service providers, web hosting service providers, search engines, online payment sites, online-auction sites, online market places and cyber cafes.

There is no doubt that this is an “inclusive” definition and one can take the liberty of extending the definition to beyond the examples provided such as “telecom service providers”, “network service providers”, “internet service providers”, “web hosting providers”, “search engines”,”online payment sites”, “online auction sites, online market places and cyber cafes”. In the subject dispute, an attempt is being made to extend the definition of “Intermediary” to a “WhatsApp Group” and the role of the “Administrator” to that of the owner of the types of entities mentioned in the section.

To understand the nature of WhatsApp service one needs to check the FAQ on the WhatsApp website.

When the WhatsApp is first installed on the mobile, it asks for permissions to access data on the device such as the device ID, contact details etc.. Basically these are privacy issues which the user agrees and downloads the App. Once the app is downloaded, there is a “Terms of Service” which a person need to “agree” and then enter the mobile number for verification. Once accepted, it is difficult to revisit the Terms and one has to go back to the website to check the FAQs and other terms.

Apart from absolving itself from any responsibilities as to the content, WhatsApp specifically says

“YOU SPECIFICALLY ACKNOWLEDGE THAT WHATSAPP SHALL NOT BE LIABLE FOR USER SUBMISSIONS OR THE DEFAMATORY, OFFENSIVE, OR ILLEGAL CONDUCT OF ANY THIRD PARTY AND THAT THE RISK OF HARM OR DAMAGE FROM THE FOREGOING RESTS ENTIRELY WITH YOU.”

The user therefore discharges WhatsApp from all the liabilities and takes all such liabilities on himself.

When messages are sent or received, WhatsApp stores it on the device and a limited back up to facilitate delivery after a user is disconnected from Internet and reconnects.

According to WhatsApp,

“WhatsApp does not copy nor store the messages sent through its messaging system. Nevertheless, if the recipient is not connected, undelivered messages will be kept in WhatsApp servers and may be stored in those servers for up to 30 days”.

This is a transient storage that makes “WhatsApp” an intermediary as per ITA 2008 only in respect of such “Undelivered messages”. In respect of “Delivered Messages”, WhatsApp is not rendering the “Storage Service” and is providing only routing service which is akin to a telecom service provider. While this is also a service recognized as that of an intermediary, the “Due Diligence” requirements under Section 79 differs from an intermediary who provides storage services from an intermediary who provides message routing services. WhatsApp wears two hats and its responsibilities for “Due Diligence” therefore has to be seen with reference to its function.

In the subject case, Police are not making WhatsApp a party to the dispute and only making a criminal charge on the “Administrator of a Group”. It is not clear if they consider the Administrator as a representative of the WhatsApp Company or a service provider himself who provides a service called “Group” on the platform provided by WhatsApp company.

While the Administrator is a user of the WhatsApp service and is bound by the terms which he has signed with the Company for which the WhatsApp company has a cause of action, the creation of a group is an activity of the user to make it convenient for him to exchange messages with a sub group of his contacts. When a person sends a message to a group, it is a set of multiple messages which will be sent to each of the persons. It is therefore an aggregation of many messages sent with a single click. The administrator when he creates the group has the power to add remove or make another person a co-administrator (If the person is already in his contact list ). He may also invite a person to join the group. The invitee may refuse the invitation by exiting the group. The recipient of a message can delete the content of the message received on his account or forward it to another person or a group in his name apart from replying back to the group from which the message was received by him.

The recipient of a message from a group only sees the mobile number of the sender unless he has been stored as a contact. But it is clear from the message that the message has originated from “an identified mobile number” and not from the group administrator.

Every WhatsApp group message is therefore attributed directly to the given mobile number and the Group admin has no role in “initiating the transmission of a message, selecting the the receiver of the transmission (it goes to all the members of the group)  and selecting or modifying the information contained in the transmission”. (Conditions mentioned under Section 79 of ITA 2000 for the intermediary to be absolved of the liabilities).

In the event we presume that the “Group” is itself an intermediary service provided by the Administrator, the admin is entitled to protection under Section 79 if he observes “Due Diligence” and also if he takes expeditious action towards determination of whether a content is objectionable and is to be removed, after he is duly notified by a Court.

Thus in the subject case, the fact that the WhatsApp group is an intermediary itself is debatable. Even if so, the admin’s liability can only be counted from the time a Court order is served (may be we can dilute this to an order being served from the Police) and is limited to the removal of the content. In WhatsApp, the admin has no power to remove content in individual user’s devices. At best he may send another group message that he has received a notice from the Court/Police and every user is required to delete the content. Beyond this, expecting the Admin to share the responsibility for the content itself is not justified.

Police should remember that the admin should be presumed to be innocent until proven guilty. Police should also realize that some times when the admin of a group leaves the group, another person might have been assigned as an administrator without the need to do anything affirmative.

The responsibility of the admin in any investigation should be considered limited to the extent of providing the phone number of the person who has posted the objectionable content and it is the duty of the Police to trace the person using the KYC of the mobile service provider. When mobile numbers are used as valid identification for even Bank accounts, a WhatsApp administrator cannot be expected to do any KYC other than identifying the mobile number which is done by the WhatsApp itself when the app is downloaded and installed.

We need to also recognize that WhatsApp is not a service to host content and it is a “Messaging Platform”. It is only in the event of some message not getting delivered, it gets stored until the destination device re-connects to the Internet. It cannot therefore be equated to posting of content. While Section 66A could have been applied to it if the section had not been scrapped, Sec 67 can be applied only if the message is obscene.

However, Section 67 cannot be applied in all cases since it applies only for  messages that can be proved  that it  has the effect “ to tend to deprave and corrupt persons who are likely, having regard to all relevant circumstances, to read, see or hear the matter” .  This would require that only a member of the group has the right to  raise objection and a third party cannot take cognizance of the message being an offence under Section 67 since he is not a member of the group and the message is not meant for him.

Looking at from any angle therefore the action of the Police in the Latur Case to arrest the WhatsApp administrator is a gross misuse of it’s power and calls for action under the Human Rights Act.

As stated earlier, if a person sends a message which is say anti national and uses the emphasis “Please share this with your friends”, then he may be accused of trying to broadcast the message outside the group and punished as may be appropriate. I donot think that the Latur message of alerting on Child kidnapping falls into this category. In many cases Police itself issues warning such as “Donot open door for strangers”, “Beware of motor cycle boarne persons asking for address” etc. These are also having the potential of creating a scare and lead to undesirable and unintentional consequences including lynching of a suspect.

Hence Police are wrong in Latur Case to hold WhatsApp admins responsible on the basis of whatever information is now available to the public.

Hence media should stop creating its own scare that WhatsApp Administrators are in the danger of being arrested. Instead of spreading this rumour, media should try to educate the Police.

I also request Cyber Law Experts not to interpret the term “Intermediary” in too broad a term not envisaged in law or merge the definitions of “Publishing” and “Messaging” into a single category and burden a WhatsApp administrator with legal responsibilities not envisaged in law.

More importantly, I wish that Courts and Magistrates donot validate the Police action by confirming the action taken by the police in which case, like the Shreya Singhal case, this will be another case where an ignorant Police Constable would have re written law through the mouth of an equally ignorant Judge sitting in a Chair which is respected for its role and authority to deliver justice to the community.

Naavi

I refer to a report today in money.cnn.com, staing that Amazon has  sued over 1000 sellers of “fake product reviews”.

It may surprise many that “Writing Fake Reviews” is a business model taken by many and it is being advertised on sites such as Fiverr.com.

For example one of the offer costing US $ 5/- per review is as follows:

QUOTE

• I will write a 200 -300 word review of your website or chosen product.  This could be on your website or a review site.
• I will make the review sound natural, genuine, insightful and with lots of enthusiasm.
• The aim of the review is to build trust and show your product in the best possible light without sounding ‘ Fake’.
• I pride myself on paying attention to detail and will make sure your review is engaging.
• I have reviewed a range of products and services, covering many different audiences. Therefore, I can adapt to suit your needs.

NOTE: If a review is pulled from a site, for whatever reason that may be, I cannot be held responsible, nor will I be able to offer you a refund.  

UNQUOTE

The service offering indicates how the service is “Ab-Initio” a fraud on the consumers any where in the world. It is an offence that can attract penal provisions under any law.

The question also arises on the responsibility of the website such as Fiverr.com in promoting such fraudulent business. Some time back, we commented on the business model of Glassdoor.com which thrives on a facility to black mail an employer by carrying on a false campaign, though the original intention could have been only to provide a genuine employee feedback on an employer.

Naavi once had to battle with another Cyber Law practitioner in India whose hired “Reputation Management Contractors” who, in a bid to promote their client kept on writing against me in many websites. I had to go to each of such websites, write counter comments and eventually the campaign was perhaps withdrawn. I am not sure if the professional who in fact had used Naavi.org to promote himself in the beginning of his career was aware of what the “Reputation Managers” were actually doing. But obviously, he was taking responsibility for the irresponsible activities of the hired reputation managers.

These indicate the dark side of Internet and Social Media where there are members willing to spread mis-information for a price. At $5 a piece, an unscrupulous competitor can hire people to damage the reputation of a rival. With increasing emphasis on mobile commerce and e-commerce, it is necessary for all those who are interested in the positive development of Internet that these tendencies are nipped in the bid. These are like viruses and trojans who need to be tracked down and killed.

I therefore support Amazon fully in its efforts to bring these unscrupulous contract review writers to book and also support action against the website managers who fail to follow due diligence steps to prevent such misuse of their platform.

While we donot have any objection to genuine job seekers to post their resume and credentials in review writing or any other matter, the offer “To write fake reviews” is a shameful profession for any talented person. We need to stand up against such practice and make the Cyber Space more trust worthy.

Naavi