While the DPDPB 2022 was under formulation, Naavi.org had discussed certain desired changes in the law which are available at the following link;
https://www.naavi.org/shape_of_things_to_come/
Amongst the several things discussed, we had discussed some aspects of the new DIA during September 2022. At that time, there was a possibility that there could have been a single Act for both Personal Data and Non Personal Data Protection/Governance. In particular, we refer to the following articles.
We may now observe that the new version of the law also refers to a coverage on Monetization .
We need to see how the DPDPB2022 be integrated to the concept of Monetization. Hopefully “Anonymised Personal Data” will be available for monetization under DIA along with non personal data. Some of the suggestions of the Kris Gopalakrishna report on monetization of non personal data may also be included in this Act.
The Digital India Act as proposed which was unveiled by the MeitY during their public consultation session in Bangalore has spoken of “Online Safety and Trust” as one of the objectives of the proposed laws. At the same time it appears that there will be a detailed regulation of different types of intermediaries.
The proposal only speaks of empowering agencies like CERT-IN for cyber resilience etc. At the same time the existing ITA 2000 has the Digital Media Regulations which will continue in the new DIA. These regulations help us in managing cyber crimes involving “Fake News”
However, what we are presently witnessing in the Internet space is much beyond “Fake News”. With George Soros kind of enemies of the country ably assisted by the insider politicians, we are witnessing the “Weaponization” of the so called “News”. This is creating a trust deficit in the Internet besides the political disharmony created in the society. This was flagged by Mr Rajeev Chandrashekar in the following slide.
It is necessary to observe if the new DIA is capable of regulating this kind of weaponized dis-information without fuelling the opposition bogey of “Democracy under threat”. The Supreme Court is incapable of dealing with such issues since they will look at any such report under the only consideration of “Freedom of Press”.
It is necessary for the Government to bring in an appropriate legal base to recognize the concept of “Information War” and invoke the relevant provisions of IPC like Section 121. The “Toolkit” used by the Information Warriors should be declared as “Digital Arms” and suppliers of such toolkit should be brought under Section 122/123 of IPC.
Naturally the “Intermediaries” who donot exercise due diligence will become part of the “Enemies of the State” and a legal basis is created for necessary action.
The term “Press”, “Media” etc are presently used loosely and they enjoy the recognition as the fourth estate. However, when media houses are owned by corporate entities and owners like George Soros have declared their intentions to bring about regime change, their status has to be re-designated as “Propaganda Machines” and handled accordingly.
I am not sure if the Government has the courage to take such bold steps. But a debate in this regard is necessary.
ITA 2000 was had provided the Power of Adjudication under Section 46. Under this section any dispute arising out of a contravention of ITA 2000 in which financial compensation has to be received by a person who has suffered a wrongful harm may be adjudicated. In 2003 the rules of Adjudication was announced and subsequently, every IT Secretary of a State or Union Territory was designated as an Adjudicator for the State.
Naavi was the person who pursued the first adjudication in India in the case of S. Umashankar Vs ICICI Bank in which a complaint had been filed with the Adjudicator of Tamil Nadu for compensation regarding a Phishing fraud of which Mr Umashankar was a victim. Mr Umashankar was an NRI and the case was fought by the undersigned under a Power of Attorney.
Though the rules of Adjudication expected settlement within 4 months and a possible extension of another 2 months and the appeal to be settled at the Cyber Appellate Tribunal within the next six months, the Umashankar cases registered in 2008 saw the first award by the adjudicator in 2010 on which an appeal was filed by ICICI Bank. The appeal was disposed off only in 2019 since the Cyber Appellate Tribunal was not operative for about 6 years.
Subsequently ICICI Bank filed the next appeal at the Madras High Court which dismissed the appeal in November 2022. This was a historic judgement details of which are available at www.naavi.org.
This case was indicative of a successful handling of adjudication despite the delay.
Naavi has also handled many other cases of Adjudication and in one of the cases encountered an adjudicator at Karnataka with an undisclosed vested interest in the case which resulted in a strange decision. That decision has held up the settlement for more than 10 years.
Typically we have seen apathy in handling adjudication cases by IT Secretaries and lack of legal knowledge as in the case of the Karnataka Adjudicator.
Hence I had suggested that a separate Adjudicator should be appointed exclusively under ITA 2000 and further that it can be a two member bench with one of them being a tech expert and another a legal expert.
In DIA more reliance is being placed on the system of Adjudication and tendency indicated is increasing of the penalties requiring a more responsible handling of the cases. Further the changes sought to be made in DIA will increase the cyber crimes and need for financial compensation to be dicided.
In cases where there are conflicts of interest such as when the IT Secretary has some interest in the activities of one of the litigants (such as an IT company doing business with the state Government) the Adjudicator should recuse himself and appoint an alternative adjudicator or the adjudication should be conducted by an adjudicator of a neighbouring state. (If online methods are adopted, the issues related to travelling etc can be avoided)
Presently the Cyber Appellate Tribunal has been merged with the TDSAT and TDSAT is located in Delhi only. Originally Cyber Appellate Tribunal was supposed to be able to have benches in different cities and hold hearings near the place of the victim. Alternatively TDSAT should do hearings through virtual conferences to reduce the cost of litigation.
In the DIA, these requirements need to be addressed to make adjudication people friendly.
In introducing the need for a new Act namely Digital India Act to replace the existing ITA 2000, the Government has identified 5 distinct changes in the environment since 2000 as follows.
Out of the five identified developments, it is easy to understand the numeric growth of Internet users from 5.5 million to 850 million. This is because the cost of Internet access has become very low and also the web content has become more useful. But some of the other reasons stated is not correct.
For example, ITA 2000 never stated that there is only one kind of intermediary, namely the Internet Service Provider.
In ITA 2000, the definition of Intermediary was :
“Intermediary” with respect to any particular electronic message means any person who on behalf of another person receives, stores or transmits that message or provides any service with respect to that message;
In the 2008 version, the definition was changed to the following:
“Intermediary” with respect to any particular electronic records, means any person who on behalf of another person receives, stores or transmits that record or provides any service with respect to that record and includes telecom service providers, network service providers, internet service providers, web hosting service providers, search enginers, online payment sites, online-auction sites, online market places and cyber cafes.
Along with this definition, Section 79 spoke of the safe harbour provision, and it introduced a condition (in 2008 version) that the protection under Section 79 was available only if the intermediary does not initiate a transaction or select the receiver of the transmission and select or modify the information contained in the transmission. As a result the definition of the intermediary got altered. But since most intermediaries could not satisfy these conditions, they were practically not intermediaries.
While the definition of the Intermediary was linked to a transmission of a message and could be expanded to any service which was passive, it could not be applied for Section 79 purpose to services where there was an element of monetization which required management of the service in such a manner that the intermediary chose the receiver, the supplier and also what modifications were to be made to the message.
If therefore only the ISPs and MSPs had the pure characteristics of an Intermediary eligible for Section 79, there were many other types of intermediaries who did not come under section 79 protection because of their business model. The definition could be interpreted in such a manner that a Fintech platform could be an intermediary while the Banks/Fintech companies riding on the platform were not. A Bank could not be a beneficiary in respect of customer information since it was using customer information for its business but could be an intermediary in respect of the insurance marketing service it might have been rendering to their insurance subsidiary.
The different types of intermediaries now being identified as OTT, Gaming etc were all “Intermediaries” under the ITA 2000 and MeitY had the power to introduce due diligence obligations on them. Even services such as Domain Name Registrars, hosting companies, Cloud service providers were all “Intermediaries” under the current law and hence it is incorrect to say that there is a need to change the law because of this reason. The Government has in the past failed to assert its right to regulate the intermediaries and often catapulted under a legal challenge. It was the fear of bad media that kept the Government from introducing the required changes. Even now the Gaming Regulations are only issued for public comments and not issued as an operative direction.
As long as the Government is hesitant to make proper interpretation of the law, even if new definition of intermediaries are introduced in DIA, the law will remain unimplemented.
The DIA as proposed by the MeitY is proposed to replace the current ITA 2000. The structure of the new Act may see deletion of Chapter XII on Cyber Crimes, (moving it to IPC), strengthening of Chapter IX (with changes in the grievance redressal mechanism), introduction of a new chapter on monetization and also an elaborate chapter on Intermediaries and New Technology regulation.
Presently the indication is also available that Schedule I which provides that certain types of documents are exempted from the provisions of the Act may be completely discarded. Recently in one of the amendments on October 4th, 2022, the immovable property related documents such as sale deeds, partition deeds, lease agreements etc which in electronic form were hitherto not recognized, have now been removed from the negative list. As a result, there can be an electronic sale deed of an immovable properties. We have already highlighted that this would increase the Cyber Crimes in India substantially and open up the real estate sector for more frauds and litigation.
At present “Will” is still in the negative list and perhaps will be the next casualty even before the DIA is introduced since DPDPB 2022 has introduced a “Nomination” facility for personal data. While we have advocated that “Nomination” of personal data may be effected using a written instrument without violating ITA 2000, it is likely that industry may force the Government to bring an amendment to the Schedule 1 of ITA 2000 and removal of item 4. This will also open up new Cyber Crimes involving deceased persons and their assets by creating fake electronic Wills.
Though the control for Fake real estate transfer documents as well as Fake Wills lies in the mandatory registration of documents, increased corruption in the state registration departments will corrupt the entire system of immovable property registrations and inheritance of properties.
We had in the distant past argued that Cyber matrimony comes with its own risks. (Refer this article Should Cyber Marriages be Banned-May 1 2005). We can add the risks of false divorce petitions springing up and very soon we will see new cyber crimes where people may allege that they are married with a subject victim, sue for divorce and extort money. If the Supreme Court goes ahead and approves same sex marriage, then such fraudsters need not always be of the opposite sex and the scope for such “Fake Marriage and Divorce” petitions would also increase.
The October 4, 2022 amendment of Schedule 1 has also made changes to Items 1 and 2 of the Schedule related to Negotiable Instruments (Other than cheque) and Power of Attorney and introduced a strange exception to the exception stating that when a Bill of Exchange or Promissory Note or a Power of Attorney document is executed or by certain designated institutions (RBI, NHB,SEBI, IRDAI, PRF) they become valid as electronic documents. These institutions will have a magic wand to even bring otherwise non recognized electronic documents of such nature by adding their endorsement or by being a beneficiary.
What has been left untouched in this negative list is only the Trust deed and it will not be long before this also is removed.
Thus in the coming days we can expect that the entire Schedule 1 associated with Section 1(4) of ITA 2000 may be deleted from ITA 2000.
These changes will make it easy for Cyber Criminals to design new Cyber Crimes and challenge the law enforcement agencies.
As the responsibility for interpreting an incident as a Cyber Crime and preventing or prosecuting such crimes may get transferred to the Ministry of Home Affairs, the MeitY would be happy to get rid of the complaints that may arise out of such increased Cyber Crime occurences.
With the additional protection that the Cyber Criminals will get through the DPDPB 2022 and perhaps the re-introduction of the “Right to Forget”, Convicted Criminals, Accused as well as Hackers can demand that law shall protect their personal data and cover their criminal tracks. This will be like the Kashmiri Terrorists seeking protection of the Supreme Court under Indian Constitution though they have no respect for the Indian Constitution.
The move of removing the negative list therefore comes with increased Cyber Crime risks for the society. It is unlikely that this increased risk will be countered with the increased safety and security within DIA or the amendments to IPC since the objective of DIA would be promoting the new technology innovations and not creating a safe Cyber Society.
With increased demand for “De-Criminalization” of most crimes and the Supreme Court becoming more criminal and terrorist friendly than every before holding the human rights of criminals ahead of the security rights of honest citizens, the future could be a bed of thorns for the “Digital Nagariks”. (I called them Netizens in the year 2000 and now they have got a new name).
The law makers and the Supreme Court only recognize the Right to life with liberty in the form of Privacy. But neither of them have recognized the “Right to life” as a “Right to live peacefully” without terrorism and crimes jeopardizing the freedom of life.
The DIA as proposed focusses more on the “Adjudication” and imposing financial penalties and is unlikely to even include the offences as part of the Act as indicated by the following propositions.
People like Naavi are well aware of how the Adjudication System under ITA 2000 which was run by the IT Secretaries who were part of the larger community of MeitY was completely ineffective. Now more reliance is being placed on the same ineffective system. We shall separately discuss the improvements that can be made in the Adjudication system in a subsequent article.
But we can flag the risk that by removing the negative list, by decriminalizing ITA 2000, the DIA will make the life of Digital Nagariks more risky than what it is now .
In a continuation of the impact of deliberate mis information spread on the web and poisoning of the AI models, I would like to reproduce here an article which I had written some time back.
This article also refers to another article of 2000 where I had discussed the Dalistan.org issue.
The thoughts represented in these articles become more relevant today since AI can itself be used to generate blog posts and flood the web with articles with a bias which will further be accentuated by the search engines picking up the blog posts. The posts can be created in such a manner with SEO optimization that the search engine pick up is better than sites like naavi.org and hence the fake narrative will proliferate.
This will be like the Time Capsule that Mrs Indira Gandhi wanted to bury to influence the future civilization. What is being created on the web is like a “Time Capsule” and in due course the Indian history will be re-told by this time capsule.
The problem of Fake news which we encountered in Twitter and tried to mitigate through the Digital Media Ethics code will be nothing to the future where AI algorithm based search engines will be poisoned.
