The Hindu Explains | One-person companies, Indian laws for the cyber world, and a ‘bad bank’

Explained | Why has the Centre issued a notice to Twitter, and what are the laws governing the cyber world?

K. Venkataramanan 07 February 2021 02:30 IST
Updated: 07 February 2021 11:12 IST

How does the government block websites and networks? What does the law in India cover?

The story so far: The Centre has issued notice to Twitter after the micro-blogging site restored more than 250 accounts that had been suspended earlier on the government’s ‘legal demand’. The government wants the platform to comply with its earlier order of January 31 by which it was asked to block accounts and a controversial hashtag that spoke of an impending ‘genocide’ of farmers for allegedly promoting misinformation about the protests, adversely affecting public order. Twitter reinstated the accounts and tweets on its own and later refused to go back on the decision, contending that it found no violation of its policy.

Are platforms required to comply with government requests?

Cooperation between technology services companies and law enforcement agencies is now deemed a vital part of fighting cybercrime, and various other crimes that are committed using computer resources. These cover hacking, digital impersonation and theft of data. The potential of the Internet and its offshoots such as mail and messaging services and social media networks to disseminate potentially harmful content such as hate speech, rumours, inflammatory and provocative messages and child pornography, has led to law enforcement officials constantly seeking to curb the ill-effects of using the medium. Therefore, most nations have framed laws mandating cooperation by Internet service providers or web hosting service providers and other intermediaries to cooperate with law and order authorities in certain circumstances.

In Focus Podcast | Twitter, the IT Act, and the blocking saga explained

Advertising
Advertising

What does the law in India cover?

In India, the Information Technology Act, 2000, as amended from time to time, governs all activities related to the use of computer resources. It covers all ‘intermediaries’ who play a role in the use of computer resources and electronic records. The term ‘intermediaries’ includes providers of telecom service, network service, Internet service and web hosting, besides search engines, online payment and auction sites, online marketplaces and cyber cafes. It includes any person who, on behalf of another, “receives, stores or transmits” any electronic record. Social media platforms would fall under this definition.

What are the Centre’s powers vis-à-vis intermediaries?

Section 69 of the Act confers on the Central and State governments the power to issue directions “to intercept, monitor or decrypt…any information generated, transmitted, received or stored in any computer resource”. The grounds on which these powers may be exercised are: in the interest of the sovereignty or integrity of India, defence of India, security of the state, friendly relations with foreign states, public order, or for preventing incitement to the commission of any cognisable offence relating to these, or for investigating any offence.

How does the government block websites and networks?

Section 69A, for similar reasons and grounds on which it can intercept or monitor information, enables the Centre to ask any agency of the government, or any intermediary, to block access to the public of any information generated, transmitted, received or stored or hosted on any computer resource. Any such request for blocking access must be based on reasons given in writing.

Procedures and safeguards have been incorporated in the rules framed for the purpose.

Editorial | An inevitable showdown: On government’s notice to Twitter

What are the obligations of intermediaries under Indian law?

Intermediaries are required to preserve and retain specified information in a manner and format prescribed by the Centre for a specified duration. Contravention of this provision may attract a prison term that may go up to three years, besides a fine.

When a direction is given for monitoring, interception or decryption, the intermediary, and any person in charge of a computer resource, should extend technical assistance in the form of giving access or securing access to the resource involved, and must comply with the request to intercept or monitor or decrypt the information concerned. Failure to extend such assistance may entail a prison term of up to seven years, besides a fine. Failure to comply with a direction to block access to the public on a government’s written request also attracts a prison term of up to seven years, besides a fine.

The Act also empowers the government to collect and monitor data on traffic. When an authorised agency asks for technical assistance in this regard, the intermediary must comply with the request. Non-compliance may lead to a prison term of up to three years, besides a fine.

Is the liability of the intermediary absolute?

No. Section 79 of the Act makes it clear that “an intermediary shall not be liable for any third-party information, data, or communication link made available or hosted by him”. This protects intermediaries such as Internet and data service providers and those hosting websites from being made liable for content that users may post or generate.

However, the exemption from liability does not apply if there is evidence that the intermediary abetted or induced the commission of the unlawful act involved. Also, the provision casts a responsibility on intermediaries to remove the offensive content or block access to it upon getting “actual knowledge” of an unlawful act being committed using their resources, or as soon as it is brought to their notice.

In Shreya Singhal vs U.O.I (2015), the Supreme Court read down the provision to mean that the intermediaries ought to act only “upon receiving actual knowledge that a court order has been passed, asking [them] to expeditiously remove or disable access to certain material”. This was because the court felt that intermediaries such as Google or Facebook may receive millions of requests, and it may not be possible for them to judge which of these were legitimate.

The role of the intermediaries has been spelt out in separate rules framed for the purpose in 2011. In 2018, the Centre favoured coming up with fresh updates to the existing rules on intermediaries’ responsibilities, but the draft courted controversy. This was because one of the proposed changes was that intermediaries should help identify originators of offensive content. This led to misgivings that this could aid privacy violations and online surveillance. Also, tech companies that use end-to-end encryption argued that they could not open a backdoor for identifying originators, as it would be a breach of promise to their subscribers.

Other proposed changes, which have not been acted upon, include rules that intermediaries should deploy automated tools for proactively removing or disabling public access to unlawful information, and to have a 24x7 mechanism to deal with requisitions of law enforcement.

Comments
Read more...