Centre for Internet and Society

‘The IT Act is fine, but its interpretation is not’

praskrishna — 2012-12-21T10:08:43Z

Several organisations such as the Alternate Law Forum and Centre for Internet and Society are campaigning to amend the IT Act 2000. However, SV Raghavan, scientific secretary, office of PSA to the government of India, stated that the law in place is fine but the stakeholders need to be educated on implementing it better.

The article was published in DNA on December 19, 2012.

Raghavan, who was at the National Institute of Advanced Studies (NIAS) in the Indian Institute of Science (IISc) on Tuesday to give a lecture on cyber security, specifically singled out the controversial Section 66 that can hold a person viable for posting ‘offensive’ content online. The IT Act 2000 is constituted to keep such law breakers under check.

“The IT Act 2000 gives specific powers to some of the law agencies to take action. In cyberspace, nearly 90% of the users don’t come with any malicious intentions. Now there is a large concerted effort across the country, to teach policemen how to apply this law and interpret it. There is also an effort to teach the judiciary to interpret the law correctly, so that the right people are held accountable,” he said.

“No matter what you do, when the law is written in English, sometimes it comes across two dimensional and the original intent of the law may be lost, which is why there are agencies who are dedicated to teaching the judiciary on how to interpret it,” he added.

As for cyber security amongst civilians, vigilance is simply all it takes.

For more details visit https://cis-india.org/news/dna-bangalore-december-19-2012-the-it-act-is-fine-but-its-interpretation-is-not

CIS Seminar Series: Information Disorder

aman — 2021-08-11T11:17:57Z

The Centre for Internet and Society is announcing the launch of a seminar series to showcase research around digital rights and technology policy, with a focus on the Global South.

The CIS seminar series will be a venue for researchers to share works-in-progress, exchange ideas, identify avenues for collaboration, and curate research. We also seek to mitigate the impact of Covid-19 on research exchange, and foster collaborations among researchers and academics from diverse geographies. Every quarter we will be hosting a remote seminar with presentations, discussions and debate on a thematic area.

Seminar format

We are happy to welcome abstracts for one of two tracks:

Working paper presentation

A working paper presentation would ideally involve a working draft that is presented for about 15 minutes followed by feedback from workshop participants. Abstracts for this track should be 600-800 words in length with clear research questions, methodology, and questions for discussion at the seminar. Ideally, for this track, authors should be able to submit a draft paper two weeks before the conference for circulation to participants.

Coffee-shop conversations

In contrast to the formal paper presentation format, the point of the coffee-shop conversations is to enable an informal space for presentation and discussion of ideas. Simply put, it is an opportunity for researchers to “think out loud” and get feedback on future research agendas. Provocations for this should be 100-150 words containing a short description of the idea you want to discuss.

We will try to accommodate as many abstracts as possible given time constraints. We welcome submissions from students and early career researchers, especially those from under-represented communities.

All discussions will be private and conducted under the Chatham House Rule. Drafts will only be circulated among registered participants.

Please send all abstracts to workshops@cis-india.org.

Theme for the first seminar (to be held on an online platform)

The first seminar will be centered around the theme of ‘Information Disorder: Mis-, Dis- and Malinformation.’ While the issue of information disorder, colloquially termed as ‘fake news’, has been in the political forefront for the last five years, the flawed attempts at countering the ‘infodemic’ brought about by the pandemic proves that there still continues to be substantial gaps in the body-of-knowledge on this issue. This includes research that proposes empirical, replicable methods of understanding the types, forms or nature of information disorder or research that attempts to understand regulatory approaches, the layers of production and the roles played by different agents in the spread of ‘fake news’.

Accordingly, we invite submissions that address these gaps in knowledge, including those that examine the relationship between digital technology and information disorder across a spectrum of fields and disciplines. Areas of interest include but are not limited to:

Information disorders during COVID-19
Effects of coordinated campaigns on marginalised communities
Journalism, the State, and the trust in media
Platform responsibility in information disorder
Information disorder in international law/constitutional/human rights law
Information disorder as a geopolitical tool
Sociopolitical and cultural factors in user engagement

Timeline

Abstract Submission Deadline: August 25th
Results of Abstract review: September 8th
Full submissions (of draft papers): September 30th
Seminar date: Tentatively October 7th

Contact details

For any queries please contact us at workshops@cis-india.org.

For more details visit https://cis-india.org/internet-governance/blog/cis-seminar-series-information-disorder

One. Zero.

nishant — 2015-04-24T11:50:32Z

The digital world is the world of twos. All our complex interactions, emotional negotiations, business transactions, social communication and political subscriptions online can be reduced to a string of 1s and 0s, as machines create the networks for the human beings to speak. So sophisticated is this network of digital infrastructure that we forget how our languages of connection are constantly being transcribed in binary code, allowing for the information to be transmitted across the web.

Nishant Shah's article was published in the Indian Express on September 16, 2012

Indeed, we have already reached a point where we don’t even need to be familiar with code to perform intimate functions with the machines that we live with, as they respond to us in human languages. While this human-machine duality has been resolved with the presence of intuitive and interactive interfaces that allow us to seamlessly connect to the person(s) at the other end of a digital connection, there is another binary that still remains at the centre of much discussion around all things digital.

This is the duality of the Real and the Virtual. In geekspeak, this particular separation has been coded as a divide between RL (Real Life) and VR (Virtual Reality). This separation between the two is so naturalised that it has become a part of our everyday imagination where things that happen online are ‘out there’ and ‘an escape’ whereas things that are offline, are ‘real’ and ‘believable’. However, as digital technologies become pervasive and ubiquitous, these lines between RL and VR have blurred. Especially with new technologies of augmented reality and simulated layers like Google Goggles or even location-based services on your smartphone that help you navigate through the offline world, it is becoming difficult to clearly say what is online and what is offline.

There are two questions that help demonstrate this blurring of boundaries very clearly. The first is an existential one, something that doesn’t crop up often in conversations, but suddenly haunts you on at 2 pm on an idle Thursday: Who are you, when you are online? A famous cartoon on the web had two dogs sitting on a connected computer, their paws on the mouse, and telling each other, ‘On the internet, nobody knows you are a dog’. But in the hyper-connected world that we live in, everybody knows exactly who we are, even as we ourselves are confused about where our bodies end and where our digital extensions and avatars begin. Things that we do in RL affect and shape the ways in which our avatars evolve on social networking sites. The interactions that our avatars have with other digital objects map back on our understanding of who we are and how we dress our bodies. Even when we are not connected, our avatars interact, constantly, not only with other avatars in the system, but also machines and artificial intelligence scripts, and robots and networks, masquerading as ourselves even outside our knowledge. We might be tagged, liked, shared, transmitted and morphed; we might be photoshopped, reduced to a tweet, condensed to a status message, embodied in an avatar on our favourite role playing game, or hovering as a signature to emails. These are all parts of us, but they are not just extensions of us. These are things that not only stand in for us but also shape the ways in which we understand ourselves and how we connect to the world.

The second question crops up regularly in digitally mediated conversations. When your parents call you on the cell phone, or your friend messages you on the Blackberry, or your colleague pings you on Skype or your IRC buddies see you on a chat channel. As our modes of access have become mobile and devices of access have become portable, we can never really clearly answer the question, ‘Where are you right now?’. It is a question worth dwelling on. Where are you when you are walking down a street, using GPRS data on your cellphone, and a friend uses a Voice Over IP service like Whatsapp to ask you, ‘Where are you right now?’. Are you on the street? On your phone? On an application? Located somewhere on a server? Bits of data on a high-speed optic fibre, zooming across the ionosphere? Depending upon who is asking the question, you would be able to and in fact have to give a different answer about where you are when you are online.

This blurred duality might be seen as confusing, taking away the assurance of our body and our geography from everyday practices. In fact, one of the reasons why the digital revolution has been so well received is because these technologies facilitate an almost seamless transfer of ideas, emotions and connections across the different realms of RL and VR, offering us new ways of thinking about being human, being social, and being connected. The strength of the digital is in this coupling together, of the hitherto irreconcilable realms of our life in messy and enchanting ways, giving us new opportunities to think about who we are and where we are in our quotidian lives.

For more details visit https://cis-india.org/digital-natives/www-indianexpress-com-one-zero

Comments to the draft amendments to the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021

Anamika Kundu, Digvijay Chaudhary, Divyansha Sehgal, Isha Suri and Torsha Sarkar — 2022-07-07T02:39:28Z

The Centre for Internet & Society (CIS) presented its comments on the draft amendments to the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (‘the rules’), which were released on 6 June, 2022 for public comments.

These comments examine whether the proposed amendments are in adherence to established principles of constitutional law, intermediary liability and other relevant legal doctrines. We thank the Ministry of Electronics and Information Technology (MEITY) for allowing us this opportunity. Our comments are divided into two parts. In the first part, we reiterate some of our comments to the existing version of the rules, which we believe holds relevance for the proposed amendments as well. And in the second part, we provide issue-wise comments that we believe need to be addressed prior to finalising the amendments to the rules.

To access the full text of the Comments to the draft amendments to the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, click here

For more details visit https://cis-india.org/internet-governance/blog/comments-to-draft-amendments-to-the-it-rules-2021

ISO/IEC JTC 1 SC 27 Working Group Meetings - A Summary

vanya — 2016-12-16T23:53:19Z

The Centre for Internet & Society attended the ISO/IEC JTC 1 SC 27 Working Group Meetings from 22 to 27 October 2016 in Abu Dhabi at Abu Dhabi National Exhibition Centre.

Being a member of Working Group 5: Information technology - Security techniques – Identity management and privacy technologies, we attended the following meetings:

WD 29184 Guidelines for online privacy notices and consent- As technological advancement and wider availability of communication infrastructures has enabled collection and analysis of information regarding an individuals' activities, along with people becoming aware about privacy implications of the same, this standard aims to provides a framework for organizations to provide clear and easily under information to consumers about how the organization will process their PII.
SP PII Protection Considerations for Smartphone App providers - Being a 1-year long project proposed during the ISO/IEC SC 27 JTC 1 Working Group Meetings in Jaipur in the year 2015. This group aims to build off a privacy framework for mobile applications to guide app developers on the lines of ISO/IEC 29100 international standard (which defines a broad privacy framework for information technologies) in light of excessive data collection by apps in absence of consent or justification, lack of comprehensive policies, Non transparent practices, Lack of adequate choice and consent, to ensure protection of rights of the individuals, etc. and will work towards ensuring a harmonized and standardized privacy structure for mobile application data policies and practices.
WD 20889 Privacy enhancing data de-identification techniques- Given the importance of Data de-identification techniques when it comes to PII to enable the exploitation of the benefits of data processing while maintaining compliance with regulatory requirements and the relevant ISO/IEC 29100 privacy principles, the selection, design, use and assessment of these techniques needs to be performed appropriately in order to effectively address the risks of re-identification in a given context.
SP Privacy in Smart Cities- Being a 1-year long project proposed during the ISO/IEC SC 27 JTC 1 Working Group Meetings in Jaipur this group saw contributions from Japan, India, PRIPARE in EU, to name a few. The scope for the group was proposed to produce a framework in light of data ownership, communication channels, privacy risk and impact assessment in smart cities, data lifecycle privacy governance for smart cities, and Develop use cases and contexts for Privacy Controls w.r.t the data lifecycle in Smart Cities, along with detailed documentation of Privacy Controls for Smart Cities aligned to the primary controls and associated sub controls.

For more details visit https://cis-india.org/internet-governance/blog/iso-iec-jtc-1-sc-27-working-group-meetings-a-summary

Kapil Sibal & Co shoot down motion to kill IT Rules: cite terrorism, drugs

praskrishna — 2012-05-24T09:45:43Z

The Information Technology (Intermediaries Guidelines) Rules 2011 (The Rules) continue to breathe after the statutory motion to annul them moved by member of parliament (MP) from Kerala P Rajeeve was defeated by voice vote in the Rajya Sabha yesterday.

This blog post by Prachi Shrivastava was published in Legally India on May 18, 2012

Telecom Minister Kapil Sibal was heard on Rajya Sabha TV saying: “We are more liberal than US and Europe but let’s not cut our arms.”

Sibal countered Rajeeve’s annulment motion arguing that the government needs to be armed to meet the “new challenges” posed by “new media”, according to Mint.

"Kapil Sibal reminds me of badly briefed counsels fumbling in the High Court" tweeted Pranesh Prakash of the Centre for Internet and Society (CIS) as Sibal was mid-delivery in contending that online media not registered in India escaped the ambit of Indian legislation and thus created the peril of terrorism and increased drug peddling.

Another person tweeted: "The gist of Sibal’s argument was that we need to censor the internet because people are doing drugs."

Sibal’s answer to MP Ram Yadav’s attack on The Rules for being inconsistent with their parent act – the Information Technology Act 2000 (IT Act) – was that Rule 3(2) which prescribes “due diligence” to be observed by an internet intermediary, originates from Section 66A of the IT Act, thus making the rules consistent with the parent act.

Section 3(2) obligates the intermediary to take down content posted on a website, on the basis of several undefined criteria.

"Minister you have created perverse incentives for censoring speech through law. That is regulation, not merely a definition of due diligence” proclaimed Supreme Court advocate Apar Gupta in a tweet posted during Sibal’s defense of the rules.

Prakash tweeted: "The IT Rules don’t just prescribe ‘due diligence’ but create a takedown mechanism. That’s not the same thing Mr. Sibal."

Sibal went on to establish that the government’s motive was not censorious by stating: “It is your choice, you are free to work with the user who complains to an intermediary. Where does the government come in?”

To which quipped Prakash: “Government is not censoring. It has created a system by which anyone can censor with impunity.”

Jaitley in-perspective

Leader of the opposition senior advocate Arun Jaitley objected to The Rules holding that terms such as “disparaging”, ”libellous”, “defamatory” not defined in the Act or the Rules but enabling take-down of content, could be misused, according to Times of India.

IBN Live reported him as urging Sibal to "reconsider the language of restraints".

Sibal addressed the house inviting objections from MPs on specific “words” contained in The Rules which provide for control of speech over the internet, according to PTI.

He further proposed to call a meeting of “stakeholders” to discuss the MPs’ objections, and assured that the consensus that emerges from the meeting will be implemented.

Draconian Censorious Rules

Legally India reported last month how Rajeeve was trying to spread awareness among MPs about the draconian effect of the Rules which censor free speech and expression, by over-scrutinising users of the internet, over-authorising intermediaries to monitor content posted over the internet, and letting the government, individuals and institutions by-pass the due process of law.

The Rules in their present form require intermediaries - providers of internet, telecom, e-mail or blogging services, including cyber cafes - to publish terms of use prohibiting users from publishing content of the nature specified in the Rules.

Once the intermediaries have knowledge of posted content that is in violation of such terms of use, they are liable for compensation if they fail to initiate action for removal of the posted content.

Some of the categories of prohibited content specified in the Rules are undefined, are not an offence under existing law, and are claimed to be in violation of article 19(1) of the Constitution guaranteeing the freedom of speech and expression.

CIS uncovered an additional problem the rules pose - that of “over-complying” intermediaries who in order to minimize the risk of liability may block more content than required, adversely impacting the fundamental right guaranteed under article 19(1).

"By and large, the impression is that India is going in the direction of censorship," Mint reported cyber law expert and supreme court lawyer Pavan Duggal as saying, yesterday.

For more details visit https://cis-india.org/news/sibal-shoot-down-motion-to-kill-it-rules

M-governance gains momentum

praskrishna — 2011-11-21T03:46:37Z

Governments worldwide have successfully deployed mobile-based technologies for providing a wide variety of public services, and the Indian States are following suit.

A few years ago, Kerala launched ‘Dr. SMS,' an m-health information system, for providing information on medical facilities available in the locality of the resident. Goa followed, with a mobile governance initiative for issuing alerts for receipt of government applications and complaints and status tracking. Next came Maharashtra. It adopted a similar traffic management system through mobile alerts.

"It is obvious, from the way in which mobile markets have grown in India, that not only are mobile phone-based applications are popular, but they are also more inclusive in their reach because it is a medium that people are familiar with," says Nishant Shah, director-research, Centre for Internet and Society in Bangalore.

A laudable initiative launched by the Greater Hyderabad Municipal Corporation in September tries to use technology in an area that requires continuous monitoring. A mobile phone-based Intelligent Garbage Monitoring System enables sanitary supervisors to report the status of cleaning of garbage bins through their GPS-enabled mobile phones. Centralised reports as well as those of individual bins can be generated with the system. The map with a GIS interface spans all areas of the city. Managing the number of trips, gathering daily summary of the clearance and, most importantly, reports of the bins that are full but have not been cleared can also be obtained.

When trash is collected, each bin is photographed with a camera phone. The image is loaded on the website, where it is monitored by an administrator in the municipality office. Earlier, the clearing of bins was monitored through information from sanitary supervisors.

"The manual process consumes a lot of time. The use of information technology to monitor municipal services can also increase worker productivity," says S. Raghavendra, administration officer, Ministry of Communications and Information Technology.

Experts say that though mobile applications for public services delivery use light technologies, they require collaboration among all stakeholders.

This article by Vasudha Venugopal was published in the Hindu on November 20, 2011. The original can be read here

For more details visit https://cis-india.org/news/m-governance

Twitter's India troubles show tough path ahead for digital platforms

Aditya Sharma — 2021-06-26T02:54:19Z

Twitter is in a standoff with Indian authorities over the government's new digital rules. Critics see the rules as an attempt to curb free speech, while others say more action is needed to hold tech giants accountable.

The blog by Aditya Sharma was published by DW on 21 June 2021. Torsha Sarkar was quoted.

Twitter holds a relatively low share of India's social media market. But, since 2017, the huge nation has emerged as Twitter's fastest-growing market, becoming critical to its global expansion plans.

In February, the Indian government introduced new guidelines to regulate digital content on rapidly growing social media platforms.

The so-called Intermediary Guidelines are aimed at regulating content on internet platforms such as Twitter and Facebook, making them more accountable to legal requests for the removal of posts and sharing information about the originators of messages.

Employees at these companies can be held criminally liable for not complying with the government's requests.

Large social media firms must also set up mechanisms to address grievances and appoint executives to liaise with law enforcement under the new rules, as well as appoint an India-based compliance officer who would be held criminally liable for the content on their platforms.

The Indian government says the rules empower "users who become victims of defamation, morphed images, sexual abuse," among other online crimes. It also said that the rules seek to tackle the problem of disinformation.

But critics fear that the rules could be used to target government opponents and make sure dissidents don't use the platforms.

Social media companies were expected to comply with the new rules by May 25.

Some Indian media reports have recently said that Twitter lost its status as an "intermediary" and the legal protection that came with it, due to its failure to comply with the new rules.

Failure to comply and serious implications

Apar Gupta, the executive director of the Internet Freedom Foundation, a New Delhi-based digital rights advocacy group, says failure to comply with the rules could threaten Twitter's India operations.

"Not complying with the rules would pose a real risk to Twitter's operational environment," he told DW.

"It will need to go to court to defend itself each time criminal prosecutions are launched against it," he added.

The first case against Twitter was filed last week, where it was charged with failing to stop the spread of a video on its platform that allegedly incited "hate and enmity" between two religious groups.

'Heavy censorship'

Gupta says adhering to all the government's demands would substantially change Twitter.

"Absolute compliance would mean heavy censorship of individual tweets, removal of the manipulated media tags, and blocking/suspension of accounts at the government's behest," he said.

Torsha Sarkar, policy officer at the Bengaluru-based Centre for Internet and Society, fears that Twitter might at times be compelled to overcomply with government demands, threatening user rights.

"This can be either by over-complying with flawed information requests, thereby selling out its users, or taking down content that offends the majoritarian sensibilities," she told DW.

Last week, three special rapporteurs appointed by a top UN human rights body expressed "serious concerns" that certain parts of the guidelines "may result in the limiting or infringement of a wide range of human rights."

They urged New Delhi to review the rules, adding that they did not conform to India's international human rights obligations and could threaten the digital rights of Indians.

Twitter's balancing act

It is not the first time that Twitter has been accused of giving in to government pressure to censor content on its platform.

At the height of the long-running farmer protests, Twitter blocked hundreds of tweets and accounts, including the handle of a prominent news magazine. It subsequently unblocked them following public outrage.

The US company stopped short of complying with demands to block the accounts of activists, politicians and journalists, arguing that such a move would "violate their fundamental right to free expression under Indian law."

According to local media reports, Twitter's Indian executives were reportedly threatened with fines and imprisonment if the accounts were not taken down.

Special police notify Twitter offices

Last month, the labeling of a tweet by a politician from the ruling BJP as "manipulated media" prompted a special unit of the Delhi police to visit Twitter's offices in the capital and neighboring Gurgaon. Police notified the offices about an investigation into the labeling of the post.

Twitter India's managing director, Manish Maheswari, was said to have been asked to appear before the police for questioning, according to media reports.

Some Twitter employees have refused to talk about the ongoing tensions for fear of government reprisals.

"Such kind of intimidation does not happen every day. (But) Everyone at Twitter India is terrified," people familiar with the matter told DW on the condition of anonymity.

Big Tech VS sovereign power?

Those calling for better regulation of tech giants say transnational social media companies like Twitter lack accountability, blaming them for the alleged inaction against online abuse and disinformation campaigns.

"The problem with these rules is that they centralize greater power toward the government without providing for the objective benefit of rights toward users," Gupta said.

"If Twitter were to comply with these rules, it would make a bad situation worse," he said.

Twitter is unlikely to ditch a major market such as India.

Sarkar from the Centre for Internet and Society said "It might be difficult to say how the powers of big tech are going to collide with sovereign nations, especially in light of flawed legal interventions around the world."

For more details visit https://cis-india.org/internet-governance/news/dw-june-21-2021-aditya-sharma-twitter-india-troubles-show-tough-path-ahead-for-digital-platforms

Submission to the Facebook Oversight Board in Case 2021-008-FB-FBR: Brazil, Health Misinformation and Lockdowns

Tanvi Apte and Torsha Sarkar — 2021-07-01T07:34:09Z

In this note, we answer questions set out by the Board, pursuant to case 2021-008-FB-FBR, which concerned a post made by a Brazilian sub-national health official, and raised questions on health misinformation and enforcement of Facebook's community standards.

Background

The Oversight Board is an expert body created to exercise oversight over Facebook’s content moderation decisions and enforcement of community guidelines. It is entirely independent from Facebook in its funding and administration and provides decisions on questions of policy as well as individual cases. It can also make recommendations on Facebook’s content policies. Its decisions are binding on Facebook, unless implementing them could violate the law. Accordingly, Facebook implements these decisions across identical content with parallel context, when it is technically and operationally possible to do so.

In June 2021, the Board made an announcement soliciting public comments on case 2021-008-FB-FBR, concerning a Brazilian state level medical council’s post questioning the effectiveness of lockdowns during the COVID-19 pandemic. Specifically, the post noted that lockdowns (i) are ineffective; (ii) lead to an increase in mental disorders, alcohol abuse, drug abuse, economic damage etc.; (iii) are against fundamental rights under the Brazilian Constitution; and (iv) are condemned by the World Health Organisation (“WHO”). These assertions were backed up by two statements (i) an alleged quote by Dr. Nabarro (WHO) stating that “the lockdown does not save lives and makes poor people much poorer”; and (ii) an example of how the Brazilian state of Amazonas had an increase in deaths and hospital admissions after lockdown. Ultimately, the post concluded that effective COVID-19 preventive measures include education campaigns about hygiene measures, use of masks, social distancing, vaccination and extensive monitoring by the government — but never the decision to adopt lockdowns. The post was viewed around 32,000 times and shared over 270 times. It was not reported by anyone.

Facebook did not take any action against the post, since it had opined that the post is not violative of its community standards. Moreover, WHO has also not advised Facebook to remove claims against lockdowns. In such a scenario, Facebook referred the case to the Oversight Board citing its public importance.

In its announcement, the Board sought answers on the following points:

Whether Facebook’s decision to take no action against the content was consistent with its Community Standards and other policies, including the Misinformation and Harm policy (which sits within the rules on Violence and Incitement).
Whether Facebook’s decision to take no action is consistent with the company’s stated values and human rights commitments.
Whether, in this case, Facebook should have considered alternative enforcement measures to removing the content (e.g., the False News Community Standard places an emphasis on “reduce” and “inform,” including: labelling, downranking, providing additional context etc.), and what principles should inform the application of these measures.
How Facebook should treat content posted by the official accounts of national or sub-national level public health authorities, including where it may diverge from official guidance from international health organizations.
Insights on the post’s claims and their potential impact in the context of Brazil, including on national efforts to prevent the spread of COVID-19.
Whether Facebook should create a new Community Standard on health misinformation, as recommended by the Oversight Board in case decision 2020-006-FB-FBR.

Submission to the Board

Facebook’s decision to take no action against the post is consistent with its (i) Violence and Incitement community standard read with the COVID-19 Policy Updates and Protections; and (ii) False News community standard. Facebook’s website as well as all of the Board’s past decisions refer to the International Covenant on Civil and Political Rights’ (ICCPR) jurisprudence based three-pronged test of legality, legitimate aim, and necessity and proportionality in determining violations of Facebook’s community standards. Facebook must apply the same principles to guide the use of its enforcement actions too, keeping in mind the context, intent, tone and impact of the speech.

First, none of Facebook’s aforementioned rules contain explicit prohibitions on content questioning lockdown effectiveness. There is nothing to indicate that “misinformation”, which is undefined, includes within its scope information about the effectiveness of lockdowns. The World Health Organisation has also not advised against such posts. Applying the principle of legality, any person cannot reasonably foresee that such content is prohibited. Accordingly, Facebook’s community standards have not been violated,

Second, the post does not meet the threshold of causing “imminent” harm stipulated in the community standards. Case decision 2020-006-FB-FBR, notes that an assessment of “imminence” is made with reference to factors like context, speaker credibility, language etc. Presently, the post’s language and tone, including its quoting of experts and case studies, indicate that its intent is to encourage informed, scientific debate on lockdown effectiveness.

Third, Facebook’s false news community standard does contain any explicit prohibitions. Hence there is no question of its violation. Any decision to the contrary may go against the standard’s stated policy logic of not stifling public discourse, and create a chilling effect on posts questioning the lockdown efficacy. This will set a problematic precedent that Facebook will be mandated to implement.

Presently, Facebook cannot remove the post since no community standards have been violated. Facebook must not reduce the post’s circulation since this may stifle public discussion around lockdown effectiveness. Further, its removal would have resulted in violation of the user’s right to freedom of opinion and expression, as guaranteed by the Universal Declaration of Human Rights (UDHR) and the ICCPR, which are in turn part of Facebook’s Corporate Human Rights Policy.

Instead, Facebook can provide additional context along with the post through its “related articles” feature, by showing fact checked articles talking about the benefits of lockdown. This approach is the most beneficial since (i) it is less restrictive than reducing circulation of the post; (ii) it balances interests better than not taking any actions by allowing people to be informed about both sides of the debate on lockdowns so that they can make an informed assessment.

Further, Facebook’s treatment of content posted by official accounts of national or sub-national health authorities should be circumscribed by its updated Newsworthy Content Policy, and the Board’s decision in the 2021-001-FB-FBR, which had adopted the Rabat Plan of Action to determine whether a restriction on freedom of expression is required to prevent incitement. The Rabat Plan of Action proposes a six-prong test, that considers: a) the social and political context, b) status of the speaker, c) intent to incite the audience against a target group, d) content and form of the speech, e) extent of its dissemination and f) likelihood of harm, including imminence. Apart from taking these factors into consideration, Facebook must perform a balancing test to determine whether the public interest of the information in the post outweighs the risks of harm.

In the Board’s decision in 2020-006-FB-FBR, it was recommended to Facebook to: a) set out a clear and accessible Community Standard on health misinformation, b) consolidate and clarify existing rules in one place (including defining key terms such as misinformation) and c) provision of "detailed hypotheticals that illustrate the nuances of interpretation and application of [these] rules" to provide further clarity for users. Following this, Facebook has notified its implementation measures, where it has fully implemented these recommendations, thereby bringing it into compliance.

Finally, Brazil is one of the worst affected countries in the pandemic. It has also been struggling to combat the spread of fake news during the pandemic. President Bolsanaro has been criticised for curbing free speech by using a dictatorship-era national security law., and questioned on his handling of the pandemic, including his own controversial statements questioning lockdown effectiveness. In such a scenario, the post may be perceived in a political colour rather than as an attempt at scientific discussion. However, it is unlikely that the post will lead to any-knee jerk reactions, since people are already familiar with the lockdown debate on which much has already been said and done. A post like this which merely reiterates one side of an ongoing debate is not likely to cause people to take any action to violate lockdown.

For detailed explanation on these questions, please see here.

For more details visit https://cis-india.org/internet-governance/blog/submission-to-the-facebook-oversight-board-in-case-2021-008-fb-fbr-brazil-health-misinformation-and-lockdowns

Interview with Pranesh Prakash

praskrishna — 2012-11-30T06:58:39Z

Pranesh Prakash of the Centre for Internet and Society talks to Mint’s Surabhi Agarwal about the controversial Section 66A of the IT Act and the government’s decision to tweak it.

This video was published in LiveMint on November 30, 2012:

For more details visit https://cis-india.org/news/livemint-november-30-2012-video-interview-with-pranesh-prakash

Govt tweaks enforcement of IT Act after spate of arrests

praskrishna — 2012-11-30T08:27:01Z

The government on Thursday tweaked the law to make it tougher for citizens to be arrested for online comments that are deemed offensive after recent arrests came in for heavy criticism by Internet activists, the media and other groups.

Surabhi Agarwal's article was published in LiveMint on November 29, 2012. Pranesh Prakash is quoted.

This took place just before the Supreme Court was to hear a public interest litigation seeking an amendment to the Information Technology (IT) Act.

Complaints under the controversial Section 66A of the IT Act, which criminalizes “causing annoyance or inconvenience” online or electronically, can be registered only with the permission of an officer of or above the rank of deputy commissioner of police, and inspector general in metro cities, said a senior government official.

The government, however, has not amended the terms in the section that are said to be vague and subject to interpretation.

The public interest litigation against Section 66A filed by student Shreya Singhal came up in chief justice Altamas Kabir’s court on Thursday. The matter will be heard on Friday.

Two girls near Mumbai were arrested last week for criticizing on Facebook the shutdown in the city for Shiv Sena chief Bal Thackeray’s funeral. Earlier in November, a businessman in Puducherry was arrested for comments made on Twitter against finance minister P. Chidambaram’s son Karti Chidambaram.

According to people present at the meeting of the cyber regulatory advisory committee on Thursday, the Union government will issue guidelines to states with respect to the compliance of the new enforcement rules soon. The people didn’t want to be named. An official said the move was not related to the case.

Pranesh Prakash, policy director at the Centre for Internet and Society think tank, said that while the change in the law is a step in the right direction and will eliminate a lot of frivolous complaints, more needs to be done to make the legislation specific.

Chief justice Kabir said the apex court was considering taking suo motu cognisance of recent incidents.

Singhal contended in her plea that “the phraseology of section 66A of the IT Act, 2000, is so wide and vague and incapable of being judged on objective standards, that it is susceptible to wanton abuse and, hence, falls foul of Article 14, 19 (1)(a) and Article 21 of the Constitution.”

She submitted that “unless there is judicial sanction as a prerequisite to the setting into motion the criminal law with respect to freedom of speech and expression, the law as it stands is highly susceptible to abuse and for muzzling free speech in the country.”

The PIL was argued by Mukul Rohatgi, who said in his opening remarks that Section 66A was vague. Terms such as “offensive” and “annoyance” should be clearly defined as the section is part of criminal law, he said.

Senior advocate Harish Salve, who was also present during the hearing, said India guaranteed the right to “annoy” and there was no need to have a separate law.

Salve, who is in the process of filing an intervention on behalf of some technology companies, added that the section needed to be narrowed to specifically cater to private messages sent electronically and not social media communications.

He said the existing law of defamation should suffice and could be extended to include electronic communications. According to a lawyer who is part of the team representing Singhal, the petition also demanded that the law be made non-cognisable so that the police can’t make an arrest without an order from a magistrate.

“There has been a lot of misuse and abuse of the law recently and we want it to be struck down absolutely and also the court to issue guidelines,” he said.

Apart from the incident at Palghar in Thane district involving the two girls, Singhal’s PIL referred to an April incident in which a professor of chemistry from Jadavpur University in West Bengal, Ambikesh Mahapatra, was arrested for posting a cartoon concerning chief minister Mamata Banerjee on a social networking site.

She also referred to the Puducherry case as well as the May arrests of two Air India Ltd employees, V. Jaganatharao and Mayank Sharma, by the Mumbai Police under the IT Act for posting content on Facebook and Orkut against a trade union leader and some politicians.

Singhal has sought guidelines from the apex court to “reconcile Section 41 and 156 (1) of the Criminal Procedure Code (CPC) with Article 19 (1)(a) of the Constitution” and that offences under the Indian Penal Code and any other legislation, if they involve the freedom of speech and expression, be treated as a non-cognizable offences for the purposes of Sections 41 and 156 (1).

Section 41 of CPC empowers the police to arrest any person without an order from a magistrate and without a warrant in the event that the offence involved is a cognizable offence. Section 156 (1) empowers the investigation by the police into a cognizable offence without an order from a magistrate.

The government official present at the cyber regulatory advisory committee said the expressions used in Section 66A had been taken from different statutes around the world, including the UK and the US.

“There has been a broad consensus that the parameters of the law concerned might be in order but from a procedural standpoint there might be difficulty,” the official said.

Prakash said that while some of the terms in the section may be taken from legislation overseas, the penalty imposed under the Indian law is far more stringent at three years of imprisonment than, for instance, six months under the UK law. “Criminal offences can’t be put at the same level as something which causes insult.”

The cyber regulatory advisory committee meeting was attended by minister for communications and information technolgy Kapil Sibal, and secretaries of the department of telecommunications and information technology, besides representatives of technology companies such as Google and Facebook, industry associations and civil society.

The official also said that the situation will be reviewed every three to four months based on “ground realities”.

A government official said on condition of anonymity that the decision to revive the cyber regulatory advisory committee had been taken at a meeting in August. Section 66A was put on the agenda since it was the subject of much debate, he said. The meeting, however, was not a pre-emptive measure ahead of the PIL that was taken up in the Supreme Court. The official also said that the government will spell out its position in court in favour of the legislation.

For more details visit https://cis-india.org/news/livemint-politics-november-29-2012-surabhi-agarwal-govt-tweaks-enforcement-of-it-act-after-spate-of-arrests

List of Chairman and Members of CRAC

snehashish — 2012-12-02T06:22:25Z

Notification on the constitution of the "Cyber Regulation Advisory Committee"

LIST OF CHAIRMAN AND MEMBERS OF CYBER REGULATION ADVISORY COMMITTEE

NOTIFICATION[1]

17th October, 2000

In exercise of the powers conferred by section 88 of the Information Technology Act, 2000 (21 of 2000) the Central Government hereby constitute the “Cyber Regulation Advisory Committee”, consisting of the following, namely: –

1. [2][Minister, Communication and Information Technology] - Chairman

2. Secretary, Legislative Department - Member

3. Secretary, [3][Ministry of Communication and Information Technology, Department of Information Technology] - Member

4. Secretary, Department of Telecommunications - Member

5. Finance Secretary - Member

6. Secretary, Ministry of Defence - Member

7. Secretary, Ministry of Home Affairs - Member

8. Secretary, Ministry of Commerce - Member

9. Deputy Governor, Reserve Bank of India - Member

10. Shri T.K. Vishwanathan, Presently Member Secretary, Law Commission - Member [sic]

11. President, NASSCOM - Member

12. President, Internet Service Provider Association - Member

13. Director, Central Bureau of Investigation - Member

14. Controller of Certifying Authority - Member

15. Information Technology Secretary by rotation from the States - Member

16. Director General of Police by rotation from the States - Member

17. Director, IIT by rotation from the IITs - Member

18. Representative of CII - Member

19. Representative of FICCI - Member

20. Representative of ASSOCHAM - Member

21. [4][Scientist “6”, Department of Information Technology] - Member Secretary

2. Travelling Allowance/Dear Allowance, as per the Central Government rules, for non-official members shall be borne by the Ministry of Communication and Information Technology, Department of Information Technology.

3. The Committee may co-opt any person as member based on specific meetings

_______________________

[1] Vide G.S.R. 790(E), dated 17th October, 2000

[2] Subs. by G.S.R. 839(E), dated 23rd December, 2004 for “Minister, Information Technology”.

[3] Subs. by G.S.R. 839(E), dated 23rd December, 2004 for “Minister, Information Technology”.

[4] Subs. by G.S.R. 839(E), dated 23rd December, 2004 for “Senior Director, Ministry of Information Technology”

For more details visit https://cis-india.org/internet-governance/resources/chairman-and-members-of-crac

Comments on Information Technology (Security of Prepaid Payment Instruments) Rules, 2017

amber — 2017-03-23T01:54:28Z

The Centre for Internet and Society submitted comments on the Information Technology (Security of Prepaid Payment Instruments) Rules, 2017. The comments were prepared by Udbhav Tiwari, Pranesh Prakash, Abhay Rana, Amber Sinha and Sunil Abraham.

1. Preliminary

1.1. This submission presents comments by the Centre for Internet and Society^[1] in response to the Information Technology (Security of Prepaid Payment Instruments) Rules 2017 (“the Rules”).^[2] The Ministry of Electronics and Information Technology (MEIT) issued a consultation paper (pdf) which calls for developing a framework for security of digital wallets operating in the country on March 08, 2017. This proposed rules have been drafted under provisions of Information Technology Act, 2000, and comments have been invited from the general public and stakeholders before the enactment of these rules.

2. The Centre for Internet and Society

2.1. The Centre for Internet and Society, (“CIS”), is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with diverse abilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, and open access), internet governance, telecommunication reform, digital privacy, and cyber-security.

2.2. This submission is consistent with CIS’ commitment to safeguarding general public interest, and the interests and rights of various stakeholders involved, especially the privacy and data security of citizens. CIS is thankful to the MEIT for this opportunity to provide feedback to the draft rules.

3. Comments

3.1 General Comments

Penalty

There is no penalty for not complying with these rules. Even the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 doesn’t have penalties. Under section 43A of the Information Technology Act (under which the 2011 Rules have been promulgated), a wrongful gain or a wrongful loss needs to be demonstrated. This should not be a requirement for financial sector.

Expansion to Contractual Parties.

A majority of these rules, in order to be effective and realistically protect consumer interest, should also be expanded to third parties, agents, contractual relationships and any other relevant relationship an e-PPI issuer may delegate as a part of their functioning.

3.2 Rule 2: Definitions

Certain key words relevant to the field of e-PPI based digital payments such as authorisation, metadata, etc. are not defined in the rules and should both be defined and accounted for in the rules to ensure modern developments such as big data and machine learning, digital surveillance, etc. do not violate human rights and consumer interest.

3.2 Rule 7: Definition of personal information

Rule 7 provides an exhaustive list of data that will be deemed to be personal information for the purposes of the Rules. While information collected at the time of issuance of the pre-paid payment instrument and during its use is included within the scope of Rule 7, it makes no reference to metadata generated and collected by the e-PPI issuer.

3.3 Rule 4: Inadequate privacy protections

Rule 4(2) specifies the details that the privacy policies of each e-PPI issuer must contain. However, these specifications are highly inadequate and fall well below the recommendations under the National Privacy Principles in Report of the Group of Experts on Privacy chaired by Justice A P Shah.

Suggestions: The Rules should include include clearly specified rights to access, correction and opt in/opt out, continuing obligations to seek consent in case of change in policy or purpose and deletion of data after purpose is achieved. Additionally, it must be required that a log of each version of past privacy policies be maintained along with the relevant period of applicability.

3.4 Rule 10: Reasonable security practices

Problem: Financial information (“such as bank account or credit card or debit card or other payment instrument details”) is already invoked in an inclusive manner in the definition of ‘personal information’ in Rule 7. Given this there is no need to make the Reasonable Security Practices Rules applicable to financial data through this provisions: it already is, and it is best to avoid unnecessary redundancy.

Solution: This entire rule should be removed.

3.5 Rule 12: Traceability

Problem: There is a requirement created under this rule that payment-related interactions with customers or other service providers be “appropriately trace[able]”. But it is unclear what that would practically mean: would IP logging suffice? would IMEI need to be captured for mobile transactions? what is “appropriately” traceable? — none of those questions are answered.

Suggestion: The NPCI’s practices and RBI regulations, for instance, seek to limit the amount of information that entities like e-PPI providers have. These rules need to be brought in line with those practices and regulations.

3.6 Rule 5: Risk Assessment

Rule 5 requires e-PPI issuers to carry out risk assessments associated with the security of the payments systems at least once a year and after any major security incident. However, there are no transparency requirements such as publications of details of such review, a summary of the analysis, any security vulnerabilities discovered etc.

Suggestion:

Broaden the scope of this provision to include not just risk assessments but also security audits.
Mandate publication of risk assessment and security audit reports.

3.7 Rule 11: End-to-End Encryption

The rule concerning end-to-end encryption (E2E) needs significantly greater detailing to be effective in ensuring the the protection of information at both storage and transit.

Suggestions: Elements such as Secure Element or a Secured Server and Trusted User Interface, both concepts to enable secure payments, can be detailed in the rule and a timeline can be established to require hardware, e-PPI practices and security standards to realistically account for such best practices to ensure modern, secure and industry accepted implementation of the rule.

3.8 Rule 13: Retention of Information

Problem: Rule 13 leaves the question of retention entirely unanswered by deferring the future rulemaking to the Central Government.

Suggestions: Rule 13 should be expanded to include the various categories of information that can be stored, guidelines for the short-term (fast access) and long-term storage of the information retained under the rule and other relevant details. The rule should also include the security standards that should be followed in the storage of such information, require access logs be maintained for whenever this information is accessed by individuals, detail secure destruction practices at the end of the retention period and finally mandate that end users be notified by the e-PPI issuer of when such retained information is accessed in all situations bar exceptional circumstances such as national security, compromising an ongoing criminal investigations, etc.

3.9 Rule 14: Reporting of Cyber Incidents

Rule 14 is an excellent opportunity to uphold transparency, accountability and consumer rights by mandating time- and information-bound notification of cyber incidents to customers, including intrusions, database breaches and any other compromise of the integrity of the financial system. While the requirement of reporting such incidents to CERT-In is already present in the Rule 12 of the CERT Rules, the rule retains the optional nature of notifying customers. The rule should include an exhaustive list of categories or kinds of cyber incidents that should be reported to affected end users without compromising the investigation of such breaches by private organisations and public authorities. Further, the rule should also include penalties for non-compliance of this requirement (both to CERT-In and the consumer) to serve as an incentive for e-PPI issuers to uphold consumer public interest. The rule should be expanded to include a detailed mechanism for such reporting, including when e-PPI issuers and the CERT-In can withhold information from consumers as well as requiring the withheld information be disclosed when the investigation has been completed. Finally, the rule should also require that such disclosures be public in nature and consumers not be required to not disseminate such information to enable informed choice by the end user community.

Suggestion:

(1) In Rule 14(3) “may” should be substituted by “shall”.

(2) Penalties of up to 5 lakh rupees may be imposed for each day that the e-PPI issuer fails to report any severe vulnerability that could likely result in harm to customers.

3.10 Rule 15: Customer Awareness and Education

Problem: Rule 15 on Customer Awareness and Education by e-PPI issuers does not take into account the vast lingual diversity and varied socio-economic demographic that makes up the end users of e-PPI providers in India, by mandating the actions under the rule must account for these factors prior to be propagated.

Solutions: The rule must ensure that e-PPI issuers track record in carrying out awareness is regularly held accountable by both the government and public disclosures on their websites. Further, the rule can be made more concrete and effective by including mobile operating systems in their scope (along with equipments), mandating awareness for best practices for inclusive technologies like USSD banking, specifying notifications to include SMS reports of financial transactions, etc.

3.11 Rule 16: Grievance Redressal

Problem: Rule 16 lays down the requirement of grievance redressal, without specifying appellate mechanisms (both within the organisation and at the regulatory level), accountability (via penalties) for non-compliance of the rule nor requiring a clear hierarchy of responsibility within the e-PPI organisation. These factors seriously compromise the efficacy of a grievance redressal framework.

Solutions: Similar rules for grievance redressal that have been enacted by the Insurance Regulatory and Development Authority for the insurance sector and the Telecom Regulatory Authority of India for the telecom sector can and should serve as a reference point for this rule. Their effectiveness and real world operation should also be monitored by the relevant authorities while ensuring sufficient flexibility exists in the rule to uphold consumer rights and the public interest. Proper appellate mechanisms at the regulatory level are essential along with penalties for non-compliance.

3.12 Rule 17: Security Standards

Problem: Rule 17 empowers the Central Government to mandate security standards to be followed by e-PPI issuers operating in India. While appreciable in its overall outlook on ensuring a minimum standard of security, the Rule needs be improved upon to make it more effective. This can be in done by specifying certain minimum security standards to ensure all e-PPI issuers have a minimal level of security, instead of leaving them open to being intimated at a later date.

Solutions: Standards that can either be made mandatory or be used as a reference point to create a new standard under Rule 17(2) are ISO/IEC 14443, IS 14202, ISO/IEC 7816, PCI DSS, etc. Further, the Rule should include penalties for non-compliance of these standards, to make them effectively enforceable by both the government and end users alike. Additional details like the maximum time period in which such security standards should be implemented post their notification, requiring regular third party audits to ensure continuing compliance and effectiveness and requiring updated standards be used upon their release will go a long way in ensuring e-PPI issuers fulfil their mandate under these Rules.

^[1] http://cis-india.org/

^[2] http://meity.gov.in/sites/upload_files/dit/files/draft-rules-security%20of%20PPI-for%20public%20comments.pdf

For more details visit https://cis-india.org/internet-governance/blog/comments-on-information-technology-security-of-prepaid-payment-instruments-rules-2017

Right to Exclusion, Government Spaces, and Speech

TorShark — 2021-07-02T12:05:13Z

The conclusion of the litigation surrounding Trump blocking its critiques on Twitter brings to forefront two less-discussed aspects of intermediary liability: a) if social media platforms could be compelled to ‘carry’ speech under any established legal principles, thereby limiting their right to exclude users or speech, and b) whether users have a constitutional right to access social media spaces of elected officials. This essay analyzes these issues under the American law, as well as draws parallel for India, in light of the ongoing litigation around the suspension of advocate Sanjay Hegde’s Twitter account.

This article first appeared on the Indian Journal of Law and Technology (IJLT) blog, and can be accessed here. Cross-posted with permission.

---

Introduction

On April 8, the Supreme Court of the United States (SCOTUS), vacated the judgment of the US Court of Appeals for Second Circuit’s in Knight First Amendment Institute v Trump. In that case, the Court of Appeals had precluded Donald Trump, then-POTUS, from blocking his critics from his Twitter account on the ground that such action amounted to the erosion of constitutional rights of his critics. The Court of Appeals had held that his use of @realDonaldTrump in his official capacity had transformed the nature of the account from private to public, and therefore, blocking users he disagreed with amounted to viewpoint discrimination, something that was incompatible with the First Amendment.

The SCOTUS ordered the case to be dismissed as moot, on account of Trump no longer being in office. Justice Clarence Thomas issued a ten-page concurrence that went into additional depth regarding the nature of social media platforms and user rights. It must be noted that the concurrence does not hold any direct precedential weightage, since Justice Thomas was not joined by any of his colleagues at the bench for the opinion. However, given that similar questions of public import, are currently being deliberated in the ongoing Sanjay Hegde litigation in the Delhi High Court, Justice Thomas’ concurrence might hold some persuasive weightage in India. While the facts of these litigations might be starkly different, both of them are nevertheless characterized by important questions of applying constitutional doctrines to private parties like Twitter and the supposedly ‘public’ nature of social media platforms.

In this essay, we consider the legal questions raised in the opinion as possible learnings for India. In the first part, we analyze the key points raised by Justice Thomas, vis-a-vis the American legal position on intermediary liability and freedom of speech. In the second part, we apply these deliberations to the Sanjay Hegde litigation, as a case-study and a roadmap for future legal jurisprudence to be developed.

A flawed analogy

At the outset, let us briefly refresh the timeline of Trump’s tryst with Twitter, and the history of this litigation: the Court of Appeals decision was issued in 2019, when Trump was still in office. Post-November 2020 Presidential Election, where he was voted out, his supporters broke into Capitol Hill. Much of the blame for the attack was pinned on Trump’s use of social media channels (including Twitter) to instigate the violence and following this, Twitter suspended his account permanently.

It is this final fact that seized Justice Thomas’ reasoning. He noted that a private party like Twitter’s power to do away with Trump’s account altogether was at odds with the Court of Appeals’ earlier finding about the public nature of the account. He deployed a hotel analogy to justify this: government officials renting a hotel room for a public hearing on regulation could not kick out a dissenter, but if the same officials gather informally in the hotel lounge, then they would be within their rights to ask the hotel to kick out a heckler. The difference in the two situations would be that, “the government controls the space in the first scenario, the hotel, in the latter.” He noted that Twitter’s conduct was similar to the second situation, where it “control(s) the avenues for speech”. Accordingly, he dismissed the idea that the original respondents (the users whose accounts were blocked) had any First Amendment claims against Trump’s initial blocking action, since the ultimate control of the ‘avenue’ was with Twitter, and not Trump.

In the facts of the case however, this analogy was not justified. The Court of Appeals had not concerned itself with the question of private ‘control’ of entire social media spaces, and given the timeline of the litigation, it was impossible for them to pre-empt such considerations within the judgment. In fact, the only takeaway from the original decision had been that an elected representative’s utilization of his social media account for official purposes transformed only that particular space into a public forum where constitutional rights would find applicability. In delving into questions of ‘control’ and ‘avenues of speech’, issues that had been previously unexplored, Justice Thomas conflates a rather specific point into a much bigger, general conundrum. Further deliberations in the concurrence are accordingly put forward upon this flawed premise.

Right to exclusion (and must carry claims)

From here, Justice Thomas identified the problem to be “private, concentrated control over online content and platforms available to the public”, and brought forth two alternate regulatory systems — common carrier and public accommodation — to argue for ‘equal access’ over social media space. He posited that successful application of either of the two analogies would effectively restrict a social media platform’s right to exclude its users, and “an answer may arise for dissatisfied platform users who would appreciate not being blocked”. Essentially, this would mean that platforms would be obligated to carry all forms of (presumably) legal speech, and users would be entitled to sue platforms in case they feel their content has been unfairly taken down, a phenomenon Daphne Keller describes as ‘must carry claims’.

Again, this is a strange place to find the argument to proceed, since the original facts of the case were not about ‘dissatisfied platform users’, but an elected representative’s account being used in dissemination of official information. Beyond the initial ‘private’ control deliberation, Justice Thomas did not seem interested in exploring this original legal position, and instead emphasized on analogizing social media platforms in order to enforce ‘equal access’, finally arriving at a position that would be legally untenable in the USA.

The American law on intermediary liability, as embodied in Section 230 of the Communications Decency Act (CDA), has two key components: first, intermediaries are protected against the contents posted by its users, under a legal model termed as ‘broad immunity’, and second, an intermediary does not stand to lose its immunity if it chooses to moderate and remove speech it finds objectionable, popularly known as the Good Samaritan protection. It is the effect of these two components, combined, that allows platforms to take calls on what to remove and what to keep, translating into a ‘right to exclusion’. Legally compelling them to carry speech, under the garb of ‘access’ would therefore, strike at the heart of the protection granted by the CDA.

Learnings for India

In his petition to the Delhi High Court, Senior Supreme Court Advocate, Sanjay Hegde had contested that the suspension of his Twitter account, on the grounds of him sharing anti-authoritarian imagery, was arbitrary and that:

Twitter was carrying out a public function and would be therefore amenable to writ jurisdiction under Article 226 of the Indian Constitution; and
The suspension of his account had amounted to a violation of his right to freedom of speech and expression under Article 19(1)(a) and his rights to assembly and association under Article 19(1)(b) and 19(1)(c); and
The government has a positive obligation to ensure that any censorship on social media platforms is done in accordance with Article 19(2).

The first two prongs of the original petition are perhaps easily disputed: as previous commentary has pointed out, existing Indian constitutional jurisprudence on ‘public function’ does not implicate Twitter, and accordingly, it would be a difficult to make out a case that account suspensions, no matter how arbitrary, would amount to a violation of the user’s fundamental rights. It is the third contention that requires some additional insight in the context of our previous discussion.

Does the Indian legal system support a right to exclusion?

Suing Twitter to reinstate a suspended account, on the ground that such suspension was arbitrary and illegal, is in its essence a request to limit Twitter’s right to exclude its users. The petition serves as an example of a must-carry claim in the Indian context and vindicates Justice Thomas’ (misplaced) defence of ‘dissatisfied platform users’. Legally, such claims perhaps have a better chance of succeeding here, since the expansive protection granted to intermediaries via Section 230 of the CDA, is noticeably absent in India. Instead, intermediaries are bound by conditional immunity, where availment of a ‘safe harbour’, i.e., exemption from liability, is contingent on fulfilment of statutory conditions, made under section 79 of the Information Technology (IT) Act and the rules made thereunder. Interestingly, in his opinion, Justice Thomas had briefly visited a situation where the immunity under Section 230 was made conditional: to gain Good Samaritan protection, platforms might be induced to ensure specific conditions, including ‘nondiscrimination’. This is controversial (and as commentators have noted, wrong), since it had the potential to whittle down the US' ‘broad immunity’ model of intermediary liability to a system that would resemble the Indian one.

It is worth noting that in the newly issued Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, proviso to Rule 3(1)(d) allows for “the removal or disabling of access to any information, data or communication link [...] under clause (b) on a voluntary basis, or on the basis of grievances received under sub-rule (2) [...]” without dilution of statutory immunity. This does provide intermediaries a right to exclude, albeit limited, since its scope is restricted to content removed under the operation of specific sub-clauses within the rules, as opposed to Section 230, which is couched in more general terms. Of course, none of this precludes the government from further prescribing obligations similar to those prayed in the petition.

On the other hand, it is a difficult proposition to support that Twitter’s right to exclusion should be circumscribed by the Constitution, as prayed. In the petition, this argument is built over the judgment in Shreya Singhal v Union of India, where it was held that takedowns under section 79 are to be done only on receipt of a court order or a government notification, and that the scope of the order would be restricted to Article 19(2). This, in his opinion, meant that “any suo-motu takedown of material by intermediaries must conform to Article 19(2)”.

To understand why this argument does not work, it is important to consider the context in which the Shreya Singhal judgment was issued. Previously, intermediary liability was governed by the Information Technology (Intermediaries Guidelines) Rules, 2011 issued under section 79 of the IT Act. Rule 3(4) made provisions for sending takedown orders to the intermediary, and the prerogative to send such orders was on ‘an affected person’. On receipt of these orders, the intermediary was bound to remove content and neither the intermediary nor the user whose content was being censored, had the opportunity to dispute the takedown.

As a result, the potential for misuse was wide-open. Rishabh Dara’s research provided empirical evidence for this; intermediaries were found to act on flawed takedown orders, on the apprehension of being sanctioned under the law, essentially chilling free expression online. The Shreya Singhal judgment, in essence, reined in this misuse by stating that an intermediary is legally obliged to act only when a takedown order is sent by the government or the court. The intent of this was, in the court’s words: “it would be very difficult for intermediaries [...] to act when millions of requests are made and the intermediary is then to judge as to which of such requests are legitimate and which are not.”

In light of this, if Hegde’s petition succeeds, it would mean that intermediaries would now be obligated to subsume the entirety of Article 19(2) jurisprudence in their decision-making, interpret and apply it perfectly, and be open to petitions from users when they fail to do so. This might be a startling undoing of the court’s original intent in Shreya Singhal. Such a reading also means limiting an intermediary’s prerogative to remove speech that may not necessarily fall within the scope of Article 19(2), but is still systematically problematic, including unsolicited commercial communications. Further, most platforms today are dealing with an unprecedented spread and consumption of harmful, misleading information. Limiting their right to exclude speech in this manner, we might be exacerbating this problem.

Government-controlled spaces on social media platforms

On the other hand, the original finding of the Court of Appeals, regarding the public nature of an elected representative’s social media account and First Amendment rights of the people to access such an account, might yet still prove instructive for India. While the primary SCOTUS order erases the precedential weight of the original case, there have been similar judgments issued by other courts in the USA, including by the Fourth Circuit court and as a result of a lawsuit against a Texas Attorney General.

A similar situation can be envisaged in India as well. The Supreme Court has repeatedly held that Article 19(1)(a) encompasses not just the right to disseminate information, but also the right to receive information, including receiving information on matters of public concern. Additionally, in Secretary, Ministry of Information and Broadcasting v Cricket Association of Bengal, the Court had held that the right of dissemination included the right of communication through any media: print, electronic or audio-visual. Then, if we assume that government-controlled spaces on social media platforms, used in dissemination of official functions, are ‘public spaces’, then the government’s denial of public access to such spaces can be construed to be a violation of Article 19(1)(a).

Conclusion

As indicated earlier, despite the facts of the two litigations being different, the legal questions embodied within converge startlingly, inasmuch that are both examples of the growing discontent around the power wielded by social media platforms, and the flawed attempts at fixing it.

While the above discussion might throw some light on the relationship between an individual, the state and social media platforms, many questions still continue to remain unanswered. For instance, once we establish that users have a fundamental right to access certain spaces within the social media platform, then does the platform have a right to remove that space altogether? If it does so, can a constitutional remedy be made against the platform? Initial commentary on the Court of Appeals’ decision had contested that the takeaway from that judgment had been that constitutional norms had a primacy over the platform’s own norms of governance. In such light, would the platform be constitutionally obligated to not suspend a government account, even if the content on such an account continues to be harmful, in violation of its own moderation standards?

This is an incredibly tricky dimension of the law, made trickier still by the dynamic nature of the platforms, the intense political interests permeating the need for governance, and the impacts on users in the instance of a flawed solution. Continuous engagement, scholarship and emphasis on having a human rights-respecting framework underpinning the regulatory system, are the only ways forward.

---

The author would like to thank Gurshabad Grover and Arindrajit Basu for reviewing this piece.

For more details visit https://cis-india.org/internet-governance/blog/right-to-exclusion-government-spaces-and-speech

On the legality and constitutionality of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021

Torsha Sarkar, Gurshabad Grover, Raghav Ahooja, Pallavi Bedi and Divyank Katira — 2021-06-21T11:52:39Z

This note examines the legality and constitutionality of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021. The analysis is consistent with previous work carried out by CIS on issues of intermediary liability and freedom of expression.

On 25 February 2021, the Ministry of Electronics and Information Technology (Meity) notified the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (hereinafter, ‘the rules’). In this note, we examine whether the rules meet the tests of constitutionality under Indian jurisprudence, whether they are consistent with the parent Act, and discuss potential benefits and harms that may arise from the rules as they are currently framed. Further, we make some recommendations to amend the rules so that they stay in constitutional bounds, and are consistent with a human rights based approach to content regulation. Please note that we cover some of the issues that CIS has already highlighted in comments on previous versions of the rules.

The note can be downloaded here.

For more details visit https://cis-india.org/internet-governance/blog/on-the-legality-and-constitutionality-of-the-information-technology-intermediary-guidelines-and-digital-media-ethics-code-rules-2021