Centre for Internet and Society

How safe is your harbour? Discussions on intermediary liability and user rights

gurshabad — 2020-01-10T04:43:35Z

The Centre for Internet and Society is holding discussions on 10 January 2020 to discuss research on automated content filtering, content takedown, traceability and the future of intermediary liability in India

Background

The Manila Principles outline three kinds of liability regimes that countries follow while regulating intermediaries; expansive protections against liability, conditional immunity and primary liability. Post Avneesh Bajaj, India has been following the second model, where intermediaries are provided safe harbour for the acts of their users. In December 2018, the Ministry of Electronics and Information Technology (MeitY), released a draft of the Information Technology (Intermediary Guidelines (Amendment) Rules), 2018. These rules raised a host of concerns in the way they envision liability and user rights in the digital domain. The proposed amendments may mark a departure from the current model by creating cumbersome obligations for intermediaries to avail safe harbour.

At the Centre for Internet and Society (CIS), we have been closely examining some of the draft rules to decipher the changed regime. Our research has focussed on the impact of mandating automated content filtering, shortened turnaround times for intermediaries to take content down, and the traceability of originators of information.

As part of our ongoing work, we are hosting this event to contribute to the discussion around the nuances of the rules and the future of intermediary liability in India. As such, this event will begin with a brief analysis of the proposed amendments. We will also address the restrictions these would place on freedom of expression online and the way intermediaries do their business, among others. Subsequently, we would be having sessions on particular aspects of the rules. Finally, we would dedicate the last session on contemplating the future of intermediary liability regime in India.

Panels

Automated content filtering

One of the more controversial and stringent rules introduced in the proposed amendments is Rule 3(9) which necessitates the use of automated technology in filtering content. The draft rule does not specify the scope of the content to be detected, the technologies to be used, or any procedural safeguards that accompany the deployment of the technology. The discussion on the rule will, thus, centre around the legal validity of the proposal, the effect on different scales of intermediaries, and the consequences of intermediaries’ compliance on the exercise of freedom of expression in India.

Panelists: Kanksshi Agarwal (Senior Researcher, Centre for Policy Research); Nayantara Ranganathan (Independent researcher); Shashank Mohan (Counsel, Software Freedom Law Centre); Moderator: Akriti Bopanna (Policy Officer, CIS)

Content takedown

In this session, we will examine S.69 and S.79 of the IT Act that permit the Government to mandate intermediaries to remove/block content. Our discussion will focus on the procedural flaws of the law, issues of due process, and the lack of transparency in the legal process of content takedown. Additionally, we will discuss findings from our research on the feasibility of a specific turnaround time, and regulatory factors that need to be considered before fixing an appropriate takedown timeframe.

Panelists: Bhavna Jha (Research Associate, IT for Change); Divij Joshi (Technology Policy Fellow, Mozilla); Moderator: Torsha Sarkar (Policy Officer, CIS)

Traceability

The draft Intermediary Guidelines propose requiring intermediaries to enable traceability of originators of information. While this move is ostensibly to crack down on misinformation and fake news, there are questions regarding its feasibility and effects on platform architecture. More importantly, it poses grave dangers for the freedom of expression and privacy of users. The discussion will be centred around how traceability interacts with the Constitution and other laws in India, the litigation around it, possible methods to implement traceability (by or without breaking encryption) and what it means for the larger debate on intermediary liability and free speech.

Panelists: Aditi Agrawal (Senior Research Associate, MediaNama); Anand Venkatanarayanan (Cybersecurity researcher); G S Madhusudan (Principal Scientist, IIT Madras); Moderator: Tanaya Rajwade (Policy Officer, CIS)

Future of intermediary liability in India

The panel will bring together the threads from the previous discussions and discuss the ways in which the draft intermediary guidelines represent a departure from the current model of intermediary liability in India, and its potential effects on similar regulation in other countries. We will discuss the nature of changes, especially as they relate to classification of intermediaries, and whether they are within the scope of S.79 of the IT Act and the intermediary guidelines. We will also aim to address the effects of legislation and jurisprudence in related areas such as data protection and competition law. Finally, we will discuss regulatory frameworks for intermediary liability that should be considered in India.

Panelists: Alok Prasanna (Senior Resident Fellow, Vidhi Centre for Legal Policy); Sarvjeet Singh (Executive Director, Centre for Communication Governance); Tanya Sadana (Principal Associate, Ikigai Law); Udbhav Tiwari (Public Policy Advisor, Mozilla); Moderator: Gurshabad Grover (Research Manager, CIS)

RSVP

To register for the event, please RSVP here.

Note that this is a research event. Please ignore social media messages that have erroneously identified this event as a protest.

For more details visit https://cis-india.org/internet-governance/blog/how-safe-is-your-harbour-discussions-on-intermediary-liability-and-user-rights

A judicial overreach into matters of regulation

gurshabad — 2019-08-28T01:28:52Z

A PIL on Aadhaar sheds light on some problematic trends

The article by Gurshabad Grover was published in the Hindu on August 27, 2019.

The Madras High Court has been hearing a PIL petition since 2018 that initially asked the court to declare the linking of Aadhaar with a government identity proof as mandatory for registering email and social media accounts. The petitioners, victims of online bullying, went to the court because they found that law enforcement agencies were inefficient at investigating cybercrimes, especially when it came to gathering information about pseudonymous accounts on major online platforms. This case brings out some of the most odious trends in policymaking in India.

The first issue is how the courts, as Anuj Bhuwania has argued in the book Courting the People, have continually expanded the scope of issues considered in PILs. In this case, it is absolutely clear that the court is not pondering about any question of law. In what could be considered as abrogation of the separation of powers provision in the Constitution, the Madras High Court started to deliberate on a policy question with a wide-ranging impact: Should Aadhaar be linked with social media accounts?

After ruling out this possibility, it went on to consider a question that is even further out of its purview: Should platforms like WhatsApp that provide encrypted services allow forms of “traceability” to enable finding the originator of content? In essence, the court is now trying to regulate one particular platform on a very specific technical question, ignoring legal frameworks entirely. It is worrying that the judiciary is finding itself increasingly at ease with deliberations on policy and regulatory measures, and its recent actions remind us that the powers of the court also deserve critical questioning.

Government’s support

Second, not only are governments failing to assert their own powers of regulation in response to the courts’ actions, they are on the contrary encouraging such PILs. The Attorney General, K.K. Venugopal, who is representing the State of Tamil Nadu in the case, could have argued for the case’s dismissal by referring to the fact that the Ministry of Electronics and Information Technology has already published draft regulations that aim to introduce “traceability” and to increase obligations on social media platforms. Instead, he has largely urged the court to pass regulatory orders.

Third, ‘Aadhaar linking’ is becoming increasingly a refrain whenever any matter even loosely related to identification or investigation of crime is brought up. While the Madras High Court has ruled out such linking for social media platforms, other High Courts are still hearing petitions to formulate such rules. The processes that law enforcement agencies use to get information from platforms based in foreign jurisdictions rely on international agreements. Linking Aadhaar with social media accounts will have no bearing on these processes. Hence, the proposed ‘solution’ misses the problem entirely, and comes with its own threats of infringing privacy.

Problems of investigation

That said, investigating cybercrime is a serious problem for law enforcement agencies. However, the proceedings before the court indicate that the cause of the issues have not been correctly identified. While legal provisions that allow agencies to seek information from online platforms already exist in the Code of Criminal Procedure and the Information Technology Act, getting this information from platforms based in foreign jurisdictions can be a long and cumbersome process. For instance, the hurdles posed by the mutual legal assistance treaty between India and the U.S. effectively mean that it might take months to receive a response to information requests sent to U.S.-based platforms, if a response is received at all.

To make cybercrime investigation easier, the Indian government has various options. India should push for fairer executive agreements possible under instruments like the United States’ CLOUD Act, for which we need to first bring our surveillance laws in line with international human rights standards through reforms such as judicial oversight. India could use the threat of data localisation as a leverage to negotiate bilateral agreements with other countries to ensure that agencies have recourse to quicker procedures. As a first step, however, Indian courts must wash their hands of such questions. For its part, the Centre must engage in consultative policymaking around these important issues, rather than support ad-hoc regulation through court orders in PILs.

(Disclosure: The CIS is a recipient of research grants from Facebook.)

For more details visit https://cis-india.org/internet-governance/blog/the-hindu-august-27-2019-a-judicial-overreach-into-matters-of-regulation

The Huawei bogey

gurshabad — 2019-06-05T03:38:19Z

India needs to prove company aids Chinese government, or risk playing into US hands.

The article by Gurshabad Grover was published in Indian Express on May 30, 2019.

The Trump administration has not only passed orders restricting the US government and its departments from procuring networking equipment from Chinese companies, but is exerting considerable pressure on other countries to follow suit. The fear that Huawei and ZTE will aid Chinese espionage and surveillance operations has become common even though there has been no compelling evidence to suggest that Huawei’s equipment is substantively different from its competitors.

These events have also sparked a larger debate about the security of India’s communications infrastructure, an industry powered by foreign imports. Commentators have not shied away from suggesting that India ban the import of network equipment. C Raja Mohan, in ‘The tech wars are here’ (IE, December 11, 2018), expressed these concerns and asked whether Chinese telecom equipment manufacturers should be allowed to operate in India. A larger point was made by D S Hooda in his piece, ‘At digital war’ (IE, October 25, 2018). He pointed out threats that arise from using untrusted software and hardware all over the stack: From Chinese networking middleboxes to American operating systems and media platforms. As a method to establish trust in ICT infrastructure, Hooda recommends “indigenis[ing] our cyber space”.

The path towards indigenised manufacturing of networking equipment is an expensive, elaborate process. Restricting certain foreign companies from operating in the country without evidence would be a knee-jerk reaction solely based on cues from US policy, and would undermine India’s strategic autonomy.

At the heart of threats from untrusted software or hardware, lies an information asymmetry between the buyer and seller. It is not always possible to audit the functioning of every product that you purchase. Open technical standards, developed by various standards development organisations (SDOs), govern the behaviour of networking software, and remove this information asymmetry: They allow buyers to glean or implicitly trust operational and security aspects of the equipment.

It is clear that various governments including India have repeatedly failed to advance privacy and security in the 5G standards, which are developed at the 3rd Generation Partnership Project (3GPP) — the organisation developing standards for telephony. Government and industry dominance at the 3GPP has ensured that telecom technologies include security vulnerabilities that are euphemistically termed as “lawful interception”. From an architectural perspective, 5G does not contain any significant vulnerabilities that were absent in older telecom standards. Unfortunately, these vulnerabilities are indifferent to those who exploit them: A security exception for law enforcement is tantamount to a security vulnerability for malicious actors. As the report from UK’s Huawei Cyber Security Evaluation Centre Oversight Board confirmed, there is perhaps no technical way to mitigate the security risks that 5G poses now. But there is still no evidence to suggest that Huawei is operating differently from say Ericsson or Nokia.

India needs to establish that Huawei is aiding the Chinese government through their products (5G or otherwise) before reacting. That Chinese companies are rarely insulated from Beijing’s influence is indisputable. However, the legal requirements placed on Chinese companies by Beijing are equivalent to de facto practices of countries like the US, which has a history of intercepting equipment from American companies to introduce vulnerabilities, or directly compelling them to aid intelligence operations. Such influence should be fought back by pushing for international norms that prevent states from acquiring data from companies en masse, and domestic data protection legislation.

In the long term, the Indian government and its defence wings would benefit from understanding the argument Lawrence Lessig has made since the 1990s: Decisions of technical architecture have far-reaching regulatory effects. A long-term strategy that focuses on advancing security at technical SDOs will prove more effective in ensuring the security of India’s critical infrastructure than the economically expensive push for indigenisation.

For more details visit https://cis-india.org/telecom/blog/indian-express-may-30-2019-gurshabad-grover-the-huawei-bogey

RTI Application to BSNL for the list of websites blocked in India

gurshabad — 2019-05-09T09:43:54Z

A Right to Information (RTI) request to a public company operating as an ISP for the list of websites and URLs blocked in India, and copies of such blocking orders issued by the Government of India.

Background

The Government of India draws powers from Section 69A of the Information Technology (IT) Act and the rules issued under it to order Internet Service Providers (ISPs) to block websites and URLs for users. Several experts have questioned the constitutionality of the process laid out in the Information Technology (Procedure and Safeguards for Blocking for Access of Information by Public) Rules, 2009 (hereinafter, “the rules”) [1] since Rule 16 in the regulations allows blocking of websites by the Government and ISPs in secrecy, as it mandates all such orders to be maintained confidentially.

Thus, the law sets up a structure where it is impossible to know the complete list of websites blocked in India and the reasons thereof. Civil society and individual efforts have repeatedly failed to obtain this list. For instance, the Software Freedom Law Centre (SFLC), in August 2017, asked the Ministry of Electronics and Information Technology (MeitY) for the number and list of websites and URLs that are blocked in India. In response, MeitY revealed the number of blocked websites and URLs: 11,422. MeitY refused to share the list of websites blocked by Government orders citing the aforementioned confidentiality provision in the rules (and subsequently citing national security when MeitY’s reply was appealed against by SFLC). In 2017, researchers at the Centre for Internet and Society (CIS) contacted five ISPs, all of which refused to share information about website blocking requests.

Application under the Right to Information (RTI) Act

In a more recent request filed by under the Right to Information (RTI) Act in June 2018, Akash Sriram (who worked at the Centre for Internet and Society) tried to obtain this information from Bharat Sanchar Nagam Limited (BSNL), a public company which operates as an ISP.

The text of the request of the RTI request is reproduced here:

To
Manohar Lal, DGM(Cordn), Bharat Sanchar Nigam Limited
Room No. 306, Bharat Sanchar Bhawan, H.C.Mathur Lane
Janpath, New Delhi, PIN 110001

Subject: Seeking of Information under RTI Act 2005

Sir,
Kindly arrange to provide the following information under the provisions of RTI Act:

What are the names and URLs of websites currently blocked by government notification in India?

Please provide copies of blocking orders issued by the Department of Telecommunications, Ministry of Communications and other competent authorities to block such websites.

Thanking you
Yours faithfully

Akash Sriram
Centre for Internet and Society

BSNL refused to respond to the request citing sections 8(e) and 8(g) of the RTI Act. Their response is reproduced below.

The Information sought vide above reference cannot be disclosed vide clause 8(e) and 8(g) of the RTI act which states.

"8(e) - Information, available to a person in his fiduciary relationship, unless the competent authority is satisfied that the larger public interest warrants the disclosure of such information"

“8(g) - Information, the disclosure of which would endanger the life or physical safety of any person or identify the source of information or assistance given in confidence for law enforcement or security purposes"

This is issued with the approval of competent authority.

A PDF of the response can be accessed here.

[1] Note that in Shreya Singhal v. Union of India, the Supreme Court upheld the legality of the rules.

For more details visit https://cis-india.org/internet-governance/blog/rti-application-to-bsnl-for-the-list-of-websites-blocked-in-india

RTI Application to BSNL for the list of websites blocked in India (PDF)

gurshabad — 2019-05-09T09:21:06Z

For more details visit https://cis-india.org/internet-governance/resources/rti-application-to-bsnl-for-the-list-of-websites-blocked-in-india-pdf

Why the TikTok ban is worrying

gurshabad — 2019-05-05T10:11:28Z

Rather than critically examining the infringement of liberties by the political executive, the Indian courts are becoming an additional threat to the right to freedom of expression, which we must be increasingly wary of.

The article by Gurshabad Grover was published in Hindustan Times on May 2, 2019.

In a span of less than two weeks, the Madras High Court has imposed and lifted a ban on the TikTok mobile application, an increasingly popular video and social platform. While rescinding the ban is welcome, the events tell a worrying tale of how the courts can arbitrarily censor online expression with little accountability.

On April 3, the Madras High Court heard a public interest litigation petitioning for the TikTok mobile app to be banned in India because it was “encouraging pornography”, “degrading culture”, “causing paedophiles”, spreading “explicit disturbing content” and causing health problems for teenagers. It is difficult to establish the truth of these extreme claims about content on the platform that has user generated content, but the court was confident enough to pass wide ranging interim orders on the same day without hearing ByteDance, the company that operates the Tik Tok app.

The interim order had three directives. First, the Madras High Court ordered the government to prohibit the downloading of the app. Second, it restricted the media from broadcasting videos made using the app. Third, it asked the government to respond about whether it plans to enact legislation that would protect children’s online privacy. While the third directive poses an important question to the government that merits a larger discussion, the first two completely lacked a legal rationale. The court order also implied that the availability of pornography on the platform was problematic, even though it is not illegal to access pornography in India.

Appallingly, the order makes no mention at all of the most pertinent legal provision: Section 79 of the Information Technology (IT) Act and the rules issued under it, which form the liability regime applicable to intermediaries (online services). The intermediary liability rules in India generally shield online platforms from liability for the content uploaded to their platform as long as the company operating is primarily involved in transmitting the content, complies with government and court orders, and is not abetting illegal activity. It is this regime that has ensured that online platforms are not hyperactively censoring expression to avoid liability, and has directly supported the proliferation of speech online.

The courts do have some powers of online censorship under the provision, which they have used many times in the past. They have the authority to decide on questions of whether certain content violates law and then direct intermediaries to disable access to that specific content. Such a legal scenario was certainly not the case before the Madras High Court. We can also be sure that the app stores run by Apple and Google, on which TikTok is available, were not the intermediaries under consideration here (which would also be problematic in its own ways) since the interim order makes no mention of them. So, despite the fact that the court’s order had no clear jurisdiction and legal basis, Apple and Google were ordered by the government to remove TikTok from their respective mobile app stores for India.

ByteDance Technology appealed to the Supreme Court of India to rescind the ban, arguing that they qualify as intermediaries under the IT Act and should not face a blanket ban as a repercussion of allegedly problematic content on their platform. The Supreme Court refrained from staying the problematic Madras High Court interim order, but decided that the ban on the app will be lifted by April 24 if the case wasn’t decided by then. On April 24, sense finally prevailed when the High Court decided to take the interim directive back.

Admittedly, popular online platforms can create certain social problems. TikTok has faced bans elsewhere and was fined by the Federal Trade Commission in the United Sates for collecting information on its users who were below the age of 13. There is no debate that the company is legally bound to follow the rules issued under the IT Act, be responsive to legally valid government and court orders, and should strictly enforce their community guidelines that aim to create a safe environment for the young demographic that forms a part of its user base. However, a ban is a disproportionate move that sends signals of regulatory uncertainty, especially for technology companies trying to break into an increasingly consolidated market. The failure of the government to enact a law that protects children’s privacy also cannot be considered a legitimate ground for a ban on a mobile app.

Perhaps most importantly, the interim court order adds yet another example to the increasing number of times the judiciary has responded to petitions by passing censorship orders that have no basis in law. As constitutional scholar Gautam Bhatia has pointed out, we are faced with the trend of “judicial censorship” wherein the judiciary is exercising power without accountability in ways not envisioned by the Constitution. Rather than critically examining the infringement of liberties by the political executive, the Indian courts are becoming an additional threat to the right to freedom of expression, which we must be increasingly wary of.

For more details visit https://cis-india.org/internet-governance/blog/hindustan-times-may-2-2019-gurshabad-grover-why-the-tik-tok-ban-is-worrying

To preserve freedoms online, amend the IT Act

gurshabad — 2019-04-16T10:09:41Z

Look into the mechanisms that allow the government and ISPs to carry out online censorship without accountability.

The article by Gurshabad Grover was published in the Hindustan Times on April 16, 2019.

The issue of blocking of websites and online services in India has gained much deserved traction after internet users reported that popular services like Reddit and Telegram were inaccessible on certain Internet Service Providers (ISPs). The befuddlement of users calls for a look into the mechanisms that allow the government and ISPs to carry out online censorship without accountability.

Among other things, Section 69A of the Information Technology (IT) Act, which regulates takedown and blocking of online content, allows both government departments and courts to issue directions to ISPs to block websites. Since court orders are in the public domain, it is possible to know this set of blocked websites and URLs. However, the process is much more opaque when it comes to government orders.

The Information Technology (Procedure and Safeguards for Blocking for Access of Information by Public) Rules, 2009, issued under the Act, detail a process entirely driven through decisions made by executive-appointed officers. Although some scrutiny of such orders is required normally, it can be waived in cases of emergencies. The process does not require judicial sanction, and does not present an opportunity of a fair hearing to the website owner. Notably, the rules also mandate ISPs to maintain all such government requests as confidential, thus making the process and complete list of blocked websites unavailable to the general public.

In the absence of transparency, we have to rely on a mix of user reports and media reports that carry leaked government documents to get a glimpse into what websites the government is blocking. Civil society efforts to get the entire list of blocked websites have repeatedly failed. In response to the Right to Information (RTI) request filed by the Software Freedom Law Centre India in August 2017, the Ministry of Electronics and IT refused to provide the entire of list of blocked websites citing national security and public order, but only revealed the number of blocked websites: 11,422.

Unsurprisingly, ISPs do not share this information because of the confidentiality provision in the rules. A 2017 study by the Centre for Internet and Society (CIS) found all five ISPs surveyed refused to share information about website blocking requests. In July 2018, the Bharat Sanchar Nagam Limited rejected the RTI request by CIS which asked for the list of blocked websites.

The lack of transparency, clear guidelines, and a monitoring mechanism means that there are various forms of arbitrary behaviour by ISPs. First and most importantly, there is no way to ascertain whether a website block has legal backing through a government order because of the aforementioned confidentiality clause. Second, the rules define no technical method for the ISPs to follow to block the website. This results in some ISPs suppressing Domain Name System queries (which translate human-parseable addresses like ‘example.com’ to their network address, ‘93.184.216.34’), or using the Hypertext Transfer Protocol (HTTP) headers to block requests. Third, as has been made clear with recent user reports, users in different regions and telecom circles, but serviced by the same ISP, may be facing a different list of blocked websites. Fourth, when blocking orders are rescinded, there is no way to make sure that ISPs have unblocked the websites. These factors mean that two Indians can have wildly different experiences with online censorship.

Organisations like the Internet Freedom Foundation have also been pointing out how, if ISPs block websites in a non-transparent way (for example, when there is no information page mentioning a government order presented to users when they attempt to access a blocked website), it constitutes a violation of the net neutrality rules that ISPs are bound to since July 2018.

While the Supreme Court upheld the legality of the rules in 2015 in Shreya Singhal vs. Union of India, recent events highlight how the opaque processes can have arbitrary and unfair outcomes for users and website owners. The right to access to information and freedom of expression are essential to a liberal democratic order. To preserve these freedoms online, there is a need to amend the rules under the IT Act to replace the current regime with a transparent and fair process that makes the government accountable for its decisions that aim to censor speech on the internet.

For more details visit https://cis-india.org/internet-governance/blog/hindustan-times-april-16-2019-gurshabad-grover-to-preserve-freedoms-online-amend-it-act

India should reconsider its proposed regulation of online content

gurshabad — 2019-01-24T16:59:07Z

The lack of technical considerations in the proposal is also apparent since implementing the proposal is infeasible for certain intermediaries. End-to-end encrypted messaging services cannot “identify” unlawful content since they cannot decrypt it. Presumably, the government’s intention is not to disallow end-to-end encryption so that intermediaries can monitor content.

The article was published in the Hindustan Times on January 24, 2019. The author would like to thank Akriti Bopanna and Aayush Rathi for their feedback.

Flowing from the Information Technology (IT) Act, India’s current intermediary liability regime roughly adheres to the “safe harbour” principle, i.e. intermediaries (online platforms and service providers) are not liable for the content they host or transmit if they act as mere conduits in the network, don’t abet illegal activity, and comply with requests from authorised government bodies and the judiciary. This paradigm allows intermediaries that primarily transmit user-generated content to provide their services without constant paranoia, and can be partly credited for the proliferation of online content. The law and IT minister shared the intent to change the rules this July when discussing concerns of online platforms being used “to spread incorrect facts projected as news and designed to instigate people to commit crime”.

On December 24, the government published and invited comments to the draft intermediary liability rules. The draft rules significantly expand “due diligence” intermediaries must observe to qualify as safe harbours: they mandate enabling “tracing” of the originator of information, taking down content in response to government and court orders within 24 hours, and responding to information requests and assisting investigations within 72 hours. Most problematically, the draft rules go much further than the stated intentions: draft Rule 3(9) mandates intermediaries to deploy automated tools for “proactively identifying and removing [...] unlawful information or content”.

The first glaring problem is that “unlawful information or content” is not defined. A conservative reading of the draft rules will presume that the phrase means restrictions on free speech permissible under Article 19(2) of the Constitution, including that relate to national integrity, “defamation” and “incitement to an offence”.

Ambiguity aside, is mandating intermediaries to monitor for “unlawful content” a valid requirement under “due diligence”? To qualify as a safe harbour, if an intermediary must monitor for all unlawful content, then is it substantively different from an intermediary that has active control over its content and not a safe harbour? Clearly, the requirement of monitoring for all “unlawful content” is so onerous that it is contrary to the philosophy of safe harbours envisioned by the law.

By mandating automated detection and removal of unlawful content, the proposed rules shift the burden of appraising legality of content from the state to private entities. The rule may run afoul of the Supreme Court’s reasoning in Shreya Singhal v Union of India wherein it read down a similar provision because, among other reasons, it required an intermediary to “apply [...] its own mind to whether information should or should not be blocked”. “Actual knowledge” of illegal content, since then, has held to accrue to the intermediary only when it receives a court or government order.

Given the inconsistencies with legal precedence, the rules may not stand judicial scrutiny if notified in their current form.

The lack of technical considerations in the proposal is also apparent since implementing the proposal is infeasible for certain intermediaries. End-to-end encrypted messaging services cannot “identify” unlawful content since they cannot decrypt it. Internet service providers also qualify as safe harbours: how will they identify unlawful content when it passes encrypted through their network? Presumably, the government’s intention is not to disallow end-to-end encryption so that intermediaries can monitor content.

Intermediaries that can implement the rules, like social media platforms, will leave the task to algorithms that perform even specific tasks poorly. Just recently, Tumblr flagged its own examples of permitted nudity as pornography, and Youtube slapped a video of randomly-generated white noise with five copyright-infringement notices. Identifying more contextual expression, such as defamation or incitement to offences, is a much more complex problem. In the lack of accurate judgement, platforms will be happy to avoid liability by taking content down without verifying whether it violated law. Rule 3(9) also makes no distinction between large and small intermediaries, and has no requirement for an appeal system available to users whose content is taken down. Thus, the proposed rules set up an incentive structure entirely deleterious to the exercise of the right to freedom of expression. Given the wide amplitude and ambiguity of India’s restrictions on free speech, online platforms will end up removing swathes of content to avoid liability if the draft rules are notified.

The use of draconian laws to quell dissent plays a recurring role in the history of the Indian state. The draft rules follow India’s proclivity to join the ignominious company of authoritarian nations when it comes to disrespecting protections for freedom of expression. To add insult to injury, the draft rules are abstruse, ignore legal precedence, and betray a poor technological understanding. The government should reconsider the proposed regulation and the stance which inspired it, both of which are unsuited for a democratic republic.

For more details visit https://cis-india.org/internet-governance/blog/hindustan-times-gurshabad-grover-january-24-2019-india-should-reconsider-its-proposed-regulation-of-online-content

Response to TRAI Consultation Paper on Regulatory Framework for Over-The-Top (OTT) Communication Services

gurshabad — 2019-01-11T16:01:09Z

This submission presents a response to the Telecom Regulatory Authority of India’s Consultation Paper on Regulatory Framework for Over-The-Top (OTT) Communication Services.

Click here to view the submission (PDF).

This submission presents a response by Gurshabad Grover, Nikhil Srinath and Aayush Rathi (with inputs from Anubha Sinha and Sai Shakti) to the Telecom Regulatory Authority of India’s “Consultation Paper on Regulatory Framework for Over-The-Top (OTT) Communication Services (hereinafter “TRAI Consultation Paper”) released on November 12, 2018 for comments. CIS appreciates the continual efforts of Telecom Regulatory Authority of India (TRAI) to have consultations on the regulatory framework that should be applicable to OTT services and Telecom Service Providers (TSPs). CIS is grateful for the opportunity to put forth its views and comments.

Addendum: Please note that this document differs in certain sections from the submission emailed to TRAI: this document was updated on January 9, 2019 with design and editorial changes to enhance readability. The responses to Q5 and Q9 have been updated. This updated document was also sent to TRAI.

For more details visit https://cis-india.org/internet-governance/blog/response-to-trai-consultation-paper-on-regulatory-framework-for-over-the-top-ott-communication-services

Regulating the Internet

gurshabad — 2018-12-20T00:29:06Z

For more details visit https://cis-india.org/internet-governance/files/regulating-the-internet