Centre for Internet and Society

Accessing pirated content might lead to prison term & Rs 3-lakh fine

praskrishna — 2016-08-23T02:47:52Z

India puts onus of downloading and viewing pirated content on individuals.

The article by Alnoor Peermohammed was published in the Business Standard on August 22, 2016. Sunil Abraham was quoted.

The central government is putting the onus of downloading and viewing of copyrighted content from sites it has blocked (with the help of internet service providers) on users.

Visiting torrent (a particular type of files) websites while on Tata Communications’ network recently had users being shown a message that viewing or downloading content on those sites could land them in prison for up to three years and a fine of up to Rs 3 lakh.

“There is not enough room in our prisons to keep these infringers and enough time in our courts to try them. It might sound very exciting as a message to put out but, essentially, they’re trying to scare people into good behaviour,” said Sunil Abraham, executive director at research firm Centre for Internet and Society.

There has been no change to the Copyright Act of 1957 or the Information Technology Act of 2000 for the updated notice being shown to users upon visiting blocked sites. Under these provisions, visiting a site, which is blocked is not illegal, unless it is child pornography.

“Copyright infringement happens all the time and even in developed countries, the rates are very high. Crackdowns on individuals and consumers are never going to solve the problem,” added Abraham.

Experts say the most the government could do is prosecute a couple of people and make examples of them, to dissuade others. This practice is followed globally. There are no examples, though, in India of prosecution for copyright infringement of online content.

The recent alteration of the statement seen by users on Tata networks was done on the directives of the Bombay High Court, after the company appealed that showing individual messages for why each website was blocked was not feasible. The resulting message sparked media frenzy that visitors of blocked websites could now be imprisoned.

Other media reports revealed that the recent blocking of websites by internet service providers was prompted by court orders to prevent piracy of Dishoom, the Bollywood movie.

Globally, there’s been a move to clamp on torrent websites which host pirated content, aided by large information technology entities such as Apple or Facebook. Last month, the US authorities arrested Kickass Torrents’ founder, Arten Vaulin, and blocked all the domains of the website, only to have it resurface a day later.

For more details visit https://cis-india.org/internet-governance/news/business-standard-august-22-2016-accessing-pirated-content-might-lead-to-prison-term-and-rs-3-lakh-fine

A Review of the Functioning of the Cyber Appellate Tribunal and Adjudicatory Officers under the IT Act

divij — 2014-07-03T05:43:23Z

Tribunals and quasi-judicial bodies are a regular feature of the Indian judicial system, as they provide for easier and less onerous methods for dispute resolution, especially disputes which relate to technical areas and often require technical knowledge and familiarity with specialised factual scenarios.

Further, quasi-judicial bodies do not have the same procedural restrictions as proper courts, which makes the adjudication of disputes easier. The Information Technology Act of India, which regulates several important aspects of electronic information, including the regulation of private electronic transactions as well as detailing civil and criminal offences relating to computers and electronic information, contemplates a specialised dispute resolution mechanism for disputes relating to the offences detailed under the Act. The Act provides for the establishment of quasi-judicial bodies, namely adjudicating officers under S.46, to hear disputes arising out of Chapter IX of the Act, namely, offences of a civil nature under S.43, 43A, 44 and 45 of the Act, as well as criminal offences described under Chapter XI of the Act. The adjudicating officer has the power to both award compensation as damages in a civil remedy, as well as impose penalties for the contravention of the Act,[1] and therefore has powers of both civil and criminal courts. The first appellate body provided in the Act, i.e. the authority that any party not satisfied by the decision of the adjudicating officer can appeal to, is the Cyber Appellate Tribunal, consisting of a Chairperson and any other members so prescribed by the Central Government.[2] The second appeal, if a party is aggrieved by the decision of the Cyber Appellate Tribunal, may be filed before the High Court having jurisdiction, within 60 days from the date of communication of the order.[3]

Functioning of the Offices of the State Adjudicating Officers and the Cyber Appellate Tribunal

The office of the adjudicating officer is established under S.46 of the IT Act, which provides that the person appointed to such a post must be a government officer of a rank not below that of a Director or an equivalent rank, and must have experience both in the field of Information Technology as well as legal or judicial experience.[4] In most cases, the appointed adjudicating officer is the Principle Secretary to the Department of Information Technology in the state.[5] The decisions of these adjudicating officers determine the scope and meaning of several provisions of the IT Act, and are instrumental in the development of the law in this field and filling a lacuna regarding the interpretation of these important provisions, particularly in areas such as data protection and privacy.[6] However, despite the large number of cyber-crime cases being registered across the country,[7] there is a lack of available judgements on the adjudication of disputes under Sections 43, 43A, 44 and 45 of the Act. Of all the states, only the websites of the Departments of Information Technology in Maharashtra,[8], Tamil Nadu[9], New Delhi[10], and Haryana[11] have reported judgements or orders of the Adjudicating Officers. The adjudicating officer in Maharasthra, Rajesh Aggarwal, has done a particularly commendable job, having disposed of 51 cases under the IT Act, with 20 cases still pending.

The first Cyber Appellate Tribunal set up by the Central Government is located at New Delhi. Although a second branch of the Tribunal was to be set up in Bangalore, no efforts seem to have been made in this regard.[12] Further, the position of the Chairperson of the Appellate Tribunal, has been left vacant since 2011, after the appointed Chairperson attained the age of superannuation and retired. Although judicial and technical members have been appointed at various points, the tribunal cannot hold hearings without a chairperson. A total of 17 judgements have been passed by the Cyber Appellate Tribunal prior to the retirement of the chairperson, while the backlog of cases is continuously growing.[13] Despite a writ petition being filed before the Karnataka High Court and the secretary of the Department of IT coming on record to state that the Chairperson would be appointed within 6 months (of September 2013), no action seems to have been taken in this regard, and the lacunae in the judicial mechanism under the IT Act continues. The proper functioning of adjudicating officers and the Cyber Appellate Tribunal is particularly necessary for the functioning of a just judicial system in light of the provisions of the Act (namely, Section 61) which bar the jurisdiction of ordinary civil courts in claims below the amount of Rs. 5 Crores, where the adjudicating officer or the CAT is empowered.[14]

Analysis of Cases Filed under Section 43A

Section 43A of the Information Technology Act was inserted by the 2008 Amendment, and is the principle provision governing protection of information held by intermediaries under the Act. Section 43A provides that “body corporates” handling “sensitive personal data” must implement reasonable security practices for the protection of this information. If it is negligent in providing or maintaining such reasonable security practices, the body corporate is to be held liable and must pay compensation for the loss occurred.[15] Rule 3 of the Draft Reasonable Security Practices Rules, defines sensitive personal data as including – passwords, user details as provided at the time of registration or thereafter, information related to financial information such as Bank account/ credit card /debit card /other payment instrument details of the users, physiological and mental health conditions, medical records and history, biometric information, information received by body corporate for processing, stored or processed under lawful contract or otherwise and call data records.[16]

All the decisions of appointed adjudicators are available for an analysis of Section 43A are from the adjudicating officer in Maharashtra, Mr. Rajesh Tandon, who despite having no judicial experience, has very cogent analysis and knowledge of legal issues involved in the cases, which is commendable for a quasi-judicial officer.

One class of cases, constituting a major chunk of the claims, is where the complainant is claiming against a bank for the fraudulent transfer of funds from the claimants account to another account. In most of these cases, the adjudicating officer examined the compliance of the bank with “Know Your Customer” norms and guidelines framed by the Reserve Bank of India for prevention of banking fraud and, where such compliance was found to be lacking and information which allowed the bank accounts of the complainant was allowed to be accessed by fraudsters, the presumption is that the bank was negligent in the handling of “sensitive personal information”,[17] by failing to provide for reasonable security practices and consequently was liable for compensation under S.43A, notwithstanding that the complainant also contributed to compromising certain personal information by responding to phishing mails,[18] or divulging information to other third parties.[19] These instances clearly fall within the scope of Section 43A, which protects “information related to financial information such as Bank account/ credit card /debit card /other payment instrument details of the users” as sensitive personal data from negligent handling by body corporates. The decisions of the adjudicating officer must be applauded for placing a higher duty of care on banks to protect informational privacy of its customers, given that they are in a position where they ought to be well equipped to deal with intimate financial information and holding them accountable for lack of proper mechanisms to counter bank fraud using stolen information, which reflects in the compensation which the banks have been liable to pay, not only as indemnification for losses, but also punitive damages.[20]

In Nirmalkumar Bhagerwal v IDBI Bank and Meenal Bhagerwal, the sensitive financial information of the complainant, namely, the bank statement, had been accessed by the complainants wife. In holding the bank to be liable for divulging the same, and that access to personal information by a spouse is also covered under S.43A, the officer seems to have imputed the loss of privacy on account of such negligence as ‘wrongful loss’ which deserves compensation. One anomalous decision of the officer was where the operator of an ATM was held liable for fraudulent credit card transactions in that Machine, due to “reasonable security practices” such as security personnel or CCTV footage, and therefore causing the loss of “sensitive personal data”. However, it is difficult to see how ATM operators can be held liable for failing to protect sensitive information from being divulged, when the case is simply of a person fraudulently using a credit card.

Another class of cases, generally linked with the above cases, is complaints against cell phone providers for divulging information through falsely procured Sim Cards. In such instances, the officer has held that by negligently allowing the issuance of duplicate sim cards, the phone company has led to the access of sensitive personal data and thus caused wrongful loss to the complainant. This interpretation of Section 43A is somewhat confusing. The officer seems to have interpreted the provisions of Section 43A to include carriers of the information which was originally sent through the computer resource of the banking companies. In this way, they are imputed the status of “handlers” of sensitive personal information, and their communications infrastructure through which the information is sent is the “computer resource” which it operates for the purpose of the Act. Therefore, through their negligence, they are abetting the offence under 43A.[21]

For example, in the case of Sanjay Govind Dhandhe v ICICI and Vodafone, the officer remarked that –“A SIM card is a veritable key to person’s sensitive financial and personal information. Realizing this, there are clear guidelines issued by the DOT regarding the issuance of SIM cards. The IT Act also intends to ensure that electronic personal and sensitive data is kept secured and reasonable measures are used to maintain its confidentiality and integrity. It is extremely crucial that Telecom companies actively follow strict security procedures while issuing SIM cards, especially in wake of the fact that mobiles are being increasingly used to undertake financial transactions. In many a case brought before me, financial frauds have been committed by fraudsters using the registered mobile numbers of the banks’ account holders.” Therefore, intermediaries such as telecom companies, which peripherally handle the data, are also liable under the same standards for ensuring its privacy. The adjudicating officer has also held telephone companies liable for itemized phone bills as Call Data Records negligently divulged by them, which again clearly falls under the scope of the Reasonable Security Practices Rules.[22]

Note:

"Credentek v Insolutions (http://it.maharashtra.gov.in/Site/Upload/ACT/DIT_Adjudication_Credentek_Vs_Insolutions-28012014.pdf) . This case holds that banks and the National Payments Corporation of India were liable under S. 43A for divulging information relating to transactions by their customers to a software company which provides services to these banks using the data, without first making them sign non-disclosure agreements. The NCPI was fined a nominal amount of Rs. 10,000."

[1]. Section 46, Information Technology Act, 2000.

[2]. Section 48 and 49 of the Information Technology Act, 2000 (Amended as of 2008).

[3]. Section 62, IT Act. However, The High Court may extend this period if there was sufficient cause for the delay.

[4]. S. 46(3), Information Technology Act, “No person shall be appointed as an adjudicating officer unless he possesses such experience in the field of Information Technology and Legal or Judicial experience as may be prescribed by the Central Government.”

[5]. From whatever data is available, the adjudicating officers in the states of Maharashtra, New Delhi, Haryana, Tamil Nadu and Karnataka are all secretaries to the respective state departments relating to IT.

[6]. See http://cis-india.org/internet-governance/blog/analysis-of-cases-filed-under-sec-48-it-act-for-adjudication-maharashtra; Also see the decision of the Karnataka adjudicating officer which held that body corporates are not persons under S.43 of the IT Act, and thus cannot be liable for compensation or even criminal action for offences under that Section, available at http://www.naavi.org/cl_editorial_13/adjudication_gpl_mnv.pdf.

[7]. Maharashtra Leads in War Against Cyber Crime, The Times of India, available at http://timesofindia.indiatimes.com/city/mumbai/Maharashtra-leads-in-war-against-cyber-crime/articleshow/30579310.cms. (18^th February, 2014).

[8]. https://it.maharashtra.gov.in/1089/IT-Act-Judgements

[9]. http://www.tn.gov.in/documents/atoz/J

[10]. http://www.delhi.gov.in/wps/wcm/connect/DoIT_IT/doit_it/it+home/orders+of+adjudicating+officer

[11]. http://haryanait.gov.in/cyber.htm

[12]. Bangalore Likely to host southern chapter of Cyber Appellate Tribunal, The Hinduk http://www.thehindu.com/news/national/karnataka/bangalore-is-likely-to-host-southern-chapter-of-cyber-appellate-tribunal/article3381091.ece (2^nd May, 2013).

[13]. http://catindia.gov.in/Judgement.aspx

[14]. Section 61 of the IT Act – ‘No court shall have jurisdiction to entertain any suit or proceeding in respect of any matter which an adjudicating officer appointed under this Act or the Cyber Appellate Tribunal constituted under this Act is empowered by or under this Act to determine and no injunction shall be granted by any court or other authority in respect of any action taken or to be taken in pursuance of any power conferred by or under this Act. Provided that the court may exercise jurisdiction in cases where the claim for injury or damage suffered by any person exceeds the maximum amount which can be awarded under this Chapter.’

[15]. Section 43A, Information Technology Act, 2000 – ‘Compensation for failure to protect data (Inserted vide ITAA 2006) Where a body corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource which it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages by way of compensation, to the person so affected. (Change vide ITAA 2008)

Explanation: For the purposes of this section (i) "body corporate" means any company and includes a firm, sole proprietorship or other association of individuals engaged in commercial or professional activities (ii) "reasonable security practices and procedures" means security practices and procedures designed to protect such information from unauthorized access, damage, use, modification, disclosure or impairment, as may be specified in an agreement between the parties or as may be specified in any law for the time being in force and in the absence of such agreement or any law, such reasonable security practices and procedures, as may be prescribed by the Central Government in consultation with such professional bodies or associations as it may deem fit. (iii) "sensitive personal data or information" means such personal information as may be prescribed by the Central Government in consultation with such professional bodies or associations as it may deem fit.

[16]. Draft Reasonable Security Practices Rules under Section 43A of the IT Act, available at http://www.huntonfiles.com/files/webupload/PrivacyLaw_Reasonable_Security_Practices_Sensitive_Personal_Information.pdf.

[17]. Ravindra Gunale v Bank of Maharashtra, http://it.maharashtra.gov.in/Site/Upload/ACT/DIT_Adjudication_RavindraGunale_Vs_BoM&Vodafone_20022013.PDF. Ram Techno Pack v State Bank of India, http://it.maharashtra.gov.in/Site/Upload/ACT/DIT_Adjudication_RamTechno_Vs_SBI-22022013.pdf.

Srinivas Signs v IDBI, http://it.maharashtra.gov.in/Site/Upload/ACT/DIT_Adjudication_SreenivasSigns_Vs_IDBI-18022014.PDF.

Raju Dada Raut v ICICI Bank, http://it.maharashtra.gov.in/Site/Upload/ACT/DIT_Adjudication_RajuDadaRaut_Vs_ICICIBank-13022013.pdf

Pravin Parkhi v SBI Cards, http://it.maharashtra.gov.in/Site/Upload/ACT/DIT_Adjudication_PravinParkhi_Vs_SBICardsPayment-30122013.PDF.

[18]. Sourabh Jain v ICICI, http://it.maharashtra.gov.in/Site/Upload/ACT/DIT_Adjudication_SourabhJain_Vs_ICICI&Idea-22022013.PDF.

[19]. Poona Automobiles v Punjab National Bank, https://it.maharashtra.gov.in/Site/Upload/ACT/DIT_Adjudication_PoonaAuto_Vs_PNB-22022013.PDF

[20]. Amit Patwardhan v Bank of Baroda, http://it.maharashtra.gov.in/Site/Upload/ACT/DIT_Adjudicaton_AmitPatwardhan_Vs_BankOfBaroda-30122013.PDF.

[21]. Ravindra Gunale v Bank of Maharashtra, http://it.maharashtra.gov.in/Site/Upload/ACT/DIT_Adjudication_RavindraGunale_Vs_BoM&Vodafone_20022013; Raju Dada Raut v ICICI Bank, http://it.maharashtra.gov.in/Site/Upload/ACT/DIT_Adjudication_RajuDadaRaut_Vs_ICICIBank-13022013.pdf.

[22]. Rohit Maheshwari v Vodafone, http://it.maharashtra.gov.in/Site/Upload/ACT/DIT_Adjudication_RohitMaheshwari_Vs_Vodafone&ors-04022014.PDF.

For more details visit https://cis-india.org/internet-governance/blog/review-of-functioning-of-cyber-appellate-tribunal-and-adjudicatory-officers-under-it-act

66A DEAD. LONG LIVE 66A!

praskrishna — 2015-04-01T02:11:27Z

Last Tuesday, Twitter CEO Dick Costolo walked into Prime Minister Narendra Modi's office. India's most compulsive and most-followed tweeter, Modi, as Gujarat chief minister, had protested when the Manmohan Singh government blocked the micro-blogging site of a few journalists. Modi had blacked out his own Twitter profile and tweeted: “May God give good sense to everyone.”

The article by Soni Mishra was published in the Week on March 28, 2015. T. Vishnu Vardhan gave his inputs.

Today, with 11 million followers on Twitter, and 27.6 million likes on Facebook, Modi rules the virtual world and India. He received Costolo warmly and told him how Twitter could help his Clean India, girl child and yoga campaigns. Impressed, Costolo told Modi how Indian youth were innovating on Twitter.

But, the greatest and the most fundamental boost for all social media in India was being effected a few minutes drive away from the PMO. Ironically, in the Supreme Court of India, Modi's lawyers were defending a law made by the United Progressive Alliance government—section 66A of the Information Technology Act, which curbed free speech on social media.

Anything posted on the internet can go viral worldwide and reach millions in no time, argued Additional Solicitor General Tushar Mehta. While the traditional media is ruled by licences and checks, social media has nothing, he said. Finally, Mehta made an impassioned plea that the government meant well. Section 66A will be administered reasonably and will not be misused, he assured the court.

It seemed he, and the government, had forgotten an old saying: if there is a bad law, someone will use it. Luckily for India, and its liberal democracy, the judges saw a bad law and struck it down. “If section 66A is otherwise invalid, it cannot be saved by an assurance from the learned additional solicitor general,” said the bench comprising Justice Rohinton Nariman and Justice J. Chelameswar.

The fact is that 66A was knee-jerk legislation. Almost as thoughtless and compulsive as a netizen's derisive tweet. On December 22, 2008, the penultimate day of the winter session, the UPA government had got seven bills passed in seven minutes in the Lok Sabha; the opposition BJP had played along.

One of the bills was to amend the IT Act. It went to the Rajya Sabha the next day, when members were hurrying to catch their trains and flights home for the year-end vacation. They just okayed the bill and hurried home.

The argument then was that there was no need to discuss the bill as it had been examined by a standing committee of Parliament. Indeed, it had been. But, the committee, headed by Nikhil Kumar of the Congress, had met only for 23 hours and five minutes. Nine of its 31 members had not attended a single meeting. Ravi Shankar Prasad, the current Union minister for IT, was one among the 31.

Apparently, everyone wanted the bill, so did not bother to apply their minds. Only a CPI(M) member, A. Vijayaraghavan, had a few dissenting suggestions to the committee report. No one else bothered to mull over a law that was “unconstitutional, vague” and which would have a “chilling effect” on free speech.

Once the law was made, it was constable raj across India. Shaheen Dhada from Palghar simply commented on Facebook about a Shiv Sena bandh on the death of Bal Thackeray. Her friend Rinu Srinivasan liked it. The two teenagers were bundled into a police station. Rinu still remembers with a chill how “a mob of about 200 people gathered outside the police station that day.” This was when the Congress was ruling Maharashtra.

Jadavpur University professor Ambikesh Mahapatra was picked up by the police in Trinamool Congress-ruled West Bengal in April 2012, for posting a cartoon ridiculing Chief Minister Mamata Banerjee. “I was thrashed several times in police custody,” said the professor, who got relief from the West Bengal Human Rights Commission.

Vickey Khan, 22, was arrested in Rampur, UP, for a Facebook post on Samajwadi Party leader Azam Khan. Rampur is, of course, Khan's pocket borough. The Uttar Pradesh Police, controlled by the Samajwadi Party government, also arrested dalit writer Kanwal Bharti from Rampur for criticising the UP government's suspension of IAS officer Durga Shakti Nagpal in 2013.

At least 30 people in AIADMK-ruled Chennai have been booked under 66A; four of them this year. Ravi Srinivasan, general secretary of the Aam Aadmi Party in Puducherry, was picked up in October 2012 for his tweets on Karti Chidambaram, son of then Union home minister P. Chidambaram. “He was not even in India when I tweeted,” said Ravi. “He sent the complaint by fax from abroad and everything happened [fast] as Puducherry is a Union Territory and can be controlled by the home ministry.”

Whistleblower A. Shankar of Chennai was pulled up by the Madras High Court for the content on his blog, Savukku. The Orissa Police, controlled by the Biju Janata Dal (BJD) government, took Facebook to court in 2011 asking who created a Facebook page in the name of Chief Minister Naveen Patnaik. It is another thing that the page had no content.

Indeed, there had been stray political voices opposing the law. In Parliament, the CPI(M)'s P. Rajeeve, the BJD's Jay Panda and independent MP Rajeev Chandrasekhar pushed several times for scrapping 66A. Panda moved a private members bill, and Rajeeve moved a resolution. “I only wish we in Parliament had heeded the people's voice and repealed it, instead of yet again letting the judiciary do our work for us,” Panda said after the law was scrapped.

Finally, it was left to a young law student, Shreya Singhal, to move the Supreme Court on behalf of the Palghar girls. Singhal pointed out that several provisions in 66A violated fundamental rights guaranteed by article 19(1)(a)—the right to freedom of speech and expression. Several more cases followed and, finally, the court heard them together.

Indeed, Justices Nariman and Chelameswar have been extremely restrained in their comments. But, the fact that Parliament had not applied its mind comes through in the judgment.

The court “had raised serious concerns with the manner in which section 66A of the IT Act has been drafted and implemented across the country,” pointed out Supreme Court lawyer Shivshankar Panicker. Added Kiran Shanmugam, a cyber forensic expert and CEO of ECD Global Bengaluru: “The law lacked foresight in estimating the magnitude of the way the electronic media would grow.”

Apparently the government, too, knew it was defending the indefensible, and tried to win the case highlighting the benign nature of the democratic state. But, the court was not impressed. “Governments may come and governments may go, but section 66A goes on forever,” the judges noted. “An assurance from the present government, even if carried out faithfully, would not bind any successor government.”

Clearly, Mehta was defending the indefensible, a law that, the court found, would have a “chilling effect on free speech”. Moreover, as the judges found out, the new law did not provide even the safeguards that the older Criminal Procedure Code had provided. “Safeguards that are to be found in sections 95 and 96 of the CrPC are also absent when it comes to section 66A,” the judges said. For example, according to the CrPC, a book or document that contained objectionable matter could be seized by the police, but it also allowed the publisher to move court. The new law did not provide even such a cushion.

All the same, the court was careful and did not overturn the entire law. It scrapped section 66A, and section 118(D) of the Kerala Police Act, but upheld section 69A and section 79 of the IT Act, which too had been questioned by the litigants (see box on page 45).

The judgment has set the cyberworld rocking. “I am so happy now, I do not know how to express it,” said Rinu, now an audio-engineering student in Kerala. Shaheen is married and lives in Bengaluru. Vickey Khan is relieved. “Some people had told me that I could be jailed for three years,” he said. But, Azam Khan took it out on the media and said it “favours criminals”.

Karti, who claims to be a votary of free speech, however, wants “some protection” against defamation. “I filed a complaint in an existing provision of law,” he said. “If that provision is not available, then I will have to seek other provisions to safeguard my reputation.”

Mahapatra is still apprehensive. “The government will still try to harass me,” he said. “But I know that in the end I will win.” Shankar of Chennai called it “a huge relief for people like me, who are active on social media.” Ravi Srinivasan, who locked horns with Karti, said he felt “relieved and happy”.

The hard rap on the knuckles for their legislative laxity has sobered the political class. The Congress, the progenitor of 66A, admitted that the vagueness of the law was its undoing. “If in a particular area, the local constabulary took action to stifle dissent, it was never the purpose of the act,” said Congress spokesperson Abhishek Manu Singhvi. The Modi government officially welcomed the judgment, and its spokespersons are blaming the UPA for the law.

Apparently, the scrapped law was made after a series of grossly offensive posts appeared on the social media five years ago. “If such content is not blocked online, it would immediately lead to riots,” said a law ministry official, who said the posts had been shown to the court, too. He said the government would take some time to draft a new law.

But, is a new law required? Opinion is still divided. What if someone is defamed on the net? “There are defamation laws which can deal with these,” said T. Vishnuvardhan, programme director, Centre for Internet and Society, Bengaluru. “Also, the IT Act has various provisions. If somebody misuses your picture on social media, you can report it to the website immediately. The website is liable to take action on it within 36 hours.”

Smarika Kumar of Bengaluru-based Alternative Law Forum said the scrapping of 66A does not mean one can post anything online. “The Supreme Court has said that speech can be censored when it falls under the restrictions provided under article 19(2) of the Constitution,” she said. “But, if you prevent speech on any other ground, it is going to be unconstitutional.”

But, even critics of 66A think a replacement law is needed. Said Rajeev Chandrasekhar: “The government needs to act quickly and create a much more contemporaneous Act, via multi-stakeholder consultations, general consensus and collaboration, so that there is less ambiguity and freedom of expression is preserved.”

Senior Supreme Court advocate Pravin H. Parekh said, “As the cyberworld is growing day by day and there is increase in the number of social media users, we do require a proper mechanism which can regulate the expression of views on the internet.”

The government is putting forth the argument of national security. “If the security establishment says the present act is not sufficient, we will look into it. The government will consider it, but only with adequate safeguards,” said Ravi Shankar Prasad.

That will call for a legislative process undertaken in a cool and calm house, and not hurried through when the members are ready to hurry home.

Sound judgment

Thumbs down
The Supreme Court set aside section 66A of the IT act, which says any person who sends offensive, menacing or false information to cause annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred or ill will, or uses email to trouble its recipient or deceive him/her about the origin of such messages, can be punished with a jail term up to three years and a fine.

The court also struck down section 118(d) of the Kerala Police Act, which says any person who makes indecent comments by calls, mails, messages or any such means causing grave violation of public order or danger can be punished with imprisonment up to three years or a fine not exceeding Rs10,000, or both.

Thumbs up
The Supreme Court upheld section 69A of the IT act, which allows the government to block the public's access to information in national interest and penalise intermediaries [telecom or internet service providers and web hosting services] who fail to comply with the government's directives.

Section 79 of the IT Act, which deals with intermediaries' exemption from liability in certain cases, too, was upheld.

With R. Prasanan, Mini P. Thoma, Ajay Uprety, Lakshmi Subramanian, Rabi Banerjee and Sharmista Chaudhury

For more details visit https://cis-india.org/internet-governance/news/the-week-march-28-2015-soni-mishra-66a-dead-long-live-66a

66A ‘cut & paste job’

praskrishna — 2012-12-11T05:43:50Z

The controversial Section 66A of the Information Technology Act has borrowed words out of context from British and American laws, according to lawyers here who are calling it a “poor cut-and-paste job”.

GS Mudur's article was published in the Telegraph on December 3, 2012. Pranesh Prakash and Snehashish Ghosh are quoted.

Section 66A, passed by Parliament in December 2008, draws on laws passed in the UK in 1988 and 2003 and the US in 1996. But some lawyers say that, unlike 66A, those foreign laws impose only reasonable restrictions on freedom of speech.

"The text of 66A seems to be the result of a cut-and-paste job done without applying the mind," said Snehashish Ghosh, a lawyer with the Centre for Internet and Society (CIS), a non-government organisation in Bangalore.

Some of the language in Section 66A is taken from Britain’s Malicious Communications Act (MCA) of 1988, which begins with the words: "Any person who sends to another person...."

This provision in MCA 1988, Ghosh said, is intended to curb malicious messages from one person to another. "It does not cover a post on a social website or an electronic communication broadcast to the world."

Section 66A has also borrowed words from Britain’s Communications Act of 2003 which, Ghosh said, is intended to prevent abuse of public communication services and does not directly deal with messages sent by individuals.

Government officials have said that 66A has also plucked language from the US Telecommunications Act of 1996.

This was a landmark legislation that overhauled America’s telecommunication law by taking into account the emergence of the Internet and changing communications technologies. Among other things, it made illegal the transmission of obscene or indecent material to minors via computers.

"Section 66A in its current form fails to define a specific category (context) as defined in the laws from where it has borrowed words," Ghosh said. "This is what has led to its inconsistent and arbitrary applications."

Ghosh and his colleagues say that 66A, through an "absurd" combination of borrowed and ambiguous language, curbs freedom of expression and threatens people with three years’ imprisonment for certain offences that would otherwise, under existing Indian Penal Code (IPC) provisions, draw a fine of only Rs 200.

Section 66A(b), for example, clubs together the offences of persistently repeated communications that might lead to "annoyance", "inconvenience", "danger", "insult", "injury", "criminal intimidation", "enmity", "hatred", and "ill-will".

This is "astounding and unparalleled", said Pranesh Prakash, policy director at the CIS, who has posted an analysis of Section 66A on the NGO’s institutional blog.

"We do not have such a provision anywhere but in India’s information technology law."

This is “akin to... providing equal punishment for calling someone a moron (insult) and threatening to kill someone (criminal intimidation),” Prakash wrote in the blog, where he has listed existing IPC provisions that can deal with the offences that 66A seeks to cover.

Lawyers have also questioned 66A’s effect of criminalising what the existing IPC would label as civil offences. For example, Prakash said, while the punishment under IPC for criminal nuisance is Rs 200, the penalty imposed by 66A is jail for up to three years.

Several sections in the IPC, they said, can effectively address offences that 66A attempts to address exclusively for electronic communications. For example, the IPC has sections for defamation (499 and 500), outraging religious sentiments (295) and obscenity (292).

"We do not require extraordinary laws when existing laws suffice," Ghosh said.

For more details visit https://cis-india.org/news/telegraphindia-december-3-2012-gs-mudur-66a-cut-and-paste-job

"All Indian Enterprises should Be Very Worried": Centre for Internet and Society

praskrishna — 2013-02-28T09:21:32Z

This blog post by Shubhra Rishi was published in Computer World on February 25, 2013. Pranesh Prakash is quoted.

The chairman of the Indian Institute of Planning and Management (IIPM) is having a Barbara Streisand moment.

The American entertainer Barbra Streisand, in 2003, attempted to suppress photographs of her residence, involuntarily and indirectly fuelling further publicity. Arindam Chaudhuri’s order from a Gwalior Court has unfortunately resulted in more or less the same.

The DoT’s CERT team has successfully censored more than 70 URLs that didn’t particularly contain praises of IIPM. Amusingly, a URL containing a public notice issued by the University Grants Commission (UGC) in July 2012 was also blocked. The UGC notice said that IIPM cannot be recognized as a university according to the provisions of a particular section.

So while this issue has managed to hold our attention, it has also fervently highlighted the misappropriation of section 69 of India’s Information Technology (IT) Act 2000. According to this act, if the Director of Controller is satisfied that it is necessary or expedient so, he/she may order or direct any agency of the Government to intercept any information transmitted through any computer resource.

In short, intercepting or blocking is counter-productive in today’s scenario and is often seen as a direct infringement of people’s online freedom. “The Constitution of India does not put so many restrictions on the freedom of speech and expression that IT Act puts under a particular section,” says cyber law expert, Pavan Duggal.

Legal experts are also of the opinion that several provisions of the IT Act are unconstitutional. “It does not have built-in safeguards, especially transparency-related ones, around surveillance and censorship. Censorship in India, especially under the IT (Intermediary Guidelines) Rules 2011, is completely opaque and results in invisible censorship, meaning that we don't even get to find out that censorship has happened and thus cannot challenge it,” says Pranesh Prakash, policy director, Centre for Internet and Society.

In the past, independent activists such as Binayak Sen, Assem Trivedi, and Arundhati Roy, or even commoners such as Shaheen Dhadha have come under fire of the said Act.

Frankly, if this loophole in the IT Act is not addressed, even Indian corporations could face a similar problem.

“I believe all intermediaries (websites that host user content, and networks that carry user traffic among others) are threatened now. Their executives can be dragged to court without any protection; thanks to the broad wording of the IT (Intermediary Guidelines) Rules 2011, despite the IT Act itself granting them some protections. This is dangerous, and all Indian enterprises should be very worried,” says Prakash.

CorporateIndiawill have to tighten its belts. Despite the fact that the entire IT Act needs to be overhauled and employees need to be sensitized, currently, the first thing that corporate India needs to do is ensure that its operations in electronic format comply with the IT Act and its rules. “There's a lack of awareness about compliances in the corporate sector. Any kind of “jugaad” may not help a company get out of a potential exposure under the IT Act. An effective implementation of these compliances will relieve companies of the IT Act’s potential liabilities, both civil and criminal,” advises Duggal.

So the Streisand effect in the IIPM case will slowly wear off, but the potential threat of the IT Act will continue to haunt enterprises.

For more details visit https://cis-india.org/news/computer-world-india-feature-shubra-rishi-feb-25-2013-all-indian-enterprises-should-be-very-worried