Centre for Internet and Society

Breaking Down Section 66A of the IT Act

pranesh — 2012-12-14T09:51:17Z

Section 66A of the Information Technology Act, which prescribes 'punishment for sending offensive messages through communication service, etc.' is widely held by lawyers and legal academics to be unconstitutional. In this post Pranesh Prakash explores why that section is unconstitutional, how it came to be, the state of the law elsewhere, and how we can move forward.

Back in February 2009 (after the IT Amendment Act, 2008 was hurriedly passed on December 22, 2008 by the Lok Sabha, and a day after by the Rajya Sabha[1] but before it was notified on October 27, 2009) I had written that s.66A is "patently in violation of Art. 19(1)(a) of the Constitution of India":

Section 66A which punishes persons for sending offensive messages is overly broad, and is patently in violation of Art. 19(1)(a) of our Constitution. The fact that some information is "grossly offensive" (s.66A(a)) or that it causes "annoyance" or "inconvenience" while being known to be false (s.66A(c)) cannot be a reason for curbing the freedom of speech unless it is directly related to decency or morality, public order, or defamation (or any of the four other grounds listed in Art. 19(2)). It must be stated here that many argue that John Stuart Mill's harm principle provides a better framework for freedom of expression than Joel Feinberg's offence principle. The latter part of s.66A(c), which talks of deception, is sufficient to combat spam and phishing, and hence the first half, talking of annoyance or inconvenience is not required. Additionally, it would be beneficial if an explanation could be added to s.66A(c) to make clear what "origin" means in that section. Because depending on the construction of that word s.66A(c) can, for instance, unintentionally prevent organisations from using proxy servers, and may prevent a person from using a sender envelope different from the "from" address in an e-mail (a feature that many e-mail providers like Gmail implement to allow people to send mails from their work account while being logged in to their personal account). Furthermore, it may also prevent remailers, tunnelling, and other forms of ensuring anonymity online. This doesn't seem to be what is intended by the legislature, but the section might end up having that effect. This should hence be clarified.

I stand by that analysis. But given that it is quite sparse, in this post I will examine s.66A in detail.

Here's what s. 66A of the IT (Amendment) Act, 2008 states:

66A. Punishment for sending offensive messages through communication service, etc.,
Any person who sends, by means of a computer resource or a communication device,—
(a) any information that is grossly offensive or has menacing character;
(b) any information which he knows to be false, but for the purpose of causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred, or ill will, persistently by making use of such computer resource or a communication device,
(c) any electronic mail or electronic mail message for the purpose of causing annoyance or inconvenience or to deceive or to mislead the addressee or recipient about the origin of such messages

shall be punishable with imprisonment for a term which may extend to three years and with fine.

Explanation: For the purposes of this section, terms "electronic mail" and "electronic mail message" means a message or information created or transmitted or received on a computer, computer system, computer resource or communication device including attachments in text, images, audio, video and any other electronic record, which may be transmitted with the message.[2]

A large part of s.66A can be traced back to s.10(2) of the UK's Post Office (Amendment) Act, 1935:

If any person —
(a) sends any message by telephone which is grossly offensive or of an indecent, obscene, or menacing character; or
(b) sends any message by telephone, or any telegram, which he knows to be false, for the purpose of causing annoyance, inconvenience, or needless anxiety to any other person; or
(c) persistently makes telephone calls without reasonable cause and for any such purposes as aforesaid;
he shall be liable upon summary conviction to a fine not exceeding ten pounds, or to imprisonment for a term not exceeding one month, or to both such fine and imprisonment.

Section 66A bears a striking resemblance to the three parts of this law from 1935, with clauses (b) and (c) being merged in the Indian law into a single clause (b) of s.66A, with a whole bunch of new "purposes" added. Interestingly, the Indian Post Office Act, 1898, was never amended to add this provision.

The differences between the two are worth exploring.

Term of Punishment

The first major difference is that the maximum term of imprisonment in the 1935 Act is only one month, compared to three years in s.66A of the IT Act. It seems the Indian government decided to subject the prison term to hyper-inflation to cover for the time. If this had happened for the punishment for, say, criminal defamation, then that would have a jail term of up to 72 years! The current equivalent laws in the UK are the Communications Act, 2003 (s. 127) and the Malicious Communications Act 1988 (s.1) for both of which the penalty is up to 6 months' imprisonment or to a maximum fine of £5000 or both. What's surprising is that in the Information Technology (Amendment) Bill of 2006, the penalty for section 66A was up to 2 years, and it was changed on December 16, 2008 through an amendment moved by Mr. A. Raja (the erstwhile Minister of Communications and IT) to 3 years. Given that parts of s.66A(c) resemble nuisance, it is instructive to note the term of punishment in the Indian Penal Code (IPC) for criminal nuisance: a fine of Rs. 200 with no prison term.

"Sending" vs. "Publishing"

J. Sai Deepak, a lawyer, has made an interesting point that the IT Act uses "send" as part of its wording, and not "publish". Given that, only messages specifically directed at another would be included. While this is an interesting proposition, it cannot be accepted because: (1) even blog posts are "sent", albeit to the blog servers — s.66A doesn't say who it has to be sent to; (2) in the UK the Communications Act 2003 uses similar language and that, unlike the Malicious Communication Act 1988 which says "sends to another person", has been applied to public posts to Twitter, etc.; (3) The explanation to s.66A(c) explicitly uses the word "transmitted", which is far broader than "send", and it would be difficult to reconcile them unless "send" can encompass sending to the publishing intermediary like Twitter.

Part of the narrowing down of s.66A should definitely focus on making it applicable only to directed communication (as is the case with telephones, and with the UK's Malicious Communication Act), and not be applicable to publishing.

Section 66A(c)

Section 66A(c) was also inserted through an amendment moved by Mr. Raja on December 16, 2008, which was passed by the Lok Sabha on December 22, 2008, and a day after by the Rajya Sabha. (The version introduced in Parliament in 2006 had only 66A(a) and (b).) This was done in response to the observation by the Standing Committee on Information Technology that there was no provision for spam. Hence it is clear that this is meant as an anti-spam provision. However, the careless phrasing makes it anything but an anti-spam provision. If instead of "for the purpose of causing annoyance or inconvenience or to deceive or to mislead the addressee or recipient about the origin of such messages" it was "for the purpose of causing annoyance and inconvenience and to deceive and to mislead the addressee or recipient about the origin of such messages", it would have been slightly closer to an anti-spam provision, but even then doesn't have the two core characteristics of spam: that it be unsolicited and that it be sent in bulk. (Whether only commercial messages should be regarded as spam is an open question.) That it arise from a duplicitous origin is not a requirement of spam (and in the UK, for instance, that is only an aggravating factor for what is already a fine-able activity).

Curiously, the definitional problems do not stop there, but extend to the definitions of "electronic mail" and "electronic mail message" in the 'explanation' as well. Those are so vast that more or less anything communicated electronically is counted as an e-mail, including forms of communication that aren't aimed at particular recipients the way e-mail is.

Hence, the anti-spam provision does not cover spam, but covers everything else. This provision is certainly unconstitutional.

Section 66A(b)

Section 66A(b) has three main elements: (1) that the communication be known to be false; (2) that it be for the purpose of causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred or ill will; (3) that it be communicated persistently. The main problem here is, of course, (2). "Annoyance" and "inconvenience", "insult", "ill will" and "hatred" are very different from "injury", "danger", and "criminal intimidation". That a lawmaker could feel that punishment for purposes this disparate belonged together in a single clause is quite astounding and without parallel (except in the rest of the IT Act). That's akin to having a single provision providing equal punishment for calling someone a moron ("insult") and threatening to kill someone ("criminal intimidation"). While persistent false communications for the purpose of annoying, insulting, inconveniencing, or causing ill will should not be criminalised (if need be, having it as a civil offence would more than suffice), doing so for the purpose of causing danger or criminal intimidation should. However, the question arises whether you need a separate provision in the IT Act for that. Criminal intimidation is already covered by ss. 503 and 506 of the IPC. Similarly, different kinds of causing danger are taken care of in ss.188, 268, 283, 285, 289, and other provisions. Similarly with the other "purposes" listed there, if, for instance, a provision is needed to penalise hoax bomb threats, then the provision clearly should not be mentioning words like "annoyance", and should not be made "persistent". (At any rate, s. 505(1) of the IPC suffices for hoax bomb threats, so you don't need a separate provision in the IT Act).

I would argue that in its current form this provision is unconstitutional, since there is no countervailing interest in criminalising false and persistent "insults", etc., that will allow those parts of this provision to survive the test of 'reasonableness' under Art.19(2). Furthermore, even bits that survive are largely redundant. While this unconstitutionality could be cured by better, narrower wording, even then one would need to ensure that there is no redundancy due to other provisions in other laws.

Section 66A(a)

In s.66A(a), the question immediately arises whether the information that is "grossly offensive" or "menacing" need to be addressed at someone specific and be seen as "grossly offensive" or "menacing" by that person, or be seen by a 'reasonable man' test.

Additionally, the term "grossly offensive" will have to be read in such a heightened manner as to not include merely causing offence. The one other place where this phrase is used in Indian law is in s.20(b) of the Indian Post Office Act (prohibiting the sending by post of materials of an indecent, obscene, seditious, scurrilous, threatening, or grossly offensive character). The big difference between s.20(b) of the IPO Act and s.66A of the IT Act is that the former is clearly restricted to one-to-one communication (the way the UK's Malicious Communication Act 1988 is). Reducing the scope of s.66A to direct communications would make it less prone to challenge.

Additionally, in order to ensure constitutionality, courts will have to ensure that "grossly offensive" does not simply end up meaning "offensive", and that the maximum punishment is not disproportionately high as it currently is. Even laws specifically aimed at online bullying, such as the UK's Protection from Harassment Act 1997, can have unintended effects. As George Monbiot notes, the "first three people to be prosecuted under [the Protection from Harassment Act] were all peaceful protesters".

Constitutional Arguments in Importing Laws from the UK

The plain fact is that the Indian Constitution is stronger on free speech grounds than the (unwritten) UK Constitution, and the judiciary has wide powers of judicial review of statutes (i.e., the ability of a court to strike down a law passed by Parliament as 'unconstitutional'). Judicial review of statutes does not exist in the UK (with review under its EU obligations being the exception) as they believe that Parliament is supreme, unlike India. Putting those two aspects together, a law that is valid in the UK might well be unconstitutional in India for failing to fall within the eight octagonal walls of the reasonable restrictions allowed under Art.19(2). That raises the question of how they deal with such broad wording in the UK.

Genealogy of UK Law on Sending 'Indecent', 'Menacing', 'Grossly Offensive' Messages

Quoting from the case of DPP v. Collins [2006] UKHL 40 [6]:

The genealogy of [s. 127(1) of the Communication Act] may be traced back to s.10(2)(a) of the Post Office (Amendment) Act, 1935, which made it an offence to send any message by telephone which is grossly offensive or of an indecent, obscene or menacing character. That subsection was reproduced with no change save of punctuation in s.66(a) of the Post Office Act 1953. It was again reproduced in s.78 of the Post Office Act 1969, save that "by means of a public telecommunication service" was substituted for "by telephone" and "any message" was changed to "a message or other matter". Section 78 was elaborated but substantially repeated in s.49(1)(a) of the British Telecommunications Act 1981 and was re-enacted (save for the substitution of "system" for "service") in s.43(1)(a) of the Telecommunications Act 1984. Section 43(1)(a) was in the same terms as s.127(1)(a) of the 2003 Act, save that it referred to "a public telecommunication system" and not (as in s.127(1)(a)) to a "public electronic communications network". Sections 11(1)(b) of the Post Office Act 1953 and 85(3) of the Postal Services Act 2000 made it an offence to send certain proscribed articles by post.

While the above quotation talks about s.127(1) it is equally true about s.127(2) as well. In addition to that, in 1988, the Malicious Communications Act (s.1) was passed to prohibit one-to-one harassment along similar lines.

The UK's Post Office Act was eclipsed by the Telecommunications Act in 1984, which in turn was replaced in 2003 by the Communications Act. (By contrast, we still stick on to the colonial Indian Post Office Act, 1898.) Provisions from the 1935 Post Office Act were carried forward into the Telecommunications Act (s.43 on the "improper use of public telecommunication system"), and subsequently into s.127 of the Communications Act ("improper use of public electronic communications network"). Section 127 of the Communications Act states:

127. Improper use of public electronic communications network
(1) A person is guilty of an offence if he —
(a) sends by means of a public electronic communications network a message or other matter that is grossly offensive or of an indecent, obscene or menacing character; or
(b) causes any such message or matter to be so sent.
(2) A person is guilty of an offence if, for the purpose of causing annoyance, inconvenience or needless anxiety to another, he —
(a) sends by means of a public electronic communications network, a message that he knows to be false,
(b) causes such a message to be sent; or
(c) persistently makes use of a public electronic communications network.
(3) A person guilty of an offence under this section shall be liable, on summary conviction, to imprisonment for a term not exceeding six months or to a fine not exceeding level 5 on the standard scale, or to both.
(4) Subsections (1) and (2) do not apply to anything done in the course of providing a programme service (within the meaning of the Broadcasting Act 1990 (c. 42)).

Currently in the UK there are calls for repeal of s.127. In a separate blog post I will look at how the UK courts have 'read down' the provisions of s.127 and other similar laws in order to be compliant with the European Convention on Human Rights.

Comparison between S. 66A and Other Statutes

Section 144, IPC, 1860

Power to issue order in urgent cases of nuisance or apprehended danger

...obstruction, annoyance or injury to any person lawfully employed, or danger to human life, health or safety, or a disturbance of the public tranquillity

Babulal Parate v. State of Maharastra and Ors. [1961 AIR SC 884] (Magistrates order under s. 144 of the Cr. PC, 1973 was in violation of Art.19(1)(a) of the Constitution).

A special thanks is due to Snehashish Ghosh for compiling the below table.

Section	Term(s)/phrase(s) used in 66A	Term(s)/ phrase(s) used in similar sections
Section 66A (heading)	Punishment for sending offensive messages through communication service, etc	Section 127, CA, 2003, "Improper use of public electronic communications network"
Section 66A(a)	Any person who sends, by means of a computer resource or a communication device	Section 1(1), MCA 1988, "Any person who sends to another person..."
Section 66A(a)	Grossly offensive	Section 1(1)(a)(i), MCA 1988; Section 127(1)(a),CA, 2003; Section 10(2)(a), Post Office (Amendment) Act, 1935; Section 43(1)(a), Telecommunications Act 1984; Section 20, India Post Act 1898
Section 66A(a)	Menacing character	Section127(1)(a),CA, 2003
Section 66A(b)	Any information which he knows to be false	Section 1(1)(a)(iii), MCA 1988 "information which is false and known or believed to be false by the sender"; Section 127(2)(a), CA, 2003, "a message that he knows to be false"
Section 66A(b) “purpose of...”	Causing annoyance	Section127(2), CA, 2003
	Inconvenience	Section 127 (2), CA, 2003
	Danger
	Insult	Section 504, IPC, 1860
	Injury	Section 44 IPC, 1860, "The word 'injury' denotes any harm whatever illegally caused to any person, in body, mind, reputation or property."
	Criminal intimidation	Sections 503 and 505 (2), IPC, 1860
	Enmity, hatred or ill-will	Section 153A(1)(a), IPC, 1860
	Persistently by making use of such computer resource or a communication device	Section 127(2)(c), CA, 2003, "persistently makes use of a public electronic communications network."
Section 66A(c)	Deceive or to mislead	-

Notes
MCA 1988: Malicious Communications Act (s.1)
CA: Communications Act 2003 (s.127)
*Replaced by Communications Act 2003

[1]. The Information Technology (Amendment) Bill, 2008, was one amongst the eight bills that were passed in fifteen minutes on December 16, 2008.
[2]. Inserted vide Information Technology Amendment Act, 2008.

This was re-posted in Outlook (November 28, 2012)

For more details visit https://cis-india.org/internet-governance/blog/breaking-down-section-66-a-of-the-it-act

Section 66-A, Information Technology Act, 2000: Cases

snehashish — 2012-12-06T09:20:51Z

In this blog post Snehashish Ghosh summarizes the facts of a few cases where Section 66-A, Information Technology Act, 2000, has been mentioned or discussed.

There has been numerous instances application of the Section 66-A, Information Technology Act, 2000 (“ITA”) in the lower courts. Currently, there are six High Court decisions, in which the section has been mentioned or discussed. In this blog post, I will be summarizing facts of a few cases insofar as they can be gathered from the orders of the Court and are pertinent to the application of 66-A, ITA.

Sajeesh Krishnan v. State of Kerala (Kerala High Court, Decided on June 5, 2012)

Petition before High Court for release of passport seized by investigating agency during arrest

In the case of Sajeesh Krishnan v. State of Kerala (Decided on June 5, 2012), a petition was filed before the Kerala High Court for release of passport seized at the time of arrest from the custody of the investigating agency. The Court accordingly passed an order for release of the passport of the petitioner.

The Court, while deciding the case, briefly mentioned the facts of the case which were relevant to the petition. It stated that the “gist of the accusation is that the accused pursuant to a criminal conspiracy hatched by them made attempts to extort money by black mailing a Minister of the State and for that purpose they have forged some CD as if it contained statements purported to have been made by the Minister.” The Court also noted the provisions under which the accused was charged. They are Sections 66-A(b) and 66D of the Information Technology Act, 2000 along with a host of sections under the Indian Penal Code, 1860 (120B – Criminal Conspiracy, 419 – Cheating by personation, 511- Punishment for attempting to commit offences punishable with imprisonment for life or other imprisonment, 420 – Cheating and dishonestly inducing delivery of property, 468 – Forgery for purpose of cheating, 469 – Forgery for purpose of harming and 201 – Causing disappearance of evidence of offence, or giving false information to screen offender read with 34 of Indian Penal Code, 1860)

Nikhil Chacko Sam v. State of Kerala (Kerala High Court, Decided on July 9, 2012)

Order of the Kerala High Court on issuing of the summons to the petitioner

In another case, the Kerala High Court while passing an order with respect to summons issued to the accused, also mentioned the charge sheet laid by the police against the accused in its order. The accused was charged under section 66-A, ITA. The brief facts which can be extracted from the order of the Court read: “that the complainant and the accused (petitioner) were together at Chennai. It is stated that on 04.09.2009, the petitioner has transmitted photos of the de facto complainant and another person depicting them in bad light through internet and thus the petitioner has committed the offence as mentioned above.”

J.R. Gangwani and Another v. State of Haryana and Others (Punjab and Haryana High Court, Decided on October 15, 2012)

Petition for quashing of criminal proceedings under section 482 of the Criminal Procedure Code, 1973

In the Punjab and Haryana High Court, an application for quashing of criminal proceeding draws attention to a complaint which was filed under Section 66-A(c). This complaint was filed under Section 66-A(c) on the ground of sending e-mails under assumed e-mail addresses to customers of the Company which contained material which maligned the name of the Company which was to be sold as per the orders of the Company Law Board. The Complainant in the case received the e-mails which were redirected from the customers. According to the accused and the petitioner in the current hearing, the e-mail was not directed to the complainant or the company as is required under Section 66-A (c).

The High Court held that, “the petitioners are sending these messages to the purchasers of cranes from the company and those purchasers cannot be considered to be the possible buyers of the company. Sending of such e-mails, therefore, is not promoting the sale of the company which is the purpose of the advertisement given in the Economic Times. Such advertisements are, therefore, for the purpose of causing annoyance or inconvenience to the company or to deceive or mislead the addressee about the origin of such messages. These facts, therefore, clearly bring the acts of the petitioners within the purview of section 66A(c) of the Act.”

Mohammad Amjad v. Sharad Sagar Singh and Ors. (Criminal Revision no. 72/2011 filed before the Court of Sh. Vinay Kumar Khana Additional Sessions Judge – 04 South East: Saket Courts Delhi)

Revision petition against the order of the metropolitan magistrate

In a revision petition came up before the Additional Sessions Judge on the grounds that the metropolitan magistrate has dismissed a criminal complaint under Section 156(3) of the Criminal Procedure Code without discussing the ingredients of section 295-A, IPC and 66-A, IT Act.

In this case, the judge observed that, “...section 66A of Information Technology Act (IT Act) does not refer at all to any 'group' or 'class' of people. The only requirement of Section 66A IT Act is that the message which is communicated is grossly offensive in nature or has menacing character.” He also observed that the previous order “not at all considered the allegations from this angle and the applicability of Section 66A Information Technology Act, 2000 to the factual matrix of the instant case.”

For more details visit https://cis-india.org/internet-governance/blog/section-66-a-information-technology-act-2000-cases

Comments to the proposed amendments to The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021

Divyansha Sehgal and Torsha Sarkar — 2023-02-07T15:21:47Z

This note presents comments by the Centre for Internet and Society (CIS), India, on the proposed amendments to the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (“proposed amendments”). We thank Isha Suri for her review of this submission.

Preliminary

In these comments, we examine the constitutional validity of the proposed amendments, as well as whether the language of the amendments provide sufficient clarity for its intended recipients. This commentary is in-line with CIS’ previous engagement with other iterations of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021.

General Comments

Ultra vires the parent act

Section 79(1) of the Information Technology (IT) Act states that the intermediary will not be held liable for any third-party information if the intermediary complies with the conditions laid out in Section 79(2). One of these conditions is that the intermediary observe “due diligence while discharging his duties under this Act and also observe such other guidelines as the Central Government may prescribe in this behalf.” Further, Section 87(2)(zg) empowers the central government to prescribe “guidelines to be observed by the intermediaries under sub-section (2) of section 79.”

A combined reading of Section 79(2) read with Section 89(2)(zg) makes it clear that the power of the Central Government is limited to prescribing guidelines related to the due diligence to be observed by the intermediaries while discharging its duties under the IT Act. However, the proposed amendments extend the original scope of the provisions within the IT Act.

In particular, the IT Act does not prescribe for any classification of intermediaries. Section 2(1) (w) of the Act defines intermediaries as “with respect to any particular electronic records, means any person who on behalf of another person receives, stores or transmits that record or provides any service with respect to that record and includes telecom service providers, network service providers, internet service providers, web-hosting service providers, search engines, online payment sites, online-auction sites, online-market places and cyber cafes”. Intermediaries are treated and regarded as a single monolithic entity with the same responsibilities and obligations.

The proposed amendments have now established a new category of intermediaries, namely online gaming intermediary. This classification comes with additional obligations, codified within Rule 4A of the proposed amendments, including enabling the verification of user-identity and setting up grievance redressal mechanisms. The additional obligations placed on online gaming intermediaries find no basis in the IT Act, which does not specify or demarcate between different categories of intermediaries.

The 2021 Rules have been prescribed under Section 87(1) and Section 87(2)(z) and (zg) of the IT Act. These provisions do not empower the Central Government to make any amendment to Section 2(w) or create any classification of intermediaries. As has been held by the Supreme Court in State of Karnataka and Another v. Ganesh Kamath & Ors that: “It is a well settled principle of interpretation of statutes that conferment of rule making power by an Act does not enable the rule making authority to make a rule which travels beyond the scope of the enabling Act or which is inconsistent therewith or repugnant thereto.” In this light, we argue that the proposed amendment cannot go beyond the parent act or prescribe policies in the absence of any law/regulation authorising them to do so.

Recommendation

We recommend that a regulatory intervention seeking to classify intermediaries and prescribe regulations specific to the unique nature of specific intermediaries should happen through an amendment to the parent act. The amendment should prescribe additional responsibilities and obligations of online gaming intermediaries.

A note on the following sections

Since the legality of classifying intermediaries into further categories is under question, our subsequent discussions on the language of the provisions related to online gaming intermediary are recommended to be taken into account for formulating any new legislations relating to these entities.

Specific comments

Fact checking amendment

Amendment to Rule 3(1)(b)(v) states that intermediaries are obligated to ask their users to not host any content that is, inter alia, “identified as fake or false by the fact check unit at the Press Information Bureau of the Ministry of Information and Broadcasting or other agency authorised by the Central Government for fact checking”.

Read together with Rule 3(1)(c), which gives intermediaries the prerogative to terminate user access to their resources on non-compliance with their rules and regulations, Rule 3(1)(b)(v) essentially affirms the intermediary’s right to remove content that the Central government deems to be ‘fake’. However, in the larger context of the intermediary liability framework of India, where intermediaries found to be not complying with the legal framework of section 79 lose their immunity, provisions such as Rule 3(1)(b)(v) compel intermediaries to actively censor content, on the apprehension of legal sanctions.

In this light, we argue that Rule 3(1)(b)(v) is constitutionally invalid, inasmuch that Article 19(2), which prescribes grounds under which the government restrict the right to free speech, does not permit restricting speech on the ground that it is ostensibly “fake or false”. In addition, the net effect of this rule would be that the government would be the ultimate arbiter of what is considered ‘truth’, and every contradictions to this narrative would be deemed to be false. In a democratic system like India’s, this cannot be a tenable position, and would go against a rich jurisprudence of constitutional history on the need for plurality.

For instance, in Indian Express Newspapers v Union of India, the Supreme Court had held that ‘the freedom of the press rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public.’ Applying this interpretation to the present case, it could be said that the government’s monopoly on directing what constitutes “fake or false” in the online space would prevent citizens from accessing dissenting voices and counterpoints to government policies .

This is problematic when one considers that in the Indian context, freedom of speech and expression has always been valued for its instrumental role in ensuring a healthy democracy, and its power to influence public opinion. In the present case, the government, far from facilitating any such condition, is instead actively indulging in guardianship of the public mind (Sarkar et al, 2019).

Other provisions in the IT Act which permit for censorship of content, including section 69A, permit the government to only do so when content is relatable to grounds enumerated in Article 19(2) of the Constitution. In addition, in the case of Shreya Singhal vs Union of India, where, the constitutionality of section 69A was challenged, the Supreme Court upheld the provision because of the legal safeguards inherent in the provision, including offering a hearing to the originator of the impugned content and reasons for censoring content to be recorded in writing.

In contrast, a fact check by the Press Information Bureau or by another authorised agency provides no such safeguards, and does not relate to any constitutionally recognized ground for restricting speech.

Recommendation

The proposed amendment to Rule 3(1)(b)(v) is unconstitutional, and should be removed from the final draft of the law.

Clarifications are needed for online games rules definitions

The definitions of an "online game" and "online gaming intermediary" are currently extremely unclear and require further clarification.

As the proposed amendments stand, online games are characterised by the user's “deposit with the expectation of earning winnings”. Both deposit and winnings can be “cash” or “in kind", which does not adequately draw a boundary on the type of games this amendment seeks to cover. Can the time invested by the player in playing a game be answered under the “in kind” definition of deposit? If the game provides a virtual in-game currency that can be exchanged for internal power ups, even if there are no cash or gift cards used as payout, is that considered to be an “in kind” winnings? The rules, as currently drafted, are vague in their reference towards “in kind” deposits and payouts.

This definition of online games also does not differentiate between single or multiplayer games, and traditional games like chess which have found an audience online such as Candy Crush (single player), Minecraft (multiplayer collaborative) or chess (traditional). It is unclear whether these games were intended to fall within the purview of these amendments to the rules, and if they are all subjected to the same due diligence requirements as pay-to-play games. This, in conjunction with the proposed rule 6A which allows the Ministry to term any other game as an online game for the purposes of the rules, also provides them with broad, unpredictable powers . This ambiguity hinders clear comprehension of the expectations among the target stakeholders, thus affecting the consistency and predictability of the implementation of the rules.

Similarly, "online gaming intermediaries" are also defined very broadly as "intermediary that offers one or more than one online game". As defined, any intermediary that even hosts a link to a game is classified as an online gaming intermediary since the game is now "offered" through the intermediary. As drafted, there does not seem to be a material distinction between an "intermediary" as defined by the act and "online gaming intermediary" as specified by these rules.

Recommendation

We recommend further clarification on the definitions of these terms, especially for “in kind” and “offers” which are currently extremely vague terms that provide overbroad powers to the Ministry.

Intermediaries and Games

"Online gaming intermediaries" are defined very broadly as "intermediary that offers one or more than one online game". Intermediaries are defined in the Act as "any person who on behalf of another person receives, stores or transmits that message or provides any service with respect to that message".

According to the media coverage (Barik, 2023) around these amendments, it seems that there is an effort to classify gaming companies as "online gaming intermediaries" but the language of the drafted amendments do not support this. An “intermediary” status is given to a company due to its functional role in primarily offering third party content. It is not a classification for different types of internet companies that exist and thus must not be used to make rules for entities that do not perform this function.

Not all gaming companies present a collection of games for their users to play. According to the drafted definition multiple platforms where games might be present like, an app stores where multiple game developers can publish their games for access by users, a website that lists links to online games, a social media platform that acts as an intermediary between two users exchanging links to games, as well as websites that host games for users to directly access may all be classified as an "online gaming intermediary" since they "offer" games to users. These are a rather broad range of companies and functions to be singularly classified an "online gaming intermediary".

Recommendation

We recommend a thoroughly researched legislative solution to regulating gaming companies that operate online rather than through amendments to intermediary rules. If some companies are indeed to be classified as “online gaming intermediaries”, there is a need for further reasoning on which type of gaming companies and their functions are intermediary functions for the purposes of these Rules.

Comments can be downloaded here

For more details visit https://cis-india.org/internet-governance/blog/comments-to-proposed-amendments-to-it-intermediary-guidelines-and-digital-media-ethics-code-rules

We the goondas

praskrishna — 2014-08-04T15:06:18Z

You can now be arrested in Karnataka even before you commit an offence under the IT Act. You could be in jail under the Goonda Act even if not guilty under the Indian Copyright Act. If govt thinks you are planning to send a 'lascivious' photo to a WhatsApp group, or forwarding a copyrighted song, you can be arrested.

The article by Shyam Prasad was published in the Bangalore Mirror on August 4, 2014. Sunil Abraham gave his inputs.

Have a smartphone? Run for cover. Bizarre as this might sound, the cops are going to come after you if you so much as forward a song to a friend. Forget actually doing it, any plans to do so could land you in serious trouble too. You could be labelled a 'goonda' in the eyes of the State and find yourself behind bars.

In a completely unfathomable move, Karnataka has brought most offences under the Information Technology Act, 2000, and Indian Copyright Act, 1957, under the ambit of the Goonda Act. Until now, people with a history of offences like bootlegging, drug offences and immoral trafficking could be taken into preventive custody. But the government, in its enthusiasm, while adding acid attackers and sexual predators to the law, has also added 'digital offenders'. While it was thought to be against audio and video pirates, Bangalore Mirror has found it could be directed at all those who frequent FB, Twitter and the online world, posting casual comments and reactions to events unfolding around them.

So if you are planning a digital 'offence' — which could be an innocuous opinion like the young girls' in Mumbai after the bandh declared on Bal Thackeray's death — that could attract the provisions of the Information Technology Act. You can even be taken into preventive custody like a 'goonda'. Even those given exceptions under the Indian Copyright Act can find themselves in jail for a year without being presented before a magistrate. Technically, if you are even planning to forward 'lascivious' memes and images to a WhatsApp group or forwarding a song or 'copyrighted' PDF book, you can be punished under the Goondas Act.

The law-makers clearly did not dwell much on the implications while bringing the majority of the populace within the ambit of this law. On July 28, the Karnataka Legislature passed (it took barely a minute from tabling to voice vote), 'The Karnataka Prevention of Dangerous Activities of Bootleggers, Drug-offenders, Gamblers, Goondas, Immoral Traffic Offenders, Slum-grabbers and Video or Audio Pirates, (Amendment) Bill, 2014'. The amendment adds, "Acid attackers, Depradator of Environment, Digital Offenders, Money Launderers and Sexual Predators", to the title. In common parlance, this law is known as the 'Goonda Act'.

The move has come as a shock to the legal community which has slammed it, terming it an attempt by the state to usurp central powers. The government had earlier included 'piracy' under the Goonda Act. But it was applicable only to those pirating film DVDs. Now, this will include books, film songs, music, software or anything big corporates and multinationals claim they have copyright on.

Sunil Abraham, executive director, Centre for Internet and Society, is left in no doubt that the new law is "a terrible thing". "It is a sad development. It is not just bringing the provisions of the IT Act, but also the Copyright Act, that will hurt the common man," he said.

'Digital Offenders' means "any person who knowingly or deliberately violates, for commercial purposes, any copyright law in relation to any book, music, film, software, artistic or scientific work and also includes any person who illegally enters through the identity of another user and illegally uses any computer or digital network for pecuniary gain for himself or any other person or commits any of the offences specified under sections 67, 68, 69, 70, 71, 72, 73, 74 and 75 of the Information Technology Act, 2000."

Section 67 of the IT Act will be the most dangerous for the common man with a smartphone in hand now. The section, "Publishing of information which is obscene in electronic form," includes "any material which is lascivious or appeal to the prurient interest." This could have a very broad interpretation.

Advocate Nagendra Naik says, "The Goonda Act provides for preventive arrest. In the Information Technology Act and The Copyright Act, you have to commit the offence to be arrested. But here, you can be taken into preventive custody even before you commit the said offences. In normal arrests, you can straightaway apply for bail. But under the Goonda Act, you cannot. There is a long process of review and you will be in custody at least till then. The third impact is, you can have a history sheet started against you by the police. Technically, your slips on WhatsApp will attract the Goonda Act against you."

Supreme Court advocate KV Dhananjay said the Goonda Act is a draconian piece of legislation and it necessarily mocks at the institution of courts and lawyers. "After the passage of the various amendments to the Goonda Act, Karnataka now looks like a mini North Korea where police mood swings will decide whether the ordinary citizen has any right at all," he said.

Advocate Shyam Sundar, says, "What if your smartphone has a list of repeated material sent out over days or weeks. Most people do not even know if their phones are affected by viruses which could be sending out such material. Another example is of Facebook. There are so many FB pages with pornographic content. If someone who has subscribed to such a page sends you a friend request and you accept it, that content will surface on your page. It will have a history of repetition. The amendment clearly opens up huge problems for the common people. There is no doubt of the law being grossly misused and the amendment to include provisions of the IT Act has been done without application of mind. What is lascivious appeal in the first place? A porn star has been made a film star in India. Is this not lust? Are there enough filters in place to secure your smartphone from online abuse?"

The new law will in all probability create more corruption than anything else, say experts. Dhananjay says, "Until last week, police postings in Bangalore and other bigger cities were selling for tens of lakhs. Thanks to these amendments, some postings that enforce the Goonda Act will now sell for a couple of crores. The public will not feel safe due to this draconian legislation. Those who enforce the Goonda Act, however, will become richer through corruption, thanks to the fear created by these new amendments."

One year in jail for the innocent too

Sunil Abraham gives two examples by which the amended Goonda Act will become a ruthless piece of legislation. "If I publish an image of a naked body as part of a scientific article about the human body, is it obscene or not? It will not be obscene and, if I am arrested under the IT Act, I will be produced before the magistrate within 24 hours and can explain it to him. But now, I will be arrested under the Goonda Act and need not be produced before a magistrate for 90 days. It can be extended to one year. So for one year, I will be in jail even if I have not committed any wrong. Another example pertains to bringing offences under the Copyright Act under the Goonda Act. In the Copyright Act, there is an exception for reporting, research, educational and people with disability. A visually impaired person, for example, can, without paying royalty, convert a book into another format like Braille or audio and share it with another visually impaired person on a non-profit basis. But if he is arrested under Goonda Act, he will be in jail for one year, even before he does it."

HAVE THEY READ STATUTE?
Supreme Court advocate KV Dhananjay says, "The definition of a 'digital offender' is simply laughable. I do not think that whoever asked the state government to include 'digital offence' under the Goonda Act has carefully read the Constitution of India. Under the Constitution, both copyright and telecommunications are exclusive central subjects. This means that states simply cannot make any law on these subjects." Dhananjay gives the example of payment of income tax. "You know already that only the central government can demand and collect your income taxes. Can any state government say that it will create a new law to punish its resident who defaults in payment of income tax? You would simply laugh at any such law. This new definition of 'digital offender' is no less amusing. Offences under the Information Technology Act, 2000, are exclusively punishable by the central government only. State governments have no power to say that an Act shall become an offence when it does not even have the power to regulate such an Act."

CRIMINAL LAW EXPERTS SAY
Senior designate advocate, MT Nanaiah: "This law will be too harsh. There are MLAs who do not know the meaning of cyber crime. We (advocates) will be kept busy at the cost of innocent people because of this step. It provides for arresting anyone who would allegedly be planning to do something. Finding him guilty or otherwise comes later. What happens if your phone is lost or somebody sends something from your phone without your knowledge? For the first few years, innocents will go to jail. Then the courts will probably intervene and call for modifying what is at best a bad law. A similar situation arose with Section 498(A) of IPC and Sections 3 and 4 of Dowry Prohibition Act. It was misused to such an extent that courts had to step in." Senior designate advocate and former State Public Prosecutor HS Chandramouli : "Even social legislations have been misused. And, in this case, most people are illiterate about what cyber crime is. It is mostly teenagers and college students who will feel the heat. These are the people who mostly forward material considered obscene. It is necessary to educate people through discussions, workshops in the bar associations, law college and with experts. The amendment has been passed in the Legislature without discussion, which is a tragedy. At least now, before it is gazetted, people should be warned about what is being brought into the Goonda Act. I do not know how fair adding 'digital offenders' in the Goonda Act will be to the public, but the chances of misuse are more. There are no riders or prosecution for misuse. And how many policemen know about cyber crimes? During the infamous 'kidney' case (where people were cheated and their kidneys removed) many policemen did not know the difference between kidneys and testicles."

ONE YEAR IN JAIL WITHOUT CHANCE OF BAIL FOR..

Forwarding a song from your phone
Forwarding an e-book from your email
A nude photo which the govt thinks is obscene
Any software that a company says it owns
A movie which a company says it has copyright on

For more details visit https://cis-india.org/news/bangalore-mirror-shyam-prasad-august-4-2014-we-the-goondas

The Case of Whatsapp Group Admins

Japreet Grewal — 2015-12-08T10:25:42Z

Censorship laws in India have now roped in group administrators of chat groups on instant messaging platforms such as Whatsapp (group admin(s)) for allegedly objectionable content that was posted by other users of these chat groups. Several incidents[1] were reported this year where group admins were arrested in different parts of the country for allowing content that was allegedly objectionable under law. A few reports mentioned that these arrests were made under Section 153A[2] read with Section 34[3] of the Indian Penal Code (IPC) and Section 67[4] of the Information Technology Act (IT Act).

Targeting of a group admin for content posted by other members of a chat group has raised concerns about how this liability is imputed. Whether a group admin should be considered an intermediary under Section 2 (w) of the IT Act? If yes, whether a group admin would be protected from such liability?

Group admin as an intermediary

Whatsapp is an instant messaging platform which can be used for mass communication by opting to create a chat group. A chat group is a feature on Whatsapp that allows joint participation of Whatsapp users. The number of Whatsapp users on a single chat group can be up to 100. Every chat group has one or more group admins who control participation in the group by deleting or adding people. [5] It is imperative that we understand that by choosing to create a chat group on Whatsapp whether a group admin can become liable for content posted by other members of the chat group.

Section 34 of the IPC provides that when a number of persons engage in a criminal act with a common intention, each person is made liable as if he alone did the act. Common intention implies a pre-arranged plan and acting in concert pursuant to the plan. It is interesting to note that group admins have been arrested under Section 153A on the ground that a group admin and a member posting content on a chat group that is actionable under this provision have common intention to post such content on the group. But would this hold true when for instance, a group admin creates a chat group for posting lawful content (say, for matchmaking purposes) and a member of the chat group posts content which is actionable under law (say, posting a video abusing Dalit women)? Common intention can be established by direct evidence or inferred from conduct or surrounding circumstances or from any incriminating facts.[6]

We need to understand whether common intention can be established in case of a user merely acting as a group admin. For this purpose it is necessary to see how a group admin contributes to a chat group and whether he acts as an intermediary.

We know that parameters for determining an intermediary differ across jurisdictions and most global organisations have categorised them based on their role or technical functions.[7] Section 2 (w) of the Information Technology Act, 2000 (IT Act) defines an intermediary as any person, who on behalf of another person, receives, stores or transmits messages or provides any service with respect to that message and includes the telecom services providers, network providers, internet service providers, web-hosting service providers, search engines, online payment sites, online-auction sites, online marketplaces and cyber cafés. Does a group admin receive, store or transmit messages on behalf of group participants or provide any service with respect to messages of group participants or falls in any category mentioned in the definition? Whatsapp does not allow a group admin to receive, or store on behalf of another participant on a chat group. Every group member independently controls his posts on the group. However, a group admin helps in transmitting messages of another participant to the group by allowing the participant to be a part of the group thus effectively providing service in respect of messages. A group admin therefore, should be considered an intermediary. However his contribution to the chat group is limited to allowing participation but this is discussed in further detail in the section below.

According to the Organisation for Economic Co-operation and Development (OECD), in a 2010 report[8], an internet intermediary brings together or facilitates transactions between third parties on the Internet. It gives access to, hosts, transmits and indexes content, products and services originated by third parties on the Internet or provide Internet-based services to third parties. A Whatsapp chat group allows people who are not on your list to interact with you if they are on the group admins’ contact list. In facilitating this interaction, according to the OECD definition, a group admin may be considered an intermediary.

Liability as an intermediary

Section 79 (1) of the IT Act protects an intermediary from any liability under any law in force (for instance, liability under Section 153A pursuant to the rule laid down in Section 34 of IPC) if an intermediary fulfils certain conditions laid down therein. An intermediary is required to carry out certain due diligence obligations laid down in Rule 3 of the Information Technology (Intermediaries Guidelines) Rules, 2011 (Rules). These obligations include monitoring content that infringes intellectual property, threatens national security or public order, or is obscene or defamatory or violates any law in force (Rule 3(2)).[9] An intermediary is liable for publishing or hosting such user generated content, however, as mentioned earlier, this liability is conditional. Section 79 of IT Act states that an intermediary would be liable only if it initiates transmission, selects receiver of the transmission and selects or modifies information contained in the transmission that falls under any category mentioned in Rule 3 (2) of the Rules. While we know that a group admin has the ability to facilitate sharing of information and select receivers of such information, he has no direct editorial control over the information shared. Group admins can only remove members but cannot remove or modify the content posted by members of the chat group. An intermediary is liable in the event it fails to comply with due diligence obligations laid down under rule 3 (2) and 3 (3) of the Rules however, since a group admin lacks the authority to initiate transmission himself and control content, he can’t comply with these obligations. Therefore, a group admin would be protected from any liability arising out of third party/user generated content on his group pursuant to Section 79 of the IT Act.

It is however relevant to note whether the ability of a group admin to remove participants amounts to an indirect form of editorial control.

Other pertinent observations

In several reports[10] there have been discussions about how holding a group admin liable makes the process convenient as it is difficult to locate all the users of a particular group. This reasoning may not be correct as the Whatsapp policy[11] makes it mandatory for a prospective user to provide his mobile number in order to use the platform and no additional information is collected from group admins which may justify why group admins are targeted. Investigation agencies can access mobile numbers of Whatsapp users and gain more information from telecom companies.

It is also interesting to note that the group admins were arrested after a user or someone familiar to a user filed a complaint with the police about content being objectionable or hurtful. Earlier this year, the apex court had ruled in the case of Shreya Singhal v. Union of India[12] that an intermediary needed a court order or a government notification for taking down information. With actions taken against group admins on mere complaints filed by anyone, it is clear that the law enforcement officials have been overriding the mandate of the court.

Conclusion

According to a study conducted by a global research consultancy, TNS Global, around 38 % of internet users in India use instant messaging applications such as Snapchat and Whatsapp on a daily basis, Whatsapp being the most widely used application. These figures indicate the scale of impact that arrests of group admins may have on our daily communication.

It is noteworthy that categorising a group admin as an intermediary would effectively make the Rules applicable to all Whatsapp users intending to create groups and make it difficult to enforce and would perhaps blur the distinction between users and intermediaries.

The critical question however is whether a chat group is considered a part of the bundle of services that Whatsapp offers to its users and not as an independent platform that makes a group admin a separate entity. Also, would it be correct to draw comparison of a Whatsapp group chat with a conference call on Skype or sharing a Google document with edit rights to understand the domain in which censorship laws are penetrating today?

Valuable contribution by Pranesh Prakash and Geetha Hariharan

[1] http://www.nagpurtoday.in/whatsapp-admin-held-for-hurting-religious-sentiment/06250951 ; http://www.catchnews.com/raipur-news/whatsapp-group-admin-arrested-for-spreading-obscene-video-of-mahatma-gandhi-1440835156.html ; http://www.financialexpress.com/article/india-news/whatsapp-group-admin-along-with-3-members-arrested-for-objectionable-content/147887/

[2] Section 153A. “Promoting enmity between different groups on grounds of religion, race, place of birth, residence, language, etc., and doing acts prejudicial to maintenance of harmony.— (1) Whoever— (a) by words, either spoken or written, or by signs or by visible representations or otherwise, promotes or attempts to promote, on grounds of religion, race, place of birth, residence, language, caste or community or any other ground whatsoever, disharmony or feelings of enmity, hatred or ill-will between different religious, racial, language or regional groups or castes or communities…” or 2) Whoever commits an offence specified in sub-section (1) in any place of worship or in any assembly engaged in the performance of religious worship or religious ceremonies, shall be punished with imprisonment which may extend to five years and shall also be liable to fine.

[3] Section 34. Acts done by several persons in furtherance of common intention – When a criminal act is done by several persons in furtherance of common intention of all, each of such persons is liable for that act in the same manner as if it were done by him alone.

[4] Section 67 Publishing of information which is obscene in electronic form. -Whoever publishes or transmits or causes to be published in the electronic form, any material which is lascivious or appeals to the prurient interest or if its effect is such as to tend to deprave and corrupt persons who are likely, having regard to all relevant circumstances, to read, see or hear the matter contained or embodied in it, shall be punished on first conviction with imprisonment of either description for a term which may extend to five years and with fine which may extend to one lakh rupees and in the event of a second or subsequent conviction with imprisonment of either description for a term which may extend to ten years and also with fine which may extend to two lakh rupees."

[5] https://www.whatsapp.com/faq/en/general/21073373

[6] Pandurang v. State of Hyderabad AIR 1955 SC 216

[7]https://www.eff.org/files/2015/07/08/manila_principles_background_paper.pdf; http://unesdoc.unesco.org/images/0023/002311/231162e.pdf

[8] http://www.oecd.org/internet/ieconomy/44949023.pdf

[9] Rule 3(2) (b) of the Rules

[10]http://www.thehindu.com/news/national/other-states/if-you-are-a-whatsapp-group-admin-better-be-careful/article7531350.ece; http://www.newindianexpress.com/states/tamil_nadu/Social-Media-Administrator-You-Could-Land-in-Trouble/2015/10/10/article3071815.ece; http://www.medianama.com/2015/10/223-whatsapp-group-admin-arrest/; http://www.thenewsminute.com/article/whatsapp-group-admin-you-are-intermediary-and-here%E2%80%99s-what-you-need-know-35031

[11] https://www.whatsapp.com/legal/

[12] http://supremecourtofindia.nic.in/FileServer/2015-03-24_1427183283.pdf

For more details visit https://cis-india.org/internet-governance/blog/the-case-of-whatsapp-group-admins

Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009

jdine — 2013-07-06T01:51:58Z

Rules under section 69(2) of the Information Technology Act, 2008 (after the 2008 amendment).

G.S.R. 780 (E).— In exercise of the powers conferred by clause (y) of sub-section (2) of section 87, read with sub-section (2) of section 69 of the Information Technology Act, 2000 (21 of 2000), the Central Government hereby makes the following rules, namely:

1. Short title and commencement.—

(1) These rules may be called the Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009.

(2) They shall come into force on the date of their publication in the Official Gazette.

2. Definitions.— In these rules, unless the context otherwise requires,--

(a) “Act” means the Information Technology Act, 2000 (21 of 2000);

(b) “communication” means dissemination, transmission, carriage of information or signal in some manner and include both a direct communication and an indirect communication”;

(c) “communication link” means the use of satellite, microwave, radio, terrestrial line, wire, wireless or any other communication media to inter-connect computer resource;

(d) “competent authority” means--

(i) the Secretary in the Ministry of Home Affairs, in case of the Central Government; or

(ii) the Secretary in charge of the Home Department, in case of a State Government or Union territory, as the case may be;

(e) “computer resource” means computer resource as defined in clause (k) of sub-section (1) of section 2 of the Act;

(f) “decryption” means the process of conversion of information in non-intelligible form to an intelligible form via a mathematical formula, code, password or algorithm or a combination thereof;

(g) “decryption assistance” means any assistance to--

(i) allow access, to the extent possible, to encrypted information; or

(ii) facilitate conversion of encrypted information into an intelligible form;

(h) “decryption direction” means a direction issued under Rule (3) in which a decryption key holder is directed to--

(i) disclose a decryption key; or

(ii) provide decryption assistance in respect of encrypted information

(i) “decryption key” means any key, mathematical formula, code, password, algorithm or any other data which is used to--

(i) allow access to encrypted information; or

(ii) facilitate the conversion of encrypted information into an intelligible form;

(j) “decryption key holder” means any person who deploys the decryption mechanism and who is in possession of a decryption key for purposes of subsequent decryption of encrypted information relating to direct or indirect communications;

(k) “information” means information as defined in clause (v) of sub-section (1) of section 2 of the Act;

(l) “intercept” with its grammatical variations and cognate expressions, means the aural or other acquisition of the contents of any information through the use of any means, including an interception device, so as to make some or all of the contents of an information available to a person other than the sender or recipient or intended recipient of that communication, and includes--

(a) monitoring of any such information by means of a monitoring device;

(b) viewing, examination or inspection of the contents of any direct or indirect information; and

(c) diversion of any direct or indirect information from its intended destination to any other destination to any other destination;

(m) “interception device” means any electronic, mechanical, electro-mechanical, electro-magnetic, optical or other instrument, device, equipment or apparatus which is used or can be used, whether by itself or in combination with any other instrument, device, equipment or apparatus, to intercept any information; and any reference to an “interception device” includes, where applicable, a reference to a “monitoring device”;

(n) “intermediary” means an intermediary as defined in clause (w) of sub-section (1) of section 2 of the Act;

(o) “monitor” with its grammatical variations and cognate expressions, includes to view or to inspect or listen to or record information by means of a monitoring device;

(p) “monitoring device” means any electronic, mechanical, electro-mechanical, electro-magnetic, optical or other instrument, device, equipment or apparatus which is used or can be used, whether by itself or in combination with any other instrument, device, equipment or apparatus, to view or to inspect or listen to or record any information;

(q) “Review Committee” means the Review Committee constituted under rule 419A of Indian Telegraph Rules, 1951.

3. Direction for interception or monitoring or decryption of any information.— No person shall carry out the interception or monitoring or decryption of any information generated, transmitted, received or stored in any computer resource under sub-section (2) of section 69 of the Act, except by an order issued by the competent authority;

Provided that in an unavoidable circumstances, such order may be issued by an officer, not below the rank of Joint Secretary of the Government of India, who has been duly authorised by the competent authority;

Provided further that in a case of emergency--

(i) in remote areas, where obtaining of prior directions for interception or monitoring or decryption of information is not feasible; or

(ii) for operational reasons, where obtaining of prior directions for interception or monitoring or decryption of any information generation, transmitted, received or stored in any computer resource is not feasible,

the interception or monitoring of decryption of any information generated, transmitted, received or stored in any computer resource may be carried out with the prior approval of the Head or the second senior most officer of the security and law enforcement agency (hereinafter referred to as the said security agency) at the Central level and the officer authorised in this behalf, not below the rank of the inspector General of Police or an officer of equivalent rank, at the State or Union territory level;

Provided also that the officer, who approved such interception or monitoring or decryption of information in case of emergency, shall inform in writing to the competent authority about the emergency and of such interception or monitoring or decryption within three working days and obtain the approval of the competent authority thereon within a period of seven working days and if the approval of competent authority is not obtained within the said period of seven working days, such interception or monitoring or decryption shall cease and the information shall not be intercepted or monitored or decrypted thereafter without the prior approval of the competent authority.

4. Authorisation of agency of Government.— The competent authority may authorise an agency of the Government to intercept, monitor or decrypt information generated, transmitted received or stored in any computer resource for the purpose specified in sub-section (1) of section 69 of the Act.

5. Issue of decryption direction by competent authority.— The competent authority may, under Rule (3), give any decryption direction to the decryption key holder for decryption of any information involving a computer resource or part thereof.

6. Interception or monitoring or decryption of information by a State beyond its jurisdiction.— Notwithstanding anything contained in Rule (3), if a State Government or Union territory Administration requires any interception or monitoring or decryption of information beyond its territorial jurisdiction, the Secretary in-charge of the Home Department in that State or Union territory, as the case may be, shall make a request to the Secretary in the Ministry of Home Affairs, Government of India for issuing direction to the appropriate authority for such interception or monitoring or decryption of information.

7. Contents for direction.— Any direction issued by the competent authority under Rule (3) shall contain reasons for such direction and a copy of such direction shall be forwarded to the Review Committee within a period of seven working days.

8. Competent authority to consider alternative means in acquiring information.— The competent authority shall, before issuing any direction under Rule (3), consider possibility of acquiring the necessary information by other means and the direction under Rule (3) shall be issued only when it is not possible to acquire the information by any other reasonable means.

9. Direction of interception or monitoring or decryption of any specific information.— The direction of interception or monitoring or decryption of any information generation, transmitted, received or stored in any computer resource shall be of any information as is sent to or from any person or class of persons or relating to any particular subject whether such information or class of information are received with one or more computer resources, or being a computer resource likely to be used for the generation, transmission, receiving, storing of information from or to one particular person or one or many set of premises, as may be specified or described in the direction.

10. Direction to specify the name and designation of the officer to whom information to be disclosed.— Every directions under Rule (3) shall specify the name and designation of the officer of the authorised agency to whom the intercepted or monitored or decrypted or stored information shall be disclosed and also specify that the use of intercepted or monitored or decrypted information shall be subject to the provisions of sub-section (1) of section 69 of the said Act.

11. Period within which direction shall remain in force.— The direction for interception or monitoring or decryption shall remain in force, unless revoked earlier, for a period not exceeding sixty days from the date of its issue and may be renewed from time to time for such period not exceeding the total period of one hundred and eighty days.

12. Authorised agency to designate nodal officer.— The agency authorised by the competent authority under Rule (4) shall designate one or more nodal officer, not below the rank of Superintendent of Police or Additional Superintendent of Police or the officer of the equivalent rank to authenticate and send the requisition conveying direction issued under Rule (3) for interception or monitoring or decryption to the designated officers of the concerned intermediaries or person in-charge of computer resource;

Provided that an officer, not below the rank of Inspector of Police or officer of equivalent rank, shall deliver the requisition to the designated officer of the intermediary.

13. Intermediary to provide facilities, etc.—

(1) The officer issuing the requisition conveying direction issued under Rule (3) for interception or monitoring or decryption of information shall also make a request in writing to the designated officers of intermediary or person in-charge of computer resources, to provide all facilities, co-operation and assistance for interception or monitoring or decryption mentioned in the directions.

(2) On the receipt of request under sub-rule (1), the designated officers of intermediary or person in-charge of computer resources, shall provide all facilitates, co-operation and assistance for interception or monitoring or decryption of information mentioned in the direction.

(3) Any direction of decryption of information issued under Rule (3) to intermediary shall be limited to the extent the information is encrypted by the intermediary or the intermediary has control over the decryption key.

14. Intermediary to designate officers to receive and handle.— Every intermediary or person in-charge of computer resource shall designate an officer to receive requisition, and another officer to handle such requisition, from the nodal officer for interception or monitoring or decryption of information generation, transmitted, received or stored in any computer resource.

15. Acknowledgement of instruction.— The designated officer of the intermediary or person in-charge of computer resources shall acknowledge the instructions received by him through letters or fax or e-mail signed with electronic signature to the nodal officer of the concerned agency within two hours on receipt of such intimation or direction for interception or monitoring or decryption of information.

16. Maintenance of records by designated officer.— The designated officer of intermediary or person in-charge of computer resource authorised to intercept or monitor or decrypt any information shall maintain proper records mentioning therein, the intercepted or monitored or decrypted information, the particulars of persons, computer resource, e-mail account, website address, etc. whose information has been intercepted or monitored or decrypted, the name and other particulars of the officer or the authority to whom the intercepted or monitored or decrypted information has been disclosed, the number of copies, including corresponding electronic records of the intercepted or monitored or decrypted information made and the mode of the method by which such copies, including corresponding electronic records are made, the date of destruction of the copies, including corresponding electronic record and the duration within which the directions remain in force.

17. Decryption key holder to disclose decryption key or provide decryption assistance.— If a decryption direction or a copy thereof is handed to the decryption key holder to whom the decryption direction is addressed by the nodal officer referred to in Rule (12), the decryption key holder shall within the period mentioned in the decryption direction--

(a) disclose the decryption key; or

(b) provide the decryption assistance,

specified in the decryption direction to the concerned authorised person.

18. Submission of the list of interception or monitoring or decryption of information.—
(1) The designated officers of the intermediary or person in-charge of computer resources shall forward in every fifteen days a list of interception or monitoring or decryption authorisations received by them during the preceding fortnight to the nodal officers of the agencies authorised under Rule (4) for confirmation of the authenticity of such authorisations.
(2) The list referred to in sub-rule (1) shall include details, such as the reference and date of orders of the concerned competent authority including any order issued under emergency cases, date and time of receipt of such order and the date and time of implementation of such order.

19. Intermediary to ensure effective check in handling matter of interception or monitoring or decryption of information.— The intermediary or the person in-charge of the computer resource so directed under Rule (3), shall provide technical assistance and the equipment including hardware, software, firmware, storage, interface and access to the equipment wherever requested by the agency authorised under Rule (4) for performing interception or monitoring or decryption including for the purposes of--

(i) the installation of equipment of the agency authorised under Rule (4) for the purposes of interception or monitoring or decryption or accessing stored information in accordance with directions by the nodal officer; or

(ii) the maintenance, testing or use of such equipment; or

(iii) the removal of such equipment; or

(iv) the performance of any action required for accessing of stored information under the direction issued by the competent authority under Rule (3).

20. Intermediary to ensure effective check in handling matter of interception or monitoring or decryption of information.— The intermediary or person in-charge of computer resources shall put in place adequate and effective internal checks to ensure the unauthorised interception of information does not take place and extreme secrecy is maintained and utmost care and precaution shall be taken in the matter of interception or monitoring or decryption of information as it affects privacy of citizens and also that it is handled only by the designated officers of the intermediary and no other person of the intermediary or person in-charge of computer resources shall have access to such intercepted or monitored or decrypted information.

21. Responsibility of intermediary.— The intermediary or person in-charge of computer resources shall be responsible for any action of their employees also and in case of violation pertaining to maintenance of secrecy and confidentiality of information or any unauthorised interception or monitoring or decryption of information, the intermediary or person in-charge of computer resources shall be liable for any action under the relevant provisions of the laws for the time being in force.

22. Review of directions of competent authority.— The Review Committee shall meet at least once in two months and record its findings whether the directions issued under Rule (3) are in accordance with the provisions of sub-section (2) of section 69 of the Act and where the Review Committee is of the opinion that the directions are not in accordance with the provisions referred to above, it may set aside the directions and issues order for destruction of the copies, including corresponding electronic record of the intercepted or monitored or decrypted information.

23. Destruction of records of interception or monitoring or decryption of information.—

(1) Every record, including electronic records pertaining to such directions for interception or monitoring or decryption of information and of intercepted or monitored or decrypted information shall be destroyed by the security agency in every six months except in a case where such information is required, or likely to be required for functional requirements.

(2) Save as otherwise required for the purpose of any ongoing investigation, criminal complain or legal proceedings, the intermediary or person in-charge of computer resources shall destroy records pertaining to directions for interception of information within a period of two months of discontinuance of the interception or monitoring or decryption of such information and in doing so they shall maintain extreme secrecy.

24. Prohibition of interception or monitoring or decryption of information without authorisation.—

(1) Any person who intentionally or knowingly, without authorisation under Rule (3) or Rule (4), intercepts or attempts to intercept, or authorises or assists any other person to intercept or attempts to intercept any information in the course of its occurrence or transmission at any place within India, shall be proceeded against and punished accordingly under the relevant provisions of the laws for the time being in force.

(2) Any interception, monitoring or decryption of information in computer resource by the employee of an intermediary or person in-charge of computer resource or a person duly authorised by the intermediary, may be undertaken in course of his duty relating to the services provided by that intermediary, if such activities are reasonably necessary for the discharge his duties as per the prevailing industry practices, in connection with the following matters, namely--

(i) installation of computer resource or any equipment to be used with computer resource; or

(ii) operation or maintenance of computer resource; or

(iii) installation of any communication link or software either at the end of the intermediary or subscriber, or installation of user account on the computer resource of intermediary and testing of the same for its functionality;

(iv) accessing stored information from computer resource relating to the installation, connection or maintenance of equipment, computer resource or a communication link or code; or

(v) accessing stored information from computer resource for the purpose of--

(a) implementing information security practices in the computer resource;

(b) determining any security breaches, computer contaminant or computer virus;

(vi) accessing or analysing information from a computer resource for the purpose of tracing a computer resource of any person who has contravened, or is suspected of having contravened or being likely to contravene, any provision of the Act that is likely to have an adverse impact on the services provided by the intermediary.

(3) The intermediary or the person in-charge of computer resource and its employees shall maintain strict secrecy and confidentiality of information while performing the actions specified under sub-rule (2).

25. Prohibition of disclosure of intercepted or monitored decrypted information.—

(1) The contents of intercepted or monitored or stored or decrypted information shall not be used or disclosed by intermediary or any of its employees or person in-charge of computer resource to any person other than the intended recipient of the said information under Rule (10).

(2) The contents of intercepted or monitored or decrypted information shall not be used or disclosed by the agency authorised under Rule (4) for any other purpose, except for investigation or sharing with other security agency for the purpose of investigation or in judicial proceedings before the competent court in India.

(3) Save as otherwise provided in sub-rule (2), the contents of intercepted or monitored or decrypted information shall not be disclosed or reported in public by any means, without the prior order of the competent court in India.

(4) Save as otherwise provided in sub-rule (2), strict confidentiality shall be maintained in respect of direction for interception, monitoring or decryption issued by concerned competent authority or the nodal officers.

For more details visit https://cis-india.org/internet-governance/resources/it-procedure-and-safeguards-for-interception-monitoring-and-decryption-of-information-rules-2009

Information Technology (Procedure and safeguard for Monitoring and Collecting Traffic Data or Information) Rules, 2009

jdine — 2013-04-25T04:49:05Z

Draft Rules under section 69B of the Information Technology (Amendment) Act, 2008 as notified by the Central Government.

G.S.R. 782 (E).— In exercise of the power conferred y clause (za) of sub-section (2) of section 87, read with sub-section (3) of section 69B of the Information Technology Act 2000 (21 of 2000), the Central Government hereby makes the following rules, namely:—

1. Short title and commencement.—

(1) These rules may be called the Information Technology (Procedure and safeguard for Monitoring and Collecting Traffic Data or Information) Rules, 2009.

(2) They shall come into force on the date of their publication in the Official Gazette.

2. Definitions.— In these rules, unless the context otherwise requires,—

(a) “Act” means the Information Technology Act, 2000 (21 of 2000);

(b) “communication” means dissemination, transmission, carriage of information or signal in come manner and include both a direct communication and an indirect communication;

(c) “communication link” means the use of satellite, microwave, radio, terrestrial line, wire, wireless or any other communication media to inter-connect computer resource;

(d) “competent authority” means the Secretary to the Government of India in the Department of Information Technology under the Ministry of Communications and Information Technology;

(e) “computer resource” means computer resource as defined in clause (k) of sub-section (1) of section 2 of the Act;

(f) “cyber security incident” means any real or suspected adverse event in relation to cyber security that violates an explicitly or implicitly applicable security policy resulting in unauthorised access, denial of service/disruption, unauthorised use of a computer resource for processing or storage of information or changes to data, information without authorisation;

(g) “cyber security breaches” means unauthorised acquisition or unauthorised use by a person of data or information that compromises the confidentiality, integrity or availability of information maintained in a computer resource;

(h) “information” means information as defined in clause (v) of sub-section (1) of section 2 of the Act;

(i) “information security practices” means implementation of security policies and standards in order to minimize the cyber security incidents and breaches;

(j) “intermediary” means an intermediary as defined by clause (w) of sub-section (1) of section 2 of the Act;

(k) “monitor” with its grammatical variations and cognate expressions, includes to view or inspect or to record or collect traffic data or information generated, transmitted, received or stored in a computer resource by means of a monitoring device;

(l) “monitoring device” means any electronic, mechanical, electro-mechanical, electro-magnetic, optical or other instrument, device, equipment or apparatus which is used or can be used, whether by itself or in combination with any other instrument, device, equipment or apparatus, to view or inspect or record or collect traffic data or information;

(m) “port” or “application port” means a set of software rules which identifies and permits communication between application to application, network to network, computer to computer, computer system to computer system;

(n) “Review Committee” means the Review Committee constituted under rule 419A of Indian Telegraph Rules, 1951;

(o) “security policy” means documented business rules and processes for protecting information and the computer resource;

(p) “traffic data” means traffic data as defined in Explanation (ii) to section 69B of the Act.

3. Directions for monitoring.—

(1) No directions for monitoring and collection of traffic data or information under sub-section (3) of section 69B of the Act shall be issued, except by an order made by the competent authority.

(2) The competent authority may issue directions for monitoring for any or all of the following purposes related to cyber security, namely:-

(a) forecasting of imminent cyber incidents;

(b) monitoring network application with traffic data or information on computer resource;

(d) tracking cyber security breaches or cyber security incidents;

(e) tracking computer resource breaching cyber security or spreading virus or computer contaminants;

(f) identifying or tracking of any person who has breached, or is suspected of having breached or being likely to breach cyber security;

(g) undertaking forensic of the concerned computer resource as a part of investigation or internal audit of information security practices in the computer resources;

(h) accessing a stored information for enforcement of any provisions of the laws relating to cyber security for the time being in force;

(i) any other matter relating to cyber security.

(3) Any direction issued by the competent authority under sub-rule (2) shall contain reasons for such direction and a copy of such direction shall be forwarded to the Review Committee withing a period of seven working days.

(4) The direction of the competent authority for monitoring and collection of traffic data or information may include the monitoring and collection of traffic data or information from any person or class of persons or relating to any particular subject whether such traffic data or information, or class of traffic data of information, are received with one or more computer resources, being a computer resource likely to be used for generation, transmission, receiving, storing of traffic data or information from or to one particular person or one or many set of premises.

4. Authorised agency of government for monitoring and collection of traffic data or information.—

(1) The competent authority may authorise any agency of the government for monitoring and collection of traffic data or information generated, transmitted, received or stored in any computer resource.

(2) The agency authorised by the competent authority under sub-rule (1) shall designated one or more nodal officer, not below the rank of Deputy Secretary to the Government of India, for the purpose to authenticate and send the requisition conveying direction issued under rule 3 to the designated officers of the concerned intermediary or person in-charge of computer resources.

(3) The requisition under sub-rule (2) shall specify the name and designation of the officer or the agency to whom the monitored or collected traffic data or information is to be disclosed.

(4) The intermediaries or person in-charge of computer resource shall designate one or more officers to receive requisition and to handle such requisition from the nodal officer for monitoring or collection of traffic data or information.

(5) The requisition conveying directions for monitoring shall be conveyed to the designated officers of the intermediary or person in-charge of computer resources, in writing through letter or fax by the nodal officer or delivered, (including delivery by email signed with electronic signature), by an officer not below the rank of Under Secretary or officer of the equivalent rank.

(6) The nodal officer issuing the requisition conveying directions for monitoring under sub=rule (2) shall also make a request in writing to the designated officer of intermediary or person in-charge of computer resource for monitoring in accordance with the format indicated in such requisition and report the same to the officer designated under sub-rule (3).

(7) The nodal officer shall also make a request to the officer of intermediary or person in-charge of computer resource designated under sub-rule (4) to extend all facilities, co-operation and assistance in installation, removal and testing of equipment and also enable online access or to secure and provide online access to the computer resource for monitoring and collecting traffic data or information.

(8) On receipt of requisition under sub-rule (2) conveying the direction issued under sub-rule (2) of rule 3 the designated officer of the intermediary or person in-charge of computer resource designated under sub-rule (4) shall acknowledge the receipt of requisition by way of letter or fax or electronically signed e-mail to the nodal officer within a period of two hours from the time of receipt of such requisition.

(9) The officer of the intermediary or person in-charge of computer resource designed under sub-rule (4) shall maintain proper records of the requisitions received by him.

(10) The designated officer of the intermediary or person in-charge of computer resource shall forward in every fifteen days a list of requisition conveying direction for monitoring or collection of traffic data or information to the nodal officer which shall include details such as the reference and date of requisition conveying direction of the concerned competent authority.

5. Intermediary to ensure effective check in handling monitoring or collection of traffic data or information.— The intermediary or person in-charge of computer resources shall put in place adequate and effective internal checks to ensure that unauthorised monitoring or collection of traffic data or information does not take place and extreme secrecy is maintained and utmost care and precaution is taken in the matter of monitoring or collection of traffic data or information as it affects privacy of citizens and also that this matter is handled only by the designated officer of the intermediary or person in-charge of computer resource.

6. Responsibility of intermediary.— The intermediary or person in-charge of computer resource shall be responsible for the actions of their employees also, and in case of violation of the provision of the Act and rules made thereunder pertaining to maintenance of secrecy and confidentiality of information or any unauthorised monitoring or collection of traffic data or information, the intermediary or person in-charge of computer resource shall be liable for any action under the relevant provision of the laws for the time being in force.

7. Review of directions of competent authority.— The Review Committee shall meet at least once in two months and record its finding whether the directions issued under sub-rule (2) of rule 3 are in accordance with the provisions of sub-section (3) of section 69B of the Act and where the Review Committee is of the opinion that the directions are not in accordance with the provisions referred to above, it may set aside the directions and issue order for destruction of the copies, including corresponding electronic record of the monitored or collected traffic data or information.

8. Destruction of records.—

(1) Every record, including electronic records pertaining to such directions for monitoring or collection of traffic data shall be destroyed by the designated officer after the expiry of a period of nine months from the receipt of direction or creation of record, whichever is later, except in a case where the traffic data or information is, or likely to be, required for functional requirements.

(2) Save as otherwise required for the purpose of any ongoing investigation, criminal complaint or legal proceedings the intermediary or the person in-charge of computer resource shall destroy records pertaining to directions for monitoring or collection of information within a period of six months of discontinuance of the monitoring or collection of traffic data and in doing so they shall maintain extreme secrecy.

9. Prohibition of monitoring or collection of traffic data or information without authorisation.—

(1) Any person who, intentionally or knowingly, without authorisation under sub-rule (2) of rule 3 or sub-rule (1) of rule 4, monitors or collects traffic data or information, or attempts to monitor or collect traffic data or information, or authorises or assists any person to monitor or collect traffic data or information in the course of its occurrence or transmission at any place within India, shall be proceeded against, punished accordingly under the relevant provisions of the law for the time being in force.

(2) the monitoring or collection of traffic data or information in computer resource by the employee of an intermediary or person in-charge of computer resource or a person duly authorised by the intermediary, may be undertaken in course of his duty relating to the services provided by that intermediary, if such activities are reasonably necessary for the discharge his duties as per the prevailing industry practices, in connection with the following matters, namely:—

(i) installation of computer resource or any equipment to be used with computer resource; or

(ii) operation or maintenance of computer resource; or

(iv) accessing stored information from computer resource relating to the installation, connection or maintenance of equipment, computer resource or a communication link or code; or

(v) accessing stored information from computer resource for the purpose of--

(a) implementing information security practices in the computer resource;

(b) determining any security breaches, computer contaminant or computer virus;

(4) The details of monitored or collected traffic data or information shall not be used or disclosed by intermediary or person in-charge of computer resource or any of its employees to any person other than the intended recipient of the said information under sub-rule (2) of rule 4. Any intermediary or its employees of person in-charge of computer resource who contravenes the provisions of this rule shall be proceeded against and punished accordingly under the relevant provisions of the Act or any other law for the time being in force.

10. Prohibition of disclosure of traffic data or information by authorised agency.— The details of monitored or collected traffic data or information shall not be used or disclosed by the agency authorised under sub-rule (1) of rule 4 for any other purpose, except for forecasting imminent cyber threats or general trend of port-wise traffic on Internet, or general analysis of cyber incidents, or for investigation or in judicial proceedings before the competent court in India.

11. Maintenance of confidentiality.— Save as otherwise provided in rule 10, strict confidentiality shall be maintained in respect of directions for monitoring or collection of traffic data or information issued by the competent authority under these rules.

For more details visit https://cis-india.org/internet-governance/resources/it-procedure-and-safeguard-for-monitoring-and-collecting-traffic-data-or-information-rules-2009

At the end of the niche optical pirate

siddharth — 2011-08-04T04:44:58Z

In this blog post, Siddharth Chaddha goes enquiring into the modus operandi of a video pirate / film lover / businessman in Bangalore's famed National Market.

Getting to the National Market

Wading through Majestic Bus Stand, Flea Markets, Private Bus Stops and vehicles going around in circles, you could almost miss this board outside one of the shopping plazas. NATIONAL MARKET, the famed "pirate market" at the heart of the city. Most of the business here is illegal and the local police raid the thirty odd shops selling goods, which within the purview of any multilateral agreement under WIPO or TRIPS regime would be an infringement of copyright, at least once a month. The shops run shutter to shutter, each one five by four feet. Crowded with sellers and customers, all pirate markets typically smell the same. Pirated DVDs, DVD players, Chinese mobile phones and PDAs, even VHS players of the yore, smuggled MP3 music systems, fake Ray-Bans and Police sunglasses, gaming consoles. You name it, and National Market has it.

Meet the Pirate

Tall and sporting a stubble, Sooraj (name changed) is a Malayali who has been in the trade for over 8 years. "Earlier, I used to have the best English Movie collection ever. But now, its all going away. Most people have shifted from DVD's to Digital Storage and Bit Torrents", says Sooraj. A family comes across the counter. A middle aged man accompanied by two women in a burqua, one of them carrying a young baby boy in their hand. "Tom and Jerry!", says the man and Sooraj's helper brings out a carton full of animated Hollywood films. Finding Nemo, The Lion King, Madagascar, its all there. "No Tom and Jerry. This doesn't have Tom and Jerry", growls the stout customer. Sooraj jumps into the action, hunts out a DVD from a stack and puts it on the table. "Tom and Jerry Tales - 13 episodes", reads the the outside with a classic Tom chasing Jerry picture on the cover. Satisfied, the family puts it aside and goes on to explore other popular cartoon series. In the end, the man calls for Maharathi, a recent Bollywood flick. He looks at the cover intriguingly and I decide to butt in, "Amazing movie. Just saw it last week. Great plot." The deal is seized and after a bout of bargaining over the price. As the family dissolves into the market, Sooraj turns back and says to me, "A lot of customers bargain. I get a headache. And my shop is the first one in the market, inside people operate on margins of 5-10 rupees. That just ruins everything for us. They don't think of the amount of the risk involved."

The Business of Piracy

Sooraj explains to me how Chennai is the biggest market of the South. "Chennai is a sea. You will get everything there. Once you take a dive in that ocean, it's all there." When I ask him of the chain of distribution, he says, "No one will say that I print the covers of fake DVDs or I copy prints. For me, I just call my distributor and everything comes from Chennai. I don't ask beyond that. The stock comes in the price range of 25-35-40 Rupees. Now, there is only one quality of stock. The market is dying. No one has good stock. Earlier, we used to sell DVDs for Rs.70-80. Now, there is no demand. Even the wholesale business is at a low.'' I ask him, "So what are you going to do, now that soon DVDs will be gone?" Sooraj is not flustered. "We will shut this and start a new business," he says. I quietly step back, as another customer comes asking for audio CDs. He doesn't deal in those.

Enforcement Threat

When the customer is gone, I ask him, "How often does the police raid this market?" He smiles and replies, "Not often anymore. The business is almost dead. But yes, they come sometimes. Then you are taken away and a case ensues." I decide to ask him candidly, "How many times have you been booked?" He smiles again. "5-7 times. I have a few cases pending, dates that I have to go and visit the court. They arrest you for a day but that's all they can do. After all this is not a big crime." He continues dealing with customers who have various demands for music and films. Some he sells to, he guides others to the inside shops. "I sell about a 1000 DVDs everyday. Earlier, the figure used to be much higher. Mostly English. Hindi, Tamil and Telugu too. No Kannada," he volunteers. I probe further, "Why no Kannada?" He says that that he supports protection for their own industry. "And the market price for Kannada films is appropriate. Some are Rupees 60, 90, 110. That's reasonable. We do not need to pirate it."

I ask him for Tamil titles. He asked if I wanted Ghajani. “I saw it when it released. Give me something that's worth watching.” He picks out two. Saroja and Subramaniya Puram. He doesn't make a profit in this deal but something tells me that he is happy to spread the love of good films. "Can I click a picture?" He refuses, saying it would not be a good idea. I shake his hand. Until next time.

For more details visit https://cis-india.org/a2k/blogs/at-the-end-of-the-niche-optical-pirate

Press Coverage of Online Censorship Row

pranesh — 2011-12-08T11:31:30Z

We are maintaining a rolling blog with press references to the row created by the proposal by the Union Minister for Communications and Information Technology to pre-screen user-generated Internet content.

Monday, December 5, 2011

India Asks Google, Facebook to Screen Content | Heather Timmons (New York Times, India Ink)

Tuesday, December 6, 2011

Sibal warns social websites over objectionable content | Sandeep Joshi (The Hindu)

Hate speech must be blocked, says Sibal | Praveen Swami & Sujay Mehdudia (The Hindu)

Won't remove material just because it's controversial: Google | (Press Trust of India)

Any Normal Human Being Would Be Offended | Heather Timmons (New York Times, India Ink)

After Sibal, Omar too feels some online content inflammatory | (Press Trust of India)

Online uproar as India seeks social media screening | Devidutta Tripathy and Anurag Kotoky (Reuters)

Kapil Sibal for content screening: Facebook, Twitter full of posts against censorship | (IANS)

India May Overstep Its Own Laws in Demanding Content Filtering | John Ribeiro (IDG)

Kapil Sibal warns websites: Mixed response from MPs | (Press Trust of India)

Websites must clean up content, says Sibal | (NewsX)

Kapil Sibal warns websites; Google says won't remove material just because it's controversial | Press Trust of India

Censorship By Any Other Name... | Yamini Lohia (Mint)

Kapil Sibal: We have to take care of sensibility of our people | Associated Press

Kapil Sibal gets backing of Digvijaya Singh over social media screening | Press Trust of India

Sibal Gets What He Set Out To Censor | (Hindustan Times, Agencies)

Objectionable Matter Will Be Removed, Censorship Not in Picture Yet: Kapil Sibal | Amar Kapadia (News Tonight)

Wednesday, December 7, 2011

Kapil Sibal Doesn't Understand the Internet | Shivam Vij (India Today)

'Chilling' Impact of India's April Internet Rules | Heather Timmons (New York Times, India Ink)

Screening, not censorship, says Sibal | (Business Standard)

Chandni Chowk to China | Salil Tripathi (Mint)

Kapil Sibal vs the internet | Sandipan Deb (Mint)

No Need for Censorship of the Internet: Cyber Law Experts | (Times News Network)

Protest with flowers for Sibal | (The Hindu)

Kapil Sibal cannot screen this report | Team DNA, Blessy Chettiar & Renuka Rao (Daily News and Analysis)

Kapil Sibal warns websites, but experts say prescreening of user content not practical | (Reuters)

Sibal's Remarks Brought Disgust | Hitesh Mehta (News Tonight)

BJP backs mechanism to curb objectionable content on websites | (The Hindu)

Move to regulate networking sites should be discussed in Parliament: BJP | (Press Trust of India)

Sibal under attack in cyberspace | (Press Trust of India)

Kapil Sibal's web censorship: Indian govt wanted 358 items removed, says Google | (Press Trust of India)

Kapil Sibal gets BJP support but with rider | (Indo-Asian News Service)

Sibal's way of regulating web not okay, says BJP | (Indo-Asian News Service)

Censorship in Blasphemy's Clothings | Gautam Chikermane (Hindustan Times, Just Faith)

India wants Google, Facebook to screen content | Sharon Gaudin (Computer World)

Should we be taming social media? | Swati Prasad (ZDNet, Inside India)

Kapil Sibal gets lampooned for views on Web control | (Daily News and Analysis)

'We don't need no limitation' | Asha Prakash (Times of India)

Five reasons why India can't censor the internet | Prasanto K. Roy (Indo-Asian News Service)

We Are the Web | (Indian Express)

Thursday, December 8, 2011

Kapil Sibal under attack in cyberspace, (Press Trust of India)

Speak Up for Freedom | Pranesh Prakash (Indian Express)

Newswallah: Censorship | Neha Thirani (New York Times, India Ink)

No Question of Censoring the Internet, Says Sachin Pilot | (NDTV)

Mind Your Netiquette, or We'll Mind it for You | A.A.K. (The Economist)

Take Parliament's view to regulate social networking sites, BJP tells govt | (Times News Network)

India wanted 358 items removed | Priscilla Jebaraj (The Hindu)

Indian Government v Social Networking sites: Expert Views | (Bar & Bench News Network)

Can Government Muzzle Websites? | Priyanka Joshi & Piyali Mandal (Business Standard)

US concerned over internet curbs, sidesteps India move | (Indo-Asian News Service)

Why Internet Companies Are Upset with Kapil Sibal | (Rediff)

Why Censor Facebook When You Don't Censor Sunny Leone? | (Indo-Asian News Service)

Online content issue: Talks with India on, says U.S. | (Press Trust of India)

US calls for Internet freedom amid India plan | Agence France-Presse

For more details visit https://cis-india.org/internet-governance/blog/press-coverage-online-censorship

Debate on Section 66A rages on

praskrishna — 2012-12-10T09:44:31Z

Last week, a reputed BPO in Chennai took down its Facebook page and introduced stricter moderation for posts on its bulletin board.

Vasudha Venugopal's article was published in the Hindu on December 10, 2012. Pranesh Prakash is quoted.

The measure, an official said, was aimed at avoiding any "callous remark by any employee." "We have discussions on many raging topics here, and we are just making sure the content is clean with no intended defamation."

The need to present only ‘unobjectionable content’ is just one off-shoot of a controversy that has gripped the country after at least five persons were arrested in recent months for posting their views online. But what started as an outcry by a few voices against the IT Act has now turned into a campaign against the constitutional validity of the Act itself. Last week also saw concerted protests to demand the repeal of Section 66A of the IT Act, under which most of the accused were booked. Human chains and protests were conducted in Chennai, Bangalore, Pune, Hyderabad, Guntur, Kakinada, Vijaywada, Visakhapatnam, Pune, Kozhikode and Kannur, among others.

In the past few months, the debate on the use of Section 66A in particular, and the Act in general, has gathered momentum. The arrests of Jadavpur University professor Ambikesh Mahapatra for circulating a cartoon lampooning West Bengal Chief Minister Mamata Banerjee; cartoonist Aseem Trivedi; businessman Ravi Srinivasan for tweets against Union Finance Minister P. Chidambaram’s son Karti Chidambaram; and the two girls in Maharashtra for criticising the bandh after Shiv Sena leader Bal Thackeray’s death have sparked popular anger.

“Public anger and media attention have been so strong that the government has been forced to retreat, which is a good first step,” says Alagunambi Welkin, president of the Free Software Foundation Tamil Nadu, which organised the protests in Chennai. "The next step would be to plug the loopholes in the IT Act. After all, this same government has declared in various international forums that it is all for promoting openness online."

Activists say that along with the increased pressure on the government, collecting information on cases of the misuse of the Act are the tasks that have to be fulfilled immediately. Human rights activist A. Marx, who has filed a public interest litigation petition against Section 66A, says the selective application of the law is very troubling. From a broader perspective though, this is also an issue of global proportions. Recently, a man in the U.K. was jailed for 18 months after he was found guilty of posting abusive messages on an online memorial. In July this year, a young Moroccan was arrested in Casablanca on the charge of posting “insulting caricatures of the Prophet Mohammed on Facebook.”

As recently as Tuesday, a Shenzen resident was arrested for posting a letter online, accusing a senior village official of corruption, and last week, a man in Kent was arrested for posting an image of a burning poppy on a social network site.

However, Pranesh Prakash, policy director, Centre For Internet And Society, Bangalore, notes that the more problematic parts in India’s laws are ones that result from adaptation. India’s own adaptation of the U.K. law, for instance, considerably increases punishment from six months to three years. However, if it is any consolation, there are voices worldwide being raised on this issue. Till last week, Google’s search page had a message: "Love the free and open Internet? Tell the world’s governments to keep it that way," and a link for comments directed to the Dubai conference, which will see a wide-ranging discussions and key decisions on global internet governance.

For more details visit https://cis-india.org/news/the-hindu-sci-tech-internet-december-10-2012-vasudha-venugopal-debate-on-section-66a

Encryption policy would have affected emails, operating systems, WiFi

praskrishna — 2015-09-25T01:23:10Z

Our email data would have to be stored. If we connect to a WiFi, that data would have to be stored, and that's plain ridiculous. There is a problem when the government tries to target citizens to ensure national security, said Pranesh Prakash, policy director at the Bangalore-based Centre for Internet and Society.

The article by Amrita Madhukalya was published in DNA on September 23, 2015.

The Draft National Policy on Encryption, withdrawn by the Department of Electronics and Information Technology (DeiTY) after it created a furore on privacy issues, would have had allowed the government access to any form of digital data that required encryption. Not limited to just WhatsApp or Viber data, it would have affected email services, WiFi, phone operating systems, etc.

"Our email data would have to be stored. If we connect to a WiFi, that data would have to be stored, and that's plain ridiculous. There is a problem when the government tries to target citizens to ensure national security," said Pranesh Prakash, policy director at the Bangalore-based Centre for Internet and Society.

The government, criticised heavily for the policy, withdrew it on Tuesday afternoon. It said that a new policy will be brought in its place.

Nikhil Pahwa of internet watchdog Medianama said that data about normal day-to-day activities would have to be stored if the policy was implemented. "The policy would have affected everyday business to consumer data.
This would mean that if a doctor or lawyer had your data digitised, they will be open to access, and would have to be kept for at least 90 days," said Pahwa.

However, he added that a robust encryption is needed. "It is believed that companies like Google, Facebook allow the NSA to access user data in the US, putting our personal security, and the national security largely, at risk," said Pahwa.

For more details visit https://cis-india.org/internet-governance/news/dna-september-23-2015-amrita-madhukalya-encryption-policy-would-have-affected-emails-operating-systems-wifi

Internet Rights and Wrongs

pranesh — 2016-09-22T23:36:14Z

With a rise in PIL's for unwarranted censorship, do we need to step back and inspect if it's about time unreasonable trends are checked?

The article was published in India Today on September 1, 2016. The original piece can be read here.

Over the last few weeks, there have been a number of cases of egregious censorship of websites in India. Many people started seeing notices that (incorrectly) gave an impression that they may end up in jail if they visited certain websites. However, these notices weren't an isolated phenomenon, nor one that is new. Worryingly, the higher judiciary has been drawn into these questionable moves to block websites as well.

Since 2011, numerous torrent search engines and communities have been blocked by Indian internet service providers (ISPs). Torrent search engines provide the same functionality for torrents that Google provides for websites. Are copyright infringing materials indexed and made searchable by Google? Yes. Do we shut down Google for this reason? No. However, that is precisely what private entertainment companies have done over the past five years in India. Companies hired by the producers of Tamil movies Singham and 3 managed to get video-sharing websites like Vimeo, Dailymotion and numerous torrent search engines blocked even before the movies released, without showing even a single case of copyright infringement existed on any of them. During the FIFA World Cup, Sony even managed to get Google Docs blocked. In some cases, these entertainment companies have abused 'John Doe' orders (generic orders that allow copyright enforcement against unnamed persons) and have asked ISPs to block websites. The ISPs, instead of ignoring such requests as instances of private censorship, have also complied. In other cases (like Sony's FIFA World Cup case), courts have ordered ISPs to block hundreds of websites without any copyright infringement proven against them. High court judges haven't even developed a coherent theory on whether or how Indian law allows them to block websites for alleged copyright infringement. Still they have gone ahead and blocked.

In 2012, hackers got into Reliance Communications servers and released a list of websites blocked by them. The list contained multiple links that sought to connect Satish Seth-a group MD in Reliance ADA Group-to the 2G scam: a clear case of secretive private censorship by RCom. Further, visiting some of the YouTube links which pertained to Satish Seth showed that they had been removed by YouTube due to dubious copyright infringement complaints filed by Reliance BIG Entertainment. Did the department of telecom, whose licences forbid ISPs from engaging in private censorship, take any action against RCom? No. Earlier this year, Tata Sky filed a complaint against YouTube in the Delhi High Court, noting that there were videos on it that taught people how to tweak their set-top boxes to get around the technological locks that Tata Sky had placed. The Delhi HC ordered YouTube "not to host content that violates any law for the time being in force", presuming that the videos in question did in fact violate Indian law. They cite two sections: Section 65A of the Copyright Act and Section 66 of the Information Technology Act. The first explicitly allows a user to break technological locks of the kind that Tata Sky has placed for dozens of reasons (and allows a person to teach others how to engage in such breaking), whereas the second requires finding of "dishonesty" or "fraud" along with "damage to a computer system, etc", and an intention to violate the law-none of which were found. The court effectively blocked videos on YouTube without any finding of illegality, thus once again siding with censorial corporations.

In 2013, Indore-based lawyer Kamlesh Vaswani filed a PIL in the Supreme Court calling for the government to undertake proactive blocking of all online pornography. Normally, a PIL is only admittable under Article 32 of the Constitution, on the basis of a violation of a fundamental right (which are listed in Part III of our Constitution). Vaswani's petition-which I have had the misfortune of having read carefully-does not at any point complain that the state is violating a fundamental right by not blocking pornography. Yet the petition wants to curb the fundamental right to freedom of expression, since the government is by no means in a position to determine what constitutes illegal pornography and what doesn't.

The larger problem extends to the now-discredited censor board (headed by the notorious Pahlaj Nihalani), as also the self-censorship practised on TV by the private Indian Broadcasters Federation (which even bleeps out words and phrases like 'Jesus', 'period', 'breast cancer' and 'beef'). 'Swachh Bharat' should not mean sanitising all media to be unobjectionable to the person with the lowest outrage threshold. So who will file a PIL against excessive censorship?

For more details visit https://cis-india.org/internet-governance/blog/india-today-september-1-2016-pranesh-prakash-internet-rights-and-wrongs

Privacy after Big Data: Compilation of Early Research

Saumyaa Naidu — 2016-11-12T01:37:03Z

Download the Compilation (PDF)

Privacy after Big Data

Evolving data science, technologies, techniques, and practices, including big data, are enabling shifts in how the public and private sectors carry out their functions and responsibilities, deliver services, and facilitate innovative production and service models to emerge. For example, in the public sector, the Indian government has considered replacing the traditional poverty line with targeted subsidies based on individual household income and assets. The my.gov.in platform is aimed to enable participation of the connected citizens, to pull in online public opinion in a structured manner on key governance topics in the country. The 100 Smart Cities Mission looks forwards to leverage big data analytics and techniques to deliver services and govern citizens within city sub-systems. In the private sector, emerging financial technology companies are developing credit scoring models using big, small, social, and fragmented data so that people with no formal credit history can be offered loans. These models promote efficiency and reduction in cost through personalization and are powered by a wide variety of data sources including mobile data, social media data, web usage data, and passively collected data from usages of IoT or connected devices.

These data technologies and solutions are enabling business models that are based on the ideals of ‘less’: cash-less, presence-less, and paper-less. This push towards an economy premised upon a foundational digital ID in a prevailing condition of absent legal frameworks leads to substantive loss of anonymity and privacy of individual citizens and consumers vis-a-vis both the state and the private sector. Indeed, the present use of these techniques run contrary to the notion of the ‘sunlight effect’ - making the individual fully transparent (often without their knowledge) to the state and private sector, while the algorithms and means of reaching a decision are opaque and inaccessible to the individual.

These techniques, characterized by the volume of data processed, the variety of sources data is processed from, and the ability to both contextualize - learning new insights from disconnected data points - and de-contextualize - finding correlation rather than causation - have also increased the value of all forms of data. In some ways, big data has made data exist on an equal playing field as far as monetisation and joining up are concerned. Meta data can be just as valuable to an entity as content data. As data science techniques evolve to find new ways of collecting, processing, and analyzing data - the benefits of the same are clear and tangible, while the harms are less clear, but significantly present.

Is it possible for an algorithm to discriminate? Will incorrect decisions be made based on data collected? Will populations be excluded from necessary services if they do not engage with certain models or do emerging models overlook certain populations? Can such tools be used to surveil individuals at a level of granularity that was formerly not possible and before a crime occurs? Can such tools be used to violate rights – for example target certain types of speech or groups online? And importantly, when these practices are opaque to the individual, how can one seek appropriate and effective remedy.

Traditionally, data protection standards have defined and established protections for certain categories of data. Yet, data science techniques have evolved beyond data protection principles. It is now infinitely harder to obtain informed consent from an individual when data that is collected can be used for multiple purposes by multiple bodies. Providing notice for every use is also more difficult – as is fulfilling requirements of data minimization. Some say privacy is dead in the era of big data. Others say privacy needs to be re-conceptualized, while others say protecting privacy now, more than ever, requires a ‘regulatory sandbox’ that brings together technical design, markets, legislative reforms, self regulation, and innovative regulatory frameworks. It also demands an expanding of the narrative around privacy – one that has largely been focused on harms such as misuse of data or unauthorized collection – to include discrimination, marginalization, and competition harms.

In this compilation we have put together a series of articles that we have developed as we explore the impacts – positive and negative – of big data. This includes looking at India’s data protection regime in the context of big data, reviewing literature on the benefits of harms of big data, studying emerging predictive policing techniques that rely on big data, and analyzing closely the impact of big data on specific privacy principles such as consent. This is a growing body of research that we are exploring and is relevant to multiple areas of our work including privacy and surveillance. Feedback and comments on the compilation are welcome and appreciated.

Elonnai Hickok
Director - Internet Governance

For more details visit https://cis-india.org/internet-governance/blog/privacy-after-big-data-compilation-of-early-research

Is India’s website-blocking law constitutional? – I. Law & procedure

geetha — 2014-12-11T11:02:01Z

Section 69A of the Information Technology Act, 2000, along with its corresponding Rules, set out the procedure for blocking of websites in India. Over two posts, Geetha Hariharan examines the constitutional validity of Section 69A and the Blocking Rules.

Introduction:

The Information Technology Act, 2000 (“IT Act”) is no stranger to litigation or controversy. Since its enactment in 2000, the IT Act has come under stringent criticism, both for the alleged Constitutional infirmities of its provisions and Rules, as well as for the way it is implemented. In recent years, Sections 66A (re: criminal liability for offensive, annoying or inconveniencing online communications), 67A (re: obscene 69A (re: website-blocking) and 79 (re: intermediary liability) have all come under attack for these reasons.

Today, these Sections and several others have been challenged before the Supreme Court. A total of ten cases, challenging various Sections of the IT Act, are being heard together by the Supreme Court. This is a welcome occasion, for the IT Act desperately needs judicial review. Nikhil Pahwa over at Medianama provides an update and the list of cases.

Among the challenged provisions are Section 66A, Section 79 and Section 69A. Section 66A was and continues to be used wantonly by the State and police. A student was recently arrested for a Twitter comment regarding Cyclone Hudhud, while anti-Modi comments led to several arrests earlier in the year (see here, here and here). At CIS, we have previously subjected Section 66A to constitutional analyses. Pranesh Prakash traced the genealogy of the Section and its import in targeting offensive, annoying and inconveniencing communications and spam, while Gautam Bhatia examined the Section’s overbreadth and vagueness. The casual wording and potential for misuse of Section 79 and the Information Technology (Intermediaries Guidelines) Rules, 2011 led Ujwala Uppaluri to offer strong arguments regarding their violation of Part III of the Constitution.

Similar infirmities also handicap Section 69A and its Rules. This provision empowers the Central government and officers authorised by it to order the blocking of websites or webpages. Website-blocking is permissible for reasons enumerated in Section 69A, and in accordance with the process laid out in the Information Technology (Procedure and Safeguards for Blocking for Access of Information by Public (sic)) Rules, 2009 (“Blocking Rules”). In our view, Section 69A and the Blocking Rules are also unconstitutional, and liable to be declared as such by the Supreme Court. We provide our analysis in this post and the next.

Section 69A, IT Act:

Section 69A and the Blocking Rules provide for website-blocking in accordance with enumerated reasons and process. The Section reads as follows:

69A. Power to issue directions for blocking for public access of any information through any computer resource.-

(1) Where the Central Government or any of its officer specially authorized by it in this behalf is satisfied that it is necessary or expedient so to do in the interest of sovereignty and integrity of India, defense of India, security of the State, friendly relations with foreign states or public order or for preventing incitement to the commission of any cognizable offence relating to above, it may subject to the provisions of sub-sections (2) for reasons to be recorded in writing, by order direct any agency of the Government or intermediary to block access by the public or cause to be blocked for access by public any information generated, transmitted, received, stored or hosted in any computer resource.

(2) The procedure and safeguards subject to which such blocking for access by the public may be carried out shall be such as may be prescribed.

(3) The intermediary who fails to comply with the direction issued under sub-section (1) shall be punished with an imprisonment for a term which may extend to seven years and also be liable to fine.

As you will notice, the Central government may block any information that is “generated, transmitted, received, stored or hosted” in any computer. This will extend, clearly, to any webpage available and/or hosted in India. The Government can order website-blocks if it is satisfied of the necessity or expedience for this on the basis of (any of) six reasons. These reasons are:

Sovereignty and integrity of India,
Defense of India,
Security of the State,
Friendly relations with foreign states,
Public order,
Preventing incitement to the commission of any cognizable offence relating to above.

If the Central government is convinced it has a valid reason, then it must follow the blocking procedure set out in the Blocking Rules, which were notified on 27 October 2009. Before entering into an analysis of the Blocking Rules, let us understand the blocking procedure.

The Blocking Procedure:

I will explain the blocking procedure in 4 steps: (1) Relevant designations and committees; (2) Procedure to make and examine a blocking request, and issue blocking direction; (3) Blocking in special circumstances; and (4) Review of blocking directions.

(1) Relevant designations and committees:

Designated Officer (“DO”): The Central government notifies an officer not below the rank of Joint Secretary as the Designated Officer, who will issue the blocking direction ot the relevant intermediary or agency [Rule 3]. By a notification dated 20 January 2010, the DO is the Group Coordinator, Cyberlaw Division, Department of Information Technology (DIT). Unfortunately, I was unable to locate the Group Coordinator, Cyberlaw Division on the website of the Department of Electronics and Information Technology (DeitY, the name to which DIT was renamed in 2012). I am also unable to find a notification updating the designation of the DO. Presumably, Dr. Gulshan Rai, Director General (Cyberlaws & E-security), DeitY, continues to be the DO.

Nodal Officer (“NO”): Every organization designates one of its officers as a Nodal Officer, who will receive blocking requests and forward them to the DO [Rule 4]. ‘Organisation’ is defined in Rule 2(g) as Ministries or Departments of the Government of India, State governments and Union Territories, and any Agency of the Central government notified in the Official Gazette. I am unable to find on the DeitY website a notification explaining which government Agencies are ‘organisations’ under Rule 2(g).

Intermediary Contact: Every intermediary also designates one person to receive and handle blocking directions from the DO [Rule 13].

Committee for Examination of Request (“CER”): The 5-membered CER comprises the DO as Chairman, along with officers not below the rank of Joint Secretary from the Ministries of Law & Justice, Home Affairs, Information & Broadcasting and CERT-In [Rule 7]. The CER examines each blocking request, before issuing recommendations to the DO to block or not to block. Regrettably, I am unable to identify the current membership of the CER, as no document is available that gives this information. However, the CER’s composition in 2010 may be gleaned (see Annexure III).

Review Committee (“RC”): Rule 2(i) defines the RC as the body set up under Rule 419A, Indian Telegraph Rules, 1951. As per Rule 419A(16), the Central RC is constituted by the Cabinet Secretary, Secretary to the Government of India (Legal Affairs) and Secretary (Department of Telecom).

(2) Blocking procedure:

The Blocking Rules stipulate that the entire blocking procedure, from examining a blocking request to issuing a blocking direction, must be carried out within 7 days from the date on which the DO receives the blocking request from the NO [Rule 11].

(a) Making a blocking request: Any person may send a request for a website-block to an NO of any ‘organisation’ (“outside request”). Alternatively, the NO may himself raise a blocking request. The organization has to examine each outside request and be satisfied that it meets the requirements of Section 69A(1), IT Act. Once it is satisfied, the NO forwards the blocking request to the DO. Outside requests must be approved by the Chief Secretary of the State or Union Territory, before they are sent to the DO. [See Rule 6 for this procedure]

(b) Examining a blocking request: Once the DO receives a blocking request, he/she places it before the CER. The DO tries to identify the person/intermediary hosting the troubling information, and if identified, issues a notice seeking their representation before the CER. Foreign entities hosting the information are also informed over fax/email. The person/intermediary has 48 hours from the date of receiving the DO’s notice to make its representation.

After this, the CER will examine the blocking request. It will “consider whether the request is covered within the scope of Section 69A(1)”, and whether it is justifiable to block [Rule 8(4)].

(c) Blocking direction: The DO then places the CER’s recommendation to block or not to block before the Secretary (DeitY) for his/her approval. If and once approval is granted, the DO directs the relevant Agency or intermediary to block the website/page.

(3) Blocking in special circumstances:

(a) Emergencies [Rule 9]: In an emergency “when no delay is acceptable”, the DO passes over the blocking procedure described above. With written recommendations, the DO directly approaches the Secretary (DeitY) for approval of blocking request. If satisfied, the Secretary (DeitY) issues the blocking direction as an interim measure. Nevertheless, the DO is required to place the blocking request before the CER at the earliest opportunity (in any case, not later than 48 hours after blocking direction).

(b) Court orders [Rule 10]: If a court has ordered a website-block, the DO follows a procedure similar to an Emergency situation. He/she submits the certified copy of order to the Secretary (DeitY), and then initiates action as ordered by the court.

(4) Review of blocking directions:

The RC is to meet once in 2 months to evaluate whether blocking directions issued under the Blocking Rules are in compliance with Section 69A(1) [Rule 14]. No other review or appeal mechanism is provided under the Blocking Rules. Nor are aggrieved parties afforded any further opportunities to be heard. Also note that Rule 16 mandates that all requests and complaints received under the Blocking Rules are to the kept strictly confidential.

In the next post, I will subject Section 69A and the Blocking Rules to a constitutional analysis.

Blocking procedure poster:

CIS has produced a poster explaining the blocking procedure (download PDF, 2.037MB).

For more details visit https://cis-india.org/internet-governance/blog/is-india2019s-website-blocking-law-constitutional-2013-i-law-procedure

Overview of the Constitutional Challenges to the IT Act

pranesh — 2014-12-19T09:01:50Z

There are currently ten cases before the Supreme Court challenging various provisions of the Information Technology Act, the rules made under that, and other laws, that are being heard jointly. Advocate Gopal Sankaranarayanan who's arguing Anoop M.K. v. Union of India has put together this chart that helps you track what's being challenged in each case.

PENDING MATTERS	CASE NUMBER	PROVISIONS CHALLENGED
Shreya Singhal v. Union of India	W.P.(CRL.) NO. 167/2012	66A
Common Cause & Anr. v. Union of India	W.P.(C) NO. 21/2013	66A, 69A & 80
Rajeev Chandrasekhar v. Union of India & Anr.	W.P.(C) NO. 23/2013	66A & Rules 3(2), 3(3), 3(4) & 3(7) of the Intermediaries Rules 2011
Dilip Kumar Tulsidas Shah v. Union of India & Anr.	W.P.(C) NO. 97/2013	66A
Peoples Union for Civil Liberties v. Union of India & Ors.	W.P.(CRL.) NO. 199/2013	66A, 69A, Intermediaries Rules 2011 (s.79(2) Rules) & Blocking of Access of Information by Public Rules 2009 (s.69A Rules)
Mouthshut.Com (India) Pvt. Ltd. & Anr. v. Union of India & Ors.	W.P.(C) NO. 217/2013	66A & Intermediaries Rules 2011
Taslima Nasrin v. State of U.P & Ors.	W.P.(CRL.) NO. 222/2013	66A
Manoj Oswal v. Union of India & Anr.	W.P.(CRL.) NO. 225/2013	66A & 499/500 Indian Penal Code
Internet and Mobile Ass'n of India & Anr. v. Union of India & Anr.	W.P.(C) NO. 758/2014	79(3) & Intermediaries Rules 2011
Anoop M.K. v. Union of India & Ors.	W.P.(CRL.) NO. 196/2014	66A, 69A, 80 & S.118(d) of the Kerala Police Act, 2011

For more details visit https://cis-india.org/internet-governance/blog/overview-constitutional-challenges-on-itact