Centre for Internet and Society

Rethinking the intermediary liability regime in India

torsha — 2019-08-16T01:49:47Z

The article consolidates some of our broad thematic concerns with the draft amendments to the intermediary liability rules, published by MeitY last December.

The blog post by Torsha Sarkar was published by CyberBRICS on August 12, 2019.

Introduction

In December 2018, the Ministry of Electronics and Information Technology (“MeitY”) released the Intermediary Liability Guidelines (Amendment) Rules (“the Guidelines”), which would be significantly altering the intermediary liability regime in the country. While the Guidelines has drawn a considerable amount of attention and criticism, from the perspective of the government, the change has been overdue.

The Indian government has been determined to overhaul the pre-existing safe harbour regime since last year. The draftversion of the e-commerce policy, which were leaked last year, also hinted at similar plans. As effects of mass dissemination of disinformation, propaganda and hate speech around the world spill over to offline harms, governments have been increasingly looking to enact interventionist laws that leverage more responsibility on the intermediaries. India has not been an exception.

A major source of these harmful and illegal content in India come through the popular communications app WhatsApp, despite the company’s enactment of several anti-spam measures over the past few years. Last year, rumours circulated on WhatsApp prompted a series of lynchings. In May, Reuters reported that clones and software tools were available at minimal cost in the market, for politicians and other interested parties to bypass these measures, and continue the trend of bulk messaging.

These series of incidents have made it clear that disinformation is a very real problem, and the current regulatory framework is not enough to address it. The government’s response to this has been accordingly, to introduce the Guidelines. This rationale also finds a place in its preliminarystatement of reasons.

While enactment of such interventionist laws has triggered fresh rounds of debate on free speech and censorship, it would be wrong to say that such laws were completely one-sided, or uncalled for.

On one hand, automated amplification and online mass circulation of purposeful disinformation, propaganda, of terrorist attack videos, or of plain graphic content, are all problems that the government would concern itself with. On the other hand, several online companies (including Google) also seem to be in an uneasy agreement that simple self-regulation of content would not cut it. For better oversight, more engagement with both government and civil society members is needed.

In March this year, Mark Zuckerberg wrote anop-ed for the Washington Post, calling for more government involvement in the process of content regulation on its platform. While it would be interesting to consider how Zuckerberg’s view aligns with those similarly placed, it would nevertheless be correct to say that online intermediaries are under more pressure than ever to keep their platforms clean of content that is ‘illegal, harmful, obscene’. And this list only grows.

That being said, the criticism from several stakeholders is sharp and clear in instances of such law being enacted – be it the ambitious NetzDG aimed at combating Nazi propaganda, hate speech and fake news, or the controversial new European Copyright Directive which has been welcomed by journalists but has been severely critiqued by online content creators and platforms as detrimental against user-generated content.

In the backdrop of such conflicting interests on online content moderation, it would be useful to examine the Guidelines released by MeitY. In the first portion we would be looking at certain specific concerns existing within the rules, while in the second portion, we would be pushing the narrative further to see what an alternative regulatory framework may look like.

Before we jump to the crux of this discussion, one important disclosure must be made about the underlying ideology of this piece. It would be unrealistic to claim that the internet should be absolutely free from regulation. Swathes of content on child sexual abuse, or terrorist propaganda, or even the hordes of death and rape threats faced by women online are and should be concerns of a civil society. While that is certainly a strong driving force for regulation, this concern should not override the basic considerations for human rights (including freedom of expression). These ideas would be expanded a bit more in the upcoming sections.

Broad, thematic concerns with the Rules

A uniform mechanism of compliance

Timelines

Rule 3(8) of the Guidelines mandates intermediaries, prompted by a court order or a government notification, to take down content relating to unlawful acts within 24 hours of such notification. In case they fail to do so, the safe harbour applicable to them under section 79 of the Information Technology Act (“the Act”) would cease to apply, and they would be liable. Prior to the amendment, this timeframe was 36 hours.

There is a visible lack of research which could rationalize that a 24-hour timeline for compliance is the optimal framework, for all intermediaries, irrespective of the kind of services they provide, or the sizes or resources available to them. As Mozilla Foundation has commented, regulation of illegal content online simply cannot be done in an one-size-fits-all approach, nor can regulation be made with only the tech incumbents in mind. While platforms like YouTube can comfortably remove criminal prohibited content within a span of 24 hours, this still can place a large burden on smaller companies, who may not have the necessary resources to comply within this timeframe. There are a few unintended consequences that would arise out of this situation.

One, sanctions under the Act, which would include both organisational ramifications like website blocking (under section 69A of the Act) as well as individual liability, would affect the smaller intermediaries more than it would affect the bigger ones. A bigger intermediary like Facebook may be able to withstand a large fine in lieu of its failure to control, say, hate speech on its platform. That may not be true for a smaller online marketplace, or even a smaller online social media site, targeted towards a very specific community. This compliance mechanism, accordingly, may just go on to strengthen the larger companies, and eliminating the competition from the smaller companies.

Two, intermediaries, in fear of heavy criminal sanctions would err on the side of law. This would mean that the decisions involved in determining whether a piece of content is illegal or not would be shorter, less nuanced. This would also mean that legitimate speech would also be under risk from censorship, and intermediaries would pay less heed to the technical requirements or the correct legal procedures required for content takedown.

Utilization of ‘automated technology’

Another place where the Guidelines assume that all intermediaries operating in India are on the same footing is Rule 3(9). This mandates these entities to proactively monitor for ‘unlawful content’ on their platforms. Aside the unconstitutionality of this provision, this also assumes that all intermediaries would have the requisite resource to actually set up this tool and operate it successfully. YouTube’s ContentID, which began in 2007, has already seen a whopping 100 million dollars investment by 2018.

Funnily enough, ContentID is a tool exclusively dedicated to finding copyright violation of rights-holder, and even then, it has been proven to be not infallible. The Guidelines’ sweeping net of ‘unlawful’ content include far many more categories than mere violations of IP rights, and the framework assumes that intermediaries would be able to set up and run an automated tool that would filter through all these categories of ‘unlawful content’ at one go.

The problems of AI

Aside the implementation-related concerns, there are also technical challenges related with Rule 3(9). Supervised learning systems (like the one envisaged under the Guidelines) use training data sets for pro-active filtering. This means if the system is taught that for ten instances of A being the input, the output would be B, then for the eleventh time, it sees A, it would give the output B. In the lingo of content filtering, the system would be taught, for example, that nudity is bad. The next time the system encounters nudity in a picture, it would automatically flag it as ‘bad’ and violating the community standards.

Except, that is not how it should work. For every post that is under the scrutiny of the platform operators, numerous nuances and contextual cues act as mitigating factors, none of which, at this point, would beunderstandable by a machine.

Additionally, the training data used to feed the system can be biased. A self-driving car who is fed training data from only one region of the country would learn the customs and driving norms of that particular region, and not the patterns that apply across the intended purpose of driving throughout the country.

Lastly, it is not disputed that bias would be completely eliminated in case the content moderation was undertaken by a human. However, the difference between a human moderator and an automated one, would be that there would be a measure of accountability in the first one. The decision of the human moderator can be disputed, and the moderator would have a chance to explain his reasons for the removal. Artificial intelligence (“AI”) is identified by the algorithmic ‘black box’ that processes inputs, and generates usable outputs. Implementing workable accountability standards for this system, including figuring out appeal and grievance redressal mechanisms in cases of dispute, are all problems that the regulator must concern itself with.

In the absence of any clarity or revision, it seems unlikely that the provision would actually ever see full implementation. Neither would the intermediaries know what kind of ‘automated technology’ they are supposed to use for filtering ‘unlawful content’, nor would there be any incentives for them to actually deploy this system effectively for their platforms.

What can be done?

First, more research is needed to understand the effect of compliance timeframes on the accuracy of content takedown. Several jurisdictions are operating now on different timeframes of compliance, and it would be a far more holistic regulation should the government consider the dialogue around each of them and see what it means for India.

Second, it might be useful to consider the concept of an independent regulator as an alternative and as a compromise between pure governmental regulation (which is more or less what the system is) or self-regulation (which the Guidelines, albeit problematically, also espouse through Rule 3(9)).

The UK White Paper on Harms, a piece of important document in the system of liability overhaul, proposes an arms-length regulator who would be responsible for drafting codes of conduct for online companies and responsible for their enforcement. While the exact merits of the system is still up for debate, the concept of having a separate body to oversee, formulate and also possiblyarbitrate disputes regarding content removal, is finding traction in several parallel developments.

One of the Transatlantic Working Group Sessions seem to discuss this idea in terms of having an ‘internet court’ for illegal content regulation. This would have the noted advantage of a) formulating norms of online content in a transparent, public fashion, something previously done behind closed doors of either the government or the tech incumbents and b) having specially trained professionals who would be able to dispose of matters in an expeditious manner.

India is not unfamiliar to the idea of specialized tribunals, or quasi-judicial bodies for dealing with specific challenges. In 2015, for example, the Government of India passed the Commercial Courts Act, by which specific courts were tasked to deal with matters of very large value. This is neither an isolated instance of the government choosing to create new bodies for dealing with a specific problem, nor would it be inimitable in the future.

There is no silver bullet when it comes to moderation of content on the web. However, in light of these parallel convergence of ideas, the appeal of an independent regulatory system as a sane compromise between complete government control and laissez-faireautonomy, is worth considering.

For more details visit https://cis-india.org/internet-governance/blog/cyber-brics-august-12-2019-torsha-sarkar-rethinking-the-intermediary-liability-regime-in-india

The Take Down of Free Speech Online

praskrishna — 2014-04-06T05:19:50Z

As part of a study to access rate of compliance, in 2011, the Centre for Internet and Society Bangalore sent frivolous “take down” requests to seven prominent intermediaries. The study showed exactly how easy it is to take down online content.

This was published in Newslaundry on April 1, 2014. CIS research on Intermediary Liabilities is quoted.

CIS found that six out of the seven intermediaries “over complied” with the notices. Facts such as these about intermediary liability were discussed in a panel discussion “Intermediary Liability & Freedom of Expression in India” in Delhi on March 27, 2014 organised by Centre for Communication Governance at National Law University in collaboration with the Global Network Initiative.

The panel also included Professor Ranbir Singh, Vice Chancellor of NLU, Jermyn Brooks (Independent Chair – Global Network Initiative, Washington DC), Shyam Divan (Senior Advocate, Supreme Court of India) and SiddharthVaradarajan (Journalist). They discussed proxy censorship by government through private players and how e-business’ lose out on opportunities because of the current legal framework in the country within which intermediaries have to function.

According to Section 2(1)(w) of The Information Technology Act, 2000, “intermediary”- with respect to any particular electronic message -signifies any person who on behalf of another person receives, stores or transmits that message or provides any service with respect to that message.According to Rishab Dara, recipient of the Google policy Fellowship 2011, in an article titled, Intermediary Liability in India: Chilling Effects on Free Expression on the Internet, “intermediaries are widely recognised as essential cogs in the wheel of exercising the right to freedom of expression on the Internet. Most major jurisdictions around the world have introduced legislations for limiting intermediary liability in order to ensure that this wheel does not stop spinning”.

The “safe harbor”or what is also known asIntermediary Liability Laws according to Section 79 of the Information Technology Act are given below:

Intermediaries not to be Liable in Certain Cases

(1) Notwithstanding anything contained in any law for the time being in force but subject to the provisions of sub-sections (2) and (3), an intermediary shall not be liable for any third party information, data, or communication link made available or hosted by him.

(2) The provisions of sub-section (1) shall apply if—

(a) the function of the intermediary is limited to providing access to a communication system over which information made available by third parties is transmitted or temporarily stored or hosted; or

(b) the intermediary does not—

(i) initiate the transmission,

(ii) select the receiver of the transmission, and

(iii) select or modify the information contained in the transmission;

(c) the intermediary observes due diligence while discharging his duties under this Act and also observes such other guidelines as the Central Government may prescribe in this behalf.

(3) The provisions of sub-section (1) shall not apply if—

(a) the intermediary has conspired or abetted or aided or induced, whether by threats or promise or othorise in the commission of the unlawful act;

(b) upon receiving actual knowledge, or on being notified by the appropriate Government or its agency that any information, data or communication link residing in or connected to a computer resource controlled by the intermediary is being used to commit the unlawful act, the intermediary fails to expeditiously remove or disable access to that material on that resource without vitiating the evidence in any manner.

Under the Act, the intermediary needs to act on a complaint within 36 hours of a take down notice -failing which they will be liable to legal action if the case is taken to the court.

Shyam Divan spoke about the absurdity of the 36-hour turnaround time that an intermediary has between receiving a complaint and taking down the content. According to him, without any kind of legal option to fall back on, intermediaries decide to comply with such take down notices fearing “serious penalties and possibility of prosecution” which results in “indirect censorship”. He also said, “Domestic constitution in itself is not going to be sufficient”. “Meta-constitutions” which are transnational and have uniform laws across countries could be a possible solution to the current confusion as the internet is a global phenomenon and it would ensure that “the extent of our online rights would not be limited to the constitution of the country”.

Giving the example of hate speech, Siddharth Varadarajan, mentioned the Indian executive’s different approaches towards different mediums. Referring to hate speeches made during the 1993 Bombay riots by Shiv Sena leaders and those made during the 2002 Gujarat riots, he said, “Hate speech never gets prosecuted when made amid a physical crowd in a volatile situation.I can understand why politicians won’t be prosecuted but why so much sensitivity on online content. This paradox is worth reflecting on.Despite its limited reach, the executive reacts in such a hyper-sensitive manner”.He adds that as the editor of a news website one faces daily problems in taking decisions on online content especially on comment moderation and whether the website would be responsible for a certain comment made by a reader. Echoing Shyam Divan’s views,he said that in India more than the punishment, when a case is filed, the legal process itself becomes a punishment, which forces Internet Service Providers to comply with requests of blocking online content.

The Global Network Initiative is a Washington-based organisation that provides a framework for companies to deal with governments requesting censorship or surveillance of online content, “rooted in international standards legal framework also interesting people”. According to a report released by it, “provided that the existing safe harbour regime is improved, intermediaries can become a significant part of the economy and their GDP contribution may increase to more than 1.3 per cent by 2015. The potential corresponds to $41 billion by 2015”.Jermyn Brooks,Independent Chair of GNI,argued that instead of focusing all efforts on ensuring that the Information Technology (Intermediaries Guidelines) Rules, 2011 gets struck down by Courts for its unconstitutionality, there should also be a movement to effect policy changes through the amendment of the law. According to him, such a proposition would be more lucrative for a government looking for “re-invigoration of economic growth in India”.

The discussion was significant in the light that a number of cases related to the IT Act and freedom of online speech will be heard in the Supreme Court in the coming months. A petition by Mouthshut.com challenges the Information Technology (Intermediaries Guidelines) Rules 2011 “which effectively creates a notice and takedown regime for content hosted by intermediaries”. Another important case up for hearing is a petition by Member of Parliament Rajeev Chandrashekhar,“which also challenges these rules on grounds that they are ambiguous, require private parties to subjectively assess objectionable content, and that they undermine the safe harbour exemptions from liability granted to intermediaries by section 79 of the IT Act”. The People’s Union for Civil Liberties (PUCL) has challenged the Intermediaries Guidelines rules as well as the Procedure and Safeguards for Blocking for Access of Information by the Public Rules 2009. “This petition has pointed to the lack of transparency in the blocking procedure, which does not currently offer the public any notice or reasons for the blocking.”

“The cases pending before the Supreme Court will have a significant impact on the freedom of expression. We should never take our rights for granted – the interpretation of these rights needs to be consistent with their spirit”, said Professor Ranbir Singh.

Citing the recent example of the Wendy Doniger episode, Varadarajan says, “If Penguin chooses to pack up at the District court level, you know how Internet Service Providers would react to take down notices…Specific targeting of online speech would ultimately have a negative impact on the traditional media”. And that is the crux of the matter. In the absence of intermediate liability not being limited, online censorship and the curtailment of the freedom of speech will become far easier and will only worsen.

For more details visit https://cis-india.org/news/newslaundry-april-1-2014-somi-das-the-take-down-of-free-speech-online

A trust deficit between advertisers and publishers is leading to fake news

sunil — 2018-10-02T06:44:55Z

Transparency regulations is need of the hour. And urgently for election and political advertising. What do the ads look like? Who paid for them? Who was the target? How many people saw these advertisements? How many times? Transparency around viral content is also required.

The article was published in Hindustan Times on September 24, 2018.

Traditionally, we have depended on the private censorship that intermediaries conduct on their platforms. They enforce, with some degree of success, their own community guidelines and terms of services (TOS). Traditionally, these guidelines and TOS have been drafted keeping in mind US laws since historically most intermediaries, including non-profits like Wikimedia Foundation were founded in the US.

Across the world, this private censorship regime was accepted by governments when they enacted intermediary liability laws (in India we have Section 79A of the IT Act). These laws gave intermediaries immunity from liability emerging from third party content about which they have no “actual knowledge” unless they were informed using takedown notices. Intermediaries set up offices in countries like India, complied with some lawful interception requests, and also conducted geo-blocking to comply with local speech regulation.

For years, the Indian government has been frustrated since policy reforms that it has pursued with the US have yielded little fruit. American policy makers keep citing shortcomings in the Indian justice systems to avoid expediting the MLAT (Mutual Legal Assistance Treaties) process and the signing of an executive agreement under the US Clout Act. This agreement would compel intermediaries to comply with lawful interception and data requests from Indian law enforcement agencies no matter where the data was located.

The data localisation requirement in the draft national data protection law is a result of that frustration. As with the US, a quickly enacted data localisation policy is absolutely non-negotiable when it comes to Indian military, intelligence, law enforcement and e-governance data. For India, it also makes sense in the cases of health and financial data with exceptions under certain circumstances. However, it does not make sense for social media platforms since they, by definition, host international networks of people. Recently an inter ministerial committee recommended that “criminal proceedings against Indian heads of social media giants” also be considered. However, raiding Google’s local servers when a lawful interception request is turned down or arresting Facebook executives will result in retaliatory trade actions from the US.

While the consequences of online recruitment, disinformation in elections and fake news to undermine public order are indeed serious, are there alternatives to such extreme measures for Indian policy makers? Updating intermediary liability law is one place to begin. These social media companies increasingly exercise editorial control, albeit indirectly, via algorithms to claim that they have no “actual knowledge”.

But they are no longer mere conduits or dumb pipes as they are now publishers who collect payments to promote content. Germany passed a law called NetzDG in 2017 which requires expedited compliance with government takedown orders. Unfortunately, this law does not have sufficient safeguards to prevent overzealous private censorship. India should not repeat this mistake, especially given what the Supreme Court said in the Shreya Singhal judgment.

Transparency regulations are imperative. And they are needed urgently for election and political advertising. What do the ads look like? Who paid for them? Who was the target? How many people saw these advertisements? How many times? Transparency around viral content is also required. Anyone should be able to see all public content that has been shared with more than a certain percentage of the population over a historical timeline for any geographic area. This will prevent algorithmic filter bubbles and echo chambers, and also help public and civil society monitor unconstitutional and hate speech that violates terms of service of these platforms. So far the intermediaries have benefitted from surveillance — watching from above. It is time to subject them to sousveillance — watched by the citizens from below.

Data portability mandates and interoperability mandates will allow competition to enter these monopoly markets. Artificial intelligence regulations for algorithms that significantly impact the global networked public sphere could require – one, a right to an explanation and two, a right to influence automated decision making that influences the consumers experience on the platform.

The real solution lies elsewhere. Google and Facebook are primarily advertising networks. They have successfully managed to destroy the business model for real news and replace it with a business model for fake news by taking away most of the advertising revenues from traditional and new news media companies. They were able to do this because there was a trust deficit between advertisers and publishers. Perhaps this trust deficit could be solved by a commons-based solutions based on free software, open standards and collective action by all Indian new media companies.

For more details visit https://cis-india.org/internet-governance/blog/hindustan-times-sunil-abraham-september-24-2018-a-trust-deficit-between-advertisers-and-publishers-is-leading-to-fake-news

India- EU FTA: A Note on the Copyright Issues

nehaa — 2013-07-03T06:47:08Z

In this blog post, Nehaa Chaudhari gives us an overview of some of the provisions of the Free Trade Agreement (FTA) and the copyright issues identified therein.

Click to download the India-EU FTA: A Note on Copyright Issues (PDF, 205 Kb)

Against the backdrop of ongoing negotiations dating back to 2007, and, more recently, with parties being unable to make substantial progress on the Indo-EU FTA[1] this note presents an overview on some of the provisions of the FTA and the copyright issues identified therein. This note deals with the issues on two levels- first to examine the impact of intellectual property right provisions in FTAs in general and second to apply these generic principles to the Indo- EU FTA specifically.

Introduction

Investment agreements, of which bilateral investment treaties are a part, and investment chapters in various FTAs often result in an increase in the effective levels of intellectual property protection in one of the countries that is a part to the agreement. This can be done either explicitly, where ‘investment’ may be defined to include IP, or implicitly, for instance, through an expropriation provision.[2] This has concurrently witnessed the growing realization that the promotion of these increased IP standards is not suited to the need of developing countries. Therefore, it has been observed[3]that there is now an attempt by the developed countries to use FTAs as a forum to push for higher standards of IP protection in developing countries, and to restrict the scope of the flexibilities offered by TRIPS, most notably in the sectors of protection of plant varieties, patents and access to medicine, farmers rights and access to information.[4]This approach is inherently problematic, because it then infringes on the developing countries’ ability to achieve their developmental objectives.

Dismantling the Arguments In Favour of Increased IP Protection

A prevalent view of thought is that in order to increase Foreign Direct Investment (FDI), developing countries would have to increase their IP protection. This section of the paper seeks to argue that this might not necessarily be the case.

An illustration of the aforesaid proposition may be Heald’s criticism[5] levied on Mansfield’s paper[6] arguing that there was a direct correlation between the level of intellectual property protection in a country and the foreign direct investment into that country. Further, a study[7] conducted under the aegis of the United Nations has suggested that there was a ‘considerable incentive’ for countries to use the flexibilities provided under TRIPS to maximise net benefits for their development; stating that while in countries with a capacity to innovate stronger IPR protection can reap some benefits in terms of greater innovation at home and a greater diffusion of technology, the same cannot be said about nations without such a capacity, and may in fact impose additional costs.[8]

Specifically in the area of copyright, it has been observed that increased copyright protection can hamper the growth and development of knowledge based industries. Sanya Smith argues that those who control copyright have a ‘significant advantage’ in the knowledge based economy, and says that in the current scenario where ownership of copyright is largely in the hands of industrialized nations, this places developing nations, and smaller economies at a significant disadvantage.[9] She also goes on to argue that increasing copyright protection alone does not seem to be sufficient to stimulate industries, and there may other factors involved. Additionally, copyright could also significantly increase the cost of creative industries.[10] More fundamentally however, access to information and knowledge are amongst the most affected areas as a result of tightening of copyright laws, leaving students, academicians, researchers, scientists and persons with print disability significantly disadvantaged.

Implications of the Copyright Provisions in the Proposed Indo- EU FTA

Based on the general discussion earlier, this section of the paper seeks to examine the proposed and long debated Indo- EU FTA for the concerns enumerated earlier. As things currently stand, both parties have failed to reach a consensus on various substantial differences, and a ministerial meet originally scheduled for June seems unlikely to take place.[11]

It has been observed[12] that the Indo- EU FTA[13] includes various provisions that preserve the flexibilities offered under the TRIPS framework. This is extremely critical from the perspective of developing countries, given that access to knowledge is an extremely important ideal to be preserved. For instance, as noted by Knowledge Ecology International[14]the proposed FTA includes Articles 7 (Objectives) and 8 (Principles) of the TRIPS[15] by reference. Further, the language of Article 13 under the proposed FTA explicitly recognizes the importance of the Doha Declaration, which is a positive step.[16] It has been said however, that stronger language where the parties ‘affirmed’ their obligations under the Declaration could have been used.[17] However, this does not take away from the fact that many of the provisions of the proposed FTA are extremely problematic, as will be discussed in the forthcoming parts of this paper.

Problematic Provisions

The main concern that has emerged from this FTA is the fact that some of its provisions dealing with IPR go beyond the mandate as under the TRIPS Agreement. For instance, as pointed out by Shamnaad Basheer to Intellectual Property Watch, various provisions now provide for intermediary liability, which isn’t present in TRIPS. He also adds however, that if the initial stand of the government that India would not go TRIPS plus continues to hold, the government should indeed adopt a strong stance and not cave in to the said provisions.[18] An overview of some of the problematic provisions has been presented hereafter:

International Obligations

As per the proposed treaty, protection granted by the parties should be in accordance with the Berne Convention, the Rome Convention and the WIPO Copyright and Performance and Phonograms Treaties. Snehashish Ghosh in his blog post[19] writes that the EU stipulates compliance with Articles 1 through 22 of the Rome Convention for the Protection of Performers, Producers of Phonograms and Broadcasting Organizations (1961), Articles 1 through 14 of the WIPO Copyright Treaty – WCT (Geneva, 1996), Articles 1 through 23 of the WIPO Performance and Phonograms Treaty – WPPT (Geneva, 1996). It is critical to note that the Rome Convention is not in force in India[20], and that India is not a party to either the WCT[21] or the WPPT[22], and therefore, this provision would have the effect of substantially surpassing all obligations that India has at the moment under multilateral international agreements.

Technical Protection Measures (TPMs) and Digital Rights Management (DRM)

A TPM, understood simply, is a lock in a digital format, placed on digital material to prevent access to or copying of the material in question. The problem with such measures is that they can prevent even those forms of copying which are legal (for instance, the copying of a movie on which copyright has expired could be prevented), creating a potentially infinite monopoly over the product in question. India, in its negotiations with the EU, has agreed to sweeping language under this provision, where TPMs and DRM measures are broadly defined. The Agreement further provides for limitations on TPM protections only to persons who have “legal access to the protected work or subject matter”.[23]

Copyright Expansion

There are various provisions under the proposed FTA that have the effect of copyright expansion. To begin with, the duration of protection for photographic works is not expressly mentioned in the proposed agreement.[24] Snehashish Ghosh concludes that the term of photographic works is unclear in the proposed FTA. He writes that the proposed FTA makes it mandatory for the parties to comply with the Berne Convention, and all literary and artistic work under the proposed FTA is to be construed as the same as the Berne Convention[25]. Photographic works are included under literary and artistic works under the Berne Convention, and the rights of an author in case of photographic works are protected for a minimum period of 25 years. However, the proposed FTA extends the period of protection to beyond that prescribed by the Berne Convention and states that protection is given to literary and artistic works (as defined in the Berne Convention) for a period of the duration of the life of the author plus fifty years after this death. It further states that works for which the period of protection is not calculated from the death of the author, and which have not been lawfully made available to the public within at least 50 years from their creation, the protection shall terminate.[26]

Article 7.6 (proposed by the EU), limits the resale rights of a downstream purchaser. It has been noted by Knowledge Ecology International[27] that this seems to give the author of an original work of art a right in perpetuity, to receive a royalty for the resale of the piece of art, where such right cannot be waived or transferred by the author of the work. Therefore, a situation would arise where each time a person who has purchased the work wants to resell the same, he would have to pay royalties to the original author.[28] The observations further go on to note that royalties are not limited, and the amount has to be determined by national legislation. Further complicating the situation is the fact that the provision does not cease to apply after a given number of re-sales, and continues to the death of the author (but might not into the 50 year protection post the death of the author).[29]

Exceptions and limitations for copyright have been covered under Article 7.9(1) of the proposed FTA, and they may be created “only” in accordance with the three step test, which is essentially that (a) the exceptions and limitations must apply in certain special cases; (b) must not be in conflict with the normal course of exploitation of the subject matter in question and (c) must not unreasonably prejudice the legitimate interests of the right holders.[30] It has been observed that this test is more restrictive than TRIPS, Berne Convention, Rome Convention or the WCT.[31]

On the plus side, temporary copies have been excluded from copyright protection, as per Article 7.9(2) of the proposed FTA, which would ensure the proper functioning of technology.

Persons with Disabilities

There is nothing that deals with the import/export or cross border exchange of files/documents/books etc. for persons with disabilities.

Cross Border Measures

Cross Border Measures have been dealt with under Article 30 of the proposed FTA. It is interesting to note that under this Article the EU has proposed the application of border measures to exports as well. This is contrary to the position laid down in the TRIPS Agreement, which has this requirement only for importing infringing goods.[32] Further, the EU also seeks to expand the applicability of such measures to include those goods which also infringe designs or geographical indications. Additionally, Article 30 also leaves out certain TRIPS safeguards, for instance, one that requires the right holder to provide adequate evidence for a prima facie case of infringement.[33]

Intermediary Liability

It has been suggested that the EU, under the garb of protecting intermediate service providers from liability for infringement by users, is purporting to place a greater burden on the providers in question, of policing user activity.[34] For instance under Article 35.1.1 of the proposed FTA, while service providers are not under any general obligation to seek facts or circumstances that could indicate illegal activity, they may be obligated to promptly inform competent authorities of these alleged illegal activities undertaken/information provided by recipients of their service. [35] Otherwise, the providers may also be required to communicate to the authorities, on their request, information that would enable the identification of their service with whom they have storage agreements, as per Article 35.1.2.[36] It has been rightly identified by Glover Wright, that such provisions would only serve to increase tensions between the users and their service providers, with relations dictated by concerns about liability, and barriers in the sending, receiving and storing of information freely. It would be a tricky question for intermediate service providers to check what would constitute ‘knowledge’ and how they were to best safeguard themselves from liability.[37] Therefore, the author is inclined to agree with Wright’s submission that India needs to reject all provisions of liability of intermediate service providers as discussed above.

IP Enforcement

There exist, as regards the enforcement of rights, many problematic provisions in the proposed FTA. For starters, the EU has proposed that interlocutory injunctions may also be issued under the same conditions against an intermediary whose services are being used by a third party to infringe intellectual property rights.[38] This may be found under Article 22.1 of the proposed FTA, and is inherently problematic for being a provision far beyond the mandate as laid down by TRIPS.

The EU is also pushing for the use of very explicit language as regards seizing movable and immovable property of the alleged infringer as a precautionary measure. This also extends to the blocking of the bank accounts and other assets of the said infringer, and to this end, competent authorities may even order the communication of bank, financial or commercial documents, or access to the said information.[39] It is critical to note that such a provision is greatly problematic as being rather vague in its approach, and very readily compromising privacy for ‘alleged’ acts of infringement.

It is further critical to note that while Article 20 states that courts should have the power to grant ex parte order to collect evidence that is allegedly infringing, there are no safeguards provided for protection of a bona fide defendant whose premises might have been raided wrongly. It is submitted that provisions that safeguard the interests of defendants are of prime importance, especially in the Indian set up, where courts are as it is rather generous in their granting of ex parte orders.

Concluding Observations

While India may stand to benefit from the proposed FTA with the EU, there remain significant IP related issues that need to be ironed out before India comes to any consensus about the agreement and ratifies the same. On the basis of the discussion over the course of this paper, it may be seen that the provisions on intellectual property rights are problematic on various levels, particularly in the areas of expansion of copyright, the inclusion of TRIPS plus provisions, cross border measures, TPMs, liability of service providers and enforcement mechanisms.

Discussions in the first half of this paper have demonstrated that increased IP protections do not necessarily translate into increased FDI and may in fact stifle innovation. Further, the warning to developing countries against adopting IPR standards fixed by developed nations has been sounded many times over, and is one that needs to be heeded to very closely for developing nations to achieve their developmental objectives.

India has over a period of time established an IP regime that is consumer friendly. In adopting the proposed FTA in its current form, she risks endangering this regime that has thus far been instrumental in proliferating emerging technologies in the county.[40] Given that India has already acceded to international standards for IPRs as a result of being a member of the WTO and being TRIPS compliant, there is no cogent reason to be made out that warrants the accession to an FTA with TRIPS plus provisions. India ought to continue to push back strongly on these fronts, bearing in mind that its stance could very well set the tone for other such agreements in South Asia. From the way things stand at the moment, it is indeed a matter of some relief that the ratification of this proposed FTA still appears to be at a considerable distance.

[1].Hereafter referred to as the FTA.

[2]. Sanya Reid Smith, Intellectual Property in Free Trade Agreements, for the UNDP Regional Trade Workshop (17-18 December, Penang, Malaysia), available at http://bit.ly/11W8dqy (last accessed 04 June, 2013).

[3]. Id.

[4]. Id at 5.

[5]. Supra note 2, citing PJ Heald, Information Economics and Policy 16 (2004) 57-65

[6]. Edwin Mansfield, Intellectual Property Protection, Foreign Direct Investment and Technology Transfer, International Finance Corporation: Discussion Paper No. 19, available at http://bit.ly/18V4D5v (last accessed 05 June, 2013)

[7]. See generally- Rod Falvey et. al., The Role of Intellectual Property Rights in Technology Transfer and Economic Growth: Theory and Evidence, United Nations Industrial Development Organization: Discussion Paper (2006), available at http://bit.ly/11JBR4o (last accessed 05 June, 2013).

[8]. Id.

[9]. Supra note 2 at 23.

[10]. Supra note 2 at 23.

[11]. PTI, India – EU FTA Talks Fail to Bridge Gaps, available at http://bit.ly/19LJaeP (last accessed 05 June, 2013).

[12]. Krista Cox, Quick Reaction to the EU/India (BTIA) Negotiating Text, available at http://keionline.org/node/1693 (last accessed 04 June, 2013).

[13]. Hereafter referred to as the FTA

[14]. KEI Staff, More Notes on the India EU FTA (BTIA), available at http://keionline.org/node/1692 (last accessed 05 June, 2013).

[15]. See http://bit.ly/13XhCfZ for more details, and for the bare text of the Articles. (last accessed 05 June, 2013).

[16]. Supra note 14.

[17]. Supra note 12.

[18]. Patralekha Chatterjee, Leaked IP Chapter of India- EU FTA Shows TRIPS-PLUS Pitfalls for India, Expert Says, available at http://bit.ly/Y7w70e (last accessed 05 June, 2013).

[19]. Snehashish Ghosh, Analysis of Copyright Expansion in the India-EU FTA (July 2010), available at http://bit.ly/ysitEC (last accessed 03 June, 2013).

[20]. For the status of Contracting Parties, see http://bit.ly/UITpsX (last accessed 05 June, 2013).

[21]. For the status of Contracting Parties, see http://bit.ly/f92xL2 (last accessed 05 June, 2013).

[22]. For the status of Contracting Parties, see http://bit.ly/fEsUAF (last accessed 05 June, 2013).

[23]. Supra note 14.

[24]. Supra note 19.

[25]. Supra note 19.

[26]. Supra note 19.

[27]. Supra note 12.

[28]. Supra note 12.

[29]. Supra note 12.

[30]. Supra note 12.

[31]. Supra note 14.

[32]. Supra note 12.

[33]. Supra note 12.

[34]. See Article 35 of the Proposed FTA.

[35]. Glover Wright, A Guide to the Proposed India-European Union Free Trade Agreement, available at http://bit.ly/16Dfuga (last accessed 05 June, 2013) at 12- 14.

[36]. Id.

[37]. Id.

[38]. Thiru, EU-India FTA: EU Pushes for IP Enforcement- IP Chapter Draft Text Under Negotiation (2013), available at http://keionline.org/node/1681 (last accessed 05 June, 2013).

[39]. See Article 22.3 of the proposed FTA.

[40]. Supra note 35.

For more details visit https://cis-india.org/a2k/blogs/india-eu-fta-copyright-issues

Invisible Censorship: How the Government Censors Without Being Seen

pranesh — 2012-01-04T08:59:14Z

The Indian government wants to censor the Internet without being seen to be censoring the Internet. This article by Pranesh Prakash shows how the government has been able to achieve this through the Information Technology Act and the Intermediary Guidelines Rules it passed in April 2011. It now wants methods of censorship that leave even fewer traces, which is why Mr. Kapil Sibal, Union Minister for Communications and Information Technology talks of Internet 'self-regulation', and has brought about an amendment of the Copyright Act that requires instant removal of content.

Power of the Internet and Freedom of Expression

The Internet, as anyone who has ever experienced the wonder of going online would know, is a very different communications platform from any that has existed before. It is the one medium where anybody can directly share their thoughts with billions of other people in an instant. People who would never have any chance of being published in a newspaper now have the opportunity to have a blog and provide their thoughts to the world. This also means that thoughts that many newspapers would decide not to publish can be published online since the Web does not, and more importantly cannot, have any editors to filter content. For many dictatorships, the right of people to freely express their thoughts is something that must be heavily regulated. Unfortunately, we are now faced with the situation where some democratic countries are also trying to do so by censoring the Internet.

Intermediary Guidelines Rules

In India, the new 'Intermediary Guidelines' Rules and the Cyber Cafe Rules that have been in effect since April 2011 give not only the government, but all citizens of India, great powers to censor the Internet. These rules, which were made by the Department of Information Technology and not by the Parliament, require that all intermediaries remove content that is 'disparaging', 'relating to... gambling', 'harm minors in any way', to which the user 'does not have rights'. When was the last time you checked wither you had 'rights' to a joke before forwarding it? Did you share a Twitter message containing the term "#IdiotKapilSibal", as thousands of people did a few days ago? Well, that is 'disparaging', and Twitter is required by the new law to block all such content. The government of Sikkim can run advertisements for its PlayWin lottery in newspapers, but under the new law it cannot do so online. As you can see, through these ridiculous examples, the Intermediary Guidelines are very badly thought-out and their drafting is even worse. Worst of all, they are unconstitutional, as they put limits on freedom of speech that contravene Article 19(1)(a) and 19(2) of the Constitution, and do so in a manner that lacks any semblance of due process and fairness.

Excessive Censoring by Internet Companies

We, at the Centre for Internet and Society in Bangalore, decided to test the censorship powers of the new rules by sending frivolous complaints to a number of intermediaries. Six out of seven intermediaries removed content, including search results listings, on the basis of the most ridiculous complaints. The people whose content was removed were not told, nor was the general public informed that the content was removed. If we hadn't kept track, it would be as though that content never existed. Such censorship existed during Stalin's rule in the Soviet Union. Not even during the Emergency has such censorship ever existed in India. Yet, not only was what the Internet companies did legal under the Intermediary Guideline Rules, but if they had not, they could have been punished for content put up by someone else. That is like punishing the post office for the harmful letters that people may send over post.

Government Has Powers to Censor and Already Censors

Currently, the government can either block content by using section 69A of the Information Technology Act (which can be revealed using RTI), or it has to send requests to the Internet companies to get content removed. Google has released statistics of government request for content removal as part of its Transparency Report. While Mr. Sibal uses the examples of communally sensitive material as a reason to force censorship of the Internet, out of the 358 items requested to be removed from January 2011 to June 2011 from Google service by the Indian government (including state governments), only 8 were for hate speech and only 1 was for national security. Instead, 255 items (71 per cent of all requests) were asked to be removed for 'government criticism'. Google, despite the government in India not having the powers to ban government criticism due to the Constitution, complied in 51 per cent of all requests. That means they removed many instances of government criticism as well.

'Self-Regulation': Undetectable Censorship

Mr. Sibal's more recent efforts at forcing major Internet companies such as Indiatimes, Facebook, Google, Yahoo, and Microsoft, to 'self-regulate' reveals a desire to gain ever greater powers to bypass the IT Act when censoring Internet content that is 'objectionable' (to the government). Mr. Sibal also wants to avoid embarrassing statistics such as that revealed by Google's Transparency Report. He wants Internet companies to 'self-regulate' user-uploaded content, so that the government would never have to send these requests for removal in the first place, nor block sites officially using the IT Act. If the government was indeed sincere about its motives, it would not be talking about 'transparency' and 'dialogue' only after it was exposed in the press that the Department of Information Technology was holding secret talks with Internet companies. Given the clandestine manner in which it sought to bring about these new censorship measures, the motives of the government are suspect. Yet, both Mr. Sibal and Mr. Sachin Pilot have been insisting that the government has no plans of Internet censorship, and Mr. Pilot has made that statement officially in the Lok Sabha. This, thus seems to be an instance of censoring without censorship.

Backdoor Censorship through Copyright Act

Further, since the government cannot bring about censorship laws in a straightforward manner, they are trying to do so surreptitiously, through the back door. Mr. Sibal's latest proposed amendment to the Copyright Act, which is before the Rajya Sabha right now, has a provision called section 52(1)(c) by which anyone can send a notice complaining about infringement of his copyright. The Internet company will have to remove the content immediately without question, even if the notice is false or malicious. The sender of false or malicious notices is not penalized. But the Internet company will be penalized if it doesn't remove the content that has been complained about. The complaint need not even be shown to be true before the content is removed. Indeed, anyone can complain about any content, without even having to show that they own the rights to that content. The government seems to be keen to have the power to remove content from the Internet without following any 'due process' or fair procedure. Indeed, it not only wants to give itself this power, but it is keen on giving all individuals this power.

It's ultimate effect will be the death of the Internet as we know it. Bid adieu to it while there is still time.

The article was translated to Marathi and featured in Lokmat

For more details visit https://cis-india.org/internet-governance/invisible-censorship

No more 66A!

geetha — 2015-03-26T02:01:31Z

In a landmark decision, the Supreme Court has struck down Section 66A. Today was a great day for freedom of speech on the Internet! When Section 66A was in operation, if you made a statement that led to offence, you could be prosecuted. We are an offence-friendly nation, judging by media reports in the last year. It was a year of book-bans, website blocking and takedown requests. Facebook’s Transparency Report showed that next to the US, India made the most requests for information about user accounts. A complaint under Section 66A would be a ground for such requests.

Section 66A hung like a sword in the middle: Shaheen Dhada was arrested in Maharashtra for observing that Bal Thackeray’s funeral shut down the city, Devu Chodankar in Goa and Syed Waqar in Karnataka were arrested for making posts about Narendra Modi, and a Puducherry man was arrested for criticizing P. Chidambaram’s son. The law was vague and so widely worded that it was prone to misuse, and was in fact being misused.

Today, the Supreme Court struck down Section 66A in its judgment on a set of petitions heard together last year and earlier this year. Stating that the law is vague, the bench comprising Chelameshwar and Nariman, JJ. held that while restrictions on free speech are constitutional insofar as they are in line with Article 19(2) of the Constitution. Section 66A, they held, does not meet this test: The central protection of free speech is the freedom to make statements that “offend, shock or disturb”, and Section 66A is an unconstitutional curtailment of these freedoms. To cross the threshold of constitutional limitation, the impugned speech must be of such a nature that it incites violence or is an exhortation to violence. Section 66A, by being extremely vague and broad, does not meet this threshold. These are, of course, drawn from news reports of the judgment; the judgment is not available yet.

Reports also say that Section 79(3)(b) has been read down. Previously, any private individual or entity, and the government and its departments could request intermediaries to take down a website, without a court order. If the intermediaries did not comply, they would lose immunity under Section 79. The Supreme Court judgment states that both in Rule 3(4) of the Intermediaries Guidelines and in Section 79(3)(b), the "actual knowledge of the court order or government notification" is necessary before website takedowns can be effected. In effect, this mean that intermediaries need not act upon private notices under Section 79, while they can act upon them if they choose. This stops intermediaries from standing judge over what constitutes an unlawful act. If they choose not to take down content after receiving a private notice, they will not lose immunity under Section 79.

Section 69A, the website blocking procedure, has been left intact by the Court, despite infirmities such as a lack of judicial review and non-transparent operation. More updates when the judgment is made available.

For more details visit https://cis-india.org/internet-governance/blog/no-more-66a

The Supreme Court Judgment in Shreya Singhal and What It Does for Intermediary Liability in India?

jyoti — 2015-04-17T23:59:34Z

Even as free speech advocates and users celebrate the Supreme Court of India's landmark judgment striking down Section 66A of the Information Technology Act of 2000, news that the Central government has begun work on drafting a new provision to replace the said section of the Act has been trickling in.

The SC judgement in upholding the constitutionality of Section 69A (procedure for blocking websites) and in reading down Section 79 (exemption from liability of intermediaries) of the IT Act, raises crucial questions regarding transparency, accountability and under what circumstances may reasonable restrictions be placed on free speech on the Internet. While discussions and analysis of S. 66A continue, in this post I will focus on the aspect of the judgment related to intermediary liability that could benefit from further clarification from the apex court and in doing so, will briefly touch upon S. 69A and secret blocking.

Conditions qualifying intermediary for exemption and obligations not related to exemption

The intermediary liability regime in India is defined under S. 79 and assosciated rules that were introduced to protect intermediaries for liability from user generated content and ensure the Internet continues to evolve as a “marketplace of ideas”. But as intermediaries may not have sufficient legal competence or resources to deliberate on the legality of an expression, they may end up erring on the side of caution and takedown lawful expression. As a study by Centre for Internet and Society (CIS) in 2012 revealed, the criteria, procedure and safeguards for administration of the takedowns as prescribed by the rules lead to a chilling effect on online free expression.

S. 69A grants powers to the Central Government to “issue directions for blocking of public access to any information through any computer resource”. The 2009 rules allow the blocking of websites by a court order, and sets in place a review committee to review the decision to block websites as also establishes penalties for the intermediary that fails to extend cooperation in this respect.

There are two key aspects of both these provisions that must be noted:

a) S. 79 is an exemption provision that qualifies the intermediary for conditional immunity, as long as they fulfil the conditions of the section. The judgement notes this distinction, adding that “being an exemption provision, it is closely related to provisions which provide for offences including S. 69A.”

b) S. 69A does not contribute to immunity for the intermediary rather places additional obligations on the intermediary and as the judgement notes “intermediary who finally fails to comply with the directions issued who is punishable under sub-section (3) of 69A.” The provision though outside of the conditional immunity liability regime enacted through S. 79 contributes to the restriction of access to, or removing content online by placing liability on intermediaries to block unlawful third party content or information that is being generated, transmitted, received, stored or hosted by them. Therefore restriction requests must fall within the contours outlined in Article 19(2) and include principles of natural justice and elements of due process.

Subjective Determination of Knowledge

The provisions for exemption laid down in S. 79 do not apply when they receive “actual knowledge” of illegal content under section 79(3)(b). Prior to the court's verdict actual knowledge could have been interpreted to mean the intermediary is called upon its own judgement under sub-rule (4) to restrict impugned content in order to seek exemption from liability. Removing the need for intermediaries to take on an adjudicatory role and deciding on which content to restrict or takedown, the SC has read down “actual knowledge” to mean that there has to be a court order directing the intermediary to expeditiously remove or disable access to content online. The court also read down “upon obtaining knowledge by itself” and “brought to actual knowledge” under Rule 3(4) in the same manner as 79(3)(b).

Under S.79(3)(b) the intermediary must comply with the orders from the executive in order to qualify for immunity. Further, S. 79 (3)(b) goes beyond the specific categories of restriction identified in Article 19(2) by including the term “unlawful acts” and places the executive in an adjudicatory role of determining the illegality of content. The government cannot emulate private regulation as it is bound by the Constitution and the court addresses this issue by applying the limitation of 19(2) on unlawful acts, “the court order and/or the notification by the appropriate government or its agency must strictly conform to the subject matters aid down in Article 19(2).”

By reading down of S. 79 (3) (b) the court has addressed the issue of intermediaries complying with takedown requests from non-government entities and has made government notifications and court orders to be consistent with reasonable restrictions in Article 19(2). This is an important clarification from the court, because this places limits on the private censorship of intermediaries and the invisible censorship of opaque government takedown requests as they must and should adhere, to the boundaries set by Article 19(2).

Procedural Safeguards

The SC does not touch upon other parts of the rules and in not doing so, has left significant procedural issues open for debate. It is relevant to bear in mind and as established above, S. 69A blocking and restriction requirements for the intermediary are part of their additional obligations and do not qualify them for immunity. The court ruled in favour of upholding S. 69A as constitutional on the basis that blocking orders are issued when the executive has sufficiently established that it is absolutely necessary to do so, and that the necessity is relatable to only some subjects set out in Article 19(2). Further the court notes that reasons for the blocking orders must be recorded in writing so that they may be challenged through writ petitions. The court also goes on to specify that under S. 69A the intermediary and the 'originator' if identified, have the right to be heard before the committee decides to issue the blocking order.

Under S. 79 the intermediary must also comply with government restriction orders and the procedure for notice and takedown is not sufficiently transparent and lacks procedural safeguards that have been included in the notice and takedown procedures under S. 69. For example, there is no requirement for committee to evaluate the necessity of issuing the restriction order, though the ruling does clarify that these restriction notices must be within the confines of Article 19(2). The judgement could have gone further to directing the government to state their entire cause of action and provide reasonable level of proof (prima facie). It should have also addressed issues such as the government using extra-judicial measures to restrict content including collateral pressures to force changes in terms of service, to promote or enforce so-called "voluntary" practices.

Accountability

The judgement could also have delved deeper into issues of accountability such as the need to consider 'udi alteram partem' by providing the owner of the information or the intermediary a hearing prior to issuing the restriction or blocking order nor is an post-facto review or appeal mechanism made available except for the recourse of writ petition. Procedural uncertainty around wrongly restricted content remains, including what limitations should be placed on the length, duration and geographical scope of the restriction. The court also does not address the issue of providing a recourse for the third party provider of information to have the removed information restored or put-back remains unclear. Relatedly, the court also does not clarify the concerns related to frivolous requests by establishing penalties nor is there a codified recourse under the rules presently, for the intermediary to claim damages even if it can be established that the takedown process is being abused.

Transparency

The bench in para 113 in addressing S. 79 notes that the intermediary in addition to publishing rules and regulations, privacy policy and user agreement for access or usage of their service has to also inform users of the due diligence requirements including content restriction policy under rule 3(2). However, the court ought to have noted the differentiation between different categories of intermediaries which may require different terms of use. Rather than stressing a standard terms of use as a procedural safeguard, the court should have insisted on establishing terms of use and content restriction obligations that is proportional to the role of the intermediary and based on the liability accrued in providing the service, including the impact of the restriction by the intermediary both on access and free speech. By placing requirement of disclosure or transparency on the intermediary including what has been restricted under the intermediary's own terms of service, the judgment could have gone a step further than merely informing users of their rights in using the service as it stands presently, to ensuring that users can review and have knowledge of what information has been restricted and why. The judgment also does not touch upon broader issues of intermediary liability such as proactive filtering sought by government and private parties, an important consideration given the recent developments around the right to be forgotten in Europe and around issues of defamation and pornography in India.

The judgment, while a welcome one in the direction of ensuring the Internet remains a democratic space where free speech thrives, could benefit from the application of the recently launched Manila principles developed by CIS and others. The Manila Principles is a framework of baseline safeguards and best practices that should be considered by policymakers and intermediaries when developing, adopting, and reviewing legislation, policies and practices that govern the liability of intermediaries for third-party content.

The court's ruling is truly worth celebrating, in terms of the tone it sets on how we think of free speech and the contours of censorship that exist in the digital space. But the real impact of this judgment lies in the debates and discussions which it will throw open about content removal practices that involve intermediaries making determinations on requests received, or those which only respond to the interests of the party requesting removal. As the Manila Principles highlight a balance between public and private interests can be obtained through a mechanism where power is distributed between the parties involved, and where an impartial, independent, and accountable oversight mechanism exists.

For more details visit https://cis-india.org/internet-governance/blog/sc-judgment-in-shreya-singhal-what-it-means-for-intermediary-liability

Google Policy Fellowship Programme: Call for Applications

praskrishna — 2012-05-24T15:38:28Z

The Centre for Internet & Society (CIS) is inviting applications for the Google Policy Fellowship programme. Google is providing a USD 7,500 stipend to the India Fellow, who will be selected by August 15, 2012.

The Google Policy Fellowship offers successful candidates an opportunity to develop research and debate on the fellowship focus areas, which include Access to Knowledge, Openness in India, Freedom of Expression, Privacy, and Telecom, for a period of about ten weeks starting from August 2012 upto October 2012. CIS will select the India Fellow. Send in your applications for the position by June 27, 2012.

To apply, please send to google.fellowship@cis-india.org the following materials:

Statement of Purpose: A brief write-up outlining about your interest and qualifications for the programme including the relevant academic, professional and extracurricular experiences. As part of the write-up, also explain on what you hope to gain from participation in the programme and what research work concerning free expression online you would like to further through this programme. (About 1200 words max).
Resume
Three references

Fellowship Focus Areas

Access to Knowledge: Studies looking at access to knowledge issues in India in light of copyright law, consumers law, parallel imports and the interplay between pervasive technologies and intellectual property rights, targeted at policymakers, Members of Parliament, publishers, photographers, filmmakers, etc.
Openness in India: Studies with policy recommendations on open access to scholarly literature, free access to law, open content, open standards, free and open source software, aimed at policymakers, policy researchers, academics and the general public.
Freedom of Expression: Studies on policy, regulatory and legislative issues concerning censorship and freedom of speech and expression online, aimed at bloggers, journalists, authors and the general public.
Privacy: Studies on privacy issues like data protection and the right to information, limits to privacy in light of the provisions of the constitution, media norms and privacy, banking and financial privacy, workplace privacy, privacy and wire-tapping, e-governance and privacy, medical privacy, consumer privacy, etc., aimed at policymakers and the public.
Telecom: Building awareness and capacity on telecommunication policy in India for researchers and academicians, policymakers and regulators, consumer and civil society organisations, education and library institutions and lay persons through the creation of a dedicated web based resource focusing on knowledge dissemination.

Frequently Asked Questions

What is the Google Policy Fellowship program?
The Google Policy Fellowship program offers students interested in Internet and technology related policy issues with an opportunity to spend their summer working on these issues at the Centre for Internet and Society at Bangalore. Students will work for a period of ten weeks starting from July 2012. The research agenda for the program is based on legal and policy frameworks in the region connected to the ground-level perceptions of the fellowship focus areas mentioned above.

I am an International student can I apply and participate in the program? Are there any age restrictions on participating?
Yes. You must be 18 years of age or older by January 1, 2012 to be eligible to participate in Google Policy Fellowship program in 2012.

Are there citizenship requirements for the Fellowship?
For the time being, we are only accepting students eligible to work in India (e.g. Indian citizens, permanent residents of India, and individuals presently holding an Indian student visa. Google cannot provide guidance or assistance on obtaining the necessary documentation to meet the criteria.

Who is eligible to participate as a student in Google Policy Fellowship program?
In order to participate in the program, you must be a student. Google defines a student as an individual enrolled in or accepted into an accredited institution including (but not necessarily limited to) colleges, universities, masters programs, PhD programs and undergraduate programs. Eligibility is based on enrollment in an accredited university by January 1, 2012.

I am an International student can I apply and participate in the program?
In order to participate in the program, you must be a student (see Google's definition of a student above). You must also be eligible to work in India (see section on citizen requirements for fellowship above). Google cannot provide guidance or assistance on obtaining the necessary documentation to meet this criterion.
I have been accepted into an accredited post-secondary school program, but have not yet begun attending. Can I still take part in the program?
As long as you are enrolled in a college or university program as of January 1, 2012, you are eligible to participate in the program.
I graduate in the middle of the program. Can I still participate?
As long as you are enrolled in a college or university program as of January 1, 2012, you are eligible to participate in the program.

Payments, Forms, and Other Administrative Stuff

How do payments work?*

Google will provide a stipend of USD 7,500 equivalent to each Fellow for the summer.

Accepted students in good standing with their host organization will receive a USD 2,500 stipend payable shortly after they begin the Fellowship in August 2012.
Students who receive passing mid-term evaluations by their host organization will receive a USD 1,500 stipend shortly after the mid-term evaluation in September 2012.
Students who receive passing final evaluations by their host organization and who have submitted their final program evaluations will receive a USD 3,500 stipend shortly after final evaluations in October 2012.

Please note: Payments will be made by electronic bank transfer, and are contingent upon satisfactory evaluations by the host organization, completion of all required enrollment and other forms. Fellows are responsible for payment of any taxes associated with their receipt of the Fellowship stipend.

*While the three step payment structure given here corresponds to the one in the United States, disbursement of the amount may be altered as felt necessary.

What documentation is required from students?

Students should be prepared, upon request, to provide Google or the host organization with transcripts from their accredited institution as proof of enrollment or admission status. Transcripts do not need to be official (photo copy of original will be sufficient).

I would like to use the work I did for my Google Policy Fellowship to obtain course credit from my university. Is this acceptable?

Yes. If you need documentation from Google to provide to your school for course credit, you can contact Google. We will not provide documentation until we have received a final evaluation from your mentoring organization.

Host Organizations

What is Google's relationship with the Centre for Internet and Society?

Google provides the funding and administrative support for individual fellows directly. Google and the Centre for Internet and Society are not partners or affiliates. The Centre for Internet and Society does not represent the views or opinions of Google and cannot bind Google legally.

Important Dates

What is the program timeline?

June 27, 2012	Student Application Deadline. Applications must be received by midnight.
July 18, 2012	Student applicants are notified of the status of their applications.
August 2012	Students begin their fellowship with the host organization (start date to be determined by students and the host organization); Google issues initial student stipends.
September 2012	Mid-term evaluations; Google issues mid-term stipends.
October 2012	Final evaluations; Google issues final stipends.

For more details visit https://cis-india.org/internet-governance/google-policy-fellowship

Statutory Motion Against Intermediary Guidelines Rules

pranesh — 2012-04-03T09:35:41Z

Rajya Sabha MP, Shri P. Rajeev has moved a motion that the much-criticised Intermediary Guidelines Rules be annulled.

Motion to Annul Intermediary Guidelines Rules

A motion to annul the Intermediary Guidelines Rules was moved on March 23, 2012, by Shri P. Rajeeve, CPI(M) MP in the Rajya Sabha from Thrissur, Kerala.

The motion reads:

"That this House resolves that the Information Technology (Intermediaries Guidelines) Rules, 2011 issued under clause (zg) of sub-section (2) of Section 87 read with sub-section (2) of Section 79 of the Information Technology Act, 2000 published in the Gazette of India dated the 13th April, 2011 vide Notification No. G.S.R 314(E) and laid on the Table of the House on the 12th August, 2011, be annuled; and

That this House recommends to Lok Sabha that Lok Sabha do concur on this Motion."

This isn't the first time that Mr. Rajeeve is raising his voice against the Intermediary Guidelines Rules. Indeed, even when the Rules were just in draft stage, he along with the MPs Kumar Deepak Das, Rajeev Chandrashekar, and Mahendra Mohan drew Parliamentarians' attention to the rules. Yet, the government did not heed the MPs' concern, nor the concern of all the civil society organizations that wrote in to them concerned about human rights implications of the new laws. On September 6, 2011, Lok Sabha MP Jayant Choudhary gave notice (under Rule 377 of the Lok Sabha Rules) that the Intermediary Guidelines Rules as well as the Reasonable Security Practices Rules need to be reviewed. Yet, the government has not even addressed those concerns, and indeed has cracked down even harder on online freedom of speech since then.

Fundamental Problems with Intermediary Guidelines Rules

The fundamental problems with the Rules, which deal with objectionable material online:

Shifting blame.

It makes the 'intermediary', including ISPs like BSNL and Airtel responsible for objectionable content that their users have put up.

No chance to defend.

There is no need to inform users before this content is removed. So, even material put up by a political party can be removed based on anyone's complaint, without telling that party. This was done against a site called *CartoonsAgainstCorruption.com". This goes against Article 19(1)(a).

Lack of transparency

No information is required to be provided that content has been removed. It's a black-box system, with no one, not even the government, knowing that content has been removed following a request. So even the government does not know how many sites have been removed after these Rules have come into effect.

No differentiation between intermediaries.

A one-size-fits-all system is followed where an e-mail provider is equated with an online newspaper, which is equated with a video upload site, which is equated with a search engine. This is like equating the post-office and a book publisher as being equivalent for, say, defamatory speech. This is violative of Article 14 of the Constitution, which requires that unequals be treated unequally by the law.

No proportionality.

A DNS provider (i.e., the person who gives you your web address) is an intermediary who can be asked to 'disable access' to a website on the basis of a single page, even though the rest of the site has nothing objectionable.

Vague and unconstitutional requirements.

Disparaging speech, as long as it isn't defamatory, is not criminalised in India, and can't be because the Constitution does not allow for it. Content about gambling in print is not unlawful, but now all Internet intermediaries are required to remove any content that promotes gambling.

Allows private censorship.

The Rules do not draw a distinction between arbitrary actions of an intermediary and take-downs subsequent to a request.

Presumption of illegality.

The Rules are based on the presumption that all complaints (and resultant mandatory taking down of the content) are correct, and that the incorrectness of the take-downs can be disputed in court (if they ever discover that it has been removed). This is contrary to the presumption of validity of speech used by Indian courts, and is akin to prior restraint on speech. Courts have held that for content such as defamation, prior restraints cannot be put on speech, and that civil and criminal action can only be taken post-speech.

Government censorship, not 'self-regulation'.

The government says these are industry best-practices in existing terms of service agreements. But the Rules require all intermediaries to include the government-prescribed terms in an agreement, no matter what services they provide. It is one thing for a company to choose the terms of its terms of service agreement, and completely another for the government to dictate those terms of service.

Problems Noted Early

We have noted in the past the problems with the Rules, including when the Rules were still in draft form:

Other organizations like the Software Freedom Law Centre also sent in scathing comments on the law, noting that they are unconstitutional.

We are very glad that Shri Rajeeve has moved this motion, and we hope that it gets adopted in the Lok Sabha as well, and that the Rules get defeated.

For more details visit https://cis-india.org/internet-governance/blog/statutory-motion-against-intermediary-guidelines-rules

India's Broken Internet Laws Need a Shot of Multi-stakeholderism

pranesh — 2012-04-26T13:45:25Z

Cyber-laws in India are severely flawed, with neither lawyers nor technologists being able to understand them, and the Cyber-Law Group in DEIT being incapable of framing fair, just, and informed laws and policies. Pranesh Prakash suggests they learn from the DEIT's Internet Governance Division, and Brazil, and adopt multi-stakeholderism as a core principle of Internet policy-making.

(An edited version of this article was published in the Indian Express as "Practise what you preach" on Thursday, April 26, 2012.)

The laws in India relating to the Internet are greatly flawed, and the only way to fix them would be to fix the way they are made. The Cyber-Laws & E-Security Group in the Department of Electronics and Information Technology (DEIT, who refer to themselves as 'DeitY' on their website!) has proven itself incapable of making fair, balanced, just, and informed laws and policies. The Information Technology (IT) Act is filled with provisions that neither lawyers nor technologists understand (not to mention judges). (The definition of "computer source code" in s.65 of the IT Act is a great example of that.)

The Rules drafted under s.43A of the IT Act (on 'reasonable security practices' to be followed by corporations) were so badly formulated that the government was forced to issue a clarification through a press release, even though the clarification was in reality an amendment and amendments cannot be carried out through press releases. Despite the clarification, it is unclear to IT lawyers whether the Rules are mandatory or not, since s.43A (i.e., the parent provision) seems to suggest that it is sufficient if the parties enter into an agreement specifying reasonable security practices and procedures. Similarly, the "Intermediary Guidelines" Rules (better referred to as the Internet Censorship Rules) drafted under s.79 of the Act have been called "arbitrary and unconstitutional" by many, including MP P. Rajeev, who has introduced a motion in the Rajya Sabha to repeal the Rules ("Caught in a net", Indian Express, April 24, 2012). These Rules give the power of censorship to every citizen and allow them to remove any kind of material off the Internet within 36 hours without anybody finding out. Last year, we at the Centre for Internet and Society used this law to get thousands of innocuous links removed from four major search engines without any public notice. In none of the cases (including one where an online news website removed more material than the perfectly legal material we had complained about) were the content-owners notified about our complaint, much less given a chance to defend themselves.

Laws framed by the Cyber-Law Group are so poorly drafted that they are misused more often than used. There are too many criminal provisions in the IT Act, and their penalties are greatly more than that of comparable crimes in the IPC. Section 66A of the IT Act, which criminalizes "causing annoyance or inconvenience" electronically, has a penalty of 3 years (greater than that for causing death by negligence), and does not require a warrant for arrest. This section has been used in the Mamata Banerjee cartoon case, for arresting M. Karthik, a Hyderabad-based student who made atheistic statements on Facebook, and against former Karnataka Lokayukta Santosh Hegde. Section 66A, I believe, imperils freedom of speech more than is allowable under Art. 19(2) of the Constitution, and is hence unconstitutional.

While s.5 of the Telegraph Act only allows interception of telephone conversations on the occurrence of a public emergency, or in the interest of the public safety, the IT Act does not have any such threshold conditions, and greatly broadens the State's interception abilities. Section 69 allows the government to force a person to decrypt information, and might clash with Art.20(3) of the Constitution, which provides a right against self-incrimination. One can't find any publicly-available governmental which suggests that the constitutionality of provisions such as s.66A or s.69 was examined.

Omissions by the Cyber-Law Group are also numerous. The Indian Computer Emergency Response Team (CERT-In) has been granted very broad functions under the IT Act, but without any clarity on the extent of its powers. Some have been concerned, for instance, that the broad power granted to CERT-In to "give directions" relating to "emergency measures for handling cyber security incidents" includes the powers of an "Internet kill switch" of the kind that Egypt exercised in January 2011. Yet, they have failed to frame Rules for the functioning of CERT-In. The licences that the Department of Telecom enters into with Internet Service Providers requires them to restrict usage of encryption by individuals, groups or organisations to a key length of only 40 bits in symmetric key algorithms (i.e., weak encryption). The RBI mandates a minimum of 128-bit SSL encryption for all bank transactions. Rules framed by the DEIT under s.84A of the IT Act were to resolve this conflict, but those Rules haven't yet been framed.

All of this paints a very sorry picture. Section 88 of the IT Act requires the government, "soon after the commencement of the Act", to form a "Cyber Regulations Advisory Committee" consisting of "the interests principally affected or having special knowledge of the subject-matter" to advise the government on the framing of Rules, or for any other purpose connected with the IT Act. This body still has not been formed, despite the lag of more than two and a half years since the IT Act came into force. Justice Markandey Katju’s recent letter to Ambika Soni about social media and defamation should ideally have been addressed to this body.

The only way out of this quagmire is to practise at home that which we preach abroad on matters of Internet governance: multi-stakeholderism. Multi-stakeholderism refers to the need to recognize that when it comes to Internet governance there are multiple stakeholders: government, industry, academia, and civil society, and not just the governments of the world. This idea has gained prominence since it was placed at the core of the "Declaration of Principles" from the first World Summit on Information Society in Geneva in 2003, and has also been at the heart of India's pronouncements at forums like the Internet Governance Forum. Brazil has an "Internet Steering Committee" which is an excellent model that practices multi-stakeholderism as a means of framing and working national Internet-related policies. DEIT's Internet Governance Division, which formulates India's international stance on Internet governance, has long recognized that governance of the Internet must be done in an open and collaborative manner. It is time the DEIT's Cyber-Law and E-Security Group, which formulates our national stance on Internet governance, realizes the same.

For more details visit https://cis-india.org/internet-governance/blog/india-broken-internet-law-multistakeholderism

Roundtable on Intermediary Liability and Gender Based Violence at the Digital Citizen Summit, 2018

Admin — 2018-11-07T02:55:40Z

Akriti Bopanna and Ambika Tandon conducted a panel on 'Gender and Intermediary Liability' at the Digital Citizen Summit, hosted by the Digital Empowerment Foundation, on November 1, 2018 at India International Centre, New Delhi.

Ambika was the moderator for the panel, with Apar Gupta, Jyoti Pandey, Amrita Vasudevan, Anja Kovacs, and Japleen Pasricha as speakers. Click to read the concept note and the agenda.

For more details visit https://cis-india.org/internet-governance/news/roundtable-on-intermediary-liability-and-gender-based-violence-at-the-digital-citizen-summit-2018

Zero Draft of Content Removal Best Practices White Paper

jyoti — 2014-09-10T07:11:09Z

EFF and CIS Intermediary Liability Project is aimed towards the creation of a set of principles for intermediary liability in consultation with groups of Internet-focused NGOs and the academic community.

The draft paper has been created to frame the discussion and will be made available for public comments and feedback. The draft document and the views represented here are not representative of the positions of the organisations involved in the drafting.

http://tinyurl.com/k2u83ya

3 September 2014

Introduction

The purpose of this white paper is to frame the discussion at several meetings between groups of Internet-focused NGOs that will lead to the creation of a set of principles for intermediary liability.

The principles that develop from this white paper are intended as a civil society contribution to help guide companies, regulators and courts, as they continue to build out the legal landscape in which online intermediaries operate. One aim of these principles is to move towards greater consistency with regards to the laws that apply to intermediaries and their application in practice.

There are three general approaches to intermediary liability that have been discussed in much of the recent work in this area, including CDT’s 2012 report called “Shielding the Messengers: Protecting Platforms for Expression and Innovation.” The CDT’s 2012 report divides approaches to intermediary liability into three models: 1. Expansive Protections Against Liability for Intermediaries, 2. Conditional Safe Harbor from Liability, 3. Blanket or Strict Liability for Intermediaries.^[1]

This white paper argues in the alternative that (a) the “expansive protections against liability” model is preferable, but likely not possible given the current state of play in the legal and policy space (b) therefore the white paper supports “conditional safe harbor from liability” operating via a ‘notice-to-notice’ regime if possible, and a ‘notice and action’ regime if ‘notice-to-notice’ is deemed impossible, and finally (c) all of the other principles discussed in this white paper should apply to whatever model for intermediary liability is adopted unless those principles are facially incompatible with the model that is finally adopted.

As further general background, this white paper works from the position that there are three general types of online intermediaries- Internet Service Providers (ISPs), search engines, and social networks. As outlined in the recent draft UNESCO Report (from which this white paper draws extensively);

“With many kinds of companies operating many kinds of products and services, it is important to clarify what constitutes an intermediary. In a 2010 report, the Organization for Economic Co-operation and Development (OECD) explains that Internet intermediaries “bring together or facilitate transactions between third parties on the Internet. They give access to, host, transmit and index content, products and services originated by third parties on the Internet or provide Internet-based services to third parties.”

Most definitions of intermediaries explicitly exclude content producers. The freedom of expression advocacy group Article 19 distinguishes intermediaries from “those individuals or organizations who are responsible for producing information in the first place and posting it online.” Similarly, the Center for Democracy and Technology explains that “these entities facilitate access to content created by others.” The OECD emphasizes “their role as ‘pure’ intermediaries between third parties,” excluding “activities where service providers give access to, host, transmit or index content or services that they themselves originate.” These views are endorsed in some laws and court rulings. In other words, publishers and other media that create and disseminate original content are not intermediaries. Examples of such media entities include a news website that publishes articles written and edited by its staff, or a digital video subscription service that hires people to produce videos and disseminates them to subscribers.

For the purpose of this case study we will maintain that intermediaries offer services that host, index, or facilitate the transmission and sharing of content created by others. For example, Internet Service Providers (ISPs) connect a user’s device, whether it is a laptop, a mobile phone or something else, to the network of networks known as the Internet. Once a user is connected to the Internet, search engines make a portion of the World Wide Web accessible by allowing individuals to search their database. Search engines are often an essential go-between between websites and Internet users. Social networks connect individual Internet users by allowing them to exchange messages, photos, videos, as well as by allowing them to post content to their network of contacts, or the public at large. Web hosting providers, in turn, make it possible for websites to be published and to be accessed online.”^[2]

General Principles for ISP Governance - Content Removals

The discussion that follows below outlines nine principles to guide companies, government, and civil society in the development of best practices related to the regulation of online content through intermediaries, as norms, policies, and laws develop in the coming years. The nine principles are: Transparency, Consistency, Clarity, Mindful Community Policy Making, Necessity and Proportionality in Content Restrictions, Privacy, Access to Remedy, Accountability, and Due Process in both Legal and Private Enforcement. Each principle contains subsections that expand upon the theme of the principle to cover more specific issues related to the rights and responsibilities of online intermediaries, government, civil society, and users.

Principle I: Transparency

“Transparency enables users’ right to privacy and right to freedom of expression. Transparency of laws, policies, practices, decisions, rationale, and outcomes related to privacy and restrictions allow users to make informed choices with respect to their actions and speech online. As such - both governments and companies have a responsibility in ensuring that the public is informed through transparency initiatives.” ^[3]

Government Transparency

In general, governments should publish transparency reports:

As part of the democratic process, the citizens of each country have a right to know how their government is applying its laws, and a right to provide feedback about the government’s legal interpretations of its laws. Thus, all governments should be required to publish online transparency reports that provide information about all requests issued by any branch or agency of government for the removal or restriction of online content. Further, governments should allow for the submission of comments and suggestions by a webform hosted on the same webpage where that government’s transparency report is hosted. There should also be some legal mechanism that requires the government to look at the feedback provided by its citizens, ensure that relevant feedback is passed along to legislative bodies, and provide for action to be taken on the citizen-provided feedback where appropriate. Finally, and where possible, the raw data that constitutes each government’s transparency report should be made available online, for free, in a common file format such as .csv, so that civil society may have easy access to it for research purposes.

Governments should be more transparent about content orders that they impose on ISPs
The legislative process proceeds most effectively when the government knows how the laws that it creates are applied in practice and is able to receive feedback from the public about how those laws should change further, or remain the same. Relatedly, regulation of the Internet is most effective when the legislative and judicial branches are aware of what the other is doing. For all of these reasons, governments should publish information about all of the court orders and executive requests for content removals that they send to online intermediaries. Publishing all of this information in one place necessarily requires that some single entity within the government collects the information, which will have the benefits of giving the government a holistic view of how it is regulating the internet, encouraging dialogue between different branches of government about how best to create and enforce internet content regulation, and encouraging dialogue between the government and its citizens about the laws that govern internet content and their application.

Governments should make the compliance requirements they impose on ISPs public
Each government should maintain a public website that publishes as complete a picture as possible of the content removal requests made by any branch of that government, including the judicial branch. The availability of a public website of this type will further many of the goals and objectives discussed elsewhere in this section. The website should be biased towards high levels of detail about each request and towards disclosure that requests were made, subject only to limited exceptions for compelling public policy reasons, where the disclosure bias conflicts directly with another law, or where disclosure would reveal a user’s PII. The information should be published periodically, ideally more than once a year. The general principle should be: the more information made available, the better. On the same website where a government publishes its ‘Transparency Report,’ that government should attempt to provide a plain-language description of its various laws related to online content, to provide users notice about what content is lawful vs. unlawful, as well as to show how the laws that it enacts in the Internet space fit together. Further, and as discussed in section “b,” infra, government should provide citizens with an online feedback mechanism so that they may participate in the legislative process as it applies to online content.

Governments should give their citizens a way to provide input on these policies
Private citizens should have the right to provide feedback on the balancing between their civil liberties and other public policies such as security that their government engages in on their behalf. If and when these policies and the compliance requirements they impose on online intermediaries are made publicly available online, there should also be a feedback mechanism built into the site where this information is published. This public feedback mechanism could take a number of different forms, like, for example, a webform that allowed users to indicate their level of satisfaction with prevailing policy choices by choosing amongst several radio buttons, while also providing open text fields to allow the user to submit clarifying comments and specific suggestions. In order to be effective, this online feedback mechanism would have to be accompanied by some sort of legal and budgetary apparatus that would ensure that the feedback was monitored and given some minimum level of deference in the discussions and meetings that led to new policies being created.

Government should meet users concerned about its content policies in the online domain. Internet users, as citizens of both the internet and the country their country of origin, have a natural interest in defining and defending their civil liberties online; government should meet them there to extend the democratic process to the Internet. Denying Internet users a voice in the policymaking processes that determine their rights undermines government credibility and negatively influences users’ ability to freely share information online. As such, content policies should be posted in general terms online and users should have the ability to provide input on those policies online.

ISP Transparency
“The transparency practices of a company impact users’ freedom expression by providing insight into the scope of restriction that is taking in place in specific jurisdiction. Key areas of transparency for companies include: specific restrictions, aggregate numbers related to restrictions, company imposed regulations on content, and transparency of applicable law and regulation that the service provider must abide by.”^[4]

“Disclosure by service providers of notices received and actions taken can provide an important check against abuse. In addition to providing valuable data for assessing the value and effectiveness of a N&A system, creating the expectation that notices will be disclosed may help deter fraudulent or otherwise unjustified notices. In contrast, without transparency, Internet users may remain unaware that content they have posted or searched for has been removed pursuant due to a notice of alleged illegality. Requiring notices to be submitted to a central publication site would provide the most benefit, enabling patterns of poor quality or abusive notices to be readily exposed.”^[5] Therefore, ISPs at all levels should publish transparency reports that include:

Government Requests

All requests from government agencies and courts should be published in a periodic transparency report, accessible on the intermediary’s website, that publishes information about the requests the intermediary received and what the intermediary did with them in the highest level of detail that is legally possible. The more information that is provided about each request, the better the understanding that the public will have about how laws that affect their rights online are being applied. That said, steps should be taken to prevent the disclosure of personal information in relation to the publication of transparency reports. Beyond redaction of personal information, however, the maximum amount of information about each request should be published, subject as well to the (ideally minimal) restrictions imposed by applicable law. A thorough Transparency Report published by an ISP or online intermediary should include information about the following categories of requests:

Police and/or Executive Requests
This category includes all requests to the intermediary from an agency that is wholly a part of the national government; from police departments, to intelligence agencies, to school boards from small towns. Surfacing information about all requests from any part of the government helps to avoid corruption and/or inappropriate exercises of governmental power by reminding all government officials, regardless of their rank or seniority, that information about the requests they submit to online intermediaries is subject to public scrutiny.

Court Orders
This category includes all orders issued by courts and signed by a judicial officer. It can include ex-parte orders, default judgments, court orders directed at an online intermediary, or court orders directed at a third party presented to the intermediary as evidence in support of a removal request. To the extent legally possible, detailed information should be published about these court orders detailing the type of court order each request was, its constituent elements, and the actions(s) that the intermediary took in response to it. All personally identifying information should be redacted from any court orders that are published by the intermediary as part of a transparency report before publication.

First Party
Information about court orders should be further broken down into two groups; first party and third party. First party court orders are orders directed at the online intermediary in an adversarial proceeding to which the online intermediary was a party.

Third Party
As mentioned above, ‘third party’ refers to court orders that are not directed at the online intermediary, but rather a third party such as an individual user who posted an allegedly defamatory remark on the intermediary’s platform. If the user who obtains a court order approaches an online intermediary seeking removal of content with a court order directed at the poster of, say, the defamatory content, and the intermediary decides to remove the content in response to the request, the online intermediary that decided to perform the takedown should publish a record of that removal. To be accepted by an intermediary, third party court orders should be issued by a court of appropriate jurisdiction after an adversarial legal proceeding, contain a certified and specific statement that certain content is unlawful, and specifically identify the content that the court has found to be unlawful, by specific, permalinked URL where possible.

This type of court order should be broken out separately from court orders directed at the applicable online intermediary in companies’ transparency reports because merely providing aggregate numbers that do not distinguish between the two types gives an inaccurate impression to users that a government is attempting to censor more content than it actually is. The idea of including first party court orders to remove content as a subcategory of ‘government requests’ is that a government’s judiciary speaks on behalf of the government, making determinations about what is permitted under the laws of that country. This analogy does not hold for court orders directed at third parties- when the court made its determination of legality on the content in question, it did not contemplate that the intermediary would remove the content. As such, the court likely did not weigh the relevant public interest and policy factors that would include the importance of freedom of expression or the precedential value of its decision. Therefore, the determination does not fairly reflect an attempt by the government to censor content and should not be considered as such.

Instead, and especially considering that these third party court order may be the basis for a number of content removals, third party court orders should be counted separately and presented with some published explanation in the company’s transparency report as to what they are and why the company has decided it should removed content pursuant to its receipt of one.

Private-Party Requests
Private-party requests are requests to remove content that are not issued by a government agency or accompanied by a court order. Some examples of private party requests include copyright complaints submitted pursuant to the Digital Millennium Copyright Act or complaints based on the laws of specific countries, such as laws banning holocaust denial in Germany.

Policy/TOS Enforcement
To give users a complete picture of the content that is being removed from the platforms that they use, corporate transparency reports should also provide information about the content that the intermediary removes pursuant to its own policies or terms of service, though there may not be a legal requirement to do so.

User Data Requests
While this white paper is squarely focused on liability for content posted online and best practices for deciding when and how content should be removed from online services, corporate transparency reports should also provide information about requests for user data from executive agencies, courts, and others.

Principle II: Consistency

Legal requirements for ISPs should be consistent, based on a global legal framework that establishes baseline limitations on legal immunity
Broad variation amongst the legal regimes of the countries in which online intermediaries operate increases compliance costs for companies and may discourage them from offering their services in some countries due to the high costs of localized compliance. Reducing the number of speech platforms that citizens have access to limits their ability to express themselves. Therefore, to ensure that citizens of a particular country have access to a robust range of speech platforms, each country should work to harmonize the requirements that it imposes upon online intermediaries with the requirements of other countries. While a certain degree of variation between what is permitted in one country as compared to another is inevitable, all countries should agree on certain limitations to intermediary liability, such as the following:

Conduits should be immune from claims about content that they neither created nor modified
As noted in the 2011 Joint Declaration on Freedom of Expression and the Internet, “[n]o one who simply provides technical Internet services such as providing access, or searching for, or transmission or caching of information, should be liable for content generated by others, which is disseminated using those services, as long as they do not specifically intervene in that content or refuse to obey a court order to remove that content, where they have the capacity to do so (‘mere conduit principle’).”^[6]

Court orders should be required for the removal of content that is related to speech, such as defamation removal requests
In the Center for Democracy and Technology’s Additional Responses Regarding Notice and Action, CDT outlines the case against allowing notice and action procedures to apply to defamation removal requests. They write:

“Uniform notice-and-action procedures should not apply horizontally to all types of illegal content. In particular, CDT believes notice-and-takedown is inappropriate for defamation and other areas of law requiring complex legal and factual questions that make private notices especially subject to abuse. Blocking or removing content on the basis of mere allegations of illegality raises serious concerns for free expression and access to information. Hosts are likely to err on the side of caution and comply with most if not all notices they receive, because evaluating notices is burdensome and declining to comply may jeopardize their protection from liability. The risk of legal content being taken down is especially high in cases where assessing the illegality of the content would require detailed factual analysis and careful legal judgments that balance competing fundamental rights and interests. Intermediaries will be extremely reluctant to exercise their own judgment when the legal issues are unclear, and it will be easy for any party submitting a notice to claim a good faith belief that the content in question is unlawful. In short, the murkier the legal analysis, the greater the potential for abuse.

To reduce this risk, removal of or disablement of access to content based on unadjudicated allegations of illegality (i.e., notices from private parties) should be limited to cases where the content at issue is manifestly illegal – and then only with necessary safeguards against abuse as described above.

CDT believes that online free expression is best served by narrowing what is considered manifestly illegal and subject to takedown upon private notice. With proper safeguards against abuse, for example, notice-and-action can be an appropriate policy for addressing online copyright infringement. Copyright is an area of law where there is reasonable international consensus regarding what is illegal and where much infringement is straightforward. There can be difficult questions at the margins – for example concerning the applicability of limitations and exceptions such as “fair use” – but much online infringement is not disputable.

Quite different considerations apply to the extension of notice-and-action procedures to allegations of defamation or other illegal content. Other areas of law, including defamation, routinely require far more difficult factual and legal determinations. There is greater potential for abuse of notice-and-action where illegality is less manifest and more disputable. If private notices are sufficient to have allegedly defamatory content removed, for example, any person unhappy about something that has been written about him or her would have the ability and incentive to make an allegation of defamation, creating a significant potential for unjustified notices that harm free expression. This and other areas where illegality is more disputable require different approaches to notice and action. In the case of defamation, CDT believes “notice” for purposes of removing or disabling access to content should come only from a competent court after full adjudication.

In cases where it would be inappropriate to remove or disable access to content based on untested allegations of illegality, service providers receiving allegations of illegal content may be able to take alternative actions in response to notices. Forwarding notices to the content provider or preserving data necessary to facilitate the initiation of legal proceedings, for example, can pose less risk to content providers’ free expression rights, provided there is sufficient process to allow the content provider to challenge the allegations and assert his or her rights, including the right to speak anonymously.”^[7]

Principle III: Clarity

All notices that request the removal of content should be clear and meet certain minimum requirements
The Center for Democracy and Technology outlined requirements for clear notices in a notice and action system in response a European Commission public comment period on a revised notice and action regime.^[8] They write:

“Notices should include the following features:

Specificity. Notices should be required to specify the exact location of the material – such as a specific URL – in order to be valid. This is perhaps the most important requirement, in that it allows hosts to take targeted action against identified illegal material without having to engage in burdensome search or monitoring. Notices that demand the removal of particular content wherever it appears on a site without specifying any location(s) are not sufficiently precise to enable targeted action.
Description of alleged illegal content. Notices should be required to include a detailed description of the specific content alleged to be illegal and to make specific reference to the law allegedly being violated. In the case of copyright, the notice should identify the specific work or works claimed to be infringed.
Contact details. Notices should be required to contain contact information for the sender. This facilitates assessment of notices’ validity, feedback to senders regarding invalid notices, sanctions for abusive notices, and communication or legal action between the sending party and the poster of the material in question.
Standing: Notices should be issued only by or on behalf of the party harmed by the content. For copyright, this would be the rightsholder or an agent acting on the rightsholderʼs behalf. For child sexual abuse images, a suitable issuer of notice would be a law enforcement agency or a child abuse hotline with expertise in assessing such content. For terrorism content, only government agencies would have standing to submit notice.
Certification: A sender of a notice should be required to attest under legal penalty to a good-faith belief that the content being complained of is in fact illegal; that the information contained in the notice is accurate; and, if applicable, that the sender either is the harmed party or is authorized to act on behalf of the harmed party. This kind of formal certification requirement signals to notice-senders that they should view misrepresentation or inaccuracies on notices as akin to making false or inaccurate statements to a court or administrative body.
Consideration of limitations, exceptions, and defenses: Senders should be required to certify that they have considered in good faith whether any limitations, exceptions, or defenses apply to the material in question. This is particularly relevant for copyright and other areas of law in which exceptions are specifically described in law.
An effective appeal and counter-notice mechanism. A notice-and-action regime should include counter-notice procedures so that content providers can contest mistaken and abusive notices and have their content reinstated if its removal was wrongful.
Penalties for unjustified notices. Senders of erroneous or abusive notices should face possible sanctions. In the US, senders may face penalties for knowingly misrepresenting that content is infringing, but the standard for “knowingly misrepresenting” is quite high and the provision has rarely been invoked. A better approach might be to use a negligence standard, whereby a sender could be held liable for damages or attorneys’ fees for making negligent misrepresentations (or for repeatedly making negligent misrepresentations). In addition, the notice-and-action system should allow content hosts to ignore notices from senders with an established record of sending erroneous or abusive notices or allow them to demand more information or assurances in notices from those who have in the past submitted erroneous notices. (For example, hosts might be deemed within the safe harbor if they require repeat abusers to specifically certify that they have actually examined the alleged infringing content before sending a notice).”^[9]

All ISPs should publish their content removal policies online and keep them current as they evolve
The UNESCO report states, by way of background, that “[c]ontent restriction practices based on Terms of Service are opaque. How companies remove content based on Terms of Service violations is more opaque than their handling of content removals based on requests from authorized authorities. When content is removed from a platform based on company policy, [our] research found that all companies provide a generic notice of this restriction to the user, but do not provide the reason for the restriction. Furthermore, most companies do not provide notice to the public that the content has been removed. In addition, companies are inconsistently open about removal of accounts and their reasons for doing so.”^[10]

There are legitimate reasons why an ISP may want to have policies that permit less content, and a narrower range of content, than is technically permitted under the law, such as maintaining a product that appeals to families. However, if a company is going to go beyond the minimal legal requirements in terms of content that it must restrict, the company should have clear policies that are published online and kept up-to-date to provide its users notice of what content is and is not permitted on the company’s platform. Notice to the user about the types of content that are permitted encourages her to speak freely and helps her to understand why content that she posted was taken down if it must be taken down for violating a company policy.

When content is removed, a clear notice should be provided in the product that explains in simple terms that content has been removed and why
This subsection works in conjunction with “ii,” above. If content is removed for any reason, either pursuant to a legal request or because of a violation of company policy, a user should be able to learn that content was removed if they try to access it. Requiring an on-screen message that explains that content has been removed and why is the post-takedown accompaniment to the pre-takedown published online policy of the online intermediary: both work together to show the user what types of content are and are not permitted on each online platform. Explaining to users why content has been removed in sufficient detail may also spark their curiosity as to the laws or policies that caused the content to be removed, resulting in increased civic engagement in the internet law and policy space, and a community of citizens that demands that the companies and governments it interacts with are more responsive to how it thinks content regulation should work in the online context.

The UNESCO report provides the following example of how Google provides notice to its users when a search result is removed, which includes a link to a page hosted by Chilling Effects:^[11]

“When search results are removed in response to government or copyright holder demands, a notice describing the number of results removed and the reasons for their removal is displayed to users (see screenshot below) and a copy of the request to the independent non-proft organization ChillingEffects.org, which archives and publishes the request. When possible the company also contacts the website’s owners.”^[12]

This is an example of the message that is displayed when Google removes a search result pursuant to a copyright complaint.^[13]

Requirements that governments impose on intermediaries should be as clear and unambiguous as possible
Imposing liability on internet intermediaries without providing clear guidance as to the precise type of content that is not lawful and the precise requirements of a legally sufficient notice encourages intermediaries to over-remove content. As Article 19 noted in its 2013 report on intermediary liability:

“International bodies have also criticized ‘notice and takedown’ procedures as they lack a clear legal basis. For example, the 2011 OSCE report on Freedom of Expression on the internet highlighted that: Liability provisions for service providers are not always clear and complex notice and takedown provisions exist for content removal from the Internet within a number of participating States. Approximately 30 participating States have laws based on the EU E-Commerce Directive. However, the EU Directive provisions rather than aligning state level policies, created differences in interpretation during the national implementation process. These differences emerged once the national courts applied the provisions.

These procedures have also been criticized for being unfair. Rather than obtaining a court order requiring the host to remove unlawful material (which, in principle at least, would involve an independent judicial determination that the material is indeed unlawful), hosts are required to act merely on the say-so of a private party or public body. This is problematic because hosts tend to err on the side of caution and therefore take down material that may be perfectly legitimate and lawful. For example, in his report, the UN Special Rapporteur on freedom of expression noted:

[W]hile a notice-and-takedown system is one way to prevent intermediaries from actively engaging in or encouraging unlawful behavior on their services, it is subject to abuse by both State and private actors. Users who are notiﬁed by the service provider that their content has been ﬂagged as unlawful often has little recourse or few resources to challenge the takedown. Moreover, given that intermediaries may still be held ﬁnancially or in some cases criminally liable if they do not remove content upon receipt of notiﬁcation by users regarding unlawful content, they are inclined to err on the side of safety by overcensoring potentially illegal content. Lack of transparency in the intermediaries’ decision-making process also often obscures discriminatory practices or political pressure affecting the companies’ decisions. Furthermore, intermediaries, as private entities, are not best placed to make the determination of whether a particular content is illegal, which requires careful balancing of competing interests and consideration of defenses.”^[14]

Considering the above, if liability is to be imposed on intermediaries for certain types of unlawful content, the legal requirements that outline what is unlawful content and how to report it must be clear. Lack of clarity in this area will result in over-removal of content by rational intermediaries that want to minimize their legal exposure and compliance costs. Over-removal of content is at odds with the goals of freedom of expression.

The UNESCO Report made a similar recommendation, stating that; “Governments need to ensure that legal frameworks and company policies are in place to address issues arising out of intermediary liability. These legal frameworks and policies should be contextually adapted and be consistent with a human rights framework and a commitment to due process and fair dealing. Legal and regulatory frameworks should also be precise and grounded in a clear understanding of the technology they are meant to address, removing legal uncertainty that would provide opportunity for abuse.”^[15]

Similarly, the 2011 Joint Declaration on Freedom of Expression and the Internet states:

“Consideration should be given to insulating fully other intermediaries, including those mentioned in the preamble, from liability for content generated by others under the same conditions as in paragraph 2(a). At a minimum, intermediaries should not be required to monitor user-generated content and should not be subject to extrajudicial content takedown rules which fail to provide sufficient protection for freedom of expression (which is the case with many of the ‘notice and takedown’ rules currently being applied).”^[16]

Principle IV: Mindful Community Policy Making

“Laws and regulations as well as corporate policies are more likely to be compatible with freedom of expression if they are developed in consultation with all affected stakeholders – particularly those whose free expression rights are known to be at risk.”^[17] To be effective, policies should be created through a multi-stakeholder consultation process that gives voice to the communities most at risk of being targeted for the information they share online. Further, both companies and governments should embed an ‘outreach to at-risk communities’ step into both legislative and policymaking processes to be especially sure that their voices are heard. Finally, civil society should work to ensure that all relevant stakeholders have a voice in both the creation and revision of policies that affect online intermediaries. In the context of corporate policymaking, civil society can use strategies from activist investing to encourage investors to make the human rights and freedom of expression policies of Internet companies’ part of the calculus that investors use to decide where to place their money. Considering the above;

Human rights impact assessments, considering the impact of the proposed law or policy on various communities from the perspectives of gender, sexuality, sexual preference, ethnicity, religion, and freedom of expression, should be required before:
New laws are written that govern content issues affecting ISPs or conduct that occurs primarily online
“Protection of online freedom of expression will be strengthened if governments carry out human rights impact assessments to determine how proposed laws or regulations will affect Internet users’ freedom of expression domestically and globally.”^[18]

Intermediaries enact new policies
“Protection of online freedom of expression will be strengthened if companies carry out human rights impact assessments to determine how their policies, practices, and business operations affect Internet users’ freedom of expression. This assessment process should be anchored in robust engagement with stakeholders whose freedom of expression rights are at greatest risk online, as well as stakeholders who harbor concerns about other human rights affected by online speech.”^[19]

Multi-stakeholder consultation processes should precede any new legislation that will apply to content issues affecting online intermediaries or online conduct
“Laws and regulations as well as corporate policies are more likely to be compatible with freedom of expression if they are developed in consultation with all affected stakeholders – particularly those whose free expression rights are known to be at risk.”^[20]

Civil society and public interest groups should encourage responsible investment in companies who implement policies that reflect best practices for internet intermediaries
“Over the past thirty years, responsible investors have played a powerful role in incentivizing companies to improve environmental sustainability, supply chain labor practices, and respect for human rights of communities where companies physically operate. Responsible investors can also play a powerful role in incentivizing companies to improve their policies and practices affecting freedom of expression and privacy by developing metrics and criteria for evaluating companies on these issues in the same way that they evaluate companies on other “environmental, social, and governance” criteria.”^[21]

Principle V: Necessity and Proportionality in Content Restriction

Content should only be restricted when there is a legal basis for doing so, or the removal is performed in accordance with a clear, published policy of the ISP
As CDT outlined in its 2012 intermediary liability report, “[a]ctions required of intermediaries must be narrowly tailored and proportionate, to protect the fundamental rights of Internet users. Any actions that a safe-harbor regime requires intermediaries to take must be evaluated in terms of the principle of proportionality and their impact on Internet users’ fundamental rights, including rights to freedom of expression, access to information, and protection of personal data. Laws that encourage intermediaries to take down or block certain content have the potential to impair online expression or access to information. Such laws must therefore ensure that the actions they call for are proportional to a legitimate aim, no more restrictive than is required for achievement of the aim, and effective for achieving the aim. In particular, intermediary action requirements should be narrowly drawn, targeting specific unlawful content rather than entire websites or other Internet resources that may support both lawful and unlawful uses.”^[22]

When content must be restricted, it should be restricted in the most minimal way possible (i.e., prefer domain removals to IP-blocking)
There are a number of different ways that access to content can be restricted. Examples include hard deletion of the content from all of a company’s servers, blocking the download of an app or other software program in a particular country, blocking the content on all IP addresses affiliated with a particular country (“IP-Blocking”), removing the content from a particular domain of a product (i.e., removing from a link from the .fr version of a search engine that remains accessible on the .com version), blocking content from a ‘version’ of an online product that is accessible through a ‘country’ or ‘language’ setting on that product, or some combination of the last three options (i.e., an online product that directs the user to a version of the product based on the country that their IP address is coming from, but where the user can alter a URL or manipulate a drop-down menu to show her a different ‘country version’ of the product, providing access to content that may otherwise be inaccessible).

While almost all of the different types of content restrictions described above can be circumvented by technical means such as the use of proxies, IP-cloaking, or Tor, the average internet user does not know that these techniques exist, much less how to use them. Of the different types of content restrictions described above, a domain removal, for example, is easier for an individual user to circumvent than IP-Blocked content because you only have to change the URL of the product you are using to, i.e. “.com” to see content that has been locally restricted. To get around an IP-block, you would have to be sufficiently savvy to employ a proxy or cloak your true IP address.

Therefore, the technical means used to restrict access to controversial content has a direct impact on the magnitude of the actual restriction on speech. The more restrictive the technical removal method, the fewer people that will have access to that content. To preserve access to lawful content, online intermediaries should choose the least restrictive means of complying with removal requests, especially when the removal request is based on the law of a particular country that makes certain content unlawful that is not unlawful in other countries. Further, when building new products and services, intermediaries should built in removal capability that minimally restricts access to controversial content.

If content is restricted due to its illegality in a particular country, the geographical scope of the content restriction should be as minimal as possible
Building on the discussion in “ii,” supra, a user should be able to access content that is lawful in her country even if it is not lawful in another country. Different countries have different laws and it is often difficult for intermediaries to determine how to effectively respond to requests and reconcile the inherent conflicts that result. For example, content that denies the holocaust is illegal in certain countries, but not in others. If an intermediary receives a request to remove content based on the laws of a particular country and determines that it will comply because the content is not lawful in that country, it should not restrict access to the content such that it cannot be accessed by users in other countries where the content is lawful. To respond to a request based on the law of a particular country by blocking access to that content for users around the world, or even users of more than one country, essentially allows for extraterritorial application of the laws of the country that the request came from. While it is preferable to standardize and limit the legal requirements imposed on online intermediaries throughout the world, to the extent that this is not possible, the next-best option is to limit the application of laws that are interpreted to declare certain content unlawful to the users that live in that country. Therefore, intermediaries should choose the technical means of content restriction that is most narrowly tailored to limit the geographical scope and impact of the removal.

The ability of conduits (telecommunications/internet service providers) to filter content should be minimized to the extent technically and legally possible

The 2011 Joint Declaration on Freedom of Expression and the Internet made the following points about the dangers of allowing filtering technology:

“Mandatory blocking of entire websites, IP addresses, ports, network protocols or types of uses (such as social networking) is an extreme measure – analogous to banning a newspaper or broadcaster – which can only be justified in accordance with international standards, for example where necessary to protect children against sexual abuse.

Content filtering systems which are imposed by a government or commercial service provider and which are not end-user controlled are a form of prior censorship and are not justifiable as a restriction on freedom of expression.

Products designed to facilitate end-user filtering should be required to be accompanied by clear information to end-users about how they work and their potential pitfalls in terms of over-inclusive filtering.”^[23]

In short, filtering at the conduit level is a blunt instrument that should be avoided whenever possible. Similar to how conduits should not be legally responsible for content that they neither host nor modify (the ‘mere conduit’ rule discussed supra), conduits should technically restrict their ability to filter content such that it would be inefficient for government agencies to contact them to have content filtered. Mere conduits are not able to assess the context surrounding the controversial content that they are asked to remove and are therefore not the appropriate party to receive takedown requests. Further, when mere conduits have the technical ability to filter content, they open themselves to pressure from government to exercise that capability. Therefore, mere conduits should limit or not build in the capability to filter content.

Notice and notice, or notice and judicial takedown, should be preferred to notice and takedown, which should be preferred to unilateral removal
Mechanisms for content removal that involve intermediaries acting without any oversight or accountability, or those which only respond to the interests of the party requesting removal, are unlikely to do a very good job at balancing public and private interests. A much better balance is likely to be struck through a mechanism where power is distributed between the parties, and/or where an independent and accountable oversight mechanism exists.

Considered in this way, there is a continuum of content removal mechanisms that ranges from those are the least balanced and accountable, and those that are more so. The least accountable is the unilateral removal of content by the intermediary without legal compulsion in response to a request received, without affording the uploader of the content the right to be heard or access to remedy.

Notice and takedown mechanisms fit next along the continuum, provided that they incorporate, as the DMCA attempts to do, an effective appeal and counter-notice mechanism. However where notice and takedown falls down is that the cost and incentive structure is weighted towards removal of content in the case of doubt or dispute, resulting in more content being taken down and staying down than would be socially optimal.

A better balance is likely to be struck by a “notice and notice” regime, which provides strong social incentives for those whose content is reported to be unlawful to remove the content, but does not legally compel them to do so. If legal compulsion is required, a court order must be separately obtained.

Canada is an example of a jurisdiction with a notice and notice regime, though limited to copyright content disputes. Although this regime is now established in legislation, it formalizes a previous voluntary regime, whereby major ISPs would forward copyright infringement notifications received from rightsholders to subscribers, but without removing any content and without releasing subscriber data to the rightsholders absent a court order. Under the new legislation additional record-keeping requirements are imposed on ISPs, but otherwise the essential features of the regime remain unchanged.

Analysis of data collected during this voluntary regime indicates that it has been effective in changing the behavior of allegedly infringing subscribers. A 2010 study by the Entertainment Software Association of Canada (ESAC) found that 71% of notice recipients did not infringe again, whereas a similar 2011 study by Canadian ISP Rogers found 68% only received one notice, and 89% received no more than two notices, with only 1 subscriber in 800,000 receiving numerous notices.^[24] However, in cases where a subscriber has a strong good faith belief that the notice they received was wrong, there is no risk to them in disregarding the erroneous notice – a feature that does not apply to notice and takedown.

Another similar way in which public and private interests can be balanced is through a notice and judicial takedown regime, whereby the rightsholder who issues a notice about offending content must have it assessed by an independent judicial (or perhaps administrative) authority before the intermediary will respond by taking the content down.

An example of this is found in Chile, again limited to the case of copyright.^[25] In response to its Free Trade Agreement with the United States, the system introduced in 2010 is broadly similar to the DMCA, with the critical difference that intermediaries are not required to take material down in order to benefit from a liability safe harbor, until such time as a court order for removal of the material is made. Responsibility for evaluating the copyright claims made is therefore shifted from intermediaries onto the courts.

Although this requirement does impose a burden on the rightsholder, this serves a purpose by disincentivizing the issue of automated or otherwise unjustified notices that are more likely to restrict or chill freedom of expression. In cases where there is no serious dispute about the legality of the content, it is unlikely that the lawsuit would be defended. In any case, the legislation authorizes the court to issue a preliminary injunction on an ex parte basis, on condition of payment of a bond.

Intermediaries should be allowed to charge for the time and expense associated with processing legal requests
As an intermediary, it is time consuming and relatively expensive to understand the obligations that each country’s legal regime imposes on you, and to accurately how each legal request should be handled. Especially for intermediaries without many resources, such as forum operators or owners of home Wifi networks, the costs associated with being an intermediary can be prohibitive. Therefore, it should be within their rights to charge for their compliance costs if they are either below a certain user threshold or can show financial necessity in some way.

Legal requirements imposed on intermediaries should be a floor, not a ceiling- ISPs can adopt more restrictive policies to more effectively serve their users as long as they have published policies that explain what they are doing
The Internet has space for a wide range of platforms and applications directed to different communities, with different needs and desires. A social networking site directed at children, for example, may reasonably want to have policies that are much more restrictive than a political discussion board. Therefore, legal requirements that compel intermediaries to take down content should be seen as a ‘floor,’ but not a ‘ceiling’ on the range and quantity that of content those intermediaries may remove. Intermediaries should retain control over their own policies as long as they are transparent about what those policies are, what type of content the intermediary removes, and why they removed certain pieces of content.

Principle VI: Privacy

It is important to protect the ability of Internet users to speak by narrowing and making less ambiguous the range of content that intermediaries can be held liable for, but it is also very important to make users feel comfortable sharing their view by ensuring that their privacy is protected. Protecting the user’s ability to share her views, especially when those views are controversial or have a direct bearing on important political issues, requires that the user can trust the intermediaries that she uses. This concept can be further broken down into three sub-principles:

The user’s personal information should be protected to the greatest extent possible given the state of the art in encryption, security, and policy
Users will be less willing to speak on important topics if they have legitimate concerns that their data may be taken from them. As stated in the UNESCO Report, “[b]ecause of the amount of personal information held by companies and ability to access the same, a company’s practices around collection, access, disclosure, and retention are key. To a large extent a service provider’s privacy practices are influenced by applicable law and operating licenses required by the host government. These can include requirements for service providers to verify subscribers, collect and retain subscriber location data, and cooperate with law enforcement when requested. Outcome: The implications of companies trying to balance a user’s expectation for privacy with a government’s expectation for cooperation can be serious and are inadequately managed in all jurisdictions studied.”^[26]

Where possible, ISPs should help to preserve the user’s right to speak anonymously
An important aspect of an Internet user’s ability to exercise her right to free expression online is ability to speak anonymously. Anonymous speech is one of the great advances of the Internet as a communications medium and should be preserved to the extent possible. As noted by special rapporteur Frank LaRue, “[i]n order for individuals to exercise their right to privacy in communications, they must be able to ensure that these remain private, secure and, if they choose, anonymous. Privacy of communications infers that individuals are able to exchange information and ideas in a space that is beyond the reach of other members of society, the private sector, and ultimately the State itself. Security of communications means that individuals should be able to verify that only their intended recipients, without interference or alteration, receive their communications and that the communications they receive are equally free from intrusion. Anonymity of communications is one of the most important advances enabled by the Internet, and allows individuals to express themselves freely without fear of retribution or condemnation.”^[27]

The user’s PII should never be sold or used without her consent, and she should always know what is being done with it via an easily comprehensible dashboard
The user’s trust in the online platform that she uses and relies upon is influenced not only by the relationships the intermediary maintains with the government, but also with other commercial entities. A user, who feels that her data will be constantly shared with third parties, perhaps without her consent and/or for marketing purposes, will never feel like she is able to freely express her opinion. Therefore, it is the intermediary’s responsibility to ensure that its users know exactly what information it retains about them, who it shares that information with and under what circumstances, and how to change the way that her data is shared. All of this information should be available on a dashboard that is comprehensible to the average user, and which gives her the ability to easily modify or withdraw her consent to the way her data is being shared, or the amount of data, or specific data, that the intermediary is retaining about her.

Principle VII: Access to Remedy

As noted in the UNESCO Report, “Remedy is the third central pillar of the UN Guiding Principles on Business and Human Rights, placing an obligation both on governments and on companies to provide individuals access to effective remedy. This area is where both governments and companies are almost consistently lacking. Across intermediary types, across jurisdictions and across the types of restriction, individuals whose content is restricted and individuals who wish to access such content are offered little or no effective recourse to appeal restriction decisions, whether in response to government orders, third party requests or in accordance with company policy. There are no private grievance or due process mechanisms that are clearly communicated and readily available to all users, or consistently applied.”^[28]

Any notice and takedown system is subject to abuse, and any company policy that results in the removal of content is subject to mistaken or inaccurate takedowns, both of which are substantial problems that can only be remedied by the ability for users to let the intermediary know when the intermediary improperly removed a specific piece of content and the technical and procedural ability of the intermediary to put the content back. However, the technical ability to reinstate content that was improperly removed may conflict with data retention laws. This conflict should be explored in more detail. In general, however, every time content is removed, there should be:

A clear mechanism through which users can request reinstatement of content
When an intermediary decides to remove content, it should be immediately clear to the user that content has been removed and why it was removed (see discussion of in-product notice, supra). If the user disagrees with the content removal decision, there should be an obvious, online method for her to request reinstatement of the content.

Reinstatement of content should be technically possible
When intermediaries (who are subject to intermediary liability) are building new products, they should build the capability to remove content into the product with a high degree of specificity so as to allow for narrowly tailored content removals when a removal is legally required. Relatedly, all online intermediaries should build the capability to reinstate content into their products while maintaining compliance with data retention laws.

Intermediaries should have policies and procedures in place to handle reinstatement requests
Between the front end (online mechanism to request reinstatement of content) and the backend (technical ability to reinstate content) is the necessary middle layer, which consists of the intermediary’s internal policies and processes that allow for valid reinstatement requests to be assessed and acted upon. In line with the corporate ‘responsibility to respect’ human rights, and considered along with the human rights principle of ‘access to remedy,’ intermediaries should have a system in place from the time that an online product launches to ensure that reinstatement requests can be made and will be processed quickly and appropriately.

Principle VIII: Accountability

Governments must ensure that independent, transparent, and impartial accountability mechanisms exist to verify the practices of government and companies with regards to managing content created online
“While it is important that companies make commitments to core principles on freedom of expression and privacy, make efforts to implement those principles through transparency, policy advocacy, and human rights impact assessments, it is also important that companies take these steps in a manner that is accountable to stakeholders. One way of doing this is by committing to external third party assurance to verify that their policies and practices are being implemented to a meaningful standard, with acceptable consistency wherever their service is offered. Such assurance gains further public credibility when carried out with the supervision and affirmation of multiple stakeholders including civil society groups, academics, and responsible investors. The Global Network Initiative provides one such mechanism for public accountability. Companies not currently participating in GNI, or a process of similar rigor and multi-stakeholder involvement, should be urged by users, investors, and regulators to do so.”^[29]

Civil society should encourage comparative studies between countries and between ISPs with regards to their content removal practices to identify best practices
Civil society has the unique ability to look longitudinally across this issue to determine and compare how different intermediaries and governments are responding to content removal requests. Without information about how other governments and intermediaries are handling these issues, it will be difficult for each government or intermediary to learn how to improve its laws or policies. Therefore, civil society has an important role to play in the process of creating increasingly better human rights outcomes for online platforms by performing and sharing ongoing, comparative research.

Civil society should establish best practices and benchmarks against which ISPs and government can be measured, and should track governments and ISPs over time in public reports
“A number of projects that seek, define and implement indicators and benchmarks for governments or companies are either in development (examples include: UNESCO’s Indicators of Internet Development project examining country performance, Ranking Digital Rights focusing on companies) or already in operation (examples include the Web Foundation’s Web Index, Freedom House’s Internet Freedom Index, etc.). The emergence of credible, widely-used benchmarks and indicators that enable measurement of country and company performance on freedom of expression will help to inform policy, practice, stakeholder engagement processes, and advocacy.”^[30]

Principle IX: Due Process - In Both Legal and Private Enforcement

ISPs should always consider context before removing content and Governments and courts should always consider context before ordering that certain content be removed
“Governments need to ensure that legal frameworks and company policies are in place to address issues arising out of intermediary liability. These legal frameworks and policies should be contextually adapted and be consistent with a human rights framework and a commitment to due process and fair dealing. Legal and regulatory frameworks should also be precise and grounded in a clear understanding of the technology they are meant to address, removing legal uncertainty that would provide opportunity for abuse.”^[31]

Principles for Courts

An independent and impartial judiciary exists, at least in part, to preserve the citizen’s due process rights. Many have called for an increased reliance on courts to make determinations about the legality of content posted online in order to both shift the censorship function from unaccountable private actors and to ensure that courts only order the removal of content that is actually unlawful. However, when courts do not have an adequate technical understanding of how content is created and shared on the internet, the rights of the intermediaries that facilitate the posting of the content, and who should be ordered to remove unlawful content, they do not add value to the online ecosystem. Therefore, courts should keep certain principles in mind to preserve the due process rights of the users that post content and the intermediaries that host the content.

Preserve due process for intermediaries- do not order them to do something before giving them notice and the opportunity to appear before the court

In a dispute between two private parties over a specific piece of content posted online, it may appear to the court that the easy solution is to order the intermediary who hosts the content to remove it. However, this approach does not extend any due process protections to the intermediary and does not adequately reflect the intermediary's status as something other than the creator of the content. If a court feels that it is necessary for an intermediary to intervene in a legal proceeding between two private parties, the court should provide the intermediary with proper notice and give them the opportunity to appear before the court before issuing any orders.

Necessity and proportionality of judicial determinations- judicial orders determining the illegality of specific content should be narrowly tailored to avoid over-removal of content

With regards to government removal requests, the UNESCO Report notes that “[o]ver-broad law and heavy liability regimes cause intermediaries to over-comply with government requests in ways that compromise users’ right to freedom of expression, or broadly restrict content in anticipation of government demands even if demands are never received and if the content could potentially be found legitimate even in a domestic court of law.”^[32] Courts should follow the same principle: only order the removal of the bare minimum of content that is necessary to remedy the harm identified and nothing more.

Courts should clarify whether ISPs have to remove content in response to court orders directed to third parties, or only have to remove content when directly ordered to do so (first party court orders) after an adversarial proceeding to which the ISP was a party

See discussion of the difference between first party and third party court orders (supra, section a., “Transparency”). Ideally, any decision that courts reach on this issue would be consistent across different countries.

Questions- related unresolved issues that should be kicked to the larger group

How should the conflict between access to remedy and data retention laws that say content must be hard deleted after a certain period of time be resolved? I think the access to remedy has to be subordinated to the data protection laws. Let's make that our draft position, but continue to flag it for discussion.

Should ISPs have to remove content in response to court orders directed to third parties, or only have to remove content when directly ordered to do so (first party court orders) after an adversarial proceeding to which the ISP was a party? I think first party orders. Let's make that our draft position, but continue to flag it for discussion.

[1] Center for Democracy and Technology, Shielding the Messengers: Protecting Platforms for Expression and Innovation at 4-15 (Version 2, 2012), available at https://www.cdt.org/files/pdfs/CDT-Intermediary-Liability-2012.pdf (see pp.4-15 for an explanation of these different models and the pros and cons of each).

[2] UNESCO, “Fostering Freedom Online: The Roles, Challenges, and Obstacles of Internet Intermediaries” at 6-7 (Draft Version, June 16th, 2014) (Hereinafter “UNESCO Report”).

[3] UNESCO Report at 56.

[4] UNESCO Report at 37.

[5] Center for Democracy and Technology, Additional Responses Regarding Notice and Action, Available at https://www.cdt.org/files/file/CDT%20N&A%20supplement.pdf.

[6] The United Nations (UN) Special Rapporteur on Freedom of Opinion and Expression, the Organization for Security and Co-operation in Europe (OSCE) Representative on Freedom of the Media, the Organization of American States (OAS) Special Rapporteur on Freedom of Expression and the African Commission on Human and Peoples’ Rights (ACHPR) Special Rapporteur on Freedom of Expression and Access to Information, Article 19, Global Campaign for Free Expression, and the Centre for Law and Democracy, JOINT DECLARATION ON FREEDOM OF EXPRESSION AND THE INTERNET at 2 (2011), available at http://www.osce.org/fom/78309 (Hereinafter “Joint Declaration on Freedom of Expression).

[7] Center for Democracy and Technology, Additional Responses Regarding Notice and Action, Available at https://www.cdt.org/files/file/CDT%20N&A%20supplement.pdf.

[8] Id.

[9] Id.

[10] UNESCO Report at 113-14.

[11] ‘Chilling Effects’ is a website that allows recipients of ‘cease and desist’ notices to submit the notice to the site and receive information about their legal rights. For more information about ‘Chilling Effects’ see: http://www.chillingeffects.org.

[12] Id. at 73. You can see an example of a complaint published on Chilling Effects at the following location. “DtecNet DMCA (Copyright) Complaint to Google,” Chilling Effects Clearinghouse, March 12, 2013, www.chillingeffects.org/notice.cgi?sID=841442.

[13] UNESCO Report at 73.

[14] Article 19, Internet Intermediaries: Dilemma of Liability (2013), available at http://www.article19.org/data/files/Intermediaries_ENGLISH.pdf.

[15] UNESCO Report at 120.

[16] Joint Declaration on Freedom of Expression and the Internet at 2.

[17] Id.

[18] Id.

[19] Id. at 121.

[20] Id. at 104.

[21] Id. at 122.

[22] Center for Democracy and Technology, Shielding the Messengers: Protecting Platforms for Expression and Innovation at 12 (Version 2, 2012), available at https://www.cdt.org/files/pdfs/CDT-Intermediary-Liability-2012.pdf.

[23] Joint Declaration on Freedom of Expression at 2-3.

[24] Geist, Michael, Rogers Provides New Evidence on Effectiveness of Notice-and-Notice System (2011), available at http://www.michaelgeist.ca/2011/03/effectiveness-of-notice-and-notice/

[25] Center for Democracy and Technology, Chile’s Notice-and-Takedown System for Copyright Protection: An Alternative Approach (2012), available at https://www.cdt.org/files/pdfs/Chile-notice-takedown.pdf

[26] UNESCO Report at 54.

[27] “Report of the Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, Frank La Rue (A/HRC/23/40),” United Nations Human Rights, 17 April 2013, http://www.ohchr.org/Documents/HRBodies/HRCouncil/RegularSession/Session23/A.HRC.23.40_EN.pdf, § 24, p. 7.

[28] UNESCO Report at 118.

[29] UNESCO Report at 122.

[30] Id.

[31] UNESCO Report at 120.

[32] Id. at 119.

For more details visit https://cis-india.org/internet-governance/blog/zero-draft-of-content-removal-best-practices-white-paper

Webinar on the draft Intermediary Guidelines Amendment Rules

Admin — 2019-01-18T02:13:23Z

CCAOI and the ISOC Delhi Chapter organised a webinar on January 10 to discuss the draft "The Information Technology [Intermediary Guidelines (Amendment) Rules] 2018". Gurshabad Grover was a discussant in the panel.

The agenda of the discussion was:

A brief introduction to the draft highlighting the key issues[Shashank Mishra]
Invited experts sharing their view on the paper and questions asked [Nehaa Chaudhari, Paul Brooks, Arjun Sinha, Gurshabad Grover]
Open Discussion Q&A
Summarizing the session

A recording of the session can be accessed here

For more details visit https://cis-india.org/internet-governance/news/webinar-on-the-draft-intermediary-guidelines-amendment-rules

Roundtable Discussion on Intermediary Liability

Admin — 2019-10-20T07:08:11Z

Tanaya Rajwade participated in a roundtable discussion on intermediary liability organised by SFLC and the Dialogue in New Delhi on October 17, 2019.

Click to view the agenda.

For more details visit https://cis-india.org/internet-governance/news/roundtable-discussion-on-intermediary-liability

MediaNama roundtables on intermediary liability rules

Admin — 2019-02-17T15:59:33Z

MediaNama hosted one policy round-table on Intermediary Liability protections in Bangalore and another round-table in New Delhi, to discuss inputs sought by MEITY on the amendments to Safe Harbor for platforms (payments services, content services, ISPs, etc.) in India. Centre for Internet & Society is a community partner for the event.

One round-table was held at St. Mark's Hotel in Bangalore on January 25, 2019 and the next one will be held at India Habitat Centre in New Delhi on February 7, 2019. Gurshabad Grover participated in the meeting held on January 25, 2019. Participants discussed the draft amendments to the intermediary liability rules (under Section 79 of the IT Act) and recommendations stakeholders could respond with. For more info click here.

MediaNama has posted some pieces after the discussion that may be of interest:

No clarity on what constitutes offenses for intermediaries (by Alok Prasanna Kumar)
Should different sizes or categories of intermediaries be regulated differently? (by Nikhil Pahwa)
The Intent of Traceability is behavioral change (by Nikhil Pahwa)

For more details visit https://cis-india.org/a2k/news/medianama-roundtables-on-intermediary-liability-rules