This article is written by Arya Patil who is pursuing a Diploma in Intellectual Property, Media and Entertainment Laws from Lawsikho.

Introduction

When a messenger informed Cleopatra about Antony’s marriage, she threatened to kill him. The messenger responded, “I that do bring the news made not the match.” Should the messenger be held responsible? This is where the phrase “Don’t shoot the messenger.” originates. In essence, this is the moral question that lies at the heart of intermediary liability. Should internet intermediaries be held liable for illegal activities initiated by its subscribers and facilitated by its systems?

Intermediaries such as ISPs (internet service providers), search engines, and hosts play an indispensable role in ensuring a free flow of communication and information on the internet. In its attempt the regulate content, the Indian government is making certain demands to these intermediaries to monitor and screen content. This already has and will continue to lead to private, invisible censorship and endangering the exercise of Right of freedom of speech- a fundamental Right enshrined in the Indian Constitution, which already stands on shaky ground due to the government’s increasingly restrictive regulations of the internet. 

The issue of liability of internet intermediaries concerning third-party content is one of the most contentious issues in the realm of cyber law. With the ever-increasing dependency on the internet & change in our communication systems, the problem has attained enhanced complexity. The concept of Intermediary Liability is broadly used in the context of Intellectual Property on multiple levels. The role played by the Intermediaries in use, and spread of Intellectual Property is what contributes to their growing value and makes them accessible & available, serving the purpose of their creation. 

Internet Intermediaries : Definitional Ambiguity 

The Information Technology Act 2000 (“IT Act”) defines “intermediary” under Section 2(w) as any person, who on behalf of another person receives, stores or transmits that record or provides any service with respect to that record and includes telecom service providers, network service providers, internet service providers, web-hosting service providers, search engines, online payment sites, online-auction sites, online-market places and cyber cafes. This definition was introduced by the Information Technology (Amendment) Act, 2008 (“Amendment Act”). While this definition can pose certain ambiguities, it is a significant improvement from the pre-amendment position, we defined an intermediary as any person “who on behalf of another person receives, stores or transmit that message or provides any service with respect to that message”.

However, as recognized by the wide-ranging list of intermediaries in the definition, intermediaries can be of many different types, each providing a different functionality in the online environment. Many are not visible to the user (for instance root servers, internet exchange points, gateways, backhaul providers, etc.). These intermediaries assist in the communication but do not directly interact with the content or the user. On the other hand, cyber cafes and Wi-fi hotspots, merely provide a location for accessing online services. These can be differentiated from those that actively host information or take the form of social media platforms or communication apps where users can interact (such as WhatsApp, Facebook, Instagram, cloud-based services, etc.). 

Internet service providers usually only provide access to the internet through physical infrastructure. In contrast, search engines index content and provide links to relevant information and content and hence, the level of involvement with content differs thus by not taking into account the functional differences of the intermediaries, its efficacy as an immunity measure can be adversely affected.  

The new definition is a broad-based definition which attempts to remove the generalities of the earlier provision and expand the number of entities which can claim an exemption under intermediary liability protection. However, its effectiveness in providing immunity to them may be hampered by its failure to acknowledge and provide for the functional differences of the intermediaries. Unlike other jurisdictions which distinguish between different classes of intermediaries, India treats different types of intermediaries similarly. It makes no distinction concerning the due diligence requirements or other obligations which are to be undertaken by different kinds of intermediaries for availing immunity. 

Intermediary Liability Models throughout the World 

The concept of intermediary liability has surfaced due to the distinctive and vast architecture of the internet. Vast amounts of information are transported across borders in seconds through the process, and it has facilitated various unlawful activities, such as defamation, distribution of illegal content, and intellectual property infringement. Though there is a broad agreement that we shouldn’t shoot the messenger when it comes to online transactions, legal systems around the world are struggling with finding the right balance for safe harbour. There are different viewpoints and approaches worldwide concerning the extent to which an intermediary should be held liable for the unlawful content generated by the users. Theoretically, these could be summarized in the form of three models namely – 

Strict liability model: In the strict liability model, the intermediaries are held unconditionally & vicariously liable for all its user-generated content. Since it may be difficult to trace the actual perpetrators and to curb the instantaneous circulation of unlawful content, many countries have found it convenient and effective to impose strict liability on intermediaries, which host, transmit and locate such information. Therefore, it is imperative that they monitor the content and ensure its compliance with the law. 

Broad immunity model: While it is acceptable to argue that the architecture of the internet necessitates intermediary liability for control of unlawful activity, legislations have to accommodate the fact that they also play an indispensable function in ensuring free flow of ideas in information on the internet, and thus, requires some protection from liability. In the broad immunity model, they are given comprehensive, sometimes conditional, immunity from liability w.r.t user-generated content. In this model, they are not required by the law to monitor the user-generated data for unlawful content. 

Safe harbour model: In the safe-harbour model, the intermediaries are granted conditional immunity provided they ffulfillulfil some requirements as specified by the law. This model includes “notice-and-takedown” processes, which are procedures regarding the processing of content takedown requests to be followed by the intermediaries. The intermediaries may be instructed to have content filters in place so as to avoid hosting or transmission of unlawful content. The safe-harbour model of intermediary regulation is followed by the EU e-commerce directive, US Digital Millennium Copyright Act and the Indian Information Technology Act. 

However, irrespective of the liability model followed, they are obliged to take down any unlawful content when instructed, via legal procedures. 

Intermediary Liability jurisprudence in India :  Safe Harbour Model

Safe Harbour provisions protect the intermediaries from being held liable for the acts of third party users who use the infrastructure provided for illicit acts. E.g. Internet Service Providers (ISPs) will not be liable if their subscribers use the Internet for an unlawful purpose, e-commerce platforms are not legally responsible if people sell counterfeit goods, & social media platforms are not liable when people publish defamatory content. In India, the regulation of intermediaries is incorporated in different laws and sub-legislations. 

The statutory regime governing intermediary liability for third-party content in India is to be found primarily, but not exclusively, in 

1. Indian Copyright Act, 1957
2. Information Technology Act, 2000 
3. Information Technology (Intermediaries Guidelines) Rules, 2011 
4. Copyright Rules, 2013 
5. Moreover, there have been a multitude of cases in India, and the judiciary has been proactive in adjudicating on these issues. 

• Indian Copyright Act (1957)

The Indian Copyright Act of 1957 was amended in 2012 whereby Section 52 described several instances where exemption could be granted for copyright infringement. As per Section 52(1)(c), the acts of intermediaries are exempted from copyright infringement saving they are conscious or have a reasonable basis for believing that work/content is an infringing copy.

• Information Technology Act (2000)

Safe Harbour provisions for intermediaries in India are observed under the IT Act and the intermediary rules that correspond to it. The Safe Harbour provisions have evolved significantly since the Act got enacted first, partially through amendments of the Act and Rules, and partly through judicial interpretations of these provisions. Initially under the IT Act, only network service providers were protected “for any third party information or data made available by him if he proves that the offence or contravention was committed without his knowledge or that he had exercised all due diligence to prevent the commission of such offence or contravention.” Thus, the original IT Act gave little to no immunity to intermediaries.

After the Amendment Act, 2008, the definition of an ‘intermediary’ has been broadened as mentioned above. Telecom service providers, web-hosting services, network service providers, internet service providers, search engines, online payment sites, e-commerce sites, cyber cafes and social media websites such as Facebook, Twitter, and Pinterest are now all considered intermediaries as per this definition.

Safe Harbour provisions are provided under Section 79 of the IT Act. Section 79(2) exempts network service providers or intermediaries from liability if it is proven that the offence was committed without his knowledge or that he had practiced all the required due diligence to avoid such contravention. The explanation to this Section provides that the network service provider is an intermediary. Therefore, when we look at all these provisions, it is clear that the intermediary has received protection from copyright infringement under the statute. 

• The Information Technology (Intermediaries Guidelines) Rules, 2011 

After the Amendment Act in 2008, the Government of India introduced the Intermediary Guidelines, which were obligatory for all intermediaries to follow in order to claim safe harbour protection. These are to be read in accordance with the IT Act. The due diligence requirements that must be observed by intermediaries, provided under Rule 3, are:

1. Intermediaries to publish rules and regulations, privacy policy and user agreement
2. Rules and regulations, terms and conditions or user agreement shall specify all prohibited acts and the intermediary should inform users that violation of same shall lead to termination of access
3. Intermediaries to disable such information within 36 hours and storage of same for 90 days for investigation purposes,
4. Intermediaries to assist authorised government agencies,
5. Intermediaries to exercise reasonable measures to secure its computer resource,
6. Intermediaries to report cybersecurity incidents to the Indian Computer Emergency Response Team and

Yet, the IT Act and the Intermediary Guidelines were engulfed by various issues such as vagueness in specifying the prohibited content and other factors. Additionally, any person could ask the intermediaries to pull down the unlawful content. However, most of these issues were mostly addressed in the Shreya Singhal judgment.

• Shreya Singhal v. Union of India (2015)

In 2015, in the landmark Shreya Singhal v UOI judgement, the Supreme Court for the first time recognised the Indian citizen’s Right to Freedom of Speech over the Internet & cyberspace. It struck down the stringent Section 66A of the IT Act, that provided for punishment for sending offensive messages through any means of a computer.

Regarding intermediary liability, the Court held that “Section 79 is valid subject to Section 79(3)(b) being read down to mean that an intermediary upon receiving actual knowledge from a court order or on being notified by the appropriate government or its agency that unlawful acts relatable to Article 19(2) are going to be committed then fails to expeditiously remove or disable access to such material…. Similarly, the Information Technology “Intermediary Guidelines” Rules, 2011 are valid subject to Rule 3 sub-rule (4) being read down in the same manner as indicated in the judgment.”

The Court also observed that it would be nearly impossible for intermediaries and sites like Google, Facebook etc. to go through millions of requests that are made and determine which requests are legitimate and which are not.

• My Space Inc. v. Super Cassettes Industries Ltd. (2017)

In this case, the Delhi High Court categorised Copyright matters and observed that if intermediaries were handed the responsibility of identifying unlawful content, it could have dangerous effect on free speech. It might lead to private & invisible censorship that would be unconstitutional. This case dealt with uploading of music on myspace.com against which a copyright infringement suit was filed by Super Cassettes India Ltd.

The High Court also introduced the concept of ‘actual or specific knowledge’. The bench held that intermediaries could be held liable if they have either actual or specific knowledge of the existence of infringing/unlawful content on their website from content owners. And if they do not take down the content, despite such notice. There is no need for a court order in such cases. 

• Amway India Enterprises Pvt Ltd v. 1Mg Technologies Pvt Ltd & Anr. (2019)

The main issue, in this case, was the dispute between Direct Selling Business and e-commerce platforms about whether the intermediary has assumed the role of the seller by determining its retail prices, discounts, return/refunds policies etc. Therefore, the issue was whether the intermediary had violated the Direct Selling Guidelines issued by the Government, which were binding on the Plaintiff. The Division Bench held that these guidelines are advisory and are not law and thus, not enforceable.

Further, the Court also gave reasoning as to why major eCommerce companies are actively involved and thus, do not qualify as intermediaries entitled to protection under the safe harbour provided in Section 79 of the IT Act. It was held that any non-compliance of the due diligence requirements as per the Intermediary Guidelines and failure to adhere to their policies would make the e-commerce platforms liable. The Division Bench also observed that the value-added services provided by the defendant as online market places, do not dilute the safe harbour granted to them under Section 79 of the IT Act.

Takedown notices and its incomplete provision in India

In a digital era, when Copyright protected material can easily be duplicated and disseminated around the globe, there is a need to protect the already protected material against any infringement. One of the remedies available to copyright holders is to issue Take Down Notices to an Internet Service Provider stating that the concerned website hosts any content which infringes the Right of the copyright holder. Further, necessary information regarding the infringing content must be duly provided, and the host website is sent a notice to take down such content. As a signatory to the TRIPS Agreement and being a WTO member country, India has introduced Internet Service Providers liability provisions under the Copyright Act, 1957, Information Technology Act, 2000 and rules framed thereunder.

Subsection (3) of section 79 creates an exception wherein an intermediary is not entitled to claim immunity when it has conspired or aided or abetted or induce the unlawful act or when it has failed to “expeditiously” take down information upon being notified by the government or upon receiving “actual knowledge” that the information is being used to commit an unlawful act.

Essentials of a Take Down Notice for infringement of Copyright protected work

Rule 75 of the Copyright Rules, 2013 lists essentials of takedown notices and the process of delivering it to the intermediary. The notice must necessarily specify these:

1. Description of the work with sufficient information to identify the content
2. Details establishing that the complainant is the exclusive owner of copyright in the content
3. Undertaking that the complainant will file an infringement suit in an appropriate court against the person responsible for uploading the infringing work; produce the orders of the competent court having jurisdiction, within twenty-one days from the date of receipt of the notice.
4. Details showing that the copy of the work is an infringing copy of the work owned by the complainant and that the allegedly infringing act is not covered under Section 52 or any other act that is permitted under the Act.
5. Details of the location where transient or incidental storage of the work is taking place.
6. Details of the person, if known, who is responsible for uploading the work infringing the copyright of the complainant.

American counterpart: This notice and takedown procedure in the IT Act is similar to section 512 of Digital Millennium Copyright Act (“DMCA”) which is the safe harbour provisions for intermediaries with respect to copyright issues in the United States of America. The DMCA provision requires service providers, upon receiving notice of infringing material, to remove or disable access to the material as soon as possible. However, the DMCA also provides account to notification procedure to ensure that there is no wrongful removal of content which does not constitute an infringement. If a subscriber files a counter-notice contesting the infringement, the service provider is required to restore the material unless the original claimant alleging infringement filed a lawsuit within 14 days.

In contrast to the DMCA, the takedown procedure under the IT act does not specify a time frame within which Section 79(3) obligation application must be exercised. However, the intermediary guidelines prescribe 36 hours for removal of unlawful content. Neither intermediaries nor users have been provided with an opportunity to respond to takedown notices under Section 79(3). They will therefore have few options but to remove content regardless of whether it is actually infringing or not in order to comply with the notice.

Despite extensive amendment in 2008, S. 79 of the IT Act lacks clarity. It could have an unforeseen impact on the intermediaries as well as the Right to free speech of the users unless the Safe Harbour provision is articulated and amended to have some more clarity, transparency and redressal. Therefore, a counter-notification procedure as provided in S.512 of DMCA should be included in S.79 of the IT Act to prevent misuse of this provision.

Additionally, every category of online content, and more importantly, every category of intermediary are varied, and any content takedown requirement must acknowledge these differences. A smaller intermediary may find it more challenging to comply with a stricter, shorter timeframe. A piece of ‘terrorist’ content may be expected to be treated with more urgency than something that merely is defamatory. These complexities are critical. They must be accordingly and thoughtfully incorporated in any law on content takedown notice. Regulation of illegal content online also cannot follow the one-size-fits-all principle. Accordingly, a good law on content takedown notices must account for the differences existing in the way intermediaries operate and the diversity of speech online. 

Conclusion

The definite relationship between the different intermediary liability provisions & rules is very ambiguous. Section 79 provides the intermediaries with an umbrella provision  of immunity (‘safe harbour’) from civil and criminal liability. However, the licenses are contractual most of the time, and any breach would entail the termination of the ISP’s license by the Department of Telecommunications. Also, the relationship between liability for copyright infringement and the liability under the IT Act is not very definite. The Delhi High Court, in Myspace vs Super Cassettes, held that the safe harbour provisions apply to intermediaries concerning copyright infringement. 

From the statutory provisions and judicial pronouncements above, it is observed that the rights, protections and liabilities of intermediaries in India are ever-evolving and dynamic technology and the law develops. However, it is apparent from the trend that India is approaching an era of more stringent intermediary liability. Currently, Section 79 of the IT Act, the Intermediary Guidelines & Shreya Singhal Judgment, is the authoritative law of India on intermediary liability. Hence, intermediaries cannot be held liable unless they had the correct information, and unless the requisite authority gives proper court order. 

The Indian position on intermediary liability lacks the necessary new ones. Despite a marked improvement in the IT act expanding the safe harbour protection enjoyed by intermediaries, the obligations imposed on intermediaries by various legislations and judicial decisions severely threatens the enjoyment of the Right to freedom of speech & expression on the internet. There is a need to clarify certain principles without which the immunity provided to these intermediaries stands on slippery ground.

It is imperative to ensure that no arbitrary power of the state is imposed on the intermediaries. The evolving jurisprudence on intermediary liability significantly impacts all technology & e-commerce players and necessitates the government to tread more cautiously to avoid dangerous economic repercussions. Judicial decisions must also guard against increasing the burden on them, as obligations and pressure to monitor content or not only infeasible but may lead to them resorting to broad filtering which will severely paralyse speech and expression. Thus, the present law in India must be carefully developed by both legislature and judiciary to create a clear, comprehensive and fair framework concerning intermediary liability in the intellectual property sphere.

---

LawSikho has created a telegram group for exchanging legal knowledge, referrals and various opportunities. You can click on this link and join: