This article is written by Somnath Iyer.

Introduction

Keeping in mind the rationale of Section 79 of the Information Technology Act which envisages exemption from liabilities to intermediaries which merely hosts third party content, the Information Technology Intermediary Guidelines Rules 2011 was introduced which casted obligations for intermediaries to follow in order to achieve exemption for liabilitities under Section 79 of the IT Act.

Intermediary: As per Section 2 (1) (w) any person who on behalf of another person receives, stores or transmits records or provides any service with respect to such records and includes telecom service providers, network service providers, internet service providers, web-hosting service providers, search engines, e-payment sites, e-auction sites, e-market places and cyber cafes.

In order to prevent misuse of social-media platforms and to provide stringent security to the users, the Ministry of Electronics and IT has proposed to amend the Information Technology Intermediary Guidelines Rules 2011 through the Information Technology [Intermediaries Guidelines (Amendment) Rules] 2018

List of key changes in 2018 as compared to 2011 Rules

• Rule No.2 inserted the term ‘Appropri­ate Government’ to mean the same as under the IT Act and inserted the term ‘Critical Information Infrastructure’ to mean the same as per Sec. 70(1) of the IT Act.
• The Intermediary Guidelines Rules, 2011 require intermediaries to prohibit users from hosting certain content on its platform (e.g. obscene content). The Draft Rules prohibit a new category of information, i.e., content which threatens ‘public health or safety’.  As such Rule 3 (2) (j) has been added in the Draft Rules and requires the intermediary to display rules informing users not to host or publish any information that inter alia threatens public health and safety. Further Rule 3 (2) (k) has been added requiring the intermediary to display rules informing users not to host or publish any information that threatens critical information infrastructure. Additionally Rule 3 (2) the term ‘privacy policy’ in place of ‘terms and condi­tions’ has been inserted in this provision.
• As per Rule 3 (4) the intermediaries are required to inform the user once every month about the fact that if the Rules and regulations, privacy policy and user agreement to access or usage of Intermediary computer resource are not complied with, and then the intermediaries reserve the right to terminate such access and usage. Under the 2011 Rules no such timeline was provided.
• Amendment in Rule 3 (5) requires an intermediary is required to provide the information requested under a lawful order, within 72 (seventy two) hours from the communication. Further, it mandates that the intermediary shall enable tracing out of such originator of information on its platform as may be required by government agencies that are legally authorized. Any such request can be made in writing or through electronic means stating clearly the purpose of seeking such information or any such assistance. The first part of new Rule 5 calls for intermediaries to respond to requests from ‘any government agency’ whereas earlier rules read “government agencies which are lawfully authorized for investigative, protective, cyber security activity.” Thus, this new rule expands the scope of which agencies can seek such information.
• Rule 3(7) requires the companies having more than fifty lakh users to have an office in India duly registered under the Companies Act. The big intermediaries are required to get their companies registered in India which will subject them to pay higher taxes. The 2018 Rules also requires appointment of a nodal officer who will be able to work with the law enforcement agencies round the clock.
• Further Rule 3 (8) requires to “disable access” within 24 hours to content deemed defamatory or against national security and other clauses under Article 19 (2) of the Constitution. It also contemplates for preserving such information and associated records for at one hundred and eighty days for investigation purposes, or for such longer period as may be required by the court or by government agencies that are lawfully authorized. In the 2011 Rules, the intermediaries were required to store the information and such records for a period of ninety days.
• Rule 3 (9) of the Amendment requires the intermediaries to deploy such technologies based on automated tools and appropriate mechanism for the purpose of identifying or removing or disabling access to unlawful information for proactively identifying and removing or disabling public access to unlawful information or content.

Advantages and Disadvantages of the Proposed Amendments

Proposed Amendment	Advantages	Disadvantages
Rule 3 (4): Due diligence to be observed by intermediary	The requirement to inform users “at least once every month” is a welcome step towards appraising users of the content take down and termination of access policies. This can be supplemented by providing useful context to users about the nuances of a company’s privacy policy, rules and regulations, and user agreements.	Monthly reminders are more likely to create warning fatigue and dissatisfaction among users, instead of increasing their awareness of this provision.
Rule 3(5) Tracking of originators	This requirement will help the intermediaries to identify and nab the original senders of any unlawful content.	Users’ right to privacy will be jeopardized. True End to end encryption will not be in place anymore thus restricting users to express their opinions freely without fear. Failing to offer privacy to customers, it may serve as a deterrent to the entry of new intermediaries in India. Further time limit of 72 hrs is impractical given the wide amounts of request generated by such intermediaries.
Rule 3 (7): User Base and Incorporation	This requirement will help the nodal officer to ensure compliances. Further additional compliance requirement will be required to be adhered by such companies.	Will restrict and burden small or foreign entities who don’t have enough financial assistance to act as intermediary. Appointing a nodal officer will increase the cost and compliance burden of smaller intermediaries.
Rule 3 (8): Take Down Requests	Intermediaries be will more responsible for the content flowing through their platforms.	In the absence of any clarity as to what sort of data is to be retained under the heading “Associated Records” it violates the Right of Privacy and such retention is in contrast to the law laid down in PUCL vs Union Of India (AIR 1997 SC 568)
Rule 3(9): Proactive Monitoring of Content using automated tools	It will allow intermediaries to identify and block content not fit for public access like fake news, any unlawful information likely to misguide public at large.	The term unlawful content is not properly defined and hence very vague. Intermediaries are likely to over-censor content in order to avoid criminal liability. Further it will require huge investment to set up AI to filter such content which will be burdensome for Start Ups. Also such proactive removal of content will curtail the user’s right to free speech and may further take away the user’s interest on such platform. It shifts additional responsibility on intermediaries. Such proposed amendment is not in consonance with the guidelines laid down in the Shreya Singhal v Union of India. This provision would imply that intermediaries have to modify content which might take away their safe harbour protection.

Issues

Is it possible for intermediary platforms to administer these?

• The provisions obliging intermediaries to use automated tools to filter content and the obligation to trace and identify users are problematic and require a substantial increase in investment. These seek to implement substantive obligations which are not contemplated under the IT Act itself, and which could seriously affect civil liberties (speech and privacy rights in particular).

Does it increase/ decrease risk or monitoring costs for internet businesses?

• In order to comply with Rule 3(9) which requires intermediaries to deploy automated filtering, small internet startups will need to deploy AI to assist with the filtration process which will require enormous amount of time and investment, thereby increasing the monitoring costs for internet businesses.

Are the rules more difficult to implement for one category of business as compared to another (e.g. social media platforms as compared to e-commerce)?

• The proposed guidelines are only for intermediaries who provide access to communication systems over which information made available by third parties is transmitted or stored or hosted. The proposed amendment rules are focused on social media firms making them more accountable for the content they host. Intermediaries such as social media platforms may not be able put in place pro-active censoring mechanisms owing to the volume of information received, processed or hosted by it on a daily basis making it more difficult for them in order to provide end to end encryption to their customers; whereas ecommerce companies are not obliged to worry about content takedown, traceability making it less difficult for them.

Is it necessary for the platform to be a paid platform to be subject to stricter rules?

• In order to comply with such stricter rules, the platform need not be a paid platform, however in order to keep abreast with the latest technology for filtering and removing unlawful content, a huge capital is required for which startups will need to start charging its customers.
  

Which kinds of internet platforms can avail intermediary protection if the new rules get implemented?

• The safe harbour protection available to intermediaries is conditional upon their observing “due diligence” while discharging their duties and observing guidelines issued by the Government in this regard.

As per the Draft Rules, intermediaries are obliged to take down the content on receipt of a court order or a direction from the Government or an agency of the Government within a period of 24 hours. The intermediaries which do not comply with a take-down order lose safe harbour under the Information Technology Act, 2000.

Case Precedents

In the matter between Shreya Sin­ghal v. Union of India (2015) 5 SCC 1, the Hon’ble Apex Court struck down Section 66A of the IT Act as un­constitutional for having a chilling effect on free speech. Further it held that ‘actual knowledge’ requirement for an intermediary to take down content has to be read to mean either an intimation in the form of a court order or on being notified by the gov­ernment and such requests must be restricted to the limitation listed by Article 19(2) of the Constitution. The Court has relaxed the due diligence obligation of intermediaries in India to a great extent, as now the Intermediaries instead of being diligent enough in conducting due diligence pertaining to the offensive matter on their websites, will need to wait for a government notification or order to remove them from their site.

In January, 2017, a single judge bench of the Delhi High Court in the matter between Kent RO Ltd & Anr. Vs. Amit Kotak & Ors 2017 (69) PTC 551 (Del), refused to compel intermedi­aries to screen content that infringes intellectual property laws on an ex-ante basis. The court held that requiring an inter­mediary to screen any kind of content would change the role of an intermediary from a facili­tator to an adjudicator. Under Section 79 and the IT Rules, 2011, an intermediary is only obliged to remove content on receipt of a court order or Government notification.

The proposed amendment in the form of Rule 3 (9) of the Draft Rules places responsibility on the intermediary to scrutinize the user generated content and determine its legality. Further, it places additional burden on the intermediary to deploy technologies based on automated tools and appropriate mechanism for the purpose of identifying or removing or disabling access to unlawful information for proactively identifying and removing or disabling public access to unlawful information or content. Such additional placement of responsibility is in complete contrast to the law laid down by the Apex Court in the judgment on Shreya Singhal.

As per the law laid down in KS Puttaswamy v. Union OF India WP (Civil) No. 494 of 2012, the Hon’ble Supreme Court held that “the right to privacy is protected as an intrinsic part of the right to life and personal liberty under Article 21 and as a part of the freedoms guaranteed by Part III (fundamental rights) of the Constitution”. In complete disparity the Traceability Requirement under Rule 3(5) of the Draft Rules requires interme­diaries to enable the tracing out of origi­nator of information on their platforms as may be required by any authorized government agencies. Such introduction will lead to breaking of such encryption and thus compromising the privacy of in­dividuals making use of such services for their private communication.

Conclusion

The intent of the guidelines is to strengthen the framework around maintaining public order and safety. The guidelines shift the burden of responsibility of identification of unlawful content from a government to the intermediaries. Further clarity is required as to what sort of content is unlawful, absence of which will arise confusion among intermediaries. The last part of new Rule 5 is restricted to agencies to those which are legally authorized to do so. Again in this aspect clarity is required as to who all are the agencies that are legally authorized. Additionally, intermediaries cannot rely on Artificial Intelligence to sort out unlawful content since it is not fully capable to understand the human communication and which is still at a nascent stage. Burdening intermediaries will entail them to act as adjudicators to takedown con­tent and lead to private censorship. A review mechanism should be in place, which gives scope to intermediaries for checking the veracity of takedown orders.

Attempts at regulating intermediaries by breaking encryption will be counterproductive and will affect the fun­damental rights of free speech and privacy guaranteed to citizens.

LawSikho has created a telegram group for exchanging legal knowledge, referrals and various opportunities. You can click on this link and join: