In Carpenter v. the United States, the Supreme Court of the United States acknowledged how digital data could provide intrusive details in one click and change the legal definition of privacy forever. The way a common man uses the internet without diving into complexes of his staked rights puts him in jeopardy. Recently, Intermediary Guidelines and Digital Media Ethics Code Rules, 2021 (“the Rules”) released by the Indian Ministry of Electronics and Technology show the vagueness and poor law enforcement in the country. They were set up with an objective of grievances compliance mechanisms but came with a highly compromised sense of liberty.
Stressing upon the democratic nature of the country, this article emphasizes how these rules are destroying the spirit of today’s constitutionalism. Further, it expresses concerns over the encroachment of fundamental rights by the rules and touches upon the pre-existing laws. It also covers status in different countries and critical takeaways for India.
Section 79 of the IT Act forms the basis of exempting intermediaries from liability for the acts of third parties until they comply with updated guidelines or safe harbor provision provided under Section 84 A would be destroyed, and the intermediary would be held liable in case of illegal content. Analyzing past scenarios, intermediaries were removing content readily by applying their judgment as per rule 3(d) of 2011 rules pursuant to civilian requests. In the Shreya Singhal Case, the Apex court held that only upon receiving ‘actual knowledge’ from the court or appropriate government agency about the commission of unlawful acts, an intermediary could remove the content to avoid the risk of losing the safe harbor provision.
Firstly, this situation, when read in the context of traceability rule under Rule 4(2), implies that there is a compulsion on intermediaries to comply with the ministry guidelines. This means that they would be required to enable the identification of the first originator of the message if it is illegal which inter alia is a threat to the sovereignty of India. Further, the end to end encryption feature in an intermediary facilitates the users to send their messages securely without intimating the third party, including the platform itself. Applying the rules, this feature would have to be weakened, and the genuine users would be under surveillance as well. This would break the secure use of the electronic medium, which is supposed to be a primary objective of the rules. Citizens are at a rock and a hard place as neither the government nor an intermediary is affected by the violation of their fundamental rights.
Secondly, it is public knowledge that social media platforms need to be regulated strictly. However, these amended rules single-handedly destroy the basic values which India is known for. The Constitution emphasizes the right to privacy principle established in Puttaswamy judgment, and as per it, the government should not per se invade a citizen’s personal communications. Further, as reiterated in Anuradha Bhasin v. Union of India, proportionality needs to be determined as to whether the impact of the encroachment on a fundamental right is disproportionate to the benefit which is likely to ensue.
Even if the government tries to take the shade of specific restrictions provided by sub-clauses under Article 19 in the current case, the traceability rule has crossed the original intention of the law and should be revisited. The legislative intent may be capturing criminal minds, preventing violence and identifying disturbance all over the country, but the harm is far greater than one could ever imagine.
When we observe the status of decryption and traceability in India, we will find that the pre-existing laws are vague and a source of major confusion. As per Section 69 of the IT Act, the central government or intelligence agencies can access or decrypt any data stored if satisfied that it is a threat to national security. The role would be of assistance, facilitating and handling requisition regarding decryption as mentioned under IT Rules 2009. However, the position of whether there is an obligation over an intermediary to assist the government in decryption is dicey. The controversy that the rules encroach fundamental rights was discussed in the case of Facebook Inc v. Union of India but without any solid outcome, although the court highlighted that the intermediary shall observe due diligence while discharging its duties.
However, presently, the intermediaries are forced to give up the information of citizens to the government, which is an imposition. This unpalatable act is far from their ‘due diligence and is a violation of the rights of intermediaries as well as citizens. This way, the executive is slyly delegating the efforts of generating Orwellian society to intermediaries.
Instead of solving the existing race between fundamental rights and surveillance, the executive is taking the road of digital authoritarianism. The new traceability rule would compel an individual to restrict the thoughts of oneself because of the fear of being targeted, thereby causing an indirect restriction on freedom of speech and expression. This freedom, being one of the intrinsic and guaranteed rights in a democracy, is outrightly challenged, and the challenger is the protector itself of such a democracy.
The test of proportionality does not get satisfied as the rights of millions of users all over the country are at stake. If the originator of a controversial post gets identified easily, the practice of arbitrariness by law enforcement agencies would be difficult to regulate. One would not be able to segregate legitimate criminals, and innocents could easily be trapped in vigorous proceedings.
A situation where the communications of the private citizens can be tracked and used against them under investigations would violate the right against self – incrimination provided under Article 20(3) of the Constitution and Section 132 of the Indian Evidence Act. Personal communications can be considered as a witness and can be presented against the accused, as was held in State of Delhi v. Mohd. Afzal. Tempting it might be, the world is unprepared for digital flaws in the investigations. Therefore, complying with traceability rules will result in the arousal of more legal complexities and ultimately break the sanctity of these laws.
Further, Rule 4(4) mandates that an intermediary has to deploy automated tools and other mechanisms to identify information that depicts any act or simulation for offences such as rape, child sexual abuse or conduct etc. At first glance, this rule would seem to be useful as one can get easily convinced that AI would be highly useful in detecting criminal minds and faster disposal of cases. However, this plan cannot be carried out conveniently as using AI would come at operational risks. To run it, a large amount of user data has to be stored, which further invades privacy. The decision of the government to make AI censorship compulsory for identifying criminal activities is rash and compromises security measures. Again, AI would become a tool to employ mass surveillance and unparalleled censorship.
If we observe monarchist countries, India is still far better at handling cybersecurity. For instance, China’s level of internet freedom is already the worst on the planet. The content-filtering mechanism prevents foreign internet sites from being accessed by the general public. Moreover, China’s communist party-state is developing a “citizen score” to incentivize “good” behavior. Faster internet services and visas are dependent on the citizen’s score. If someone makes political posts online without a permit or questions or contradicts the government’s official narrative on current events, the score decreases.
China’s national police force has called for an omnipresent, national video surveillance network. With the objective of apprehending criminals. However, the underlying purpose is to instill fear in the mind of the general public and refraining them from any kind of independent or critical expression. It is unfortunate to observe that India is moving along the same path of trying to control the activities of the citizens.
The best example presently is Australia which introduced ‘Defamation and Other Legislation Amendment Bill 2021’. The bill went through a two-stage review process, and thereafter it sought submissions from the stakeholders and interested parties. It covered discussions on various criminal offences and liabilities of intermediaries. The bill mentions the provision where the courts can ask for the first originator of the information rather than the executive. Further, India expanded the scope of the IT Act by including OTT platforms and Digital news media platforms in it without any parliamentary enactment.
Weakening the end to end encryption for everyone would attract hackers and other corrupt minds to use data to their advantage. In our view, resources must be provided to the situations where the technology decrypts the encrypted message as and when needed in special circumstances. Intermediaries must not be encouraged to cooperate in violating citizen’s right to privacy. This encouragement would give them a chance to underestimate the value of rights, which could be harmful to a democratic country.
Besides, the rules did not go through a rigorous review process. The step of expanding the scope of an act should be done with proper accountability and transparency. Major reform is needed in parliamentary enactments, as seen in the Australian approach for dealing with intermediaries. The surveillance and censorship in China’s model and India should refrain from following its trail. Further, instead of providing the freedom to choose the extent of using automated tools to intermediaries, the government should establish a regulatory body to ensure uniformity in using them. Indian judiciary should focus on clarifying previously laid down principles regarding the same issue so that precedents and clarifications are met. Hoping that there would be a realization on the part of authorities, we must strive for a system where these loopholes would not be overlooked.
Armaan Arora and Nivedita Sharma are 2nd year B.B.A. LL.B. (Hons.) students at the National Law University, Odisha and National Law University, Jodhpur respectively.
Suggested citation: Armaan Arora and Nivedita Sharma, Intermediary Rules – A Stain on Indian Democratic Set-Up, JURIST – Student Commentary, July 3, 2021, https://www.jurist.org/commentary/2021/07/arora-sharma-indian-intermediary-rules/.
This article was prepared for publication by Giri Aravind, a JURIST staff editor. Please direct any questions or comments to him at commentary@jurist.org