Precarious Provisions of Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 – By Shaashwat Jindal & Shagun Chopra

feature-top

August 5, 2021

The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 were notified by the Ministry of Electronics and Information Technology vide its notification dated 25.02.2021, in supersession of the Information Technology (Intermediaries Guidelines) Rules, 2011. The IT Rules, 2021 inter-alia envisage a greater accountability for the intermediaries[1], introduction of an extensive grievance redressal mechanism, and prescription of code of ethics in addition to providing greater safeguards with respect to digital media[2]. This article draws attention to certain provisions of the IT Rules, 2021 that are vague, ambiguous and are reflective of a conscious attempt on part of the legislature to enable the Government and its agencies to exercise unfettered control over digital media.  

Higher Standard of Due Diligence Required from Intermediaries 

Under Rule 3 clause (d), an intermediary on receiving “actual knowledge” in the form of an order by a court of competent jurisdiction or on being notified by the “appropriate government” or its “agency” under Section 79 (3) clause (b)[3] of the Information and Technology Act, 2000, cannot host, store or publish any unlawful information, which is prohibited under any law for the time being in force in relation to, sovereignty, security and integrity of India etc. or any other information prohibited under any law. Under this provision the government and its agencies can prohibit, restrict access to and/or have removed, any information, that is, in the judgment of the said authorities, not in conformity with this provision. For example, the Uttar Pradesh Police, to stop news regarding “Ghaziabad assault case” from being circulated on the internet, directed Twitter to block any such tweets and consequently Twitter removed at least fifty such tweets from its domain[4]. While Rule 3 clause (d) is an essential provision for rooting out malicious content such as false news which is the bane of digital media, it also grants unbridled power to the Government and its agencies to compel intermediaries to remove or block access to any information or content that is critical of Government or its actions akin to gag-orders. Another instance displaying such unfettered use of this Rule was observed during the second wave of Covid-19 pandemic when the Government directed Twitter to remove not just the ‘tweets’ spreading false news amongst its users, but also those critical of how the Government handled the medical crisis experienced by the country at that time[5].  

In the event an intermediary fails to adhere to the IT Rules, 2021, the provisions of Section 79 (1)[6] of the IT Act, 2000 shall no longer be applicable to it. Therefore, the IT Rules, 2021, allow the Government and its agencies to hold the intermediaries liable for any third-party information[7], data, or communication link made available or hosted by it and susceptible to prosecution under any applicable law, including the Indian Penal Code, 1860. For instance, a First Information Report was registered against the significant social media intermediary Twitter after it allegedly hosted an image shared by a third-party showing a distorted map of India[8]. In essence, the immunity granted to intermediaries under Section 79(1) of the IT Act, 2000 is rendered otiose in view of the Rule 7 of the IT Rules, 2021.

Additional Due Diligence to be Exercised by the Significant Social Media Intermediaries

A social media intermediary having more than fifty lakh registered users in India is deemed to be a significant social media intermediary[9] (“SSMI”) and is thus, required to observe certain additional rules of due diligence.

Rule 4 (2) of IT Rules, 2021 requires the SSMIs providing services primarily in the nature of messaging to “enable” the identification of the “first originator” of a message, if required under a judicial order passed by Competent Authority[10] or under due compliance of the provisions of Section 69[11] of the IT Act, 2000. Interestingly, there is no requirement for SSMIs to disclose the contents of any electronic message, any other information related to the first originator, or any information related to its other users, albeit messaging applications such as Whatsapp would be forced to break their end-to-end encryption to identify the individual or device from which a message first originated[12]. The IT Rules, 2021 are ignorant of end-to-end encryption technology that is universally utilised by prominent messaging applications to protect the privacy of their users and disregard the fact that such applications would have to break the encryption, thereby defeating its very purpose. In 2010, the Government of India threatened to ban BlackBerry messaging mobile application after the parent company Research In Motion refused to provide it access to the encrypted messaging data[13]. As a consequence, Research In Motion was compelled to locate their data servers in India and provide the law enforcement agencies access to decrypted plaintext of BlackBerry Messenger.

In accordance with Rule 3 (1) clause (b) of IT Rules, 2021, the SSMIs, before removing, disabling or making unavailable, any information, data or communication link, are required to communicate to its creator the grounds or reasons for said action to be taken in order to allow an opportunity to dispute such action under the supervision of Grievance Officer[14] and to decide the request for reinstatement within “reasonable time”. While the extensive grievance mechanism introduced in Part III of IT Rules, 2021 stipulates a maximum time period within which a grievance received against any information or content, published or transmitted by an intermediary or a publisher has to be resolved, there is no maximum time fixed by Rule 4 (8) clause (b) to resolve requests for reinstatement and it simply states that such requests have to be resolved within a reasonable time. Clearly the IT Rules, 2021 operate in the mode of restricting the information available to the general public, with minimal focus on restoring the information arbitrarily removed.

Distinction created between Digital News and Print Media

The IT Rules, 2021 unreasonably club the publishers of digital news with intermediaries, thereby creating an irrational distinction between print media and digital news portals, in gross violation of Article 14 of the Constitution of India. Rule 8 requires the publishers of news, current affairs and of online curated content to adhere to vague and subjective Code of Ethics[15] contained in the Appendix to the IT Rules, 2021. In furtherance of ensuring compliance of the said Code of Ethics by publishers, a three-tier regulatory framework has been introduced by the IT Rules, 2021 that allows the Government to exercise direct control over the digital news portals even in absence of any personal complaint or grievance, and therefore has the ability to severely trammel the freedom of speech and expression.

Three-Tier Regulatory Mechanism

The IT Rules, 2021 stipulates a three-tier regulatory mechanism consisting of:

In a matter of emergency, where any procedural delay would be detrimental, Rule 16 of the IT Rules, 2021 empowers the Authorised Officer[17], to entirely circumvent the regulatory mechanism and the procedure provided in Rules 14 and 15 of the IT Rules, 2021, to examine any relevant content on the touchstone of Section 69-A (1)[18] of the IT Act, 2000 to establish if the said content warrants blocking, and submit a written recommendation to the Secretary, MIB to that effect. In flagrant violation of the legal principle of audi alteram partem[19], Rule 16 (2) of the IT Rules, 2021 gives absolute authority to the Secretary, MIB to block public access to any information or any part thereof as an intervening measure, without providing a hearing to any identifiable or unidentifiable person, publisher, or intermediary.

These emergency powers introduced under Rule 16 of the IT Rules, 2021, can be potentially misused by the authorities. An order or direction passed by the Secretary, MIB is required to be placed before the Inter-Departmental Committee for consideration, whereafter the procedure under Rules 14 and 15 of the IT Rules, 2021 shall be followed and in the event the final order passed by the Secretary, MIB does not approve blocking of the content, the interim order or direction shall stand vacated. Unlike Level I and Level II of the regulatory mechanism, there is no provision for disposal of the proceedings under Level III i.e. under Inter-Departmental Committee within a fixed time, consequently any interim order directing blocking of information can be kept operational indefinitely. Furthermore, the review committee designated to review the directions or orders blocking information or content under Rule 17 of IT Rules, 2021, is not expressly empowered by any Rule or provision to also review interim orders or directions.

Furnishing and Disclosure of Information

The MIB, under Rule 18 (4) of the IT Rules, 2021 can direct the publishers to provide “such additional information” that may be deemed necessary by the said Ministry. There is a necessity to restrict highly ambiguous Rule 18 of the IT Rules, 2021 as it grants the Ministry of Electronics and Information Technology and the MIB complete access to any information that the MIB may consider essential for implementation of IT Rules, 2021. There are no constraints or reasonable restrictions that may monitor or delimitate the access to information, including the private user information. In fact, intermediaries are required to publish on their website or mobile application that publishers of news and current affairs may be required to furnish the details of their users’ accounts to the Ministry of Electronics and Information Technology.

Rules 19 (1) and 19 (2) of the IT Rules, 2021, make it mandatory for the publishers and self-regulating bodies to publicly disclose and display all grievances received by them, the manner in which grievances are resolved, the reply issued to the complainant, any orders or directions received by them and the action taken thereof, and update the said information on a monthly basis. However, there is no such Rule or provision in the IT Rules, 2021 that requires the Inter-Departmental Committee or the MIB to regularly publish the records of the proceedings conducted by them under Rules 14, 15 and 16.

Conclusion

In effect, the IT Rules 2021, aim to put in place, greater liability, and accountability of the intermediaries. However, while doing that, the Rules also considerably enhance the control of the Government and its agencies on intermediaries and digital news portals. The printed news media exists independently but the digital news is now regulated by the IT Rules 2021, which further prescribe vague and subjective Code of Ethics. Therefore, this enhanced control, especially the emergency powers, can potentially be misused to curtail the freedom of speech and expression. While there is a three-tier regulatory mechanism for redressal of personal grievances, there is no time-bound mechanism expressly laid-out for reinstatement of any information or data, the fact that the same is not time-bound considerably reduces the chances of a speedy redressal. The Inter-Departmental Committee or the MIB are not even required to regularly publish the records of the proceedings conducted by them. Lastly, it would be fair to construe that any non-compliance with any direction or order of the Government and its agencies would result in immediate retraction of the protection granted to the intermediaries by Section 79 (1) of the IT Act, 2000.

Although the impact of this control on the business model and market base of these intermediaries, is yet to be seen.

****

Shaashwat Jindal is an Advocate practicing in the High Court of Delhi and is a graduate of University School of Law and Legal Studies, Guru Gobind Singh Indraprastha University.

Shagun Chopra is an Advocate practicing in New Delhi and is a graduate of Amity Law School, Guru Gobind Singh Indraprastha University.

[1] Defined in Section 2 (1) clause (w) of the IT Act, 2000 as “with respect to any particular electronic message means any person who on behalf of another person receives, stores or transmits that message or provides any service with respect to that message”.

[2] Defined in Rule 2 (1) clause (i) of IT Rules, 2021 as “digitised content that can be transmitted over the internet or computer networks and includes content received, stored, transmitted, edited or processed by-

(i) an intermediary; or

(ii) a publisher of news and current affairs content or a publisher of online curated content”.

[3] Section 79 (3) clause (b)- upon receiving actual knowledge, or on being notified by the appropriate Government or its agency that any information, data or communication link residing in or connected to a computer resource, controlled by the intermediary is being used to commit the unlawful act, the intermediary fails to expeditiously remove or disable access to that material on that resource without vitiating the evidence in any manner.

[4] Ismat Ara, On Centre’s Request, Twitter Blocks at Least 50 Posts Related to Ghaziabad Attack, THE WIRE (17.06.2021), https://thewire.in/government/ghaziabad-attack-muslim-man-case-twitter-blocks-tweets-centre-modi.

[5] Twitter, FB and others remove nearly 100 posts after govt order, TIMES OF INDIA (25.04 2021, 05.06 P.M.), https://timesofindia.indiatimes.com/india/twitter-fb-and-others-remove-nearly-100-posts-after-govt-order/articleshow/82242666.cms?utm_source=contentofinterest&utm_medium=text&utm_campaign=cppst.

[6] Section 79- Exemption from liability of intermediary in certain cases.- (1) Notwithstanding anything contained in any law for the time being in force but subject to the provisions of sub-sections (2) and (3), an intermediary shall not be liable for any third-party information, data, or communication link made available or hosted by him.

[7] Defined in Section 79 of IT Act, 2000 as “any information dealt with by an intermediary in his capacity as an intermediary”.

[8] Himanshu Mishra, Twitter shows Jammu-Kashmir and Ladakh outside India on its site, INDIA TODAY (28.06.2021, 03:53 P.M.), https://www.indiatoday.in/india/story/twitter-distorted-map-india-jammu-kashmir-ladakh-separate-controversy-1820314-2021-06-28

[9] Notification dated 25.02.2021 bearing F. No.16(4)/2020-CLES, the Ministry of Information and Technology.

[10] Defined by Rule 2 (d) of Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009 as “the Secretary in the Ministry of Home Affairs, in case of the Central Government; or (ii) the Secretary in charge of the Home Department, in case of a State Government or Union territory, as the case may be.”

[11] Section 69- Power to issue directions for interception or monitoring or decryption of any information through any computer resource.

[12] Prasid Banerjee, Tracing Chats to First Originator Will Break Encryption, User Privacy: Whastapp, MINT, (26.05.2021, 10:49 AM), https://www.livemint.com/companies/news/tracing-chats-to-first-originator-will-break-encryption-user-privacy-whatsapp-11622006016735.html.

[13] Daniel Emery, India threatens to suspend Blackberry by 31 August, BBC NEWS, (13.08.2010), https://www.bbc.com/news/technology-10951607.

[14] The intermediaries are required to appoint a Grievance Officer under Rule 3 (2) of the It Rules 2021 and display the contact information thereof on their website or mobile application. The Grievance Officer has to acknowledge receipt of complaints within twenty four hours and resolve them within fifteen days. Grievance Officer is the designated employee to acknowledge receipt of any order or direction from the Government, its agencies or from a court of law.

[15] The Code of Ethics contained in Appendix annexed to the IT Rules, 2021 are applicable to the publishers of news, current affairs and of online curated content, where such publishers operate within the territory of India or conduct systematic business activity of making their content available in India, under the administration of MIB.

[16] Constituted by the MIB under Rule 13 (1) clause (c) of the IT Rules, 2021 for purpose of issuing appropriate guidelines, advisories and orders or directions to the publishers.

[17] Appointed by the MIB under Rule 13 (2) of the IT Rules, 2021for the purpose of implementation of Rules 15 and 16 of the IT Rules, 2021.

[18] Section 69-A (1)- Where the Central Government or any of its officer specially authorised by it in this behalf is satisfied that it is necessary or expedient so to do, in the interest of sovereignty and integrity of India, defence of India, security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of any cognizable offence relating to above, it may subject to the provisions of sub-section (2) for reasons to be recorded in writing, by order, direct any agency of the Government or intermediary to block for access by the public or cause to be blocked for access by the public any information generated, transmitted, received, stored or hosted in any computer resource.

[19] Defined by Black’s Law Dictionary as “Hear the other side; hear both sides. No man should be condemned unheard”.

Disclaimer: The views or opinions expressed are solely of the author.

Add a Comment