If there’s a segment that indicates how poorly thought out India’s finalized Internet control rules are, it is sub-rule 2 and 4 of the segment pertaining to Intermediaries in the country’s finalized Information Technology rules: the first of which defines what actions by a user can result in the removal of content (via intermediaries like ISPs, hosting service providers and social networks), and the latter, which defines who can get the content removed, and how. You can find a copy of the final rules here (pdf, specifically between page 11 and 14), and an annotated version of the Intermediary guidelines here, and there are significant changes.
In our opinion, these rules give the Indian government the ability to gag free speech, and block any website it deems fit, without publicly disclosing why sites have been blocked, who took the decision to block it, and just as importantly, providing adequate recourse to blogs, sites and online and mobile businesses, for getting the block removed. These rules are applicable to intermediaries, through which access to content will be controlled
It is a set of rules that we think is manipulative in its approach, but clearly in line with a pattern we have observed with government regulations relating to digital activity, what we like to call the troika of paranoia – increasing monitoring, identification and the power to restrict/block; 7,500 to 9,000 orders for interception of telephones per month is not a joke. If you think it’s unlikely that any well known large sites might be blocked in India – think again. As indicated by screenshots and comments sent in by MediaNama readers, access to blog hosting site Typepad and mobile applications marketplace Mobango are/were blocked by ISPs in the country for no disclosed reason. And other sites are blocked as well.
So what do sub-rules 2 and 4 say?
1. Sub Rule 2 states that Users shall not host, display, upload, modify, publish, transmit, update or share any information that is grossly harmful, harassing, blasphemous, defamatory, obscene, pornographic, paedophilic, libellous, invasive of another’s privacy, hateful, or racially, ethnically objectionable, disparaging, relating or encouraging money laundering or gambling, or otherwise unlawful in any manner whatever;
- The phrases ‘grossly harmful’, ‘obscene’, ‘racially or ethnically objectionable’ are vague and open to interpretation, and thus subject to misuse when any government organization wants to misuse it. Who interprets how these phrases are defined?
- Who defines ‘blasphemous’? For example, is a McDonald’s advertisement for a beef burger blasphemous for Hindu’s in India? What about a recipe for pork stew for Muslims? India doesn’t even have a blasphemy law, so who interprets what is blasphemous or not?
- invasive of another’s privacy: who interprets what is invasive of anothers privacy? Can someone, post a bad break up, file a complaint and get an ex-boyfriend or girlfriend punished for publishing photos on facebook or twitter? Who at an ISP or the government defines when there is consent, or is a lack of denial the same as consent?
- encouraging money laundering or gambling: gambling is illegal in India, but the Internet is awash with ads for online betting sites. What happens when ad networks automatically serve advertisements which encourage gambling? will they be held accountable in India? Remember that these rules are applicable for anything served within India, and not necessarily applicable to Indian ventures only.
2. Additionally, Sub Rule 2 also states that users may not publish anything that threatens the unity, integrity, defence, security or sovereignty of India, friendly relations with foreign states, or or public order or causes incitement to the commission of any cognisable offence or prevents investigation of any offence or is insulting any other nation.
- the unity, integrity, defence, security or sovereignty of India; public order: didn’t the Jan Lokpal protests threaten public order, and wasn’t a lot of the commentary online anti-government? Who decides whether’anti-government’ statements are ‘anti-national, or for that matter, statements criticizing a particular politician or political family?
– in the same vein, don’t disclosures made by Wikileaks do exactly what has been mentioned above, and threaten friendly relations with foreign states? Why should criticism or disclosures of sensitive information be the mandate of offline media? Information that doesn’t make to it to TV, or gets limited play in print, can be leaked online.
– On a positive note, the phrase ’causes annoyance or inconvenience or decieves or misleads’ has been removed.
3. How the control is being exercised: Sub rule 4 states that
“(4) The intermediary, on whose computer system the information is stored or hosted or published, upon obtaining knowledge by itself or been brought to actual knowledge by an affected person in writing or through email signed with electronic signature about any such information as mentioned in sub-rule (2) above, shall act within thirty six hours and where applicable, work with user or owner of such information to disable such information that is in contravention of sub-rule (2). Further the intermediary shall preserve such information and associated records for at least ninety days for investigation purposes.”
This change in the rules means that there’s even less oversight when it comes to dealing with complaints under the IT act. This means that if I am offended by anything anyone has said on the Internet, that I feel is blasphemous, promotes gambling, is grossly harmful, disrupts public order, is racially or ethnically objectionable, or can threaten friendly relations with foreign states, I only need to send a letter in writing to an ISP, and an ISP needs to act on within 36 hours? Who is the ISP to decide whether the complaint is a genuine one or not? In the previous version of the law, the complaint could be made by “an authority mandated under law”, so this change is even worse, and makes the complaints system easy to abuse and manipulate.
4. Interception: Sub rule 7 on Interception states that: “When required by lawful order, the intermediary shall provide information or any such assistance to Government Agencies who are lawfully authorised for investigative, protective, cyber security activity. The information or any such assistance shall be provided for the purpose of verification of identity, or for prevention, detection, investigation, prosecution, cyber security incidents and
punishment of offences under any law for the time being in force, on a request in writing stating clearly the purpose of seeking such information or any such assistance.”
The previous version of the order did not allow intermediaries to disclose personal information, but there the Indian government is clearly ensuring that it can access information.
Other key changes
– The definition of blogs and bloggers has been removed. As we had mentioned earlier, there was no reason for specifically defining or mentioning bloggers since they are intermediary.
Important: please note that this is a red herring – the removal of the definition of blogs and bloggers does not mean that they will no longer be governed by these rules. Bloggers are covered under the expanded definition of ‘user’, who is “someone who accesses or avails a computer resource of an intermediary for hosting, publishing, sharing, transacting, displaying or uploading, and includes persons jointly participating in using the computer resource”.
Note: This is our interpretation of the rules, and our understanding of laws and policy is limited. Correct us if you think you have a different interpretation, especially if it is conflicting information, or do share any additional points of note from the rules themselves, and we’ll update with credit.
Many thanks to the Centre for Internet and Society for informing us of these changes
Our previous coverage of IT Act Rules and related issues
– Updated: Indian Government Blocks Typepad, Mobango, Clickatell; Screenshots
– How India’s Draft Cybercafe Rules Could Strangle Public Internet Access
– How The Indian Government Plans To Regulate Online Content & Blogs
– #IndiaBlocks: India’s IT Dept’s Response To RTI Requests On Internet Blocking