A Parliamentary Committee on Subordinate Legislation chaired by P. Karunakaran, in a report issued on the 20th of March 2013, has asked the Indian government to change its draconian Internet Rules - the Information Technology (Intermediaries Guidelines) Rules, 2011. Download the report here, via PRS Legislative. The committee has made the following recommendations:
1. Specificity of terms: drawing attention to the misuse of Section 66A of the IT Act due to the absence of precise definitions of terms, the committee suggests that in order to remove ambiguity/misgicing in the minds of people, “the definition of those terms used in different laws should be incorporated at one place in the aforesaid rules for convenience of reference by the intermediaries and general public.” In addition, they have said that the terms which are not defined in any other statute (law), should be defined and incorporated in the rules to ensure that no new category of crimes or offences is created in the process of delegated legislation.
The Secretary, Deptt. of Electronics and Information Technology, has agreed that there is room for improvement of the intermediary guidelines so that there is no ambiguity. The Committee expects the Ministry of Communications and Information Technology to have a fresh look at the Information Technology
(Intermediary Guidelines) Rules, 2011 and make such amendments as necessary to ensure that there is no ambiguity in any of the provisions of the said rules.
2. On due diligence by intermediaries & removal of content: The Ministry of Communications and Information Technology has said that the guidelines are for “due diligence and safeguards and are only of advisory nature and self regulation”, and that “it is not mandatory for the Intermediary to disable the information, the rule does not lead to any kind of censorship.
3. On disabling content within 36 hours: The Ministry told the Committee that the rule clearly says that the Intermediary “shall act” and the meaning of the ‘act’ is to initiate the action and decide the course of action within 36 hours. The Committee thinks that, it could be seen that it is mandatory on the part of the Intermediary to disable the information, which in Intermediary’s view contravenes the laid down rules/regulations. The Committee feel that there is need for clarity on the contradictions and if need be, the position may be clarified in the rules particularly on the process for take down of content and there should be safeguards to protect against any abuse during such process.
4. Foreign companies not co-operating: The Ministry of Communications and Information Technology (Department of Electronic & Information Technology) complained that the foreign intermediaries,
on whose server infringing information is posted, do not cooperate with the Govt. of India to share the information related to user posting such content, and the content is not removed, on the pretext that it does not violate the law of their country. The Committee has asked the Ministry to “to take such steps as deemed necessary to enlist their co-operation.”
5. Cybercafe monitoring and logs: The Committee are of the view that cost involved in complying with the
aforementioned rules for maintenance of log register, keeping record of user identification documents, maintenance of record of staff for a year, installation of web camera is bare minimum to have any adverse impact on the penetration of internet especially in rural areas in the country. The Committee agree with the Government that these rules balance the interests of stakeholders – law enforcement agencies, internet users and Cyber Cafes.
6. Privacy in Cybercafes: “According to sub rule (2) of Rule 6 of Information Technology (Guidelines for Cyber Café) Rules, 2011, screens of the computers installed other than in partitions and cubicles should face open space of the cyber café. Such an arrangement would obviously allow every computer screen to be seen by bystander thereby invading privacy and security of every user. The Committee, would suggest that the sub-rule (2) of Rule 6 be modified suitably to ensure that privacy of the users is not intruded for legitimate purposes.”
7. Cyber Regulations Advisory Committee: constituted in 2000, has only met twice, the last was in 2001. “The Committee would impress upon the Ministry of Information Technology (Department of Electronics & Information Technology) to make the CRAC functional and benefit from its advice particularly in the context of having a fresh look at the rules and amendment of rules recommended in this report.” The committee has asked for the details of members of this CRAC, and whether “there are members representing the interests of principally affected or having special knowledge of the subject matter”
8. Functions of “Critical Information Infrastructure Protection Agency” and terms and conditions of employees of ‘Indian Computer Emergency Response Team’ have not been framed even three and half years after notification of the Act in February, 2009. “The delay by the Department of Electronics and Information Technology in notification of the Rules even after lapse of such long period reflects lack of seriousness of the Ministry in fully implementing all provisions of the IT Act. The Committee require the Ministry of Information Technology to take urgent steps to ensure that rules in this regard are finalized and notified without any further delay.”
- While the move to define terms is welcome, who will ensure that the definition of terms itself isn’t vague, or open to interpretation? Can the Indian government be trusted to actually ensure that the IT Rules are open to interpretation? Frankly, in our opinion, the following terms should be removed: grossly harmful, blasphemous, obscene, hateful, or racially, ethnically objectionable, disparaging. The way things are working right now, if the government wants to mess with you, they can. And they’re creating provisions that will allow them to do that. If the law is vague, the rule of law doesn’t necessarily mean it will be used to protect and not harm people.
- The move to institute a redressal mechanism in case of complaints is welcome, but the Committee should have specified that it’s necessary for an intermediary to attempt to inform the person whose content is being removed, and allow them to file a counter notification. In addition, it should be mandatory, in our opinion, for the complainant to take their complaint to court or to an ombudsman to adjudicate on the matter. The intermediary or the government in power should not be playing judge.
- On disabling content within 36 hours: There needs to be a counter provision, as per which the content gets reinstated within a certified period of time, say one or two weeks, if the complaint isn’t made to an ombudsman, or a case not filed. This will address the issue of malicious complaints.
- Are foreign companies being unreasonable? We won’t know unless we know what the Indian government is asking for. This is where transparency, when it comes to both the Indian government and foreign entities, will help address the issue. That the Committee hasn’t asked the government to be more transparent about website blocks with its citizens is disturbing. There’s a transparency report from foreign companies, but none from the government.
- The need for Cybercafes to maintain extensive logs leads to privacy issues, especially since India doesn’t have a privacy law. What prevents a cybercafe owner from selling the data to a marketer? However, this won’t be too much of an issue, because the harassment that Cybercafes have to undergo from law enforcement officials will mean that India will have hardly any cybercafes. Neither the committee nor the government appears to understand the need and benefits of public Internet access.
- It’s important that the terms and conditions and the functions of both the ”Critical Information Infrastructure Protection Agency” and ‘Indian Computer Emergency Response Team’ be framed, and with adequate protection to prevent misuse of power by the government in power.
We also think that the IT Rules should be amended to ensure that Intermediaries like ISPs don’t abuse their position of being access service providers to prevent access to content. Lest we forget, an Anonymous India attack on an Indian telecom operator had revealed logs that were being used to prevent such access.