MeitY’s new proposed rules for intermediaries are “blunt and disproportionate solutions” to issues surrounding harmful online content, Mozilla Corporation said in a statement to MediaNama.

Free speech vs regulation: a fine balance

  1. Content pulldown: Mozilla emphasizes that the new rules propose that all intermediaries, including social media companies, e-commerce platforms, and ISPs, have to “proactively remove ‘unlawful’ user content”, or face consequences. The company says the requirement will eventually lead to “over-censorship and chill free expression.”

Amba Kak, public policy advisor at Mozilla, said that although there is a need for new ways to hold social media platforms to higher standards, the proposed law disproportionately weakens the present intermediary liability protections. “Any regulatory intervention on this complex issue must be preceded by a wide ranging and participatory consultation process,” she said in the statement.

2. Traceability and end-to-end encryption: The company also notes that the proposed amendments introduce a “sharp blow” to end-to-end encryption, which is used across platforms and apps. The proposed amendment includes a section which requires platforms to enable traceability, and hand over information to government bodies within 72 hours.

Mozilla is of the opinion that while harmful online content affects the overall health of the internet, there has to be a balance between regulation of online content, and fundamental rights and free speech guaranteed by the Constitution. “This is a delicate and critical balance, and not one that should be approached with hurried policy proposals,” says the statement.

Apart from the above, Mozilla lists its main concerns with the proposed amendments:

  1. “Automated and machine-learning solutions should not be encouraged as a silver bullet to fight against harmful content on the internet.”
  2. “One-size-fits-all obligations for all types of online services and all types of unlawful content is arbitrary and disproportionately harms smaller players.”
  3. “Requiring services to decrypt encrypted data, weakens overall security and contradicts the principles of data minimisation, endorsed in MeitY’s draft data protection bill.”
  4. “Disproportionate operational obligations, like mandatorily incorporating in India, are likely to spur market exit and deter market entry for SMEs.”

Proposed amendments

Here are the main proposed changes to the IT Rules, released by MeitY last week. These rules govern how intermediaries are to behave under Section 79.

  • Traceability, and information within 72 hours: The new rules require platforms to introduce traceability to find where a piece of information originated, and hand over information or assistance to government bodies in 72 hours, including in matters of security or cybersecurity, and for investigative purposes. [Rule 3(5)]
  • Platforms are required to be registered under the Companies Act, have a physical address in the country, a nodal officer who will cooperate with law enforcement agencies, etc. [Rule 3(7)]
  • Platforms have to pull down unlawful content within a shorter duration of 24 hours from the earlier 36 hours. They also have to keep records of the “unlawful activity” for 180 days – double the period of 90 days in the 2011 rules – as required by the court or government agencies [Rule 3(8)]
  • Platforms have to deploy tools to proactively identify, remove and disable public access to unlawful information or content. [Rule 3(9)]
  • The new rules insert a monthly requirement on platforms to inform users of the platforms’ right to terminate usage rights and to remove non-compliant information at their own discretion. [Rule 3(4)]

Note that the MeitY is seeking public comments on the proposed changes by January 15, 2019. Comments can be submitted to: Gccyberlaw[at]meity[dot]gov[dot]in OR  Pkumar[at]meity[dot]gov[dot]in OR dhawal[at]gov[dot]in