A participant at MediaNama’s discussion in Bangalore on the Indian governments changes to Safe Harbor argued that the way the rules are framed, “are encouraging over-compliance. Before Shreya Singhal, it was clear that intermediaries err on the side of caution. The fear of liability and uncertainty is very high. The law is being brought back to a place where control is the overriding narrative. It controls how intermediaries look at content, and not just goods. It’s about how they function. They always function on a defense, so it’s different from seeing that something is not contrary to the law.”

Another participant pointed towards infosec parlance, saying that “One is the liberal infosec parlance, which is what talks about an intermediary medium [and Safe Harbor], and the other is the Chinese and Russian infosec doctrines which talk about control, which says I want to control info propagated within the country.”

“It talks about bad content, good content, punishing intermediaries, and so on. A lot of stuff on control is baked in the rules. It’s not about Dunzo or Practo. It’s about the complete exercise of the information architecture and the flow of information in the country.” These changes in rules, the participant said, map the Russian infosec doctrine.

These discussions were held under the Chatham House Rule: comments can be cited but not attributed.

A substantial part of our #NAMA discussion in Bangalore was spent debating the criteria for regulating intermediaries, and within that, defining intermediaries for regulation: Intermediaries are supposed to be mere conduits, and not held accountable for someone usage of the platforms. There is an attempt in the amendments to the IT Rules, to define significant intermediaries, and force them to set up offices in India, and appoint a “nodal officer”.

So how do we regulate different types of intermediaries differently?

Everyone is an intermediary

“Everyone who sets up a private WiFi hotspot that someone else is using, is an intermediary.”

“Whenever you log onto any news media outlet online, you’ll see a comment section. Most of that is operated now by one company, Disqus, that also hosts third party content. That is therefore also an intermediary that would fall in as a significant intermediary, and doesn’t have an office in India.”

“Another is Twitter which is constitutionally important.”

“When you shop, there is a chatbot that allows you to talk to a sales agent. That chatbot is an intermediary.”

Most advertising networks would have touched almost every internet user in the country. All of them are intermediaries for ad serving purposes.

The impact on your business

“[redacted] is a communication platform which provides the businesses an opportunity to interact with their customers. It is for the businesses to develop the entire call flow on our platform. This makes us definitely an intermediary. In the past also we faced a lot of police complaints where police came to us and requested a lot of information in cases, and we’ve always supported it, because we can provide the Call Data Records, the details, and can help with the investigation. Now, as soon as this definition is expanded, where do we draw the line is the question. Because somewhere, the companies are using our services to communicate to users. And when they’re doing that, they could definitely be unlawful content, be it through SMS or other communications platforms, be it through voice, that could be provided.”

“The problem is that the rules don’t see the distinction [between types of intermediaries]. Instead of using a scalpel we are using a sledgehammer. Not only is that going to create uncertainty on content, but also on how businesses see themselves.

“Because we’re B2B, it has to be completely encrypted. We’re not supposed to look at what information is being passed. So where does the responsibility for an intermediary like us lie? And that is the big problem that at least we have with this current— the way it is drafted currently. That is confusing for an intermediary like us.”

“I represent a [redacted] company. So we track our users’ locations, but those are all anonymized. We can’t tell which vehicle is connected to which user. But the decryption and de-anonymizing is something that concerns us. At what point we’d be liable to— are we exempt, are we an intermediary? That’s not clear to us. So that’s kind of my locus standi. I need to understand that part, whether we are intermediaries at all. I believe we are intermediaries, we do provide data services, location navigation-based services. That is anonymized data. Whether we’ll be liable to that is something I’m not sure of.”

“The risk to apply these guidelines to a wide set of intermediaries is that the backbones are not subject to such requirements. Do you expect AT&T to set up an office in India just to have their backbone?”

Perhaps the solution lies in not defining intermediaries, but defining control. One participant said that “You can have a series of definitions of control, which if exercised, the entity wouldn’t be an intermediary. ”

Does size matter? How do you categorise intermediaries?

How do you define reach? What does 50 lakh users mean? Residents in India? Aadhaar card holders?

One participant said that “Instead of classifying various roles and asking all intermediaries to implement rules, automated rules, determine what unlawful content is, across industries, what we should consider is a more industry/sector-specific approach. There are specific issues for e-commerce”, for example. Another contested the idea of categorisation: “There is no clear significant intermediary, smaller intermediary, e-commerce intermediary, content intermediary…” would you create a different structure for a SAAS intermediary?

“Platforms keep morphing on the Internet, and by having differential regulation, you effectively restrict the innovation. Internet is a remix of audio, video, text and interaction, and different types of platforms, businesses, take different approaches in mixing them. Sectoral regulation buckets things, which impacts regulation. If you have specifically for e-commerce, you’d probably not have user comments allowed, because that would be seen as UGC. I would be very wary of trying to bucket intermediaries of a particular types.”

Another participant added that “Regulation can be a little more nuanced or specific in the sense that for one thing you wouldn’t want to categorize an entity as only being necessarily under one function or a specific set of them and no more. You can still frame language such that the regulation is based on actions carried out. You might not— if what you’re trying to regulate is content-centric, you wouldn’t— regulating by size is something that can be looked at in theory. You wouldn’t then go by turnover or margin. If your regulation is content specific you’d look at the reach of that content.”

Another said that we “need to look at regulating players that operate at scale. And that plays into [the idea of] control in, that how dominant are these players in the way they control public forums or how dominant they are in controlling the technology itself. Competition law provides a good framework provides a good framework for dominance.”

Another participant referenced the Delhi High judgment on ecommerce, saying that seems to be “from the angle of how much control does this entity have over whatever is happening. If we let the executive or legislature deal with regulating and classifying different intermediaries into different classes, is we don’t know when to stop regulating and intervening. I’d prefer the courts to work it out in a case-by-case basis.” There was some disagreement, saying that the job of regulations is to reduce court cases.

Amend Intermediary Liability protections, or go to Competition Commission?

Another questioned whether the Safe Harbor provisions should even be where the issue of dominance should be addressed, instead of the CCI. “Safe harbour is not the best place to look at dominance.” In response, another participant said that CCI isn’t doing much here, and “There is space for a regulatory regime that is trying to address that. Maybe regulation should not be based on size, but only for dominance and type.”

Another participant added that “in competition law we can have special regulations on players which have dominant influence over the market. That approach hasn’t evolved for intermediaries yet”, adding that “The significant intermediary part in the draft rules is against the powers of what subordinate legislation would allow. The Companies Act isn’t referred to in the IT Act itself. There is no legal basis for the regulations forcing an entity to incorporate under the Companies Act, for example.”

Different approaches to B2C versus C2C intermediaries? Two sided markets versus one sided market? Content vs Services?

One participant said that we can’t really equate marketplaces, where there are buyers and sellers, with platforms where everyone can upload content. In case of a marketplace, for example an e-commerce site, “Sellers are supposed to be registered, [just as in case of cab aggregators], for the people who registered for driving, background check is supposed to be done to flag criminal pasts.”

“The same can’t apply on YouTube because on YouTube if you watch a video it is caveat emptor. You get what you see, it’s like a street vegetable where someone takes money and says anyone can sell vegetables here. It’s impossible to say that someone like YouTube will control what is right and wrong.”

But what does one do about platforms like Ebay India then? A response: “What eBay enables is, it’s not just C2C but also B2C. But the platform doesn’t distinguish between who is a business, and who is not. What happens when WhatsApp payments kicks in, and along with messages, you have transactions also taking place on Whatsapp? Should they be held liable for illegal transactions like drug buys?

Another participant suggested that “a better way to look at it is a one-sided platform vs two-sided platform. Uber is a clear example of a two-sided platform. One side has the rider and the other the driver. There is a clear distinction. Uber never confuses a rider with a driver. A one-sided platform is WhatsApp, where there is no concept of a business user. eBay is both one-sided and two-sided at the same time. What that means then is that eBay doesn’t distinguish whether someone is only a buyer and not a seller, or is a seller and a buyer at the same time. And once you start using this, on a one-sided platform it’s very hard to do a background check on the user.”

Another argued that content should be treated differently from services. “Shreya Singhal [judgment] does not relate to commercial services. You can’t say that I can refuse to give my details, or I can’t be compelled to give my details and put my FSSAI number or GST registration on a website because of freedom of speech. It’s actually covered under freedom of trade and business. But you can say I should be allowed to make anonymous speech because it’s under my fundamental right under Article 1(A). Both are relevant, but we have to keep in mind the distinction.”

Functional differences?

“I think it’s somewhat a wrong question to ask, what entity is an intermediary,” another participant said. “Certain types of functions are of intermediary in nature. A newspaper website for example can host their articles as well, which are presumably edited by an editor and read by an editor, they’ll be liable for illegal content. But if there’s a comment section on the same site, they are exempt from liability.”

Intermediary would have to be aligned with the expectation from that functional entity. In the delivery channel for a newspaper, from publisher, editor, author right till the delivery boy and the person, liability attaches to a certain function being performed by each. You won’t expect the delivery boy to be liable. But he’s still an intermediary. The editor you can expect to be liable because he controls and edits the data published. The publisher won’t be held to the same standard. So there are gradations.”

It’s about actual knowledge and the ability to exercise editorial functions, another participant said.

Regulation based on principle

A participant argued that all we’re hearing in these discussions is scenarios. “I haven’t heard any principles around bringing out those distinctions in terms of different types of intermediaries. It has to be an intelligible differentia, and what that intelligible differentia is needs to be thought about more. When I say that’s a qualifier, I say that— intermediaries can qualify, and any type of intermediaries, across all layers of the internet, from TSPs to social media companies. If you go through all the layers of the internet, in certain scenarios, it will qualify as an intermediary.”

At present, ISPs, Facebook etc are jumbled up into one category, one participant said. The first principle is that “Everything in the network layer should be safe harbor, unless there is very active involvement in the content.” The application layer needs to be treated differently, because there is some control over the content exercised: because of their algorithms, they control the receiver of the content. “If I post on Facebook, they’re exercising control on who receives it”.

Perhaps the most compelling comment:

“I don’t think intermediaries should ever be liable for third parties. If I say something that incites someone to murder, you can’t attribute that to a third party. The safe harbour shouldn’t be linked to intermediary regulation at all.


MediaNama’s discussion on Safe Harbor in Bangalore was supported by Facebook, Google and Mozilla