The government is looking at ways to combat online trolls, including making it mandatory to link social media accounts with phone numbers or official IDs such as Aadhaar cards and passports, senior officials told the Economic Times. To safeguard privacy the data will stay with the intermediary and law enforcement agencies will seek account details only when a crime takes place or if there is a complaint of harassment, the report said. Account verification won’t be part of the intermediary liability guidelines that the government plans to issue later this year, the report says. However, readers should note that traceability was a key part of the demands made of intermediaries in the draft amendment to the IT Rules.
End of privacy online?
Anonymity is both a positive and negative attribute of the Internet. Balancing people’s right to privacy online with the need to combat crime and abusive behaviour is a tricky but necessary task for all governments. But making it compulsory to link one’s online accounts with a phone number or government-issued ID would mean the end of privacy online – if it could be implemented in the first place. It hardly takes an expert to know that what the government is proposing would be impractical, expensive and tedious, not to mention frighteningly authoritarian and open to abuse. Which law such a proposal could be accommodated under is also an open question, given the Supreme Court’s strong views on the right to privacy: it would require an amendment to the IT Act.
Nikhil adds: It’s a disproportionate violation of privacy, to seek to identify everyone all the time, when you only need to identify some people sometimes.
Madras high court called it ‘dangerous’
In November 2018, the Madras high court was hearing a petition that called for linking people’s online accounts with Aadhaar or other official IDs, and directed Google and YouTube to appear before it. On August 13, the same bench had termed the linking of online accounts with official IDs ‘dangerous’, Business Standard reported. “This is a dangerous relief. It would affect the right to privacy of every individual. If the petitioner faces any such issue, he can very well file a complaint with the police,” the court had said.
Intermediary liability guidelines ‘unconstitutional’
In December 2018 the Ministry of IT and Electronics (MeitY) released a set of proposed changes to the rules that govern intermediaries for public consultation. In March a number of civil society organisations and researchers countered with arguments against Rule 3, which details the procedures and regulations for intermediaries to monitor ‘unlawful content’. It requires an intermediary to disable access to content violating the rule and help the government trace its origin. The organisations argued that this provision was excessive and unconstitutional and would lead to chilling effect on free speech.
What are the major proposed changes?
- Traceability, and information within 72 hours: The new rules require platforms to introduce traceability to find where a piece of information originated. For this, platforms may have to break end-to-end encryption. The rules require the intermediary to hand over information or assistance to government bodies in 72 hours, including in matters of security or cybersecurity, and for investigative purposes. [Rule 3(5)]
- Platforms are required to be registered under the Companies Act, have a physical address in the country, have a nodal officer who will cooperate with law enforcement agencies, etc. [Rule 3(7)]
- Platforms have to pull down unlawful content within a shorter duration of 24 hours from the earlier 36 hours. They also have to keep records of the “unlawful activity” for 180 days – double the period of 90 days in the 2011 rules – as required by the court or government agencies [Rule 3(8)]
- Platforms have to deploy tools to proactively identify, remove and disable public access to unlawful information or content. [Rule 3(9)]
- The new rules insert a monthly requirement on platforms to inform users of the platforms’ right to terminate usage rights and to remove non-compliant information at their own discretion. [Rule 3(4)]