Break end-to-end encryption to trace child porn distributors, make ISPs liable: Recommendations from Rajya Sabha Committee

To curb online child sexual abuse material (CSAM), an ad hoc Rajya Sabha Committee has recommended that law enforcement agencies be permitted to break end-to-end encryption to trace abusers, and that internet service providers give parents family-friendly filters. The ad hoc Committee, headed by Jairam Ramesh, made 40 recommendations to prevent sexual abuse of children and prohibit access and circulation of child pornography on social media in its report to M. Venkaiah Naidu on January 25.

The Committee heard from Ministries of Women and Child Development, Electronics and IT, and Home Affairs. It also heard from National Commission for Protection of Child Rights, TRAI, Google, Facebook, WhatsApp, ByteDance (TikTok), Twitter and Sharechat. HERD Educational and Medical Research Foundation, Centre for Child Rights and Internet Freedom Foundation also made their representations. The Committee was formed by Naidu on December 12.

These recommendations come at time when the Intermediary Guidelines (Amendment) Rules 2018 are expected to be notified by the Ministry of Electronics and Information Technology (MeitY) some time this week. Among the proposed changes to the guidelines, intermediaries will have to enable tracing of an originator of information on their platform. The responsibility of online intermediaries would ideally be defined by these rules. We have reached out to MeitY to understand if these recommendations will have an effect on the Rules that are yet to be notified.

Recommendations:

1. Amend the Information Technology Act, 2000:
   • Make intermediaries responsible for proactively identifying and removing CSAM, and for reporting it to Indian and foreign authorities, and for reporting, to the designated authority, the IP address/identities of people who search for or access child porn and CSAM
   • Make gateway ISPs liable so that they can detect and block CSAM websites.
   • Prescribe punitive measures for those who give pornographic access to children and those who access, produce or transmit CSAM.
   • Allow Central Government through “its designated authority” to block and/or prohibit all websites/intermediaries that carry CSAM. The designated authority has not been specified.
2. Allow law enforcement to break end-to-end encryption to trace distributors of child pornography.
3. Mandate CSAM detection for all social media companies through minimum essential technologies to detect CSAM besides reporting it to law enforcement agencies.
4. Separate adult content section on streaming platforms like Netflix and social media platforms such as Twitter and Facebook where children are not allowed.
5. Age verification and gating mechanisms on social media to restrict access to “objectionable/obscene material”.
6. Manage children’s access to internet: To do that, make apps that monitor children’s access to porn mandatory on all devices in India, and make such apps/solutions freely available to ISPs, companies, schools and parents. Also, ISPs should provide family-friendly filters to parents to regulate children’s access to internet.
7. Use blockchain to trace buyers of child porn: MeitY should coordinate with blockchain analysis companies to trace users who use cryptocurrencies to purchase child porn online.
8. Ban all payments to porn websites: Online payment portals and credit cards be prohibited from processing payments for any pornographic website.
9. Amend the Prevention of Children from Sexual Offences (POCSO) Act, 2012:
   • Prescribe a Code of Conduct for intermediaries (online platforms) to maintain child safety online, ensure age appropriate content, and curb use of children for pornographic purposes.
   • Make “advocating or counseling” sexual activities with a minor through written material, visual media, audio recording, or any other means, an offence under the Act.
   • Make school management responsible for safety of children within schools, transportation services and any other programmers with which the school is associated.
   • Make National Cyber Crime Reporting Portal the national portal for all report related to electronic material.
10. Make National Commission for Protection of Child Rights (NCPCR) the nodal agency to deal with the issue. It should have “necessary” technological, cyber policing and prosecution capabilities. Each state and UT should also have a Commission for the Protection for Child Rights that mirrors NCPCR.
11. Appoint e-safety commissioners at state level to ensure implementation of social media and website guidelines.
12. National Crime Record Bureau (NCRB) must record and report cases of child pornography of all kinds annually. Readers should note that the last annual report from NCRB was for 2017 and was released in October 2019.
13. National Tipline Number where citizens can report about child sexual abuse and distribution of CSAM.
14. Awareness campaigns by Ministries of Women and Child Development, and Information and Broadcasting on recognising signs of child abuse, online risks and improving online safety. Schools should also conduct training programmes for parents at least twice a year.

Protecting children online in India

The POCSO Act was amended last year to widen the definition of child pornography to include any visual depiction of sexually explicit conduct involving a child – including “photograph, video, digital or computer-generated image indistinguishable from an actual child, and image created, adapted, or modified, but appear to depict a child”. The amendment introduced a new section 15 that gave the following penalties for storage and possession of child pornographic material:

• A minimum fine of INR 5,000 for possession of pornographic material involving a child and with the intention to share the material in the first-time offense. For subsequent offenses, the fine will be no less than INR 10,000.
• Transmission such material, except for the purpose of reporting or as evidence in the court, will be punishable with a fine, prison term of up to 3 years, or both.
• Commercial use of such material will be punishable with a prison term of 3-5 years, or fine, or both for the first conviction. Subsequent convictions can lead to a prison term of 5-7 years with fine.
• During the discussion of the bill, it was criticised by multiple MPs on grounds that included reasons such as inadequate penalties and open-ended nature of a particular term.