“Traceability is just about establishing who is availing using the service,” said Sameer Nigam, CEO of PhonePe at our discussion on Intermediary Liability in Bangalore on November 22, 2019. “Demanding traceability is not a way for the government to get a back door, companies have to be held accountable, the government has to have a reason [for demanding traceability]. It’s not a way for tech companies to have a back door to your private conversations,” he said. Nigam said that it made sense for platforms to enforce traceability, since being able to trace a user — if law enforcement asks for it — is a reasonable demand, and platforms should comply with the law of the land.

Instead of trying to split the role of the intermediaries, Nigam argued, we can consider the liabilties that platforms can be held responsible for:

  • Whether traceability is the responsibility of a service provider of knowing who their users are, which is a fair demand of countries and/or law enforcement.
  • Whether a service provider is liable for determining if some content is right or wrong, hateful or not, vicious or not. But no two countries will agree on the standards, so this isn’t a matter for courts or police to decide, but it’s a matter to be considered at the governance level of the individual companies.
  • There’s a difference between a country’s prevailing law declaring something illegal, and a platform saying that something is hateful, unacceptable, or threatening. If the court of the land says that some speech is causing communal hatred or would lead to death, people can take that up with the court, but it’s unfair to expect an aggrieved citizen to not be able to take recourse in the law of the land.

Does traceability have a chilling effect on speech?

Sachin Dhawan from Facebook said that the importance of free speech to safe harbour is missing from the discussion around traceability. One of the main reasons that the Communications Decency Act and Digital Millennium Copyright Act (DMCA) in the US, and safe harbour regimes in other countries exist is because there were mainstream media gatekeepers, he said. “The idea behind safe habour was to allow for a more diverse expression of speech, speech from minority and vulnerable groups that could not get a buy in or access through mainstream media platforms,” he added.

Talking in the same vein, Kiran Jonnalagadda from HasGeek said that platforms let you escape the law, as opposed to the physical world. This has led to reform in some places where the law was not up to the mark. For instance, LGBT communities got a voice online in India, and that may have played a role in changing the law here, Nikhil Pahwa, editor and founder, MediaNama, said.

But asking for traceability does not mean that intermediaries’ safe harbour needs to be lessened, Nigam clarified.

“I am all for safe harbour. I am talking about the liability of traceability being very different. We will lose the plot if we keep arguing for safe harbour all the time instead of arguing about what liability [should be] — because traceability is a very different liability. I am not liable for what people do on my platform. I am just liable to make sure that if someone is breaking the law on my platform, and law enforcement says so, then I am not obstructing justice, that’s all.” — Sameer Nigam

A crucial difficulty with not having traceability is that victims are not able to get redressal, said Antony Clement Rubin, whose petition in the Madras HC demanding Aadhaar-social media linkage has now snowballed into one demanding traceability on social media platforms. The victim could be a person being lynched because of a fake WhatsApp forward claiming that [s/]he transported beef or is a child kidnapper, Rubin continued. “There’s no point addressing the mob, but the one who started the whole crime — the mischief-maker — has to identified and taken down. Otherwise [s/]he is going to do it again, because he knows this is working,” Rubin said.

Nigam agreed that a platform could be held liable for not being able to trace a person even when it’s not in a position to trace the person. Because at the end of the day, the liability for a platform like Facebook is no different now than when it was a Harvard social network, he argued.

This, however, may be trickier to implement than it sounds. Purushotham Kittane from Spice Route Legal recounted a client who got a Section 91 request under CrPC. “A client got a Section 91 request, but because the client was a platform, it couldn’t provide more information than what it already had. The police just froze their bank accounts and business stopped,” he said. Santosh Panda from Explara said that he would have to change the platform if traceability becomes the norm as users on Explara cannot be traced with just a mobile number.

Recounting the experience of a client who received a Section 91 request from NIA in a terrorism case, Vinay Kesari from Setu said, that they wanted to know the content of the mesage, which was not possible.

“They also wanted metadata of when the person logged in to the service, their IP address, and even metadata relating to the chain of messages. We pushed back, saying that it wasn’t possible to provide this information, simply because it’s not recorded. When the platform raised the plea oftechnical impossibility has been raised, the inquiry finally stopped.” — Vinay Kesari

In addition, Section 69 of the IT Act talks about ‘assisting’, which has been overlooked in light of the proposed intermediary guidelines, said Harshitha Thammaiah from Xiaomi. “The intermediary should not trace the originator if it does not have the ability, but the intermediary should prove to the system and to the courts that it has taken so many steps,” she said. “I am not a fan of the government or the regulator really telling me how to structure my system because that in my opinion will really standstill innovation and it will not allow free trade, etc,” she said.

But if platforms were doing enough, the industry would have self-regulated, and the courts would not have had to intervene. “But year over year over year, there is sacrilege in the name of safe harbour,” Nigam said.

Someone has to be accountable, YouTube has to be accountable for every piece of content that was infringed upon. Platforms can’t just say they have no accountability when a movie that somebody spent three years making gets pirated. Platforms can’t just continue to say that they’re too large to trace people. They either have to take pro-rata accountability, or take on the penalty for violations.” — Sameer Nigam

Threat of surveillance

“Traceability is not just about identifying the source of a message, but necessarily involves some amount of visibility into what the content, which is a surveillance threat,” said Vaneesha Jain of Sai Krishna & Associates. Since circumscribed surveillance is allowed under the Telegraph Act and IT Act, “the issue is to find the circumstances in which traceability does pass the Puttaswamy test,” she said, continuing:

“This would either be done on a case-by-case basis. Or a norm can be established wherein every message doesn’t have to be traceable, or every social media user doesn’t need to link their account — not just to be identifiable, but also have their messages be read, for which they would have to be in plaintext.

“Apart from this, the situations in which this is going to be allowed for law enforcement purposes also need to be defined.”

— Vaneesha Jain

Even if traceability is brought in, it should still be implemented in a way that does not break encryption on the content itself otherwise carrying out mass surveillance would be very easy, said Kesari. “Only metadata, and not the content should be traceable,” according to him. At the same time, any demand for traceability has to go hand-in-hand with surveillance reform, he said.

There’s no surveillance regime in India except under section 69(B) of the IT Act or, Section 5(2) of the Telegraph Act, which are completely inappropriate, said Divij Joshi, an independent legal researcher. “Building on a judicial process or applying judicial mind to specific requests is necessary right now. At the same time, this needs to go in tandem with regulating the responsibilities of various agencies — including surveillance agencies, as well as social media companies,” he said.

Making the government accountable: Surveillance reform

“If we are allowing for a reality where intermediaries are agreeing to some level of traceability and responsibility, [the government] must do the same,” said Samir Nigam. Most people are more freaked out by the government than by Google or Facebook, and if the government wants to introduce intermediary guidelines, it should introduce one that says the government can’t do pre-emptive surveillance without prior legal sanction, Nigam added.

“Let’s say we are saying pre-emptive, anti-democratic, illegal surveillance not allowed. This will need to be codified in law, and the government will have to get legal sanction to carry out surveillance. No intermediary, except the apps and platforms which have to ensure traecability, should have visibility to the data. But the government should not be able to trace me, without an FIR or court order.” — Sameer Nigam

Divij Joshi said that traceability seems to be a red herring in the debate about intermediary liability. The larger issue is opaqueness of platforms, and making them accountable.

“It may not solve that problem of active violence or trying to figure out all the socio-political threads of where these harmful effects are coming from, but instead of focusing on liability, we can look at regulating the way in which these opaque platforms and systems operate and bring them under political accountability, which is not something we currently have right now.” — Divij Joshi

*

Read our coverage of our discussion on Intermediary Liability: The Way Forward in Bangalore. The discussion was held in Bangalore on November 22, 2019, with support from Facebook.