The basis for enforcement and enactment of the Information Technology Act,2000 was to provide recognition to e-commerce and e-transactions and also to protect the users from digital crimes, piracy etc. The Ministry of Electronics and IT has prepared the Information Technology [Intermediaries Guidelines (Amendment) Rules] 2018 (hereinafter referred to as “2018 Rules”) in order to prevent spreading of fake news, curb obscene information on the internet, prevent misuse of social-media platforms and to provide security to the users. The Information Technology (Intermediaries Guidelines) Rules, 2011(hereinafter referred to as “ 2011 Rules)created a lot of heat waves in the digital world with regard to the duties and liabilities of the intermediaries even after safe harbor protection provided under Section 79 of the Information Technology Act,2000(hereinafter referred to as “the Act”). Section 79 of the Act provided that the Intermediaries or any person providing services as a network service provider are exempted from the liabilities in certain instances. In 2018, the government has come out with certain changes in the 2011 Rules and has elaborately explained the liabilities and functions of the Intermediaries and to oversee that the social media platform is not misused.
Initially in the rule 4 of the Information Technology (Intermediaries Guidelines) Rules, 2011, it has been stated that any content posted online which was illegal as per the list of categories laid down in Rule 3(2) of the 2011 Rules, then the affected person could write to the concerned intermediary to remove the same. It was mandatory for the intermediary to Act within 36 hours of receiving such complaint and if the same is not done with such a time period, then, the said intermediary cannot avail safe harbor as provided in Section 79 of the Act. The provision was criticized by the intermediaries, and a clarification was issued by the government by stating that the redressal to be resolved by the intermediaries within thirty days from the receipt of such complaints. However, the said provision was removed in its entirety in the 2018 Rules as the rule was unclear with regard to what constitutes redressal and no guidelines with regard to that was provided in the 2011 Rules.
The 2018 Rules further provides that whenever an order is issued by the government agencies seeking information or assistance concerning cyber security, then the intermediaries must provide them the same within 72 hours. Initially such request could have been made only through writing but now the government has included that such requests can now be made even via electronic means. If the authorized functionaries demands, then the intermediaries are also required to trace out the originator of the information and break the end-to-end encryption. The reason behind such a rule is that in case any rumours are being spread that are detrimental to the security of the Nation then the government will be able to trace out the originator or sender of the message. Such Rules are going to hit the companies like WhatsApp who had declined the government’s demand for traceability of originator of messages and content citing end to end encryption.
The recent rule also requires to “disable access” within 24 hours to content deemed defamatory or against national security and other clauses under Article 19 (2) of the Constitution. The Rules also requires the companies having more than five lakh users to have an office in India duly registered under the Companies Act. The big intermediaries are required to get their companies registered in India which will subject them to pay higher taxes. The 2018 Rules also requires appointment of a nodal officer who will be able to work with the law enforcement agencies round the clock. Initially in 2011 Rules, the intermediaries were required to store the information and such records for a period of ninety days but in 2018 Rules the time period has been extended to 180 days, thereby enabling the government to have such records available for a longer period of time and take necessary Actions as and when required.
The intermediaries are also required to deploy such technologies based on automated tools and appropriate mechanism for the purpose of identifying or removing or disabling access to unlawful information.
It can be perused from the above that the government is taking crucial steps to make legal frameworks in order to make social media accountable under law and protect people and intermediaries from misusing the same. It is also notices that the government has taken steps to protect the Freedom of Speech and Expression as provided in the Constitution of India as no regulations have been drafted with respect to the contents appearing on the social media. The Rules will make internet companies and social media more accountable for their contents.
Recently, as per reports, it has been stated that WhatsApp had opposed the proposed intermediaries’ rules which required the intermediaries to disclose information with regard to the origin of the messages, as it would violate free speech rights and privacy of an individual. Whereas, as per the intermediaries guidelines which is to be announced after elections would include penalties and jail terms for the executives of social media companies and the messaging apps who would not comply with the laid down rules regarding message traceability. The Government has taken this step to crack down on fake and inflammatory posts and messages that can cause violence including lynching across the country. The WhatsApp is of the view that such norms and guidelines are too broad and cannot be complied with considering the end-to-end encryption provided by the company to its users. The company had stated that it had made significant product changes and functioned with civil society partners to address misinformation through public education campaigns but the Government was not satisfied with the said response given by the company. As per the company, the traceability of the origin of messages and posts would mean re-engineering core product and would have global ramification and further have an impact on user privacy.