The Centre for Internet and Society
http://editors.cis-india.org
These are the search results for the query, showing results 61 to 75.
Computer Related Offences
http://editors.cis-india.org/internet-governance/resources/section-66-it-act.txt
<b>If any person, dishonestly or fraudulently, does any act referred to in section 43, he shall be punishable with imprisonment for a term which may extend to three years or with fine which may extend to five lakh rupees or with both.</b>
<p><b>Explanation<br /></b>For the purposes of this section,</p>
<ol>
<li>the word “dishonestly” shall have the meaning assigned to it in section 24 of the Indian Penal Code;</li>
<li>the word “fraudulently” shall have the meaning assigned to it in section 25 of the Indian Penal Code.</li>
</ol>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/resources/section-66-it-act.txt'>http://editors.cis-india.org/internet-governance/resources/section-66-it-act.txt</a>
</p>
No publisherpraneshIT ActInternet Governance2013-06-07T10:47:36ZPageSection 43 of the Information Technology Act
http://editors.cis-india.org/internet-governance/resources/section-43-it-act.txt
<b>Given below is the text of section 43 of the IT Act:</b>
<p style="text-align: justify; ">43. <b>Penalty and compensation for damage to computer, computer system, etc</b>.<br />If any person without permission of the owner or any other person who is incharge of a computer, computer system or computer network, or computer resource —</p>
<ol>
<li style="text-align: justify; ">accesses or secures access to such computer, computer system or computer network; </li>
<li style="text-align: justify; ">downloads, copies or extracts any data, computer data base or information from such computer, computer system or computer network including information or data held or stored in any removable storage medium; </li>
<li style="text-align: justify; ">introduces or causes to be introduced any computer contaminant or computer virus into any computer, computer system or computer network; </li>
<li style="text-align: justify; ">damages or causes to be damaged any computer, computer system or computer network, data, computer data base or any other programmes residing in such computer, computer system or computer network; </li>
<li style="text-align: justify; ">disrupts or causes disruption of any computer, computer system or computer network; </li>
<li style="text-align: justify; ">denies or causes the denial of access to any person authorised to access any computer, computer system or computer network by any means; (g) provides any assistance to any person to facilitate access to a computer, computer system or computer network in contravention of the provisions of this Act, rules or regulations made thereunder; </li>
<li style="text-align: justify; ">charges the services availed of by a person to the account of another person by tampering with or manipulating any computer, computer system, or computer network, he shall be liable to pay damages by way of compensation to the person so affected. </li>
<li style="text-align: justify; ">destroys, deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means; </li>
<li style="text-align: justify; ">steel, conceals, destroys or alters or causes any person to steal, conceal, destroy or alter any computer source code used for a computer resource with an intention to cause damage; </li>
</ol>
<p><i>Explanation</i>.<br />For the purposes of this section:</p>
<ol>
<li style="text-align: justify; ">"computer contaminant" means any set of computer instructions that are designed —<br />
<ul>
<li>to modify, destroy, record, transmit data or programme residing within a computer, computer system or computer network; or</li>
<li>by any means to usurp the normal operation of the computer, computer system, or computer network;</li>
</ul>
</li>
<li style="text-align: justify; ">"computer data base" means a representation of information, knowledge, facts, concepts or instructions in text, image, audio, video that are being prepared or have been prepared in a formalised manner or have been produced by a computer, computer system or computer network and are intended for use in a computer, computer system or computer network;</li>
<li style="text-align: justify; ">"computer virus" means any computer instruction, information, data or programme that destroys, damages, degrades or adversely affects the performance of a computer resource or attaches itself to another computer resource and operates when a programme, daia or instruction is executed or some other event takes place in that computer resource;</li>
<li style="text-align: justify; ">"damage" means to destroy, alter, delete, add, modify or rearrange any computer resource by any means.</li>
<li style="text-align: justify; ">"computer source code" means the listing of programmes, computer commands, design and layout and programme analysis of computer resource in any form.</li>
</ol>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/resources/section-43-it-act.txt'>http://editors.cis-india.org/internet-governance/resources/section-43-it-act.txt</a>
</p>
No publisherpraneshIT ActInternet Governance2013-06-07T10:37:04ZPageIT (Amendment) Act, 2008, 69A Rules: Draft and Final Version Comparison
http://editors.cis-india.org/internet-governance/blog/it-amendment-act-69-a-rules-draft-and-final-version-comparison
<b>Jadine Lannon has performed a clause-by-clause comparison of the 69A draft rules and 69A rules for Section 69A of the IT Act in order to better understand how the two differ. While there has been reshuffling of the clauses in the official rules, the content itself has not changed significantly. Notes have been included on some changes we deemed to be important.</b>
<p>Below is a chart depicting the 69A Draft Rules and the 69A Rules:</p>
<table class="plain">
<tbody>
<tr>
<th><img src="http://editors.cis-india.org/home-images/copy5_of_pc1.png" alt="c1" class="image-inline" title="c1" /></th>
</tr>
<tr>
<td><img src="http://editors.cis-india.org/home-images/copy2_of_pc2.png" alt="c2" class="image-inline" title="c2" /></td>
</tr>
<tr>
<td><img src="http://editors.cis-india.org/home-images/copy2_of_pc3.png" alt="c3" class="image-inline" title="c3" /></td>
</tr>
<tr>
<td><img src="http://editors.cis-india.org/home-images/copy2_of_pc4.png" alt="c4" class="image-inline" title="c4" /></td>
</tr>
<tr>
<td><img src="http://editors.cis-india.org/home-images/copy3_of_pc5.png" alt="c5" class="image-inline" title="c5" /></td>
</tr>
<tr>
<td><img src="http://editors.cis-india.org/home-images/copy2_of_pc6.png" alt="c6" class="image-inline" title="c6" /></td>
</tr>
</tbody>
</table>
<p style="text-align: justify; ">There was a lot of structural change between the draft rules and the official rules—many of the draft clauses were shuffled around and combined—but not a lot of change in content. Many of the changes that appear in the official rules serve to clarify parts of the draft rules.</p>
<p style="text-align: justify; ">Three definitions were added under clause (2), two to clarify later references to a “designated officer” and a “nodal officer” and the third to indicate a form appended to the official Rules.</p>
<p style="text-align: justify; ">Clause (3) of the official rules then clarifies who shall be named the “designated officer”, which was not done in the draft rules as there was no inclusion of an official title of the officer who would have the responsibilities of the “designated officer”. Interestingly, clause (3) of the draft rules requires the Secretary of the Department of Information Technology, Ministry of Communications & Information Technology, Government of India to name an officer, whereas clause (3) of the official rules states that the “Central Government” shall designate an officer, a change in language that allows for much more flexibility on the government's part.</p>
<p style="text-align: justify; ">Clause (5) in the draft rules and clause (4) in the official rules deal with the designation of a Nodal Officer, but omitted in the official rules are responsibilities of the designated officer, which includes acting on the “direction of the indian competent court”. This responsibility does not appear in any part of the official rules. Further, clause (4) of the official rules requires the organizations implicated in the rules to publish the name of the Nodal Officer on their website; this is an addition to the draft rules, and a highly useful one at that. This is an important move towards some form of transparency in this contentious process.</p>
<p style="text-align: justify; ">Clause (5) of the official rules significantly clarifies clause (4) of the draft rules by stating that the designated officer may direct any Agency of the Government or intermediary to block access <i>once a request from the Nodal Officer has been received</i>.</p>
<p style="text-align: justify; ">Clause (7) of the official rules uses the word “information” instead of “computer resource”, which is used in the corresponding clause (12) in the draft rules, when referring to the offending object. This change in language significantly widens the scope of what can be considered offending under the rules.</p>
<p style="text-align: justify; ">The sub-sections (2), (3) and (4) of clause (9) of the official rules are additions to the draft rules. Sub-section (2) is a significant addition, as it deals with the ability of the Secretary of the Department of Information Technology's ability to block for public access any information or part thereof without granting a hearing to the entity in control of the offending information <i>in a case of emergency nature. </i>The request for blocking will then be brought before the committee of examination of request <i>within 48 hours of the issue of direction</i>, meaning that the offending information could be blocked for two days without giving notice to the owner/controller of the information of the reason for the blockage.</p>
<p style="text-align: justify; ">An important clarification has been included in clause (15) of the official rules, which differs from clause (23) of the draft rules through the inclusion of the following phrase: “The Designated Officer shall maintain complete record of the <i>request received and action taken thereof </i>[...] of the cases of blocking for public access”. This is a significant change from clause (23), which simply states that the “Designated Officer shall maintain complete <i>record</i> [...] of the cases of blocking”. This could be seen as an important step towards transparency and accountability in the 69B process of blocking information for public access if clause (16) of the official rules did not state that all requests and complaints received and all actions taken thereof must be kept confidential, so the maintenance of records mentioned in clause (15) of the official rules appears to be only for internal record-keeping. However, just the fact that this information is being recording is a significant change from the draft rules, and may, if the sub-rules relating to confidentiality were to be changed, be useful data for the public.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/it-amendment-act-69-a-rules-draft-and-final-version-comparison'>http://editors.cis-india.org/internet-governance/blog/it-amendment-act-69-a-rules-draft-and-final-version-comparison</a>
</p>
No publisherjdineIT ActInternet Governance2013-04-30T10:10:48ZBlog EntryInformation Technology (Procedure and safeguard for Monitoring and Collecting Traffic Data or Information) Rules, 2009
http://editors.cis-india.org/internet-governance/resources/it-procedure-and-safeguard-for-monitoring-and-collecting-traffic-data-or-information-rules-2009
<b>Draft Rules under section 69B of the Information Technology (Amendment) Act, 2008 as notified by the Central Government. </b>
<p style="text-align: justify; "><b>G.S.R. 782 (E).</b>—<b> </b>In exercise of the power conferred y clause (za) of sub-section (2) of section 87, read with sub-section (3) of section 69B of the Information Technology Act 2000 (21 of 2000), the Central Government hereby makes the following rules, namely:—</p>
<p><b>1. Short title and commencement.</b>—</p>
<p style="text-align: justify; ">(1) These rules may be called the Information Technology (Procedure and safeguard for Monitoring and Collecting Traffic Data or Information) Rules, 2009.</p>
<p style="text-align: justify; ">(2) They shall come into force on the date of their publication in the Official Gazette.</p>
<p><b> </b></p>
<p style="text-align: justify; "><b>2. Definitions.</b>— In these rules, unless the context otherwise requires,—</p>
<p style="text-align: justify; ">(a) “Act” means the Information Technology Act, 2000 (21 of 2000);</p>
<p style="text-align: justify; ">(b) “communication” means dissemination, transmission, carriage of information or signal in come manner and include both a direct communication and an indirect communication;</p>
<p style="text-align: justify; ">(c) “communication link” means the use of satellite, microwave, radio, terrestrial line, wire, wireless or any other communication media to inter-connect computer resource;</p>
<p style="text-align: justify; ">(d) “competent authority” means the Secretary to the Government of India in the Department of Information Technology under the Ministry of Communications and Information Technology;</p>
<p>(e) “computer resource” means computer resource as defined in clause (k) of sub-section (1) of section 2 of the Act;</p>
<p style="text-align: justify; ">(f) “cyber security incident” means any real or suspected adverse event in relation to cyber security that violates an explicitly or implicitly applicable security policy resulting in unauthorised access, denial of service/disruption, unauthorised use of a computer resource for processing or storage of information or changes to data, information without authorisation;</p>
<p style="text-align: justify; ">(g) “cyber security breaches” means unauthorised acquisition or unauthorised use by a person of data or information that compromises the confidentiality, integrity or availability of information maintained in a computer resource;</p>
<p style="text-align: justify; ">(h) “information” means information as defined in clause (v) of sub-section (1) of section 2 of the Act;</p>
<p style="text-align: justify; ">(i) “information security practices” means implementation of security policies and standards in order to minimize the cyber security incidents and breaches;</p>
<p style="text-align: justify; ">(j) “intermediary” means an intermediary as defined by clause (w) of sub-section (1) of section 2 of the Act;</p>
<p style="text-align: justify; ">(k) “monitor” with its grammatical variations and cognate expressions, includes to view or inspect or to record or collect traffic data or information generated, transmitted, received or stored in a computer resource by means of a monitoring device;</p>
<p style="text-align: justify; ">(l) “monitoring device” means any electronic, mechanical, electro-mechanical, electro-magnetic, optical or other instrument, device, equipment or apparatus which is used or can be used, whether by itself or in combination with any other instrument, device, equipment or apparatus, to view or inspect or record or collect traffic data or information;</p>
<p style="text-align: justify; ">(m) “port” or “application port” means a set of software rules which identifies and permits communication between application to application, network to network, computer to computer, computer system to computer system;</p>
<p style="text-align: justify; ">(n) “Review Committee” means the Review Committee constituted under rule 419A of Indian Telegraph Rules, 1951;</p>
<p style="text-align: justify; ">(o) “security policy” means documented business rules and processes for protecting information and the computer resource;</p>
<p style="text-align: justify; ">(p) “traffic data” means traffic data as defined in <i>Explanation (ii) </i>to section 69B of the Act.</p>
<p><b> </b></p>
<p><b>3. Directions for monitoring.</b>—</p>
<p style="text-align: justify; ">(1) No directions for monitoring and collection of traffic data or information under sub-section (3) of section 69B of the Act shall be issued, except by an order made by the competent authority.</p>
<p style="text-align: justify; ">(2) The competent authority may issue directions for monitoring for any or all of the following purposes related to cyber security, namely:-</p>
<p style="text-align: justify; ">(a) forecasting of imminent cyber incidents;</p>
<p style="text-align: justify; ">(b) monitoring network application with traffic data or information on computer resource;</p>
<p style="text-align: justify; ">(c) identification and determination of viruses or computer contaminant;</p>
<p>(d) tracking cyber security breaches or cyber security incidents;</p>
<p style="text-align: justify; ">(e) tracking computer resource breaching cyber security or spreading virus or computer contaminants;</p>
<p style="text-align: justify; ">(f) identifying or tracking of any person who has breached, or is suspected of having breached or being likely to breach cyber security;</p>
<p style="text-align: justify; ">(g) undertaking forensic of the concerned computer resource as a part of investigation or internal audit of information security practices in the computer resources;</p>
<p style="text-align: justify; ">(h) accessing a stored information for enforcement of any provisions of the laws relating to cyber security for the time being in force;</p>
<p style="text-align: justify; ">(i) any other matter relating to cyber security.</p>
<p style="text-align: justify; ">(3) Any direction issued by the competent authority under sub-rule (2) shall contain reasons for such direction and a copy of such direction shall be forwarded to the Review Committee withing a period of seven working days.</p>
<p style="text-align: justify; ">(4) The direction of the competent authority for monitoring and collection of traffic data or information may include the monitoring and collection of traffic data or information from any person or class of persons or relating to any particular subject whether such traffic data or information, or class of traffic data of information, are received with one or more computer resources, being a computer resource likely to be used for generation, transmission, receiving, storing of traffic data or information from or to one particular person or one or many set of premises.</p>
<p><b>4. Authorised agency of government for monitoring and collection of traffic data or information.</b>—</p>
<p style="text-align: justify; ">(1) The competent authority may authorise any agency of the government for monitoring and collection of traffic data or information generated, transmitted, received or stored in any computer resource.</p>
<p style="text-align: justify; ">(2) The agency authorised by the competent authority under sub-rule (1) shall designated one or more nodal officer, not below the rank of Deputy Secretary to the Government of India, for the purpose to authenticate and send the requisition conveying direction issued under rule 3 to the designated officers of the concerned intermediary or person in-charge of computer resources.</p>
<p style="text-align: justify; ">(3) The requisition under sub-rule (2) shall specify the name and designation of the officer or the agency to whom the monitored or collected traffic data or information is to be disclosed.</p>
<p style="text-align: justify; ">(4) The intermediaries or person in-charge of computer resource shall designate one or more officers to receive requisition and to handle such requisition from the nodal officer for monitoring or collection of traffic data or information.</p>
<p style="text-align: justify; ">(5) The requisition conveying directions for monitoring shall be conveyed to the designated officers of the intermediary or person in-charge of computer resources, in writing through letter or fax by the nodal officer or delivered, (including delivery by email signed with electronic signature), by an officer not below the rank of Under Secretary or officer of the equivalent rank.</p>
<p style="text-align: justify; ">(6) The nodal officer issuing the requisition conveying directions for monitoring under sub=rule (2) shall also make a request in writing to the designated officer of intermediary or person in-charge of computer resource for monitoring in accordance with the format indicated in such requisition and report the same to the officer designated under sub-rule (3).</p>
<p style="text-align: justify; ">(7) The nodal officer shall also make a request to the officer of intermediary or person in-charge of computer resource designated under sub-rule (4) to extend all facilities, co-operation and assistance in installation, removal and testing of equipment and also enable online access or to secure and provide online access to the computer resource for monitoring and collecting traffic data or information.</p>
<p style="text-align: justify; ">(8) On receipt of requisition under sub-rule (2) conveying the direction issued under sub-rule (2) of rule 3 the designated officer of the intermediary or person in-charge of computer resource designated under sub-rule (4) shall acknowledge the receipt of requisition by way of letter or fax or electronically signed e-mail to the nodal officer within a period of two hours from the time of receipt of such requisition.</p>
<p style="text-align: justify; ">(9) The officer of the intermediary or person in-charge of computer resource designed under sub-rule (4) shall maintain proper records of the requisitions received by him.</p>
<p style="text-align: justify; ">(10) The designated officer of the intermediary or person in-charge of computer resource shall forward in every fifteen days a list of requisition conveying direction for monitoring or collection of traffic data or information to the nodal officer which shall include details such as the reference and date of requisition conveying direction of the concerned competent authority.</p>
<p><b> </b></p>
<p style="text-align: justify; "><b>5. Intermediary to ensure effective check in handling monitoring or collection of traffic data or information.</b>— The intermediary or person in-charge of computer resources shall put in place adequate and effective internal checks to ensure that unauthorised monitoring or collection of traffic data or information does not take place and extreme secrecy is maintained and utmost care and precaution is taken in the matter of monitoring or collection of traffic data or information as it affects privacy of citizens and also that this matter is handled only by the designated officer of the intermediary or person in-charge of computer resource.</p>
<p><b> </b></p>
<p style="text-align: justify; "><b>6. Responsibility of intermediary.</b>— The intermediary or person in-charge of computer resource shall be responsible for the actions of their employees also, and in case of violation of the provision of the Act and rules made thereunder pertaining to maintenance of secrecy and confidentiality of information or any unauthorised monitoring or collection of traffic data or information, the intermediary or person in-charge of computer resource shall be liable for any action under the relevant provision of the laws for the time being in force.</p>
<p><b> </b></p>
<p style="text-align: justify; "><b>7. Review of directions of competent authority.</b>— The Review Committee shall meet at least once in two months and record its finding whether the directions issued under sub-rule (2) of rule 3 are in accordance with the provisions of sub-section (3) of section 69B of the Act and where the Review Committee is of the opinion that the directions are not in accordance with the provisions referred to above, it may set aside the directions and issue order for destruction of the copies, including corresponding electronic record of the monitored or collected traffic data or information.</p>
<p><b> </b></p>
<p><b>8. Destruction of records.</b>—</p>
<p style="text-align: justify; ">(1) Every record, including electronic records pertaining to such directions for monitoring or collection of traffic data shall be destroyed by the designated officer after the expiry of a period of nine months from the receipt of direction or creation of record, whichever is later, except in a case where the traffic data or information is, or likely to be, required for functional requirements.</p>
<p style="text-align: justify; ">(2) Save as otherwise required for the purpose of any ongoing investigation, criminal complaint or legal proceedings the intermediary or the person in-charge of computer resource shall destroy records pertaining to directions for monitoring or collection of information within a period of six months of discontinuance of the monitoring or collection of traffic data and in doing so they shall maintain extreme secrecy.</p>
<p><b> </b></p>
<p style="text-align: justify; "><b>9. Prohibition of monitoring or collection of traffic data or information without authorisation.</b>—</p>
<p style="text-align: justify; ">(1) Any person who, intentionally or knowingly, without authorisation under sub-rule (2) of rule 3 or sub-rule (1) of rule 4, monitors or collects traffic data or information, or attempts to monitor or collect traffic data or information, or authorises or assists any person to monitor or collect traffic data or information in the course of its occurrence or transmission at any place within India, shall be proceeded against, punished accordingly under the relevant provisions of the law for the time being in force.</p>
<p style="text-align: justify; ">(2) the monitoring or collection of traffic data or information in computer resource by the employee of an intermediary or person in-charge of computer resource or a person duly authorised by the intermediary, may be undertaken in course of his duty relating to the services provided by that intermediary, if such activities are reasonably necessary for the discharge his duties as per the prevailing industry practices, in connection with the following matters, namely:—</p>
<p style="text-align: justify; ">(i) installation of computer resource or any equipment to be used with computer resource; or</p>
<p>(ii) operation or maintenance of computer resource; or</p>
<p style="text-align: justify; ">(iii) installation of any communication link or software either at the end of the intermediary or subscriber, or installation of user account on the computer resource of intermediary and testing of the same for its functionality;</p>
<p style="text-align: justify; ">(iv) accessing stored information from computer resource relating to the installation, connection or maintenance of equipment, computer resource or a communication link or code; or</p>
<p style="text-align: justify; ">(v) accessing stored information from computer resource for the purpose of--</p>
<p style="text-align: justify; ">(a) implementing information security practices in the computer resource;</p>
<p style="text-align: justify; ">(b) determining any security breaches, computer contaminant or computer virus;</p>
<p style="text-align: justify; ">(c) undertaking forensic of the concerned computer resource as a part of investigation or internal audit; or</p>
<p style="text-align: justify; ">(vi) accessing or analysing information from a computer resource for the purpose of tracing a computer resource of any person who has contravened, or is suspected of having contravened or being likely to contravene, any provision of the Act that is likely to have an adverse impact on the services provided by the intermediary.</p>
<p style="text-align: justify; ">(3) The intermediary or the person in-charge of computer resource and its employees shall maintain strict secrecy and confidentiality of information while performing the actions as specified under sub-rule (2).</p>
<p style="text-align: justify; ">(4) The details of monitored or collected traffic data or information shall not be used or disclosed by intermediary or person in-charge of computer resource or any of its employees to any person other than the intended recipient of the said information under sub-rule (2) of rule 4. Any intermediary or its employees of person in-charge of computer resource who contravenes the provisions of this rule shall be proceeded against and punished accordingly under the relevant provisions of the Act or any other law for the time being in force.</p>
<p style="text-align: justify; "><b>10. Prohibition of disclosure of traffic data or information by authorised agency.</b>— The details of monitored or collected traffic data or information shall not be used or disclosed by the agency authorised under sub-rule (1) of rule 4 for any other purpose, except for forecasting imminent cyber threats or general trend of port-wise traffic on Internet, or general analysis of cyber incidents, or for investigation or in judicial proceedings before the competent court in India.</p>
<p><b> </b></p>
<p style="text-align: justify; "><b>11. Maintenance of confidentiality.</b>— Save as otherwise provided in rule 10, strict confidentiality shall be maintained in respect of directions for monitoring or collection of traffic data or information issued by the competent authority under these rules.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/resources/it-procedure-and-safeguard-for-monitoring-and-collecting-traffic-data-or-information-rules-2009'>http://editors.cis-india.org/internet-governance/resources/it-procedure-and-safeguard-for-monitoring-and-collecting-traffic-data-or-information-rules-2009</a>
</p>
No publisherjdineIT ActInternet Governance2013-04-25T04:49:05ZPageInformation Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009
http://editors.cis-india.org/internet-governance/resources/it-procedure-and-safeguards-for-interception-monitoring-and-decryption-of-information-rules-2009
<b>Rules under section 69(2) of the Information Technology Act, 2008 (after the 2008 amendment).</b>
<p style="text-align: justify; ">G.S.R. 780 (E).— In exercise of the powers conferred by clause (y) of sub-section (2) of section 87, read with sub-section (2) of section 69 of the Information Technology Act, 2000 (21 of 2000), the Central Government hereby makes the following rules, namely:</p>
<p>1. <b>Short title and commencement.</b>—</p>
<p>(1) These rules may be called the Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009.</p>
<p>(2) They shall come into force on the date of their publication in the Official Gazette.</p>
<p>2. <b>Definitions.</b>— In these rules, unless the context otherwise requires,--</p>
<p>(a) “Act” means the Information Technology Act, 2000 (21 of 2000);</p>
<p>(b) “communication” means dissemination, transmission, carriage of information or signal in some manner and include both a direct communication and an indirect communication”;</p>
<p style="text-align: justify; ">(c) “communication link” means the use of satellite, microwave, radio, terrestrial line, wire, wireless or any other communication media to inter-connect computer resource;</p>
<p>(d) “competent authority” means--</p>
<p>(i) the Secretary in the Ministry of Home Affairs, in case of the Central Government; or</p>
<p style="text-align: justify; ">(ii) the Secretary in charge of the Home Department, in case of a State Government or Union territory, as the case may be;</p>
<p style="text-align: justify; ">(e) “computer resource” means computer resource as defined in clause (k) of sub-section (1) of section 2 of the Act;</p>
<p style="text-align: justify; ">(f) “decryption” means the process of conversion of information in non-intelligible form to an intelligible form via a mathematical formula, code, password or algorithm or a combination thereof;</p>
<p>(g) “decryption assistance” means any assistance to--</p>
<p>(i) allow access, to the extent possible, to encrypted information; or</p>
<p>(ii) facilitate conversion of encrypted information into an intelligible form;</p>
<p>(h) “decryption direction” means a direction issued under Rule (3) in which a decryption key holder is directed to--</p>
<p>(i) disclose a decryption key; or</p>
<p>(ii) provide decryption assistance in respect of encrypted information</p>
<p>(i) “decryption key” means any key, mathematical formula, code, password, algorithm or any other data which is used to--</p>
<p>(i) allow access to encrypted information; or</p>
<p>(ii) facilitate the conversion of encrypted information into an intelligible form;</p>
<p style="text-align: justify; ">(j) “decryption key holder” means any person who deploys the decryption mechanism and who is in possession of a decryption key for purposes of subsequent decryption of encrypted information relating to direct or indirect communications;</p>
<p>(k) “information” means information as defined in clause (v) of sub-section (1) of section 2 of the Act;</p>
<p style="text-align: justify; ">(l) “intercept” with its grammatical variations and cognate expressions, means the aural or other acquisition of the contents of any information through the use of any means, including an interception device, so as to make some or all of the contents of an information available to a person other than the sender or recipient or intended recipient of that communication, and includes--</p>
<p>(a) monitoring of any such information by means of a monitoring device;</p>
<p>(b) viewing, examination or inspection of the contents of any direct or indirect information; and</p>
<p style="text-align: justify; ">(c) diversion of any direct or indirect information from its intended destination to any other destination to any other destination;</p>
<p style="text-align: justify; ">(m) “interception device” means any electronic, mechanical, electro-mechanical, electro-magnetic, optical or other instrument, device, equipment or apparatus which is used or can be used, whether by itself or in combination with any other instrument, device, equipment or apparatus, to intercept any information; and any reference to an “interception device” includes, where applicable, a reference to a “monitoring device”;</p>
<p style="text-align: justify; ">(n) “intermediary” means an intermediary as defined in clause (w) of sub-section (1) of section 2 of the Act;</p>
<p style="text-align: justify; ">(o) “monitor” with its grammatical variations and cognate expressions, includes to view or to inspect or listen to or record information by means of a monitoring device;</p>
<p style="text-align: justify; ">(p) “monitoring device” means any electronic, mechanical, electro-mechanical, electro-magnetic, optical or other instrument, device, equipment or apparatus which is used or can be used, whether by itself or in combination with any other instrument, device, equipment or apparatus, to view or to inspect or listen to or record any information;</p>
<p>(q) “Review Committee” means the Review Committee constituted under rule 419A of Indian Telegraph Rules, 1951.</p>
<p style="text-align: justify; ">3. <b>Direction for interception or monitoring or decryption of any information.</b>— No person shall carry out the interception or monitoring or decryption of any information generated, transmitted, received or stored in any computer resource under sub-section (2) of section 69 of the Act, except by an order issued by the competent authority;</p>
<p style="text-align: justify; ">Provided that in an unavoidable circumstances, such order may be issued by an officer, not below the rank of Joint Secretary of the Government of India, who has been duly authorised by the competent authority;</p>
<p>Provided further that in a case of emergency--</p>
<p style="text-align: justify; ">(i) in remote areas, where obtaining of prior directions for interception or monitoring or decryption of information is not feasible; or</p>
<p style="text-align: justify; ">(ii) for operational reasons, where obtaining of prior directions for interception or monitoring or decryption of any information generation, transmitted, received or stored in any computer resource is not feasible,</p>
<p style="text-align: justify; ">the interception or monitoring of decryption of any information generated, transmitted, received or stored in any computer resource may be carried out with the prior approval of the Head or the second senior most officer of the security and law enforcement agency (hereinafter referred to as the said security agency) at the Central level and the officer authorised in this behalf, not below the rank of the inspector General of Police or an officer of equivalent rank, at the State or Union territory level;</p>
<p style="text-align: justify; ">Provided also that the officer, who approved such interception or monitoring or decryption of information in case of emergency, shall inform in writing to the competent authority about the emergency and of such interception or monitoring or decryption within three working days and obtain the approval of the competent authority thereon within a period of seven working days and if the approval of competent authority is not obtained within the said period of seven working days, such interception or monitoring or decryption shall cease and the information shall not be intercepted or monitored or decrypted thereafter without the prior approval of the competent authority.</p>
<p style="text-align: justify; ">4. <b>Authorisation of agency of Government.</b>— The competent authority may authorise an agency of the Government to intercept, monitor or decrypt information generated, transmitted received or stored in any computer resource for the purpose specified in sub-section (1) of section 69 of the Act.</p>
<p style="text-align: justify; ">5. <b>Issue of decryption direction by competent authority.</b>— The competent authority may, under Rule (3), give any decryption direction to the decryption key holder for decryption of any information involving a computer resource or part thereof.</p>
<p style="text-align: justify; ">6. <b>Interception or monitoring or decryption of information by a State beyond its jurisdiction.</b>— Notwithstanding anything contained in Rule (3), if a State Government or Union territory Administration requires any interception or monitoring or decryption of information beyond its territorial jurisdiction, the Secretary in-charge of the Home Department in that State or Union territory, as the case may be, shall make a request to the Secretary in the Ministry of Home Affairs, Government of India for issuing direction to the appropriate authority for such interception or monitoring or decryption of information.</p>
<p style="text-align: justify; ">7. <b>Contents for direction.</b>— Any direction issued by the competent authority under Rule (3) shall contain reasons for such direction and a copy of such direction shall be forwarded to the Review Committee within a period of seven working days.</p>
<p style="text-align: justify; ">8. <b>Competent authority to consider alternative means in acquiring information.</b>— The competent authority shall, before issuing any direction under Rule (3), consider possibility of acquiring the necessary information by other means and the direction under Rule (3) shall be issued only when it is not possible to acquire the information by any other reasonable means.</p>
<p style="text-align: justify; ">9. <b>Direction of interception or monitoring or decryption of any specific information.</b>— The direction of interception or monitoring or decryption of any information generation, transmitted, received or stored in any computer resource shall be of any information as is sent to or from any person or class of persons or relating to any particular subject whether such information or class of information are received with one or more computer resources, or being a computer resource likely to be used for the generation, transmission, receiving, storing of information from or to one particular person or one or many set of premises, as may be specified or described in the direction.</p>
<p style="text-align: justify; ">10. <b>Direction to specify the name and designation of the officer to whom information to be disclosed.</b>— Every directions under Rule (3) shall specify the name and designation of the officer of the authorised agency to whom the intercepted or monitored or decrypted or stored information shall be disclosed and also specify that the use of intercepted or monitored or decrypted information shall be subject to the provisions of sub-section (1) of section 69 of the said Act.</p>
<p style="text-align: justify; ">11. <b>Period within which direction shall remain in force.</b>— The direction for interception or monitoring or decryption shall remain in force, unless revoked earlier, for a period not exceeding sixty days from the date of its issue and may be renewed from time to time for such period not exceeding the total period of one hundred and eighty days.</p>
<p style="text-align: justify; ">12. <b>Authorised agency to designate nodal officer.</b>— The agency authorised by the competent authority under Rule (4) shall designate one or more nodal officer, not below the rank of Superintendent of Police or Additional Superintendent of Police or the officer of the equivalent rank to authenticate and send the requisition conveying direction issued under Rule (3) for interception or monitoring or decryption to the designated officers of the concerned intermediaries or person in-charge of computer resource;</p>
<p style="text-align: justify; ">Provided that an officer, not below the rank of Inspector of Police or officer of equivalent rank, shall deliver the requisition to the designated officer of the intermediary.</p>
<p>13. <b>Intermediary to provide facilities, etc.</b>—</p>
<p style="text-align: justify; ">(1) The officer issuing the requisition conveying direction issued under Rule (3) for interception or monitoring or decryption of information shall also make a request in writing to the designated officers of intermediary or person in-charge of computer resources, to provide all facilities, co-operation and assistance for interception or monitoring or decryption mentioned in the directions.</p>
<p style="text-align: justify; ">(2) On the receipt of request under sub-rule (1), the designated officers of intermediary or person in-charge of computer resources, shall provide all facilitates, co-operation and assistance for interception or monitoring or decryption of information mentioned in the direction.</p>
<p style="text-align: justify; ">(3) Any direction of decryption of information issued under Rule (3) to intermediary shall be limited to the extent the information is encrypted by the intermediary or the intermediary has control over the decryption key.</p>
<p style="text-align: justify; ">14. <b>Intermediary to designate officers to receive and handle.</b>— Every intermediary or person in-charge of computer resource shall designate an officer to receive requisition, and another officer to handle such requisition, from the nodal officer for interception or monitoring or decryption of information generation, transmitted, received or stored in any computer resource.</p>
<p style="text-align: justify; ">15. <b>Acknowledgement of instruction.</b>— The designated officer of the intermediary or person in-charge of computer resources shall acknowledge the instructions received by him through letters or fax or e-mail signed with electronic signature to the nodal officer of the concerned agency within two hours on receipt of such intimation or direction for interception or monitoring or decryption of information.</p>
<p style="text-align: justify; ">16. <b>Maintenance of records by designated officer.</b>— The designated officer of intermediary or person in-charge of computer resource authorised to intercept or monitor or decrypt any information shall maintain proper records mentioning therein, the intercepted or monitored or decrypted information, the particulars of persons, computer resource, e-mail account, website address, etc. whose information has been intercepted or monitored or decrypted, the name and other particulars of the officer or the authority to whom the intercepted or monitored or decrypted information has been disclosed, the number of copies, including corresponding electronic records of the intercepted or monitored or decrypted information made and the mode of the method by which such copies, including corresponding electronic records are made, the date of destruction of the copies, including corresponding electronic record and the duration within which the directions remain in force.</p>
<p style="text-align: justify; ">17. <b>Decryption key holder to disclose decryption key or provide decryption assistance.</b>— If a decryption direction or a copy thereof is handed to the decryption key holder to whom the decryption direction is addressed by the nodal officer referred to in Rule (12), the decryption key holder shall within the period mentioned in the decryption direction--</p>
<p>(a) disclose the decryption key; or</p>
<p>(b) provide the decryption assistance,</p>
<p>specified in the decryption direction to the concerned authorised person.</p>
<p style="text-align: justify; ">18. <b>Submission of the list of interception or monitoring or decryption of information.</b>— <br />(1) The designated officers of the intermediary or person in-charge of computer resources shall forward in every fifteen days a list of interception or monitoring or decryption authorisations received by them during the preceding fortnight to the nodal officers of the agencies authorised under Rule (4) for confirmation of the authenticity of such authorisations. <br />(2) The list referred to in sub-rule (1) shall include details, such as the reference and date of orders of the concerned competent authority including any order issued under emergency cases, date and time of receipt of such order and the date and time of implementation of such order.</p>
<p style="text-align: justify; ">19. <b>Intermediary to ensure effective check in handling matter of interception or monitoring or decryption of information.</b>— The intermediary or the person in-charge of the computer resource so directed under Rule (3), shall provide technical assistance and the equipment including hardware, software, firmware, storage, interface and access to the equipment wherever requested by the agency authorised under Rule (4) for performing interception or monitoring or decryption including for the purposes of--</p>
<p style="text-align: justify; ">(i) the installation of equipment of the agency authorised under Rule (4) for the purposes of interception or monitoring or decryption or accessing stored information in accordance with directions by the nodal officer; or</p>
<p>(ii) the maintenance, testing or use of such equipment; or</p>
<p>(iii) the removal of such equipment; or</p>
<p>(iv) the performance of any action required for accessing of stored information under the direction issued by the competent authority under Rule (3).</p>
<p style="text-align: justify; ">20. <b>Intermediary to ensure effective check in handling matter of interception or monitoring or decryption of information.</b>— The intermediary or person in-charge of computer resources shall put in place adequate and effective internal checks to ensure the unauthorised interception of information does not take place and extreme secrecy is maintained and utmost care and precaution shall be taken in the matter of interception or monitoring or decryption of information as it affects privacy of citizens and also that it is handled only by the designated officers of the intermediary and no other person of the intermediary or person in-charge of computer resources shall have access to such intercepted or monitored or decrypted information.</p>
<p style="text-align: justify; ">21. <b>Responsibility of intermediary.</b>— The intermediary or person in-charge of computer resources shall be responsible for any action of their employees also and in case of violation pertaining to maintenance of secrecy and confidentiality of information or any unauthorised interception or monitoring or decryption of information, the intermediary or person in-charge of computer resources shall be liable for any action under the relevant provisions of the laws for the time being in force.</p>
<p style="text-align: justify; ">22. <b>Review of directions of competent authority.</b>— The Review Committee shall meet at least once in two months and record its findings whether the directions issued under Rule (3) are in accordance with the provisions of sub-section (2) of section 69 of the Act and where the Review Committee is of the opinion that the directions are not in accordance with the provisions referred to above, it may set aside the directions and issues order for destruction of the copies, including corresponding electronic record of the intercepted or monitored or decrypted information.</p>
<p>23. <b>Destruction of records of interception or monitoring or decryption of information</b>.—</p>
<p style="text-align: justify; ">(1) Every record, including electronic records pertaining to such directions for interception or monitoring or decryption of information and of intercepted or monitored or decrypted information shall be destroyed by the security agency in every six months except in a case where such information is required, or likely to be required for functional requirements.</p>
<p style="text-align: justify; ">(2) Save as otherwise required for the purpose of any ongoing investigation, criminal complain or legal proceedings, the intermediary or person in-charge of computer resources shall destroy records pertaining to directions for interception of information within a period of two months of discontinuance of the interception or monitoring or decryption of such information and in doing so they shall maintain extreme secrecy.</p>
<p><b> </b>24. <b>Prohibition of interception or monitoring or decryption of information without authorisation.</b>—</p>
<p style="text-align: justify; ">(1) Any person who intentionally or knowingly, without authorisation under Rule (3) or Rule (4), intercepts or attempts to intercept, or authorises or assists any other person to intercept or attempts to intercept any information in the course of its occurrence or transmission at any place within India, shall be proceeded against and punished accordingly under the relevant provisions of the laws for the time being in force.</p>
<p style="text-align: justify; ">(2) Any interception, monitoring or decryption of information in computer resource by the employee of an intermediary or person in-charge of computer resource or a person duly authorised by the intermediary, may be undertaken in course of his duty relating to the services provided by that intermediary, if such activities are reasonably necessary for the discharge his duties as per the prevailing industry practices, in connection with the following matters, namely--</p>
<p>(i) installation of computer resource or any equipment to be used with computer resource; or</p>
<p>(ii) operation or maintenance of computer resource; or</p>
<p style="text-align: justify; ">(iii) installation of any communication link or software either at the end of the intermediary or subscriber, or installation of user account on the computer resource of intermediary and testing of the same for its functionality;</p>
<p style="text-align: justify; ">(iv) accessing stored information from computer resource relating to the installation, connection or maintenance of equipment, computer resource or a communication link or code; or</p>
<p>(v) accessing stored information from computer resource for the purpose of--</p>
<p>(a) implementing information security practices in the computer resource;</p>
<p>(b) determining any security breaches, computer contaminant or computer virus;</p>
<p>(c) undertaking forensic of the concerned computer resource as a part of investigation or internal audit; or</p>
<p style="text-align: justify; ">(vi) accessing or analysing information from a computer resource for the purpose of tracing a computer resource of any person who has contravened, or is suspected of having contravened or being likely to contravene, any provision of the Act that is likely to have an adverse impact on the services provided by the intermediary.</p>
<p style="text-align: justify; ">(3) The intermediary or the person in-charge of computer resource and its employees shall maintain strict secrecy and confidentiality of information while performing the actions specified under sub-rule (2).</p>
<p>25. <b>Prohibition of disclosure of intercepted or monitored decrypted information.</b>—</p>
<p style="text-align: justify; ">(1) The contents of intercepted or monitored or stored or decrypted information shall not be used or disclosed by intermediary or any of its employees or person in-charge of computer resource to any person other than the intended recipient of the said information under Rule (10).</p>
<p style="text-align: justify; ">(2) The contents of intercepted or monitored or decrypted information shall not be used or disclosed by the agency authorised under Rule (4) for any other purpose, except for investigation or sharing with other security agency for the purpose of investigation or in judicial proceedings before the competent court in India.</p>
<p style="text-align: justify; ">(3) Save as otherwise provided in sub-rule (2), the contents of intercepted or monitored or decrypted information shall not be disclosed or reported in public by any means, without the prior order of the competent court in India.</p>
<p style="text-align: justify; ">(4) Save as otherwise provided in sub-rule (2), strict confidentiality shall be maintained in respect of direction for interception, monitoring or decryption issued by concerned competent authority or the nodal officers.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/resources/it-procedure-and-safeguards-for-interception-monitoring-and-decryption-of-information-rules-2009'>http://editors.cis-india.org/internet-governance/resources/it-procedure-and-safeguards-for-interception-monitoring-and-decryption-of-information-rules-2009</a>
</p>
No publisherjdineIT ActInternet Governance2013-07-06T01:51:58ZPageClarify and define terms in IT rules, panel tells govt.
http://editors.cis-india.org/news/the-hindu-april-1-2013-prashant-jha-clarify-and-define-terms-in-it-rules-panel-tells-govt
<b>In the wake of concerns that the government is increasingly using ambiguously-phrased terms in legal codes to crack down on online speech, the Parliament’s Committee on Subordinate Legislation has asked for greater clarity and definition on terms which can serve as grounds for restrictions. </b>
<hr />
<p>The article by Prashant Jha was <a class="external-link" href="http://www.thehindu.com/news/national/parliamentary-panel-seeks-clarity-in-it-rules/article4570291.ece">published in the Hindu</a> on April 1, 2013. Pranesh Prakash is quoted.</p>
<hr />
<p style="text-align: justify; ">In 2011, the government issued Intermediary Guidelines under Section 79 of the Information Technology (IT) Act. Rule 3 requires intermediaries – including Internet Service Providers (ISPs), web hosts, cyber cafes, blogging platforms, search engines and others – to inform users not to ‘host, display, upload, modify, publish, transmit or share information’ that is ‘grossly harmful, harassing, blasphemous, defamatory, obscene, pornographic, paedophilic, libellous, invasive of another’s privacy, hateful, or racially, ethnically objectionable, disparaging, or otherwise unlawful in any manner whatsoever.’ Any person aggrieved by the content can ask intermediaries to take it down, and if they do not do so within 36 hours, they can be legally liable.</p>
<p>‘<b>Remove ambiguities’</b></p>
<p style="text-align: justify; ">The committee has heeded the views of NGOs that these terms have not been defined either in the IT Act or the rules. In a report submitted on March 21, it has drawn the attention of the Ministry of Communication and IT to the ‘reported misuse’ of Section 66A of the IT Act in the absence of precise definitions, and said it was important to remove ‘ambiguities/misgivings in the minds of people.’</p>
<p style="text-align: justify; ">In its report, the committee, chaired by MP P. Karunakaran, suggested that the definition of those terms in other laws be incorporated in one place for the ‘convenience of reference’ of intermediaries and general public. It has added that those terms not mentioned in other laws be defined in a way that ‘no new category of crimes or offences is created in the process of delegated legislation.’ The committee said it expected the Ministry to have a fresh look at the guidelines and ‘make amendments to ensure there is no ambiguity.’</p>
<p style="text-align: justify; ">Highlighting the significance of the committee’s directive not to create new offences, Pranesh Prakash of the Centre for Internet and Society said that this was recognition that ‘many categories of speech prohibited by the Intermediary Guidelines Rules are not prohibited by the statute, and hence cannot be prohibited by the government through these rules.’</p>
<p>‘<b>Conflicting picture’</b></p>
<p style="text-align: justify; ">The committee has also pointed out that there was a ‘conflicting picture’ regarding the ‘legal enforceability’ of these guidelines. In its response, the Ministry told the committee that these are of ‘advisory’ nature; it is not ‘mandatory’ for the intermediary to disable information and this does not amount to ‘censorship.’ But the rules state the intermediary ‘shall act’ within 36 hours of complaint.</p>
<p style="text-align: justify; ">The committee said there was a need for ‘clarity on the aforesaid contradictions,’ particularly on the process of ‘take down of content,’ and install ‘safeguards to protect against any abuse during such process.’</p>
<p style="text-align: justify; ">Mr. Prakash of CIS said that this had exposed the ‘government’s Janus-faced stance on the issue of mandatory nature of these rules.’</p>
<p>
For more details visit <a href='http://editors.cis-india.org/news/the-hindu-april-1-2013-prashant-jha-clarify-and-define-terms-in-it-rules-panel-tells-govt'>http://editors.cis-india.org/news/the-hindu-april-1-2013-prashant-jha-clarify-and-define-terms-in-it-rules-panel-tells-govt</a>
</p>
No publisherpraskrishnaIT ActInternet Governance2013-04-03T10:02:33ZNews ItemParliament panel blasts govt over ambiguous internet laws
http://editors.cis-india.org/news/times-of-india-ishan-srivastava-march-28-2013-parliament-panel-blasts-govt-over-ambiguous-internet-laws
<b>The Parliamentary Standing Committee on Subordinate Legislation has come out with a report in which it has lambasted the government and asked it to make changes to IT rules that govern internet-related cases in India.</b>
<hr />
<p style="text-align: justify; ">This article by Ishan Srivastava was <a class="external-link" href="http://timesofindia.indiatimes.com/tech/tech-news/internet/Parliament-panel-blasts-govt-over-ambiguous-internet-laws/articleshow/19249667.cms">published in the Times of India</a> on March 28, 2013. Pranesh Prakash is quoted.</p>
<hr />
<p style="text-align: justify; "><span id="advenueINTEXT">It said in the report that multiple clauses in the laws had inherent ambiguity and that discrepancies exist in the government's stand on whether some rules are mandatory or only of advisory nature.</span><span id="advenueINTEXT"> </span></p>
<p style="text-align: justify; "><span id="advenueINTEXT">The committee said that inherent ambiguity of words like 'blasphemy' and `disparaging', among others, could lead to harassment of people as has happened with Section 66A of the IT Act repeatedly in recent times. Incidents include the arrest of two girls over 'liking' a <a href="http://timesofindia.indiatimes.com/topic/Facebook">Facebook</a> post and a defamation case against an individual for an 'offensive' tweet. It has also been used by multiple politicians to suppress voices of dissent by branding them as 'defamatory'.</span></p>
<p style="text-align: justify; "><span id="advenueINTEXT">These ambiguous terms are used in the Intermediary Guidelines rules, passed in April 2011, which the committtee said could lead to legitimate speech being removed. Also, the Standing Committee noted that many categories of speech prohibited by the Intermediary Guidelines rules were not prohibited by any statute, and hence could not be prohibited by the government through these rules. The Standing Committee has asked the government to ensure that "no new category of crimes or offences is created" by these rules.</span></p>
<p style="text-align: justify; "><span id="advenueINTEXT">The committee also said that discrepancies exist in the nature of implementation of these laws. While the government's stand is that Intermediary Guidelines are only "of advisory nature and self-regulation" and that "it is not mandatory for the Intermediary to disable the information", the wording of the laws suggest otherwise. In many of the laws, terms like "shall act" within 36 hours are used. The committee said that there was a "need for clarity on the aforesaid contradiction" and "safeguards to protect against any abuse" since it could lead to censorship.</span></p>
<p style="text-align: justify; "><span id="advenueINTEXT">"The government has told the Committee that the rules are for "self-regulation", but they in fact aren't. The rules dictate what content cannot be hosted. And our research found that intermediaries react to fake takedown requests too, just to avoid being liable for their users' content. This is not self-regulation, but government-mandated private censorship," said Pranesh Prakash, policy director at the Centre for Internet and Society (CIS). CIS is a Bangalore-based non-profit body looking at issues of public accountability, privacy, free expression, and openness, and has consistently argued that many parts of the IT Act are unconstitutional. </span></p>
<p style="text-align: justify; "><span id="advenueINTEXT">The committee also suggested that all evidence relating to foreign websites refusing to honour Indian laws should be made public and a public debate should be encouraged as the internet is a global phenomena. Recently there have been instances of issues between the <a href="http://timesofindia.indiatimes.com/topic/Indian-Government">Indian government</a> and tech giants like Facebook and <a href="http://timesofindia.indiatimes.com/topic/Google">Google</a> related to censorship and taking down of 'offensive' and 'defamatory' content.</span></p>
<p style="text-align: justify; "><span id="advenueINTEXT">While the government's stand is that Intermediary Guidelines are only "of advisory nature and self-regulation" and that "it is not mandatory for the Intermediary to disable the information," the wording of the laws suggest otherwise.</span></p>
<p>
For more details visit <a href='http://editors.cis-india.org/news/times-of-india-ishan-srivastava-march-28-2013-parliament-panel-blasts-govt-over-ambiguous-internet-laws'>http://editors.cis-india.org/news/times-of-india-ishan-srivastava-march-28-2013-parliament-panel-blasts-govt-over-ambiguous-internet-laws</a>
</p>
No publisherpraskrishnaFreedom of Speech and ExpressionIT ActInternet GovernanceCensorship2013-03-28T08:37:30ZNews ItemCIS Welcomes Standing Committee Report on IT Rules
http://editors.cis-india.org/internet-governance/blog/cis-welcomes-standing-committee-report-on-it-rules
<b>The Centre for Internet and Society welcomes the report by the Standing Committee on Subordinate Legislation, in which it has lambasted the government and has recommended that the government amend the Rules it passed in April 2011 under section 79 of the Information Technology Act.</b>
<hr />
<p style="text-align: justify; "><a class="external-link" href="http://www.prsindia.org/uploads/media/IT%20Rules/IT%20Rules%20Subordinate%20committee%20Report.pdf">Click to read</a> the Parliamentary Standing Committee Report on the IT Rules. A modified version was <a class="external-link" href="http://www.ciol.com/ciol/news/185991/cis-welcomes-panels-anti-govt-stand-it-rules">published in CiOL</a> on March 27, 2013.</p>
<hr />
<p style="text-align: justify; ">These rules have been noted by many, including CIS, Software Freedom Law Centre, and Society for Knowledge Commons, and many eminent lawyers, as being unconstitutional. The Standing Committee, noting this, has asked the government to make changes to the Rules to ensure that the fundamental rights to freedom of speech and privacy are safeguarded, and that the principles of natural justice are respected when a person’s freedom of speech or privacy are curtailed.</p>
<h3 style="text-align: justify; ">Ambiguous and Over-reaching Language</h3>
<p style="text-align: justify; ">The Standing Committee has noted the inherent ambiguity of words like "blasphemy", "disparaging", etc., which are used in the Intermediary Guidelines Rules, and has pointed out that unclear language can lead to harassment of people as has happened with Section 66A of the IT Act, and can lead to legitimate speech being removed. Importantly, the Standing Committee recognizes that many categories of speech prohibited by the Intermediary Guidelines Rules are not prohibited by any statute, and hence cannot be prohibited by the government through these Rules. Accordingly, the Standing Committee has asked the government to ensure "no new category of crimes or offences is created" by these Rules.</p>
<h3 style="text-align: justify; ">Government Confused Whether Rules Are Mandatory or Advisory</h3>
<p style="text-align: justify; ">The Standing Committee further notes that there is a discrepancy in the government’s stand that the Intermediary Guidelines Rules are not mandatory, and are only "of advisory nature and self-regulation", and that "it is not mandatory for the Intermediary to disable the information, the rule does not lead to any kind of censorship". The Standing Committee points out the flaw in this, and notes that the language used in the rules is mandatory language (“shall act” within 36 hours). Thus, it rightly notes that there is a "need for clarity on the aforesaid contradiction". Further, it also notes that there is "there should be safeguards to protect against any abuse", since this is a form of private censorship by intermediaries."</p>
<h3 style="text-align: justify; ">Evidence Needed Against Foreign Websites</h3>
<p style="text-align: justify; ">The government has told the Standing Committee that "foreign websites repeatedly refused to honour our laws", however, it has not provided any proof for this assertion. The government should make public all evidence that foreign web services are refusing to honour Indian laws, and should encourage a public debate on how we should tackle this problem in light of the global nature of the Internet.</p>
<h3 style="text-align: justify; ">Cyber Cafes Rules Violate Citizens’ Privacy</h3>
<p style="text-align: justify; ">The Standing Committee also pointed out that the Cyber Cafe Rules violated citizens’ right to privacy in requiring that "screens of the computers installed other than in partitions and cubicles should face open space of the cyber café". Unfortunately, the Standing Committee did not consider the privacy argument against retention of extensive and intrusive logs. Under the Cyber Cafe Rules, cyber cafes are required to retain (for a minimum of one year) extensive logs, including that of "history of websites accessed using computer resource at cyber café" in such a manner that each website accessed can be linked to a person. The Committee only considered the argument that this would impose financial burdens on small cybercafes, and rejected that argument. CIS wishes the Committee had examined the provision on log maintenance on grounds of privacy as well."</p>
<h3 style="text-align: justify; ">Government’s Half-Truths</h3>
<p style="text-align: justify; ">In one response, the government notes that "rules under Section 79 in particular have undergone scrutiny by High Courts in the country. Based on the Rules, the courts have given reliefs to a number of individuals and organizations in the country. No provision of the Rules notified under Sections 43A and 79 of the IT Act, 2000 have been held <i>ultra vires</i>."</p>
<p style="text-align: justify; ">What the government says is a half-truth. So far, courts have not struck down any of the IT Rules. But that is because none of the High Court cases in which the vires of the Rules have been challenged has concluded. So it is disingenuous of the government to claim that the Rule have "undergone scrutiny by High Courts". And in those cases where relief has been granted under the Intermediary Guidelines, the cases have been ex-parte or have been cases where the vires of the Rules have not been challenged. The government, if it wants to defend the Rules, should point out to any case in which the vires of the Rules have been upheld. Not a single court till date has declared the Rules to be constitutional when that question was before it.</p>
<h3 style="text-align: justify; ">Lack of Representation of Stakeholders in Policy Formulation</h3>
<p style="text-align: justify; ">Lastly, the Standing Committee noted that it is not clear whether the Cyber Regulatory Advisory Committee (CRAC), which is responsible for policy guidance on the IT Act, has "members representing the interests of principally affected or having special knowledge of the subject matter as expressly stipulated in Section 88(2) of the IT Act". This is a problem that we at CIS also noted in November 2012, when the CRAC was reconstituted after having been defunct for more than a decade.</p>
<p style="text-align: justify; ">CIS hopes that the government finally takes note of the view of legal experts, the Standing Committee on Delegated Legislation, the Parliamentary motion against the Rules, and numerous articles and editorials in the press, and withdraws the Intermediary Guidelines Rules and the Cyber Cafe Rules, and instead replaces them with rules that do not infringe our constitutional rights.</p>
<hr />
<p style="text-align: justify; "><i>The Centre for Internet and Society is a non-profit research organization that works on policy issues relating to freedom of expression, privacy, accessibility for persons with disabilities, access to knowledge and IPR reform, and openness, and engages in academic research on digital natives and digital humanities. It was among the organizations that submitted evidence to the Standing Committee on Subordinate Legislation on the IT Rules</i>.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/cis-welcomes-standing-committee-report-on-it-rules'>http://editors.cis-india.org/internet-governance/blog/cis-welcomes-standing-committee-report-on-it-rules</a>
</p>
No publisherpraneshIT ActPrivacyFreedom of Speech and ExpressionInternet GovernanceFeaturedCensorshipHomepage2013-04-03T10:54:52ZBlog Entry"All Indian Enterprises should Be Very Worried": Centre for Internet and Society
http://editors.cis-india.org/news/computer-world-india-feature-shubra-rishi-feb-25-2013-all-indian-enterprises-should-be-very-worried
<b>The DoT’s CERT team has successfully censored more than 70 URLs that didn’t particularly contain praises of IIPM. Amusingly, a URL containing a public notice issued by the University Grants Commission (UGC) in July 2012 was also blocked. </b>
<hr />
<p style="text-align: justify; ">This blog post by Shubhra Rishi was<a class="external-link" href="http://www.computerworld.in/feature/%E2%80%9Call-indian-enterprises-should-be-very-worried%E2%80%9D-centre-internet-and-society-75742013"> published</a> in Computer World on February 25, 2013. Pranesh Prakash is quoted.</p>
<hr />
<p style="text-align: justify; ">The chairman of the Indian Institute of Planning and Management (IIPM) is having a Barbara Streisand moment.<br /><br />The American entertainer Barbra Streisand, in 2003, attempted to suppress photographs of her residence, involuntarily and indirectly fuelling further publicity. Arindam Chaudhuri’s order from a Gwalior Court has unfortunately resulted in more or less the same.</p>
<p style="text-align: justify; ">The DoT’s CERT team has successfully censored more than 70 URLs that didn’t particularly contain praises of IIPM. Amusingly, a URL containing a public notice issued by the University Grants Commission (UGC) in July 2012 was also blocked. The UGC notice said that IIPM cannot be recognized as a university according to the provisions of a particular section.</p>
<p style="text-align: justify; ">So while this issue has managed to hold our attention, it has also fervently highlighted the misappropriation of section 69 of India’s Information Technology (IT) Act 2000. According to this act, if the Director of Controller is satisfied that it is necessary or expedient so, he/she may order or direct any agency of the Government to intercept any information transmitted through any computer resource.</p>
<p style="text-align: justify; ">In short, intercepting or blocking is counter-productive in today’s scenario and is often seen as a direct infringement of people’s online freedom. “The Constitution of India does not put so many restrictions on the freedom of speech and expression that IT Act puts under a particular section,” says cyber law expert, Pavan Duggal.</p>
<p style="text-align: justify; ">Legal experts are also of the opinion that several provisions of the IT Act are unconstitutional. “It does not have built-in safeguards, especially transparency-related ones, around surveillance and censorship. Censorship in India, especially under the IT (Intermediary Guidelines) Rules 2011, is completely opaque and results in invisible censorship, meaning that we don't even get to find out that censorship has happened and thus cannot challenge it,” says Pranesh Prakash, policy director, Centre for Internet and Society.<br /><br />In the past, independent activists such as Binayak Sen, Assem Trivedi, and Arundhati Roy, or even commoners such as Shaheen Dhadha have come under fire of the said Act.<br /><br />Frankly, if this loophole in the IT Act is not addressed, even Indian corporations could face a similar problem.<br /><br />“I believe all intermediaries (websites that host user content, and networks that carry user traffic among others) are threatened now. Their executives can be dragged to court without any protection; thanks to the broad wording of the IT (Intermediary Guidelines) Rules 2011, despite the IT Act itself granting them some protections. This is dangerous, and all Indian enterprises should be very worried,” says Prakash.</p>
<p style="text-align: justify; ">CorporateIndiawill have to tighten its belts. Despite the fact that the entire IT Act needs to be overhauled and employees need to be sensitized, currently, the first thing that corporate India needs to do is ensure that its operations in electronic format comply with the IT Act and its rules. “There's a lack of awareness about compliances in the corporate sector. Any kind of “jugaad” may not help a company get out of a potential exposure under the IT Act. An effective implementation of these compliances will relieve companies of the IT Act’s potential liabilities, both civil and criminal,” advises Duggal.<br /><br />So the Streisand effect in the IIPM case will slowly wear off, but the potential threat of the IT Act will continue to haunt enterprises.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/news/computer-world-india-feature-shubra-rishi-feb-25-2013-all-indian-enterprises-should-be-very-worried'>http://editors.cis-india.org/news/computer-world-india-feature-shubra-rishi-feb-25-2013-all-indian-enterprises-should-be-very-worried</a>
</p>
No publisherpraskrishnaIT ActInternet Governance2013-02-28T09:21:32ZNews ItemTV versus Social Media: The Rights and Wrongs
http://editors.cis-india.org/internet-governance/blog/sunday-tribune-january-20-2013-sunil-abraham-tv-vs-social-media
<b>For most ordinary Netizens, everyday speech on social media has as much impact as graffiti in a toilet, and therefore employing the 'principle of equivalence' will result in overregulation of new media.</b>
<hr />
<p style="text-align: justify; ">Sunil Abraham's guest column was <a class="external-link" href="http://www.tribuneindia.com/2013/20130120/edit.htm#2">published in the Tribune </a>on January 20, 2013.</p>
<hr />
<p style="text-align: justify; ">Many in traditional media, especially television, look at social media with a mixture of envy and trepidation. They have been at the receiving end of various unsavoury characters online and consequently support regulation of social media. A common question asked by television anchors is "shouldn't they be subject to the same regulation as us?" This is because they employ the 'principle of equivalence', according to which speech that is illegal on broadcast media should also be illegal on social media and vice versa. According to this principle, criticising a bandh on national TV or in a newspaper op-ed or on social media should not result in jail time and, conversely, publishing obscene content, in either new or old media, should render you a guest of the state.</p>
<p style="text-align: justify; ">Given that Section 66-A of the Information Technology Act, 2000, places more draconian and arguably unconstitutional limits on free speech when compared to the regulation of traditional and broadcast media, those in favour of civil liberties may be tempted to agree with the 'principle of equivalence' since that will mean a great improvement from status quo. However, we must remember that this compromise goes too far since potential for harm through social media is usually very limited when compared to traditional media, especially when it comes to hate speech, defamation and infringement of privacy. A Facebook update or 'like' or a tweet from an ordinary citizen usually passes completely unnoticed. On rare occasion, an expression on social media originating from an ordinary citizen goes viral and then the potential for harm increases dramatically. But since this is the fringe case we cannot design policy based on it. On the other hand, public persons (those occupying public office and those in public life), including television journalists, usually have tens and hundreds of thousands friends and followers on these social networks and, therefore, can more consistently cause harm through their speech online. For most ordinary Netizens, everyday speech on social media has as much impact as graffiti in a public or residential toilet and therefore employing the 'principle of equivalence' will result in overregulation of new media.</p>
<p style="text-align: justify; ">Ideally speech regulation should address the asymmetries in the global attention economy by constantly examining the potential for harm. This applies to both 'speech about' public persons and also 'speech by' them. Since 'speech about' public persons is necessary for transparent and accountable governance and public discourse, such speech must be regulated less than 'speech about' ordinary citizens. Let us understand this using two examples: One, a bunch of school kids referring to a classmate as an idiot on a social network is bullying, but citizens using the very same term to criticise a minister or television anchor must be permitted. Two, an ordinary citizen should be allowed to photograph or video-record the acts of a film or sports star at a public location and upload it to a social network, but this exception to the right of privacy based on public interest will not imply that the same ordinary citizen can publish photographs or videos of other ordinary citizens. Public scrutiny and criticism is part of the price to be paid for occupying public office or public life. If speech regulation is configured to prevent damage to the fragile egos of public persons, then it would have a chilling effect on many types of speech that are critical in a democracy and an open society.</p>
<p style="text-align: justify; ">When it comes to 'speech by' those in public office or in public life - given the greater potential for harm - they should be held more liable for their actions online. For example, an ordinary citizen with less than 100 followers causes very limited harm to the reputation of a particular person through a defamatory tweet. However, if the very same tweet is retweeted by a television anchor with millions of followers, there can be more severe damage to that particular person's reputation.</p>
<p style="text-align: justify; ">Many in television also wish to put an end to anonymous and pseudonymous speech online. They would readily agree with Nandan Nilekani's vision of tagging all - visits to the cyber cafe, purchases of broadband connections and SIM cards and, therefore, all activities from social media accounts with the UID number. I have been following coverage of the Aadhaar project for the past three years. Often I see a 'senior official from the UIDAI' make a controversial point. If anonymous speech is critical to protect India's identity project then surely it is an important form of speech. But, unlike the print media, which more regularly uses anonymous sources for their stories, television doesn't see clearly the connection between anonymous speech and free media. This is because many of the trolls that harass them online often hide behind pseudonymous identities. Television forgets that anonymous speech is at the very foundation of our democracy, i.e., the electoral ballot.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/sunday-tribune-january-20-2013-sunil-abraham-tv-vs-social-media'>http://editors.cis-india.org/internet-governance/blog/sunday-tribune-january-20-2013-sunil-abraham-tv-vs-social-media</a>
</p>
No publishersunilFreedom of Speech and ExpressionIT ActInternet GovernanceCensorship2013-01-21T03:09:56ZBlog EntryNo Civil Society Members in the Cyber Regulations Advisory Committee
http://editors.cis-india.org/internet-governance/blog/cyber-regulations-advisory-committee-no-civil-society
<b>The Government of India has taken our advice and reconstituted the Cyber Regulations Advisory Commitee. But there is no representation of Internet users, citizens, and consumers — only government and industry interests.</b>
<p>In multiple op-eds (<a href="http://cis-india.org/internet-governance/blog/india-broken-internet-law-multistakeholderism">Indian Express</a> and <a href="http://cis-india.org/internet-governance/blog/livemint-opinion-november-28-2012-pranesh-prakash-fixing-indias-anarchic-it-act">Mint</a>), I have pointed out the need for the government to reconstitute the "Cyber Regulations Advisory Committee" (CRAC) under section 88 of the Information Technology Act. That it be reconstituted along the model of the Brazilian Internet Steering Committee was also <a href="http://docs.google.com/viewer?url=www.iigc.in%2Fhtm%2F2.pdf">part of the suggestions that CIS sent to the government</a> after a <a href="http://www.thehindu.com/todays-paper/tp-national/tp-newdelhi/government-to-hold-talks-with-stakeholders-on-internet-censorship/article3860393.ece">meeting FICCI had convened along with the government on September 4, 2012</a>.</p>
<p>Section 88 requires that people "representing the interests principally affected" by Internet policy or "having special knowledge of the subject matter" be present in this advisory body. The main function of the CRAC is to advise the the Central Government "either generally as regards any rules or for any other purpose connected with this Act".</p>
<p>Despite this important function, the CRAC had — till November 2012 — only ever met twice, <a href="http://cis-india.org/internet-governance/resources/deity-response-to-rti-on-decisions-of-crac">both times in 2001</a>. The response to an RTI informed us that the body had never provided any advice to the government.</p>
<h2 id="government-not-serious">Government Not Serious</h2>
<p>The increasing pressure on the government for botching up Internet regulations has led it to reconstitute the CRAC. However, the list of members of the committee shows that the government is not serious about this committee representing "the interests primarily affected" by Internet policy.</p>
<p>Importantly, this goes against the express wish of the Shri Kapil Sibal, the Union Minister for Communications and IT, who has repeatedly stated that he believes that Internet-related policymaking should be an inclusive process. Most recently, at the 2012 Internet Governance Forum he stated that we need systems that are:</p>
<blockquote>
"collaborative, consultative, inclusive and consensual, for dealing with all public policies involving the Internet"
</blockquote>
<p>Interestingly, despite the Hon'ble Minster verbally inviting civil society organizations (on November 23, 2012) for a meeting of the CRAC that happened on November 25, 2012, the Department of Electronics and Information Technology refused to send us invitations for the meeting. This hints at a disconnect between the political and bureaucratic wings of the government, at least at some levels.</p>
<p>Interestingly, this isn't the first time this has been pointed out. Na. Vijayashankar was levelling similar criticisms against the CRAC <a href="http://www.naavi.org/cl_editorial/edit_18aug00_1.html">way back in August 2000</a> when the original CRAC was constituted.</p>
<h2 id="breakdown-by-stakeholder-groupings">Breakdown by Stakeholder Groupings</h2>
<p>While there is no one universal division of stakeholders in Internet governance, but four goups are widely recognized: governments (national and intergovernmental), industry, technical community, and civil society. Using that division, we get:</p>
<ul>
<li>Government - 15 out of 22 members</li>
<li>Industry bodies - 6 out of 22 members</li>
<li>Technical community / Academia - 1 out of 22 members</li>
<li>Civil society - 0 out of 22 members.</li>
</ul>
<h2 id="list-of-members-of-cyber-regulatory-advisory-committee">List of Members of Cyber Regulatory Advisory Committee</h2>
<p>The official notification <a href="http://deity.gov.in/sites/upload_files/dit/files/gazzate(1).pdf">(G.S.R. 827(E)) is available on the DEIT website</a> and came into force on November 16, 2012.</p>
<p>(Note: Names with <del>strikethroughs</del> have been removed from the CRAC since 2000, and those with <i>emphasis</i> have been added.)</p>
<ol>
<li>Minister, Ministry of Communication and Information Technology - Chairman</li>
<li><i>Minister of State, Ministry of Communications and Information Technology - Member</i></li>
<li>Secretary, Ministry of Communication and Information Technology, Department of Electronics and Information Technology - Member</li>
<li>Secretary, Department of Telecommunications - Member <br /><del>Finance Secretary - Member</del></li>
<li>Secretary, Legislative Department - Member</li>
<li><i>Secretary, Department of Legal Affairs - Member</i> <br /><del>Shri T.K. Vishwanathan, Presently Member Secretary, Law Commission - Member</del></li>
<li>Secretary, Ministry of Commerce - Member</li>
<li>Secretary, Ministry of Home Affairs - Member</li>
<li>Secretary, Ministry of Defence - Member</li>
<li>Deputy Governor, Reserve Bank of India - Member</li>
<li>Information Technology Secretary from the states by rotation - Member</li>
<li>Director, IIT by rotation from the IITs - Member</li>
<li>Director General of Police from the States by rotation - Member</li>
<li>President, NASSCOM - Member</li>
<li>President, Internet Service Provider Association - Member</li>
<li>Director, Central Bureau of Investigation - Member</li>
<li>Controller of Certifying Authority - Member</li>
<li>Representative of CII - Member</li>
<li>Representative of FICCI - Member</li>
<li>Representative of ASSOCHAM - Member</li>
<li><i>President, Computer Society of India - Member</i></li>
<li>Group Coordinator, Department of Electronic and Information Technology - Member Secretary</li>
</ol>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/cyber-regulations-advisory-committee-no-civil-society'>http://editors.cis-india.org/internet-governance/blog/cyber-regulations-advisory-committee-no-civil-society</a>
</p>
No publisherpraneshIT ActInternet GovernancePublic Accountability2013-01-09T17:56:57ZBlog EntryGovt likely to issue guidelines to clarify IT rules soon
http://editors.cis-india.org/news/livemint-december-16-2012-surabhi-agarwal-govt-likely-to-issue-guidelines-to-clarify-it-rules-soon
<b>Norms relate to the role of intermediaries such as telcos, Web service providers, others on hosting content online, writes Surabhi Agarwal. </b>
<hr />
<p>The article was first <a class="external-link" href="http://www.livemint.com/Home-Page/Nh4Bh1zyFjiCRPyTAilR3L/Govt-likely-to-issue-guidelines-to-clarify-IT-rules-soon.html">published</a> in LiveMint on December 16, 2012.</p>
<hr />
<p style="text-align: justify; ">After the government issued guidelines on the controversial Section 66A of the Information Technology Act, it is expected to soon come out with similar guidelines to clarify the Information Technology (Intermediaries Guidelines) Rules, 2011, that have also been heavily criticised.</p>
<p style="text-align: justify; ">A senior official of the department of electronics and information technology said that even though the government is not looking at amending the overall Act as the legislative process for that would be time consuming, it is hoping to issue guidelines within a week.</p>
<p style="text-align: justify; ">The rules were notified in April 2011 with the aim of clearly defining the role of intermediaries—including telcos, Internet and web-hosting service providers and search engines—while hosting content on their networks and websites along with ensuring some level of due diligence by them.</p>
<p style="text-align: justify; ">However, this led to outrage among the Internet community as the rules mandated hosts or owners of the websites to take action against “objectionable content” within 36 hours of receiving a complaint. Experts argued that the rules could lead to censorship attempts with some intermediaries complying with illegitimate requests to remove content from websites in a bid to avoid litigation.</p>
<p>The government official said that there had been some confusion about what it meant to take action within 36 hours.</p>
<p class="p" id="U1904108412963yXG" style="text-align: justify; ">“While the intent was to ensure that intermediaries take cognizance of the request and initiate some proceeding on it, it has been misconstrued as removing content within 36 hours in some cases,” this person said.</p>
<p class="p" style="text-align: justify; ">The official added that the government was looking at clarifying issues such as this. “We are currently studying the representations sent by different stakeholders on the rules.”<span class="person"></span><span class="person"><a href="http://www.livemint.com/Search/Link/Keyword/Subho%20Ray"></a></span></p>
<p class="p" style="text-align: justify; "><span class="person"><a href="http://www.livemint.com/Search/Link/Keyword/Subho%20Ray">Subho Ray</a></span>, president, Internet and Mobile Association of India (IAMAI), said that the term “act” should be replaced by “acknowledge” to ensure that it is not wrongly interpreted as removing content within 36 hours.</p>
<p class="p" style="text-align: justify; ">“We have also requested the time period to be extended to 72 hours as 36 hours is sometimes too short a period if it falls during the weekend,” he said.</p>
<p class="p" style="text-align: justify; ">While only some clauses address issues such as national interest, public order and security restrictions under which content can be removed, “the remainder of grounds includes private claims such as content which ‘belongs to another person’, or otherwise infringes proprietary rights, or is ‘defamatory’,” said Bangalore-based think tank Centre for Internet and Society (CIS) in its representation, of which <i>Mint</i> has a copy. Moreover, other terms, such as ‘grossly harmful’, ‘harassing’ and ‘disparaging’, are “terminologically indeterminate and purely subjective”, the representation said. It also said that “the intermediary guidelines create a two-track system by which private censorship is legitimized online”.</p>
<p class="p" style="text-align: justify; ">IAMAI’s recommendations include clearly defining who can qualify as the ‘affected person’ eligible to post a complaint on content, which has currently been left to the discretion and determination of the intermediary.</p>
<p class="p" style="text-align: justify; ">Ray’s representation also said the rules put the burden of interpretation and acting upon third-party content on the intermediary. “This, we believe is the function of the judiciary and not the intermediaries,” it said.</p>
<p class="p" style="text-align: justify; ">Guidelines, while bringing some initial clarity, may not be enough, said an executive at a top technology firm who did not want to be identified. “To ensure long-term solutions to some of the issues highlighted, the Act needs to be amended eventually,” he said.</p>
<p class="p" style="text-align: justify; ">Late last month, the government promised to issue guidelines to the states that complaints under the controversial Section 66A of the IT Act, which criminalizes “causing annoyance or inconvenience” online or electronically, can be registered only with the permission of an officer at or above the rank of deputy commissioner of police, and inspector general in metro cities. However, even in the case of Section 66A, it did not amend the terms in the Section that are said to be vague and subject to interpretation.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/news/livemint-december-16-2012-surabhi-agarwal-govt-likely-to-issue-guidelines-to-clarify-it-rules-soon'>http://editors.cis-india.org/news/livemint-december-16-2012-surabhi-agarwal-govt-likely-to-issue-guidelines-to-clarify-it-rules-soon</a>
</p>
No publisherpraskrishnaIT ActInternet Governance2012-12-20T05:24:14ZNews ItemHacktivists deface BSNL website
http://editors.cis-india.org/news/times-of-india-india-times-december-13-2012-kim-arora-hacktivists-deface-bsnl-website
<b>The Bharat Sanchar Nigam Limited (BSNL) website, www.bsnl.co.in, was hacked and defaced on Thursday afternoon.</b>
<hr />
<p style="text-align: justify; ">The article by Kim Arora was <a class="external-link" href="http://timesofindia.indiatimes.com/tech/tech-news/telecom/Hacktivists-deface-BSNL-website/articleshow/17603936.cms">published</a> in the Times of India on December 13, 2012. Sunil Abraham is quoted.</p>
<hr />
<p style="text-align: justify; ">A message on the home page said the attack was carried out by the hacktivist group, Anonymous India, as a protest against section 66 A of the <a href="http://timesofindia.indiatimes.com/topic/IT-Act">IT Act</a> and in support of cartoonist Aseem Trivedi, on an indefinite hunger strike at Jantar Mantar since Dec 8 for the same. The website was restored around 7 pm.</p>
<p style="text-align: justify; ">Trivedi said he had received a call from Anonymous around 1.30 in the afternoon informing him that the website has been defaced. On being asked if such a form of protest was valid, Trivedi said, "When the government doesn't pay heed to people's protests against its laws and arrests innocent people for Facebook posts, then such a protest is absolutely valid."</p>
<p style="text-align: justify; ">For most of the afternoon and early evening, the BSNL website wasn't available directly. A cached version of the BSNL home page showed an image of cartoonist Trivedi with text that read "Hacked by Anonymous India. support <a href="http://timesofindia.indiatimes.com/topic/Aseem-trivedi">Aseem trivedi</a> (cartoonist) and alok dixit on the hunger strike. remove IT Act 66a databases of all 250 bsnl site has been d Hacked by Anonymous India (sic)". While this message was repeated over and over on the page, it ended with the line "Proof are (sic) here" followed by a link to a page containing the passwords to BSNL databases. BSNL officials were unaware of the attack until Thursday evening.</p>
<p style="text-align: justify; ">Late in the evening, Anonymous India tweeted from their account @opindia_revenge: "BSNL Websites hacked, passwords and database leaked... Anonymous India demands withdrawal of Sec 66A of IT Act." <br /><br /> In an open letter to the Government of India posted on alternate media website Kafila in June this year, Anonymous had explained they only carried out <a href="http://timesofindia.indiatimes.com/topic/Distributed-Denial-of-Service">Distributed Denial of Service</a> (DDoS) attacks on Indian government websites, which is different from the act of hacking per se.</p>
<p class="callout" style="text-align: justify; ">Contrary views too exist. Sunil Abraham, executive director, <a href="http://timesofindia.indiatimes.com/topic/Centre-for-Internet-and-Society">Centre for Internet and Society</a>, says the attack was unwarranted. "Speech regulation in India is not a lost cause, the Minister is holding consultations, MPs are raising the issue in Parliament, courts have been approached and there is massive public outcry on social media. Therefore I would request Anonymous India to desist from defacing websites," said Abraham. A group of MPs, including Baijayant Jay Panda from Odisha, are scheduled to present a motion in Parliament on Friday morning for the amendment of section 66A of the IT Act.</p>
<p style="text-align: justify; ">Last month, two young girls were arrested in Palghar, Maharashtra, for criticizing on Facebook the bandh that followed the death of Shiv Sena supremo Balasaheb Thackeray. Before that, Karti Chidambaram, son of finance minister P Chidambaram, took a man to court for commenting on his financial assets on Twitter. In both cases, the complainant 'used' section 66 A of the IT Act. The section and the Act have since come in for wide debate regarding freedom of speech.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/news/times-of-india-india-times-december-13-2012-kim-arora-hacktivists-deface-bsnl-website'>http://editors.cis-india.org/news/times-of-india-india-times-december-13-2012-kim-arora-hacktivists-deface-bsnl-website</a>
</p>
No publisherpraskrishnaIT ActSocial MediaFreedom of Speech and ExpressionPublic AccountabilityCensorship2012-12-14T05:20:56ZNews Item66A ‘cut & paste job’
http://editors.cis-india.org/news/telegraphindia-december-3-2012-gs-mudur-66a-cut-and-paste-job
<b>The controversial Section 66A of the Information Technology Act has borrowed words out of context from British and American laws, according to lawyers here who are calling it a “poor cut-and-paste job”.</b>
<hr style="text-align: justify; " />
<p style="text-align: justify; ">GS Mudur's article was <a class="external-link" href="http://www.telegraphindia.com/1121203/jsp/frontpage/story_16268138.jsp#.UMbCXaxWGZR">published in the Telegraph</a> on December 3, 2012. Pranesh Prakash and Snehashish Ghosh are quoted.</p>
<hr style="text-align: justify; " />
<p style="text-align: justify; ">Section 66A, passed by Parliament in December 2008, draws on laws passed in the UK in 1988 and 2003 and the US in 1996. But some lawyers say that, unlike 66A, those foreign laws impose only reasonable restrictions on freedom of speech.<br /><br />"The text of 66A seems to be the result of a cut-and-paste job done without applying the mind," said Snehashish Ghosh, a lawyer with the Centre for Internet and Society (CIS), a non-government organisation in Bangalore.<br /><br />Some of the language in Section 66A is taken from Britain’s Malicious Communications Act (MCA) of 1988, which begins with the words: "Any person who sends to another person...."<br /><br />This provision in MCA 1988, Ghosh said, is intended to curb malicious messages from one person to another. "It does not cover a post on a social website or an electronic communication broadcast to the world."<br /><br />Section 66A has also borrowed words from Britain’s Communications Act of 2003 which, Ghosh said, is intended to prevent abuse of public communication services and does not directly deal with messages sent by individuals.<br /><br />Government officials have said that 66A has also plucked language from the US Telecommunications Act of 1996.<br /><br />This was a landmark legislation that overhauled America’s telecommunication law by taking into account the emergence of the Internet and changing communications technologies. Among other things, it made illegal the transmission of obscene or indecent material to minors via computers.<br /><br />"Section 66A in its current form fails to define a specific category (context) as defined in the laws from where it has borrowed words," Ghosh said. "This is what has led to its inconsistent and arbitrary applications."<br /><br />Ghosh and his colleagues say that 66A, through an "absurd" combination of borrowed and ambiguous language, curbs freedom of expression and threatens people with three years’ imprisonment for certain offences that would otherwise, under existing Indian Penal Code (IPC) provisions, draw a fine of only Rs 200.<br /><br />Section 66A(b), for example, clubs together the offences of persistently repeated communications that might lead to "annoyance", "inconvenience", "danger", "insult", "injury", "criminal intimidation", "enmity", "hatred", and "ill-will".<br /><br />This is "astounding and unparalleled", said Pranesh Prakash, policy director at the CIS, who has posted an analysis of Section 66A on the NGO’s institutional blog.<br /><br />"We do not have such a provision anywhere but in India’s information technology law."<br /><br />This is “akin to... providing equal punishment for calling someone a moron (insult) and threatening to kill someone (criminal intimidation),” Prakash wrote in the blog, where he has listed existing IPC provisions that can deal with the offences that 66A seeks to cover.<br /><br />Lawyers have also questioned 66A’s effect of criminalising what the existing IPC would label as civil offences. For example, Prakash said, while the punishment under IPC for criminal nuisance is Rs 200, the penalty imposed by 66A is jail for up to three years.<br /><br />Several sections in the IPC, they said, can effectively address offences that 66A attempts to address exclusively for electronic communications. For example, the IPC has sections for defamation (499 and 500), outraging religious sentiments (295) and obscenity (292).<br /><br />"We do not require extraordinary laws when existing laws suffice," Ghosh said.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/news/telegraphindia-december-3-2012-gs-mudur-66a-cut-and-paste-job'>http://editors.cis-india.org/news/telegraphindia-december-3-2012-gs-mudur-66a-cut-and-paste-job</a>
</p>
No publisherpraskrishnaIT ActInternet Governance2012-12-11T05:43:50ZNews ItemDebate on Section 66A rages on
http://editors.cis-india.org/news/the-hindu-sci-tech-internet-december-10-2012-vasudha-venugopal-debate-on-section-66a
<b>Last week, a reputed BPO in Chennai took down its Facebook page and introduced stricter moderation for posts on its bulletin board. </b>
<hr />
<p style="text-align: justify; ">Vasudha Venugopal's article was <a class="external-link" href="http://www.thehindu.com/sci-tech/internet/debate-on-section-66a-rages-on/article4181938.ece">published in the Hindu</a> on December 10, 2012. Pranesh Prakash is quoted.</p>
<hr />
<p style="text-align: justify; ">The measure, an official said, was aimed at avoiding any "callous remark by any employee." "We have discussions on many raging topics here, and we are just making sure the content is clean with no intended defamation."</p>
<p style="text-align: justify; ">The need to present only ‘unobjectionable content’ is just one off-shoot of a controversy that has gripped the country after at least five persons were arrested in recent months for posting their views online. But what started as an outcry by a few voices against the IT Act has now turned into a campaign against the constitutional validity of the Act itself. Last week also saw concerted protests to demand the repeal of Section 66A of the IT Act, under which most of the accused were booked. Human chains and protests were conducted in Chennai, Bangalore, Pune, Hyderabad, Guntur, Kakinada, Vijaywada, Visakhapatnam, Pune, Kozhikode and Kannur, among others.</p>
<p class="body" style="text-align: justify; ">In the past few months, the debate on the use of Section 66A in particular, and the Act in general, has gathered momentum. The arrests of Jadavpur University professor Ambikesh Mahapatra for circulating a cartoon lampooning West Bengal Chief Minister Mamata Banerjee; cartoonist Aseem Trivedi; businessman Ravi Srinivasan for tweets against Union Finance Minister P. Chidambaram’s son Karti Chidambaram; and the two girls in Maharashtra for criticising the bandh after Shiv Sena leader Bal Thackeray’s death have sparked popular anger.</p>
<p class="body" style="text-align: justify; ">“Public anger and media attention have been so strong that the government has been forced to retreat, which is a good first step,” says Alagunambi Welkin, president of the Free Software Foundation Tamil Nadu, which organised the protests in Chennai. "The next step would be to plug the loopholes in the IT Act. After all, this same government has declared in various international forums that it is all for promoting openness online."</p>
<p class="body" style="text-align: justify; ">Activists say that along with the increased pressure on the government, collecting information on cases of the misuse of the Act are the tasks that have to be fulfilled immediately. Human rights activist A. Marx, who has filed a public interest litigation petition against Section 66A, says the selective application of the law is very troubling. From a broader perspective though, this is also an issue of global proportions. Recently, a man in the U.K. was jailed for 18 months after he was found guilty of posting abusive messages on an online memorial. In July this year, a young Moroccan was arrested in Casablanca on the charge of posting “insulting caricatures of the Prophet Mohammed on Facebook.”</p>
<p class="body" style="text-align: justify; ">As recently as Tuesday, a Shenzen resident was arrested for posting a letter online, accusing a senior village official of corruption, and last week, a man in Kent was arrested for posting an image of a burning poppy on a social network site.</p>
<p class="body" style="text-align: justify; ">However, Pranesh Prakash, policy director, Centre For Internet And Society, Bangalore, notes that the more problematic parts in India’s laws are ones that result from adaptation. India’s own adaptation of the U.K. law, for instance, considerably increases punishment from six months to three years. However, if it is any consolation, there are voices worldwide being raised on this issue. Till last week, Google’s search page had a message: "Love the free and open Internet? Tell the world’s governments to keep it that way," and a link for comments directed to the Dubai conference, which will see a wide-ranging discussions and key decisions on global internet governance.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/news/the-hindu-sci-tech-internet-december-10-2012-vasudha-venugopal-debate-on-section-66a'>http://editors.cis-india.org/news/the-hindu-sci-tech-internet-december-10-2012-vasudha-venugopal-debate-on-section-66a</a>
</p>
No publisherpraskrishnaIT ActInternet GovernancePublic Accountability2012-12-10T09:44:31ZNews Item