Centre for Internet and Society

Why the TikTok ban is worrying

gurshabad — 2019-05-05T10:11:28Z

Rather than critically examining the infringement of liberties by the political executive, the Indian courts are becoming an additional threat to the right to freedom of expression, which we must be increasingly wary of.

The article by Gurshabad Grover was published in Hindustan Times on May 2, 2019.

In a span of less than two weeks, the Madras High Court has imposed and lifted a ban on the TikTok mobile application, an increasingly popular video and social platform. While rescinding the ban is welcome, the events tell a worrying tale of how the courts can arbitrarily censor online expression with little accountability.

On April 3, the Madras High Court heard a public interest litigation petitioning for the TikTok mobile app to be banned in India because it was “encouraging pornography”, “degrading culture”, “causing paedophiles”, spreading “explicit disturbing content” and causing health problems for teenagers. It is difficult to establish the truth of these extreme claims about content on the platform that has user generated content, but the court was confident enough to pass wide ranging interim orders on the same day without hearing ByteDance, the company that operates the Tik Tok app.

The interim order had three directives. First, the Madras High Court ordered the government to prohibit the downloading of the app. Second, it restricted the media from broadcasting videos made using the app. Third, it asked the government to respond about whether it plans to enact legislation that would protect children’s online privacy. While the third directive poses an important question to the government that merits a larger discussion, the first two completely lacked a legal rationale. The court order also implied that the availability of pornography on the platform was problematic, even though it is not illegal to access pornography in India.

Appallingly, the order makes no mention at all of the most pertinent legal provision: Section 79 of the Information Technology (IT) Act and the rules issued under it, which form the liability regime applicable to intermediaries (online services). The intermediary liability rules in India generally shield online platforms from liability for the content uploaded to their platform as long as the company operating is primarily involved in transmitting the content, complies with government and court orders, and is not abetting illegal activity. It is this regime that has ensured that online platforms are not hyperactively censoring expression to avoid liability, and has directly supported the proliferation of speech online.

The courts do have some powers of online censorship under the provision, which they have used many times in the past. They have the authority to decide on questions of whether certain content violates law and then direct intermediaries to disable access to that specific content. Such a legal scenario was certainly not the case before the Madras High Court. We can also be sure that the app stores run by Apple and Google, on which TikTok is available, were not the intermediaries under consideration here (which would also be problematic in its own ways) since the interim order makes no mention of them. So, despite the fact that the court’s order had no clear jurisdiction and legal basis, Apple and Google were ordered by the government to remove TikTok from their respective mobile app stores for India.

ByteDance Technology appealed to the Supreme Court of India to rescind the ban, arguing that they qualify as intermediaries under the IT Act and should not face a blanket ban as a repercussion of allegedly problematic content on their platform. The Supreme Court refrained from staying the problematic Madras High Court interim order, but decided that the ban on the app will be lifted by April 24 if the case wasn’t decided by then. On April 24, sense finally prevailed when the High Court decided to take the interim directive back.

Admittedly, popular online platforms can create certain social problems. TikTok has faced bans elsewhere and was fined by the Federal Trade Commission in the United Sates for collecting information on its users who were below the age of 13. There is no debate that the company is legally bound to follow the rules issued under the IT Act, be responsive to legally valid government and court orders, and should strictly enforce their community guidelines that aim to create a safe environment for the young demographic that forms a part of its user base. However, a ban is a disproportionate move that sends signals of regulatory uncertainty, especially for technology companies trying to break into an increasingly consolidated market. The failure of the government to enact a law that protects children’s privacy also cannot be considered a legitimate ground for a ban on a mobile app.

Perhaps most importantly, the interim court order adds yet another example to the increasing number of times the judiciary has responded to petitions by passing censorship orders that have no basis in law. As constitutional scholar Gautam Bhatia has pointed out, we are faced with the trend of “judicial censorship” wherein the judiciary is exercising power without accountability in ways not envisioned by the Constitution. Rather than critically examining the infringement of liberties by the political executive, the Indian courts are becoming an additional threat to the right to freedom of expression, which we must be increasingly wary of.

For more details visit http://editors.cis-india.org/internet-governance/blog/hindustan-times-may-2-2019-gurshabad-grover-why-the-tik-tok-ban-is-worrying

To preserve freedoms online, amend the IT Act

gurshabad — 2019-04-16T10:09:41Z

Look into the mechanisms that allow the government and ISPs to carry out online censorship without accountability.

The article by Gurshabad Grover was published in the Hindustan Times on April 16, 2019.

The issue of blocking of websites and online services in India has gained much deserved traction after internet users reported that popular services like Reddit and Telegram were inaccessible on certain Internet Service Providers (ISPs). The befuddlement of users calls for a look into the mechanisms that allow the government and ISPs to carry out online censorship without accountability.

Among other things, Section 69A of the Information Technology (IT) Act, which regulates takedown and blocking of online content, allows both government departments and courts to issue directions to ISPs to block websites. Since court orders are in the public domain, it is possible to know this set of blocked websites and URLs. However, the process is much more opaque when it comes to government orders.

The Information Technology (Procedure and Safeguards for Blocking for Access of Information by Public) Rules, 2009, issued under the Act, detail a process entirely driven through decisions made by executive-appointed officers. Although some scrutiny of such orders is required normally, it can be waived in cases of emergencies. The process does not require judicial sanction, and does not present an opportunity of a fair hearing to the website owner. Notably, the rules also mandate ISPs to maintain all such government requests as confidential, thus making the process and complete list of blocked websites unavailable to the general public.

In the absence of transparency, we have to rely on a mix of user reports and media reports that carry leaked government documents to get a glimpse into what websites the government is blocking. Civil society efforts to get the entire list of blocked websites have repeatedly failed. In response to the Right to Information (RTI) request filed by the Software Freedom Law Centre India in August 2017, the Ministry of Electronics and IT refused to provide the entire of list of blocked websites citing national security and public order, but only revealed the number of blocked websites: 11,422.

Unsurprisingly, ISPs do not share this information because of the confidentiality provision in the rules. A 2017 study by the Centre for Internet and Society (CIS) found all five ISPs surveyed refused to share information about website blocking requests. In July 2018, the Bharat Sanchar Nagam Limited rejected the RTI request by CIS which asked for the list of blocked websites.

The lack of transparency, clear guidelines, and a monitoring mechanism means that there are various forms of arbitrary behaviour by ISPs. First and most importantly, there is no way to ascertain whether a website block has legal backing through a government order because of the aforementioned confidentiality clause. Second, the rules define no technical method for the ISPs to follow to block the website. This results in some ISPs suppressing Domain Name System queries (which translate human-parseable addresses like ‘example.com’ to their network address, ‘93.184.216.34’), or using the Hypertext Transfer Protocol (HTTP) headers to block requests. Third, as has been made clear with recent user reports, users in different regions and telecom circles, but serviced by the same ISP, may be facing a different list of blocked websites. Fourth, when blocking orders are rescinded, there is no way to make sure that ISPs have unblocked the websites. These factors mean that two Indians can have wildly different experiences with online censorship.

Organisations like the Internet Freedom Foundation have also been pointing out how, if ISPs block websites in a non-transparent way (for example, when there is no information page mentioning a government order presented to users when they attempt to access a blocked website), it constitutes a violation of the net neutrality rules that ISPs are bound to since July 2018.

While the Supreme Court upheld the legality of the rules in 2015 in Shreya Singhal vs. Union of India, recent events highlight how the opaque processes can have arbitrary and unfair outcomes for users and website owners. The right to access to information and freedom of expression are essential to a liberal democratic order. To preserve these freedoms online, there is a need to amend the rules under the IT Act to replace the current regime with a transparent and fair process that makes the government accountable for its decisions that aim to censor speech on the internet.

For more details visit http://editors.cis-india.org/internet-governance/blog/hindustan-times-april-16-2019-gurshabad-grover-to-preserve-freedoms-online-amend-it-act

The Huawei bogey

gurshabad — 2019-06-05T03:38:19Z

India needs to prove company aids Chinese government, or risk playing into US hands.

The article by Gurshabad Grover was published in Indian Express on May 30, 2019.

The Trump administration has not only passed orders restricting the US government and its departments from procuring networking equipment from Chinese companies, but is exerting considerable pressure on other countries to follow suit. The fear that Huawei and ZTE will aid Chinese espionage and surveillance operations has become common even though there has been no compelling evidence to suggest that Huawei’s equipment is substantively different from its competitors.

These events have also sparked a larger debate about the security of India’s communications infrastructure, an industry powered by foreign imports. Commentators have not shied away from suggesting that India ban the import of network equipment. C Raja Mohan, in ‘The tech wars are here’ (IE, December 11, 2018), expressed these concerns and asked whether Chinese telecom equipment manufacturers should be allowed to operate in India. A larger point was made by D S Hooda in his piece, ‘At digital war’ (IE, October 25, 2018). He pointed out threats that arise from using untrusted software and hardware all over the stack: From Chinese networking middleboxes to American operating systems and media platforms. As a method to establish trust in ICT infrastructure, Hooda recommends “indigenis[ing] our cyber space”.

The path towards indigenised manufacturing of networking equipment is an expensive, elaborate process. Restricting certain foreign companies from operating in the country without evidence would be a knee-jerk reaction solely based on cues from US policy, and would undermine India’s strategic autonomy.

At the heart of threats from untrusted software or hardware, lies an information asymmetry between the buyer and seller. It is not always possible to audit the functioning of every product that you purchase. Open technical standards, developed by various standards development organisations (SDOs), govern the behaviour of networking software, and remove this information asymmetry: They allow buyers to glean or implicitly trust operational and security aspects of the equipment.

It is clear that various governments including India have repeatedly failed to advance privacy and security in the 5G standards, which are developed at the 3rd Generation Partnership Project (3GPP) — the organisation developing standards for telephony. Government and industry dominance at the 3GPP has ensured that telecom technologies include security vulnerabilities that are euphemistically termed as “lawful interception”. From an architectural perspective, 5G does not contain any significant vulnerabilities that were absent in older telecom standards. Unfortunately, these vulnerabilities are indifferent to those who exploit them: A security exception for law enforcement is tantamount to a security vulnerability for malicious actors. As the report from UK’s Huawei Cyber Security Evaluation Centre Oversight Board confirmed, there is perhaps no technical way to mitigate the security risks that 5G poses now. But there is still no evidence to suggest that Huawei is operating differently from say Ericsson or Nokia.

India needs to establish that Huawei is aiding the Chinese government through their products (5G or otherwise) before reacting. That Chinese companies are rarely insulated from Beijing’s influence is indisputable. However, the legal requirements placed on Chinese companies by Beijing are equivalent to de facto practices of countries like the US, which has a history of intercepting equipment from American companies to introduce vulnerabilities, or directly compelling them to aid intelligence operations. Such influence should be fought back by pushing for international norms that prevent states from acquiring data from companies en masse, and domestic data protection legislation.

In the long term, the Indian government and its defence wings would benefit from understanding the argument Lawrence Lessig has made since the 1990s: Decisions of technical architecture have far-reaching regulatory effects. A long-term strategy that focuses on advancing security at technical SDOs will prove more effective in ensuring the security of India’s critical infrastructure than the economically expensive push for indigenisation.

For more details visit http://editors.cis-india.org/telecom/blog/indian-express-may-30-2019-gurshabad-grover-the-huawei-bogey

Technology researcher (Internet governance and standards)

gurshabad — 2020-01-21T13:31:07Z

The Centre for Internet and Society is looking to hire a technologist to work across multiple teams in the organisation.

The Centre for Internet and Society is looking to hire a technologist to work across multiple teams in the organisation.

Roles and Responsibilities
The responsibilities of the person will be split across two projects. The first responsibility will be to engage at the Internet Engineering Task Force (IETF), and advance security and privacy in the standards under development at the forum. The role will primarily include analysing and writing about network protocols. The second responsibility will be contributing to CIS’ work on digital identity. The role will require studying information architectures and cybersecurity concerns around the use of technological choices in digital identity. The work will involve a survey of technological options in digital identity systems, their critical appraisal, and working on a decision guide on how to make inclusive, secure and privacy enhanced choices for digital identity systems. Other responsibilities will include occasionally supporting the cybersecurity team at CIS with technical inputs.

The contract will be till December 2020, with the possibility of further extension.

Indicative requirements

Working knowledge of computer networks and cryptography
A degree in computer science and engineering or equivalent is preferred
Demonstrated experience in writing on technical topics
Strong interpersonal skills and ability to work with multiple stakeholders
Ability to collaborate remotely

Location
Bangalore/Delhi

Compensation
Based on experience and educational qualifications

Application
Please send an email to Gurshabad Grover (Research Manager, Internet Governance) at gurshabad [at] cis-india.org with: (i) a brief cover letter; (ii) a resume/CV; (iii) two writing samples, preferably relating to computer networks/cryptography/technology policy; (iv) contact information of two references. Women and individuals from under-represented communities are specifically encouraged to apply.

For more details visit http://editors.cis-india.org/jobs/staff-technologist-internet-governance-and-standards

RTI Application to BSNL for the list of websites blocked in India (PDF)

gurshabad — 2019-05-09T09:21:06Z

For more details visit http://editors.cis-india.org/internet-governance/resources/rti-application-to-bsnl-for-the-list-of-websites-blocked-in-india-pdf

RTI Application to BSNL for the list of websites blocked in India

gurshabad — 2019-05-09T09:43:54Z

A Right to Information (RTI) request to a public company operating as an ISP for the list of websites and URLs blocked in India, and copies of such blocking orders issued by the Government of India.

Background

The Government of India draws powers from Section 69A of the Information Technology (IT) Act and the rules issued under it to order Internet Service Providers (ISPs) to block websites and URLs for users. Several experts have questioned the constitutionality of the process laid out in the Information Technology (Procedure and Safeguards for Blocking for Access of Information by Public) Rules, 2009 (hereinafter, “the rules”) [1] since Rule 16 in the regulations allows blocking of websites by the Government and ISPs in secrecy, as it mandates all such orders to be maintained confidentially.

Thus, the law sets up a structure where it is impossible to know the complete list of websites blocked in India and the reasons thereof. Civil society and individual efforts have repeatedly failed to obtain this list. For instance, the Software Freedom Law Centre (SFLC), in August 2017, asked the Ministry of Electronics and Information Technology (MeitY) for the number and list of websites and URLs that are blocked in India. In response, MeitY revealed the number of blocked websites and URLs: 11,422. MeitY refused to share the list of websites blocked by Government orders citing the aforementioned confidentiality provision in the rules (and subsequently citing national security when MeitY’s reply was appealed against by SFLC). In 2017, researchers at the Centre for Internet and Society (CIS) contacted five ISPs, all of which refused to share information about website blocking requests.

Application under the Right to Information (RTI) Act

In a more recent request filed by under the Right to Information (RTI) Act in June 2018, Akash Sriram (who worked at the Centre for Internet and Society) tried to obtain this information from Bharat Sanchar Nagam Limited (BSNL), a public company which operates as an ISP.

The text of the request of the RTI request is reproduced here:

To
Manohar Lal, DGM(Cordn), Bharat Sanchar Nigam Limited
Room No. 306, Bharat Sanchar Bhawan, H.C.Mathur Lane
Janpath, New Delhi, PIN 110001

Subject: Seeking of Information under RTI Act 2005

Sir,
Kindly arrange to provide the following information under the provisions of RTI Act:

What are the names and URLs of websites currently blocked by government notification in India?

Please provide copies of blocking orders issued by the Department of Telecommunications, Ministry of Communications and other competent authorities to block such websites.

Thanking you
Yours faithfully

Akash Sriram
Centre for Internet and Society

BSNL refused to respond to the request citing sections 8(e) and 8(g) of the RTI Act. Their response is reproduced below.

The Information sought vide above reference cannot be disclosed vide clause 8(e) and 8(g) of the RTI act which states.

"8(e) - Information, available to a person in his fiduciary relationship, unless the competent authority is satisfied that the larger public interest warrants the disclosure of such information"

“8(g) - Information, the disclosure of which would endanger the life or physical safety of any person or identify the source of information or assistance given in confidence for law enforcement or security purposes"

This is issued with the approval of competent authority.

A PDF of the response can be accessed here.

[1] Note that in Shreya Singhal v. Union of India, the Supreme Court upheld the legality of the rules.

For more details visit http://editors.cis-india.org/internet-governance/blog/rti-application-to-bsnl-for-the-list-of-websites-blocked-in-india

Response to TRAI Consultation Paper on Regulatory Framework for Over-The-Top (OTT) Communication Services

gurshabad — 2019-01-11T16:01:09Z

This submission presents a response to the Telecom Regulatory Authority of India’s Consultation Paper on Regulatory Framework for Over-The-Top (OTT) Communication Services.

Click here to view the submission (PDF).

This submission presents a response by Gurshabad Grover, Nikhil Srinath and Aayush Rathi (with inputs from Anubha Sinha and Sai Shakti) to the Telecom Regulatory Authority of India’s “Consultation Paper on Regulatory Framework for Over-The-Top (OTT) Communication Services (hereinafter “TRAI Consultation Paper”) released on November 12, 2018 for comments. CIS appreciates the continual efforts of Telecom Regulatory Authority of India (TRAI) to have consultations on the regulatory framework that should be applicable to OTT services and Telecom Service Providers (TSPs). CIS is grateful for the opportunity to put forth its views and comments.

Addendum: Please note that this document differs in certain sections from the submission emailed to TRAI: this document was updated on January 9, 2019 with design and editorial changes to enhance readability. The responses to Q5 and Q9 have been updated. This updated document was also sent to TRAI.

For more details visit http://editors.cis-india.org/internet-governance/blog/response-to-trai-consultation-paper-on-regulatory-framework-for-over-the-top-ott-communication-services

Regulating the Internet

gurshabad — 2018-12-20T00:29:06Z

For more details visit http://editors.cis-india.org/internet-governance/files/regulating-the-internet

Programme Associate (Graphic designer)

gurshabad — 2020-05-12T16:01:42Z

The Centre for Internet & Society (CIS) is seeking applications for the position of Programme Associate (Graphic designer), to support its Access to Knowledge (CIS-A2K) Programme. In keeping with efforts within the larger Wikimedia movement in encouraging an inclusive workplace and addressing issues of gender disparity Women applicants are encouraged for this position, however this position for anyone to apply.

Context of the CIS-A2K programme

As an affiliate of the Wikimedia Foundation, the nonprofit behind Wikipedia and it’s sister projects, we design and implement different initiatives with an aim to create high-quality content and bring new contributors to Wikimedia projects in Indian languages. The initiatives are premised on various themes and seek to create a multilingual repository of knowledge using Wikimedia projects as a platform. You are encouraged to carefully read through the CIS-A2K work plan before making the application. You will work cohesively with the Wikimedia community and the Wikimedia India communities to meet the specific goals of each language community in India. You will be a part of a small team of 5 to 10 members doing high visibility and high impact work. Please learn more about CIS-A2K here.

Position summary

CIS-A2K is looking for an ideal candidate who will help the program as a graphic designer, the work will include creating and preparing graphic content such as images, media files etc related to the A2K programme. This will be a full-time position, based at the CIS office in Bengaluru. and. The designation will be Programme Associate (PA)

Responsibilities

Creating images, posters, banners, infographics, and other promotional materials for events and announcements, which will be circulated on social media channels and used in reports.
Strategising and designing reports (progress reports, impact reports, and proposal forms), and newsletters, to make them more accessible.
Helping and working with Wikimedia community members to create relevant visual content.
Developing illustrations, logos, and other graphic material digitally or by hand.

Required skills

Proven experience with graphic design (note related education qualification is a plus, but not mandatory)
A strong portfolio of illustrations and visual communication material
The person must have good experience in creating and preparing graphic content using design software like Adobe Creative Suite, Inkscape, and GIMP (free software usage experience will be preferable)
Relevant degree holders will be given preference.
Prior knowledge of working with open knowledge or open-source community will be a plus.
Candidates who are part of the Wikimedia community, or who have experience in contributing to Wikimedia projects will be given preference.
Ability to work methodically and meet deadlines.

Location: The position is based out of the CIS’s Bangalore office.
Remuneration: Compensation structure will be determined by the level of expertise, experience and current remuneration.
To apply, please send your resume and cover letter to Tito Dutta (tito+gd@cis-india.org) by 24 May 2020 11:59 pm IST (applications won't be accepted after the deadline)

Please do not miss the +gd part in the email, that is an email filter for us)

For more details visit http://editors.cis-india.org/jobs/programme-associate-graphic-designer

Programme Associate (Communications)

gurshabad — 2020-08-09T13:51:27Z

The Centre for Internet & Society (CIS) is seeking applications for the position of Programme Associate (Communications), to support its Access to Knowledge (CIS-A2K) Programme. In keeping with efforts within the larger Wikimedia movement in encouraging an inclusive workplace and addressing issues of gender disparity This position is presently open only to applicants who identify as women.

Context of the CIS-A2K programme

Position Summary

As Programme Associate, your job will be to support the Team’s larger goals -- growth of Indian language Wikipedias, other Wikimedia projects and the contributor communities. Your primary responsibility will be to support the Programme Associates -- that spearhead our on-ground programmatic activities -- with regular communication with the community and the outside world.

Responsibilities

Storytelling and all other forms of of communication-related responsibilities are two major focus areas of this job. You will explore conventional to new media to share the stories of the many of volunteers that make Wikipedia and Wikimedia projects such great knowledge repositories
Creating original stories of challenges and success of the Indian language Wikimedia communities, including the ones that we closely work with Being the interface between A2K team and the community and lead different kinds of communications activities
Sharing the work of the community and A2k team in a regular manner through print media, newsletters, social media, mailing list updates, blog posts etc., including timely announcement of programme activities on these platforms
Providing training on effective communications to the communities on a need basis and enabling them to independently tell their own stories in their own languages
Support with writing, review and editing of the annual work plan and reports of the programme
Interviewing Wikimedians under the ambit of the WikipediansSpeak project and beyond, and share the story of the Wikimedia community widely in the media

Required skills

Good communication skill in writing and speaking, which will be required for correspondence, blog, report etc writing
Experience of blog post, report etc writing
Prior experience of working in a collaborative community, preferably online.
Strong understanding of the internet and work of the Wikimedia movement.
Active participation as a Wikimedia volunteer would be an asset, though not a prerequisite. Demonstrated experience working in a global, multi-cultural team environment.
Must be fluent in English and at least one Indian language.
A good understanding of the cultural and knowledge universe of one Indian language will be an added advantage.
Ability to integrate with and understand the complexity of the Indian Wikimedia community.
Prior experience/ knowledge in working with social media for professional communication would be an added advantage.
Prior experience/knowledge in liasioning with conventional print/broadcast media would be an added advantage.

Characteristics of the Programme Associate

High level of commitment: The Programme Associate should believe in the values of CIS and Wikimedia projects, exude enthusiasm for the mission and can powerfully embody and communicate the mission.
Intellectual curiosity and flexibility: Must enjoy tackling difficult, ambiguous problems and able to incorporate new knowledge into how one approaches situations and generates solutions, loves learning from others while expanding intellectual horizons.
Open and transparent: Have a high level of integrity and be comfortable working in a highly transparent fashion, open to input and feedback, a proactive and candid communicator who isn't afraid to bring others in when things are off-track or when they need help and should be able to handle criticism in a mature fashion.
Community builder: It is essential that the Programme Associate sees themself as a partner to and supporter of the Wikimedians who have and will continue to be the leaders in building the Wikimedia projects. The Programme Associate must be willing and able to work with a diverse array of people, many of whom come from non-traditional backgrounds and have a fervent commitment to Wikimedia movement’s community-led nature.
Strong cultural competency: Able to navigate in a global movement and on a global team in addition to navigating the complexity of India.

Location: Candidate willing to work from CIS’s Bangalore office will be preferred. Remote working option may be considered for experienced Wikimedians

Remuneration: Compensation structure will be determined by the level of expertise, experience and current remuneration.

Do not send anymore application now. the last date is over
To apply, please send your resume to Tito Dutta (tito+comm@cis-india.org) and cover letter by 21 May 2020 (applications must be submitted with cover later before 21 May 11:59:00 IST, please ensure to apply through email only).

For more details visit http://editors.cis-india.org/jobs/programme-associate-communications

Policy Officer (Policy research around building the cybersecurity discourse in India)

gurshabad — 2020-01-21T13:31:44Z

The Centre for Internet & Society is looking to hire a policy researcher for its cybersecurity policy project. Research focuses around governance of emerging technologies, international frameworks for cybersecurity and cyber norms, domestic cyber policy frameworks, human rights in the cybersecurity domain, personal data governance and the commercial aspects of cyber security among others. Women and individuals from under-represented communities are specifically encouraged to apply. The will be till December 2020, with a possibility of extension.

Job Description

To independently produce writing and research on various topics assigned
To proactively identify policy windows and opportunities for engagement
To conceptualise and plan events to disseminate and discuss research
To complete any administrative task concerning institution building assigned by the supervisor

Requirements

Any under-graduate degree
Relevant Masters Degree in Law, Public Policy or Economics preferred
Strong working knowledge of cyber security and cyber policy
Relevant work experience and publication record preferred
Ability to work independently and communicate with a team that is spread out across multiple cities

Compensation

Based on experience and educational qualifications.

Application

Please e-mail the following documents

Cover Letter
CV
Two writing samples ( co-authored samples do not count) of around 1500 words each. (If you are submitting an extract of a longer paper, please provide appropriate context) Relevant writing samples preferred
Names of two referees who we can contact.

Please mail these details to Arindrajit Basu (Research Manager, Cybersecurity Project) at arindrajit@cis-india.org

For more details visit http://editors.cis-india.org/jobs/policy-officer-policy-research-around-building-the-cybersecurity-discourse-in-india

Notes From a Foreign Field: The European Court of Human Rights on Russia’s Website Blocking

gurshabad — 2021-02-13T08:42:18Z

This blogpost summarises the human rights principles applied by the Court to website blocking, and discusses how they can be instructive to petitions in the Delhi High Court that challenge arbitrary censorship in India.

This blogpost was authored by Gurshabad Grover and Anna Liz Thomas. It was first published at the Indian Constitutional Law and Philosophy Blog on February 5, 2021, and has been reproduced here with permission.

From PUBG to TikTok, online services are regularly blocked in India under an opaque censorship regime flowing from section 69A of the Information Technology (IT) Act. Russia happens to have a very similar online content blocking regime, parts and processes of which were recently challenged in the European Court of Human Rights (‘the Court’). This blogpost summarises the human rights principles applied by the Court to website blocking, and discusses how they can be instructive to petitions in the Delhi High Court that challenge arbitrary censorship in India.

Challenges to Russia’s Website Blocking Practices

On 23 June 2020, the Court delivered four judgements on the implementation of Russia’s Information Act, under which content on the internet can be deemed illegal and taken down or blocked. Under some of these provisions, a court order is not required, and the government can send a blocking request directly to Roskomnadzor, Russia’s telecom service regulator. Roskomnadzor, in turn, requests internet service providers (ISPs) to block access to the webpage or websites. Roskomnadzor also notifies the website owner within 24 hours. Under the law, once the website owner notifies the Roskomnadzor that the illegal content has been removed from the website, the Roskomnadzor verifies the same and informs ISPs that access to the website may be restored for users.

In the case of Vladimir Kharitonov, the complainant’s website had been blocked as a result of a blocking order against another website, which shared the same IP address as that of the complainant. In Engels, the applicant’s website had been ordered by a court to be blocked for having provided information about online censorship circumvention tools, despite the fact that such information was not unlawful under any Russian law. OOO Flavius concerned three online media outlets that had their entire websites blocked on the grounds that some of their webpages may have featured unlawful content. Similarly, in the case of Bulgakov, the implementation of a blocking order targeting extremist content (one particular pamphlet) had the effect of blocking access to the applicant’s entire website. In both the cases of Engels and Bulgakov, where court proceedings had taken place, the proceedings had been concluded inter se the Prosecutor General and server providers, without the involvement of the website owner. In all four cases, appeals to higher Russian courts had been summarily dismissed. Even in those cases where website owners had taken down the offending content, their websites had not been restored.

The Court assessed the law and its application on the basis of a three-part test on whether the censorship is (a) prescribed by law (including foreseeability and accessibility aspects of the law), (b) necessary (and proportionate) in a democratic society, and (c) pursuing a legitimate aim.

Based on the application of these tests, the Court ruled against the Russian authorities in all four cases. The Court also held that the wholesale blocking of entire websites was an extreme measure tantamount to banning a newspaper or a television station, which has the collateral effect of interfering with lawful content. According to the Court, blocking entire websites can thus amount to prior restraint, which is only justified in exceptional circumstances.

The Court further held that procedural safeguards were required under domestic law in the context of online content blocking, such as the government authorities: (a) conducting an impact assessment prior to the implementation of blocking measures; (b) providing advance notice to website owners, and their involvement in blocking proceedings; (c) providing interested parties with the opportunity to remove illegal content or apply for judicial review; and (d) requiring public authorities to justify the necessity and proportionality of blocking, provide reasons as to why less intrusive means could not be employed and communicate the blocking request to the owner of the targeted website.

The Court also referenced an earlier judgment it had issued in the case of Ahmet Yildirim vs. Turkey, acknowledging that content creators are not the only ones affected; website blocking interferes with the public’s right to receive information.

The Court also held that the participation of the ISP as a designated defendant was not enough in the case of court proceedings concerning blocking requests, because the ISP has no vested interest in the proceedings. Therefore, in the absence of a targeted website’s owner, blocking proceedings in court would lose their adversarial nature, and would not provide a forum for interested parties to be heard.

Implications for India

The online censorship regime in India is similar to Russian terms of legal procedure, but perhaps worse when it comes to the architecture of the law’s implementation. Note that for this discussion, we will restrict ourselves to government-directed blocking and not consider court orders for content takedown (the latter may also include intellectual property infringement and defamatory content).

Section 69A of the Information Technology (IT) Act permits the Central Government to order intermediaries, including ISPs, to block online content on several grounds when it thinks it is “necessary or expedient” to do so. Amongst others, these grounds include national security, public order and prevention of cognisable offences.

In 2009, the Information Technology (Procedure and Safeguards for Blocking for Access of Information by Public) Rules, 2009 (‘blocking rules’) were issued under the Act. They lay out an entirely executive-driven process: a committee (consisting entirely of secretaries from various Ministries) examines blocking requests from various government departments, and finally orders intermediaries to block such content.

As per Rule 8, the chairperson of this committee is required to “make all reasonable efforts identify the person or intermediary who has hosted the information” (emphasis ours) and send them a notice and give them an opportunity for a hearing. A plain reading suggests that the content creator can then not be involved in the blocking proceedings. Even this safeguard can be circumvented in “emergency” situations as described in Rule 9, under which blocking orders can be issued immediately. The rules ask for such orders to be examined by the committee in the next two days, where they can decide to continue or rescind the block.

The rules also task a separate committee, appointed under the Telegraph Act, to meet every two months to review all blocking orders. Pertinently, only ministerial secretaries comprise that committee as well.

These are the limited safeguards prescribed in the rules. Public accountability in the law is further severely limited by a requirement of strict confidentiality (Rule 16) of blocking orders. With no judicial, parliamentary or public oversight, it is easy to see how online censorship in India operates in complete secrecy, making it susceptible to wide abuse.

When the constitutionality of provision and the blocking rules was challenged in Shreya Singhal v. Union of India, the Supreme Court was satisfied with these minimal safeguards. However, it saved the rules only because of two reasons. First, it noted that an opportunity of a hearing is given “to the originator and intermediary” (emphasis ours: notice how this is different from the ‘or’ in the blocking rules). It also specifically noted that the law required reasoned orders that could be challenged through writ petitions.

On this blog, Gautam Bhatia has earlier argued that the judgment then should be read as obligating the government to mandatorily notify the content creator before issuing blocking orders. Unfortunately, the reality of the implementation of the law has not lived up to this optimism. While intermediaries (ISPs when it comes to website blocking) may be getting a chance to respond, content creators are also almost never given a hearing. As we saw in the European Court’s judgment, ISPs do not have any incentive to challenge the government’s directions.

Additionally, although the law states that “reasons [for blocking content are] to be recorded in writing”, leaked blocking orders suggest that even ISPs are not given this information. Apart from the opacity around the rationale for blocking, RTI requests to uncover even the list of blocked websites have been repeatedly rejected (for comparison, Roskomnadzor at least maintains a public registry of websites blocked in Russia). This lack of transparency and fair proceedings also means that entire websites may be getting blocked when there are only specific web pages on that website that serve content related to unlawful acts.

When it comes to the technical methods of blocking, the rules are silent, leaving this decision to the ISPs. While a recent study by the Centre for Internet and Society showed that popular ISPs are using methods that target specific websites, there are some recent reports that suggest ISPs may be blocking IP addresses too. The latter can have the effect of blocking access to other websites that are hosted on the same address.

There are two challenges to the rules in the Delhi High Court, serving as opportunities for reform of website blocking and content takedown in India. The first was filed in December 2019 by Tanul Thakur, whose website DowryCalculator.com (a satirical take on the practice of dowry) was blocked without any notice or hearing. Tanul Thakur was not reached out to by the committee responsible for passing blocking orders despite the fact that Thakur has publicly claimed its ownership multiple times, and has been interviewed by the media about the website. When Thakur filed a RTI asking why DowryCalculator.com was blocked, the Ministry of Electronics cited the confidentiality rule to refuse sharing such information!

This month, an American company providing mobile notifications services, One Signal Inc., has alleged that ISPs are blocking its IP address, and petitioned the court to set aside any government order to that effect because they did not receive a hearing. Interestingly, the IP address belongs to a popular hosting service provider, which serves multiple websites. Considering this fact and the lack of transparency in blocking orders, one may question whether One Signal was the intended target at all! The European Court’s judgment in Vladimir Kharitonov is quite relevant here: ISPs should not be blocking IP addresses that are shared amongst multiple websites, because such a measure can cause collateral damage, and make other legitimate expression inaccessible.

Given the broad similarities between the Indian and Russian website blocking regimes, the four judgements by the European Court of Human Rights will be instructive to the Delhi High Court. Note that section 69A is used for content takedown in general, i.e. censoring posts on Twitter, not just blocking websites): the right to hearing must extend to all such content creators. The principles applied by the European Court can thus provide for a more rights respecting foundation for content blocking in India for the judiciary to uphold, or for the legislature to amend.

For more details visit http://editors.cis-india.org/internet-governance/blog/notes-from-a-foreign-field-the-european-court-of-human-rights-on-russia2019s-website-blocking

Internet shutdowns: Its legal and commercial dimensions in Kashmir

gurshabad — 2020-02-10T12:51:08Z

This article by Gurshabad Grover appeared on ETVBharat on February 10, 2020. The author would like to thank Kanav Khanna for his research assistance. The article was edited by Arindrajit Basu and translated into various languages by the ETVBharat team. You can also read it in Gujarati, Hindi, Kannada, Odia, and Urdu.

On 4 August 2019, the Central Government ordered the suspension of telecommunication and internet services in Jammu and Kashmir. Suddenly, roughly a crore citizens found themselves unable to exercise their basic freedoms of expression and association online. According to the Software Freedom Law Centre’s Internet Shutdown Tracker, Jammu and Kashmir endured 180 partial or complete internet shutdowns in the last seven years. These astonishing numbers indicate that communication blockades in the state are a common occurrence, but perhaps even Kashmiris did not anticipate that they are entering the longest internet shutdown ever imposed by a democratic country.

It is no secret that the internet has become an essential tool for democratic participation. The loss of the network infrastructure also causes both social and economic harm: students are denied access to critical educational resources, hospitals and emergency services face an administrative catastrophe, and local business can crumble. As recent work by the scholar Jan Rydzak demonstrates, shutting down the internet may not even be ensuring public order and peace, as the government would readily claim. Rydzak argues that access to the internet allows wide coordination that is necessary to demonstrate a peaceful protest, and that internet shutdowns may thus be fueling violent protests rather than curbing them.

When the internet shutdown, among other state action, was challenged by Kashmiri Times editor Anuradha Bhasin, the Supreme Court (SC) did have an opportunity to consider these factors when deciding on the legality of the shutdown. The concerns of civil society were made severe in this particular situation because the Government failed, in a total disregard for the rule of law, failed to publish the internet shutdown orders or present them before the court. In its final order on 10 January this year, the SC did affirm basic constitutional principles and sets progressive precedent for future cases.

First and foremost, the Court affirms that the Constitution, through Article 19, protects the “freedom of speech and expression and the freedom to practice any profession or carry on any [...] occupation over the medium of internet.” Second, the Court recognised that internet shutdowns cannot be imposed indefinitely, must be reviewed by the executive every week and that the orders are subject to judicial review. In that regard, the SC may pave for strengthened challenges to internet shutdowns in the future. However, as several scholars have noted, besides ordering the restoration of some essential services, the Court does fall short of providing relief to Kashmiri citizens in the case. Soon after the SC delivered this judgment, the government of Jammu and Kashmir issued orders to internet service providers to restore 2G internet services but only permit access to 301 websites. Besides the fact that the list arbitrarily includes and excludes services, major communication services were notably from the list. Most importantly, this piece of ‘internet regulation’ makes little sense when you consider either the internet or the regulations governing it.

In the technical sense, the regulations completely misunderstand how the modern web functions. When one connects to a website, the websites in turn often make the system download critical resources from other servers. If internet service providers permit only specific websites, the content from other unwhite listed sources still remains inaccessible. A recent experiment by Rohini Lakshané and Prateek Waghre confirms this empirically: out of the 301 websites in the list, only 126 were usable in some form. While the order seems like a necessary consequence of the SC order, there is also little legislative basis for the order. The order cites the Temporary Suspension of Telecom Services (Public Emergency or Public Safety) Rules issued in 2017 under the colonial-era Indian Telegraph Act. These regulations do permit the Government to shut down telecom and internet services but do not allow the government to issue orders that allow ‘whitelists’ such as this one. The Information Technology (IT) Act, namely through Section 69A, allows the Central Government and courts to order the blocking of certain websites. Even the license agreements issued by the government to internet service providers only allow the Government to order the blocking certain online resources on the grounds of national security. Therefore, the order of a ‘whitelist’ of websites has no basis in law because it turns the logic of only blocking websites on its head.

After Kashmiris found a way to circumvent the ‘whitelist’ by using virtual private networks (VPNs), reports emerged that security forces were forcing Kashmiris to uninstall these applications. All this, of course, despite the fact that there is no law preventing the use of VPNs or the circumvention of internet censorship in general.

It has now been around seven months since internet and telecom services were suspended in Kashmir. This long-standing deprivation of basic rights to Kashmiris is wrong that perhaps even the future cannot correct. After months of a complete shutdown, the Government can make better amends than restoring only limited and partial access. As we march onto the next decade, the world is watching. History will not judge kindly those who occluded civil liberties through a facile ritual incantation of ‘public order’ and ‘national security’.

For more details visit http://editors.cis-india.org/internet-governance/blog/internet-shutdowns-its-legal-and-commercial-dimensions-in-kashmir

Intermediary liability and Safe Harbour: On due diligence and automated filtering

gurshabad — 2020-11-29T21:17:30Z

This post discusses this ‘due diligence’ obligation in the intermediary liability regime in India, with a focus on its scope and whether it includes the possibility of automated content filtering.

This blogpost was authored by Gurshabad Grover and Anna Liz Thomas. It was first published at Law and Other Things.

Introduction

India’s intermediary liability regime flows from section 79 of the Information Technology Act, 2000 (the “Act”), a provision that exempts intermediaries from liability for third party content on their service, as long as certain conditions are fulfilled. Under Section 79(2)(c) of the Act, one of the conditions for an intermediary to claim safe harbour (immunity from liability for third party content) is that it:

“observes due diligence while discharging his duties under this Act and also observes such other guidelines as the Central Government may prescribe in this behalf.” (emphasis is authors’)

This post discusses this ‘due diligence’ obligation with a focus on its scope and its relationship with the intermediary guidelines issued under the Act. We primarily analyse the arguments made by T. Prashant Reddy in Back to the Drawing Board: What should be the new direction of the intermediary liability law?, (“the paper”) which was published last year in the NLUD Journal of Legal Studies.

While the paper aims to broadly engage with the question of how India’s intermediary liability regime should be reformed, this post only focuses on two of the arguments that form the basis of the paper. First, the paper suggests that ‘due diligence’ should be interpreted as a separate requirement from the intermediary guidelines (“the 2011 rules”) issued under the law. The second argument builds on this and argues that this due diligence requirement could be understood to mean that intermediaries should engage in proactive identification and filtering of unlawful content.

We explore the two questions in the same order, and then finally explore alternative interpretations of the due diligence requirement. We argue that (1) there are multiple ways to interpret the provision, but there may be merit in considering the ‘due diligence’ requirement as distinct from the guidelines; and that (2) even if it is a separate requirement, proactive filtering of content by intermediaries is unconstitutional, and thus cannot be the sort of ‘due diligence’ the law expects from intermediaries.

Is ‘due diligence’ a separate requirement?

Section 79 of the IT Act has long been criticised for its vague and poor drafting, including on whether the entire clause requiring ‘due diligence’ was mandatory at all. The paper only suggests that ‘due diligence’ is a separate requirement from the guidelines, with the interpretation being supported by two facts.

First, the paper points to the ‘and’ in Section 79(2)(c) that separates the obligation to conduct due diligence, and the obligation to observe the guidelines prescribed by the Central Government. This would indicate that the two obligations are to be separately fulfilled. We should point out that reading the statute in such a way does mean that the two obligations are distinct, but it could also imply that both ‘due diligence’ and ‘other guidelines’ can be notified by the Government. In fact, we think that evidence of the claim that ‘due diligence’ is a separate self-contained obligation is actually found in the word ‘also’ that succeeds ‘and’. If we interpret the provision in a way that the due diligence is only what is notified in the rules, the term ‘also’ ends up having no real significance. The rule of surplusage in interpretation states that “every word and every provision is to be given effect”, and that “none should be ignored.” Thus, the term ‘also’ can be understood as intentionally demarcating the ‘due diligence’ obligation and the one that obligates intermediaries to comply with the rules notified under the provision.

The paper further argues that the second fact supporting this interpretation is in the legislative history of section 79 of the Act. Section 79, as it presently exists, was the result of the amendments to the Act passed in 2008. The phrase ‘due diligence’ was retained in the text of the provision on the insistence of the Standing Committee which submitted a report on the Bill. The Committee had contextualized the due diligence requirement in relation to the need for an explicit provision requiring the blocking and elimination of objectionable content through technical mechanisms.

However, the paper does not consider the fact that the Committee had also specified that the reason it wanted ‘due diligence’ in the provision was because in their opinion, “removing an enabling provision which already exists in the principal Act and leaving it to be taken care of by the possible guidelines makes no sense”. From the perspective of the Standing Committee, the due diligence provision was an enabling one, i.e., primarily meant to allow the government to make guidelines in that regard. In an enabling provision like this one, retaining the term ‘due diligence’ and adding that intermediaries have an obligation to observe ‘such other’ guidelines curbed the possibility of excessive delegation, by ensuring that any guidelines prescribed specifically concern due diligence obligations.

Note that the judgement of the Andhra Pradesh High Court in Google India Private Limited vs M/S Visaka Industries Limited in November 2016 may support the paper’s argument in that the ‘due diligence’ obligation is distinct from the guidelines. In the absence of any explicit definition of ‘due diligence’ in the IT Act, the Court cited precedent that relied on dictionary meanings of due diligence and concluded that that in order to meet the requirement, an intermediary would have to prove that it “had acted as an ordinary reasonable prudent man”, which would be a “question of fact.” Perhaps the Delhi High Court was clearest in the matter in Christian Louboutin v Nakul Bajaj when it stated that “the ‘due diligence’ provided in the Act, has to be construed as being broad and not restricted merely to the guidelines themselves.”

On the other hand, like the paper notes, there are judgments like MySpace Inc. vs Super Cassettes Industries Ltd. by the Delhi High Court, which have not considered the specific question, but concluded Rule 3 of the 2011 rules to completely encapsulate ‘due diligence’. This is, of course, because of the language in the rules. While Section 79(2)(c) of the IT Act might suffer from some vagueness, Rule 3 of the 2011 rules is unequivocal in that it seeks to define the “due diligence to be observed by the intermediary.” As Chinmayi Arun notes, the notification of the rules is seen as serving to clarify the meaning of the requirement. It is no surprise that Rule 3 has become the traditionally-understood standard for fulfilling the ‘due diligence’ requirement under the law.

Overall, despite the lack of a crystal-clear answer, we agree with the paper that there is enough merit in seriously considering the ‘due diligence’ as distinct from the guidelines. The paper has rightly brought up an interpretation that needs more attention in literature and cases on intermediary liability in India.

Interpreting ‘Due diligence’

It thus becomes important to question what this ‘due diligence’ will entail for intermediaries if (and/or when) it is entirely distinct from the rules. The paper points to how the Committee had contextualized the due diligence requirement as a need for certain intermediaries to block and eliminate objectionable content through technical mechanisms. Using this frame of reference, Reddy suggests that this ‘due diligence’ requirement may mean that intermediaries are obligated to proactively filter objectionable content.

However, it is pertinent to note that the Standing Committee had originally intended that the ‘due diligence’ requirement be reinstated as a prerequisite for giving immunity to a specific kind of intermediary: online marketplaces and online auction sites. Their suggestions for automated tools for filtering content should also be understood then as targeted at these specific intermediaries. Therefore, there is nothing in the legislative history of Section 79(2)(c) that suggests that measures such as automated content filtration were even considered as obligations for all categories of intermediaries.

More importantly, as many have pointed out in the context of the proposed amendments to the intermediary guidelines, proactive filtering of content would be unreasonable and its application definitely an unconstitutional restriction on speech.

First, such a requirement would suffer from vagueness and overbreadth. There are lots of “automated tools” that can be used to filter content (keyword detection, hash-based content detection, machine learning, etc.), each with their merits and demerits. Even if delegated legislation were to provide clarity to the term, such a broad interpretation of ‘due diligence’ would not be consistent with the ‘case-by-case’ evaluation that is the usual understanding of the term. Apart from the fact that all forms of automated filtering have their inherent limitations, it would be impossible for certain kinds of intermediaries, like those that deal with end-to-end encrypted communications to implement such a requirement.

The determination of whether certain acts are illegal is a public function, left to the government and the courts. A broad proactive filtering obligation on intermediaries is state censorship by proxy, and worse yet, a form of privatized law enforcement. As a matter of principle, what the state cannot do directly, it cannot do indirectly. For such forms of censorship, Prof. Seth Kreimer has elucidated in detail the great dangers of “collateral damage” that come from placing restrictions on intermediaries (if not the speaker). On its face, it appears less egregious than a “frontal attack” on expression by the state, but it can have the same effects.

To understand the impact of such obligations in the context of intermediary liability, consider the even lower bar of requiring intermediaries to entertain third-party takedown notices. There is evidence from multiple jurisdictions to suggest that even third party notice-and-takedown systems make intermediaries over-censor in order to avoid liability. When such a system existed in India before the Supreme Court’s judgment in Shreya Singhal v. Union of India, a study by Rishabh Dara found that a majority of intermediaries (that they sent notices to) were over-censoring by complying with clearly frivolous takedown notices. The requirement of proactive filtering will undoubtedly cause a much amplified, unjust and disproportionate harm to the exercise of the right to freedom of expression. Furthermore, it has been confirmed by Shreya Singhal that the ‘knowledge;’ of content to be taken down, must only be construed as being brought to the intermediary through the medium of a court order. It, therefore, becomes difficult to reconcile Shreya Singhal with automatic filtration being mandated by law, since this would suggest that such ‘knowledge’ may be brought to the intermediary by way of an algorithm (with or without conjunction with human inspection), rather than a court order.

Rather than meeting T. Prashant Reddy’s aim, such a reading would also concentrate more powers in the hands of private companies like Facebook and Google that already exert an undue influence in the moderation of the online public sphere.

Instead of a draconian form of ‘due diligence’, it is important to consider what the range of possibilities that could inform the obligation. For instance, the UN Guiding Principles on Business and Human Rights require business enterprises to carry out a human rights due diligence on a regular basis, to identify, prevent, mitigate and account for how they address their impacts on human rights. Businesses, under these principles have differentiated responsibilities based on the size of the business, risk of severe human rights impacts and the nature and context of its operations. Once again, in this case, each intermediary’s performance of its due diligence obligation would be made on a case-to-case basis. Another interpretation can be the incorporation of safeguards in takedown process, as Article 19 has suggested. This could be to ensure that the companies are transparent in their decision-making, and users are able to challenge takedown decisions made by companies.

Conclusion

For the long-term reform of governance of online platforms, it is important to keep in mind that this is one of the many problems in section 79 of the IT Act. As the paper points out, the provision has been long criticised for having a “one-size-fits-all” approach to regulation, where internet service providers and social media companies are treated similarly when it comes to their conditions for exemption from liability. The conditions for exemption from liability in the provision contribute to confusion around their application to good faith content moderation and curation of newsfeeds.

There is also little in the law that advocates for transparency and fairness in the moderation of online content, which is the area where large and closed intermediaries act most as ‘gatekeepers’ and influence the public sphere. Unfortunately, while the paper recognises these issues, it goes on to advocate for proactive and automated content filtering, which is likely to concentrate even more power in the hands of big tech companies.

There are a host of problems that contribute to the misgovernance of online platforms, including an ineffective competition law framework, the lack of consumer protection standards applicable to most ‘free’ online services, and the opacity with which community standards are applied. A step towards addressing these issues would be a clearer and comprehensive intermediary liability legislation that recognises the role of intermediaries in facilitating the right to freedom of expression, holds them accountable to users, and dismantles unfair concentration of power in commercial interests.

The authors would like to thank Torsha Sarkar and the Editorial Board at Law and Other Things for their comments and suggestions.

Disclosure: CIS has been a recipient of research grants from Facebook and Google.

For more details visit http://editors.cis-india.org/internet-governance/blog/intermediary-liability-and-safe-harbour-on-due-diligence-and-automated-filtering

India should reconsider its proposed regulation of online content

gurshabad — 2019-01-24T16:59:07Z

The lack of technical considerations in the proposal is also apparent since implementing the proposal is infeasible for certain intermediaries. End-to-end encrypted messaging services cannot “identify” unlawful content since they cannot decrypt it. Presumably, the government’s intention is not to disallow end-to-end encryption so that intermediaries can monitor content.

The article was published in the Hindustan Times on January 24, 2019. The author would like to thank Akriti Bopanna and Aayush Rathi for their feedback.

Flowing from the Information Technology (IT) Act, India’s current intermediary liability regime roughly adheres to the “safe harbour” principle, i.e. intermediaries (online platforms and service providers) are not liable for the content they host or transmit if they act as mere conduits in the network, don’t abet illegal activity, and comply with requests from authorised government bodies and the judiciary. This paradigm allows intermediaries that primarily transmit user-generated content to provide their services without constant paranoia, and can be partly credited for the proliferation of online content. The law and IT minister shared the intent to change the rules this July when discussing concerns of online platforms being used “to spread incorrect facts projected as news and designed to instigate people to commit crime”.

On December 24, the government published and invited comments to the draft intermediary liability rules. The draft rules significantly expand “due diligence” intermediaries must observe to qualify as safe harbours: they mandate enabling “tracing” of the originator of information, taking down content in response to government and court orders within 24 hours, and responding to information requests and assisting investigations within 72 hours. Most problematically, the draft rules go much further than the stated intentions: draft Rule 3(9) mandates intermediaries to deploy automated tools for “proactively identifying and removing [...] unlawful information or content”.

The first glaring problem is that “unlawful information or content” is not defined. A conservative reading of the draft rules will presume that the phrase means restrictions on free speech permissible under Article 19(2) of the Constitution, including that relate to national integrity, “defamation” and “incitement to an offence”.

Ambiguity aside, is mandating intermediaries to monitor for “unlawful content” a valid requirement under “due diligence”? To qualify as a safe harbour, if an intermediary must monitor for all unlawful content, then is it substantively different from an intermediary that has active control over its content and not a safe harbour? Clearly, the requirement of monitoring for all “unlawful content” is so onerous that it is contrary to the philosophy of safe harbours envisioned by the law.

By mandating automated detection and removal of unlawful content, the proposed rules shift the burden of appraising legality of content from the state to private entities. The rule may run afoul of the Supreme Court’s reasoning in Shreya Singhal v Union of India wherein it read down a similar provision because, among other reasons, it required an intermediary to “apply [...] its own mind to whether information should or should not be blocked”. “Actual knowledge” of illegal content, since then, has held to accrue to the intermediary only when it receives a court or government order.

Given the inconsistencies with legal precedence, the rules may not stand judicial scrutiny if notified in their current form.

The lack of technical considerations in the proposal is also apparent since implementing the proposal is infeasible for certain intermediaries. End-to-end encrypted messaging services cannot “identify” unlawful content since they cannot decrypt it. Internet service providers also qualify as safe harbours: how will they identify unlawful content when it passes encrypted through their network? Presumably, the government’s intention is not to disallow end-to-end encryption so that intermediaries can monitor content.

Intermediaries that can implement the rules, like social media platforms, will leave the task to algorithms that perform even specific tasks poorly. Just recently, Tumblr flagged its own examples of permitted nudity as pornography, and Youtube slapped a video of randomly-generated white noise with five copyright-infringement notices. Identifying more contextual expression, such as defamation or incitement to offences, is a much more complex problem. In the lack of accurate judgement, platforms will be happy to avoid liability by taking content down without verifying whether it violated law. Rule 3(9) also makes no distinction between large and small intermediaries, and has no requirement for an appeal system available to users whose content is taken down. Thus, the proposed rules set up an incentive structure entirely deleterious to the exercise of the right to freedom of expression. Given the wide amplitude and ambiguity of India’s restrictions on free speech, online platforms will end up removing swathes of content to avoid liability if the draft rules are notified.

The use of draconian laws to quell dissent plays a recurring role in the history of the Indian state. The draft rules follow India’s proclivity to join the ignominious company of authoritarian nations when it comes to disrespecting protections for freedom of expression. To add insult to injury, the draft rules are abstruse, ignore legal precedence, and betray a poor technological understanding. The government should reconsider the proposed regulation and the stance which inspired it, both of which are unsuited for a democratic republic.

For more details visit http://editors.cis-india.org/internet-governance/blog/hindustan-times-gurshabad-grover-january-24-2019-india-should-reconsider-its-proposed-regulation-of-online-content