Case BriefsHigh Courts

Madras High Court: The Division Bench of Sanjib Banerjee, CJ and P.D. Audikesavalu, J., prima facie observed that an oversight mechanism to control the media by the government may rob the media of its independence and fourth pillar, so to say, of democracy may not at all be there. The High Court was hearing a challenge to the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021.

The Rules have been challenged on the ground that they are ultra vires, inter alia, Articles 14 and 19 of the Constitution of India. Primarily the petitioners referred to Rule 9 which pertained to observance and adherence to the Code. Rule 9(3) provided for ensuring observance and adherence to the Code of Ethics by publishers operating in the territory of India. Under the Code, the grievance made in relation to publishers would be governed by three tier structure: (i) Self regulation by publishers; (ii) Self regulating bodies of publishers; (iii) Oversight mechanism by the Central Government. The petitioners were wary of the oversight mechanism of the Centre indicated as the final tier of the process of regulation.

The High Court observed that:

“Prima facie, there is substance in the petitioner’s grievance that an oversight mechanism to control the media by the government may rob the media of its independence and fourth pillar, so to say, of democracy may not at all be there.”

The Court added that nothing more need be said on the above aspect as the Bombay High Court had already stayed the operation of sub-rules (1) and (3) of Rule 9 of the said Rules of 2021. However, the petitioners informed the Court that notwithstanding the Bombay High Court order, notices have been issued to them requiring adherence to Rule 9. On this, the Court recorded that:

“It must be recorded in all fairness that the Additional Solicitor-General, representing the Union, accepts that the order passed by the High Court of Judicature at Bombay would have pan-India effect.”

Another ground for challenge which was not covered by the Bombay High Court pertained to Rules 3 and 7 of the impugned rules. Petitioners were aggrieved with the incorporation of sub-clause (x) of Rule 3(1)(b), which is as follows: “(x) is patently false and untrue, and is written or published in any form, with the intent to mislead or harass a person, entity or agency for financial gain or to cause any injury to any person;”

Petitioners pointed that along with the obligation imposed on the intermediary under Rule 3(1)(c) to terminate the access or usage rights of users for non-compliance with the provisions of Rule 3(1)(b), the provisions for grievance redressal have been made stringent and, finally, Rule 7 has been incorporated making an intermediary liable for punishment upon the intermediary failing to observe the said Rules.

The Court noted that that the present Rule 3 is different from Rule 3 of the earlier rules. There appear to be key changes, particularly the introduction of sub-clause (x) in clause (b) of sub-rule (1) thereof and the additional obligation on the intermediary in, inter alia, clause (c). It was noted:

“Any host of a website or platform would be an intermediary and an ordinary person may be denied access to the platform on the ipse dixit of the intermediary or on the intermediary’s apprehension that such intermediary may be proceeded against.”

Section 79 of the Information Technology Act, 2000 grants exemption from liability to intermediaries in certain cases. However, by virtue of Section 79(2)(c), the exemption would not apply if the intermediary is found not to have observed “guidelines as the Central Government may prescribe in this behalf.”

In Shreya Singhal v. Union of India, (2015) 5 SCC 1, it was observed:

“it would be very difficult for intermediaries like Google, Facebook, etc. to act when millions of requests are made and the intermediary is then to judge as to which of such requests are legitimate and which are not.”

Significantly, the High Court siad that though the petitions were not brought by hosts of website platforms, but social media platforms on the website are used by one and sundry and there is a genuine apprehension that a wink or a nod from appropriate quarters may result in the platform being inaccessible to a citizen.

The Court directed that if there is any action taken in terms of Rule 3 of the said Rules read with Rule 7 thereof during the interregnum, it will abide by the result of the petitions and further orders herein. Since main matter is likely be taken up by the Supreme Court in early October, 2021, the matters of the present petition shall be taken up in the last week of October, 2021. [Digital News Publishers Assn. v. Union of India, WP No. 13055 of 2021, dated 16-9-2021]


Also Read:

‘People would be starved of liberty of thought if…’: Know why Bom HC partly stayed IT Rules, 2021

Case BriefsHigh Courts

Bombay High Court: The Division Bench of Dipankar Datta, CJ and G.S. Kulkarni, J., while addressing the petitions challenging the IT Rules, 2021 expressed that

Dissent in democracy is vital.

People would be starved of the liberty of thought and feel suffocated to exercise their right of freedom of speech and expression, if they are made to live in present times of content regulation on the internet with the Code of Ethics hanging over their head as the Sword of Damocles.

Challenge

Instant petitions challenged the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 on the ground that they were ultra vires the Information Technology Act, 2000 and the provisions of Articles 14, 19 (1)(a) and 19(1)(g) of the Constitution.

Background

First petition was filed by the petitioner 1 company known as “The Leaflet”.

The second Petition was a Public Interest Litigation filed by Nikhil Mangesh Wagle who was stated to be in the field of journalism since the year 1977.

Contention

Petitioners contended that the 2021 rules were ex-facie draconian, arbitrary and patently ultra vires the provisions of the IT Act and the provisions of Articles 14, 19(1)(a) and 19(1)(g) of the Constitution, which guarantees fundamental rights to the petitioners.

Petitioners in the first petition

Petitioners in the first petition were aggrieved by Rules 9, 14 and 16.

9. Observance and adherence to the Code.—

(1) A publisher referred to in rule 8 shall observe and adhere to the Code of Ethics laid down in the Appendix annexed to these rules.

(2) Notwithstanding anything contained in these rules, a publisher referred to in rule 8 who contravenes any law for the time being in force, shall also be liable for consequential action as provided in such law which has so been contravened.

(3) For ensuring observance and adherence to the Code of Ethics by publishers operating in the territory of India, and for addressing the grievances made in relation to publishers under this Part, there shall be a three-tier structure as under—

(a)  Level I – Self-regulation by the publishers;

(b)  Level II – Self-regulation by the self-regulating bodies of the publishers;

(c) Level III – Oversight mechanism by the Central Government.

……..

14. Inter-Departmental Committee.—

(1) The Ministry shall constitute an Inter- Departmental Committee, called the Committee, consisting of representatives from the Ministry of Information and Broadcasting, Ministry of Women and Child Development, Ministry of Law and Justice, Ministry of Home Affairs, Ministry of Electronics and Information Technology, Ministry of External Affairs, Ministry of Defence, and such other Ministries and Organisations, including domain experts, that it may decide to include in the Committee:

Provided that the Authorised Officer designated under sub-rule (2) of rule 13 shall be the Chairperson of such Committee.

(2) The Committee shall meet periodically and hear the following complaints regarding violation or  contravention of the Code of Ethics by the entities referred to in Rule 8 –

(a) arising out of the grievances in respect of the decisions taken at the Level I or II, including the cases where no such decision is taken within the time specified in the grievance redressal mechanism; or

(b) referred to it by the Ministry.

(3) Any complaint referred to the Committee, whether arising out of the grievances or referred to it by the Ministry, shall be in writing and may be sent either by mail or fax or by e-mail signed with electronic signature of the authorised representative of the entity referring the grievance, and the Committee shall ensure that such reference is assigned a number which is recorded along with the date and time of its receipt.

(4) The Ministry shall make all reasonable efforts to identify the entity referred to in Rule 8 which has created, published or hosted the content or part thereof, and where it is able to identify such entity, it shall issue a duly signed notice to such entity to appear and submit their reply and clarifications, if any, before the Committee.

(5) In the hearing, the Committee shall examine complaints or grievances, and may either accept or allow such complaint or grievance, and make the following recommendations to the Ministry, namely:—

(a) warning, censuring, admonishing or reprimanding such entity; or

(b)  requiring an apology by such entity; or

(c)  requiring such entity to include a warning  card or a disclaimer; or

(d) in case of online curated content, direct a publisher to—

(i) reclassify ratings of relevant content; or (ii) edit synopsis of relevant content; or
(iii) make appropriate modification in the  content descriptor, age classification and parental or access control;

(e) delete or modify content for preventing incitement to the commission of a cognisable offence relating to public order;

(f) in case of content where the Committee is satisfied that there is a need for taking action in relation to the reasons enumerated in sub-section (1) of section 69A of the Act, it may recommend such action.

(6) The Ministry may, after taking into consideration the recommendations of the Committee, issue appropriate orders and directions for compliance by the publisher:

Provided that no such order shall be issued without the approval of the Secretary, Ministry of Information and Broadcasting, Government of India (hereinafter referred to as the “Secretary, Ministry of Information and Broadcasting”).

16. Blocking of information in case of emergency.—

(1) Notwithstanding anything contained in rules 14 and 15, the Authorised Officer, in any case of emergency nature, for which no delay is acceptable, shall examine the relevant content and consider whether it is within the grounds referred to in sub-section (1) of section 69A of the Act and it is necessary or expedient and justifiable to block such information or part thereof and submit a specific recommendation in writing to the Secretary, Ministry of Information and Broadcasting.

(2) In case of emergency nature, the Secretary, Ministry of Information and Broadcasting may, if he is satisfied that it is necessary or expedient and justifiable for blocking for public access of any information or part thereof through any computer resource and after recording reasons in writing, as an interim measure issue such directions as he may consider necessary to such identified or identifiable persons, publishers or intermediary in control of such computer resource hosting such information or part thereof without giving him an opportunity of hearing.

(3) The Authorised Officer, at the earliest but not later than forty-eight hours of issue of direction under sub- rule (2), shall bring the request before the Committee for its consideration and recommendation.

(4) On receipt of recommendations of the Committee under sub-rule (3), the Secretary, Ministry of Information and Broadcasting, shall pass the final order as regard to approval of such request and in case the request for blocking is not approved by the Secretary, Ministry of Information and Broadcasting in his final order, the interim direction issued under sub-rule (2) shall be revoked and the person, publisher or intermediary in control of such information shall be accordingly, directed  to unblock the information for public access.”

Primary grievance of the petitioners for interim reliefs is qua the application of Rules 7, 9, 14 and 16 of the impugned rules.

Analysis, Law and Decision

High Court opined that as far as Rule 14 was concerned, there was no immediate urgency inasmuch as inter-departmental committee was yet to be constituted. It was required to be noted that, no material had been brought to Court’s notice that the authorized officer as contemplated under Rule 13(2) had been appointed.

Therefore, petitioners were at liberty to approach the Court as and when the inter-departmental committee was constituted.

Rule 16 provides for blocking of information in case of emergency

The stated Rule provided was pari materia to Rule 9 of the 2009 Rules which were still in operation. Also, it was not the petitioners case that they were at any time aggrieved by Rule 9 of the 2009 Rules. Hence, Court found no case to be made to stay Rule 16 of the 2021 Rules.

Blocking of information in case of emergency as provided by Rule 16 was on the grounds traceable in Section 69A (1) of the IT Act which was a provision failing in line with the restrictions as imposed by Article 19(2) of the Constitution of India, namely, when the authority finds that blocking of public access of any information is in the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States, public order, decency or morality or in relation to commission of any cognizable offence in relation to such issues.

Therefore, prayer to stay Rule 16 was rejected.

Rule 9

Bench stated that that said Rule was severely criticized by the petitioners as noted by the Court to be an affront on the guarantee of right of freedom of free speech and expression conferred by Article 19(1)(a) of the Constitution.

What peculiar under Rule 9?

Publishers of news and current affairs content and publishers of online curate content are under a mandatory obligation to observe and adhere to the Code of Ethics laid down.

Petitioners submitted that the IT Act does not seek to censor the content on internet; secondly, it is impermissible for the Centre to have a subordinate legislation in the form of Rule 9 inasmuch as it provides for restrictions which travel beyond the provisions of Section 69A of the IT Act ; and thirdly, the rule making power itself, as exercised in framing the impugned rules, namely, the power under Section 87 sub-section (1) and clauses (z) and (zg) of sub- section (2) itself does not provide for imposition of such restrictions.

In the opinion of the Court, Rule 9 prima facie suffers from two illegalities:

  • It imposes an obligation on the publishers of news and current affairs content and publishers of online curated content, to observe the Code of Ethics under a completely different statutory regime alien to the IT Act.

One who violates the code does so at his own peril and would expose himself/itself to more rigorous action than what the PCI Act envisages.

If a writer/editor/publisher has to adhere to or observe the Programme Code in toto, he would necessarily be precluded from criticizing an individual in respect of his public life [see: Rule 6(1)(i)].

Bench expressed that it is the checks and balances that make a democracy work. There can be no two opinions that a healthy democracy is one which has developed on criticism and acceptance of contra views.

Opinion based on criticism reinforces its acceptance in a democratic society.

With the existence of 2021 Rules in place, one would have to think twice before criticizing any such personality, even if the writer/editor/publisher may have good reasons to do so without resorting to defamation and without inviting action under any other provision of law.

Allowing the operation of the 2021 Rules in its form and substance to operate would result in the writer/editor/publisher standing the risk of being punished and sanctioned, should the inter-departmental committee be not in favour of criticism of any public figure.

Adding to the above, Court stated that,

The indeterminate and wide terms of the Rules bring about a chilling effect qua the right of freedom of speech and expression of writers/editors/publishers because they can be hauled up for anything if such committee so wishes.

The 2021 Rules are, thus, manifestly unreasonable and go beyond the IT Act, its aims and provisions.

A democracy would thrive only if the people of India regulate their conduct in accordance with the preambular promise that they took while giving to themselves the Constitution.

Liberty of thought is one of such promises. Exercising this liberty, expressions take shape.

Should at least a part of Rule 9 of the 2021 Rules be not interdicted even at the interim stage, it would generate a pernicious effect.

Further, it was stated that constant fear of being hauled up for contravention of the Code of Ethics is a distinct possibility now.

Prima facie, in Court’s opinion, Rule 9 appeared to be ultra vires the provisions of the IT Act being beyond the delegated power.

Elaborating more, Bench stated that Rule 9 prima facie appeared to be infringing the constitutional guarantee of Freedom of Speech and Expression as conferred by Article 19(1)(a) in subjecting the publishers of news and current affairs content and publishers of online curated content subject to action under the statutory regime of the PC Act and the CTVN Act, which provided for an independent mechanism for any violation of the provisions of such legislation.

Therefore, transgression of powers occupied by different legislation cannot be disrupted by a subordinate legislation.

Lastly, Court held that the present challenge would be required to be regarded as an exception to the general rule of presumption in favour of the constitutionality of Rule 9. Also, Rule 9 does not conform to the statute, namely, of the Information Technology Act as also it is an intrusion into the fundamental rights guaranteed under Article 19(1)(a) of the Constitution of the publishers.

Court denied to propose to stay Rule 7 of the 2001 Rules in the absence of clear satisfaction that the petitioner in the second petition, who is himself a journalist and has sufficient personal interest in the subject matter of the dispute, has not been able to satisfy us that he is an ‘intermediary’ within the meaning of Section 2(w) of the IT Act.

Hence, the High Court directed stay f operation of sub-rules (1) and (3) of Rule 9 of the 2021 Rules.

Matter stood over to 27th September, 2021for final hearing. [Agij Promotion of Nineteenonea Media (P) Ltd. v. Union of India, WP (L) No. 14172 of 2021, decided on 14-08-2021]


Advocates before the Court:

Mr Darius Khambata, Senior Advocate with Mr Mihir Desai, Senior Advocate, Mr Karan Rukhana and Mr Ammar Faizullabhoy and Mr Varun Thomas Mathew, Advocates i/b. Ms Meenaz Kakalia, for the Petitioner in Writ Petition (L) no.14172 of 2021.

Mr Abhay Nevagi with Mr Amit Singh and Mr Vivek Patil, Advocates i/b. Abhay Nevagi & Associates for the Petitioner in PIL (L) no. 14204 of 2021.

Mr Anil C.Singh, ASG with Mr Aditya Thakkar, Mr D.P.Singh and Ms Smita Thakur, Advocates for the Respondents in both petitions.

Cyril Amarchand MangaldasExperts Corner

Ever since the enactment of the Information Technology Act, 2000 (the IT Act), the treatment of intermediary liability[1] has been pendulous. The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (“2021 Rules”), however, have brought about the most significant changes for intermediaries in terms of increasing due diligence obligations and liability in cases of non-compliance, the effects of which are already beginning to be felt.

In this article, we attempt to analyse how the 2021 Rules affect intermediaries and digital media entities from a compliance perspective and the consequences of non-compliance, especially for intermediaries.

How has intermediary liability evolved?

In order to contextualise the 2021 Rules, we start by tracing the evolution of intermediary liability when only network service providers were exempted from liability under the IT Act. The need to expand the contours of safe harbour provision was recognised, from a legislative perspective when in the year 2008, the CEO of an e-auction website Baazee.com was charged under the Penal Code and IT Act on account of an obscene video being uploaded on the website by a user.[2] Subsequently, the IT Act was amended to protect intermediaries, which merely acted as platforms for transmission of information, from the liability for offences committed without their actual knowledge. The definition of an intermediary was expanded to include online payment sites, search engines, internet service providers, etc.,[3] and exemption was granted to intermediaries  from liability arising under “any law”, as opposed to the limited protection from offences only under the IT Act provided earlier.

Following the 2008 amendment, whether an intermediary could claim safe harbour hinged largely on two factors i.e. actual knowledge about the unlawful act and compliance with due diligence obligations, as prescribed. Under the Information Technology (Intermediaries Guidelines) Rules, 2011 (2011 Rules), an intermediary was required to remove unlawful content on its platform once it acquired knowledge of such content by itself or from an aggrieved individual. Notably, the Supreme Court in Shreya Singhal v. Union of India[4] judgment, read down “actual knowledge”, to state that actual knowledge can be attributed to an intermediary only when there is a court order or notification from an appropriate government authority apprising the intermediary of unlawful content over its platform.

Over the last decade however, the role of intermediaries has increased significantly with large-scale adoption of social media platforms as a primary mode of communication and dissemination of information. Digital media also attained mainstream relevance, thereby attracting the attention of the Government to regulate such platforms. The 2021 Rules are therefore a threshold step towards such regulation.

Scope of the 2021 Rules

The 2021 Rules are divided into two parts based on their applicability. While Part II regulates intermediaries, Part III is applicable to digital media including an intermediary, publishers of news and current affairs or publishers of online curated content.[5]

In a significant departure from the 2011 Rules which regulated all “intermediaries” without any distinction in terms of their user base or the content hosted on their platform, the 2021 Rules classify the regulated entities into the following types, namely:

(a) Social media intermediary[6] with less than 50 lakh registered Indian users.

(b) Significant social media intermediary[7] (SSMI) with more than 50 lakh registered Indian users[8].

(c) Publisher of news and current affairs[9] content including news aggregators[10].

(d) Publisher of online curated content[11] which covers all online streaming platforms including over-the-top (OTT) platforms.

Due diligence obligations under the 2021 Rules

In order to claim safe harbour under the IT Act, the intermediaries must[12] necessarily undertake and comply with various obligations prescribed thereunder. With the 2021 Rules having come into effect from 26-5-2021, intermediaries are, at one end of the spectrum of compliance, required to prominently publish rules and regulation on their website informing its users about the type of information which must not be stored or transmitted on the intermediary’s computer resource (prohibited information). At the other end of diligence obligations, intermediaries, upon receiving actual knowledge in the form of an order from a court or notification from an appropriate government authority that certain information hosted by it is prohibited information, must remove or disable access to such information within 36 hours of the receipt of such order or notification.

Notably, no such order is required when an individual complaint is received about sexual imagery and the intermediary must take down such content within 24 hours of the receipt of the complaint.[13] Intermediaries are also required to provide any information under their control or possession, within 72 hours of receipt of an order in this regard, to a government agency for investigation, detection or prevention of cybersecurity incidents or offences under any law.

Another important change is the requirement to appoint a grievance officer (also prescribed under the 2011 Rules) and publish his/her name and contact details prominently on its website. Building on the 2011 Rules, the 2021 Rules make it obligatory upon the grievance officer to acknowledge any order, notice or direction issued by a court or a government agency or a complaint received from an individual user or victim. Further, a complaint must be disposed of within a period of 15 days from its receipt (as opposed to one month under the 2011 Rules).

In addition to the other due diligence requirements prescribed for all intermediaries, SSMI’s are required to comply with additional obligations which inter alia[14] include establishing a physical contact address in India; and the appointment of a chief compliance officer who will be liable for the failure of an intermediary to observe due diligence and a nodal contact person (available 24×7) to ensure compliance with orders of courts and to coordinate with law enforcement agencies, as also a resident grievance officer who shall be responsible for grievance redressal of its users.

Regulatory regime for digital media

While the IT Act did not originally envisage regulation of digital media, the 2021 Rules impose various obligations on digital media entities which carry out systematic business of making content available within India. These digital media entities would essentially include publishers of news and current affairs and publishers of online curated content (publishers), who shall adhere to a Code of Ethics (Code) prescribed under Part III of the 2021 Rules. Interestingly, even foreign news publishers with an online presence in India shall be regulated by this Code.

The 2021 Rules also mandate a three-tier grievance redressal mechanism to entertain any complaints of violation of the Code. At Level I, a grievance officer is required to be appointed by the publisher itself.[15] If a grievance is not redressed by grievance officer within 15 days, the grievance is automatically escalated to Level II which is the self-regulating body of one or more publishers or their associations.[16] At Level III, the 2021 Rules provide for establishment of an inter-departmental committee[17] which shall hear grievances from the decision of the self-regulating body or other complaints about violation of the Code.

Consequences of non-compliance of the 2021 Rules

For intermediaries, a failure to observe the 2021 Rules and comply with the due diligence requirements under Part II thereof disentitles them from claiming safe harbour under Section 79 of the Information Technology Act, 2000 (IT Act). Consequently, the intermediary becomes liable for offences under various laws including the IT Act and the Penal Code, 1860 (IPC), as the case may be.

Further, if an intermediary fails to furnish information required by a law enforcement agency, or fails to block public access to information when so directed, the IT Act prescribes that such offences are punishable with imprisonment of a term, which may extend up to seven years along with a fine.[18] Additionally, provisions of the IPC ranging from criminal conspiracy[19], sale of obscene books, etc.[20], deliberate and malicious acts intended to outrage religious feelings[21] to criminal defamation[22] and in some cases criminal breach of trust[23] and cheating[24], may also be attracted, as observed in cases involving intermediaries.

Considering the broad nature and extent of compliances prescribed under the 2021 Rules, that impose a higher threshold of diligence upon intermediaries and more particularly significant social media intermediaries (SSMIs), the immediate effect is that of inadequate or improper compliance of the 2021 Rules, divesting the intermediaries of the safe harbour under the IT Act. Consequently, this results in exposure, at the very least, to a higher number of criminal allegations and complaints being registered where intermediaries also become liable.

As regards digital media entities, the 2021 Rules specify that they will be held liable under any law contravened by them, irrespective of adherence to the Code of Ethics prescribed under the 2021 Rules.[25]  This becomes especially relevant in the present day since the threat of attracting criminal allegations by digital media platforms has become all the more prevalent, with instances of complaints or FIRs being registered against content hosted on video sharing and OTT platforms in the recent past.[26]

Interestingly though, the 2021 Rules itself do not specify penal consequences for non-compliance by the digital media entities. Rather, the 2021 Rules empower the self-regulating body or the Ministry of Information and Broadcasting (on the recommendations of the inter-departmental committee) to, inter alia warn, censure, admonish a publisher, require apology, delete or modify content to prevent incitement to a cognizable offence and issue orders for blocking of content under Section 69-A of the Act.[27]

Taking notice of the same, the Supreme Court in a recent order observed that “a perusal of the Rules indicate that the Rules are more and more in the form of guidelines and have no effective mechanism for either screening or taking appropriate action for those who violates the guidelines”.[28]

Compliance with takedown orders

Another important aspect concerning compliance with takedown orders[29] is the obligation to not store or host any unlawful information (which is defined rather broadly)[30] upon receiving actual knowledge in the form of a court order or on being notified by the Government or its agency, and to further “remove or disable access” within 36 hours from the receipt of such a court order or notification by the Government or its agency. While issuing a takedown order, the court may direct an intermediary to disable or de-index unlawful content globally.[31] Further, if an intermediary fails to comply with the takedown orders issued by a court,  the officers in charge of its affairs may become liable for prosecution.[32] Interestingly, however, it is not explicitly specified in the 2021 Rules that the notification of takedown from the Government or its agency has to be in writing, in the absence of which there may be some potential for misuse.

The 2021 Rules also impose an obligation to preserve information and associated records of information that has been removed, for a period of 180 days for the purpose of investigation, or a longer period if required by a court or a government agency. Pertinently, this condition also applies in cases where the information has been removed based on grievances received under the prescribed grievance redressal mechanism of intermediaries.[33]

Identification of first originator

Significantly for SSMIs, an additional obligation is imposed to enable the identification of the first originator of information, if required by a judicial order passed under Section 69 of the IT Act and the rules thereunder.[34] While the 2021 Rules clarify that such an order shall be passed for prevention, detection, investigation, prosecution or punishment of “serious” offences, which are punishable with imprisonment for a term of not less than five years, a direct implication of this is the possibility of compromising the end-to-end encryption of the messages that may be provided by the intermediary.

It is also interesting to note in this regard that in case the first originator of any information is located outside India, the first originator of the information within India shall be deemed to be the first originator of the information.

Another aspect that is of relevance for SSMIs is that the 2021 Rules encourage deployment of technology-based measures, including automated tools or other mechanisms, which at present appear to be mainly for identifying sexually explicit content. However, this aspect entails careful consideration of various legal and ethical issues when being implemented practically.

Achieving a fine balance

At first glance, the 2021 Rules cast a wide net over the various intermediaries and digital media platforms and seek to achieve several objectives with an intent to regulate the online space. The significance of intermediaries, and especially SSMIs, in the present day and age cannot be overstated, as online spaces are a ubiquitous and relevant part of society. Considering the direct impact intermediaries have on society and polity, a regulation was in the offing. However, the lack of a robust consultation process while formulating the 2021 Rules has raised cause for concern and criticism with several challenges being filed[35] against them which are now under judicial scrutiny. The effects of non-compliance have also been made apparent, with clear indications being given to intermediaries to comply with the 2021 Rules, despite subsisting challenges being pending.

Many questions however remain. Whether the stated intent of the 2021 Rules to empower the common user is attainable? Whether due diligence obligations imposed on intermediaries are practical or enforceable uniformly even across the new classifications? Whether the penal consequences associated with non-compliance of the 2021 Rules are commensurate with the offences an intermediary may be charged with?

Added to this is the aspect that while the 2021 Rules appear to augment the ability of law enforcement agencies to access information from intermediaries, whether sufficient safeguards can be exercised to prevent overreach or abuse.

It also remains to be seen how the Government or its agencies utilise the takedown provisions or how the grievance redressal mechanisms introduced under the 2021 Rules are practically implemented. The discourse on regulation of digital media entities is a separate discussion altogether.

While the 2021 Rules are under challenge before various High Courts,[36] by SSMIs, independent media and civil society organisations, another important question, that necessarily falls for consideration is the effect the rule will have on user engagement and online discourse, especially from free speech and privacy perspective, where maintaining a fine balance is imperative for a democracy.


Partner, Cyril Amarchand, Mangaldas.

†† Senior Associate, Cyril Amarchand Mangaldas.

††† Associate, Cyril Amarchand Mangaldas.

[1] S. 79 of the IT Act incorporates a safe harbour provision shielding online intermediaries from liability under various laws, for any unlawful content uploaded by their users.

[2] Avnish Bajaj v. State (NCT) of Delhi, 2004 SCC OnLine Del 1160 : (2005) 79 DRJ 576.

[3] S. 2(w), IT Act.

[4] (2015) 5 SCC 1.

[5] R. 2(i), 2021 Rules.

[6] R. 2(w), 2021 Rules.

[7] R. 2(v), 2021 Rules.

[8] Government of India, Ministry of Electronics and Information Technology, F.No.16(4)/2020-CLES (25-2-2021), <https://images.assettype.com/barandbench/2021-02/da6bb41f-8289-4148-9b99-308cf1ed21b6/Significant_Social_Media_Intermediary.pdf>.

[9] R. 2(t), 2021 Rules.

[10] R. 2(o), 2021 Rules.

[11] R. 2(u), 2021 Rules.

[12] R. 3, 2021 Rules.

[13] R. 3(2)(b), 2021 Rules.

[14] R. 4, 2021 Rules.

[15] R. 11, 2021 Rules.

[16] R. 12, 2021 Rules.

[17] R. 13, 2021 Rules.

[18] Ss. 69 and 69-A, IT Act.

[19] S. 120-B, IPC.

[20] Ss. 292 and 293, IPC.

[21] S. 295-A, IPC.

[22] S. 499, IPC.

[23] Ss. 406, 408, IPC.

[24] Ss. 415 and 420, IPC.

[25] R. 9(2), 2021, Rules.

[26] Aparna Purohit v. State of U.P., 2021 SCC OnLine All 179.

[27] R. 12(4), 2021, Rules.

[28] Supra note 9 (order dated March 5, 2021).

[29] R. 3(d), 2021 Rules.

[30] “… which is prohibited under any law for the time being in force in relation to the interest of the sovereignty and integrity of India; security of the State; friendly relations with foreign States; public order; decency or morality; in relation to contempt of court; defamation; incitement to an offence relating to the above, or any information which is prohibited under any law for the time being in force.”

[31] X v. Union of India, 2021 SCC OnLine Del 1788.

[32] Id. at para 93; S. 85, IT Act.

[33] R. 3(2), 2021 Rules.

[34] R. 4(2), 2021 Rules.

[35] SDS Infratech (P) Ltd. v. National Faceless Assessment Centre Delhi, WP (C) No. 6272 of 2021 filed on 10-3-2021.

[36] Praveen Arimbrathodiyil v. Union of India, WP (C) No. 9647 of 2021, order dated 9-4-2021(Ker); Foundation for Independent Indian Journalism v. Union of India, WP (C) No. 3125 of 2021, order dated 28-6-2021.

Op EdsOP. ED.

Child safety: Challenges in the online ecosystem

The increased popularity of digital spaces, especially among minors, has led to them being exposed to new forms of exploitation on troubling scales. These include “made to order” services that allow the perpetrator to apply filters relating to age, gender and race of the children while requesting Child Sexual Abuse Material (CSAM)[1], services that allow the perpetrator to view child sexual abuse via live stream and, in some cases, even direct it. These are issues that need urgent attention, especially when a third of the users of the internet are children.

There is unanimous agreement on the need to protect children in digital spaces and the need to mitigate the proliferation of CSAM online on a global scale. The most common solutions offered are focused on maximising security, while privacy takes a back seat. The narrative around the right to privacy primarily focuses on adults, while minors’ right to privacy is taken for granted. This focus must shift taking into account the rights of children that, similar to human rights are “interdependent, non-hierarchical and indivisible”.[2]

Law of the land: Indian and the American regime

In an attempt to curb the increased dissemination of CSAM online, the Indian Government has introduced various provisions in the Information Technology (Intermediary and Digital Media Ethics Code) Rules, 2021 (Rules)[3]. For instance, Rule 4(2) mandates that significant social media intermediaries must enable the identification of the first originator of information on a computer resource for a prescribed number of reasons, one of which is that of CSAM. They must also endeavour to engage in proactive monitoring of CSAM per Rule 4(4).

The United States EARN IT Act of 2020 also lays down best practices in order to curb the dissemination of CSAM.[4] It mandates the creation of “backdoors” in encrypted technology so as to allow law enforcement agencies (LEAs) to access communications. In several publications, Rianna Pfefferkorn, a leading Stanford based cybersecurity expert, has highlighted the dangers such legislation poses on individual privacy.[5]

Whether it be the “originator traceability” envisaged in the IT Rules of 2021 or the “backdoors” mandated in the EARN IT Act of 2020, both are the antithesis of user privacy and free speech as they compromise the security provided by end-to-end encryption. There is a global push towards weakening end-to-end encryption be it via the EARN IT Act of 2020, the Draft Council Resolution by the Council of European Union,[6]  or the Five Eyes Communique[7]. However, there is little evidence to show that perpetrators have been caught or penalised specifically as a result of such decryption. On the contrary, Anand Venkatnarayanan explains how Governments are seeking extant surveillance by breaking end-to-end encryption behind the veneer of child safety, which is the definition of Pedophrastry.[8]

Flawed approach: Explained time and time again

It is important to note that perpetrators do everything they can to remain inconspicuous on these platforms. They may create their own encrypted platforms, or might begin using platforms that are already encrypted. Criminals and terrorists also tend to develop their own encrypted platforms or networks.[9] The technology will still be readily available on the internet, and the passing of such legislation will not be able to keep criminals from using it. If encryption is outlawed, only the outlaws will have encryption, while law-abiding citizens shall be rendered susceptible to attacks by hostile actors.

The granting of exceptional access to law enforcement agencies is challenging from a technological perspective. The deliberate introduction of a vulnerability (in this case the grant of exceptional access to LEA’s) in the system also makes it vulnerable to unauthorised access by hostile third parties,[10] including enemy States. There is also the danger of an abuse of such power by the State.[11] The chilling effect on one’s freedom of speech and expression and the dangers of surveillance has already been discussed by several. Limited use of technology like PhotoDNA on publicly available data or unencrypted data to tackle is one thing, but to conduct mass surveillance by scanning everything going on an encrypted chat is a clear violation of both free speech and user privacy.

The Telecom Regulatory Authority of India has already stated that the security architecture of end-to-end encrypted platforms should not be meddled with for now as the same may render the users susceptible to cyber vulnerabilities.[12] The Supreme Court, in K.S. Puttaswamy v. Union of India,[13] judgment highlighted that any measure infringing upon one’s right to privacy must be sanctioned by law, necessary, must have a legitimate aim and the extent of the same must be proportionate in nature. Dr Menaka Guruswamy[14], Senior Advocate – Supreme Court of India and Mr Kazim Rizvi[15] Founding Director of The Dialogue, have already discussed at length as to why the traceability mandate fails to meet the Puttaswamy test laid down by the Supreme Court.

Way forward: Ensuring privacy and security of the child

CSAM must be tackled with all the strength of the State but not in the way that it harms the best interest of the child itself. A child’s privacy is equally important. If by breaking encryption or enforcing traceability, the security architecture of the services used by the child is weakened rendering him susceptible to abuse then there is no point of this measure. The child is still rendered unsafe. Our methods must keep the interest of the child at the centre of the debate.

The CyberPeace Foundation has recommended a few solutions that attempt to strike a balance between maintaining the child’s right to privacy and the need to intervene in cases as critical as the dissemination of CSAM.[16] These include establishing a standard operating procedure, a hash register, a mandatory “report CSAM button”, etc.

Further, the Carnegie Endowment in its Working Paper on Encryption Policy stated that absolutist positions disallow policymakers from developing a nuanced approach to tackle this issue. The two positions rejected were – access to encrypted communication should never be granted and we should not look for solutions under the same; and LEA’s cannot protect the public without access to all encrypted data.[17] Policies must be subject to the principles of law, enforcement utility, limitation, transparency, evaluation and oversight, auditability, focus and specificity and equity. This will ensure that there is greater granularity of debate and allow viable solutions to be developed.

It is equally important to build the capacity of the law enforcement agencies. The American Invest in Child Safety Act is a brilliant initiative which created a mandatory funding of 5 billion dollars along with 100 FBI agents and 65 more positions in the National Center for Missing and Exploited Children to tackle online sexual abuse.[18] This along with efforts to create community level awareness about child sexual abuse is key to tackling CSAM.

Moreover, we must take more cooperative steps like building the meta-data analysis capabilities of the LEAs with support from Big Tech and academia. If end-to-end encryption is outlawed or weakened, the criminals will, as they have in the past, simply shift to unregulated end-to-end encrypted platforms or create their own platforms. Thereafter the LEAs would not even have access to the meta-data which regulated platforms provide.

The IT Rules of 2021 mandate originator traceability (tell me who the first sender is). This as the technical experts[19] and organisations[20] explain is incompatible with the very idea of end-to-end encryption. Accordingly, Rule 4(2) must not be implemented right away and a wider stakeholder consultation with technical experts must be conducted to better understand how such challenges must be tackled keeping the best interest of the child in mind.


  Programme Manager (Platform Regulation & Encryption) at The Dialogue.

†† Policy Research Associate at The Dialogue.

[1] United Nations, Office on Drugs and Crime (UNODC), “Study on the Effects of New Information Technologies on the Abuse and Exploitation of Children” (2015). <https://www.unodc.org/documents/Cybercrime/Study_on_the_Effects.pdf>.

[2] United Nations, UNICEF Office of Research – Innocenti, Florence, (2020), Encryption, Privacy and Children’s Right to Protection from Harm, Innocenti Working Papers No. 2020-2014. <https://www.unicef-irc.org/publications/pdf/Encryption_privacy_and_children’s_right_to_protection_from_harm.pdf>.

[3] <http://www.scconline.com/DocumentLink/8OCMsY3m>.

[4] Riana Pfefferkorn, The EARN IT Act is a Disaster Amid the COVID-19 Crisis, the Brookings Institution, (4-5-2020) <https://www.brookings.edu/techstream/the-earn-it-act-is-a-disaster-amid-the-covid-19-crisis/>.

[5] Riana Pfefferkorn, Client-side Scanning and Winnie-the-Pooh Redux (Plus Some Thoughts on Zoom), the Centre for Internet and Society, (11-5-2020, 4.16 p.m.) <http://cyberlaw.stanford.edu/blog/2020/05/client-side-scanning-and-winnie-pooh-redux-plus-some-thoughts-zoom>.

[6] Draft Council Resolution on Encryption by Council of EU, Security through Encryption and Security Despite Encryption <https://files.orf.at/vietnam2/files/fm4/202045/783284_fh_st12143-re01en20_783284.pdf>.

[7] The United States Department of Justice, Office of the Attorney General, Press Release No. 20-1,086, International Statement: End-to-End Encryption and Public Safety, (11-10-2020) <https://www.justice.gov/opa/pr/international-statement-end-end-encryption-and-public-safety>.

[8] Anand Venkatanarayanan, “The New Avatar of the Encryption Wars”, Hindustan Times, (4-2-2021 9.04 p.m. IST) <https://www.hindustantimes.com/opinion/the-new-avatar-of-the-encryption-wars-101612444931535.html>.

[9] Robert Graham, How Terrorists Use Encryption, CTC Sentinel, Vol. 9 Issue 6, CTCS 20 (June 2016) <https://www.ctc.usma.edu/how-terrorists-use-encryption>.

[10]  Josephine Wolff, What Exactly are the NSA Hackers Trying to Accomplish?, Slate, (17-8-2016, 4.10 p.m.) <https://slate.com/technology/2016/08/what-exactly-are-the-shadow-brokers-trying-to-accomplish.html>.

[11] CBS News, Police Sometimes Misuse Confidential Work Databases for Personal Gain: AP, CBSN, (30-9-2016) <https://www.cbsnews.com/news/police-sometimes-misuse-confidential-work-databases-for-personal-gain-ap/>.

[12] Telecom Regulatory Authority of India, Recommendations on Regulatory Framework for Over-the-Top (OTT) Communication Services, (14-9-2020)

<https://www.trai.gov.in/sites/default/files/Recommendation_14092020_0.pdf>.

[13] (2018) 1 SCC 809< http://www.scconline.com/DocumentLink/nnXl4mu5>.

[14] Faye D’Souza and Menaka Guruswamy, Are the New Digital Regulations Unconstitutional? (26-2-2021)

 <https://www.youtube.com/watch?v=bGFj-1dkffY&t=23s>.

[15] Kazim Rizvi and Shivam Singh, Does the Traceability Requirement Meet the Puttaswamy Test?, LiveLaw (15-3-2021) <https://www.livelaw.in/columns/the-puttaswamy-test-right-to-privacy-article-21-171181>.

[16] Cyber Peace Foundation, Technology Law and Policy Group, End (-to-End Encrypted) Child Sexual Abuse Material, (2020) ISBN: 978-93-5416-448-4, <https://www.cyberpeace.org/CyberPeace/Repository/End-to-end-Encrypted-CSAM-2.pdf>.

[17] The Carnegie Endowment for International Peace, Encryption Working Group, Moving the Encryption Policy Conversation Forward, (10-9-2019) <https://carnegieendowment.org/2019/09/10/moving-encryption-policy-conversation-forward-pub-79573#:~:text=Strong%20data%20encryption%20thwarts%20criminals,to%20move%20the%20debate%20forward>.

[18] Adi Robertson, New Bill would Put $5 Billion toward Fighting Online Child Abuse, The Verge, (6-5-2020) <https://www.theverge.com/2020/5/6/21249079/online-abuse-invest-child-safety-act-fbi-investigations-bill-wyden-eshoo>.

[19] The United States Department of Justice, Office of the Attorney General, Press Release No. 20-1,086, International Statement: End-to-End Encryption and Public Safety, (11-10-2020).

[20] Internet Society, Experts’ Workshop Series on Encryption in India, Traceability and Cybersecurity, (27-11-2020) <https://www.internetsociety.org/resources/doc/2020/traceability-and-cybersecurity-experts-workshop-series-on-encryption-in-india/>.

Fact ChecksNews

The Ministry of Electronics and Information Technology has written a letter (No. 16(4)2020-CLeS) dated 5th June, 2021 to Twitter Inc. with the subject line ‘Compliance of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021. 

The letter states that the Ministry is disappointed with Twitter Inc’s response to the clarifications sought by the government. The new rules came into effect on 26th May, 2021 and it has been more than a week but Twitter hasn’t not complied with the rules. The government has expressed the following objections relating to non-compliance:

  1. Twitter Inc has not informed the government regarding the Chief Compliance Officer which is required under the rules.
  2. The Resident Grievance Officer and Nodal Contact Person nominated by Twitter is not an employee of the company.
  3. Office Address of Twitter Inc is of a law firm in India, which is not as per the rules.

Since this letter was made public the #BanTwitterInIndia has been trending on twitter. But does the letter by the government talk about any kind of ban at all? Let us analyse.

The government letter states that non-compliance with the rules will lead to Twitter losing exemption from liability as an intermediary available under Section 79 of the IT Act, 2000 which has clearly been provided under Rule 7 of Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021.

Let us see what Section 79 of IT Act, 2000 says

  1. Exemption from liability of intermediary in certain cases.—(1) Notwithstanding anything contained in any law for the time being in force but subject to the provisions of sub-sections (2) and (3), an intermediary shall not be liable for any third party information, data, or communication link made available or hosted by him.
    (2) The provisions of sub-section (1) shall apply if
    (a) the function of the intermediary is limited to providing access to a communication system over which information made available by third parties is transmitted or temporarily stored or hosted; or (b) the intermediary does not—

(i) initiate the transmission,

(ii) select the receiver of the transmission, and

(iii) select or modify the information contained in the transmission;

(c) the intermediary observes due diligence while discharging his duties under this Act and also observes such other guidelines as the Central Government may prescribe in this behalf.

(3) The provisions of sub-section (1) shall not apply if—

(a) the intermediary has conspired or abetted or aided or induced, whether by threats or promise or otherwise in the commission of the unlawful act;

(b) upon receiving actual knowledge, or on being notified by the appropriate Government or its agency that any information, data or communication link residing in or connected to a computer resource controlled by the intermediary is being used to commit the unlawful act, the intermediary fails to expeditiously remove or disable access to that material on that resource without vitiating the evidence in any manner.

Explanation.—For the purposes of this section, the expression “third party information” means any information dealt with by an intermediary in his capacity as an intermediary.]

Text of Rule 7 of  Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 states that
7. Non-observance of Rules.—Where an intermediary fails to observe these rules, the provisions of sub-section (1) of Section 79 of the Act shall not be applicable to such intermediary and the intermediary shall be liable for punishment under any law for the time being in force including the provisions of the Act and the Indian Penal Code.

After reading the bare provisions it is quite clear that there is no mention of ban anywhere in Section 79. If Twitter fails to comply with the Rules of 2021, it loses protection from liability. Therefore, the intermediary shall be liable for any third party information, data, or communication link made available or hosted by him.
Therefore we can safely say that the letter by the Government of India to Twitter Inc is being wrongly interpreted by many Twitter users. The letter does not talk of any ban as a consequence of not complying with the rules. The consequences of losing protection under Section 79, IT Act, 2000 means that the intermediary (in this case Twitter) can now be taken to court for any content that is posted on its website by any user.

The letter goes on to say that refusal to comply demonstrates Twitter’s lack of commitment and effort towards providing a safe experience for the people of India. The letter further states that Indian people who are abused on the platform or harassed, subjected to sexual abuse, defamed etc should get redressal mechanism created through due process of law. The letter ends with the Government of India giving Twitter ‘one last notice’ as a ‘gesture of goodwill’ failing which exemption granted under Section 79 would be withdrawn.