Explained: New IT Rules

In the present times use and impact of media tools is unprecedented. Social media, or any other source of information dissemination is no more just a tool to connect, converse and read. Rather, all these platforms have become a gadget to throw opinions as facts, debate without knowledge, accuse, media trials and even cross limits to abuse. This has less to do with media platforms but more to do this how netizens use and treat them, how they perceive sharing information, and how they react to information available. This changing pattern in perception, use, rather misuse has somewhere brought in the need for rules that ensure that netizens are protected from all menace, even the ones they themselves create, intentionally or not. This has somewhere paved way for the need of newly legislated Rules for such platforms. Recently in February 2021, the Ministry of Information, brought forward The Information Technology (Intermediary Guidelines & Digital Media Ethics Code) Rules, 2021 [hereinafter “The Rules”]. The Government issued an official statement pertaining to the rules, stating that the rules were framed in the exercise of power in response to rising questions of lack of transparency, accountability and user rights in digital media after extensive consultation with the public and stakeholders. These rules replace the Information Technology (Intermediaries Guidelines) Rules, 2011. It is important to note that these rules are not just restricted to social media platforms, but also encompass the Over-the-top [ hereinafter “OTT”] platforms. In the present article the author will discuss the reason, the need for such rules, what these rules entail and other related dimensions.

Significant elements of the rules: What do the rules entail?

The Rules begin with providing operational definitions to various terms, forming important part of various other provisions; access services, digital media, grievances, news aggregator, online curated content, to name a few. The government has clarified that social networking sites are welcome in India but for the same they will have to comply with the Indian Constitution and the legislation. There is no doubt that social media platforms are useful for raising questions and criticising them. But it is important to ensure that these uses are not left unchecked. Ordinary people are empowered by social media platforms, yet responsibility for exploitation and abuse is required. The new Regulations enable ordinary social media users to make complaints and to resolve them quickly. The laws for digital media and OTT focus more on in-house and self-regulation measures including thorough complaint redress and journalistic and creative freedoms. The proposed framework is gradual, liberal and current. It is designed to address a number of problems without dissipating fears of restricting innovation and freedom of expression. The standards were developed to distinguish between viewing a film in theatre or on TV and watching it on the internet.[1]

At this stage, it is important to take note of certain significant aspects of the rules. Some of the salient features are: –

  1. Due diligence by intermediaries- Intermediaries are firms or organisations which, on behalf of others, store or transmit data. For instance, we have internet or telecom service providers, online markets and social media platforms. The rules require the intermediaries to exercise due diligence in several ways, like (i) by informing the user of the rules, regulations and conditions for the use of their services; (ii) by blocking access to illegal information within 36 hours of receipt of a court or government order and (iii) by retaining information collected in connection with user registration for 180 days following cancellation or with the user’s consent. The Indian Computer Emergency Response Team requires intermediaries to report and provide cybersecurity events. These seems to put a check point to filter unwanted elements from the desirable ones to make internet a better and safer place. The due diligence, expected out of the intermediaries also includes appointment of personnel.[2] As per Rule 4(a) an intermediary is required to engage a Chief Compliance Officer to ensure compliance with the IT Act and its obligations. The Chief Compliance Officer will be held responsible for all actions involving third-party information if he or she does not ensure that the intermediary has carried out due diligence. The CEO must be a “key manager” or a senior employee of the organisation, and he or she must be based in India. Moreover. Under rule 4(b), a social media intermediary must choose a nodal person who will coordinate 24 hours a day and seven days a week with the law enforcement agencies, and ensure that orders and requests are followed up with the company. The nodal contact person must be an employee, not the chief conformity officer and must be an Indian resident. In addition to that, as per rule 4(c), the intermediary is also required to appoint a Resident grievance officer. This officer has to be a resident of India and is in charge for confirming that the intermediary meets the due diligence criteria of the grievance remedy process.
  2. Code of ethics[3]– The code under the guidelines applies to publishers of digital media, such as news, content providers and OTT platforms. The rules of 2021 require digital news providers to comply with the 1995 Cable Television Network Regulation and Journalistic Code. Capital considerations for OTT platforms are the separation of material into age-appropriate categories, the introduction of the age verification system for accessing adult contents and content accessibility for handicapped people. A news and current affairs publisher, as well as an online content publisher shall notify the Ministry of the peculiarities of his entity and provide the relevant information and documents for contact and cooperation.
  3. Grievance redressal- The Rules require a complaint redress process for intermediaries and digital media companies. Intermediaries shall appoint a complaint officer to handle complaints concerning infringements of the Regulations. Within 24 hours, concerns must be recognised and remedied within 15 days. The Digital Media Publishers (News and OTT) will have a three-tier complaint redress mechanism in place to deal with content complaints: (i) publisher’s self-regulation, (ii) editors’ self-regulation and (iii) central government supervision. The publisher will employ an Indian grievance redress officer to answer concerns within 15 days.[4] The Ministry of Information and Broadcasting (MIB), as part of its monitoring system, will establish an Interdepartmental Committee to listen for questions not handled by self-regulatory bodies and check compliance with the ethical code.

In the grievance recourse mechanism, non-consensual transmission of content that exposes the privacy of a person, contains an entirely nudist or partial image or depicts a person in any sexual act or behaviour, or contains impersonations, including artificially framed images, is subject to a specific and separate requirement. For such content, an extra condition is in place: it must be conveyed in order to harass, intimidate, threaten or abuse someone. In the case of such material, the intermediary is expected to remove a complaint within 24 hours.[5] The intermediary must also put up a system for receiving complaints in this area, in which details or correspondence can be submitted by the individual. This is an essential focus on a controversial and troubling sort of internet content. This is a good beginning towards addressing the problem of nudity/sexual content distributed without permission. Despite the twenty-four-hour rule, mediators must work best in all such instances.

  • Information blocking- In situations of emergency, authorised officials may analyse digital media content, and a temporary order forbidding the use of such materials can be issued by the Secretary of the MIB. The final order for restricting materials is to be issued only once the Interdepartmental Committee has given its approval. The content must be unblocked if it is not approved by the Committee.
  • Significant social media intermediaries- Social media intermediaries having more than 5 million registered users in India are the ‘significant social media intermediaries’. These intermediaries must also conduct further due diligence, such as appointing a chief compliance officer, establishing a complainant located in India and publishing a monthly compliance report to ensure compliance with the IT Act and the Rules. Intermediaries offering messaging as a core service must be able to determine their platform’s original data source. This originator must be disclosed if a court or government action requests this. Such an order will be given for certain circumstances, including investigation of offences involving sovereignty and security of the state, public order or sexual violence. No such order will be issued if less intrusive techniques of identifying the source of the information are effective. The substance of any communication shall not be required by the intermediary to be divulged. If the initial originator is outside India, he is the first originator within India of that knowledge.

These features are well articulated, making various nuances clear to the addressees. The rules not only list the rules, they even describe each stakeholder in order to ensure that no one gets off the hook because of any “ambiguity”. But these rules can create problems for a few. The rules may lead to complications for online chat companies such as Signal and Telegram, which do not have operations in India. Similarly, this rule will add to financial and operational burden for a range of other small intermediaries.

The topsy turvy ride of the rules: Is it all good do they have a flip side?

The fact that we have noble intentions behind a move does not necessarily means that the act is all good. Certain elements like these rules do have a flip side and usually they are a casualty. But sometimes government itself, intentionally curbs certain freedoms in name of security and safety. What is the case with these rules?

It is true that social media has its own set of shortcomings. We owe accountability and user rights to the large platforms. This new government plan, in set of these rules, sadly, exacerbates the problem. It actually acts as a gateway to more censorship and less privacy for users. Certain elements of the rules are problematic.

The first of the three main trends we will be discussing is the OTT proxy regulation and news media platforms. In my perspective, this is definitely unconstitutional. The Rules describe in the Appendix to the Rules the “Code of Ethics and Procedures and Safeguards for Digital/Online Media” that shall apply to “related enterprises.” ‘News publishers and current affairs content’ and ‘intermediaries that principally facilitate the transmission of news and current affairs content,’ ‘electro-curated content publishers’ and ‘intermediaries’ in particular for online curated content’ are all ‘relevant bodies’ as defined in Rule 7. Moreover, the Rules provide three levels for observing and abiding by the Code, as: ‘Level I – Self-regulation by the applicable entity;’ ‘Level II – Self-regulation by the self-regulating bodies of the applicable entities;’ and ‘Level III – Supervision by Central Government.’ What does that mean, exactly? More censorship and government monitoring are most likely. This supervisory organisation is being set up without sufficient legislative support and will progressively assume tasks that are akin to those done by the TV regulation’s Minister for Information and Broadcasting. For instance, according to Rule 13(4), this now includes censoring options, such as apology scrolls, and barring content! All this is planned without any legislative support or special parliamentary legislation.[6]

Any proposed legislation in India dealing to OTT video streaming could be immensely detrimental to individual and national rights. India is no longer a consumer but a supplier of original, high-quality videos that employ and entertain audiences in India and outside. It is strongly in competition with other countries, such as South Korea, and requires an environment that recognises that traditional cinema or television regulations can seriously hinder the sector. Any such regulatory system will almost probably have a major impact on the digital rights of citizens, create economic harm and hamper India’s growing cultural influence through the production of current and current video entertainment. There are many possible dangers here.

The Mint released on 12 February 2021 a news entitled ’17 OTT platforms announce self-regulation toolbox’ which stated that 17 of India’s leading streaming services have launched an IACT toolkit to prevent government intentions to issue code for all OTT services.[7] This toolkit is based on the adoption by 15 Indian streaming services and the digital companies of the online curated content providers’ code of self-regulation. There are a lot of shortcomings in the code itself, including encouraging self-censorship.

Several concerns arise with the control of news media. Because news media is not subject to the Information Technology Act of 2000, the guidelines have no legal ability to govern them. Furthermore, these requirements contravene Article 79 of the IT Act, which, under certain situations, provides a “safe harbour” as a liability exemption. These guidelines therefore constitute an underlying attempt to regulate online news media by bringing them under the aegis of the Information Technology Act of 2000, instead of the correct procedures for parliamentary examination and subsequent legislation.

The unclear definition of “news manufacturer and contents of current affairs” can lead to more arbitrary decisions. Newspaper replicas are not included in the definition. Will that mean that media sources such as Caravan Magazine, a monthly magazine and a social media storm recently caused by the blockage of Twitter accounts, are categorised as “News and Content Publishers?”[8] This vagueness in the term would empower the government to exercise significant discretionary powers arbitrarily, including the capacity to censor the media at will. This concept is also of value to established media firms, which are free from these constraints and may include a newspaper as a fundamental element of their activity. On the other hand, smaller independent media outlets may not have the capacity to do this and instead must rely on the Internet to distribute information and news. This discriminative approach between online news media and traditional newspapers, and legacy media will force more duties on the former, perhaps stifling, autonomous online media based on an unclear definition which leads to confusion and ambiguity.

Furthermore, the objective of pressuring big news and current affairs publishers to notify the government’s Broadcast Seva is unclear. For example, the Press and Registration of Books Act of 1867 required registration in order to preserve copies of books and periodicals published in India. While this was vital in 1867, in the modern digital age, with the internet keeping track of news and current events, such criteria have outlived their archival purpose. As a result, the goal and scope of Rule 16 of the rules’ notice duty must be extensively examined. It’s also worth noting that, while the government had planned to implement these changes through legislation that would need to be approved by Parliament, it now has the option of doing so through executive order, avoiding legislative debate.[9]

The Rules have made it mandatory for a substantial social media intermediary that primarily provides messaging services, such as WhatsApp, Signal, Telegram, and others, to enable the identification of the first source of information under Rule 5(2). This demands traceability, without which end-to-end encryption would be rendered meaningless. Previous efforts to provide traceability in a way that is consistent with end-to-end encryption have been found to be vulnerable to spoofing, where bad actors can alter the original information to falsely incriminate an innocent individual.[10] Furthermore, the sender of the communication has no say in who forwards it, how many times it is forwarded, or where it is forwarded. Many services preserve minimal user data for electronic information exchange and use end-to-end encryption to provide consumers with confidence, security, and privacy. These are used by millions of Indians to protect themselves from identity theft, code injection attacks, and other threats. As more areas of our lives demand our personal data to be pooled and analysed on a scale never before imagined, encryption is becoming increasingly important. The government has already been admonished by the Justice Srikrishna Committee on Data Protection for demanding inadequate encryption levels in licence agreements with telecom service providers, noting that this “poses a threat to the safety and security of data principals’ personal data.” By introducing the requirement of “traceability,” this is being tinkered with without any thought or involvement of technical experts in an open consultative process, without any data protection law or surveillance reform. Learn how encryption technologies safeguard and extend human freedom in this Independence Day presentation by Dr Debayan Gupta, Assistant Professor of Computer Science at Ashoka University. This traceability requirement has important ramifications for ordinary Internet users, as well as the  IT (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009 that provide the option to direct ‘decoding’ must be evaluated in combination with the MHA notification. We lack adequate legislative or judicial supervision and the latest regulations drawn down would extend the government’s authority over ordinary people massively, alarmingly comparable to China’s prohibition and break of user encryption to spy on its populace.

Another issue is that Rule 5 (2) is outside of the scope of the parent provision, Section 79 of the IT Act, insofar as it requires adjustments to the design of encrypted platforms to permit traceability. Note that the power to impose encryption standards and procedures is provided for in Section 84A of the IT Act rather than Section 79, which is a safe harbour clause. The Central Government is also authorised by Article 84A to develop encryption methods and procedures in order to “safeguard the electronic medium and promote e-government and e-commerce.” In order to allow for traceability any attempt to weaken encryption would be less than the objective of enabling secure electronic communication.

The Rules are designed to transform the access and use of Internet by millions of Indians. Many of the proposed measures that we first defined in 2018 as a “Chinese Internet surveillance and censorship model” are being further refined. We need to be concerned that although the drawn-up regulations have undergone considerable revisions and some visible improvements in precision, the hearts and contents of these issues have not altered and there have been various new regulatory areas formed without a public debate. In certain respects, this has gone worse, with the anticipated expansion of the presidential power to control the unlawful and unconstitutional Internet media and video streaming firms. This requires a new consultation, starting with a white paper. The Internet Freedom Foundation argues that regulations based on our constitution and promoting fundamental rights are evident. This helps to ensure the much-required supervision and responsibility in the technology business. The current approach does not only fail to execute it in law and spirit, but also threatens to stifle our online opinions and jeopardise our privacy.

Conclusion

Safety and security and freedom and liberties have to be balanced to ensure that neither rights are walked over upon, nor safety is overlooked. However, in order to attain one set of necessity, usually the other is compromised. The rules are a well-intentioned attempt but they do have loopholes that are nothing short of blatant snatching of digital rights. This rule will definitely fight and safeguard us against several issues. Many women in this digital era have been harassed through internet with getting their images morphed, for instance and thus set of rules like the one in question do come as a relief. Another major menace these rules are capable of annulling is Fake news. This issue has actually grappled all aspects of life and made media platforms a tool for many to throw any fact as per their whims and fancies. These fake news have not only created political turmoil but even causes mob lynching, communal disharmony, sabotaging of many people’s reputation and worst case, media trials. However, there is a negative side of this armour that aims to protect us. Some of the provisions in the rules undermine the users’ freedom of expression and even walks all over the privacy. Certain alterations, if made, can make this rule a better device to ensure safety and security of the netizens.


[1] Government notifies Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021, Press information Bureau, Government of India, February 25 2021, https://pib.gov.in/PressReleseDetailm.aspx?PRID=1700749

 

[2] SS Rana & Co., “Analysis of the information technology (intermediary guidelines and digital media ethics code) rules, 2021”, Lexology, March 4 2021

[3] Part III, The Information Technology (Intermediary Guidelines & Digital Media Ethics Code) Rules, 2021

[4] Chapter I, Information Technology (Intermediary Guidelines & Digital Media Ethics Code) Rules, 2021.

[5] Ibid

[6] “An extensive critical analysis of Draft IT Rules 2021”, Lexlife, May 6 2021, https://lexlife.in/2021/05/06/an-extensive-critical-analysis-of-draft-it-rules-2021/

[7] Lata Jha, “17 OTT Platforms release self-regulation toolkit”, Live Mint, February 12 2021, https://www.livemint.com/industry/media/ott-services-release-tool-kit-for-selfregulation-11613035662795.html

[8]Government censorship and the dire need of transparency”, Internet Freedom Foundation, February 8 2021, https://internetfreedom.in/government-censorship-and-the-dire-need-for-transparency/

[9]Say no to over-regulation of digital news media”, Internet Freedom Foundation, December 23 2019, https://internetfreedom.in/say-no-to-overregulation-of-digital-news-media-and-social-media/

[10]IFF files independent expert’s submission before Madras HC on PIL relating to encryption and traceability”, Internet Freedom Foundation, August 23 2019, https://internetfreedom.in/iff-files-independent-expert-submission-before-madras-hc/


Author: Divya Sharma from NLU, Jodhpur.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s