Proposed new IT rules could let Indian government impose Chinese-style online censorship

We may earn a commission for purchases made using our links.

The Indian government, through the Ministry of Information and Technology, has proposed an amendment to the Information Technology (Intermediaries Guidelines) Rules 2011 through a draft Rules of 2018, which aims to “strengthen the legal framework and make the social media platforms accountable under the law“. This amendment was proposed in light of the fake news accidents in the country in mid-2018, when fake news being circulated on social media platforms led to several misunderstandings, and caused disharmony and deaths.

While the intention of the government may have been well, seeing how fake news is a problem that we still deal with, the proposed amendment gives the government extremely broad powers to suppress internet content and restrict freedom of speech of Indians on the internet. The new rules effectively require end-to-end encryption to be broken so that the origin of messages can be traced, as well as require platforms to proactively deploy technology that would filter content that is deemed as “harmful”. They also grant teeth to the government to remove content that they deem libelous, invasive of privacy, hateful or deceptive.

For example, here are a few snippets of the proposed Rules:

Rule 3(5):

“(5) When required by lawful order, the intermediary shall, within 72 hours of communication, provide such information or assistance as asked for by any government agency or assistance concerning security of the State or cyber security; or investigation or detection or prosecution or prevention of offence(s); protective or cyber security and matters connected with or incidental thereto. Any such request can be made in writing or through electronic means stating clearly the purpose of seeking such information or any such assistance. The intermediary shall enable tracing out of such originator of information on its platform as may be required by government agencies who are legally authorised.“

This particular point in the Rules effectively destroys the concept of end-to-end encryption, as social media as well as communication platforms (or any other Internet platform for that matter) would need to add in traceability to messages. End-to-end encryption ensures that only the sender and the recipient of content are aware of the content, and that everyone else who is involved in the transmission process remains unaware of the specific information in the content. Forcing intermediaries to enable tracing of information is a direct attack to the privacy of users, as all your communication will now be done under the watchful eyes of the intermediary as well as any government agency that is “legally authorised”.

The rest of the point also is quite vast as it forces intermediaries to provide “such information or assistance as asked for by any government agency” that may be required for “investigation, detection, prosecution or prevention of offences” — a broad sentence that enables the government to exercise extremely wide violations of online privacy.

Rule 3(9):

“(9) The Intermediary shall deploy technology based automated tools or appropriate mechanisms, with appropriate controls, for proactively identifying and removing or disabling public access to unlawful information or content.“

This particular point envisages the creation of automated censorship tools that will work proactively to remove “unlawful” content. Since the scope of “unlawful” has not been defined, it would refer to any content that would prima facie violate any law in India. There are no further guidelines stated in here, nor has any attempt been made to restrict the scope of this rule. Companies willing to work with the government’s ideals with censorship are much more likely to over-comply than under-comply, especially since the liability for under-compliance/non-compliance also remains undefined.

Intermediary:

What complicates the issues further is the definition of “intermediary”, which is clarified in Section 2(1)(w) of the Information Technology Amendment Act 2008 as under:

“(w) “Intermediary” with respect to any particular electronic records, means any person who on behalf of another person receives, stores or transmits that record or provides any service with respect to that record and includes telecom service providers, network service providers, internet service providers, web hosting service providers, search engines, online payment sites, online-auction sites, online market places and cyber cafes.”

This vast definition of the word “intermediary” places an onus to act towards censorship on every entity mentioned therein. As can be seen, the definition includes physical places of internet access (cyber cafes), web hosting providers, ISPs and even search engines. This means that there are a whole host of entities that can be held responsible if the agenda in the proposed rules is not furthered, allowing the government really broad powers to effectively control information and shape it in the manner they want to, even if certain entities in the transmission chain do not cooperate (as there would be other target areas available to achieve the same objective).

These proposed rules can be notified anytime in the coming days, as the public comment period for the same has just ended. Once notified, the rules would become applicable all over India. Comments invited on these proposed rules have been compiled into a 600+ page document, with several prominent stakeholders expressing their strong objection to the same.

For instance, Microsoft commented that complying with India’s new standards would be “impossible from the process, legal and technology point of view“. Further, filtering the full range of content demanded by the government would not only violate privacy and freedom of expression, the company wrote, but would also be so challenging that “the cost of even attempting compliance will be prohibitive“.

However, certain key players have been reported to be in support of these rules. As reported by the NYTimes:

Reliance Jio is claimed to have said that the new rules were necessary to combat “miscreant” and urged the government to ignore free-speech protests. The company also said that encrypted messaging services like WhatsApp, “although perceivably beneficial to users, are detrimental to national interest and hence should not be allowed.

The proposed changes definitely have hints of authoritarianism in them, and will regress the state of India’s discourse. In most progressive parts of the world, data intermediaries are often exempted from responsibility for inappropriate content posted on their services as long as they comply with orders from designated authorities that instruct them to do so. By introducing an element of proactivity, the intermediaries are directly blamed for the existence of such objectionable content.

The rules also contain other smaller nuances which are drowned out because of these larger contentious issues. For instance, the rules also envisage the appointment of an Indian point of contact for any and every service which has more than 5,000,000 for “24×7 coordination with law enforcement agencies“. Because of its sheer ambiguity, this requirement that will also act as an impediment for any service looking to grow in India.

These changes also directly attack the constitutional protections for free speech and privacy that are in place in India for its citizens. While we at XDA-Developers refrain from political posts, wide policy decisions such as these would affect the core working of an emerging Internet giant such as India. At this stage of India’s economic development and its importance in the world market, especially in the Information Technology sector, do we really need another China?

Article written with inputs from:

NYTimes Indian Express