Draft rules proposed by the Indian government for intermediaries such as telecommunications companies, Internet service providers and blogging sites could in effect aid censorship, according to experts.
Under the draft rules, intermediaries will have to notify service users to not use, display, upload, publish, share or store a variety of content, for which the definition is very vague and liable to misuse.
Content prohibited under these guidelines ranges from information that may “harm minors in any way” to material that is “harmful, threatening, abusive."
Some of the terms are so vague that to stay on the right side of the law, intermediaries may have to remove third-party content that is even mildly controversial, said Pavan Duggal, a cyberlaw consultant and advocate in India's Supreme Court.
While the definition of some of the terms like obscenity have been ruled on by India’s Supreme Court, some of the others do not have a precise legal definition, said Pranesh Prakash, program manager at the Centre for Internet and Society, a research and advocacy group focused on consumer and citizen rights on the Internet.
“Would creating a Facebook profile for a minor, for example, be considered as harming a minor?” Duggal said.
The draft rules are secondary legislation framed by the government under the country’s Information Technology (Amendment) Act of 2008. Under the IT Act, an intermediary is not liable for any third-party information, data, or communication link made available or hosted by it, if among other things, due diligence under the draft rules has been observed.
The new rules will give rise to subjective interpretations, thus giving non-judicial authorities in the country the power to decide whether the intermediary has observed due diligence or not, Duggal said.
Rather than recognizing the diversity of the businesses of intermediaries, the draft rules use a “one-size, fits all” approach across a variety of intermediaries including telecom service providers, online payment sites, email service providers and Web hosting companies, Duggal said.
The draft rules also add new provisions that appear designed to give the government easier access to content from intermediaries. Intermediaries will be required to provide information to authorized government agencies for investigative, protective, cybersecurity or intelligence activity, according to the rules.
Information will have to be provided for the purpose of verification of identity, or for prevention, detection, prosecution and punishment of offenses, on a written request stating clearly the purpose of seeking such information, the rules add.
The IT Act already has procedures for very specific information requirements, but the draft rules have broadened this to a general requirement for intermediaries to provide information, Prakash said. The new rule could be a way of circumventing the earlier laws, he added.
The draft rules assume significance in the context of recent moves by the Indian government to ensure Research In Motion (RIM) provides access to information on BlackBerry services in India. While providing lawful access to its consumer services like BlackBerry Messenger, RIM has declined to do the same for its corporate service, BlackBerry Enterprise Server, claiming that it does not have access to customers’ encryption keys.
The Indian government has previously also said it would demand lawful access from Google’s Gmail and Skype, but has not taken any action on these services.
The draft rules will require compliance from a number of entities who until now had thought they were outside the ambit of compliance, Duggal said.
Google did not immediately respond to emailed requests for a reaction to the new rules. Microsoft said that the government should set the policy objectives and provide directional framework, and still allow flexibility to intermediaries to set the data protection measures as they deem fit for different situations and services.
“We believe that the intermediary should be obliged to take down non-compliant content on being notified of the same as well as terminate access rights for those who use these platforms for dissemination of non-compliant content,” Microsoft said in an emailed statement. Non-compliance includes, but is not limited to, copyright, it added.