By Kamlesh Bajaj
India has unveiled draft rules under Section 79 of the Information Technology Act to curb fake news and rumours on social media platforms. These platforms are intermediaries under Section 79. The rules state that an intermediary must inform its users not to host, publish or transmit any content that is harmful, hateful, paedophilic, etc; or threatens national security or the sovereignty of India; or incites violence or prevents investigation of any offence.
Also, on coming to know of such content, they must act within 36 hours to disable it, and preserve the records for at least 180 days for the purposes of investigation. The rules empower government agencies to seek any information or assistance from them for investigative, protective and cybersecurity activities.
Critics say the move is violative of the right to freedom of speech and expression and will turn India into a surveillance state. But freedom of expression has limits. Rumours on social media have had huge repercussions. They have triggered violence and even led to lynching in India.
While China is seen as an example of surveillance, it’s the western world which is challenging global platforms for lawful access to data.
The Five Eyes — US, UK, Canada, Australia and New Zealand — have demanded access to decrypted data to fight global terrorism and for the investigation of serious crimes. Australia has taken the lead by approving the first anti-encryption law in the democratic world on December 6, 2018. It requires companies to ensure access to law enforcement agencies, failing which penalties and even jail terms can be imposed. UK’s Investigatory Powers Act in 2016 mandated social platforms help agencies with ‘equipment interference’ — a euphemism for decryption. In December, US Deputy Attorney General Rod Rosenstein reiterated his call that tech companies develop “responsible encryption — effective, secure encryption that resists criminal intrusion but allows lawful access with judicial authorisation”.
It is clear that countries are choosing to pass carefully-worded laws to deal with encryption. It is against this background that India’s move must be seen. The government has stated that the goal was not breaking end-to-end encryption, but merely enabling traceability.
The rules make it obligatory for big social media platforms to be treated as a company for better compliance. However, provisions regarding local incorporation exceed the scope of intermediary rules, and ideally be the subject of a Data Protection Law.
India says intermediaries must deploy solutions to monitor content for possible terrorist or other national security challenges, and take proactive actions to disable or remove such content. Many of these platforms, in fact, are already doing this for paedophilic content. While framing rules, a balance must be ensured between privacy and surveillance with appropriate oversight, in line with Supreme Court judgments.
As India debates the issues, the West has taken a step forward in line with what former US President Barack Obama said on March 12, 2016. “You cannot take an absolutist view. So, if your argument is strong encryption and we should create black boxes, then that I think does not strike the kind of balance that we have lived with for 200-300 years.” Let’s remember this as we discuss rules.
(The writer is founder-director of CERT-In. Views are personal)