Of late, there has been an increase in government orders asking social media intermediaries to take down or block content, under Section 69A of the Information Technology Act, 2000, a 22-year-old piece of legislation which primarily governs India’s cyberspace currently.
While minor amendments have been introduced over the years, there are critical aspects of reform needed in the IT Act from the platform regulation perspective, as detailed in the recently launched impact assessment study by The Dialogue in collaboration with IAMAI.
There is also a need for a significant overhaul to provide a more comprehensive framework to tackle the rising safety and security challenges, realise the goals of economic advancement, and introduce a uniform and transparent content blocking regime.
Content Takedowns Under Section 69A
Section 69A, under which intermediaries have been asked to take down content, has been one of the most deliberated provisions of the IT Act.
It empowers the government to issue orders to the intermediaries to take down or block content that undermines the national security of the country.
Over the years, the judiciary has noted the need for ensuring appropriate procedural safeguards while exercising the powers under this provision.
The Shreya Singhal v Union of India was the first case that entailed an elaborate discussion on this issue. Thereafter, several courts in the past five years have opined on the need to comprehend the limited scope of Section 69A and to subject its enforcement to reasonable checks owing to its direct impact on the fundamental right to free speech and expression.
The Gujarat High Court in Gaurav Sureshbhai Vyas v State of Gujarat and the Apex Court in the Anuradha Bhasin matter held that powers under this provision are supposed to be exercised only in exceptional circumstances.
Further, the Calcutta High Court in Facebook Inc v The State of West Bengal held that in the absence of the due process of law, action under Section 69A will be null and void.
While the substantive blocking power is envisaged under Section 69A, the procedure for the same has been laid down under the Blocking Rules of 2009 which require more transparency and checks in place.
Though it is necessary to have a provision for blocking public access to inflammatory content, the overarching executive powers under the Blocking Rules must be revisited.
Rule 7 of the Blocking Rules which envisages the formulation of a committee to review the blocking orders must be reformed to include retired judges and members of the civil society in addition to the government representatives.
The scope of Rule 8 also needs to be enlarged to add the requirement of notifying the user or publisher of the content regarding the details of the committee hearing in accordance with the principles of natural justice.
The Rules should also have a mechanism for the users to appeal against the decision of the government.
Rule 16 provides an exemption to the government to keep the blocking orders confidential in the interest of national security.
This Rule must be reformed to ensure reasonable checks and balances on the State power and public availability of the orders should be ensured to enable the citizens to exercise their right to constitutional remedies and the courts to exercise their power of judicial review.
In the current scheme of things, there are two parallel blocking mechanisms under Section 69A and Rule 3(1)(d) of the IT Rules, 2021. The two provisions need to be harmoniously interpreted and a uniform blocking mechanism needs to be prescribed.
Moreover, it is crucial that the blocking orders do not merely reproduce the grounds for blocking mentioned under Section 69A and are supported with detailed reasoning and evidence.
In situations where the direction falls outside the ambit of Section 69A, the order should only be issued to the intermediaries when accompanied by appropriate court orders.
Law Enforcement Assistance, Search and Seizure
One of the major findings of The Dialogue and IAMAI’s impact study was the need for greater checks and balances on the powers of law enforcement officials to seek information assistance from intermediaries and the need for dedicated officials who can seek such requests.
According to Section 80 of the IT Act, any police officer, not below the rank of Inspector or any other person working with the Central Government or State Government, permitted by the Central Government, is authorised to enter any public premises, search and make an arrest without warrant if the accused person is suspected of committing an offence under the IT Act.
The provision lacks procedural fairness and safeguards to protect fundamental rights. The new IT Act framework should revisit this power.
The provision empowering the law enforcement agencies to conduct search and seizure without a warrant should clearly designate the officers. Moreover, there is a need to give more recognition to the more formalised channels that have been put in place by the intermediaries for the law enforcement agencies to seek assistance.
The unprecedented COVID-19 Pandemic brought along several waves of cybersecurity attacks and India became a favoured destination for cybercriminals.
While the year 2020 witnessed 11.6 lakh attacks, the total attacks during 2021 were estimated to be 14 lakh, making India the third most attacked region in Asia.
These numbers highlight the need for a more robust regulatory framework to protect India’s cyber infrastructure. The proposed legislation should introduce dedicated provisions to address the emerging challenges of the ecosystem.
Be it online banking, e-commerce or chatting with our dear ones over the internet, encryption is the first line of defence to ensure the privacy and security of the citizens and protects us from threats like hacking, surveillance and espionage among many others.
The proposed legislation should encourage the adoption of high-end encryption to enhance platform security by ensuring more active implementation of Section 84A under which the Central government is empowered to prescribe modes of encryption.
Weakening encryption will have deleterious impact on both user safety and national security and the Ministry should consult actively with technical experts before mandating any measure that may weaken encryption.
Towards an Accountable and Secure Digital Regime
Given the dynamic nature of technology, it is crucial that the proposed framework is implemented after extensive multi-stakeholder consultation with inputs from industry representatives, legal and cybersecurity experts, representatives from law enforcement agencies, cyber safety organisations and civil society.
Moreover, while it is essential to regulate the internet and demand accountability from the intermediaries, the proposed legislation should undertake a principle-based regulatory approach and preserve the principles of ‘safe harbour’ protection in accordance with the free speech jurisprudence envisaged by the Supreme Court in the Shreya Singhal case.
Similar to the amendments to the Companies Act, 2013 and the proposed amendments to the Legal Metrology Act, 2009, the proposed framework should follow the trend of decriminalisation and replace criminal liability provisions with a structure of corporate financial penalties in consonance with the international norms.
A statutory provision should also be envisaged under the proposed law to empower and enhance the capacity of law enforcement agencies to deal with the technological and procedural aspects of information technology.
The American Invest in Child Safety Act proposes mandatory funding of 5 billion dollars along with 100 FBI agents and 65 more positions to tackle online sexual abuse. It is critical that India draws takeaways from such progressive international regulatory frameworks to enable a more safe and secure online space.
(Kazim Rizvi is Founder, The Dialogue. This is an opinion piece and the views expressed above are the author’s own. The Quint neither endorses nor is responsible for the same.)