Post alleged extensive consultations with stakeholders and members of civil society in 2018, the Government of India outlined the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021. In February 2021, they released the rules declaring a three month deadline to comply in order for the intermediaries to retain legal immunity provided to them by Section 79 of the Information Technology Act 2000. Having failed to comply, Twitter has lost its intermediary status which entailed this legal immunity. It now faces criminal liability for any content on its platform in case it is found to be a threat to public safety and peace.

Challenges to the IT Rules 2021

Several elements of the IT Rules 2021 go beyond the needs to maintain law and order and seem to be a sly attempt at suppressing government criticism. It would require intermediaries such as WhatsApp to accumulate and disclose data on the government's direction—data which is supposed to be encrypted end-to-end. Although this rule is conditional and its exercise depends on circumstance, the government has absolute discretion to decide which circumstances warrant such breach of privacy. Requiring intermediaries like WhatsApp to reveal the first originator of certain content is a brutal attack on the privacy of the users. Such apps whose integrity and user-trust rests on their end-to-end encryption would face a massive blow due to the government’s entitlement to get information.

Moreover, the 2011 Rules already provide for the security requirements underpinning the IT Rules 2021. One aspect of the due diligence to be observed by the intermediaries states that “When required by lawful order, the intermediary shall provide information or any such assistance to Government Agencies who are lawfully authorised for investigative, protective, cyber security activity. The information or any such assistance shall be provided...on a request in writing stating clearly the purpose of seeking such information or any such assistance.”

The government is demanding the intermediaries to set up three-tier self-regulatory bodies, in addition to automated removal tools for “unlawful content”. This demand levies a heavy operational cost on the intermediaries, in addition to forcing them to set up companies in India. It is easy to foresee an excessive spending on regulatory bodies and tools not just within the ambit of intermediaries but also within the government which aims to broaden its scope of regulation by setting up overseeing bodies as well.

The government is asking the intermediaries to comply with one too many obligations which would definitely mar their ease of doing business in India. For instance, the intermediaries are required to “publish periodic compliance report every month mentioning the details of complaints received and action taken thereon”. Furthermore, they are obligated to monitor all content through automated tools and provide a record of the content they have removed or disabled access to. The intermediaries are bound to incur additional costs to operate the automated tools for such removal which are, needless to say, a major infringement to the Right to Free Speech.

Furthermore, this rule already stands on shaky ground owing to the Supreme Court’s position on Section 79(3)(b) of the Information and Technology Act 2000 in 2015. The aforementioned provision made the intermediaries liable to remove any offensive content based on specific user requests. The Supreme Court held that such a provision has a scope so large that it is practically impossible for the intermediaries to put it into practice.

Threats to free speech

In addition to the issues that the intermediaries will face, there are a myriad of problems for even the ‘ordinary Indian citizen’ that the Indian government is so vehement to protect. In a recent notice from the UN, it has been brought to light that the new IT Rules are in violation of the rules included in the International Covenant on Civil and Political Rights (ICCPR). The Indian government’s response has proven to be quite frivolous in the face of such a grave issue. According to the Indian government, they had already entertained exhaustive discussions with stakeholders in 2018. What the government fails to take into account, and would rather have the public overlook, is the various infringements of the freedom of speech in the span of the last three years.

It seems that the internet shutdowns during protests against the Citizenship (Amendment) Bill in 2019 were not enough to ensure public order and safety. And this inadequacy has prompted the government to enforce all possible methods of regulation to round up even more protesters, students, and professors who supposedly pose a threat to public order just by exercising their right to dissent. Kashmir still does not have 4G internet after almost 2 years of its suspension during the 2019 protests without any firm reasoning. Such precedents warrant that we are edging towards a surveillance state where our civil liberties would be extremely endangered, not to mention the drastic effects that these rules would have on the Indian economy and the IT sector.

Instead of trying to impose more and more regulations on the intermediaries, the better course of action for the government would be to improve its own cyber-crime redressal mechanism and attempt to encourage the intermediaries to improve privacy standards instead of stripping them down. Intermediaries such as Facebook and Instagram already store hordes of our data in order to provide us with relevant advertisements and recommendations. The private life of the ordinary Indian would certainly be out in the open for the government to surveil if the new IT Rules are executed to their full extent. And in that case, compromising our privacy for a safety that the government feels is essential for the citizens is not really a choice but an imposition.