Cyber policy- broad, lofty and no safeguards

Pic: http://www.livemint.com

The much awaited National Cyber Security Policy of 2013 was revealed yesterday and this according to the government of India was done with an intention of safeguarding the nation.
Before getting into the pros and cons of the policy here is a brief of what the policy aims at doing. A nodal agency to coordinate all matters related to cyber security would be set up.
A mechanism to share information, identify and respond to cyber security incidents would be in place. A cyber ecosystem would be created to provide fiscal benefits to businesses. A workforce comprising 5,00,000
professionals would be appointed. The policy aims at enhancing and also creating a national and sectoral level 24×7 mechanisms for obtaining
strategic information regarding threats. It plans to develop indigenous security technologies through research. Continue reading →

Emergency 2012

Down with the goonda raj on socia media

Controlling social media- the guidelines

Pic: computerworld.in

There has been a raging debate on the role that the social media has been playing. It got even more serious post the North East exodus and many sites were blocked and also handles kept under suspension. After much deliberation the Department for Electronics and Information Technology has put out guidelines for the use of social media for governmental organizations.
Information Communication Technologies (ICTs) including internet and mobile based communications are increasingly becoming pervasive and integral to day-to-day functioning of our lives- whether personal or official. ICTs offer an unprecedented opportunity of connecting to each and every individual and design the communication structure accordingly to each person. Such a structure can be defined and re-defined by both initiator and receiver of communication.

As social media demands 24*7 interactions, some responsiveness criteria may be defined and a dedicated team may be put in place to monitor and respond. There should be congruence between responses on social media and traditional media and relevant provisions of IT Act 2000 and RTI Act must be adhered to.

The advent of social media is transforming the way in which people connect with each other and the manner in which information is shared and distributed. It is different from traditional media such as print, radio and television in two significant ways – first, the amount of content that can be generated by the users themselves far exceeds the content generated by news/opinion makers and second, its “viral” ability for potential exponential spread of information by word of mouth and interlinking of the various social media platforms, thereby considerably reducing the control over spread of any such information.

Need for Social Media Guidelines

Given its characteristics to potentially give “voice to all”, immediate outreach and 24*7 engagement, Social Media offers a unique opportunity to governments to engage with their stakeholders especially citizens in real time to make policy making citizen centric. Many governments across the world as well many government agencies in India are using various social media platforms to reach out to citizens, businesses and experts to seek inputs into policy making, get feedback on service delivery, create community based programmes etc. However, many apprehensions remain including, but not limited to issues related to authorisation to speak on behalf of department/agency, technologies and platform to be used for communication, scope of engagement, creating synergies between different channels of communication, compliance with existing legislations etc.

Guidelines for Using Social Media by Government Organizations

This section provides the users in government organizations, a set of guiding principles that may be used while making use of Social Media. The section will illustrate through appropriate examples, some of the critical aspects of each element.

Having defined the objectives, the next step is to identify platforms and phases in which such an engagement shall be undertaken at these platforms. While social networks currently seem to be the face of social media, they are not the only platform. Some of the other forms of social media include, Social bookmarking site – stumble upon; transaction based platforms – Amazon & eBay; self publishing media – You Tube, Picasa; Business management etc. Since the choices are many, it is essential to identify one or two key platforms from which the department may begin interaction. Based on objective and response, the basket of platforms may be enhanced. Government departments and agencies can engage social media in any of the following manner:

By making use of any of the existing external platforms, or

By creating their own communication platforms

The choice of the platform – whether owned or externally leveraged should be made based on the following factors:

Duration of engagement – whether the engagement sought is to be an ongoing activity or created for a specific time-bound purpose

Type of Consultation – whether the consultation is open to public or confined to a particular group of stakeholders e.g. experts.

Account Creation: A social media account establishes an organisation’s online identity. Wherever possible, the same name for the different social networking accounts may be adopted to ensure ease of search on the internet. Another important facet of online identity is the need for it to be rendered effectively in either long form e.g. website address or in 15 characters or less (this is the Twitter maximum).

Login and passwords: Each new account requires a URL, user name and/or email address and a password. A proper record of login ids and password must be maintained. This is critical as multiple people may be authorised to post on behalf of the department.

Account Status: It is important to define whether the engagement may be undertaken through official accounts only or the officials may be permitted to use personal accounts also for posting official responses. It determines who says what on behalf of your organisation and in what form it is published. It also outlines how each piece of published information is presented where it is published. The most important aspect is whether the responses are in Official or Personal Capacity.

Responsiveness: This indicates the how often would the pages/information be updated, in what manner would the responses be posted, what would be the turnaround time of responses etc. The major attraction of social media is the spontaneity and immediacy of response and feedback and those visiting the site would expect the some kind of response within a pre-defined time limit. As far as possible, it is important to state upfront the scope of response – given/not given, type of response – official/unofficial, response time – 1 day/1 week etc. so that expectations are set correctly. Some of the ways to ensure timely response is Email integration i.e. email writing, list management, list building, proper lead direction so the right internal person takes actions on leads in a timely fashion and Daily management/maintenance of social media platform messages, customer contacts, etc.

While employees are free to post response in their personal capacity, it is mandatory that while they are doing so, they must clearly identify themselves, confidential information must not be divulged and should not be seen to represent “official view” unless authorised to do so.

Another important aspect that needs to be addressed is the Escalation Mechanism.

There has to be a defined hierarchy not only of responses but also of queries. For example, the comments and queries may be classified as routine – for which a Frequently Asked Question (FAQ) and Fixed Response Format (FRF) may be applied.

The next level may be queries/comments related to projects/programme, for which no separate official response may be needed because all relevant information may be available in the public domain and the query may be responded accordingly.

The next level of query/comment may be more specific where an “official” response may be needed. Such a categorization will help organizations in streamlining their responses.

Finally, there should be congruence between responses posted on social media and those in traditional media.

Roles & Responsibilities: The roles and responsibilities of the team responsible for creating, managing and responding on social media platforms must be clearly defined.

In Indian context, they may also need to be aligned to roles and responsibilities defined for responding to RTIs.

For most interactions, flexibility may be given to the staff to respond to regular queries or comments.

Escalation mechanism defined in the governance structure must clearly define accountability at all levels.

The role definition must not be limited just to responses, but also include responsibility for matters related maintenance of login ids and passwords, issues related to data security, archives, privacy, etc. For example, while the existing web content team may be assigned the responsibility for responding to usual queries; special technical expertise may be required to ensure appropriate levels of security.

Accountability: Clearance systems that distinguish between situations when an official position is required, and when open conversation is appropriate. This has to have at its heart a redefinition of accountability. The officials designated for engagement with citizen using the social media should be covered under a well defined immunity provision in consonance with the RTI Act and the IT Act and the IT Amendment Act 2008.

Content Creation & Social media profiles overlap, therefore sharing consistent content on all social media platforms should form the bedrock of content policy. While the social media tools allow everyone to become a creator, for the official account, content will have to be specified and tailored to the site on which it is being published.

Accessibility: In order to enable wider participation, content creation and availability should be in Indian languages and must not be limited to text alone. The content should follow the Government of India Guidelines for Website and adequately address challenges related to accessibility in Indian Languages as well as accessibility of content for differently abled.

Moderation: A moderation policy should also be published if the platform permits others to add their own content; this informs people what they can post whilst protecting others who may visit your platform. The moderation policy should include matter related to copyright, rights to addition and deletion etc.

Records Management: When any information is shared or guidance given online, it is necessary to ensure that all relevant records are captured, trail is generated and records are managed appropriately. It is important that the rules regarding record keeping are states upfront so that those seeking historical data are aware of statutes and limitations. Some of the important aspects that may be kept in mind while defining record management guidelines are as under:

The requirements for existing legislations e.g. RTI etc. need to be kept in mind and are paramount in influencing decisions regarding record keeping

Ordinarily, if online consultations do not impact decision making, lead to or influence policy making (e.g. seeking information about nodal officers, or any other public document, or responding to generic comments such as governance should be improved etc.) the agencies may decide that no record of such interactions will be maintained.

However, if consultations are necessarily being undertaken on specific policy or governance issues or that may influence decision making (e.g. inputs into Plan Document, consultation on policy frameworks etc.) then all necessary records need to be maintained. If the agency is using a social media site that does not facilitate record keeping, then there are various other options that may be explored. Some of the options are given below and may be exercised based on need and resources available:

Records may be created agency’s internal platform and records be maintained with appropriate tags e.g. creator/sender, dates, posting site etc.

Screenshots may be captured and stored in soft or hard (copy) format and filed at appropriate place.

A summary may be created of the information/consultation and filed.

Since most of the social media platforms are based outside India and are not governed by Indian Laws, or managed and controlled by Indian regulations, specific policies may be drafted related to information security and archiving. If required the agencies may engage with the Social Media Service Providers to work out Service Level Agreements for

Complaint and response mechanism between the agency and the Service Provider

Content Storage

Shared access of the content

Archival mechanisms

Legal Provisions: In India, the legal implications must be viewed in accordance with the law of land e.g. RTI Act, IT ACT 2000 & IT Amendment Act 2008 etc as also rules and regulations made thereunder. These policies must be circulated internally to ensure uniformity of response. Some of the key sections and their implications that must be kept in mind are as under:

When Government department provides such social media facilities on its network, receives, stores or transmits any particular electronic record on behalf of another person or provides any service with respect to that record, they become intermediary under Section 2(1)(w) of the amended Information Technology Act, 2000.

Section 79 of the amended Information Technology Act, 2000 provides the broad principle that intermediaries like Government departments providing social media facilities are generally not liable for third party data information or communication link made available by them. However this exemption from liability can only be applicable if the said Government department complies with various conditions of law as prescribed under Section 79 of the amended Information Technology Act, 2000. The said conditions which need to mandatorily complied with the Government department to claim exemption for any third party data information or communication link made available or hosted by them in connection with social media facilities made available by the said department on their network are as follows:

The function of the Government department is limited to providing access to a communication system over which information made available by third parties is transmitted or temporarily stored; or hosted

Data & Information Security Governance:

The Government’s communication to citizens via social media should follow the same data retention policy as its communication through other electronic and non-electronic channels. Data portability compliance varies from one social media platform to another.

Provisions related to Personal Information & Security: Under the Information Technology Act 2000, the Central Government has enacted various rules and regulations which impact social media. Some of the most important in this regard are as follows:

i. The Information Technology (reasonable security practices and procedures & sensitive personal data or information) Rules, 2011 define provisions for personal information & security and what constitutes sensitive personal data. Sensitive personal data or information of a person means such personal information which consists of information relating to;―

a. password;

b. financial information such as Bank account or credit card or debit card or other payment instrument details;

c. physical, physiological and mental health condition;

d. sexual orientation;

e. medical records and history;

f. Biometric information;

g. any detail relating to the above clauses as provided to body corporate for providing service; and

h. any of the information received under above clauses by body corporate for processing, stored or processed under lawful contract or otherwise:

Provided that, any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as sensitive personal data or information for the purposes of these rules.

ii. For the purposes of protecting such sensitive personal data, the Government has mandated that any legal entity who is processing, dealing or handling sensitive personal data must implement reasonable security practices and procedures.

iii. The Government further stipulate that ISO 27001 is one acceptable standard of reasonable security practices and procedures.

Rules for Privacy and data collection: While social networking enables greater transparency, it is equally important to ensure the protection of people from exposure to inappropriate or offensive material.

Since profiles on social network are linked more often to individuals and not organisations, for the organisation’s site/page, a separate work profile may be created which can then be linked to a general email address that is accessible to anyone in the team, enabling them to administer the social networks without compromising on individual privacy.

Providing official email ids and accounts to each and every government official authorised to engage on behalf of the department and permit use of only official accounts for engagement.

However, while applying the above, The Information Technology (reasonable security practices and procedures & sensitive personal data or information) Rules, 2011 stated in the preceding paragraphs above must be complied with. The relevant sections of the Information Technology Act 2000 are placed in Annexure III for ready reference. In addition, the users may refer to any other relevant legislations, provisions and rules notified.

Communication Strategy:

Some of key aspects of communication strategy include – Integration of Social Media into routine, Connection with existing networks, Sharing content across sites and Publicising use of social networking through traditional media.

Social media can only be used by the Government to communicate existing Government information and propagate official policy to the public.

While the social media tools allow everyone to become a creator, for the official account, content will have to be specified and tailored to the site on which it is being published.

Since social media are relatively new forms of communication, it is always better to test efficiency and efficacy of such an initiative with a pilot project. Some of principles of creating such a pilot are given below:

 Focussed Objective setting: Initiate interaction for a limited objective or limited to one topic

 Begin Small: It is always better to start small and it is advisable to begin with one or two platforms.

 Multiplicity of access: The chosen platform should typically permit inputs from or linkages through multiple access devices. This will ensure wider participation.

 Content Management: It is not enough just register presence on a variety of platforms. It is essential that content provided is topical and up to date.

 Community Creation: On any social media platform, creation of a community is essential to generate buzz and sustain interaction.

A detailed guideline on creation and sustenance of community building is placed at Annexure IV

Engagement Analysis

Social media monitoring must be an integral part of any social media strategy. Social media data is different from other data or information because organisations have no control over its creation or dissemination on the Web and in order to understand and analyse the data a structure has to be imposed externally on it. Today a multitude of tools offer solutions for measuring conversation, sentiment, influences and other social media attributes.

The final step in ensuring that the pilot is scaled and integrated is to link it to existing administrative and communication structure. An indicative list includes:

rules may be established that all policy announcements will be undertaken simultaneously on traditional as well as social media;
all important occasions as far as possible may be broadcasted using social media;

all documents seeking public opinion must be posted on social media sites;

all updates from the website would automatically be updated on social media sites and;

all traditional communications will publicise the social media presence.

 The Framework and Guidelines in this document have been formulated with a view to help government ministries, departments and agencies to make use of social media platforms to engage more meaningfully with their various stakeholders. Social media’s characteristics of connectedness, collaboration and community have the potential of ensuring broad based consultation, and can help agencies reduce the duration of consultation process and receive immediate feedback on services delivered. In order to effectively utilise this media, the agencies must define very clearly the objective of such an engagement, select platforms that will be used for engagement, rules of engagement, communication strategy for ensuring broad basing such an engagement, and finally if found effective and efficient institutionalise such social media with mainstream engagement process. Both in India as well as across the world, various government departments and agencies at federal, state and local government level are using this media. However, this is a dynamic and evolving area and continuous engagement and nimbleness of response to such an evolving scenario will determine the success of such efforts.

Pseudo handles on social media- What the law states?

The Assam exodus has led to the blocking of several websites, pseudo and generic handles on the social media. Going through the debates on the social media, especially Twitter, it is clear that there is an outrage over the actions of the government as many feel that not only accounts spreading hate messages have been blocked, but some allege that the government is blocking those who have criticized the government.

To begin with, one must realise that this the first big cyber warfare that India has faced and this is probably for the first time in history that there is a unique combination of mobile and cyber technology that has been used to target the integrity of India. Yes, it is true that we have been found wanting and asleep for a month as the response mechanism to what had commenced against our nation a month back is pretty bad.

The government of India according to many decided to get into damage control mode and block various websites which were spreading hate messages. Although blocking is a temporary solution and an ineffective phenomenon, the more important thing is the lack of political will. We say lack of political will because there is proper course which guarantees strong legal action. This means that the crack in the armour have clearly been demonstrated and once we very sadly we must say that we have a toothless tiger in an IT law as most of the cyber crimes are bailable offences. Moreover an amendment when it comes to dealing with crimes committed on the social media and also on mobile phones is very much the need of the hour. To add to the misery we also are searching high and low for a national policy on cyber security and the nation is clueless as to how to respond in such a mobile and computer emergency.

While the government has gone about blacking out some websites, it also should think in a futuristic direction on how to protect our interests on cyber space. Once again the approach has been more reactionary.

According to IT law expert, Pavan Duggal, we have been soft on the intermediaries. The IT act has defined this and social media and mobile service providers come under the category of an intermediary. The law clearly states that there needs to be due diligence and the parameters require social media companies to notify the users that their networks will not be used to publish and transmit any content that is against the integrity of a nation. Despite this if somebody publishes such content and the government notifies these companies, they are required to act within 36 hours, Duggal also points out.

It is crystal clear under the Indian Law and also the IT Act that this law is applicable to any person of any nationality who violates or whose services are within a network within India. This would mean that the intermediaries need to block accounts in 36 hours of being notified if the person is threatening the security of the country. Facebook, twitter and also Youtube are all governed by this law in India. The law is crystal clear and India does not need to hold a begging bowl in case the companies are not responding to the government. The government well reserves the right to prosecute these companies in such an event of non compliance.

Duggal says that India needs to learn from the China experience. The Chinese are clear that if they are targeted on cyber space, then the compliance will be as per their law itself. The argument that these companies which are governed by the US law will not hold good. The Indian government reserves the right to stop them if they do not comply.

The law on pseudo and generic handles- The government began this campaign while acting in national interest. These companies according to experts need to cooperate with the government in matters that impact national interest.

Duggal feels that the government has not been too balanced while banning pseudo handles which have had nothing to do with national security. It is not a desirable development.

Now here is what the law has to state where pseudo handles are concerned. Creating a pseudo handle is violative of Section 66 A of the IT Act and those found guilty are liable to undergo imprisonment for three years and also cough up a fine. When someone creates a pseudo handle say in the name of the Prime Ministers office, he will either have to mention it clearly that this is an unofficial account or a pseudo handle. In the alternate he could also mention in every update or tweet that this is a pseudo handle. Now this is the law pertaining to the handle of a celebrity, authority or organisation.

However there are also the generic handles in which a person conceals his identity and uses some other name. The internet and the IT laws do provide for anonymity. This is not violative of the law, but then again one must draw a line and ensure that the freedom of speech given cannot be violative or abusive in nature.

The experts say that the freedom of speech on the internet needs to be protected and when there is a conflict between security and freedom of speech, the scales would obviously tilt in favour of defending national security. In simple terms it would mean that no matter what name you would tweet or update under, there would always be a distinction between normal messages, abusive messages and also disturbing national security. Although the IT act does provide for separate laws, the basic foundation would be under the Constitution of India covering the freedom of speech. It is clearly stated that freedom of speech and expression should be tempered with appropriate and reasonable restriction.

Duggal feels that the people need to appreciate that there is no absolute freedom of speech on the internet and it is capable of restriction. Although you do have a right to be anonymous on the web, it still does not give you the liberty to give out hate speeches and be abusive.

India’s position on internet governance hurts millions

Photo courtesy: 123rf.com

At the 66^th session of the United Nations, India made a proposal to control the internet through a United Nations Committee. The government of India proposed control over the internet through the formation of CIRP {Agenda Item 16: Information and Communications Technologies for Development (ICT): Global Internet Governance}. This proposal is expected to come up for a discussion on May 18, 2012 in Geneva during the World Summit on the Information Society (WSIS) meeting on the issue of enhanced cooperation etc.

Member of Parliament, Rajeev Chandrasekhar however has a lot of reservations over this proposal which according to him affects censorship of the internet and also curbs internet users. The Member of Parliament from Karnataka has even written to the Prime Minister opposing the same. In this chat with rediff.com, Chadrasekhar speaks about this proposal and also terms it as dangerous and ill-considered. It affects 800 Million Indian mobile users, hurts  India’s cause of freedom of expression and free speech and India’s image as a vibrant democracy.

This policy is against the open, democratic, inclusive and unhindered growth of the internet. It harms India’s reputation, has been submitted without a prior public consultation with multi-stakeholder groups, and therefore needs to be withdrawn.

India’s position (in the statement), even though cleverly worded, hurts its reputation of a multi-ethnic, multi-cultural and democratic society with an open economy and an abiding culture of pluralism. Further, it hurts the advancement of the internet as a vehicle for openness, democracy, freedom of expression, human rights, diversity, inclusiveness, creativity, free and unhindered access to information and knowledge, global connectivity, innovation and socio-economic growth. It is fundamentally against the interest of 800 million mobile users and over 100 million internet users in India who need to play a continued role by strengthening the existing multi-stakeholder process, rather than moving internet governance to a government-run, inter-governmental, bureaucratically organized system – as proposed by India.

While this statement  has gone mostly unnoticed in India, if accepted – it will be deeply harmful to the interest of Indian citizens and hits at the very reputation of a country that was till recently seen as a model of free speech, democracy and growth amongst internet users and policy makers around the world.  The statement, unsurprisingly, is excessively defensive as being one where it will lead to governments taking over, regulating, and circumscribing the internet.

The position taken by India is wrong on many accounts. These include:

No previous public consultation with the multi-stakeholder groups that have successfully participated in the governance of the internet thus far was called for or arranged before the statement was finalized. Most members of India’s civil society, private sector, inter-governmental and international organizations as well as the technical and academic community were neither consulted nor involved in any way in formulating this statement – which inherently represents their interests and changes their role permanently, if the proposal is accepted. This betrays the most fundamental requirement of public consultation, which is mandated in most of our legislation’s and is the very basis of good governance.

The proposal shifts India’s existing stance without explaining the reasons for such a shift. If India is concerned with the control or influence of any single government over the current process, then it should explain the same in no uncertain terms. In any event, strengthening the multi-stakeholder process by reducing a certain government’s influence should not result, under any circumstances, in shifting internet’s governance into an inter-governmental, 50-member, bureaucratic set up to be based out of Geneva, serviced by a UNCTAD secretariat, and reporting to the UN General Assembly. This would reverse the existing system wherein a multi-stakeholder structure governs the internet while the government advisory council is constantly engaged with the multi-stakeholder group. In fact, at least one Indian, Ram Raj, former CEO of Sify, serves as one of the 17 directors on ICANN.

In sharp contrast, CIRP, the body proposed by India to replace the current process, seeks governance through at least 50 government bureaucrats / politicians with oversight and control over the internet, while multi-stakeholder groups will be moved into an advisory role. If anything, multi-stakeholderism should include the government. An attempt to replace a multi-stakeholder system with a multi-lateral system is a dangerous idea.

Inter-governance is a highly complex issue. It cannot be run from a government body with the UN logo. The solution lies not in governments taking charge but in strengthening the existing multi-stakeholder model from which significant benefits can be derived since it allows for equal access to decision-making for all bodies.

India’s challenges with regard to internet access have very little to do with international governance. Our issue relates to business models, multiple languages, supply and demand side barriers, cost of equipment and the absence of necessary infrastructure as well as low literacy levels. Altering the governance structure globally will not resolve the challenges that we face domestically.

The internet has been developed and designed by the technical community, supported by innovation and the private sector. The governance works through innumerable provisions and protocols that work through reciprocation. The only effective solution is to embrace and strengthen a multi-stakeholder process which allows such changes to propagate swiftly and in a broad-based manner across multiple stakeholders. The internet’s spread will certainly be hurt if governance moves to the UN top-heavy, government-controlled body.

Sadly, it is widely publicized that India’s position is closely associated with countries such as Russia, China, Saudi Arabia, Cuba, Brazil, South Africa and Rwanda etc, none of which is a sparkling example of democracy, free speech, or human rights. Unless the global reporting on this issue is inaccurate, it is clear that we will suffer tremendously by way of our reputation in being seen as associated with such countries on the issue of internet governance and, by extension, freedom of expression and free speech.

The internet has neither been built by governments nor should it be regulated by them. This sudden attempt to move internet governance into inter-governmental control is unexplained, considering the tremendous success that the internet has seen around the world and after 3G launched in India – with over 2.5 billion internet users and nearly half a million being added each day. The current governance structure does not, in any way, prevent the seven mandates that India’s proposal mentions for CIRP. India must find a way to achieve these within the multi-stakeholder arrangement or through suitable improvements rather than a radical shift.

The speed and manner in which decisions are made about internet governance is through a consensus amongst engineers and other volunteers. No state governs the internet today. There is no reason whatsoever to change what is currently free, open, and working reasonably well.

It seems that this is a position that has been inadvertently taken by some overzealous officials or officials of an unconnected ministry or without appropriate briefing / guidance. We should certainly not let a mistake / lapse in the due diligence process stand in the way of taking a mid-course correction. In the withdrawal of this proposal, India will be seen as a country with a strong sense of introspection.

Finally, a top-down, centralized, international governmental overlay is fundamentally against the architecture of the internet – which is a global network of networks without borders. No government, let alone an inter-governmental body, can make engineering and economic decisions in the lightning-fast internet time.

In India, productivity, rising living standards and the spread of freedom everywhere would be hurt as engineering and business decisions relating to the growth of the internet will become politically paralyzed within a global regulatory body. Any attempt to expand the government’s power over the internet – however incremental or seemingly innocuous – should be turned back. Modernization and reforms can be constructive, but not if the end result is a new government-controlled, global bureaucracy that departs from the multi-stakeholder model. India must draw a line and stand against such proposals while welcoming a role for further reforming the multi-stakeholder process that could even include a non-regulatory role for the ITU (UN).

The Government must move immediately on this issue. This development, about which no consultation has taken place with the stakeholders in India, has the potential to adversely affect the daily lives of hundreds of millions of Indians and also threatens their freedom and prosperity.

The Prime Minister should pass the necessary directions to immediately discuss ways for withdrawing this proposal and working with other democratic and similarly minded governments to advance the cause of freedom, growth, and empowerment of our people through the use of the internet and governed by an open, transparent, truly multi-stakeholder process.

New online laws are a blogger’s nightmare

The draft rules drawn up by the government of India aimed at policing blogs has not gone down too well with a large section of people. The draft rules, drawn up by the government under the Information Technology Amendment Act, 2008, deal with due diligence to be observed by an intermediary.

Under the draft rules, an ‘intermediary’ is defined as any entity which on behalf of another receives, stores or transmits any electronic record. This would effectively mean that telecom networks, web-hosting and internet service providers, search engines, online payment and auction sites and cyber cafes would fall under the definition of an intermediary.

While this is one part of the story, the rules also propose to include the bloggers under the same category.

Pavan Duggal, an expert on IT laws and an advocate in the Supreme Court, explains that the proposed rules are secondary legislation which is being sought to be implemented by the Union government.

“The proposed rules are worded in largely generic terms which will require a subjective interpretation. This means that an intermediary would be subject to the discretionary interpretation of the said rules by the law enforcement agencies and hence will have no clarity of how to ensure full compliance with the law. There are huge problems since the inherent nature and scope of businesses of various businesses that fall under the same definition, get the same medicine. We are giving the same medicine to all kinds of fruits which are different in nature.

“There lies a fundamentally flawed recognition of the reality of the internet today. There is no way a blogger can be equated to a telecom company. Neither can a cyber café be equated to a search engine. Nor can an online market place be equated to an ISP. If one reads these rules then it only achieves at doing this.”

Duggal says that with these broad diverse components of stake holders which come under the term intermediary, the prudent approach would be to come out with sectoral guidelines which keep in mind the customised lines of business of various sectors.

It will be asking for much to expect a normal blogger to conduct an ISO 27001 certification. Further these rules are likely to act as impediments to the further growth of electronic eco-system in India. The need of the hour is to come across a legislation or a secondary legislation that is not only benevolent but enables and facilitates inclusive growth.

The draft rules further go on to speak about protecting minors. The parameters are too huge for minors. It talks about harming minors. If a nonsensical false page of a child is created it would be considered as harmful from all perspectives.

In that stretch, most of the websites, blogs and other online platforms will be in breach of these guidelines from the moment they are implemented. The moment these rules come in to force, they will have a very damning impact on the growth of blogging since it exposes them to high levels of compliance. This will have a negative impact in the long run.

If these rules come into being, a bloger or a tweeter would have to work as a diligent, extremely-observant policeman. To some extent it would have an impact on freedom of speech. Bloggers cannot write anything which is a violation of the IT act. It is possible that a criticism of the government could be perceived to be coming within the prohibited category depending on the peculiar nature of each case. The potential for abuse of these rules in their current form is highly probable. To a large extent, the rules possibly overreach the main legislation.

The draft rules suffer from a major flaw of the one size fits all approach. It is basically valuating intermediaries based on their compliance or non compliance of draft rules. There needs to be a more pro-active approach to recognise the inherent differences of various categories.

Pranesh Prakash, programme manager at the Centre for Internet and Society, says that the draft rules relate to intermediaries, cyber cafes and security practices.

“The laws on intermediaries and the law on cybercafés have been issued under Section 79 (Liability of Intermediaries) of the IT Act. The one on reasonable security practices has been issued under Section 43A.

“These rules do not affect bloggers alone. They affect everyone online and not just Indians.

“The IT act applies to both Indians and persons abroad. Everyone who has been classified as an intermediary including people who blog or use social networking sites could come under this law.

“Each one of them will have to display a notice and every intermediary from websites to other sites are covered under the law.

“Everyone who is classified as an intermediary is affected by the rules because intermediaries are required not to host or publish content that violates Rule 3(2).of the IT Act. This would mean that all internet users are also affected. One wouldn’t apply the same rules and regulations on the kind of diligence required to be observed by a newspaper as on the postal department, as related to the content they deliver.

“Similarly, one shouldn’t apply the same rules to a blogging service provider as one would with with an e-mail provider.

“Since the application of the IT Act and these rules isn’t limited to India, these rules might well mean that a popular website like amazon.com would have to carry a notice that nothing that “threatens the unity, integrity, defence, security or sovereignty of India” can be sold via their website, and must enforce that notice. How would we like it if American law were to  be made applicable to Indian companies?

“Sub rule 3 of the act says we can’t host anything that contravenes sub rule 2. The rule is made under the act. If someone contacts you then you have to remove the content. How on earth are we supposed to know if something violates the law. It is the judges who have to decide this. How can one find out whether the content is defamatory or not?

“These rules contradictory to the freedom of speech as mandated in the Constitution of India. The amendments need to be debated properly before they can come into force. If it is introduced in their existing form they would be disastrous,” Prakash said