Intermediary Liability under I.T. Act

Introduction

Access and free flow of information need to be seen as significant parts of our freedom of speech and expression jurisprudence. In this respect, the role played by ‘information gatekeepers’ in the free circulation of data, must be highlighted.

The inclination to censor speech is not exclusive to the government in India. From time to time, citizens approach courts demanding that fellow citizens be protected from the corrupting influence of certain kinds of speech.

Starting from Ranjit D. Udeshi v. State of Maharashtra,¹ in which the strict liability of gatekeepers

was used to restrict the circulation of obscene material, up to the current system for government- ordered blocking of content by internet intermediaries in India, information-gatekeepers are used to control information. Our freedom of expression norms need to take this into account besides their focus on the rights of primary speakers, since information gatekeepers can be used to censor speech in an opaque fashion that leaves little room for accountability.

Who are Intermediaries?

In discussion about internet companies, the word ‘intermediary’ often finds mention. An understanding of this term is important as it is used extensively in the Information Technology Act, 2000- the legislation that governs the field in the area. The term ‘intermediaries’ is defined under Section 2 (w) of the Act.

Intermediaries are entities that provide services enabling the delivery of online content to the end user.2 Let us look at the players involved in this chain-

1. Internet Service Providers (ISP)- ISPs like Airtel and MTNL help users to get connected to the Internet by means of wired or wireless connections.
2. Search Engines- These are web sites like Google and Bling that help users to search for specific information on the web and provide links to websites having content relevant to the search terms given by the user.
3. DNS Providers– These service providers translate the domain names (for e.g., www.sflc.in) to addresses (for e.g., 64.202.189.170) that can be understood by computers.
4. Web Hosts– These are service providers like godaddy.com that provide space on server computers to place files for various web sites so that these sites can be accessed by users.
5. Interactive websites– This includes social media sites like Facebook and Twitter that act as platforms to store and retrieve content, blogging platforms like Blogspot and WordPress, auction sites like eBay and payment gateways like PayPal.
6. Cyber Cafes– It means any facility from where access to the internet is offered by any person in the ordinary course of business to the members of the public.

Importance of Intermediaries

While services provided by Internet intermediaries have become part of our everyday lives- whether its shopping or tweeting, the Internet also brings with it new challenges. It affords users a sense of

anonymity that is absent in physical interactions. This anonymity may allow users to abuse online platforms and perform illegal activities. Intermediaries, with their access to such users, sometimes become the ‘one-stop-shop’ for detection of such abuse as well as law enforcement.

This situation throws up many important questions such as whether intermediaries should be treated as mere messengers who do not have control over the content they transmit, or should they assume greater sentinel roles. A natural corollary to this question is the discussion on the effect that greater intermediary control may have on the independence of the Internet and freedom of expression. One point that emerges quite clearly in most jurisdiction is that some regulation is necessary in order to provide a framework in which intermediaries and law enforcement authorities can function independently and cooperate with each other.

Legal Provision Regarding Intermediary Under IT Act 2000:

Under the IT Act, as originally enacted, only the network service providers were granted protection from liability for illegal acts of third parties. But after the Amendment Act of 2008, the definition of the intermediary under the Act and Section 79 of the Act were amended to provide for a wider scope of protection to intermediaries. 

Section 79 of the IT Act provides for ‘Exemption from liability of intermediary in certain cases:

Exemption from liability

Section 79(1) provides for exemption from liability of an intermediary for any third  party information, data, or communication link made available or hosted by him. However, this shall be subject to provisions of sub-section (2) and sub-section (3) of Section 79. 

When exempted

Section 79 (2) provides for the conditions which must be fulfilled for granting exemption from liability to an intermediary, which are as follows:

1. The intermediary’s function is limited to providing access to a communication system over which information made available by third parties is transmitted, hosted or stored; 
2. The intermediary does not
   • Initiate the transmission,
   • select who receives the transmission, and
   • select or modify the information contained in the transmission,
3. The intermediary observes due diligence while performing his duties under this Act and also observes such other guidelines prescribed by the Central Government. 

Third-party informationAccording to the explanation attached to Section 79 of the IT Act, ‘third party information’ means information that is dealt with by an intermediary in his capacity as an intermediary. 

When can intermediaries be held liable

Section 79 (3) of the IT Act provides an exception to the immunity granted to intermediaries from liability for third party information and acts under Section 79 (1) of the Act. Intermediaries can be held liable for third party content hosted by them in the following cases:

1. The intermediary is guilty of conspiring, abetting, aiding or inducing the commission of the unlawful act;
2. Intermediary fails to expeditiously remove or disable access to any material residing in or connected to a computer resource upon receiving actual knowledge, or on being notified by the Government that any information residing in or connected to such computer resource controlled by the intermediary is being used to commit an unlawful act. Such removal or disabling of access has to be done without vitiating the evidence in any manner. 

Thus, the immunity provided to intermediaries is not absolute but is subject to fulfilment of certain duties and following of certain guidelines or rules issued as by the government. 

Need for the development of Intermediary Liability

Tracing the many individuals who distribute illegal content using mobile platforms, Email, social networks, peer-to-peer networks or texting services is very difficult, especially if their numbers are multiplying rapidly. This can be compounded if government agencies find that their target-users are located in other countries that are not subject to the jurisdiction of the national government. User anonymity creates an added layer of difficulty.

Therefore, the legal mechanism focuses not merely on offenders, but also on the middle-man or the intermediary, without whom the wide circulation of this material would not be possible. This is in keeping with the principle that when it is difficult to control offensive conduct through the primary malfeasors, it may become necessary to regulate their conduct through intermediaries.

Circulation of content over the Internet is dependent on more than one intermediary. Internet Service Providers such as Hathway, Airtel and Vodafone help us to physically connect with the internet. Web-based service providers and platforms such as Gmail, Amazon, Facebook and WordPress enable us to share content. The essential characteristic of these intermediaries is that they function as gatekeepers to the undesirable content.

Avnish Bajaj v. State (National Capital Territory of New Delhi)

Intermediary liability was first acknowledged as a serious issue in India when the judiciary was confronted with Avnish Bajaj v. State (NCT of Delhi),5 also referred to as the ‘bazee.com case,’

which required it to determine whether an intermediary can be help responsible when it unknowingly and unintentionally facilitates the distribution of obscene content.

The indiscriminate imposition of gatekeeper liability to control information flows may explain why our legal institutions have continuously made poor decisions about gatekeeper liability from 1964 (when the Supreme Court ruled on Ranjit D. Udeshi), right up to 2015. Online intermediaries received some respite from this poor decision-making in 2008, when the IT Act was amended to offer them immunity under certain conditions. However, this is limited respite and gatekeeper liability continues to threaten online content.

Facts of the Case

In 2004, a 17-year-old school boy filmed a sexual act featuring himself and his classmate (also a minor). The video was circulated on baazee.com, and the incident came to be known as the DPS

MMS scandal. The website bazee.com was owned by Ebay, and served as an online platform where sellers and buyers could transact. The content was circulating swiftly through mobile networks and the Internet. The person who put up the video on the website, and the MD of the company, Avnish Bajaj, were arrested.

The interplay between Section 79 of the IT Act and Section 292 of the IPC

At the time of this case, the law in India had serious flaws. The IT (prior to its amendment) offered a modicum of immunity from liability to intermediaries. However, this immunity was offered only

with respect to liability arising from the IT Act. The implication being, that they received absolutely no protection from liability under any other legislation. Thus, at the time of the DPS MMS scandal, the website was not immune from any liability arising from the IPC.

Thus, bazee.com was subject to strict liability under Section 292 of the IPC. Its lack of knowledge was irrelevant in the eyes of the law and the limited immunity from liability provided by the IT Act was inapplicable. Luckily for Avnish Bajaj, the Supreme Court acquitted him on procedural grounds that had no bearing on the strict liability question.

Ranjit D. Udeshi v. State of Maharashtra

Ranjit Udeshi was a landmark case involving DH Lawrence’s novel ‘Lady Chatterley’s Lover,’ and is central to any discussion of obscenity in India. Although Ranjit Udeshi has been widely criticised for its application of the Hicklin test, the damage inflicted by its rather outlandish strict liability standard for intermediaries went largely unnoticed.

One wonders if the four owners of Happy Book Stall on Colaba Causeway ever expected to become a part of India’s landmark cases, a permanent fixture in our free speech history. The Shamjis and their fourth partner, Mr. Ranjit Udeshi found themselves being tried for possession and sale of an obscene book.

Crucially, the four owners of the book stall did not write the book, but DH Lawrence could hardly have been dragged to India for trial. Therefore, those who circulated the book were targeted. Ranjit Udeshi was therefore, about the gatekeeping function of the Happy Book Stall.

The Ranjit Udeshi judgment did not confine itself to the question of whether the contents of the book were illegal. It also addressed the question of whether the four proprietors of the Happy Book Stall might be found liable, even if they had no knowledge of such contents. The Supreme Court rejected the proposition that a book seller’s lack of knowledge should be taken into account for liability under Section 292, reasoning that ‘if knowledge was made a part of the guilty act (actus reus), and the law required the prosecution to prove it, it would place an almost impenetrable defence in the hands of offenders. Something much less than actual knowledge must therefore suffice.’

Although the IT Act was eventually amended to offer internet intermediaries some respite from this standard, the strict liability regime continues to apply to book sellers. Fortunately, this has not yet resulted in any prominent prosecution of bookshops in the recent pst. However, the Ranjit Udeshi ruling lies dormant and available to any intolerant Indian that wishes to have a bookshop owner charged for a few explicit pages in one among the books he sells.

Information Technology (Amendment) Act, 2008

The 2008 IT Act Amendment is significant as it brought the Indian intermediary liability regime (or the safe harbour regime) closer to international standards, particularly in the European Directive on E-commerce.

1. The Amendment makes sure that intermediaries received protection from liability ‘under any law for the time being in force.’ This has finally excluded the application of the IPC, and has therefore excluded the strict liability regime that is attached to it.
2. The Amendment also shifts the burden of proof. Prior to 2008, the intermediary had to prove that ‘the offence or contravention was committed without his knowledge or that he had exercised all due diligence to prevent the commission of such offence or contravention’ to avail the safe harbour protection. However, the amendment has ensured that the intermediary receives safe harbour protection as long as it does not initiate transmission, select the receiver of the transmission, and it observes ‘due diligence’ while discharging its duties. It would be up to whoever brings action against the intermediary to prove that it did not satisfy the conditions for protection from liability.

From ‘Strict Liability’ to ‘Due Diligence’

The Standing Committee in examination of the IT Act had asked if ‘it would not be extremely difficult to establish conspiracy or abetment in order to sue the intermediaries/service providers,’ and wanted to explore the possibility of minimum obligations for intermediaries whose platforms were being used to transmit obscene or objectionable content.

Although the Standing Committee did not insist on embedding a strict liability standard similar to Section 292 in the safe arbour provision of the IT Act, it did reinstate the ‘due diligence’ requirement that now remains a condition for intermediaries to receive the safe harbour protection. The degree of care expected by the use of the phrase ‘due diligence’ was unclear until the Information Technology (Intermediaries Guidelines) Rules, 2011 were passed, clarifying its meaning. These rules require intermediaries to remove ‘grossly harmful, obscene, blasphemous, defamatory, disparaging, harmful to minors and any other unlawful content’ within thirty-six hours of receiving actual knowledge that it is being stored, hosted or published on its system.

This created a ‘notice and take down’ regime. The Lok Sabha Committee on Subordinate Legislation asked that the takedown process be clarified and that safeguards be introduced to protect against abuse of process. Some safeguards were eventually introduced in Shreya Singhal vs. Union of India, in which the Supreme Court clarified that internet users must give intermediaries notice of a court order requiring removal of content, to obligate intermediaries to comply. This should put a stop to the practice of direct third party notices to intermediaries demanding that they take down content.

Conclusion

If we are to comprehend the dangers of internet intermediary liability, and the havoc that the Ranjit Udeshi liability principle may wreak if left unchecked, we will need to widen the focus of the freedom of expression jurisprudence in India. It needs to expand from being built around individual speakers’ autonomy to the more audience-centric norms of free flow of information for democratic self-government. This would imply a greater focus on the effect of law on the ‘intermediary’ of information such as publishers, newspapers, booksellers, television channels and online platforms that are critical to the free flow of information.

Law impacting information intermediary impacts the flow of information, and must be considered carefully with a view to the audience’s right to a vibrant public sphere. It is a mistake to focus on whether particular instances of obscene speech are necessary to our constitutional values without considering what effects the law that targets this speech through intermediary liability has on other forms of speech, which are unambiguously valuable to our democracy.