Factcheck! The IT Rules 2021 FAQ

tl;dr

'The Union Government had notified the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 in February, 2021 (‘the Rules’). Back then, we provided a deep-dive of the Rules and thereafter, they have been subject to several challenges. The High Court of Madras and Bombay have stayed Part III of the Rules. Now almost 8 months after the notification of the Rules, the Ministry of Electronics and Information Technology has released a document consisting of Frequently Asked Questions purportedly to ‘bring clarity’ and to ‘explain the nuances of the due diligence to be followed by intermediaries’. In this blogpost, we separate the Facts from the Claims made in the FAQ document.

Background

On Feb 25, 2021, the Government of India notified The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (“IT Rules, 2021” or “the Rules”) which have fundamentally changed the way the internet and digital services are experienced in India. The Rules have been subject to several challenges, and the High Court of Madras and Bombay have stayed Part III of the Rules. The Kerala High Court has directed the Union Government to not take coercive action under Part III of the Rules against LiveLaw Media Pvt. Ltd.

Now almost 8 months after the notification of the Rules, the Ministry of Electronics and Information Technology has released a document consisting of Frequently Asked Questions purportedly to ‘bring clarity’ and to ‘explain the nuances of the due diligence to be followed by intermediaries’. Notably, the document also makes it clear that it is ‘in response to general queries received by MeitY. It is not a legal document and in no way whatsoever replaces, amends or alters any part of the IT Act/ IT Rules, 2021.’

Facts vs Claims

1. On public consultation for amendments in the erstwhile Information Technology (Intermediaries Guidelines) Rules, 2011:

Claim: FAQ 3 - MeitY invited public comments on the draft new Rules on 24.12.2018 and based on the public comments and suggestions, adopted the “Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021” replacing the earlier Information Technology (Intermediaries Guidelines) Rules, 2011.

Verification: While public consultation was held for a draft version of the Rules in 2018, the IT Rules, 2021 are drastically different from the draft that was released in 2018, and no public consultation was held for this version of the Rules. For example, the draft version did not regulate publishers of online curated content or digital news media. Thus, the public did not even know that the Union Government was contemplating to regulate content not on social media

2. On adherence to the Supreme Court’s Order in Re: Prajwala case:

Claim: FAQ 4(c) - The Rules are aligned with the Supreme Court’s order in Re: Prajwala for SSMIs.

Verification: While Rule 4(4) takes into account the Hon’ble Supreme Court's order Re: Prajwala [(2015) SMW Crl. No. 3/2015], however, in an example of function creep, the Rules go beyond the Supreme Court's order and include extreme measures relating to automated content moderation in instances that were not contemplated by the Supreme Court, such as in instances of content that has already been taken down.

3. On enhancing online safety of women and children:

Claim: FAQ 5 - The new IT Rules, 2021 have a clear objective of enhancing online safety of users, particularly women & children

Verification: While enhancing the safety of women and children online is a necessary objective and must be viewed seriously, however, the Rules incorporate measures (ex - Rules 4(2) and 4(4)) beyond what is necessary to achieve the stated objective, and in fact end up undermining the constitutional rights of citizens online.

Further, a lack of a clear consultation phase means that these rules do not take into account the voices and inputs of various women's rights groups who would have been much better placed to balance the undeniable need for women safety online with the constitutional rights of social media users.

4. On IT Rules, 2021 being privacy focussed:

Claim: FAQ 6 - The Rules have a clear focus on protecting online privacy of individuals and are consistent with the fundamental right to privacy.

Verification: The IT Rules, 2021 are not consistent with right to privacy and in fact, they seriously undermine the right to privacy. In particular, Rule 4(2) considerably weakens end-to-end encryption, which has now become the privacy standard for mobile based messaging platforms.

It is also incorrect to suggest that messaging-based intermediaries are only required to enable identification of the first originator upon receiving authorised directions - instead the messaging-based intermediary will have to enable first originator traceability mandate for all texts across platforms, since it is impossible to predict which message may receive an order against it for tracing of the first originator.

5. On safeguards to users’ privacy in tracing the first originator of messages:

Claim: FAQ 6 - There are a number of safeguards in place in rule 4(2) to ensure that the privacy of users is not violated.

Verification: It is incorrect to suggest that there are adequate safeguards in place. The safeguards provided under 4(2) and listed in this FAQ are insufficient to ensure the privacy of the users. Rule 4(2) has the overall effect of weakening encryption protocols in respect of all messages - sent and received by all users on all messaging related intermediaries.

6. On tracing the  first originator of messages:

Claim: FAQ 6 - Messaging-related intermediaries do not enjoy the authority to identify such users or information on their own in the absence of appropriate orders.

Verification: This is an entirely false statement. The Rules in any provision do not prohibit the Intermediaries to identify the senders and the receiver including the first originator on their own.

End-to-end encryption is offered as a service by certain messaging related intermediaries and is not mandated by any Rules, though it is the privacy standards in mobile based chat applications.

7. On impact upon the right to free speech and expression:

Claim: FAQ 7 - The IT Rules, 2021 are consistent with the right to free speech and expression and Article 19(2) of the Indian Constitution.

Verification: The Rules seek to overturn the intermediary liability regime which the Supreme Court protected and preserved in Shreya Singhal vs Union of India. The IT Rules undermine the holding in Shreya Singhal vs Union of India that an “unlawful act” in S.79 of the IT Act, 2000 must be limited by Art 19(2) of the Constitution.

The Rules restore the position of the intermediaries as exercising private censorship. The Rules are sanctioning a scheme that dilutes the intermediary liability regime that Shreya Singhal protected and preserved. The government has shifted the burden of decision making regarding what content should be taken down from itself/the courts to private intermediaries, reinstating their status of “super-censors”.

8. On increased accountability of intermediaries to users:

Claim: FAQ 8 - The Rules provide increased safety of users and also ensure accountability of intermediaries to the users.

Verification: The Rules do not further the accountability towards the users in any way. For eg., if any user's content is taken down then the Rules do not provide for any appellate mechanism to review such decisions. The Rules have instead made the intermediaries answerable to MeitY and not directly to the users.

9. On due process to users by way of a grievance redressal mechanism:

Claim: FAQ 21 - In case of a complaint, Rule 4(6) provides flexibility to the intermediaries to decide the best way to give an explanation and due process to the user.

Verification: Since no appellate mechanisms have been provided in respect of content that is taken under these Rules, it cannot be said that Rule 4(6) guarantees due process to the users.

Claim: FAQ 22 - When content posted by a user is removed, the Rules provide a mechanism for users an ‘adequate opportunity to dispute the action’ of the social media intermediary.

Verification: While 4(8) allows an opportunity to dispute the action however, such an opportunity cannot be considered adequate as 4(8) does not contain any appellate mechanism - and in the absence of a proper internal appellate mechanism, it cannot be said that the opportunity to dispute a content takedown action was adequate. Rules 4(6) and 4(8) are not in consonance with the Santa Clara Principles that set out the due process which an intermediary ought to follow in the event of a takedown of user content.

10. On the intent behind the traceability mandate:

Claim: FAQ 24 - The intent of this rule is not to break or weaken the encryption in any way but merely to obtain the registration details of the first Indian originator of the message.

Verification: The Ministry has consistently maintained that the intent of these Rules is not to break or weaken encryption, however, the Ministry has also absolved itself of reconciling the enabling of traceability with the preservation of encryption. Here too, the Ministry has left it to the messaging related intermediaries to figure out by themselves how to implement traceability without weakening encryption. Merely stating that the intent of the Rules is not to weaken encryption does not take away from the fact that the actual effect of the Rules is to weaken encryption.

11. On impact of non-compliance with the Rules:

Claim: FAQ 27 - In the event of non-compliance, the intermediary shall lose its exemptions from liability as provided under S.79 of the IT Act, 2000 and Rule 7 of these Rules may become applicable with respect to the extant law violated.

Verification: What this answer fails to mention is that the intermediary risks losing its protection under S.79 of the IT Act in the event of any failure to comply with these rules, however big or small. For eg., even in the event of failing to restrict access to one post or comment, the entire platform can lose its intermediary status.

[Rule 7 - Where an intermediary fails to observe these rules, the provisions of sub-section (1) of section 79 of the Actshall not be applicable to such intermediary and the intermediary shall be liable for punishment under any law for the time being in force including the provisions of the Act and the Indian Penal Code.]

12. On penal provisions for users:

Claim: FAQ 28 - There are no penalties on users under the IT Rules, 2021.

Verification: While there are no direct penal provisions under these Rules which penalise the actions of the social media users, the Rules nevertheless adversely impact the social media users by undermining their fundamental right to privacy and negatively affecting their right to free speech.

  1. A document published by the Ministry of Electronics and Information Technology containing Frequently Asked Questions on IT Rules, 2021. (link)
  2. Table summarising challenges to IT Rules, 2021. (link)
  3. Previous post titled 'Deep dive : How the intermediaries rules are anti-democratic and unconstitutional' dated 27th February 2021 (link)

The post was drafted with the assistance of Gyan Tripathi, a fourth-year law student from Symbiosis International, Pune.