It is hard to fault a government when it tries to regulate the Internet in the larger interests of the country. Under the newly-proposed draft rules (Section 69A) of the IT Amendment Act of 2008, the government will have a blanket power to block news portals and other websites for “offensive” content—in the interest of the sovereignty and integrity of India, defence of India, security of the state, friendly relations with foreign states and public order (all conditions that restrict freedom of speech under Article 19-1A of the Constitution). The devil, however, is in the detail.
Consider this. Most websites, internet service providers and social networking sites have a lot of user-generated content and provisions for bloggers to post their views. While the online content of newspapers is generally subject to proper supervision, most blogs — by their very nature — are not moderated. Social networking sites too, by their very definition, thrive on user-generated content which is unregulated. YouTube, Orkut, Facebook and MySpace are classic examples. Now, government-appointed officers, not below the rank of a joint secretary, will determine the nature of the offence and levy a penalty. But government officers are not judicial officers. Are they qualified to define, for instance, what goes against ‘friendly relations with foreign states’ and what is ‘offensive’ content? In the offline world, it is judges who do the job, and the government has no power to (for instance) cancel a newspaper’s registration merely because it has criticised a friendly country (do we have any countries that are officially listed as unfriendly?). The potential for misuse is therefore obvious.
Meanwhile, there could be more bad news to follow in the form of draft rules that pertain to Sections 43A, and 79 of the IT Act. These rules will cover telecom operators, internet service providers, business process outsourcing (BPO) units, IT services providers and banks too, since Section 43A asks companies dealing with third-party data to adopt reasonable security practices, failing which they are liable to pay a substantial Rs 5 crore as penalty.
The protection of sensitive data is of course a must. However, telecom operators who deal with third-party data may require a different level of security from, say, banks. So will a car dealer or retailer, who collects third-party data which is not as sensitive as that collected by the bank. Should the law tar everyone with the same brush?
Section 79 of the IT Act poses another problem. It deals with the liabililty of third-party service providers. For instance, the social networking site Orkut (which belongs to the Internet search giant Google) was held responsible when a user insulted the Indian flag with a ‘Hate India’ campaign. With terabytes of data being unleashed on such websites in the form of posts, it’s not practical to monitor them. The servers may reside in one country while users may be present across the globe. The administrators can remove the post only when alerted.
The absurdity of such a rule can be gauged from the fact that, in the eight years since the IT Act was instituted, not a single case of cyber fraud has been registered. Surely, a more nuanced approach to the issues posed by the Internet is in order, not the use of a hammer for every minor infringement.