'Free speech includes the right to receive information'

BY Geta Seshu Sevanti Ninan| IN Media Freedom | 02/04/2010
"Blocking goes against free speech because free speech includes the right to receive information. But technology does not help sustain blocking. The internet treats censorship as damage and routes around it."
Taken from an interview with RODNEY RYDER, Advisor to the Ministry of Information Technology, and from his articles and presentations. Interviewed by Geeta Seshu and Sevanti NInan

What are the amendments to the IT Act of 2000 a reaction to?

The proposed amendments to the Information Technology Act to a measurable extent are a "reaction" to recent developments such as service provider liability issues and auction sites; sleazy MMS clips and the like. In major part, desirable as most reactions are, offences under the Act have been made compoundable ; that is to say, the parties can compound the case i.e. settle it between themselves. This is welcome as most crimes target specific individuals and it is right for individuals to sort out the situation.

The offences which have been made compoundable are:

Section 66: If a person dishonestly or fraudulently does any act which damages the computer or the computer system, he is liable to a fine of up to five lakhs or be imprisoned for a term of up to two years. A host of new sections have been added to section 66 as sections 66A to 66F prescribing punishment for offences such as obscene electronic message transmissions, identity theft, cheating by impersonation using computer resource, violation of privacy and cyber terrorism.

Section 66A: If any person sends by means of a computer resource or a communication any content which is grossly offensive or has a menacing character or which is not true but is sent to create nuisance, annoyance, criminal intimidation, hatred or ill will etc shall be imprisoned for an imprisonment term which may be up to two years combined with a fine.

Section 67 of the old Act is amended to reduce the term of imprisonment for publishing or transmitting obscene material in electronic form to three years from five years and increase the fine thereof from Indian Rupees 100,000 (approximately USD 2000) to Indian Rupees 500,000 (approximately USD 10,000). A host of new sections have been inserted as Sections 67 A to 67C. While Sections 67 A and B insert penal provisions in respect of offences of publishing or transmitting of material containing sexually explicit act and child pornography in electronic form, section 67C deals with the obligation of an intermediary to preserve and retain such information as may be specified for such duration and in such manner and format as the central government may prescribe.

On interception.

In view of the increasing threat of terrorism in the country, the new amendments include an amended section 69 giving power to the state to issue directions for interception or monitoring of decryption of any information through any computer resource.

Section 419A of the Telegraph Act prescribes ways in which you can intercept.  It overrides the amended  IT Act. Electronic communication is not admissible as evidence in court. The court will strike it down, but the judge may be influenced by it. The citizen is protected from the state, but not from other citizens. As for interception mobile communications and using them as evidence, short messaging has to be acceptable under the provisions of the Evidence Act.

 

On blocking

Further, sections 69 A and B, two new sections, grant power to the state to issue directions for blocking for public access of any information through any computer resource and to authorize to monitor and collect traffic data or information through any computer resource for cyber security. That includes websites. Websites that you ban cannot hit back.

But technology does not help sustain blocking. The internet treats censor-ship as damage and routes around it.

Blocking  goes against free speech because free speech includes the right to receive information.

 

On breach of confidentiality

Section 72: If a person is found in possession of some confidential information like electronic record, book, register, correspondence and he is found disclosing it to any third party without the consent of the person concerned, then he shall be punished with imprisonment for a term which may be up to two years, or a fine which may extend to One Lakh rupees, or with both.

Section 72A: If any person while providing services under the terms of the contract, has secured access to any material containing personal information about another person, with the intent to cause wrongful loss or wrongful gain disclosed the information, without the person’s consent or in breach of a lawful contract, shall be punished with imprisonment for a term which may extend to two years or with fine which may extend to five lakh rupees or with both.

          Section 43(A) is related to handling of sensitive personal data or information with reasonable security practices and procedures. This section has been inserted to protect sensitive personal data or information possessed, dealt or handled by a body corporate in a computer resource which such body corporate owns, controls or operates. If such body corporate is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, it shall be liable to pay damages by way of compensation to the person so affected.

Gradation of severity of computer related offences under Section 66 has been amended, now if an offence is committed dishonestly or fraudulently then  punishment is for a term which may extend to two years or a fine which may extend to Rs 5 lakhs or with both;

The addition of Section 72 A for breach of confidentiality with the intent to cause injury to a subscriber. This is recognised as providing sufficient protection under the EC Directive.

Contractual agreements are those agreements which are signed between parties where one party provides services on the basis of the contract signed. There is always a provision in any contractual agreement of not to disclose any information which is imperative for the running of the business. According to Section 72 (A) if anyone is found disclosing any information of a third person, without his consent he shall be punished with imprisonment or a fine of Rs 500,000. 

The problem remains with ambiguous phrases. For instance, the amended Section 43 (A) makes it mandatory for companies to include ‘reasonable security measures’ while handling data. What precisely does ‘reasonable’ indicate is any one’s guess. We would recommend organisations to follow the standards prescribed by the Computer Emergency Response Team (CERT). CERT’s primary role is to raise security awareness among the cyber community and to provide technical assistance and advice them to help them recover form computer security incidents.

A ‘fresh’ Section 68(A) has been proposed for providing modes and methods for encryption for secure use of the electronic medium. This is a welcome guidance. Section 69, related to power to issue directions for interception or monitoring or decryption of any information through any computer resource, has been amended to take care of the concerns of the Ministry of Home Affairs which include the safety, sovereignty, integrity of India, defence of India, to maintain friendly relations with other nations and preventing incitement to the commission of any cognizable offence.

 

On privacy issues arising from the amendments to the IT act:

While the amended version of the Act strengthens provisions on confidentiality and data privacy; the inclusion of a solitary provision on data privacy is quite in contrast to Europe where data protection provisions are enshrined in Directives at the EU level and in national legislation. In fact, data protection is sine qua non for aspirant members to the European Union, and also for companies who receive data from the EU. "Data subjects" must have rights enshrined in explicit rules with a detailed enforcement mechanism rather than rather than relying on a lone section to do the task elsewhere performed by an entire Act! A detailed data protection law is needed; not merely for the ITES industry but for the citizens of India.  The right to know balanced with the right to privacy is the hallmark of a democracy.

The most important thing is not to have laws, but to have the apparatus. We always had the right to information, but the apparatus to achieve it was not there until the government set it up under the Right to Information  Act.  We need a privacy framework. The European laws on privacy have one. They have a commissioner to look at privacy suo moto.

I feel CERT IN is inclined to be pro privacy. They want every organization dealing with information to have a chief privacy officer.

 

Rodney D. Ryder is a leading technology, intellectual property and corporate lawyer. He is the founding partner at Scriboard™; a full service legal consulting firm.

 

TAGS
IT Act of 2000
Subscribe To The Newsletter
Media Watch Briefs
Amazon resisting voluntary censorship
The new term for self censorship is voluntary censorship, as proposed by companies like Netflix and Hotstar. ET reports that streaming video service Amazon Prime is opposing a move by its peers to adopt a voluntary censorship code in anticipation of the Indian government coming up with its own rules. Amazon is resisting because it fears that it may alienate paying subscribers.                   
Let the games begin

Clearly, the run to the 2019 elections is on. A journalist received a call from someone saying they were from Aajtak channel and were conducting a survey, asking whom she was going to vote for in 2019. On being told that her vote was secret, the caller assumed she wasn't going to vote for 'Modiji'. The caller, a woman, also didn't identify herself. A month or two earlier the same journalist received a call, this time from a man, asking if she was going to vote for the BSP.                 

View More