Giving in to prior restraint
This article is an expanded version of a column which appeared in the Hindu, on
After 26/11 when the Information and Broadcasting Ministry tried to come up with sweeping restrictions on TV channels in the interests of national security there was the predictable outcry and the government backed down very quickly.
Why then is there not enough of an outcry when websites are affected, for the same reason? Particularly over the way rules are being framed for the IT (Amendment) Act of 2008? The powers they give the Government to block websites amount to prior restraint, permitting blocking without informing the affected party, or giving him/her a chance to be heard. Obviously it has been done to deal with terrorism, and it could be argued that you will not be seeking permission from a non-state actor when you are seeking to track him by intercepting his email or blocking the websites he uses to spread his message. But civil liberties can end up being curtailed in the name of combating terror, and individual privacy can be violated the same way. Both are endangered as the new government goes about putting teeth into the amended IT act.
The controversial Mr A Raja does not just preside over telecom, which the country’s biggest industrialists are interested in. He also presides over the lawmaking which governs the use of the Internet in
Last year, a few weeks after the Mumbai attacks in November, a Bill which had been sitting around in a Standing Committee since 2006 was hastily passed, without much debate in parliament. The Information Technology (Amendment) Act, 2008 seeks to give teeth to existing laws on information technology and cyberspace. Last month, shortly before Mr Raja began his second stint, the Department of IT posted on the Internet the results of its labours in drafting rules for this Act. Since the devil is in the details, the import of the Act resides in the rules. These are still at the draft stage, you are invited to send your comments to the Government of India, which does this feedback exercise to show how democratic it is. http://www.mit.gov.in/default.aspx?id=969.
Here, then, is a idiot’s guide to what Mr Raja and his men are proposing to do, in the name of national security, safe internet use, and suchlike.
a) Intercept email, under section 69 of the Act.
Who can give orders for such interception? Technically only the
What about laws protecting privacy? This provision circumvents those in the name of security.
b) Block websites and web content, under section 69A.
A designated officer of joint secretary-level is empowered to handle requests for blocking from departments or individuals. He submits the request to an inter-ministerial comittee of joint secretaries, including one from the Ministry of Information and Broadcasting. In an emergency, scrutiny by just the designated officer will do, and the final permission has to come from the Secretary, Department of Information Technology. What can be the basis for a request to block? The Sovereignty or Integrity of India, the Defence of India, the Security of the State, Friendly Relations with Foreign States, Public order, and, for "preventing incitement to the commission of any cognisable offence relating to above." Apart from the fact that all of the above are open to interpretation, do note the ¿preventing incitement¿ bit. In case somebody thinks you might provoke someone to do something, they can block your website.
What about a right to be heard before the blocking? There is none. The job of Secretary, Department of Information Technology, suddenly becomes a pivotal one in the matter of freedom of expression. He has the final say in any blocking.
Review of the decision? A committee headed by the Cabinet Secretary, GOI, needs to meet at least once in two months for that. As a CERT IN official said at a recent meeting when questioned about the inordinately long time taken for a review, "Bahut cases hote, saab. Cabinet Secretary khali nahin baithe hota." His point was that overall there is a four-level scrutiny, and that so far blocking of web pages or sites has been very rare indeed,
c) Monitor and collect traffic data relating to a website, in the name of ensuring cyber security, and foiling cyber security incidents. Under section 69B.
d) Set up an Indian Computer Emergency Response Team (CERT-IN), whose constituency "shall be the Indian cyber community," under section 70B (1)
If you plough through all the citizen-friendly sounding stuff that this team is supposed to do, you will hit upon this clause: "For carrying out its functions prescribed in section 70 (B) of the Act, CERT-IN may seek information and give directions for compliance to the service providers, intermediaries, data centres, body corporate and any other person, as may be necessary." This innocuous body can order your service provider to cough up any data it wants. And what level of officer can do this? Any officer of CERT-In, not below the rank of Deputy Secretary to the Government of India. Again the defence is that this clause only relates to cyber security. The rules empowering CERT-IN are drafted by the organisation itself. Talk of giving yourself powers because you are making the rules!
e) Define the liability of Network Service Providers, under section 79.
This is a section for which the rules have not yet been posted, because there is hectic lobbying going on by industry. It seeks to protect the companies that operate in
Who will be defined as a network service provider? What will be defined as due diligence? What will be the definition of an intermediary? Industry is lobbying with CERT-IN on these issues. Sachin Pilot is the minister in charge.
But is civil society mounting enough of a fight to protect privacy, and prevent web content blocking without a prior right to be heard? Is it doing enough to oppose the extraordinary powers Mr Raja¿s ministry is arming itself with?
Because given the way we handle technology, actions officially ordered do not end up have the restricted impact they are supposed to. Back in 2003 when there was an attempt at Internet censorship through the blocking of a discussion group on the Web, the Internet Service Providers went beyond the targeted blocking they were asked to do. An organisation in Meghalaya which advocates seccession had set up this group, and the request for blocking it came from the Central Bureau of Investigation (CBI).
Had the service providers quietly blocked this one discussion group, nobody might have noticed. But they had never received such a request before and three of them (Mahanagar Telephone Nigam Limited, Data Access and Sify) wrote back immediately to DoT to say that since their infrastructure made it technically impossible to block just one group they had ("as per your directive") blocked all of Yahoo Groups, thousands of them. Predictably, there was a huge outcry.
And it achieved the opposite of what it set out to do because it sent the curious rushing to a little-visited discussion group. Despite being blocked, the page could be accessed through an anonymizer site on the Net whose express purpose is to allow people to circumvent blocks. Censorship does stay quiet in this country, which is a great thing. Nor does it achieve its objective. See what this attempt did for Kynhun.BriU Hynniewtrep, the Meghalaya discussion group, seeking a separate state for the Khasis. Its membership grew from 25 or so before the censorship, to 214 after it. The year-old group had meandered along unnoticed, with an average of three postings a month. Post ban, it got 23 in four days.
Censorship does stay quiet in this country, which is a great thing. But the point to remember about governments is that where arbitrary powers are concerned, they never stop trying to exercise them.
(This article also draws upon an earlier column available at http://www.hindu.com/mag/2003/10/12/stories/2003101200180300.htm)