Intermediary Liability under the Information Technology Act, 2000

  • Introduction

The pandemic has catapulted the world into an online-mode. With social-distancing norms in place, a host of activities from meetings to tuitions are being conducted online and as a result, people are spending substantially more time on social media platforms which have emerged as a hotspot of hate speech and some are even hopping on the bandwagon. Antonio Geuteress, the secretary general of the United Nations, had in a recent speech called upon nations to counter ‘a tsunami of hate and xenophobia, scapegoating and scare-mongering’ afloat globally during the pandemic.[1]

A very apparent reason for the rise of hate speech is the availability of a platform for its perpetrators and the lax rules of content regulations on social media platforms. For instance, Robert Bowers, accused of killing 11 Jews at the Pittsburgh Synagogue, took a newly emerged platform – Gab to express his anti-semitic views hours before opening fire at the synagogue[2]. Even the tragic killings of over 51 people in two mosques in Christchurch, New Zealand were live streamed on Facebook by the perpetrator.[3] Concerns were also raised on YouTube’s algorithm which in a bid to maximize user-engagement, showed similar videos to any user watching some hateful content under the ‘suggested videos’ tab, and thereby contributed to his hate and added to his prejudice and xenophobia.[4] Especially in India, unfortunate events like riots and mob-killings have taken place due to misinformation being spread on WhatsApp.[5]Furthermore, although WhatsApp India has taken steps like limiting the number of times a message can be forwarded and an additional limit for forwards which have been forwarded many times[6], the end-to-end encryption can still act as an obstacle for law enforcement agencies when finding the originator of the message[7].

Therefore, a very pertinent question that poses itself is whether social media intermediaries should themselves moderate content which is published on their platform and should they also be held be liable for any crime-propagating or crime-instigating content available on their platform? This article shall provide an answer to these questions while focusing on the liability of intermediaries in the Indian context.

  • Intermediary Liability in India

Internet intermediaries are defined by the OECD to facilitate transactions between third parties on the internet and also host transmit and index content, products and services originated by third parties on the Internet or provide Internet-based services to third parties.[8] The Indian Information Technology Act [IT Act, hereinafter] also defines an intermediary in a similar fashion. It stipulates that an intermediary is any person, who on behalf on another person, receives or stores or transmits any electronic record[9] or provides any service with respect to that record and includes its ambit the telecom service providers, network service providers, internet service providers, web-hosting service providers, search engines, online payment sites, online-auction sites, online-market places and cyber cafes.[10]

There are two types of intermediary liability regimes being practiced around the globe. The first is strict liability while the other is a conditional liability or safe harbour.[11] For instance, China has a strict liability regime. The Measures for Managing Internet Information Service, 2000[12] of China shifts the liability of monitoring and filtering content on the Internet Information Services provider[13] i.e., platforms which provide information to the internet users via the Internet which can include e-commerce giants, search engines and even social-media sites. The Article 15 of the Measures for Managing Internet Information Service, 2000 stipulates that no IIS provider shall produce, reproduce, release or disseminate information that, among other things, contains either goes against the constitution, endangers national security and contains rumours or pornography. Moreover, the Chinese Internet giant Sina.com was to be stripped of its online publication license after 20 articles and four videos posted on the platform were found to have pornographic content.[14]

However, countries like India as well as the European Union practice the conditional liability regime i.e., they provide a safe harbour to the intermediaries based on fulfilment of certain conditions. The Directive of Electronic Commerce of the European Union stipulates in that a service provide can claim exemption from liability for ‘mere conduit’ or ‘caching’ when he is no way involved in transmitting the information and does in now modify the information transmitted.[15] The directive further specifies that a service provider cannot claim exemption if “he deliberately collaborates with one of the recipients of his service to undertake an illegal act”[16] and that he “upon receiving actual knowledge or awareness of illegal activities has to act expeditiously to remove or disable access to the information concerned”[17].

In India, conditional exemption to intermediaries is granted under Section 79 of the IT Act. This Section stipulates that an intermediary shall not be liable for any information hosted by it if – a) the function of intermediary is limited to providing access to the system over which the information is transmitted[18], b) it does not initiate transmission or select the receiver or modify the information being transmitted[19] and c) it observes due diligence and follows any other guidelines prescribed by the Central Government[20]. The Section also stipulates, in a similar fashion to the Directive of Electronic Commerce, that if the intermediary has conspired, abetted or aided in the commission of the wrongful act[21] or upon receiving actual knowledge fails to remove or disable access to any information, data or communication link which is being used for an unlawful act[22] – it shall lose the exemption.

However, the present-day Section 79 was substituted in place of an older version in 2009 and therefore, the position before 2009 regarding intermediary liability was different.

  • Position prior to 2009

Following was the text of Section 79, prior to its substitution in 2009 was as follows –

79. Network service providers not to be liable in certain cases – For the removal of doubts, it is hereby declared that no person providing any service as a network service provider shall be liable under this Act, rules or regulations made thereunder for any third-party information or data made available by him if he proves that the offence or contravention was committed without his knowledge or that he had exercised all due diligence to prevent the commission of such offence or contravention.

 Explanation — For the purposes of this section, — (a) “network service provider” means an intermediary; (b) “third party information” means any information dealt with by a network service provider in his capacity as an intermediary

The case which discussed the question of intermediary liability before 2009 was the case of Google India Private Limited v. Vishakha Industries[23].

In this case, the Respondent had claimed that a defamatory article was being circulated in a Google group, following which the respondent also sent a notice to the Appellants about the same but it was contended that Google did not move its little finger to block the material or stop its dissemination and therefore the respondent filed a complaint in January 2009 against the Appellant as well as the publishers of the defamatory article. On the other hand, Google claimed exemption under Section 79 and also claimed that it had no control over google groups and the same was being controlled by Google LLC, the parent company and therefore the parent company should be considered as an ‘intermediary’ in place of the subsidiary.

The factual matrix was such that the complaint was instituted by the Respondent in the January 2009 and the substituted Section 79 took effect on 27.10.2009. Therefore, the Supreme Court opined that only the old version of Section 79 could be relied upon by Google. Thus, the Supreme Court observed that even under the old version of Section 79, intermediaries were given but only from the provisions of the Information Technology Act and the rules and regulations made thereunder. Therefore, for any provision not covered by the Information Technology Act, the company would not be provided immunity under the erstwhile Section 79.

Hence, the Supreme Court undertook to find any provisions under the Information Technology Act which covered the offence of defamation. Finding none, the Supreme Court concluded that because no provision of the IT Act covered the offence of defamation, Google could not have claimed any immunity from liability under the old version of Section 79.

  • Position post 2009

The substitution of Section 79 came into effect on 27.10.2009 and it is since that a much broader and comprehensive immunity has been conferred on intermediaries. Unlike the erstwhile version of Section 79, the newer text provides immunity against “any third-party information, data, or communication link made available or hosted” by the intermediary and it does not restrict the immunity to only “this Act, rules or regulations made thereunder”.

However, a closer look at Section 79(3)(b) would reveal that the intermediary would lose its immunity granted by Section 79 of the IT Act, if “upon receiving actual knowledge that any information, data or communication link residing in or connected to a computer resource controlled by the intermediary is being used to commit the unlawful act, the intermediary fails to expeditiously remove or disable access to that material”. Therefore, a very pertinent question that itself is whether the intermediary has to itself screen and filter each and every electronic record which is being posted on its platform?

A comprehensive answer to this question was provided by the Supreme Court in the case of Shreya Singhal v. Union of India[24], wherein a challenge was posed to Section 79(3)(b) on the ground that it makes the intermediary exercise its own judgment upon receiving actual knowledge that any information is being used to commit unlawful acts. Further, it was also contended that the expression ‘unlawful acts’ also goes way beyond the reasonable restrictions mentioned in Article 19(2) and therefore impinges upon freedom of speech conferred by the constitution.

The Supreme Court in this case acknowledged the fact that if millions of requests made to an intermediary to take down content then it would be difficult for it to analyse all the requests and therefore, it held that “section 79(3)(b) has to be read down to mean that the intermediary upon receiving actual knowledge that a court order has been passed asking it to expeditiously remove or disable access to certain material must then fail to expeditiously remove or disable access to that material[25]. The Supreme Court further added a caveat that “the Court order and/or the notification by the appropriate Government or its agency must strictly conform to the subject matters laid down in Article 19(2)”[26] and that “anything beyond what is laid down in Article 19(2) obviously cannot form part of Section 79[27].

 An even comprehensive answer to the question was provided two years later by the Delhi High Court in the case of My Space Inc. v. Super Casettes India Limited[28] wherein the Delhi High Court, while upholding the judgement of Shreya Singhal, that allowing intermediaries to screen each and every piece of information before publishing it on their computer system would lead to violation of an individual’s privacy. The Delhi High Court further held that “the remedy here is not to target intermediaries but to ensure that infringing material is removed in an orderly and reasonable manner. A further balancing act is required which is that of freedom of speech and privatized censorship. If an intermediary is tasked with the responsibility of identifying infringing content from non-infringing one, it could have a chilling effect on free speech”. Further, the Delhi High Court also held that it would be impractical for an intermediary to find out which material actually infringes any law – “Simply put, that test overlooks that unlike “real” space, in a virtual world, where millions of videos are uploaded daily, it is impossible under available technology standards to identify the streaming content, which actually infringes”.

Therefore, a combined reading of both the judgments would give out that post-2009 i.e., with a new Section 79 being substituted in the place of the old one, the intermediaries have now been granted a much wider immunity and –

  1. Intermediaries are not required to screen/monitor each and every content being uploaded on its computer system;
  2. The intermediary is not liable for every content being uploaded on its computer system, provided it complies with the Section 79(2);
  3. Lastly, an intermediary is not obliged to take down any material except a court order to that extent is received.

  • Conclusion

A much wider immunity has been provided to the Section with the substituted Section 79. The reason for the same can be understood that if a stricter regime is imposed then the intermediaries may conveniently migrate to a location where data protection laws are much laxed.[29] This would not only lead to economic loss for the country but also would be a herculean task to trace intermediaries and then track down content.[30]

[1] The tweet by Mr.Guteress can be found at https://twitter.com/antonioguterres/status/1258613180030431233 (Last Accessed on 11/07/2022).

[2] Kevin Roose, On Gab, an Extremist-Friendly Site, Pittsburgh Shooting Suspect Aired His Hatred in Full, available at https://www.nytimes.com/2018/10/28/us/gab-robert-bowers-pittsburgh-synagogue-shootings.html (Last Accessed on 11/07/2022).

[3] Jack Stubbs, 17 minutes of carnage: how New Zealand gunman broadcast his killings on Facebook, available at https://www.reuters.com/article/us-newzealand-shootout-livestreaming-idUSKCN1QW294 (Last Accessed on 11/07/2022).

[4] Zachary Laub, Hate Speech on Social Media: Global Comparisons, available at https://www.cfr.org/backgrounder/hate-speech-social-media-global-comparisons (Last Accessed on 11/07/2022).

[5] Pathikrit Chakraborty, Agnipath violence in UP, available at http://timesofindia.indiatimes.com/articleshow/92324264.cms?utm_source=contentofinterest&utm_medium=text&utm_campaign=cppst (Last Accessed on 11/07/2022); Elyse Samuels, How misinformation on WhatsApp led to a mob killing in India, available at https://www.washingtonpost.com/politics/2020/02/21/how-misinformation-whatsapp-led-deathly-mob-lynching-india/ (Accessed on 11/07/2022).

[6]Ensuring User Safety in India on WhatsApp, available at https://faq.whatsapp.com/196330311553186/?helpref=uf_share (Accessed on 11/07/2022).

[7]What is traceability and why does WhatsApp oppose it? available at https://faq.whatsapp.com/2566310993676701/?helpref=uf_share (Accessed on 11/07/2022).

[8]OECD, THE ECONOMIC AND SOCIAL ROLE OF INTERNET INTERMEDIARIES, p.9, available at https://www.oecd.org/digital/ieconomy/44949023.pdf (Accessed on 11/07/2022).

[9]Section 2(t) of the Information Technology Act, 2000 defines electronic record as data, record or data generated, image or sound stored, received or sent in an electronic form or micro film or computer-generated micro fiche.

[10] Section 2(w) of the Information Technology Act, 2000.

[11] Rebecca McKinnon et al., FOSTERING FREEDOM ONLINE: THE ROLE OF INTERMEDIARIES, p.40, available at https://unesdoc.unesco.org/ark:/48223/pf0000231162 (Accessed on 11/07/2022).

[12]The Measures For Managing Internet Information Services, 2000, available at http://www.asianlii.org/cn/legis/cen/laws/mfmiis499/ (Accessed on 11/07/2022).

[13]Article 2 of the Measures for Managing Internet Information Service, 2000 defines IIS as services that provide Internet users with information via the Internet.

[14] China’s Sina.com hit by ban after porn offense, available at https://www.chinadaily.com.cn/china/2014-04/24/content_17463143.htm (Accessed on 11/07/2022).

[15] Article 43, The Directive of Electronic Commerce, 2000, available at https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32000L0031&from=EN (Accessed on 11/07/2022).

[16] Article 44, The Directive of Electronic Commerce, 2000.

[17] Article 46, The Directive of Electronic Commerce, 2000.

[18] Section 79(2)(a) of the Information Technology Act, 2000.

[19] Section 79(2)(b) of the Information Technology Act, 2000.

[20] Section 79(2)(c) of the Information Technology Act, 2000.

[21] Section 79(3)(a) of the Information Technology Act, 2000.

[22] Section 79(3)(b) of the Information Technology Act, 2000.

[23] Google India Private Limited v. Vishakha Industries [(2020) 4 SCC 162].

[24] Shreya Singhal v. Union of India [AIR 2015 SC 1523].

[25] Ibid at paragraph 117.

[26] Ibid.

[27] Ibid.

[28] My Space Inc. v. Super Casettes India Limited [(2017) 236 DLT 478 (DB)].

[29] Ibid.

[30] Ibid.

Leave a comment