The contentious Section 66 (A) of the Information Technology Act was declared ultra vires and unconstitutional by the Supreme Court of India.
The decision of the government to block 32 URLs has become a subject matter of debate and the question being asked is blocking the right way to go.
Should the government be taking down websites or web pages? Should the government be acting against the intermediaries or should it block websites as a whole? These are a few points that need to be debated and to speak with oneindia is Cyber Law expert, Pawan Duggal.
The various grey areas in our laws especially when it comes to the Social media has created one more flutter in the form of a controversy regarding the official twitter account of the Prime Minister of India. The BJP was extremely upset that the outgoing Prime Minister’s team had reset @PMOIndia and renamed it @PMOIndiaArchive.
Now let us examine what the laws on such matters say. First and foremost we must understand that @PMOIndia was a verified account and by doing so twitter had only added to the authenticity of the account. Pawan Duggal an expert on the cyber law speaks with rediff.com in detail about the case on hand and also the legal ramifications that surround it.
The much awaited National Cyber Security Policy of 2013 was revealed yesterday and this according to the government of India was done with an intention of safeguarding the nation.
Before getting into the pros and cons of the policy here is a brief of what the policy aims at doing. A nodal agency to coordinate all matters related to cyber security would be set up.
A mechanism to share information, identify and respond to cyber security incidents would be in place. A cyber ecosystem would be created to provide fiscal benefits to businesses. A workforce comprising 5,00,000
professionals would be appointed. The policy aims at enhancing and also creating a national and sectoral level 24×7 mechanisms for obtaining
strategic information regarding threats. It plans to develop indigenous security technologies through research. Continue reading “Cyber policy- broad, lofty and no safeguards”
The recent attacks on the freedom of internet users has become a subject matter of debate. Termed draconian and ultra vires to the Indian Constitution, the Information Technology Act more precisely, Section 66 A of the act, many have started to raise their voice seeking an amendment. Read what Rajeev Chandrasekhar, Member of Parliament has to say on this subject. Continue reading ““Government fears the internet””
The government has proposed to amend Section 66 (A) of the Information Technology Act which has been dubbed as one of the most draconian laws in the country.
As per the proposal, the government will set new guidelines for officers dealing with this act so as to ensure that there is some accountability while dealing with this section and registering cases.
The arrest and the subsequent release of a girl who posted a comment against Bal Thackrey on her Facebook profile is a reminder of what happened on the social networking sites during the Assam Exodus.
The first of the charges booked against her was under Section 505(2) of the Indian Penal Code 1860. The section reads- Statements creating or promoting enmity, hatred or ill- will between classes. Whoever makes, publishes or circulates any statement or report containing rumour or alarming news with intent to create or promote, or which is likely to create or promote, on grounds of religion, race, place of birth, residence, language, caste or community or any other ground whatsoever, feelings of enmity, hatred or ill- will between different religious, racial, language or regional groups or castes or communities, shall be punished with imprisonment which may extend to three years, or with fine, or with both.
There has been a raging debate on the role that the social media has been playing. It got even more serious post the North East exodus and many sites were blocked and also handles kept under suspension. After much deliberation the Department for Electronics and Information Technology has put out guidelines for the use of social media for governmental organizations.
Information Communication Technologies (ICTs) including internet and mobile based communications are increasingly becoming pervasive and integral to day-to-day functioning of our lives- whether personal or official. ICTs offer an unprecedented opportunity of connecting to each and every individual and design the communication structure accordingly to each person. Such a structure can be defined and re-defined by both initiator and receiver of communication.
As social media demands 24*7 interactions, some responsiveness criteria may be defined and a dedicated team may be put in place to monitor and respond. There should be congruence between responses on social media and traditional media and relevant provisions of IT Act 2000 and RTI Act must be adhered to.
The advent of social media is transforming the way in which people connect with each other and the manner in which information is shared and distributed. It is different from traditional media such as print, radio and television in two significant ways – first, the amount of content that can be generated by the users themselves far exceeds the content generated by news/opinion makers and second, its “viral” ability for potential exponential spread of information by word of mouth and interlinking of the various social media platforms, thereby considerably reducing the control over spread of any such information.
Need for Social Media Guidelines
Given its characteristics to potentially give “voice to all”, immediate outreach and 24*7 engagement, Social Media offers a unique opportunity to governments to engage with their stakeholders especially citizens in real time to make policy making citizen centric. Many governments across the world as well many government agencies in India are using various social media platforms to reach out to citizens, businesses and experts to seek inputs into policy making, get feedback on service delivery, create community based programmes etc. However, many apprehensions remain including, but not limited to issues related to authorisation to speak on behalf of department/agency, technologies and platform to be used for communication, scope of engagement, creating synergies between different channels of communication, compliance with existing legislations etc.
Guidelines for Using Social Media by Government Organizations
This section provides the users in government organizations, a set of guiding principles that may be used while making use of Social Media. The section will illustrate through appropriate examples, some of the critical aspects of each element.
Having defined the objectives, the next step is to identify platforms and phases in which such an engagement shall be undertaken at these platforms. While social networks currently seem to be the face of social media, they are not the only platform. Some of the other forms of social media include, Social bookmarking site – stumble upon; transaction based platforms – Amazon & eBay; self publishing media – You Tube, Picasa; Business management etc. Since the choices are many, it is essential to identify one or two key platforms from which the department may begin interaction. Based on objective and response, the basket of platforms may be enhanced. Government departments and agencies can engage social media in any of the following manner:
By making use of any of the existing external platforms, or
By creating their own communication platforms
The choice of the platform – whether owned or externally leveraged should be made based on the following factors:
Duration of engagement – whether the engagement sought is to be an ongoing activity or created for a specific time-bound purpose
Type of Consultation – whether the consultation is open to public or confined to a particular group of stakeholders e.g. experts.
Account Creation: A social media account establishes an organisation’s online identity. Wherever possible, the same name for the different social networking accounts may be adopted to ensure ease of search on the internet. Another important facet of online identity is the need for it to be rendered effectively in either long form e.g. website address or in 15 characters or less (this is the Twitter maximum).
Login and passwords: Each new account requires a URL, user name and/or email address and a password. A proper record of login ids and password must be maintained. This is critical as multiple people may be authorised to post on behalf of the department.
Account Status: It is important to define whether the engagement may be undertaken through official accounts only or the officials may be permitted to use personal accounts also for posting official responses. It determines who says what on behalf of your organisation and in what form it is published. It also outlines how each piece of published information is presented where it is published. The most important aspect is whether the responses are in Official or Personal Capacity.
Responsiveness: This indicates the how often would the pages/information be updated, in what manner would the responses be posted, what would be the turnaround time of responses etc. The major attraction of social media is the spontaneity and immediacy of response and feedback and those visiting the site would expect the some kind of response within a pre-defined time limit. As far as possible, it is important to state upfront the scope of response – given/not given, type of response – official/unofficial, response time – 1 day/1 week etc. so that expectations are set correctly. Some of the ways to ensure timely response is Email integration i.e. email writing, list management, list building, proper lead direction so the right internal person takes actions on leads in a timely fashion and Daily management/maintenance of social media platform messages, customer contacts, etc.
While employees are free to post response in their personal capacity, it is mandatory that while they are doing so, they must clearly identify themselves, confidential information must not be divulged and should not be seen to represent “official view” unless authorised to do so.
Another important aspect that needs to be addressed is the Escalation Mechanism.
There has to be a defined hierarchy not only of responses but also of queries. For example, the comments and queries may be classified as routine – for which a Frequently Asked Question (FAQ) and Fixed Response Format (FRF) may be applied.
The next level may be queries/comments related to projects/programme, for which no separate official response may be needed because all relevant information may be available in the public domain and the query may be responded accordingly.
The next level of query/comment may be more specific where an “official” response may be needed. Such a categorization will help organizations in streamlining their responses.
Finally, there should be congruence between responses posted on social media and those in traditional media.
Roles & Responsibilities: The roles and responsibilities of the team responsible for creating, managing and responding on social media platforms must be clearly defined.
In Indian context, they may also need to be aligned to roles and responsibilities defined for responding to RTIs.
For most interactions, flexibility may be given to the staff to respond to regular queries or comments.
Escalation mechanism defined in the governance structure must clearly define accountability at all levels.
The role definition must not be limited just to responses, but also include responsibility for matters related maintenance of login ids and passwords, issues related to data security, archives, privacy, etc. For example, while the existing web content team may be assigned the responsibility for responding to usual queries; special technical expertise may be required to ensure appropriate levels of security.
Accountability: Clearance systems that distinguish between situations when an official position is required, and when open conversation is appropriate. This has to have at its heart a redefinition of accountability. The officials designated for engagement with citizen using the social media should be covered under a well defined immunity provision in consonance with the RTI Act and the IT Act and the IT Amendment Act 2008.
Content Creation & Social media profiles overlap, therefore sharing consistent content on all social media platforms should form the bedrock of content policy. While the social media tools allow everyone to become a creator, for the official account, content will have to be specified and tailored to the site on which it is being published.
Accessibility: In order to enable wider participation, content creation and availability should be in Indian languages and must not be limited to text alone. The content should follow the Government of India Guidelines for Website and adequately address challenges related to accessibility in Indian Languages as well as accessibility of content for differently abled.
Moderation: A moderation policy should also be published if the platform permits others to add their own content; this informs people what they can post whilst protecting others who may visit your platform. The moderation policy should include matter related to copyright, rights to addition and deletion etc.
Records Management: When any information is shared or guidance given online, it is necessary to ensure that all relevant records are captured, trail is generated and records are managed appropriately. It is important that the rules regarding record keeping are states upfront so that those seeking historical data are aware of statutes and limitations. Some of the important aspects that may be kept in mind while defining record management guidelines are as under:
The requirements for existing legislations e.g. RTI etc. need to be kept in mind and are paramount in influencing decisions regarding record keeping
Ordinarily, if online consultations do not impact decision making, lead to or influence policy making (e.g. seeking information about nodal officers, or any other public document, or responding to generic comments such as governance should be improved etc.) the agencies may decide that no record of such interactions will be maintained.
However, if consultations are necessarily being undertaken on specific policy or governance issues or that may influence decision making (e.g. inputs into Plan Document, consultation on policy frameworks etc.) then all necessary records need to be maintained. If the agency is using a social media site that does not facilitate record keeping, then there are various other options that may be explored. Some of the options are given below and may be exercised based on need and resources available:
Records may be created agency’s internal platform and records be maintained with appropriate tags e.g. creator/sender, dates, posting site etc.
Screenshots may be captured and stored in soft or hard (copy) format and filed at appropriate place.
A summary may be created of the information/consultation and filed.
Since most of the social media platforms are based outside India and are not governed by Indian Laws, or managed and controlled by Indian regulations, specific policies may be drafted related to information security and archiving. If required the agencies may engage with the Social Media Service Providers to work out Service Level Agreements for
Complaint and response mechanism between the agency and the Service Provider
Shared access of the content
Legal Provisions: In India, the legal implications must be viewed in accordance with the law of land e.g. RTI Act, IT ACT 2000 & IT Amendment Act 2008 etc as also rules and regulations made thereunder. These policies must be circulated internally to ensure uniformity of response. Some of the key sections and their implications that must be kept in mind are as under:
When Government department provides such social media facilities on its network, receives, stores or transmits any particular electronic record on behalf of another person or provides any service with respect to that record, they become intermediary under Section 2(1)(w) of the amended Information Technology Act, 2000.
Section 79 of the amended Information Technology Act, 2000 provides the broad principle that intermediaries like Government departments providing social media facilities are generally not liable for third party data information or communication link made available by them. However this exemption from liability can only be applicable if the said Government department complies with various conditions of law as prescribed under Section 79 of the amended Information Technology Act, 2000. The said conditions which need to mandatorily complied with the Government department to claim exemption for any third party data information or communication link made available or hosted by them in connection with social media facilities made available by the said department on their network are as follows:
The function of the Government department is limited to providing access to a communication system over which information made available by third parties is transmitted or temporarily stored; or hosted
Data & Information Security Governance:
The Government’s communication to citizens via social media should follow the same data retention policy as its communication through other electronic and non-electronic channels. Data portability compliance varies from one social media platform to another.
Provisions related to Personal Information & Security: Under the Information Technology Act 2000, the Central Government has enacted various rules and regulations which impact social media. Some of the most important in this regard are as follows:
i. The Information Technology (reasonable security practices and procedures & sensitive personal data or information) Rules, 2011 define provisions for personal information & security and what constitutes sensitive personal data. Sensitive personal data or information of a person means such personal information which consists of information relating to;―
b. financial information such as Bank account or credit card or debit card or other payment instrument details;
c. physical, physiological and mental health condition;
d. sexual orientation;
e. medical records and history;
f. Biometric information;
g. any detail relating to the above clauses as provided to body corporate for providing service; and
h. any of the information received under above clauses by body corporate for processing, stored or processed under lawful contract or otherwise:
Provided that, any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as sensitive personal data or information for the purposes of these rules.
ii. For the purposes of protecting such sensitive personal data, the Government has mandated that any legal entity who is processing, dealing or handling sensitive personal data must implement reasonable security practices and procedures.
iii. The Government further stipulate that ISO 27001 is one acceptable standard of reasonable security practices and procedures.
Rules for Privacy and data collection: While social networking enables greater transparency, it is equally important to ensure the protection of people from exposure to inappropriate or offensive material.
Since profiles on social network are linked more often to individuals and not organisations, for the organisation’s site/page, a separate work profile may be created which can then be linked to a general email address that is accessible to anyone in the team, enabling them to administer the social networks without compromising on individual privacy.
Providing official email ids and accounts to each and every government official authorised to engage on behalf of the department and permit use of only official accounts for engagement.
However, while applying the above, The Information Technology (reasonable security practices and procedures & sensitive personal data or information) Rules, 2011 stated in the preceding paragraphs above must be complied with. The relevant sections of the Information Technology Act 2000 are placed in Annexure III for ready reference. In addition, the users may refer to any other relevant legislations, provisions and rules notified.
Some of key aspects of communication strategy include – Integration of Social Media into routine, Connection with existing networks, Sharing content across sites and Publicising use of social networking through traditional media.
Social media can only be used by the Government to communicate existing Government information and propagate official policy to the public.
While the social media tools allow everyone to become a creator, for the official account, content will have to be specified and tailored to the site on which it is being published.
Since social media are relatively new forms of communication, it is always better to test efficiency and efficacy of such an initiative with a pilot project. Some of principles of creating such a pilot are given below:
Focussed Objective setting: Initiate interaction for a limited objective or limited to one topic
Begin Small: It is always better to start small and it is advisable to begin with one or two platforms.
Multiplicity of access: The chosen platform should typically permit inputs from or linkages through multiple access devices. This will ensure wider participation.
Content Management: It is not enough just register presence on a variety of platforms. It is essential that content provided is topical and up to date.
Community Creation: On any social media platform, creation of a community is essential to generate buzz and sustain interaction.
A detailed guideline on creation and sustenance of community building is placed at Annexure IV
Social media monitoring must be an integral part of any social media strategy. Social media data is different from other data or information because organisations have no control over its creation or dissemination on the Web and in order to understand and analyse the data a structure has to be imposed externally on it. Today a multitude of tools offer solutions for measuring conversation, sentiment, influences and other social media attributes.
The final step in ensuring that the pilot is scaled and integrated is to link it to existing administrative and communication structure. An indicative list includes:
rules may be established that all policy announcements will be undertaken simultaneously on traditional as well as social media;
all important occasions as far as possible may be broadcasted using social media;
all documents seeking public opinion must be posted on social media sites;
all updates from the website would automatically be updated on social media sites and;
all traditional communications will publicise the social media presence.
The Framework and Guidelines in this document have been formulated with a view to help government ministries, departments and agencies to make use of social media platforms to engage more meaningfully with their various stakeholders. Social media’s characteristics of connectedness, collaboration and community have the potential of ensuring broad based consultation, and can help agencies reduce the duration of consultation process and receive immediate feedback on services delivered. In order to effectively utilise this media, the agencies must define very clearly the objective of such an engagement, select platforms that will be used for engagement, rules of engagement, communication strategy for ensuring broad basing such an engagement, and finally if found effective and efficient institutionalise such social media with mainstream engagement process. Both in India as well as across the world, various government departments and agencies at federal, state and local government level are using this media. However, this is a dynamic and evolving area and continuous engagement and nimbleness of response to such an evolving scenario will determine the success of such efforts.
Pre monitoring content on social networking sites is a subject matter of debate. Kapil Sibal talks about such an action and one could say with some bit of confidence that it is something that has not been accepted by one and all, leave alone being taken in the right spirit.
The question is do we need further monitoring of the social media when laws are already in place or is it time India deals with bigger challenges such as cloud computing for which there are absolutely no laws in place.
We have an IT Act in place which came into existence in the year 2000. It is considered to be a mother legislation dealing with all data and information in the electronic form as also the use of computers. This law already has in place certain provisions. These were further amended in the year 2008. After the amendment Section 66 (A) of the amended IT act provided for a very wide offence pertaining to electronic/online defamation. This is made an offence punishable with 3 years imprisonment and fine.
Pavan Duggal, an expert on cyber laws and also an advocate in the Supreme Court who is opposed to the idea put forth by Sibal says we already have enough and more laws in place. While Section 66 (A) deals with these aspects there is also Section 67 of the IT Act which states publishing and transmission of seen electronic information is made out to be a crime. This section is also wide enough to incorporate content that is defamatory or appears to the prurient interest or the effect of which is to tend to deprave and corrupt the minds of those who are likely to see read or hear the same. This is another broad category of offence attracting 3 years of prison or Rs 5 lakh in fine. However today after the amendment the offence has become a bailable one.
Further under the IT Act the government has implanted the rules of 2011 April. These rules provide a mechanism for disabling access to defamatory content and other illegal content. Any affected person can complain to the service provider or government can notify to the service provider about the same. The service provider is mandated to act with 36 hours failing which the service provider becomes also a co accused and a co abettor and could face civil and criminal exposure under IT Act and also the Indian Penal Code.
Rajeev Chandrasekhar, Member of Parliament points out that if Kapil Sibal and Co were really serious about protecting people from defamation on the net, they would first of all read the IT act – there is a section there that allows a victim to legally pursue his/her claim of defamation – its a strong legal provision – and after reading it and understanding it they would then ensure they run a public awareness program – so that victims can then pursue their cases on their own.
This man is a lawyer and he hasn’t read the laws that exist? Are we destined to be governed by people who don’t read, don’t understand and only pander to fears and vote banks and rely on spin/obfuscation as their only tool? :
Duggal further adds that we already have a mechanism in place. Now after the amendment we have in place a few categories designed as intermediaries under Section 2 (1) of the IT Act. This is very vast to include all social media service providers. Under Section 79 of the IT Act, these social media companies are mandated to do due diligence while discharging their obligations under the law. Further they are also mandated to comply with rules and regulations
Once we have this in place, where is the logic for further regulations of social media. Further any kind of regulation of social media is likely to have a prejiducial impact upon the freedom of speech and expression. Now the minister has talked in terms of pre monitoring content which is an extremely difficult exercise given the continuously growing size of social media. Today there more than crores of messages and tweets per day are generated by all social media platforms from India alone. Pre monitoring all such content is not only technologically but also humanly impossible. When you look at laws across the world almost all laws have touched on the aspect post publication period. Once material is published it could be taken down and the author prosecuted. None of the laws talk of the pre publication phase. This is because it not only spells death knell of real time communication, but also that the same is not even warranted by laws of countries in the actual world. Today almost all across the world the speeches or what is spoken is not pre monitored. Hence what is not done in the actual world cannot also not be done on the internet.
There is an inherent flawed approach. Further such an exercise is likely to impact the privacy rights of citizens. Rather than amending the law and making it more in sync with the current level of technological development, the minister is talking about over regulation of social media which even the main legislation does not speak about.
With cloud computing now coming in the law needs to be beefed. Rather than beefing the law we are thinking in another direction.