Intermediary liability – the legal concept which governs the responsibility of online platforms for user-generated content – is part of the fundamental legal infrastructure that has allowed internet businesses to grow at such an astonishing rate. The ‘safe harbour’ protections built into intermediary liability laws in most countries have allowed search engines, web hosts, blogging platforms, social media companies, video sharing sites, and messaging apps scale quickly and cheaply by ensuring that they are not required to pre-screen content to check its legality. This is a luxury not afforded to traditional content businesses such as publishing or broadcast media.
This differentiation made instinctive sense around the turn of the millennium when intermediary liability regimes were first being established around the world. Today though, as many online businesses have moved firmly from being plucky upstarts to comprising the reigning establishment, there are growing calls in various countries to revisit these principles and question their premises.
A more imminent possibility looms in India. The current battle between the Indian government and WhatsApp over inflammatory messages has resulted in multiple signals that the government intends to soon amend the regulations around intermediary liability under the Information Technology Act, 2000 (IT Act). Any such move could have far-reaching implications for many internet companies and is worth examining closely. But first some background.
The passage of the IT Act in the year 2000 saw the first version of an intermediary liability law in India in the form of Section 79. It provided expansive protection (a safe harbour) to intermediaries for third party content as long as they had no knowledge of its illegality or exercised due diligence. ‘Intermediary’ is defined widely and depending on the context can include entities as varied as internet service providers, social media companies, e-commerce apps, and even cyber cafes.
The concept of intermediary liability was thrust into the limelight in 2004 in the infamous MMS scandal, which was likely India’s first case of revenge porn. A CD of two teenagers engaging in a sexual act was being sold by a user on the auction site Baazee.com, which had just earlier that year been acquired by eBay, then one of the world’s biggest e-commerce companies, in a splashy $50 million deal. Although Baazee.com took down the listing as soon as it was notified, that did not stop the police from arresting two Baazee.com employees, including Avnish Bajaj, its CEO. Bajaj, who happened to be a US citizen, spent days in Tihar jail before being freed on bail. Apart from causing a diplomatic incident with the then US secretary of state Condoleezza Rice getting personally involved, it sparked a public debate around intermediary liability, with industry calling for more clarity on responsibilities and protections.
The IT Act was amended in 2008, with a new, more detailed Section 79 being substituted for the old one. In conjunction with rules issued in 2011 (the ‘Intermediaries Guidelines’), most intermediaries were now required to exercise due diligence, the meaning of which was fleshed out in the Intermediaries Guidelines and set up a notice-and-takedown mechanism in order to avail of the safe harbour protection.
In practice, this regime meant that as long as intermediaries notified users that they were not supposed to post illegal or harmful content, and took down any infringing content which was brought to their attention within 36 hours, they could avail of the safe harbour protection. The Supreme Court judgment in the Shreya Singhal case in 2015 went on to read down the notice-and-takedown requirement by restricting it to situations where a valid court order for a takedown was served on the intermediary. This helped address the problem of a chilling effect on free speech by way of intermediaries over-complying with takedown notices in order to play it safe, and in the process also lessened their regulatory burden.
Things may be changing again. In a speech in the Rajya Sabha on July 26, 2018, India’s minister for electronics and information technology Ravi Shankar Prasad (he also holds the law and justice portfolio) made a statement on the issue of “rising incidents of violence and lynching in the country due to misuse of social media platforms” which included the following phrases:
“If [intermediaries] do not take adequate and prompt action, then the law of abetment also applies to them.”
This could be seen as an indirect reference to one of the exceptions to Section 79 of the IT Act, which says that the safe harbour will not apply if “the intermediary has conspired, abetted, aided or induced, whether by threats, promise or otherwise, in the commission of the unlawful act”. The government could be trying to interpret the law to mean that failure to implement adequate safeguards or tools to prevent the viral spread of inflammatory messages could be seen as the abetment of their spread.
“(some provisions of the IT Act need to be) revised and reinforced so that they can respond to the emerging challenges. This is proposed to be done by strengthening the implementation aspects of Section 79 of IT Act, 2000.”
This is more explicit. When coupled with recent statements calling for intermediaries to implement traceability of messages, establish a physical presence in India, and appoint a ‘grievance officer’ in India (the law currently requires an intermediary to have a grievance officer but is silent as to her location), there is a clear intent to alter the intermediary liability regime in some fashion.
This possibility gained more credence a few days later when a copy of the draft national e-commerce policy leaked, with paragraph 4.6 stating “the exemption from liability given to Intermediaries under Section 79 of the IT Act would be revisited and suitably modified”, with the Ministry of Electronics and IT (MeitY) being asked to implement this suggestion.
Almost on cue, multiple reports in mid-August surfaced, quoting government sources who said that amendments to the Intermediaries Guidelines had already been drafted and were undergoing legal vetting, with the expectation that they would be finalised sometime in September 2018.
Taken together, these statements provide a strong indication that changes could be around the corner. The question is how far-reaching or radical they will be, and whether they will be applicable to all intermediaries, or only messaging platforms.
Indian intermediary liability laws broadly do not distinguish between different types of intermediaries, with the term applying equally to internet service providers, social media companies, search engines, private messaging services, e-commerce companies, and many other platforms and services. The EU last week passed the controversial ‘Copyright Directive’, which has provisions specifically targeted at services which “store and provide to the public access to large amounts” of copyrighted material (such as YouTube or Facebook), and requires them to work proactively with rights holders to crack down on content that infringes copyright. In particular, Article 13 of the Directive provides a precedent which chips away at the fundamental notion of not requiring intermediaries to screen content. The idea of carving out a category of intermediaries and imposing a higher standard of diligence is one which may resonate with Indian policymakers given that their primary concern appears to be with online communications services.
There is also the question of whether the law in India reflects the current technical reality in terms of how popular products and services work. For example, one of the conditions under Section 79 for the safe harbour principle to apply is that the intermediary must not “initiate the transmission, select the receiver of the transmission, and select or modify the information contained in the transmission”. While this test is easy to apply in the case of a primitive bulletin-board type service, there is little guidance on how it will apply now when search engines and social media companies extensively use algorithms to sort and curate the content which is served up to users.
Given recent evidence in controversial areas such as data localisation, this government appears to be less constrained by what it views as shibboleths of digital policy