A version of this article appears in the print edition of Thinking Aloud Magazine dated July, 2011.
constant work in progress
Around thirteen years ago, the world saw one of the first portable MP3 players, the Rio PMP300. The Rio PMP300 which was manufactured by Diamond Multimedia had the capacity to store a little less than 10 songs, some major design flaws and sold at an excess of 200 US dollars. This underperforming and overpriced device regarded as a technological marvel of its time and went on to sell more than two hundred thousand units. These sales may seem surprising today, however, looking through the personal collection of audio devices and formats one can easily gather the schumpeterian cycles of upgradation and innovation in modern technology.
This energy which pervades the hi-tech and the internet industry brings unique challenges for legal regulation. Generally, the objective of legal regulation is to clearly prescribe categories of conduct which are allowed and hence legal, from ones which are prohibited and hence illegal. Hence, law promotes consistency in the action of people and the subject it seeks to regulates. The problem comes when its subject, such as technology keeps on changing constantly. The product of this tension between stability and change is demonstrated through the Information Technology Act, 2000 (the IT Act) a law which aims to regulate all online behavior in India.
long road to an amendment
Though made by an act of parliment in 2000, early versions of the IT Act began circulating around the same time the RIO PMP300 was commercially introduced and just like the MP3 player which keeps on changing constant calls have been made for amendment of several of its provisions. There was noticeable rise in pitch when in 2004 the CEO of Baazi.com (subsequently ebay india), was made a co-accussed and arrested in connection with the sale of the infamous DPS MMS on the Baazi.com platform. There were calls to remodel Section 79 of the IT Act which provided immunity for internet intermediaries (such as ISP’s and search engines etc.) on the basis that they acted as passive conduits and should not be made liable for the acts of their end users. These calls lead to the constitution of an expert committee in 2006 which conducted a review on the act and called for the amendment of several of its provisions. Thereafter an amendment bill was introduced in the Lok Sabha however it was soon referred to a Standing Committee which made substantive changes and introduced a new draft bill titled as the Information Technology (Amendment) Bill №96-C of 2008.
There seems to have been some delay in passing the bill, however with the terror attack in Mumbai, the amendment was portrayed as a anti-terror legislation and was passed along with 7 other bills in 17 minutes on 23rd December, 2008 the last day of the monsoon session of the 14th Lok Sabha. This should not be mistaken for efficiency as the amendments languished before parliament for more than two years in various forms. These bills were seemingly passed in the background of the terrorist attacks where a legislator would take great care to resist any accusations of being antinational or being unsupportive of an anti-terror law. The amendment was notified on 27th October, 2009 on which date it came into force.
does it change anything ?
In some respects, the 2008 amendments which went through the rooms of several committees before being passed in a hurry does address several concerns with respect to internet regulation in India. It makes provisions for ensuring a level playing field in the adoption of technology for electronic signatures, ensuring privacy of communications, permissible encryption standards, intermediary liability, offences such as prescribing a punishment for online pedophilia etc. However, by covering such diverse subjects under the same statutory umbrella attention to detail is lost.
This lack of detail and nuance is the central fault of the IT Act. The 2008 Amendment by increasing the breadth as well as the aspiration of the enactment only compounds this problem. This overambiotion brings in a tremendous lack of appreciation of the changing and the complex character of the Internet. It is not without reason that the Model Law on Electronic Commerce, on which our IT Act is based did not contain a chapter for offences.
It is important to bear in mind that the IT Act was originally meant as an enactment only to regulate and promote electronic commerce. By bundling a set of diverse legal subjects such as on website blocking, interception of communications, cyber defamation it has lost focus and its objective of promoting electronic commerce. One of the central features of promoting electronic commerce is protecting internet intermediaries. However one notices even in May, 2010 the CEO of Guruji.com, a local search engine, bieng arrested. Critics may discount this example by stating that the specifics of this case may have called for such action however one notices intermediaries being made parties to litigation with unfailing regularity. This includes legal actions by, a management institute against google for providing pure aggregation functions, a large beverage manufacturer against several websites which wrote a review on a movie on whose title there was a trademark dispute and a lobbylist which made a online retailer of books a party to a litigation when it innocently sold a book which she alleges is defamatory.
effective consultation is the way forward
This lack of detail is sought to be mitigated to an extent by the rule making power under the IT Act. The IT Act which has been passed by Parliment contains several provisions with lay down broad and brighline principles. These broad prescriptions lay down a skeltal structure which is fleshed out through Rules made by the executive branch of government. This exercise in delegated lawmaking takes care of the details and allows flexibility. It is reasoned that such an extensive Rule making power is especially suited for the IT Act, since its subject changes regularly and Rules are easier to change rather than going in for a legislative change of the IT Act through parliament. It is due to these reasons that the IT Act contains extensive rule making powers, allowing the executive branch of the goverment to make rules for about thirty nine provisions of the IT Act. However, it seems that the process to make these rules is ad-hoc and not systematized.
This is especially relevant given the current debate on the reverently made Intermediaries Rules which have come in for harsh criticism from legal experts, civil society groups as well as internet companies. The Intermediaries Rules were made pursuant to a purported public consultation; however the consultation was flawed from the start. Under the process a draft of the Intermediaries Rules were put up online for which comments were sought. The responses which were made were not disclosed or discussed by the Rule making authority. Moreover, changes which were made between the draft Intermediaries Rules and the final Intermediaries Rules reveals that little change was affected. This becomes especially relevant given that the responses pointed out that the Intermediaries Rules have several problematic features and they negatively impact the exercise of free speech online. The Intermediaries Rules are not an isolated case of bad rule making with the Cyber Cafe and the Privacy Rules also being criticized equally.
The Intermediaries Rules, the Cyber Cafe Rules as well as the Privacy Rules piggy back on legislative provisions which have been amended and inserted by the 2008 amendment. This amply demonstrates that though the 2008 amendment hoped to remove much of the ambiguity of the IT Act and provide clear prescription for online conduct, rule making will continue to be a powerful measure which should be exercised with forethought and consideration for the dynamics of the Internet. Here an effective public consultation is a sure way to weed out the wheat from the chaff. This will naturally include, having a wide public consultation through an adequate notice, posting of the responses online, discussing the responses as well as the reasons for accepting and rejecting, holding open house discussions etc. In the end, the regulators have to realize that the aspiration of the IT Act to promote electronic commerce can only be fulfilled when they allow the stakeholders to participate in the rule making.