This was first published in the TOI+ on May 26, 2021.
This year we should have seen a strong, user-focused Data Protection Law enacted rather than a broad censorious set of internet control regulations.
This week has seen alarming developments in how the Union government and police authorities engage with online platforms which enable speech online and our everyday access to digital information. After reports were filed by news websites and a fact-checking organisation regarding an image in a tweet by a spokesperson of the BJP, Twitter placed a “manipulated media” label on the content in question. In late 2020, Twitter had begun implementing this “synthetic and manipulated media” policy in India, which it had first created and and implemented in the US earlier that year to combat misinformation in the run-up to the US presidential elections.
The Union government had the Ministry of Electronics and Information Technology (MEITy) issue an “advisory” directive to the firm demanding that this particular labelling be withdrawn — though with no clarity or public justification as to how it had the legal powers or governance justification to do so. Within days, the Special Cell of the Delhi Police — normally tasked with investigating anti-terrorism and organised crime matters (under the control and oversight of the Union home secretary) —appeared at Twitter India’s offices in the national capital. The “site visit” — with official statements avoiding the use of the legally significant term of “raid” or “search” — was apparently conducted, with media in tow, to deliver a notice that the Twitter India MD answer the Special Cell’s questions
Alongside the drama with the Delhi Police, May 26 was significant as several parts of a controversial set of regulations issued by MEITy in February 2021 came into effect. The Union government has stated that online platforms with over 50 lakh Indian users (no matter where they are based in the world and regardless of whether they are run by corporations or not), have to comply with many onerous requirements, including hiring and designating specific officials — who would have to be based in India- to deal with grievance redressal and responses to government takedown requests.
The issuance of these rules is connected with the increasingly public showdown between Twitter and the Union government this year over the former stating that large number of government web censorship orders it was receiving in January-February — in the wake of the farmer protests — appeared to be beyond the government’s legal powers and a case of constitutional overreach directly harming protected fundamental rights. It was a few weeks after this public confrontation that MEITy issued the Intermediary Due Diligence Code Rules, without any further public discussion or review. The origin of these rules themselves has been controversial, with newspapers revealing in late 2018 that MEITy was secretly consulting with private firms with the intent of avoiding its proposed rules from being made available to the public before they were issued. When they indeed did become public, experts across the fields of law, policy and technology development criticised them as constituting an act of dangerous overreach by the executive branch, beyond what Parliament permitted in the Information Technology Act, and structured in a manner that it would harm fundamental rights, force the collection of more data in a manner that could be breached, and undermine cybersecurity as a whole. The final rules issued in February 2021 did not solve these issues; it, in fact, added to the government’s ambit of information controls to include online news sites and streaming video services.
The rules were pushed through because many firms and entities in the digital sector in India — typified publicly by Twitter this year — have begun more aggressively questioning and publicly challenging the explosion of web censorship and user data orders they have received, including those targeted increased criticism of the government’s pandemic response. India now regularly comes second or third place in the list of countries issuing web content takedown and user data demand orders to global internet platforms, as per the transparency reports published by several of them.
Notably, the Union government insists on secrecy of its web censorship orders under the Information Technology Act and resists any judicial or parliamentary oversight of its internet surveillance orders, in turn making it a startling outlier amongst major democracies.
Both developments — the notification and coming into effect of these rules, and the act of sending anti-terror police officials to tech firm offices — need to be recognised for what they are. An intimidatory act of “signalling” by the government that it wants the Big Tech to fall in line. Officials and the political system they presently serve want internet firms to give up any resistance to their demands — whether in the form of legal orders or privately stated political preferences.
We saw attempts in this regard briefly during the term of the UPA administration, when the then IT minister was revealed as seeking to force firms to self-censor content critical of political leaders. In 2021, we are seeing this happen with a scale and ferocity not seen before, and with a reckless abandonment of the hard-won lessons from the courts, legislatures and the free press over the last decade around the need to protect the rights of Indians online.
This is about an unfortunately Orwellian government push in 21st century India, and not public interest focused measures to combat Big Tech. It is telling that there have been no site visits, raids and investigatory actions in the Cambridge Analytica scandal, which touched upon the data of millions of Indians by Facebook’s own admission. You do not see drastic and aggressive police measures taken on the nearly fortnight data breach incidents that India is seeing. Despite the Prime Minister committing to India on a new, updated National Cybersecurity Strategy in his Independence Day speech nine months ago, there is no sense of urgency from executive branch agencies to compel more steps by global and Indian firms to secure data, prevent data breach and cyber incidents, or prevent the sale and use of intrusive surveillance technology.
This year we should have seen a strong, user-focused Data Protection Law enacted rather than a broad censorious set of internet control regulations. We should have seen a new, unified government cybersecurity coordination mechanism, instead of police special cell units turning up at the empty offices of internet firms in the middle of a pandemic, because political figures did not like platforms labelling their images as being “manipulated media.”
Unfortunately, we can sink much lower: China, Russia, Turkey, and several other states show us the very real depths that our increasingly digital democracy can fall to. We need laws, rules and government actions that are designed to safeguard our fundamental rights online — not measures that force technology firms to cohabit with political repression and the suppression of criticism and fact-checking.