Liberation Archive

New IT Rules 2021


Over the past couple of years, we have seen much discussion and controversy over regulations meant to police the digital space in India and abroad. In December 2019, the Ministry of Electronics and Information Technology (MEITY) tabled the Personal Data Protection Bill (DPB), and this bill is currently being scrutinized by a Joint Parliamentary Committee. While the DPB was officially tabled as a mechanism to guarantee personal privacy and freedom from unwanted intrusions, several observers pointed out that it has the potential to allow an extensive programme of mass, state-sponsored profiling and surveillance. The DPB apart, the past few years have seen some high-profile and well-documented battles between media giants such as Twitter and WhatsApp and people yielding political power – the censoring and subsequent banning of Donald Trump’s posts and tweets between December 2020 and January 2021 being a case in point. In countries across the globe, the struggle over regulation of the digital space continues. These debates over privacy, surveillance, rights and democracy are inevitable, given the questions and concerns involved. Regulating the digital space today is challenging. It requires maintaining a balance between curbing hate speech, disinformation and fake news and allowing for free expression of ideas (and dissent). It requires controlling some of the most influential actors of our times, including the State as well as tech giants whose profits are deeply linked to the data that people continuously produce. Moreover, it requires dealing with the ever-increasing power of newly emerging computational tools of surveillance. Given this backdrop, regulating the digital space is always going to be contentious process. And the latest attempt at regulation, the new IT Rules 2021,  have brought concerns over surveillance, control and manipulation of public discourse to the fore once again.

Attacking End-to-End Encryption, Attacking Privacy

The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (henceforth referred to as IT Rules 2021) announced in February this year by MEITY are the latest in long series of attempts of the Indian government to control public narratives. There are multiple issues with the new IT Rules 2021. The one issue which has received the most coverage is that the new regulations require social media and other digital platforms to trace all posts and messages. The government can demand (couching this demand within the framework of ‘fighting terror’, ‘ensuring national security’ and so on) and receive information about the originator of a particular post or message. Why is this so important? Simply because if digital platforms were to conform, they would have to ensure appropriate technology to be able to do so. The current technology used by Signal WhatsApp and other platforms, known as end-to-end encryption, safeguards the privacy of an individual’s conversations and does not allow digital platforms access to messages. All this will change with the new IT Rules. Digital platforms will have to change their architecture, and our conversations will no longer will be private as a result. All platforms – from WhatsApp and Signal to Telegraph – will have to comply. Responding to criticism, Ravishankar Prasad (then IT Minister) sanctimoniously claimed that the Modi government was not forcing any platform to give up end-to-end encryption; it was their job, he claimed, to develop a system to protect privacy. The point however is that any technology that platforms use will now have to compromise on privacy or risk violating the law. WhatsApp has sued the government and we will have to wait to see the outcome of the case. Till then, the government has effectively destroyed any chances of private conversations, since now all platforms will perforce have to create some mechanism wherein they store origin, content and data about our posts and messages. The pandora’s box, in other words, is now open; private conversations are likely to be accessed and clearly the State as well as tech companies will find it difficult to resist the temptation to use this information towards their own ends.

Regulatory Architecture for Control and Manipulation of Public Discourse

The new IT rules demand that an elaborate system of regulatory vigilance be put in place. In simple terms, all digital platforms will have to have a system to address any ‘grievances’ (read messages from troll armies and the BJP IT Cell) within a specified time limit. They will be answerable to an elaborate 3-tier regulatory system designed to be under the control of the executive (read bureaucrats appointed by the government). Platforms will now have to monitor and proactively identify and take down content using automated tools, while ensuring human oversight and lack of bias in the algorithms used. The new rules state that the control over content should not infringe upon the legitimate right to free speech; fake news and content which disrupts law and order and national security should be pulled down. This ambiguous ambit however leaves the door open to subjective interpretations and subsequently to arbitrary censorship on content, thus rendering moot the question of freedom of expression. Moreover the government can order the takedown of any content it deems unfit, and platforms have to comply with this request within 36 hours, a clause which succeeds in making the process arbitrary and somewhat opaque.

What are the three regulatory tiers now in place? The first tier exists at the level of the organisation (consisting of a Chief Compliance Officer and a Resident Grievance Officer), and is mandated to ensure compliance with the IT Rules on a continuous basis. The next level provides for a self-regulatory mechanism where an independent body is to be headed by a person who should be either an eminent jurist or a retired Supreme court or High Court Judge. These Self-Regulatory Organisations (SROs), while meant to be independent and free from the influence of vested powers, are nevertheless designed to be limited in scope. Any decision taken this level is liable to be upturned by the third and final tier envisaged by the IT Rules. The third tier consists of a interdepartmental government committee, with significant oversight powers over digital spaces. This committee, essentially an extension of the executive bureaucracy, has the right to successfully appeal against and upturn the rulings of the SROs. In other words, the balance of power in the entire administrative set-up is clearly skewed in favour of the State, allowing the government the power to appoint plaint committees and influence the process of content moderation. It is precisely for the above reasons that the constitutionality of the new rules has been questioned. There are currently several petitions being heard in multiple states, arguing that the new rules are unconstitutional since the executive cannot take over the powers of the legislature and the judiciary.

Deliberate and Calculated Vagueness

The new IT Rules are characterised by much vagueness. Even simple definitions are left vague and open to subjective interpretations. We don’t know, for instance, who is an ‘intermediary’ and who is an ‘aggregator’. While platforms have been told to use the help of automated algorithmic systems, we don’t know how the use of algorithms will limit (or enhance) their legal liability. There are clauses such as the ‘Good Samaritan’ principle that deliberately introduces ambiguity and contradictions. This principle is supposed to reward platforms for voluntarily taking down content. This will however mean that anyone doing this will be admitting to be in control of content and therefore liable to be prosecuted under the new Rules. They will no longer be able to shelter under the ambiguity of definitions in the rules. In other words, the government wants platform to censor and self-sensor and become its willing partner in this game of manipulating public discourse.

The Fig Leaf of National Security

In keeping with what is now a predictable pattern, the government is claiming that these regulations are necessary to protect the “sovereignty and integrity” of India, to crackdown on planned violence and acts of public disruption and terror, and to keep the digital space free from disinformation and fake news. What is actually happening is an open attempt to control and manipulate public and digital spaces, and mould them to be compatible with the ideological goals of the government, the BJP and the RSS. The IT Rules use the classic carrot and stick approach – asking platforms to ‘self-regulate’, while the threat of punishment is always dangling over every published piece which might not meet the approval of the powers-that-be.

Nikhil Pahwa of MediaNama tells us that through the new IT Rules, India is charting a new model of regulatory control over digital spaces, distinct from the existing US, EU and Chinese models. The Indian model is however far closer to the Chinese model of surveillance and control than before. It is likely that major platforms such as Google, Twitter and WhatsApp will not be banned in India as they are in China. While the veneer of free speech is thus maintained, what is far more likely is that they will be controlled through a subtle system of regulation, surveillance, and even punishment. This bodes no good for democracy in India, hitting as it does on the ability to foster a free exchange of ideas, dissent and criticism.

As of now, companies such as Google and Facebook are agreeing to comply with the new rules, while also stating that they will protect democratic norms. This double speak and opaque negotiations between powerful actors will continue. What we need is constant vigilance and pushback against all forms of control, manipulation and surveillance. We cannot allow either the State or tech giants to run roughshod over democratic norms in their bid for profits or control over narratives.