On Friday, a free-and-open-source (FOSS) programmer moved the Kerala High Court challenging the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (the Rules).
A Bench of Justice PV Asha took up the petition on Friday and asked the Office for the Assistant Solicitor General to take instructions from the Union government in respect of the case.
The petition is the fifth in the country challenging the Rules, which were notified in Fenruary this year and the first filed by an open source developer. The other four by The Quint, The Wire and TheNews Minute, and Pratidhvani's and one by LiveLaw, challenge the rules in their application to digital news publications.
Significantly, LiveLaw's plea was moved before the Kerala High Court as well.
The petition by Praveen Arimbrathodiyil filed through Advocate Prashanth S and the Software Freedom Law Center, seeks the quashing of Part II of the Rules (due diligence for intermediaries).
In the interim, Arimbrathodiyil has prayed for a stay on the implementation of the rules and a direction that no coercive action be initiated against him or others running FOSS products in India. It has further asked the court quash Part II of the IT Rules 2021 (which concerns due diligence for intermediaries), direct the government to form rules in line with IT Act 2000 and the Supreme Court's dictum in Shreya Singhal v. Union of India, and a declaration of the right to encryption being a subset of the right to privacy.
Contending that the Rules exceed the bounds of delegated legislation, it is argued additionally that they place unreasonable restrictions on the exercise of freedom of speech and expression and on the freedom to carry out an online business, as guaranteed by the Constitution of India.
Arimbrathodiyil's petition narrates that FOSS programmers such as him work with other volunteers to maintain FOSS domains such as fsci.com and codema.in and are part of the Free Software Community of India (FSCI). These domains and services provide a platform to users to post content and fall within the definition of intermediaries in terms of the Information Technology Act, 2000 (IT Act), it is explained in the petition.
The petition states that the Rules fail to draw a distinction between proprietary software based intermediaries like Facebook, WhatsApp, LinkedIn and the FOSS Community, lays an undue compliance burden on FOSS programmers.
Key prongs of contention
Difference between FOSS programmers and Proprietary Software-based intermediaries
The petition emphasizes that FOSS programmers, unlike for-profit companies comprise of enthusiasts, technologists, and small organisations (Signal, Tor etc.), mostly funded by the public and through donations. Additionally, FOSS developers are located across the globe with few servers/operators/owners based in India. The petition also explains that FOSS services further operate on a volunteer basis, do not earn profits from their services, are decentralized, and do not mine data for targeted ads. Emphasising that the technical architecture running conventional centralised intermediaries and FOSS communities, the petition highlights that the community falls in a separate class of intermediaries.
The Rules, particularly Rules 4 and 6 Rule 6 of the Rules "arbitrarily empowers the executive to issue an order and require any intermediary to comply with any or all the provisions of Rule 4".
Rule 4(1)(a), (b) and (c) make it mandatory for a significant social media intermediary to appoint a chief compliance officer, a nodal contact person and a resident grievance officer in India, it is said. Assailing the lack of a specific timeline under Rule 4 to comply with Rule 6(1), the petition raises a concern that the executive can pass an order under Rule 6 and expect an intermediary to comply with the provisions of Rule 4 immediately,
"The Petitioner, if required to comply with Rule 6(1)/ Rule 4 would find it financially and resource-wise unviable to continue operations of its servers which has a user base of around 5200 users", the petition reads.
Terms use encompassing definitions leaving them open to ambiguity
The terms 'defamatory', 'obscene', 'invasive of another's privacy', 'racially or ethnically objectionable', 'harmful to child' lack encompassing definitions leaving them open to ambiguity, the Court said. It is explained that the term 'harmful to child' is a broad phrase and could end up in censoring legitimate content. Because the terms, of a similar character as those struck down by the Supreme Court in Shreya Singhal, had no corresponding definition in the IT Act, it would lead to self-censorship, the petition says.
"The vagueness of these terms will lead to self-censorship thus violating the constitutionally guaranteed right to free speech and expression under Article 19", it is underscored.
Impact on encryption and privacy
Raising a contention based on encryption, the petition relates that the Rules require intermediaries to take reasonable and practicable steps to remove or disable harmful content and to moderate content under private communications. In most cases, such content is protected with end-to-end encrypted or other kinds of encryption.
Explaining that encryption and anonymity were crucial for online communications since only an intended recipient receives a person's communications, it is averred that the Rules violates right to encryption, a subset of the right to privacy. Additionally, it is opined that the specifications on encryption seek to fill the lacuna in law on encryption.
On this count it is asserted that encryption as a tool further enhances the quality of products and services which are offered by the intermediaries. By placing unreasonable restrictions on the ability of intermediaries to strengthen the security of communications, the right to freedom of trade and profession under Article 19(1) (g) of the Constitution is violated, the petition states.
Additionally, the petition contends that the government has attempted to burden intermediaries with compliances under the traceability requirements, impacting right to privacy. An intermediary cannot fulfill its obligations under Rule 4(2) of Rules without snooping on their users' private communications, which is a flagrant violation of right to privacy.
Prescription of Technology-based solutions such as automated tools
Arimbrathodiyil's plea asserts that Rule 4(4) prescribes technology-based solutions such as automated tools which would bring in inherent societal biases and prejudices leading to more problems than it intends to solve.
"Rule 4(4) makes it de-facto mandatory for significant social media intermediaries to deploy automated tools for proactive identification of any act or simulation of explicit or implicit rape or child sexual abuse or conduct…This has a potential of leading to confusion on takedown by automated filters by the significant social media intermediaries or intermediaries", the petition recites.
Stating that even corporations such as Facebook faced barriers to correct implementation of automated tools, it is pointed out that volunteers like the Petitioner running individual servers with limited resources would find it particularly challenging to implement these measures.
Grants adjudicatory powers to intermediaries
In Shreya Singhal, the Supreme Court had observed that the Rules required intermediaries to apply a subjective interpretation of similar phrases under Section 66A of the IT Act, leaving the obligation to the intermediary without any legislative or regulatory guidance. Drawing similarity with the scenario struck down by the Supreme Court in Shreya Singhal, Praveen Arimbrathodiyil's plea argues that the new Rules grant an adjudicatory role to intermediaries, not contemplated under Section 79 of the IT Act.
Beyond scope of the IT Act
The Rules are ultra vires since they are inconsistent with the parent act, it is argued. Describing the the traceability requirement as vague and arbitrary, it is argued that these go against data protection principles and conflicts with Section 69 of the IT Act. Section 69 of the IT Act read with Section 87(2)(y) of the IT Act, provides for decryption, monitoring, and interception of communications.
On these, among other grounds, the petition seeks a declaration that Part II of the Rules be struck down.
CASE NAME: Praveen Arimbrathodiyil V. Union of India
COUNSEL: Advocates Prashanth Sugathan, Varsha Bhaskar, NR Reesha