THE RISE OF INTERNET
In recent years, internet usage in India has seen an exponential rise driven by the easy availability of smart devices, cheaper internet data plans, and increased proliferation of content creation and e-commerce platforms. Internet usage patterns have also sharply peaked in the current COVID-19 crisis, with several businesses moving entirely to internet based operational models. In tandem with increased internet usage, there has been a corresponding rise in the incidence of illegal activities on the internet, which has re-kindled the debate regarding the availability of legal measures to curb such activities.
Incidents of malicious actors using the internet to circulate unlawful information (such defamatory, obscene or incendiary material or information infringing intellectual property rights, etc.) are not uncommon in India, and have in fact witnessed a rapid surge in recent years. Such information is often circulated through dedicated websites, or content creation and sharing platforms (CSPs) operated by third parties. Such activities have been causing tangible losses to affected parties, and adverse impact on public order. Regulatory authorities in India have typically responded to such incidents by prohibiting access to such internet resources. Recently, such measures were reportedly taken in relation to blocking of certain websites running campaigns pertaining to social and environmental issues.
INTERNET RESOURCE BLOCKING – TECHNICAL AND LEGAL MEASURES
Blocking in India:
Internet resource blocking is achieved through numerous technical mechanisms (such domain name system (DNS), internet protocol (IP) or uniform resource locater (URL) based blocking or deep packet inspection) and at various levels (such as at end-point level, local network level, internet service provider (ISP) level or national level). Interestingly, the applicable rules in India are silent regarding the mechanism of blocking to be adopted by intermediaries to implement internet resource blocking directives.
Generally speaking, the regulatory response in India to such activities has involved criminal or civil action against the perpetrators, and issuance of directives (either by the Government or courts) to 'intermediaries' (such as hosting providers, ISPs or CSPs) to block public access to such offending internet resources. In this context, the question arises whether Indian regulations permit blocking of internet resources (including information) at a narrow and specific level, or allow for broader targeting of entire platforms.
Multiple frameworks exist under Indian law that legitimise blocking of internet resources. At the outset, Indian authorities are entitled to issue directives under the Telegraph Act, 1885 and Temporary Suspension of Telecom Services Rules, 2017 for blanket stoppage of internet services. Such directives are typically region specific and issued in exigent circumstances. Importantly, such internet stoppage powers have been used in the past to 'whitelist' internet resources, effectively blocking access to 'non-whitelisted' information. Further, mechanisms (such as virtual private networks or VPNs) were also prohibited by the Government to prevent circumvention of the above directives.
On the other hand, the Information Technology Act, 2000 (IT Act), permits issuance of directives to intermediaries to block information which may inter alia affect interests of national security or public order. Notably, directions under the IT Act are typically targeted to specific instances of unlawful content, but have also been used in the past for wider purposes (such as in relation to wholesale blocking of pornographic websites). Indian regulations also permit outlawing 'usage' of specified internet resources by the public (thereby indirectly impacting their access/use by public), even though there are limited instances of the exercise of such powers.
It is also relevant to mention that telecom licensees (which includes internet service providers) are bound under a separate licensing regime, under which blocking of specified internet resources and platforms may be mandated by binding contractual stipulations imposed by the Government.
However, from an Indian constitutional law perspective, broad directives mandating blocking of internet resources may be viewed as disproportionate restrictions on the fundamental rights and may be subject to constitutional scrutiny.
Situation outside India:
In a similar vein, content blocking frameworks in other jurisdictions (such as the EU) prefer internet blocking in a narrow and specific sense. In fact, broader internet resource blocks have been viewed by judicial authorities as violations of rights relating to freedom of speech. Specifically, in the context of EU, the 'E-Commerce Directive' provides a notice and takedown framework similar to the framework prescribed under the IT Act, and recent recommendations issued by the European Commission prescribe non-binding protocol to ensure effective and time bound disabling of unlawful content. However, broad provisions mandating resource wide blocking have also been incorporated in EU law with respect to consumer rights. Under the 'Consumer Cooperation Regulation', national consumer protection authorities are entitled to issue various directions, which also include directions to hosting providers to disable access to 'online interfaces' (which broadly involve software or websites facilitating commerce) for ensuring protection of consumer interests.
With limited guidance from Governmental authorities and courts, the Indian regime relating to internet resource blocking is currently at a nascent stage, with numerous dichotomies and grey areas. This regime is likely to witness major changes in the near future considering the Government has initiated efforts to modernise the existing regulatory regime. Powers to direct stoppage of services operating in violation of data protection conditions have also been proposed under the upcoming Data Protection Bill, and this would add a new dimension and increase compliance requirements. Given the above, it is advisable for CSPs and other intermediaries operating in India to be aware of the applicable requirements, legal remedies and proposed amendments, to design legally compliant frameworks and effective operational practices.
The content of this document do not necessarily reflect the views/position of Khaitan & Co but remain solely those of the author(s). For any further queries or follow up please contact Khaitan & Co at firstname.lastname@example.org