Ever since the 2008 Bombay attacks, the authorities have been intensifying their Internet surveillance and pressure on technical service providers while publicly denying censorship accusations. The national security policy of the world’s largest democracy is undermining online freedom of expression and Internet users’ privacy.
An increasingly connected population
The Internet is experiencing impressive growth in India. By 2014, the country should have nearly 300 million netizens, as compared to about 100 million in late 2011. Wireless Internet, especially mobile phone Internet, is spreading as quickly as the price of smartphones is dropping.
This trend has led authorities to more closely monitor what is happening on the Web. According to the Google Transparency website, which logs the Internet content removal requests that Google receives from governments, Indian officials have asked Google multiple times (67 to be exact, between July and December 2010) to remove 282 content items (namely videos critical of politicians) from YouTube and several blogs. Google allegedly complied with 22% of the requests.
Netizen loses her life
Even the most influential netizens are not safe from a physical attack. On August 16, Shehla Masood, a Right to Information (RTI) blogger and activist, was shot dead in front of her home in Bhopal (in central India) while on her way to a demonstration in support of Anna Hazare, a civil society leader and anti-corruption campaigner who had been arrested earlier that day. Reporters Without Borders has asked the Indian authorities not to let this crime go unpunished.
Authorities pressure Web hosting service providers
Several meetings were held throughout 2011 between Indian Information Technology Minister Kapil Sibal and sector representatives. The New York Times reported that the Minister wanted hosting companies and Internet service providers to prescreen user content conveyed by their services and banish those that “threaten India’s unity, integrity, defense, security and sovereignty, its relations with foreign governments or the public order.” Apparently the companies flatly refused to comply because of the volume of data that would have to be processed. Later, in an interview granted to the NDTV network, Kapil Sibal denied having ever made such a request.
The authorities have already clamped down on several mainly file-sharing and streaming websites without any ruling on the illegality of such actions. Anti-corruption cartoonist Aseem Trivedi saw his website, “Cartoons Against Corruption,” which features humorous anti-corruption drawings suspended by his hosting company in late 2011. The cartoonist has since transferred his drawings to a new site.
Weary of trying to convince companies to self-regulate, the Indian government decided to resort to legislative and legal means to achieve its goals.
The “IT Rules 2011,” which pose a threat to online free expression, were adopted in April 2011 as a supplement to the 2000 Information Technology Act (ITA) amended in 2008. These regulations notably require Internet companies to remove any content that is deemed objectionable, particularly if its nature is “defamatory,” “hateful,” “harmful to minors,” or “infringes copyright” within 36 hours of being notified by the authorities, or face prosecution. This has turned technical intermediaries into Web censorship police informants.
Also, although some content categories are justifiably objectionable, other more vague or subjective definitions could jeopardize informational content.
The companies concerned have strongly criticized the rules. The Internet and Mobile Association of India (IAMAI) found that these would impede the development of India’s social networks: “The rules seem to step on the statutory side, biased towards the complainant. Even before a case is filed in court, the website has to take down the content. It might harm freedom of speech on the Internet.” Some sector companies have pointed out the risks of self-censorship and reduced the free flow of information.
The IT Rules also impose on cybercafé owners drastic regulations that violate personal data privacy and place a presumption-of-guilt burden on all Indian netizens: they must photograph their customers, follow instructions on how their cafés should be set up so that all computer screens are in plain sight, keep copies of client IDs and their browsing histories for one year, and forward these data to the government every month.
This new legislation has allowed individuals to institute civil and criminal proceedings against some 20 Web companies.
Legal proceedings likely to create dangerous precedents
Within the context of such legal proceedings, Reporters Without Borders has called on the judiciary not to hold technical intermediairies liable for content published by third parties on their platforms.
One of civil proceeding concerns 21 Internet firms (including Google, Yahoo!, Facebook, Youtube, Blogspot, the social network Orkut and the Exbii forum) accused of hosting “offensive” content. It was initiated by Mufti Aizaz Arshad Kazmi on grounds that these companies hosted content disrespectful of religious beliefs. On December 23, 2011, a New Delhi civil court had ordered that all “obscene” content be removed by February 6, 2012. At the hearing, Justice Suresh Kait had even threatened to block, “like in China,” any recalcitrant Web platforms that refused to install a content-screening system.
The Indian affiliates of Google and Facebook complied with the Indian court’s injunctions and removed the incriminating content from their Indian Internet domains. Facebook’s parent company, on the other hand, stated that it could not comply with the Indian court’s demands since its servers are based in the United States. Yahoo!, Microsoft and Google also asked that the allegations against their services be withdrawn since they are not liable for content hosted on their Indian servers. On February 6, the judge asked the 22 firms to submit within 15 days a report detailing what steps they had taken to block “offensive” content.
In addition to this civil case, criminal charges were filed on December 23, 2011 by journalist Vinay Rai against the directors of these same Internet companies. He alleges that these companies are hosting content critical of religion and politicians that is “offensive” and likely to disrupt law and order. The New Delhi High Court, to which Google and Facebook had appealed the case, refused to dismiss the charges. Google India argued that as a Google Inc. distributor and subsidiary, it cannot control all content posted on Google, Youtube, Orkut, and Blogger in India. During arguments, Google pointed out that controlling or filtering the massive number of documents passing through its servers would be humanly impossible. For example, 48 hours of video is posted on YouTube every minute.
During the February 14 and 15 hearings, the defense raised several thorny points that weakened the charges brought against the Internet companies. The “notice-and-take-down” process provided for under IT Rules, according to which the hosting company must remove the content as soon as it is notified to do so by the authorities, had not been complied with. The accused Internet companies had received no request from the competent authorities to remove the content since the plaintiff, Vinay Rai, had submitted the matter directly to a criminal court. The companies’ lawyers also invoked Section 79 of the IT Act, which stipulates that no ISP can be held liable for objectionable content posted via its servers by third parties if the former can prove that it had no knowledge of such content, or that it had taken the necessary steps to prevent such infraction. However, the lawyer representing the New Delhi police argued that since the companies had been informed by the government’s Department of Information Technology that some content on their servers was “offensive,” the exemption under Section 79 did not apply. The judge called on the Department to provide documentary proof of this allegation.
Lawyers for Google and Facebook objected that the Indian government could not constitute a civil party in litigation between private parties. Reporters Without Borders is concerned about the impact of such an intrusion by the state into legal proceedings, which threatens the independence of the courts.
Is this purely a coincidence? On February 13, 2012, The Wall Street Journal revealed that an investigation had been opened to determine whether the Indian affiliates of Google and Yahoo! had violated India’s foreign exchange laws.
Ongoing arm-wrestling between the government and Internet companies
Since platforms and technical intermediaries are claiming that they cannot comply because their servers are not based in India, the authorities have announced that they would require them to have a physical location on Indian soil. Foreign companies offering email services, including Yahoo! and Gmail, are now expected to route all emails exchanged through their websites via local servers. The Indian press reported that during a meeting in the office of India’s Minister of the Interior, the Department of Information Technologies was instructed to notify these firms of the new directive as soon as possible.
For the moment, Yahoo! is routing emails via servers based in India only for online accounts registered in India. Emails sent by accounts registered abroad (addresses ending in yahoo.fr, for example), however, are routed through servers based abroad, which means that Indian security services cannot inspect them without first making a formal request to the government of the country concerned.
Indian security services also supposedly contacted mobile phone operators to ask them to set up a client surveillance system, according to The Economic Times of India. Some mobile phone operators are also suspected of having collaborated with these services. The United States government is looking into the alleged hacking of email accounts belonging to U.S. Congress committee members.
Smartphones and VoIP under close surveillance?
For months, the authorities have been pressuring BlackBerry smartphone manufacturer RIM (Research In Motion), as well as Google and Skype, to give them access to communications exchanged by their users. India’s Ministry of the Interior, which is responsible for national security, is trying to gain real-time access to all communications routed through the Indian network, including Internet telephony (VoIP) services.
During a January 2012 meeting at the Telecommunications Ministry, the security services voiced their desire to gain access to the encrypted communications exchanged via the BlackBerry Enterprise Service (BES). RIM insists that it does not have access to the encryption keys used by BES clients. To accomplish this, the authorities plan to negotiate directly with the 5,000 companies using BES in India, so that they can contact the companies concerned and demand their own encryption key.
In view of its treatment of Internet sector – particularly foreign – companies, India seems engaged on a course of increasingly tight surveillance, which constitutes a threat not only to individual liberties, but also to innovation and trade. India’s Minister of Communications and IT Kapil Sibal affirmed in February 2012 that India will never censor social media. It is to be hoped that these promises will be kept.