Govt in talks to make amendments to Sec 79 of IT Act to include breaking end to end encryption

The Ministry of Home Affairs (MHA) notification **granting 10 agencies complete powers** to intercept, monitor and decrypt any “information generated, transmitted, received or stored in any computer,” has created a huge furore among citizens. Many are questioning if this is indeed going to make India a surveillance state. But that is not all we have to worry about. According to the latest report in The Indian Express, the govt is also mulling over making amendments to Section 79 of the Information Technology Act. [caption id=“attachment_5375951” align=“alignnone” width=“1280”] Servers inside a Google data centre. Image: Google[/caption] Two of the prominent amendments include making it compulsory for online platforms to proactively use technology which would enable identifying ‘unlawful’ content and the second more alarming amendment is the requirement to break end-to-end encryption so that origin of messages can be traced. These rules were discussed in a closed-door meeting held between Ministry of Electronics and IT (MeitY) and representatives of Google, Facebook, WhatsApp, Amazon, Yahoo, Twitter, ShareChat, SEBI and the Internet Service Providers Association of India. These platforms apparently have till 7 January to respond to these demands.

According to Internet Freedom Foundation (IFF), the secretive nature of these discussions is something to ponder over. In a series of tweets, IFF has even compared these draft changes to reflect the Chinese model of censorship. Section 79 of the IT Act provides immunity to intermediaries (for example, websites like Facebook) for any illegal content posted by third parties. Under this section and the Information Technology ( Intermediaries Guidelines) 2011, if an intermediary receives ‘actual knowledge’ of any illegal content posted on it, it is obligated to remove such content within 36 hours. On failing to do so, the intermediary will lose its immunity from being sued. Illegal content under this section is much broader than that under Section 69A. It can include, for example, content that is offensive, obscene or defamatory. An important case in this regard is the Shreya Singhal judgement. In the Shreya Singhal case, in addition to questioning the legality of Section 66A of the IT Act, it also questioned the validity of Section 69A and 79 of the IT Act. The court upheld the validity of Section 69A. It noted that there were adequate procedural safeguards in place, such as the requirement of a hearing of all parties involved, which includes the person putting up the content before passing the order. These will prevent any arbitrary decisions from being made. In the case of Section 79, the court upheld its validity, but with a few changes. Formerly, the ‘actual knowledge’ received by an intermediary under this section could come from anywhere, be it the government, a court, an NGO or a person. For example, a Facebook user reporting offensive content will be taken as giving Facebook ‘actual knowledge’, imposing the obligation to remove the offending content within 36 hours. The court changed this and interpreted ‘actual knowledge’ to be received only when the takedown request is accompanied by court order or government direction. If on receiving a court order, the intermediary fails to remove the content within 36 hours, then it will lose the immunity granted to it under Section 79, making it open to be sued.