Regulating online intermediaries: We need to start focusing on user rights

As a first step, regulators must consider the shortfalls within existing frameworks.


Social media giant Facebook recently amended its community guidelines to prohibit sexual solicitation of any kind. The new standards go as far as forbidding implicit sexual solicitation through either suggestive comments or images, raising significant concerns about the state of free speech and censorship online.

The enactment of two statutes precipitated the changes in Facebook's community guidelines  the Allow States and Victims to Fight Online Sex Trafficking Act and the Stop Enabling Sex Traffickers Act (FOSTA-SESTA). While the goal of FOSTA-SESTA is to curb online sex trafficking, the statutes also, importantly, impose a limitation on the safe harbour provision in the US Telecommunications Act, 1996. Specifically, Section 230 of the Communications Decency Act holds that internet intermediaries, like social media websites and internet service providers, will not be answerable for user-generated content posted on their platforms. FOSTA-SESTA culls an exception to this protection, stating that internet intermediaries would be liable if advertisements soliciting sex popped up on their pages.

The controversy surrounding Facebook and FOSTA-SESTA marks the latest in what seems to be a global shift towards tighter controls on the activities of internet companies. The European Parliament recently enacted the Copyright Directive, which impels online intermediaries to screen content that may be hosted on their sites for copyright infringement. In India, online intermediaries stand to lose some leeway as well. The Ministry of Electronics and Information Technology (MEITY) is presently figuring out how to increase the extent of intermediary liability under Section 79 of the Information Technology Act, which provides similar safe harbour protections to digital platforms as Section 230 of the Communications Decency Act. The Indian government is also considering the regulation of “over-the-top” services in a bid to address some of the law and order implications of these applications, such as the alleged coordination of terrorist activities on encrypted chat networks.

Regulating online intermediaries: We need to start focusing on user rights

Facebook Logo. Image: Reuters

Many, including online intermediaries, dub the global crackdown on these platforms as a harbinger of doom for internet freedom. What it really is, however, is the inability of public institutions to acknowledge the limitations of their enforcement capabilities in the digital realm (or rather an implicit acknowledgement of the same). The internet is a juggernaut of activity, mostly innocuous, but nefarious enough that it overwhelms even the best-equipped institutions. To elucidate, according to Internet Live Stats, internet traffic per second stands at 65,502 GB. As such, we also see a clampdown in developed regions like the US and the EU. For a developing country like India, the problems posed by the online world are even more significant. Illustratively, National Crime Records Bureau data reveals that authorities were only able to dispose of 38 percent of the 24,187 cybercrime incidents reported in 2016 by the end of the year.

Circumscribing safe harbour provisions enables governments to enhance enforcement capabilities immediately. The threat of liability compels online intermediaries to monitor platform activity and flag or remove offending content. The revision of Facebook’s community standards is a manifestation of the efficacy of such a strategy. A pitfall of this approach, however, is that user rights may serve as collateral as companies might overzealously enforce such legal mandates to avoid liability or further regulation.

Despite eventual compliance, however, online intermediaries do initially militate strongly against regulation, whether it be the whittling down of safe harbour rules or the institution of a data protection regime, as it poses a direct threat to their business models. Illustratively, Facebook lost USD 123 billion in value after the introduction of the General Data Protection Rules in Europe. The more users post on a particular platform, the more information the latter can collect on the former, the greater that platform’s commercial prospects. Moreover, intermediaries have, to a large extent, exploited safe harbour provisions and the general lack of regulation surrounding their businesses to avoid policing platforms and to collect vast troves of user information, which is then sold to third parties. Thus, it is in the intermediary’s interest to do two things. First, encourage the generation of user information. Second, resist any legislative action that would oblige it to regulate user behaviour on its website or hinder its ability to collect user information.

Representational image. Pixabay

Representational image. Pixabay

Internet intermediaries have managed both objectives quite successfully as regulators have, till now, been more or less empathetic to these goals. Indeed, regulators have generally supported the proliferation of the internet, a medium through which much data is produced. For instance, one of the purported aims of the recently released Draft National Digital Communications Policy 2018 is to ensure that every Indian citizen has internet connectivity by 2022. These efforts have, in turn, been enthusiastically espoused by internet intermediaries. Google’s tie-up with Indian Railways to provide free Wi-Fi to 400 Indian railway stations serves as a good example of such mutualism. As a corollary, regulators have been hesitant to place controls on the activities of these entities. However, the emergence of the broader perils of cyberspace, such as the proliferation of child pornography and threats to privacy or national security, leaves regulators duty-bound to intervene more invasively than ever before.

Resultantly, a tension arises between governments and internet intermediaries as the former’s need to regulate activities on the internet necessarily impinges upon the latter’s business model. Where there was once mutuality, there is now disfavour and suspicion. The US House Judiciary Committee’s recent examination of Google’s search, filtering and data collection practices serves as a powerful illustration of this. Unfortunately, the fallout from the increasing strain between authorities and internet intermediaries entails the direct or indirect curtailment of user rights, as may be evinced by the induction of FOSTA-SESTA and the subsequent amendment to Facebook’s community standards. The question that arises, then, is how regulators can expand the perimeter of regulatory activity in the digital domain while allowing internet intermediaries to continue operations and, concomitantly, limiting the encroachment of user rights?

As a first step, regulators must consider the shortfalls within existing frameworks that contribute to current capacity constraints in digital enforcement. Granted that the internet, with its relentless battery of insidious elements, presents what seem to be insurmountable challenges for authorities. However, that is no excuse for regulators to arbitrarily fork over large chunks of responsibility upon private internet intermediaries. In India, one area ripe for immediate upgradations is the Code of Criminal Procedure, 1974. It was incepted at a time when digital technological capacities were nascent. As such, its provisions apply more readily to the physical world than to the intangible realm. Indian regulators must, then, work to create a procedural framework that is more directly applicable to criminal activity in the digital sphere.

Similarly, internet intermediaries must accept that some ex-ante regulations are required to reign in the threats posed by the internet to society. Further, they must also accede that these prophylactic measures must extend to some aspects of their business models such as the collection of user data. Rather than resist the imposition of such rules, internet intermediaries must work closely with regulators to assist the latter in capacity-building efforts. One such measure would be to help develop cybercrime task forces as most enforcement bodies generally face a shortage of adequately trained cybercrime personnel. Moreover, voluntary interventions on the part of intermediaries must earnestly seek to solve problems rather than serve as goodwill campaigns. A recent report about Facebook’s fact-checking collaboration with journalists to combat fake news indicates that the latter may often be the case.

Ultimately, the mutualism between internet intermediaries and regulators that helped the internet proliferate must now be refashioned to mitigate digital malfeasance. And the underpinning ideal of such a paradigm must be to safeguard user rights, not secure private or political interests.

The author is a lawyer and a technology policy expert.

Find our entire collection of stories, in-depth analysis, live updates, videos & more on Chandrayaan 2 Moon Mission on our dedicated #Chandrayaan2TheMoon domain.