Two Takes on the Right to be Forgotten

Last month saw important developments in the discourse around the right to be forgotten. Two high courts, Gujarat and Karnataka, delivered judgments on separate pleas to have particular judgments either removed from online repositories and search engine results or have personal information redacted from them. The Gujarat High Court dismissed the petition, holding that there was no legal basis to seek removal of a judgment from the Internet. On the other hand, the Karnataka High Court ordered the Court’s Registry to redact the aggrieved person’s name before releasing the order to any entity wanting to publish it. This post examines both judgments to understand the reasoning and legal basis for denying or accepting a claim based on the right to be forgotten.

 Gujarat High Court

According to the facts reproduced in the order, the petitioner in this case had criminal charges filed against him for several offences, including murder, which ultimately resulted in an acquittal. At the appellate stage too, the petitioner’s acquittal was confirmed. The judgment was classified as ‘non reportable’ but nevertheless published on an online portal that reproduces judgments from all superior courts in India. It was also indexed by Google, making it easily accessible. Being distressed about this, the petitioner sought ‘permanent restrain of free public exhibition of the judgement…over the Internet’.

While dismissing the petition, the Court held that it was permissible for third parties to obtain copies of the judgment under the Gujarat High Court Rules 1993, provided their application was accompanied by an affidavit and stated reasons for requiring the judgment. Moreover, it held that publication on a website did not amount to a judgment being reported, as the classification of ‘reportable’ was only relevant from the point of view of law reports. In the Court’s opinion, there was no legal basis to order such removal and the presence of the judgment on the Internet did not violate the petitioner’s rights under Article 21 – from which the right to privacy emanates.

The Court’s dismissal of the argument that a non-reportable judgment is on an equal footing with a reportable judgment is problematic, but hardly surprising. In a 2008 decision, while describing the functions of a law reporter that was a party before it, the Supreme Court observed that “the [law report] publishes all reportable judgments along with non-reportable judgments of the Supreme Court of India” The distinction between reportable and non-reportable judgments was not in issue, but it does call for some introspection on the legal basis and rationale for classification of judgments. In an article on the evolution of law reporting in India, the constitutional expert M.P Jain explains that law reports were created as a response to Indian courts adopting the doctrine of precedent. This is the doctrine that binds lower courts to decisions of the higher courts. Precedent is created when a court lays down a new principle of law or changes or clarifies existing law. Consequently, the decision to make a ruling reportable (ideally) depends on whether it sets a precedent or not. Presumably then, there is a lesser public interest in having access to non-reportable judgments as compared to reportable ones.

While there is a clear distinction between publication in a law report and publication of the transcript of the judgment, the lack of a public interest element could have been taken into account by the High Court while deciding the petition. Moreover, it is unclear how reliance on the High Court Rules helped the Court decide against the petitioner. Third parties may be entitled to obtain a copy of a judgment, but the motivation behind a right to be forgotten is to only make information less accessible, when it is determined that there is no countervailing interest in its publication. At its root, the right is intended to enable citizens to exercise greater control over their personal information, allowing them to live without the fear that a single Google search could jeopardise their professional or personal prospects.

Karnataka High Court

Less than three weeks after the Gujarat High Court’s decision, the Karnataka High Court ordered its Registry to redact the name of the petitioner’s daughter from the cause title as well as the body of an order before handing out copies of it to any ‘service provider’. It accepted the petitioner’s contention that a name-wise search on a search engine might throw up the order, adversely affecting his daughter’s reputation and relationship with her husband. The Court clarified that the name need not be redacted from the order published on the Court’s official website.

Towards the end, it remarked that such an action was ‘in line with the trend in Western countries’ where the right to be forgotten exists as a rule in ‘sensitive cases involving women in general and highly sensitive cases involving rape or affecting the modesty and reputation of the person concerned’.

This statement is problematic. The right to be forgotten emanates from the right to privacy and data protection, which are both regarded as fundamental rights in Europe. Basing the right on ideas of honour and modesty [of women] creates some cause for concern. Further, an important distinction between this case and the one before the Gujarat High Court is that neither Google nor any website publishing court judgments were made parties to it. The claim was based on redaction of information from the source, rather than de-listing it from search engine results or deleting it from a website. This is interesting, because it allows us to think of the right to be forgotten as a comprehensive concept, instead of a singular right to de-list information from search engine results. It provides courts with a choice, allowing them to opt for the least restrictive means to secure an individual’s right to online privacy.

However, the lack of a clear legal basis to allow or deny such claims raises cause for concern. As is already apparent, different high courts are likely to take divergent views on the right to be forgotten in the absence of an overarching data protection framework that grants such rights and prescribes limits to them. In several cases, the right to be forgotten will trigger a corresponding right to freedom of expression and the right to know. The criteria to balance these important but competing claims should be in place for courts to be able to decide such requests in a just manner.

Supreme Court considers installation of CCTV units in courts – but will it regulate what happens next?

Earlier this month, the Supreme Court heard a petition seeking directions to ensure audio-visual recording of the proceedings in trial courts. The reasoning behind the request was that recording proceedings would enhance the fairness of trials. The Supreme Court decided to limit the question to whether CCTV (video only) cameras may be installed at various locations in the courts, in order to better serve security and administrative needs.

This is not the first time the Supreme Court has discussed the use of CCTV cameras for security and other purposes. However, there is also no comprehensive law that deals with the use of CCTV cameras and related security and privacy issues.

In the present case, the Court initially noted that multiple courts, including the courts in Gurgaon have undertaken such efforts in the past. The Court then requested the additional solicitor general and a senior advocate present in the court as amicus to visit the courts in Gurgaon, and report on the matter within four weeks. It stated that once the report is received, it will consider directing installation of CCTV (video only) cameras at district courts in various states. It has also indicated that any recordings made by these CCTV cameras will not be available to the public, and will be retained for specified periods of time only.

The Court has considered the use of CCTV cameras in public places in previous cases. In Deputy Inspector General of Police and Anr. v. S. Samuthiram, a case regarding eve-teasing / sexual harassment, the Court took cognizance of such cases and the need for prevention mechanisms. Amongst other things, it directed all states and union territories to install CCTV cameras in public places. The CCTV cameras were to be positioned such that they act as a deterrent to potential offenders, and if an offence was committed, the offenders would be caught / identified.

In Dilip K. Basu v. State of West Bengal and Ors, the Court considered the request of the amicus, and directed state governments to: (a) take steps to install CCTV cameras in all the prisons in their respective states, within a period of one year from the date of the order (but not later than two years), and (b) consider installation of CCTV cameras in police stations in a phased manner depending upon the incidents of human rights violation reported in such stations.

State governments have also, in various instances, directed the installation of CCTV cameras in public places. In Tamil Nadu, the state government has directed that CCTV cameras must be installed in every public building. The cameras must be installed in accordance with the recommendations of the local police officers. Such recommendations may be made for purposes such as ensuring public order or controlling crimes and the reasons for the recommendation must be recorded in writing.

In Chandigarh, the local government released a set of draft rules meant to regulate mobile app-based transport aggregators (such as Uber and Ola). Among other things, these draft rules require that every taxi must install a CCTV unit to monitor activities inside the taxi in real time. The rules suggest that the video feed from the CCTV cameras should be linked to a control room established by the aggregator.

The above are some examples of courts and government bodies providing for installation and use of CCTV cameras and video recordings. There is a common trend among them – the orders and rules only deal with when and where the units are to be installed, and used. They do not, however, provide a procedural / regulatory mechanism to ensure proper, lawful use of such cameras and associated video recordings.

Maintenance of law and order, security, deterrence of criminal activity, and identification of offenders, are all important issues, and appropriate means should be adopted to provide for the same. At the same time, there needs to be a balance between such means, and individual rights, such as the right to privacy. These laws and orders largely deal with installation and use of CCTV cameras in public places, where some may argue that an individual does not have a reasonable expectation of privacy. However, reports suggest there is misuse of CCTV cameras, especially where installed in customer heavy locations such as retail outlets.

Such misuse could be dealt with under some existing provisions of laws such as the Information Technology Act, 2000 – for example under the provision which criminalizes capturing of images or videos of an individual’s private parts, or the data protection rules. However, these laws are of limited applicability, and deal mostly with sensitive personal information, and images or videos of a private / sexual nature. We do not currently have a comprehensive law that deals with  surveillance equipment and its use in public spaces. Although some states such as Tamil Nadu provide that CCTV cameras must be installed based on police recommendations, there is no general prohibition or restriction on their installation and use. Further, there are no specific restrictions on the collection, use, retention, or transfer of any video recordings, or information that is derived from such recordings. There is no mechanism put in place to deal with a situation where an individual’s data is shared without authorization.

Certain authorities within the country appear to have recognized this gap, and taken some steps towards addressing these issues. In Maharashtra, the local municipal corporation in Navi Mumbai has implemented a CCTV surveillance system to help the local police maintain law and order. The corporation has issued a ‘voluntary code of conduct’ in relation to all surveillance camera systems in public and private places. This document attempts to “provide a framework to all the stakeholders so that there is proportionality and transparency in their use of surveillance”. Among other things, it provides that (i) the use of a surveillance system must always be for a legitimate and specified purpose; (ii) establishments must be transparent about the use of CCTV cameras on their premises; and (iii) access to the video feed will be limited and subject to clearly defined rules on persons who can gain access and purposes for which access may be gained.

Even a limited framework such as this, goes a long way towards ensuring transparency and protection of individual rights and freedoms. Perhaps the Supreme Court will provide more nuanced directions, not only on the installation of CCTV cameras, but also on the use of associated video recordings when the matter is next brought up.

The Supreme Court Hears Sabu Mathew George v. Union of India – Another Blow for Intermediary Liability

The Supreme Court heard arguments in Sabu Mathew George v. Union of India today. This writ petition was filed in 2008, with the intention of banning ‘advertisement’ offering sex selective abortions and related services, from search engine results. According to the petitioner, these advertisements violate Section 22 of the Pre-Conception and Pre-Natal Diagnostic Techniques (Regulation and Prevention of Misuse Act), 1994 (‘PCPNDT Act’) and consequently, must be taken down.

A comprehensive round up of the issues involved and the Court’s various interim orders can be found here. Today’s hearing focused mainly on three issues – the setting up of the Nodal Agency that is entrusted with providing details of websites to be blocked by search engines, the ambit and scope of the word ‘advertisement’ under the PCPNDT Act and thirdly, the obligation of search engines to find offending content and delete it on their own, without a government directive or judicial order to that effect.

Appearing for the Central Government, the Solicitor General informed the Court that as per its directions, a Nodal Agency has now been constituted. An affidavit filed by the Centre provided details regarding the agency, including contact details, which would allow individuals to bring offending content to its notice. The Court was informed that Agency would be functional within a week.

On the second issue, the petitioner’s counsel argued that removal of content must not be limited only to paid or commercial advertisements, but also other results that induce or otherwise lead couples to opt for sex selective abortions. This was opposed by Google and Yahoo! who contended that organic search results must not be tampered with, as the law only bans ‘advertisements’. Google’s counsel averred that the legislation could never have intended to remove generic search results, which directly facilitate information and research. On the other hand, the Solicitor General argued that that the word ‘advertisement’ should be interpreted keeping the object of the legislation in mind – that is, to prevent sex-selective abortions. On behalf of Microsoft, it was argued that even if the broadest definition of ‘advertisement’ was adopted, what has to be seen is the animus – whether its objective is to solicit sex selective abortions, before content could be removed.

On the third issue, the counsel for the petitioner argued that search engines should automatically remove offending content – advertisements or otherwise, even in the absence of a court order or directions from the Nodal Agency. It was his contention that is was not feasible to keep providing search engines with updated keywords and/or results and the latter should employ technical means to automatically block content. This was also echoed by the Court. On behalf of all search engines, it was pointed out that removal of content without an order from a court or the government was directly against the Supreme Court’s judgment in Shreya Singhal v. Union of India. In this case, the Court had read down Section 79 of the Information Technology Act 2000 (‘IT Act’) to hold that intermediaries are only required to take down content pursuant to court orders or government directives. The Court seemed to suggest  that Shreya Singhal was decided in the context of a criminal offence (Section 66A of the IT Act) and is distinguishable on that ground.

Additionally, it was also pointed out that even if the respondents were to remove content on their own, the lack of clarity over what constitutes as an ‘advertisement’ prevents them from deciding what content to remove. Overbroad removal of content might open them up to more litigation from authors and researchers with informative works on the subject. The Court did not offer any interpretation of its own, except to say that the ‘letter and spirit’ of the law must be followed. The lack of clarity on what is deemed illegal could, as pointed out by several counsels, lead to censorship of legitimate information.

Despite these concerns, in its order today, the Court has directed every search engine to form an in-house expert committee that will, based “on its own understanding” delete content that is violative of Section 22 of the PCPNDT Act. In case of any conflict, these committees should approach the Nodal Agency for clarification and the latter’s response is meant to guide the search engines’ final decision. The case has been adjourned to April, when the Court will see if the mechanism in place has been effective in resolving the petitioner’s grievances.

Dirty Picture Project: Dangal- A truly dhakkad biopic

By Sthavi Asthana and Anushka Sachdev

1

Watching Dangal was a truly memorable experience, from the high adrenaline wrestling scenes to the rush of pure pride during the last scene, where Geeta Phogat (Fatima Sana Shaikh) wins the first gold medal in wrestling for the country. It showcases how Mahavir Singh Phogat (Aamir Khan) trained his daughters Geeta and Babita (Sanya Malhotra) to become competitive wrestlers in the backdrop of patriarchal Haryana. The film is a refreshing feminist breakthrough especially when compared to the unfortunate state of contemporary Bollywood cinema. It brings to the fore struggles faced by Indian athletes, especially women athletes coming from a society where sports are seen to be the forte of boys.

Humari betiyaan chhoron se kam hain kya? (are my daughters any less than boys?)

Mahavir was a National level wrestler himself, but had been forced to give up the sport to earn a living, a common enough phenomenon in our country. He had to forego his dreams of winning a medal for his country, but consoled himself with the hope that his son would continue the legacy. But his hopes are dashed when despite several attempts, he fails to father a son. This is where the film so succinctly captures how normal it is to covet sons over daughters, with just about everyone in the village lining up to offer a fail proof ‘totka’ (superstitious remedy) that would guarantee the couple a baby boy. People who brought sweets to offer congratulations would make sympathetic noises and turn away when it is revealed that the baby born was a girl. Even his daughters never questioned why their father wanted a son, why they were not good enough.

However, things change one day when Geeta and Babita beat up two boys for calling them names. Mahavir suddenly realised that even his daughters could carry his dream forward and decided to train them to become wrestlers. This is where we get to see a shift from the ingrained patriarchy. Conditioned to accept established gender roles, Mahavir, and indeed everyone in the village, simply could not imagine that girls could also wrestle. However, once he got the idea, his commitment to their training made him set aside all notions of orthodox ‘modesty’ that was shared by most of the village. This ranged from insisting that his daughters wear the appropriate clothes for their training- t shirts and shorts, to making them wrestle with boys, something that would be considered taboo because of the amount of physical contact required between the contestants. He started to ask “why not” when people told him girls could not become wrestlers, announcing to the world that his daughters were no less than boys.

3

In such a situation, would it be right to call him sexist for wanting a son in the beginning? Or was he simply unaware, as is seen when he told his wife “maine toh socha hi nahi…medal toh medal hai, chaahe ladka jeete chaahe ladki” (I never realised, a medal is a medal, whether won by a boy or a girl). The film captures a transformation of perspective in its true sense, when a man from orthodox rural Haryana who was desperate for a son to fulfil his dream, dared to think that why not my daughters!

The haanikarak (harmful) training regimen!

The strenuous training that Geeta and Babita were subjected to by their father has faced a lot of criticism. Some claim that it was borderline abusive, while others questioned the right of the father to foist the burden of his dreams on his daughters, forcing them to endure physical hardship as well as social ridicule.

But the message behind the movie must be kept in mind while critiquing the film. Growing up in such a patriarchal social setup, the concept of opportunity as experienced by the girls would be automatically limited. Their aspirations would be restricted to areas which are traditionally considered appropriate for girls, and it is very unlikely that they would seek to achieve glory in sports on their own, especially a completely male dominated sport like wrestling. In such a situation, some amount of direction would be necessary even if it looks forceful initially.

As for the exacting training, it was no more than the training involved in making any other athlete fit enough to withstand the rigours of competition. The girls eventually began to enjoy the sport and became famous for beating much stronger boys in a sport where physical strength would play such a major role. This would obviously require discipline and commitment on their behalf, something that would be unpalatable to most young children. We must also account for the fact that women seeking to make their mark in a male dominated field must often work harder than men to gain the same amount of respect; they cannot afford to be average. Had the girls not been so proficient in their sport, they would likely have been ridiculed throughout and would not have had a very bright future at all. So, if Mahavir wanted his daughters to break the moulds of society and become wrestlers, he had to train them to win, and winning does not come easily.

2

Papa khush nahi honge (Father won’t be happy)

One thing that stood out in the entire movie was the domineering role played by Mahavir, being the father figure in the family. Although a heavy- handed approach might have been acceptable, even necessary when it came to the girls’ training, such behaviour would be less than ideal when it extends to other aspects of the family. Mahavir was the centre of every discussion, had the last say in every argument. He represents the stereotypical father; his daughters are afraid to discuss things with him, opting to approach their mother to act as mediator instead. Their mother too, was seen to defer to his decisions in every matter, and tries to smooth things by telling the girls to avoid acting in ways that would displease their father. The family would literally stand at attention when Mahavir enters the room.

This male centric view does perpetuate stereotypes, but if considered in the context of the type of society the film seeks to represent, it is unfortunately true. The transformation from one generation (their mother- Daya, played by Sakshi Tanwar) to another (Geeta and Babita) -where the mother hardly spoke against her husband, to Geeta wrestling her father, is truly phenomenal. It went from the role of the mother being confined to bearing children and cooking for the family, to the daughters leading independent lives. All of this was solely possible due to the motivation they received from their father and this is what makes the film revolutionary. Mahavir, despite being a stereotypical father and husband, is extremely revolutionary in his actions. However, it was essential to express the original mindset of the family to highlight the transition in his perspective.

The movie successfully passes the Bechdel test. Geeta and Babita have many conversations centred around wrestling which have little or nothing to do with their father. However, it would not meet the requirements of the Makomori test, since the entire narrative of the movie is centred around Mahavir Phogat’s dream of his child winning an international medal in wrestling for the country. But the Makomori test is only a basic test indicating the representation of women in a movie. Passing the test does not automatically make a movie feminist, and similarly, failing it would not make a movie sexist. Dangal may not pass the test but it takes a major step forward by showing women as professional athletes. Such a representation of strong, independent women is of great significance, especially considering the current scenario where most films only portray women in a romantic narrative, or in traditional roles as the mother or wife of the hero.

Cybersecurity in the Financial Sector: An Overview

Sowmya Karun 

In the Union Budget for 2017-18, Finance Minister Mr. Arun Jaitley announced the setting up of a dedicated Computer Emergency Response Team for the Financial Sector (Cert-Fin). The proposed emergency response team is slated to work in co-ordination with financial sector regulators and other stakeholders.

This announcement comes on the heels of the Government’s demonetisation initiative. Demonetisation led to a substantial rise in the volume of digital payments and the use of instruments such as mobile wallets. The cumulative growth of electronic transactions has been reported to range between 95 per cent and 4,025 per cent from November 8 till December 27, 2016. This transition towards digital payments in the financial sector is slated to continue, with one report predicting that by 2020, the digital payments industry will grow to over $500 billion and contribute 15% to the national GDP.

In a previous post, we had examined the legal and policy regime relating to digital payments in the country. In this post, we examine technological vulnerabilities in the financial sector, as well as measures taken towards strengthening cybersecurity.

Cyber Security Vulnerabilities in the Financial Sector

The exponential growth in digital payments in India and the push towards a cashless economy has renewed focus on the need to strengthen financial cybersecurity. Banks and financial institutions are extremely vulnerable to various forms of cyberattacks and online frauds. India has steadily moved up the ranking for countries with the highest number of financial Trojan infections over the past three years. At least forty percent of Banking, Financial Services and Insurance (‘BSFI’) businesses have been attacked at least once. A six-fold increase in credit and debit card fraud cases has been reported over the past three years. In addition to core banking, additional services like e-banking, ATM and retail banking are also increasingly vulnerable to cybercrime. Mobile frauds are also expected to grow to 60-65% in 2017, which is especially alarming because 40-45 % of financial transactions are being conducted on mobile devices today.

The Indian banking landscape has seen several large-scale cyberattacks over the past year. Since June 2016, the SWIFT systems of four Indian banks have been targeted.  In October 2016, in what was the largest data breach in the country ever, 32 lakh debit cards of various banks were subject to a cyber malware attack.  Earlier this year, it was reported that hackers had infiltrated the systems of three government-owned banks to generate false trade documents. The increased focus on cybersecurity in banks follows not only domestic incidents but global developments as well. In its bulletin on security measures, for instance, the Reserve Bank of India makes reference to the Carbanak Gang which targeted bank’s internal systems across Russia and Ukraine to conduct a robbery of around $ 1 billion. Closer home, in February 2016, there was an attempted heist of around $951 million from the Bangladesh Bank.

Cyber Security Framework for Banks

In October 2016, the Reserve Bank of India directed banks to implement a security policy containing detailing their strategy to for dealing with cyber threats and including tangible “cyber-hygiene” measures. This was following a renewed emphasis on the early implementation of the RBI’s Cyber Security Framework in banks. The RBI had first notified the Cyber Security Framework (‘Framework’) in Banks in June 2016. The Framework was a successor to broad guidelines on information security and cyber frauds which had been issued in line with the recommendations of the Working Group on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds in 2011.

The Framework is geared towards minimising data breaches and implementing immediate containment measures in the event of such breaches. It emphasises the urgent need to put in place a robust cyber security and resilience framework and to ensure continuous cybersecurity preparedness among banks. The Framework also mandates the adoption by banks of a distinct cybersecurity policy to combat threats in accordance with “complexity of business and acceptable levels of risk” within a set deadline. Further, the Framework requires the earliest setting up of Security Operations Centres within banks for continuous surveillance; disallowing unauthorised access to networks and databases; protection of customer information; and the evolution of a cyber crisis management plan.

Other Measures by the RBI and the Government

The RBI has also identified the need to evolve a framework for co-ordination and information sharing between financial institutions and public authorities in the event of cyber attacks. To this end, the RBI recently appointed its first information security officer and has formalised a sectoral sharing interface called the Indian Banks- Centre for Analysis of Risks and Threats (IB-CART). Further, the RBI also issued an ultimatum to banks, requiring them to report any breach of security immediately. Banks have been given until March 31, 2017 to put in place appropriate mechanisms.

Previously, there was limited reporting by banks as they were reluctant to report cyberattacks fearing devaluation of brand equity. Even in the event of large-scale cyberattacks, such as the above-mentioned malware infection which affected 32 lakh cards, it took six weeks to detect the fraudulent transactions. To counter this, and to enhance cyber resilience, the Institute for Development and Research in Banking Technology (‘IDBRT’) has been attacking vulnerabilities in banks’ security networks. This will enable them to share feedback with banks to improve their resilience.  Further, the Chief Information Security Officers of banks have also set up a forum to discuss cyberattacks and to share information, manage and plan for issues related to information security. The Ministry for Electronics and Information Technology has also formally urged banks to co-operate with the CERT-In for carrying out audits and other measures to strengthen their cybersecurity systems.

Conclusion

While these proactive steps being taken by the RBI and the Government are timely and much-needed, the resilience of our banking infrastructure against cyber attacks will depend on co-ordinated action from all stakeholders. The Cyber Security Framework must be strictly implemented in a timely manner, with regular audits to ensure comprehensive compliance. Cybersecurity at banks and financial institutions needs to be prioritised as part of the design architecture and must not remain restricted to reactive fire fighting during crises. Cyber security solutions must be deliberately designed to enable stemming of cyber attacks in real time.  Experts also suggest that the most effective ways to move forward with digitisation in order to ensure banks remain completely secure include the embracing of crypto-currencies and blockchain technology. Further, the Information Technology Act, 2000 is also ripe for a complete overhaul to counter the increased security risks in a cashless economy. These measures, of course, must also be accompanied by attempts to ensure widespread consumer education and awareness.

 

 

Roundup of Sabu Mathew George vs. Union of India: Intermediary liability and the ‘doctrine of auto-block’

Introduction

In 2008, Sabu Matthew George, an activist, filed a writ petition to ban ‘advertisements’ relating to pre-natal sex determination from search engines in India. According to the petitioner, the display of these results violated Section 22 of the Pre-Natal Diagnostic Techniques (Regulation and Prevention of Misuse Act), 1994. From 2014-2015, the Supreme Court ordered the respondents to block these advertisements several times. Finally, on November 16, 2016, the Supreme Court ordered the respondents, Google, Microsoft and Yahoo to ‘auto-block’ advertisements relating to sex selective determination. They also ordered the creation of a ‘nodal agency’ that would provide search engines with the details of websites to block. The next hearing for this case is scheduled for February 16, 2017.

The judgment has been criticised for over-breadth and the censorship of legitimate content. We discuss some issues with the judgment below.

Are search engines ‘conduits’ or ‘content-providers’?

An earlier order in this case, dated December 4, 2012, states that the respondents argued that they “provided a corridor and did not have any control” over the information hosted on other websites.

There is often confusion surrounding the characterization of search engines as either ‘conduits’ or ‘content-providers’. A conduit is a ‘corridor’ for information, otherwise known as an intermediary. A content provider however, produces/alters the displayed content. It has been suggested by authors like Frank Pasquale that search engines (Google specifically) take advantage of this grey area by portraying themselves as conduits or content-providers, to avoid liability. For instance, Google will likely portray itself as a content-provider when it needs to claim First Amendment protection in the United States, and as a conduit for information when it needs to defend itself against First Amendment attacks. When concerns related to privacy arise, search engines attempt to claim editorial rights and freedom of expression. Conflictingly, when intellectual property matters or defamation claims arise, they portray themselves as ‘passive conduits’.

In the Indian context, there has been similar dissonance about the characterization of search engines. In the aftermath of the Sabu Mathew George judgment, the nature of search engines was debated by a few. One commentator has pointed out that the judgment would contradict the Supreme Court’s decision reading down Section 79(3)(b) of the Information Technology Act, 2008 (IT Act) in Shreya Singhal vs. Union of India, where the liability of intermediaries was restricted. Therefore, the commentator characterized search engines as passive conduits/intermediaries. According to the commentator, the Sabu Mathew George judgment would effectively hold intermediaries liable for content hosted unbeknownst to them. Another commentator has criticised this argument, stating that if Google willingly publishes advertisements through its AdWords system, then it is a publisher and not merely an intermediary. This portrays Google as a content-provider.

Sabu Mathew George defies existing legal standards 

As mentioned above, the Sabu Mathew George judgment contradicts the Supreme Court’s decision in Shreya Singhal, where the liability of intermediaries was read down under Section 79 (3) (b) of the IT Act. The Court in Shreya Singhal held that intermediaries would only be compelled to takedown content through court orders/government notifications. However, in the present case, the Supreme Court has repeatedly ordered the respondents to devise ways to monitor and censor their own content and even resort to ‘auto-blocking’ results.

The order dated November 16, 2016 also contradicts the Blocking Rules under the Information Technology Act, 2008. In the order, the Supreme Court directed the Center to create a ‘nodal agency’ which would allow people to register complaints against websites violating Section 22 of the PNDT Act. These complaints would then be passed on the concerned search engine in the manner described below-

Once it is brought to the notice of the Nodal Agency, it shall intimate the concerned search engine or the corridor provider immediately and after receipt of the same, the search engines are obliged to delete it within thirty-six hours and intimate the Nodal Agency.”

The functioning of this nodal agency would circumvent the Information Technology Act Blocking Rules. Under the Blocking Rules, the Committee for Examination of Requests reviews each blocking request and verifies whether it is in line with Section 69 of the IT Act. The Sabu Mathew George order does not prescribe a similar review system. While the author acknowledges that the nodal agency’s blocking rules are not a statutory mandate, its actions could still lead to over-blocking.

Organic search results’ and ‘sponsored links

One important distinction in this case is between ‘organic search results’ and ‘sponsored links’. A submission by MeitY (DeitY) explaining the difference between the two was not addressed by the Supreme Court in the order dated December 4, 2014.

Section 22 of the PNDT Act criminalizes the display of ‘advertisements’, but does not offer a precise definition for the term. The respondents argued that ‘advertisement’ would relate to ‘sponsored links’ and not ‘organic search results’. As per the order dated September 19, 2016, Google and Microsoft agreed to remove ‘advertisements’ and stated that search results should not be contemplated under Section 22 since they are not ‘commercial communication’. However, on November 16, 2016, the Supreme Court stated that the block would extend to both ‘sponsored links’ and ‘organic search results’.  The respondents expressed concern against this rationale stating that legitimate information on pre-natal sex determination would be unavailable, and that the ‘freedom of access to information’ would be restricted. The Court stated that this freedom could be curbed for the sake of the larger good.

The ‘doctrine of auto-block’

By the order dated September 19, 2016, the Court discussed the ‘doctrine of auto block’ and the responsibility of the respondents to block illegal content themselves. In this order, the Court listed roughly 40 search terms and stated that the respondents should ensure that any attempt at looking up these terms would be ‘auto-blocked’. The respondents also agreed to disable the ‘auto complete’ feature for these terms.

Google has blocked search terms from their auto-complete system in several other countries, often with little success. This article points out that illegal search terms relating to child pornography have been allowed on auto-complete while more innocuous terms like ‘homosexual’ have been blocked by Bing, proving that this system of blocking has several discrepancies.

Other than a chilling effect on free speech, disabling auto complete can also lead to other adverse effects. In one instance, the owner of a sex-toy store complained about her business not benefitting from the autocomplete feature, like several others had. She stated that …Google is … making it easier for people to find really specific information related to a search term. In a sense it’s like we’re not getting the same kind of courtesy of that functionality. Similarly, several legitimate websites discussing pre-natal sex determination might lose potential readers or viewers if ‘autocomplete’ is disabled.

Conclusion

The author would like to make two broad suggestions. First, the functioning of the nodal agency should be revisited. The recommended system lacks accountability and transparency and will certainly lead to over-blocking and will also lead to a chilling effect.

Second, search engines should not be given over-arching powers to censor their own websites. It is well-established that this leads to over-censorship. In addition to contradicting Section 79(3)(b) of the IT Act, the Court would also be delegating judicial authority to a private search engine.

According to a study conducted by The Centre for Internet & Society, Bangalore in January, 2015, searching for keywords relating to pre-natal sex determination on Google, Yahoo and Bing did not yield a large number of ‘organic search results’ and ‘sponsored links’ that would violate Section 22 of the PNDT Act. From 2015-2016, search engines have presumably followed Supreme Court orders and filtered out illegal search results and advertisements. Since instances of illegal search results and advertisements being displayed were not rampant to begin with,  there seems to be no urgent need to impose strict measures like ‘auto-blocks’.

The Supreme Court seems to be imposing similarly arbitrary rules upon search engines in other judgments. Recently, the Court ordered Google, Microsoft and Yahoo to create a ‘firewall’ that would prevent illegal videos from being uploaded to the internet.  They cited the example of China creating a similar firewall to prove the feasibility of the order.

Delhi HC hears the the Right to be Forgotten Case

The pending right to be forgotten petition came up for hearing before the Delhi High Court today. The case seeks the deletion of a court order, which has been reproduced on the website Indiankanoon.com, on the ground that it violates the petitioners’ right to privacy and reputation. This post looks at some of the contentions raised before the Court today and its response to them. However, these are mere observations and the Court is yet to take a final decision regarding the petitioner’s prayer(s).

During the course of today’s hearing, the presiding judge observed that all orders of the court constitute public records and cannot be deleted. In any case, it was pointed out that judicial decisions are normally reported and accessible on the National Judicial Data Grid and their removal from a particular website would not serve the desired purpose. Moreover, the court thought that even if the petitioner’s relief was granted, removal of content from the Internet was a technical impossibility.

The Court however did acknowledge that certain information could be redacted from judicial orders in some cases. This is routinely done in cases related to rape or other sexual offences owing to the presence of a clear legal basis for such redaction. In the present case however, the Court appeared unconvinced that a similar legal basis existed for redacting information. The petitioner’s counsel contended that personal information might become obsolete or irrelevant in certain cases, reflecting only half-truths and causing prejudice to an individual’s reputation and privacy. However, the Court observed that orders of a court could not become obsolete, and the balance if any would always tilt towards the public interest in transparency.

On several occasions, the petitioner’s counsel made a reference to the European Court of Justice’s decision in Google Spain, which is commonly credited with creating the right to be forgotten in Europe. However, the Google Spain ruling created a distinction between deleting information from its source and merely delisting it from search engine results. Further, the delisting is limited to results displayed for search performed for a particular name, ensuring that the information continues to be indexed and displayed if Internet users perform a generic search. However, no distinction was made between delisting and erasure during the course of arguments in the present case.

As an alternate prayer, it was argued for the petitioner that his name be anonymised from the court order in question. Here again, the Court felt that there was no legal basis for anonymisation in the present case. In the Court’s opinion, the information in the order was not prejudicial to the petitioner, per se. The fact that information about a family dispute was accessible to the public at large was not seen as particularly damaging.

The Indian legal framework lacks a coherent policy for anonymisation of names in judicial decisions. Under the Indian Penal Code, publishing names of victims of certain offences is prohibited. Realising that the provision did not bar courts from publishing the names of the victim, the Supreme Court held that names should be anonymised from judgments too, keeping the object of the law in mind. However, research indicates that names continue to be published by courts in a substantial number of cases. A few other laws also provide a legal basis for anonymisation, but these are limited to cases such as minor victims of sexual offences or juvenile offenders. On a few occasions, courts have used their inherent powers to order anonymisation of party names in family cases – making the decision dependent on the discretion of a judge, rather than a result of a larger policy objective. Increasing digitization of court records and easy availability of judgments on the Internet has new implications for online privacy. Transparency of the judicial process is crucial, but in the absence of any larger public interest, anonymisation may be warranted in a wider range of cases than is currently permitted.

As a concept, some form of the right to be forgotten may be essential in today’s age. However, it’s successful implementation is entirely dependent on clear legal principles that strike a balance between competing rights. In the absence of a comprehensive data protection legislation, this is difficult. However, besides the question of a right to be forgotten, this petition presents an interesting opportunity for the Court to analyse and perhaps frame guidelines where anonymisation may be adequate to protect privacy, without delisting or deleting any content.