Guest Post: The Case Against Requiring Social Media Companies to Proactively Monitor for ‘Anti-Judiciary Content’

This post is authored by Dhruv Bhatnagar

Through an order dated July 19, 2022 (“Order”), Justice G.R. Swaminathan of the Madras High Court initiated proceedings for criminal contempt against YouTuber ‘Savukku’ Shankar. The genesis of this case is a tweet in which Shankar questioned who Justice Swaminathan met before delivering a verdict quashing criminal proceedings against another content creator. Shankar’s tweet on Justice Swaminathan has been described in the Order as ‘an innuendo intended to undermine the judge’s integrity’.

In the Order, Justice Swaminathan has observed that Chief Compliance Officers (“CCOs”) of social media companies (“SMCs”) are obligated to ensure that “content scandalising judges and judiciary” is not posted on their platforms “and if posted, [is] taken down”. To contain the proliferation of ‘anti-judiciary content’ on social media, Facebook, Twitter, and YouTube have been added as parties to this case. Their CCOs have been directed to document details of complaints received against Shankar and explain whether they have considered taking proactive steps to uphold the dignity of the judiciary.

Given that users access online speech through SMCs, compelling SMCs to exercise censorial power on behalf of State authorities is not a novel development. However, suo moto action to regulate ‘anti-judiciary content’ in India may create more problems than it would solve. After briefly discussing inconsistencies in India’s criminal contempt jurisprudence, this piece highlights the legal issues with standing judicial orders directing SMCs to proactively monitor for ‘anti-judiciary content’ on their platforms. It also catalogues the practical difficulties such orders would pose for SMCs and argues against the imposition of onerous proactive moderation obligations upon them to prevent the curtailment of users’ freedom of speech.

Criminal contempt in India: Contours and Splintered Jurisprudence

The Contempt of Courts Act, 1971 (“1971 Act”) codifies contempt both as a civil and criminal offence in India. Civil contempt refers to wilful disobedience of judicial pronouncements, whereas criminal contempt is defined as act(s) that either scandalise or lower the authority of the judiciary, interfere with the due course of judicial proceedings, or obstruct the administration of justice. Both types of contempt  are punishable with a fine of up to Rs. 2,000/-, imprisonment of up to six months, or both. The Supreme Court and High Courts, as courts of record, are both constitutionally (under Articles 129 and 215) and statutorily (under Section 15 of the 1971 Act) empowered to punish individuals for contempt of their own rulings.

Given that “scandalis[ing]” or “tend[ing] to scandalise” a court is a broad concept, judicial interpretation and principles constitute a crucial source for understanding the remit of this offence. However, there is little consistency on this front owing to a divergence in judicial decisions over the years, with some courts construing the offence in narrow terms and others broadly.

In 1978, Justice V.R. Krishna Iyer enunciated, inter-alia, the following guidelines for exercising criminal contempt jurisdiction in S. Mulgaokar (analysed here):

  • Courts should exercise a “wise economy of use” of their contempt power and should not be prompted by “easy irritability” (¶27).
  • Courts should strike a balance between the constitutional values of free criticism and the need for a fearless judicial process while deciding contempt cases. The benefit of doubt must always be given since even fierce or exaggerated criticism is not a crime (¶28).
  • Contempt is meant to prevent obstruction of justice, not offer protection to libelled judges (¶29).
  • Judges should not be hypersensitive to criticism. Instead, they should endeavour to deflate even vulgar denunciation through “condescending indifference…” (¶32).

Later, in P.N. Duda (analysed here), the Supreme Court restricted the scope of criminal contempt only to actions having a proximate connection to the obstruction of justice. The Court found that a minister’s speech assailing its judges for being prejudiced against the poor, though opinionated, was not contemptuous since it did not impair the administration of justice.

However, subsequent judgments have not always adopted this tolerant stance. For instance, in D.C. Saxena (analysed here), the Supreme Court found that the essence of this offence was lowering the dignity of judges, and even mere imputations of partiality were contemptuous. Later, in Arundhati Roy (analysed here), the Supreme Court held that opinions capable of diminishing public confidence in the judiciary also attract contempt. Here, the Court noted that the respondent had caused public injury by creating a negative impression in the minds of the people about judicial integrity. This line of reasoning deviates from Justice Krishna Iyer’s guidelines in Mulgaokar, which had advised against using contempt merely to defend the maligned reputation of judges. Not only does this rationale allow for easier invocation of the offence of contempt, but it is also premised on a paternalistic assumption that India’s impressionable citizenry may be swayed by malicious and irrelevant vilification of the judiciary.

Given the above disparity in judicial opinions, Shankar’s guilt ultimately depends on the standards applied to determine the legality of his tweet. As per the Mulgaokar principles, Shankar’s tweet may not be contemptuous since it does not present an imminent danger of interference with the administration of justice. However, if assessed according to the Saxena or Roy standard, the tweet could be considered contemptuous simply because it imputes ulterior motives to Justice Swaminathan’s decision-making.

It is submitted that the Mulgaokar principles more closely align with the constitutional requirement that restrictions on speech be ‘reasonable’ as the principles advocate only restricting speech that constitutes a proximate threat to a permissible state aim (contempt of court) set out in Article 19(2). For this reason, as general practise, it may be advisable for judges to consistently apply and endorse these principles while deciding criminal contempt cases.    

Difficulties in proactive regulation of ‘anti-judiciary content’

Justice Swaminathan’s observation in the Order that SMCs have a ‘duty to ensure content scandalising judges is not posted, and if posted is taken down’ suggests that he expects such content to be proactively identified and removed by SMCs from their platforms. However, practically, standing judicial orders imposing such broad obligations upon SMCs would not only exceed their obligations under extant Indian law but may also lead to legal speech being taken down. These concerns are elaborated below:

Incompatibility with legal obligations:

Although the Information Technology Act, 2000 does not specifically require SMCs to proactively monitor content, an obligation of this nature has been introduced through delegated legislation in Rule 4(4) of the 2021 IT Rules. This rule requires SMCs qualifying as ‘significant social media intermediaries’ (“SSMIs”) (explained here) to, inter-alia, “endeavour to deploy” technological measures to proactively identify content depicting rape, child sexual abuse or identical content previously disabled pursuant to governmental or judicial orders. However, ‘anti-judiciary content’ is not a content category which SSMIs need to endeavour to proactively identify. Thus, any judicial directions imposing this mandate upon them would exceed the scope of their legal obligations.

Further, in Shreya Singhal (analysed here), the Supreme Court expressly required a court order determining the illegality of content to be passed before SMCs were required to remove the content. However, if proactive monitoring obligations are imposed, SMCs would have to identify and remove content on their own, without a judicial determination of legality. Such obligations would also undermine the Court’s ruling in Visakha Industries (analysed here), which advised against proactive monitoring to prevent intermediaries from becoming “super censors” and “denud[ing] the internet of it[s] unique feature [as] a democratic medium for all to publish, access and read any and all kinds of information” (¶53).

Unrealistic expectations and undesirable content moderation outcomes:

Judicial orders directing SMCs to proactively disable ‘anti-judiciary content’ essentially require them to objectively and consistently enforce standards on criminal contempt on their platforms. This may be problematic considering that the doctrine of contempt emerging from constitutional courts, where judges possess a significantly higher degree of specialised knowledge on what constitutes contempt of court, is itself  ambiguous at best. Put simply, when even courts have regularly disagreed on the contours of contemptuous speech, it may be problematic to expect SMCs to take more coherent decisions.

A major risk with delegating the burden of complex decision-making about free speech to private intermediaries is excessive content removal. Across jurisdictions, platform providers have erred on the side of caution and over-removed content when faced with potential legal risks. This is evidenced through empirical studies on the notice-takedown regime for copyright infringing content in the US and due diligence obligations for intermediaries in India.

Given their documented propensity for over-compliance, directions by Indian courts requiring SMCs to proactively takedown ‘anti-judiciary content’, may incentivise excessive removal of even permissible critique of judicial actions by SMCs. This would ultimately restrict social media users’ right to free expression.

Way forward

Considering the issues outlined above, it may be advisable for the Madras High Court to refrain from imposing proactive monitoring obligations upon SMCs. Consistent with the Mulgaokar principles, judges should issue blocking directions for online contemptuous speech, in exercise of their criminal contempt jurisdiction, only against content which poses a credible threat to the obstruction of justice and not against content which they perceive to lower their reputation. Such directions should also identify specific pieces of content and not impose broad obligations on SMCs that may ultimately restrict free expression.

Guest Post: Puttaswamy and privacy rights of the accused

This post is authored by Thulasi K. Raj

Following the judgment of the Supreme Court in Puttaswamy, the privacy rights of accused persons have been litigated upon across various High Courts in India. The right to privacy is especially relevant at various stages of a criminal case where numerous situations can potentially infringe the accused’s privacy. In this post, I will examine how privacy claims made by the accused have been examined by courts post-Puttaswamy. I specifically examine two types of claims: (i) cases where the personal information of the accused is available (or has been made available) in the public domain; and (ii) cases concerning the procedures an accused may be subjected to.

In cases where the accused has raised a privacy claim, the State typically makes a ‘countervailing interest’ argument; that a key governmental interest such as effectively investigating crimes is furthered by interfering with an individual’s privacy, and hence is justified. However, Puttaswamy, laid down that State infringements on privacy cannot merely serve an important interest, but must fulfil the four-part test of legality, necessity, proportionality, and reasonable safeguards. The Supreme Court held that “An invasion of life or personal liberty must meet the threefold requirement of (i) legality, which postulates the existence of law; (ii) need, defined in terms of a legitimate State aim; and (iii) proportionality which ensures a rational nexus between the objects and the means adopted to achieve them.” The proportionality limb also specifically requires the State’s measure to be the least rights infringing measure possible that continues to fulfil the State’s desired objective, with courts balancing competing interests. Justice Kaul’s separate opinion would add a fourth limb to this test, ‘procedural safeguards against abuse of interference with rights’, in line with Article 21’s guarantee of a ‘procedure established by law’.

The first set of privacy claims is where the personal information of accused persons were made public due to them being the subject of a criminal prosecution and judicial interventions were sought to safeguard this data. One of the prominent cases in this regard was Re: Banners before the Allahabad High Court. The district administration and police had put up banners displaying the names and photographs of persons who were accused of vandalism.

Expressly referring to Puttaswamy’s, and applying thefour-tier test, the High Court in Re: Banners first held that there were no statutory provisions “permitting the State to place the banners with personal data of the accused” in public (contravening the ‘legality’ test). Further, the publication of personal data also failed the ‘legitimate aim’ and ‘proportionality’ requirements. The purported aim, as argued by the State, was to deter people from violating the law. According to the Court, this was insufficient as the action of publishing personal information on banners was not necessary to achieve this aim. Therefore, the banners were ordered to be removed and the administration was asked to refrain from such actions in the future without legal authority.

In Karthick Theodre, an individual who had been acquitted of criminal charges by a 2014 judgement sought the “erasure or redaction of his personal information from the public domain.” In other words, the petitioner sought the redaction or erasure of his name from the judgement. Relying on Puttaswamy, various arguments including the right to be forgotten were raised before the Madras High Court. The apprehension of the petitioner was duly noted, that whenever his name was searched through search engines, results relating to the judgment would appear. However, the Court dismissed the plea on the grounds that without an adequate data protection law, laying down the parameters of when the redaction of the names of the accused should be directed, there was no objective criteria based on which the court can pass orders. While certain High Courts have granted reliefs based on the right to be forgotten, (See Jorawar Singh Mundy, Zulfiqar Ahman Khan,) the Madras High Court held that absence of a statute renders the petitioner remediless.

The second set of cases are privacy claims by accused persons as to the procedures they can be subjected to during an investigation. In Mursaleen Mohammad, the appellant was convicted under the provisions of the Narcotic Drugs and Psychotropic Substances Act, 1985 (“NDPS”). The appellant was subject to an x-ray examination by the authorities and subsequently confined till he defecated to recover the contraband allegedly stored in his body. The Calcutta High Court observed that the search and recovery of contraband from a person contemplated under section 50 of the NDPS Act does not allow for invasive medical procedures absent compliance with strict statutory safeguards. The Court noted that there were procedural irregularities in collecting the ‘evidence’. By relying on Puttaswamy, the Court affirmatively held that ‘recovery of contraband inside the body of a suspect must not only be in accordance with the procedure established by law but also be compatible to (sic) the dignity of the individual and ought not subject him to cruel, inhuman treatment.” The recovery of contraband, according to the Court, encroached on the appellant’s right to privacy.

In Vinod Mittal, the Himachal Pradesh High Court considered the legality of an order by a Special Judge, directing the petitioner to undergo a polygraph test and provide a voice sample to the investigating agency. The petitioner challenged the constitutionality of these directions, relying on Article 20(3) of the Constitution and the decisions in Ritesh Sinha and Selvi. The petitioner, however, admitted that he was willing to provide the sample if the court found such procedures to be legally permissible. The High Court said that the tests the accused could be subjected to could broadly be divided into three kinds: “(i) permissible with or without consent, (ii) permissible with consent only, and (iii), impermissible altogether.” After studying relevant judgments, the Court held that polygraph tests fall under the second category.

The Court concluded that “It is not legally impermissible [for a court] to issue direction[s] to a person to undergo Narco Analysis, polygraph and BEAP test, but such direction shall be subject to consent of said person and the person has a right to elect to consent or refuse to undergo such test…” The Himachal Pradesh High Court, therefore, indicated through this case that such techniques, if done in an involuntary manner, would be an unjustified intrusion and violate an individual’s (mental) privacy.

These cases demonstrate that the four-tier test laid down in Puttaswamy has been significantly engaged with by constitutional courts in interpreting the right to privacy of the accused. The use of the conjunctive test laid down by the Supreme Court has facilitated a more robust scrutiny of State action vis-à-vis accused individuals. The interpretation certainly requires further development, with greater sophistication in enhancing the analysis under Puttaswamy. However, these are positive judicial observations that will likely result in a consistent and continuous engagement with violations of the right to privacy. While various aspects of the right to privacy, including the right to be forgotten, await comprehensive judicial recognition, privacy jurisprudence has tremendous potential to protect the rights of the accused in the years to come.

Guest Post: Liberty, privacy and abortion rights: Comparing India and the U.S.

This post is authored by Shrutanjaya Bhardwaj

On 25 June 2022, in Dobbs v. Jackson, the U.S. Supreme Court (“SCOTUS”) declared that the U.S. Constitution does not guarantee a right to abortion. SCOTUS thus overturned the celebrated 1973 judgment titled Roe v. Wade which had held the right to abortion to be constitutionally protected. This post analyses Roe and Dobbs, examining how and why they treated the term “liberty” differently. It then contrasts these definitions with the Indian understanding of “liberty”.

“Liberty” and “tradition”: A brief overview of Roe and Dobbs

The legal issue on which Roe and Dobbs disagree concerns the word “liberty” in the Fourteenth Amendment to the U.S. Constitution. The Amendment states that the State shall not “deprive any person of life, liberty, or property, without due process of law”. SCOTUS decisions prior to 1973 interpreted the word “liberty” narrowly . They held that the word does not include all kinds of liberties; it refers to those liberties which were historically and traditionally considered fundamental in the U.S. For example, Palko (1937) held that the Fourteenth Amendment only protects liberties “so rooted in the traditions and conscience of our people as to be ranked as fundamental.” Similarly, Snyder (1934) held that the words “due process” imply the processes traditionally guaranteed in the U.S.

The Court in Roe (1973) was aware of these precedents. However, the majority ultimately held that the Fourteenth Amendment protects “personal rights that can be deemed ‘fundamental’ or ‘implicit in the concept of ordered liberty’.” Conspicuously, the reference to history and tradition was omitted, presumably implying that history and tradition are not essential to the analysis. Hence, while narrating the history of abortion, the majority did not deem it necessary to locate a right to abortion in American tradition. It merely found that “at common law, at the time of the adoption of our Constitution, and throughout the major portion of the 19th century, abortion was viewed with less disfavor than under most American statutes currently in effect” (emphasis supplied). It then proceeded to hold that the right to abortion was protected under the Fourteenth Amendment as a facet of the right to privacy. Roe’s treatment of history and tradition would eventually become the main reason for its overturning in Dobbs.

But Roe was not alone in treating history and tradition as inconclusive. SCOTUS has generally wavered on this issue. E.g., in Obergefell (the 2015 decision affirming a right to same-sex marriages), SCOTUS held that while history and tradition “guide and discipline this inquiry”, they “do not set its outer boundaries”. Contrast this with Glucksberg (the 1997 decision rejecting a right to assisted suicide) which held that the “outlines” of the word “liberty” are to be “carefully refined by concrete examples involving fundamental rights found to be deeply rooted in our legal tradition,” indicating a conclusive reliance on tradition. Thus, the question of whether “liberty” is to be interpreted purely normatively (‘implicit to ordered liberty’), or must also be grounded in historical experience is  itself contested in SCOTUS jurisprudence and has changed over time – often based on the composition of the court on a given day and case.

In attacking Roe’s conclusion, then, the main objection taken by the Dobbs Court — composed of a 6-3 conservative majority — was a historical one. The majority re-examined historical evidence and found that abortion has been traditionally criminalised, or at least negatively treated, in most states: “By the time the Fourteenth Amendment was adopted, three-quarters of the States had made abortion a crime at any stage of pregnancy. This consensus endured until the day Roe was decided. Roe either ignored or misstated this history….” Citing Palko (1937) and Glucksberg (1997) for the necessity to ground liberty in historical practice, the majority rejected the idea that an abortion right was “deep-rooted” in American history and tradition. Thus, it found, the word “liberty” in the Fourteenth Amendment did not protect a woman’s right to medically terminate her pregnancy. 

The implication is this. After Dobbs, the 14th amendment itself does not include a right to medically terminate a pregnancy because the right is not “deeply rooted” in American history and tradition. Thus, there exists no need to examine whether there exists a countervailing right of the woman which must be “balanced” against the State’s interest in protecting prenatal life. As described by the dissent: “The constitutional regime we have lived in for the last 50 years recognized competing interests, and sought a balance between them. The constitutional regime we enter today erases the woman’s interest and recognizes only the State’s….

It is easy to see why SCOTUS’ reliance on history and tradition is problematic. The point of a Bill of Rights is to insulate freedom and equality from majority control. It is hence paradoxical that the meaning of liberty turns on popular tradition. Relying on  a male political majority’s treatment over a period of time of women (at a time when the latter were denied political representation – women were not allowed to vote when the 14th amendment was passed – and equal standing in society) to determine the liberties afforded to women today risks codifying past injustices into modern rights law. The Dobbs dissent rightly argues, quoting Obergefell, that “[i]f rights were defined by who exercised them in the past, then received practices could serve as their own continued justification.” This circular test—which sees the Constitution as a tool to cement tradition rather than challenge it—allows all kinds of regressive, liberty-restricting practices to be upheld so long as they are rooted in American history and tradition. Finally, history itself may be contested and heterogeneous, and the Court’s approach  provides few safeguards against the selective reliance and interpretation of “history” by the majority.

Yet, the dissent struggles—and so does an amicus brief —to articulate an alternative test to define “liberty”. The dissent argues, rightly, that history and tradition are not captured “in a single moment” and should be understood with reference to “the longsweep of our history and from successive judicial precedents”. But this does not take us very far. Is tradition relevant at all? How relevant? When can you overlook it? Is it possible to ensure that judges will not start interpreting the word “liberty” based on their own personal biases, in ways completely disconnected from American tradition? The dissent does not argue that tradition is irrelevant, and does not provide any principled test to determine when its relevance is reduced.

“Liberty” in the Indian Constitution

While the Indian Supreme Court often discusses the history of the issue before it (very common in reservation cases, e.g.), history and tradition have never been the determining factors to define “liberty” in Art.21 of the Indian Constitution. The meaning of “liberty” has been determined by other considerations.

Art.21 prohibits the State from depriving any person of “personal liberty” except as per procedure established by law. Separately, Art.19 lists six (originally seven) freedoms: speech, assembly, association, movement, residence and trade. In its early years, the Supreme Court was called upon to decide if the “liberty” contemplated by Art.21 was broad enough to include the six freedoms listed in Art.19. This question was first answered in Gopalan (1950). By a 5-1 majority, the Court held that since Art.21 spoke only of “personal” liberty—i.e., liberty of one’s person—it had to be interpreted narrowly to mean freedom from bodily restraint. As Das J. put it, liberty is the “antithesis of physical restraint or coercion”. The majority viewed Art.19 and Art.21 as distinct rights having no overlapping content. In other words, the content of “liberty” in Art. 21 was not informed by the rights enumerated in Art. 19

In the Gopalan era, therefore, Art.21 had a narrow scope. It did not, e.g., include the right to privacy, as held in M.P. Sharma (1954) and Kharak Singh (1964). But Gopalan was overturned after the Emergency. In Maneka (1978), the Supreme Court held that fundamental rights are not siloed; they are overlapping in terms of their content. Accordingly, the meaning of “personal liberty” in Art.21 was held to include and be informed by the six enumerated freedoms of Art.19 and other constitutional sources. 

Since Maneka, the meaning of “personal liberty” has been continuously expanded. Now, Art.21 includes, inter alia, the rights to legal aid and speedy trial, the right to shelter, workers’ right to health and medical aid, a woman’s right to make free choices regarding sterilization procedures, the right to privacy, and indeed, a qualified right to have an abortion subject to reasonable restrictions imposed by the Medical Termination of Pregnancy Act, 1971

But none of these activities or rights have had to pass a historical test before being recognised. The term “personal liberty” has been understood as being “of the widest amplitude” (Maneka 1978) and defined as “a power of acting according to the determinations of the will” (Mhetre 2011). These holdings imply that the words “personal liberty” encompass the freedom to do whatever one wants, although the freedom is not absolute and is subject to any fair, just and reasonable law made by the State (such as criminal legislations which identify and punish certain acts like murder, theft etc.) on legitimate grounds. In other words, the idea of “liberty” does not depend on the act being performed or its historical acceptance. In contrast with the SCOTUS, Indian courts have called the Constitution a “transformative” document, emphasizing its role as a revolutionary instrument that appropriately challenges tradition rather than protect it.

In one sense, this is a much neater test as compared to the one followed by SCOTUS. In context of abortion, because the interpretation of “liberty” does not presumptively exclude the right to terminate a pregnancy (Dobbs) it means that the Court must recognise two competing rights—the woman’s right to have an abortion and the fetal right (if it is shown to exist) to life—and resolve the conflict by evaluating the necessity and proportionality of the restrictions placed by the State. 

Conclusion

This is not to say that the test under Art.21 has no flaws. The flexibility of the “fair, just and reasonable” standard also means that it is vague, and a restriction deemed to be reasonable by one bench or court could well be deemed unreasonable by another. Yet, the advantage of the Maneka test is that it does not allow the Court to outrightly reject either competing right on the ground that it does not comport with historical practices and popular traditions. The Court must at least enter the balancing exercise and explain why particular restrictions on rights are proportionate or disproportionate.

“Liberty” under the Indian Constitution is substantially different from that under the U.S. Constitution. The SCOTUS test is problematic; tradition and history are not objective and using them to define “liberty” is not wise. In contrast, Art.21 protects all liberty, and is open to recognising competing rights within the constitutional scheme. A woman’s right to abortion is hence recognised, but is to be ‘balanced’ against the right to life of the fetus (if such a competing right is shown to exist). This allows for a much more principled inquiry into the competing interests and for testing the necessity and proportionality of the State measure in question.

The Dobbs ruling has serious implications for privacy rights. The immediate implications are on pregnancy and reproductive autonomy: 11 states in the U.S. already have laws criminalizing abortions, while 13 more states are speculated to pass such laws in the near future. The de-recognition of the right to abortion as a fundamental right also poses dangers of surveillance and sensitive data collection by law enforcement agencies by piggy-backing on the data stored with financial companies and even mentruation-tracking apps in an effort to track individuals who may have had an abortion in a state where it is illegal. Looking beyond pregnancy, the Dobbs decision might imply—as both the concurrence (by Justice Thomas) and the dissent suggest—a threat to other rights which were recognized by SCOTUS as flowing from the right to privacy, including the right to contraception, the right to same-sex marriage, homosexuality rights, etc. The majority rejects this suggestion because “none of these decisions involved what is distinctive about abortion: its effect on what Roe termed ‘potential life’”. However, as the dissent notes, other rights based on the 14th amendment’s guarantee of autonomy and privacy may also fail the test of being “deeply rooted” in tradition. The effect of Dobbs on those other rights may be more complex than what the various Justices suggest. These and other aspects of the Dobbs fallout will be discussed in a future post.

This blog was written with the support of the Friedrich Naumann Foundation for Freedom.

CCG’s Comments to the Ministry of Electronics & Information Technology on the proposed amendments to the Intermediary Guidelines 2021

On 6 June 2022, the Ministry of Electronics and Information Technology (“MeitY”), released the proposed amendments for Part 1 and Part II of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (“2021 IT Rules”). CCG submitted its comments on the proposed amendments to the 2021 IT Rules, highlighting its key feedback and key concerns. The comments were authored by Vasudev Devadasan and Bilal Mohamed and reviewed and edited by Jhalak M Kakkar and Shashank Mohan.

The 2021 IT Rules were released in February last year, and Part I and II of the Guidelines set out the conditions intermediaries must satisfy to avail of legal immunity for hosting unlawful content (or ‘safe harbour’) under Section 79 of the Information Technology Act, 2000 (“IT Act”). The 2021 IT Rules have been challenged in several High Courts across the country, and the Supreme Court is currently hearing a transfer petition on whether these actions should be clubbed and heard collectively by the apex court. In the meantime, the MeitY has released the proposed amendments to the 2021 IT Rules which seek to make incremental but significant changes to the Rules.

CCG’s comments to the MeitY can be summarised as follows:

Dilution of safe harbour in contravention of Section 79(1) of the IT Act

The core intention behind providing intermediaries with safe harbour under Section 79(1) of the IT Act is to ensure that intermediaries do not restrict the free flow of information online due to the risk of being held liable for the third-party content uploaded by users. The proposed amendments to Rules 3(1)(a) and 3(1)(b) of the 2021 IT Rules potentially impose an obligation on intermediaries to “cause” and “ensure” their users do not upload unlawful content. These amendments may require intermediaries to make complex determinations on the legality of speech and cause online intermediaries to remove content that may carry even the slightest risk of liability. This may result in the restriction of online speech and the corporate surveillance of Indian internet users by intermediaries. In the event that the proposed amendments are to be interpreted as not requiring intermediaries to actively prevent users from uploading unlawful content, in such a situation, we note that the proposed amendments may be functionally redundant, and we suggest they be dropped to avoid legal uncertainty.

Concerns with Grievance Appellate Committee

The proposed amendments envisage one or more Grievance Appellate Committees (“GAC”) that sit in appeal of intermediary determinations with respect to content. Users may appeal to a GAC against the decision of an intermediary to not remove content despite a user complaint, or alternatively, request a GAC to reinstate content that an intermediary has voluntarily removed or lift account restrictions that an intermediary has imposed. The creation of GAC(s) may exceed Government’s rulemaking powers under the IT Act. Further, the GAC(s) lack the necessary safeguards in its composition and operation to ensure the independence required by law of such an adjudicatory body. Such independence and impartiality may be essential as the Union Government is responsible for appointing individuals to the GAC(s) but the Union Government or its functionaries or instrumentalities may also be a party before the GAC(s). Further, we note that the originator, the legality of whose content is at dispute before a GAC, has not expressly been granted a right to hearing before the GAC. Finally, we note that the GAC(s) may lack the capacity to deal with the high volume of appeals against content and account restrictions. This may lead to situations where, in practice, only a small number of internet users are afforded redress by the GAC(s), leading to inequitable outcomes and discrimination amongst users.

Concerns with grievance redressal timeline

Under the proposed amendment to Rule 3(2), intermediaries must acknowledge the complaint by an internet user for the removal of content within 24 hours, and ‘act and redress’ this complaint within 72 hours. CCG’s comments note that 72-hour timeline to address complaints proposed by the amendment to Rule 3(2) may cause online intermediaries to over-comply with content removal requests, leading to the possible take-down of legally protected speech at the behest of frivolous user complaints. Empirical studies conducted on Indian intermediaries have demonstrated that smaller intermediaries lack the capacity and resources to make complex legal determinations of whether the content complained against violates the standards set out in Rule 3(1)(b)(i)-(x), while larger intermediaries are unable to address the high volume of complaints within short timelines – leading to the mechanical takedown of content. We suggest that any requirement that online intermediaries address user complaints within short timelines could differentiate between types of content that are ex-facie (on the face of it) illegal and causes severe harm (e.g., child-sex abuse material or gratuitous violence), and other types of content where determinations of legality may require legal or judicial expertise, like copyright or defamation.

Need for specificity in defining due diligence obligations

Rule 3(1)(m) of the proposed amendments requires intermediaries to ensure a “reasonable expectation of due diligence, privacy and transparency” to avail of safe harbour; while Rule 3(1)(n) requires intermediaries to “respect the rights accorded to the citizens under the Constitution of India.” These rules do not impose clearly ascertainable legal obligations, which may lead to increased compliance burdens, hamper enforcement, and results in inconsistent outcomes. In the absence of specific data protection legislation, the obligation to ensure a “reasonable expectation of due diligence, privacy and transparency” is unclear. The contents of fundamental rights obligations were drafted and developed in the context of citizen-State relations and may not be suitable or aptly transposed to the relations between intermediaries and users. Further, the content of ‘respecting Fundamental Rights’ under the Constitution is itself contested and open to reasonable disagreement between various State and constitutional functionaries. Requiring intermediaries to uphold such obligations will likely lead to inconsistent outcomes based on varied interpretations.

Guest Post: Unpacking the Supreme Court’s interim order on sedition

This post is authored by Dhruv Bhatnagar

On May 11, 2022, the Supreme Court issued a consequential interim order (“Order”) in a batch of petitions challenging Section 124A of the Indian Penal Code, 1860 (“IPC”), which penalises the offence of ‘sedition’. The Order grants the Central Government time to re-examine the validity of Section 124A, and whilst this process is underway, effectively suspends the provision’s operation through these directions:

  1. it is “hop[ed] and expect[ed]” that the Central and State Governments will refrain from registering fresh ‘first information reports’, continuing investigations, and taking coercive measures under Section 124A;
  2. persons subsequently charged with sedition can approach courts for appropriate relief and their plea must be considered in light of the Order; and
  3. pending legal proceedings relating to sedition are to be kept in abeyance. However, proceedings under other penal laws can continue if no prejudice is caused to the accused.

After briefly explaining the offence of sedition and summarising the facts leading up to the current constitutional challenges, this post analyses the Order along three lines – its impact on fundamental rights; relevance for persons facing prosecution and incarceration for sedition; and possible hurdles to its effective implementation.

Sedition explained

Section 124A is a colonial law penalising (with up to life imprisonment) expression intended to incite hatred, contempt, or disaffection against the Government established by law. This offence is cognisable and non-bailable, meaning that the accused can be arrested without a warrant and grant of bail is not automatic, but rather subject to the discretion of the presiding court. Pertinently, the offences of ‘sedition’ and ‘seditious libel’ were abolished in the UK through the Coroners and Justice Act, 2009, pursuant to recommendations by UK’s Law Commission. Similarly, in furtherance of the Australian Law Reform Commission’s recommendations, in 201o the Australian Government replaced ‘sedition’ with ‘urging violence offences’ in the nation’s federal criminal law. This reform was introduced to modernise and clarify the elements of criminal offences. Thus, although multiple common law jurisdictions have long discarded sedition from their statute books, this archaic offence unfortunately remains in the IPC nearly 75 years after India’s independence. 

Section 124A’s constitutionality was tested in 1962 by a five-judge bench (i.e., a constitution bench) of the Supreme Court in Kedar Nath Singh (analysed here). The provision was declared valid since it was enacted “in the interest of… public order” (¶26). Acknowledging that a broad (or arguably even plain) interpretation of the offence may constitute an unreasonable restriction on free speech under Article 19(2), the Supreme Court limited Section 124A’s applicability to activities inciting violence or having the “tendency to create public disorder…” (¶27). Constitutional law scholars have pointed out that the Supreme Court’s interpretation of Section 124A in Kedar Nath is inconsistent with the provision’s text, which remains overbroad. This interpretative gap has been suggested as a reason for the provision’s misapplication.

Material facts

Against the backdrop of a sharp increase in the registration of sedition cases, several petitioners, challenged the constitutionality of Section 124A before the Supreme Court in 2021. Multiple petitioners (here and here) argued that:

  1. Kedar Nath was incorrectly decided because the Supreme Court overlooked the legal standard to legitimately curb speech under Article 19(2). As espoused in Ram Manohar Lohia (decided two years earlier in 1960, analysed here), this standard was a “proximate relationship” (¶13) between speech and apprehended public disorder, not a mere “tendency to create public disorder” (¶27, Kedar Nath).
  2. Section 124A is inconsistent with later Supreme Court decisions on free speech, including the seminal Shreya Singhal ruling (analysed here) wherein it was held that only incitement to public disorder, and not mere advocacy or discussion a particular cause can be curbed by law.
  3. Charges under section 124A have been frequently filed against journalists, politicians, and artists (among others), leading to a chilling effect on free speech.
  4. Section 124A’s broadness violates India’s international law commitments, particularly under Article 19 of the ICCPR, requiring restrictions on the freedom of expression to be necessary and unambiguous.  

These petitions were heard by different three-judge benches of the Supreme Court. However, as Section 124A’s constitutionality was upheld by five judges in Kedar Nath, according to the larger bench rule, only a constitution bench having a minimum of seven judges can invalidate Section 124A after conclusively overruling Kedar Nath. Thus, the preliminary question before the bench that passed the Order, comprising of Chief Justice N.V. Ramana, Justice Surya Kant and Justice Hima Kohli, was whether to refer the present-day challenges to a larger bench. The petitions were heard over the course of about a year:

Impact on fundamental rights

The Supreme Court’s intention to prevent unjustified curtailment of fundamental rights through the frequent use of Section 124A is both laudable and clearly represented in its Order. To this end, the Court’s first direction restraining the registration of fresh sedition cases is particularly significant. However, the deferential language used here (“We hope and expect…”) leaves room for ambiguity because:

  1. As pointed out by a commentator, legally even softly worded requests in judicial orders must be mandatorily followed. However, the language used in the Order may create needless confusion regarding the binding nature of the Supreme Court’s direction amongst authorities required to abide by it, potentially hampering compliance. Pertinently, despite the purpose of this direction being to restrain Section 124A’s invocation, the word ‘stay’ is conspicuously absent. This contrasts with the univocal language previously used by the Supreme Court to stay the operation of contentious farm laws. Given the significance of this direction, the Supreme Court could have phrased the Order in clearer terms.
  2. Admittedly, the absence of blanket top-down directions affords the State and lower courts discretion to evaluate situations on a case-to-case basis. However, the Supreme Court’s deference towards the State in operationalising its well-intentioned directions may not be beneficial given the periodic application of Section 124A, particularly in recent years. According to the online publication Article 14, there has been a 28% increase in sedition cases between 2014 and 2020, several of which were registered simply for criticising governments and politicians.

Additionally, the Supreme Court’s failure to record detailed reasons justifying its directions dilutes the Order’s precedential value. Had the Supreme Court provided legal reasoning for arriving at its “prima facie opinion” that Section 124A was unconstitutional – such as the provision’s vagueness or incompatibility with subsequent free speech standards – the Order could have been relied upon to buttress similar arguments in cases where other ambiguous penal laws have been challenged. Absent reasons, however, the Order remains highly contextual and neither clarifies nor expands India’s free speech protections.

Admittedly, the Supreme Court’s reluctance to elaborate on its reasons in the Order may be defensible since this was only an interim pronouncement and not a final verdict that reconsidered Section 124A’s constitutionality. However, a reasoned judgment conclusively invalidating Section 124A (as opposed to a government amendment or repeal) would have had a far more enduring impact on Indian free speech jurisprudence. The benefits of such a verdict could have been considered by the Supreme Court before granting the Government’s request for time to re-evaluate the validity of this offence. In light of the Supreme Court’s observations against Section 124A in the Order, it is hoped that the Court will consider issuing a detailed judgment disposing these challenges and conclusively striking-down Section 124A, in case the provision is not repealed by the Government within a reasonable duration.

Relevance for accused persons

The Order provides a strong basis for persons facing prosecution and incarceration for sedition to seek the suspension of legal proceedings and bail. This is evidenced by the Rajasthan High Court’s order directing the state police not to investigate sedition allegations against journalist Aman Chopra because of the Order, and a similar pronouncement by the Kerala High Court staying sedition proceedings against filmmaker Aisha Sultana.

However, for those charged with other offences in addition to sedition, especially under specialised penal statutes like the Unlawful Activities (Prevention) Act, 1967 (“UAPA”), grant of bail is still subject to the stringent conditions prescribed in these statutes. For instance, under Section 43D(5) of the UAPA, bail can be denied if the presiding court is satisfied that the prosecution’s allegations are “prima facie true”. While interpreting this provision in its Watali verdict (analysed here and here), the Supreme Court prohibited a detailed examination of even the prosecution’s evidence for deciding bail pleas, making it far easier to establish a prima facie case and significantly harder for the accused to be granted bail.   

Research by Article 14 suggests that in nearly 60% of sedition cases filed between 2010 to 2020, offences from other statutes, including the UAPA and the Information Technology Act, 2000 (“IT Act”), have been invoked alongside sedition. For individuals accused of more than just sedition, including journalist Siddique Kappan who is still in jail on charges under the UAPA, suspension of sedition alone might not bring much reprieve unless it is accompanied by wider reforms or stronger protections by courts.

Challenges in implementation

For effective implementation, the Order would have to be promptly communicated to grassroots-level law enforcement authorities spanning over 16,955 police stations. This is an uphill task considering India lacks a standardised framework for communicating judicial orders on constitutional issues to concerned authorities. The lack of such a framework has been cited by digital rights advocates as the primary reason behind the repeated invocation of the unconstitutional Section 66A of the IT Act, despite its invalidation in Shreya Singhal.

Given this context, the Supreme Court should have considered developing an ad hoc mechanism for ensuring compliance with its Order. It could potentially have directed concerned governments to communicate the Order to law enforcement authorities and to file compliance affidavits. Previously, in Prakash Singh v. UoI (analysed here), the filing of such affidavits was ordered to ensure adherence to the Supreme Court’s suggested police reforms.

The Court could also have included a contempt warning in its Order against non-compliant State authorities. It has  previously done so in an order restraining coercive action by the State against persons seeking medical aid online during the second wave of the COVID-19 pandemic. Although it is settled law that contempt proceedings can be initiated by any person aggrieved by the disobedience of general directions intended at achieving constitutional goals, the inclusion of a contempt warning in the Order could have potentially ensured a stronger incentive to comply and apprised those uninitiated in the law about their right to file contempt petitions, if necessary.   

Conclusion

Although the Supreme Court’s Order will likely bring some reprieve to persons facing sedition charges, unfortunately, the Order has limited precedential value given the lack of detailed legal reasoning. Further, the Supreme Court’s direction restraining registration of fresh sedition cases, though binding, should have been worded clearly to avoid ambiguity regarding its mandatory nature. Lastly, in the absence of a framework for communicating the Order to law enforcement authorities, implementing it would be challenging. As a mitigant, petitioners may consider requesting the Supreme Court to direct concerned governments to expeditiously communicate the Order to law enforcement authorities across the country and subsequently file affidavits demonstrating compliance.

Reflections on Second Substantive Session of UN OEWG on ICT Security (Part 3):Confidence Building Measures, Capacity Building and Institutional Dialogue

Ananya Moncourt & Sidharth Deb

“Smoking Gun” by Claudio Rousselon is licensed under CC BY 4.0
  • Introduction

In Part 1 this three-part series on the second substantive session of the United Nations’ (UN) Open-Ended Working Group (OEWG) on ICT security (2021-25) we critiqued how the OEWG is incorporating the participation of non-governmental stakeholders within its process. In Part 2 we reflected on States’ (including India’s) participation on discussions under three main themes of the OEWG’s institutional mandate as detailed under para 1 of the December 2020 dated UN General Assembly (GA) Resolution 75/240.

This analysis revealed how lawfare and geopolitical tensions are resulting in substantive divides on matters relating to (a) the definition and identification of threats in cyberspace; (b) the future direction and role of cyber norms in international ICT security; and (c) the applicability of international law in cyberspace. In Part 3 our focus turns to discussions at the second session as it related to inter-State and institutional cooperation. Specifically, we examine confidence building measures, cyber capacity building, and regular institutional dialogue. The post concludes by offering some expectations on the way forward for ongoing international cybersecurity and cybercrime processes.

  • Confidence Building Measures (CBMs)

Under CBMs, States focused on cooperation, collaboration, open dialogue, transparency and predictability. These included  proposals operationalising a directory of national point of  contacts (PoCs) at technical, policy, law enforcement and diplomatic levels. Several States suggested that CBMs would benefit from including non-governmental stakeholders and integrating with bilateral/regional arrangements like ASEAN, OSCE and OAS. States identified UNIDIR’s Cyber Policy Portal as a potential platform to advance transparency on national positions, institutional structures and best practices. South Korea, Malaysia and others proposed using the portal for early warning systems, new cyber norms discussions, vulnerability disclosures, and voluntary information sharing about national military capabilities in cyberspace. Other priority issues included (a) collaboration between CERTs to prevent, detect and respond to cybersecurity incidents; and (b) critical infrastructure protection.

CBMs were another site of substantive lawfare. Russia and its allies stressed on the need for objective dialogue to prevent misperceptions. They urged States to consider all technical aspects of cyber incidents to minimise escalatory risks of “false flag” cyber operations. As we have discussed earlier in Part 2, Iran and Cuba argued against States’ use of coercive measures (e.g. sanctions) which restrict/prevent access to crucial global ICT infrastructures. These States also highlighted challenges with online anonymity, hostile content, and the private sector’s (un)accountability.

India focused on cooperation between PoCs for technical (e.g. via a network of CERTs) and policy matters. They espoused the benefits of integrating CBM efforts with bilateral, regional and multilateral arrangements. Practical cooperation through tabletop exercises, workshops and conferences were proposed. Finally, India stressed on the importance of real-time information sharing on threats and operations targeting critical infrastructures. The latter is a likely reference to challenges States like India face vis-a-vis jurisdiction and MLAT frameworks.

  • Capacity Building

Consistent with the first OEWG’s final report, States suggested that capacity building activities should be:

  • sustainable,
  • purpose and results focused,
  • evidence-based,
  • transparent,
  • non-discriminatory,
  • politically neutral,
  • sovereignty respecting,
  • universal, and
  • facilitate access to ICTs.

States advocated international capacity building activities correspond with national needs/priorities and benchmarked against internationally determined baselines. The UK recommended Oxford’s Cybersecurity Capacity Maturity Model for national assessments.  States recommended harmonising capacity building programmes with bilateral and regional efforts. Iran and Singapore proposed fellowships, workshops, training programmes, education courses, etc as platforms for technical capacity building for State officials/experts. States suggested UNIDIR assume the role of mapping global and regional cyber capacity building efforts—spanning financial support and technical assistance—aimed at compiling a list of best practices. Disaster and climate resilience of ICT infrastructure was a shared concern among Member States.

Even under this theme Russia and their allies addressed unilateral issues like sanctions which limit universal access to crucial ICT environments and systems. Citing the principle of universality, Russia even proposed the OEWG contemplate regulation to control State actions in this regard. Iran built on this and proposed prohibiting States from blocking public access to country-specific apps, IP addresses and domain names.

India recommended capacity building targeting national technical and policy agencies. It proposed funnelling capacity building through regular institutional dialogue to ensure inclusivity, neutrality and trust. India proposed a forum of CERTs, under the UN, to facilitate tabletop exercises, critical infrastructure security, general cybersecurity awareness campaigns, and cyber threat preparedness. India proposed establishing an international counter task force comprising international experts in order to provide technical assistance and infrastructural support for cyber defences and cyber incident response against critical infrastructure threats. Member Sates requested India to elaborate on this proposal.

  • Regular Institutional Dialogue

Several States like France, Egypt, Canada, Germany, Korea, Chile, Japan and Colombia identified a previously proposed Programme of Action (PoA) to facilitate coordinated cyber capacity building. France proposed the PoA assist States with the technical expertise for cyber incident response, national cybersecurity policies, and critical infrastructure protection. States also identified the PoA to maintain a trust fund for cyber capacity building projects, and serve as a platform to assist States identify national needs and track implementation of cyber norms. Prior to the third substantive session, co-sponsors are expected to share an updated version of its working paper with the OEWG secretariat. These States have also proposed that the PoA serve as a venue for structured involvement of non-governmental stakeholders.

In order to harmonise the mandates of the OEWG and the PoA, Canada proposed that the OEWG serve as the venue where core normative aspects are finalised, and the PoA works on international implementation. The Sino-Russian bloc and developing countries expressed concerns about the PoA as a forum for regular institutional dialogue. Iran suggested that the OEWG instead operate as an exclusive international forum on cybersecurity. Cuba and Russia maintained that a parallel PoA would undercut the OWEG’s centrality.

While India’s intervention recognises the importance of regular institutional dialogue, it insists that such interactions be intergovernmental. It recommends that States retain primary responsibility for issues in cyberspace relating to national security, public safety and the rule of law.

  • Way Forward

The OEWG Chair aims to finalise a zero draft of its first annual progress report, for consultations and written inputs, approximately six weeks prior to the OEWG’s third substantive session in July 2022. It will be interesting to track how lawfare affects the report and other international processes.  

In this regard, it is crucial to juxtapose the OEWG against the UN’s ongoing ad-hoc committee in which States are negotiating a draft convention on cybercrime. Too often these conversations can be stuck in silos, however these two processes will collectively shape the broad contours of international regulation of cyberspace. Already, we observe India’s participation in the latter is shaped by its doctrinal underpinnings of the Information Technology Act—and it will be important to track how these discussions evolve.

CCG’s Comments to the Ministry of Electronics and Information Technology on the Draft National Data Governance Framework Policy

Authors: Joanne D’Cunha and Bilal Mohamed

On 26th May 2022, the Ministry of Electronics and Information Technology (MeitY), released the Draft National Data Governance Framework Policy (NDG Policy) for feedback and public comments. CCG submitted its comments on the NDG Policy, highlighting its feedback and key concerns with the proposed Data Governance Framework. The comments were authored by Joanne D’Cunha and Bilal Mohamed, and reviewed and edited by Jhalak M. Kakkar and Shashank Mohan.

The draft National Data Governance Framework Policy is a successor to the draft ‘India Data Accessibility and Use’ Policy, which was circulated in February 2022 for public comments and feedback. Among other objectives, the NDG policy aims to “enhance access, quality, and use of data to enable a data-led governance” and “catalyze AI and Data led research and start-up ecosystem”.

“Mountain” by Mariah Jochai is licensed under CC BY 4.0

CCG’s comments to the MeitY are divided into five parts – 

In Part I, of the comments we foreground our concerns by emphasising the need for comprehensive data protection legislation to safeguard citizens from potential privacy risks before implementing a policy around non-personal data governance. 

In Part II, we focus on the NDG Policy’s objectives, scope, and key terminologies. We highlight that the NDG Policy lacks in  sufficiently defining key terms and phrases such as non personal data, anonymisation, data usage rights, Open Data Portal, Chief Data Officers (CDOs), datasets ecosystem, and ownership of data. Having clear definitions will bring in much needed clarity and help stakeholders appreciate the objectives and implications of the policy. This also improves  engagement from the stakeholders including the government in the policy consultation process. This also enhances engagement from the stakeholders, including the various government departments, in the policy consultation process.  We also highlight that the policy does not illustrate how it will intersect and interact with other proposed data governance frameworks such as the Data Protection Bill 2021 and the Non Personal Data Governance Framework. We express our concerns around the NDG Policy’s objective of cataloguing datasets for increased processing and sharing of data matching with the aim to deploy AI more efficiently.  It relies on creating a repository of data to further analytics, and AI and data led research. However, it does not take into consideration that increasing access to data might not be as beneficial if computational powers of the relevant technologies are inadequate. Therefore, it may be more useful if greater focus is placed on developing computing abilities as opposed to increasing the quantum of data used.

In Part III, we focus on the privacy risks, highlighting concerns around the development and formulation of anonymisation standards given the threat of re-identification from the linkage of different datasets. This, we argue, can pose significant risks to individual privacy, especially in the absence of a data protection legislation that can provide safeguards and recognise individual rights over personal data. In addition to individual privacy harms, we also point to the potential for collective harms from using aggregated data. To this end, we suggest the creation of frameworks that can keep up with the increased risks of reidentification posed by new and emerging technologies.

Part IV of our comments explores the institutional framework and regulatory structure of the proposed India Data Management Office. The proposed IDMO is responsible for framing, managing, reviewing, and revising the NDG Policy. Key concerns on the IDMO’s functioning pertain to the exclusion of technical experts and representatives of civil society and industry in the IDMO. There is also ambiguity on the technical expertise required for Chief Digital Officers of the Digital Management Units of government departments and ministries, and the implementation of the redressal mechanism. In this section, we also highlight the need for a framework within the Policy to define how user charges will be determined for data access. This is particularly relevant to ensure that access to datasets is not skewed and is available to all for the public good. 

You can read our full submission to the ministry here.

Reflections on Second Substantive Session of UN OEWG on ICT Security (Part 2): Threats, Cyber Norms and International Law

Ananya Moncourt & Sidharth Deb

“Aspects of Cyber Conflict (pt. 3)” by Linda Graf is licensed under CC BY 4.0

Introduction

Part 1 of this three part series on the second substantive session of the United Nations’ (UN) Open-Ended Working Group (OEWG) on ICT security (2021-25) analysed key organisational developments regarding multistakeholder participation. The post contextualised the OEWG’s institutional mandate, analysed the impact of the Russia-Ukraine conflict on discussions, traced differing State positions, and critiqued the overall inclusiveness of final modalities on stakeholder participation at the OEWG.

This post (and subsequently Part 3) analyses substantial discussions at the session held between March 28 and April 01, 2022. These discussions were organised according to the OEWG’s mandate outlined in UN General Assembly (GA) Resolution 75/240. Accordingly, Part 2’s analysis covers:

  • existing and potential threats to “information security”.
  • rules, norms and principles of responsible State behaviour i.e. cyber norms.
  • international law’s applicability to States’ use of ICTs.

Both posts examine differing State interventions, and India’s interventions under each theme. The combined analysis of Parts 2 and 3 provides evidence that UN cybersecurity processes struggle with an inherent tension. This relates to the dichotomy between the OEWG’s mandate, which is based on confidence building, cooperation, collective resilience, common understanding and mutual accountability; as against the geopolitical rivalries which shape multilateralism. Specifically, it demonstrates the role of lawfare within these processes.

Existing and Potential Threats

Discussions reflected the wide heterogeneities of States’ perceptions of threats in cyberspace. The US, UK, EU, Estonia, France, Germany, Canada, Singapore, Netherlands and Japan prioritise securing critical infrastructure and ICT supply chains. Submarine cables, communication networks, rail systems, the public core of the internet, healthcare infrastructure and information assets, humanitarian databases, and oil and gas pipelines were cited as contemporary targets. Ransomware and social engineering were highlighted as prominent malicious cyber techniques.

In contrast, Russia, China and allies like Syria, Cuba and Iran urged the OEWG to address threats which conform to their understanding of “information security”. Premised on information sovereignty and domestic regime stability, prior proposals like the International Code of Conduct for Information Security offers a template in understanding their objectives. These States advocate regulating large-scale disinformation, terrorism, recruitment, hate speech and propaganda occurring over private digital platforms like social media. Cuba described such ICTs as tools for interventionism and destabilisation which interfere in States’ internal affairs. Iran and Venezuela cautioned States against using globally integral ICT systems as conduits for illegitimate geopolitical goals, which compromise other States’ cyber sovereignty—a recurring theme of these States’ engagement at the session.

Netherlands and Germany described threats against democratic and/or electoral processes as threats to critical infrastructure. Similarly, France described disinformation as a risk to security and stability in cyberspace. This is important to track since partial intersections with the Sino-Russian understanding of information security could increase future prospects of information flows regulation at the OEWG.

Developing States like Brazil, Venezuela and Pakistan characterised the digital/ICT divide between States as a major threat to cyberspace stability. Thus, capacity building, multistakeholder involvement and international cooperation — at CERT, policymaking and law enforcement levels — were introduced early as key elements of international cybersecurity. UK and Russia supported this agenda. France, China and Ecuador identified the development of cyber offensive capabilities as an international threat since they legitimise cyberspace as a theatre of military operations.

India’s participation in this area treads a middle ground. ICT supply chain security across infrastructure, products and services; and the protection of “critical information infrastructures” (CIIs) integral to economies and “social harmony” were stated priorities. Notably, the definition of CIIs under the Information Technology Act does not cite social harmony. India cited ransomware, misinformation, data security breaches and “… mismatches in cyber capabilities between Member States” as contemporary threats. To mitigate these threats, India advocated for improved information sharing and cooperation at technical, policy and government levels across Member States.

Cyber Norms

States disagreed on whether prior GGE and OEWG consensus reports serve as a minimum baseline for future cyber norms discussions. The Sino-Russian camp which includes Iraq, Nicaragua, Pakistan, Belarus, Cuba and others argued that cyber norms are an insufficient fix, and instead proposed a new legally binding instrument on international cybersecurity. China proposed a Global Initiative on Data Security as a blueprint for such a framework. Calls for treaties/conventions could trigger reintroduction of prior proposals on information security by these States.

The US, UK, Australia, Japan, France, Germany, Netherlands and allied States, and developing countries like Brazil, Argentina, Costa Rica, South Africa and Kenya argued that, instead of revisiting first principles, the current OEWG’s focus should be the implementation of earlier agreed cyber norms. Self-assessment of States’ implementation of the cyber norms framework was considered an international first step. The United Nations Institute for Disarmament Research (UNIDIR) in partnership with Australia, Canada, Mexico and others, launched a new national survey tool to gauge countries’ trajectories in implementation. Since cyber norms are voluntary, the survey serves as a soft mechanism of accountability, a platform which democratises best practices, and a directory of national points-of-contact (PoCs) wherein States can connect and collaborate.

States also raised substantive areas for discussions on new norms or clarifications on existing ones. Netherlands, US, UK and Estonia called for protections safeguarding the public core of the internet, since it comprises the technical backbone infrastructure in cyberspace which facilitates freedom of expression, peaceful assembly and access to online information. “Due diligence”— which requires States to not allow their territory to be used for internationally wrongful acts—was another substantive area of interest.

ICT supply chain integrity and attribution generated substantial interest. Given the close scrutiny on domestic companies, under this theme China recommended new rules and standards on international supply chain security. If analysed through lawfare this proposal perhaps aims to minimise targeted State measures against Chinese ICT suppliers in both telecom and digital markets.

The US pressed for deliberations on “attribution” and specifically public attribution of State-sponsored malicious cyber activities. China cautioned against hasty public attributions since it may cause escalation and inter-State confrontation. China argued that attributions on cyber incidents require complete and sufficient technical evidence. The sole emphasis on technical evidence (which ignores surrounding evidence and factors) could be strategic since it creates a challenging threshold for attribution. As a result it could counter-intuitively end up obfuscating the source of malicious activities in cyberspace.

Discussions on “critical infrastructure” protection also raised important interventions. Singapore stated that critical infrastructure security should protect electoral and democratic integrity. China argued for an international definition of “critical infrastructure” consistent with sovereignty. Over time such representations could further legitimise greater information controls and embed the Sino-Russian conception of information security within global processes.

India focused on supply chain integrity, critical infrastructure protection and greater institutional and policy cooperation. They advocated close cooperation in matters involving criminal and terrorist use of ICTs. There were also brief references to democratisation of cyber capabilities across Member States and the role of cloud computing infrastructure in future inter-State conflicts. This served as a prelude to India’s interventions under international law.

International Law

Familiar geopolitical fragmentations shaped discussions. Russia, China, Cuba, Belarus, Iran, and Syria called for a binding international instrument which regulates State behaviour in cyberspace. Belarus argued that extant international legal norms and the UN Charter lack meaningful applicability to modern cyber threat landscapes. Russia and Syria called for clarity on what areas and issues fall within the sphere of international cybersecurity. Viewed through the lens of lawfare, it appears that such proposals aim to integrate their conceptions of information security within OEWG discussions.

EU, Estonia, Australia and France argued this would undermine prior international processes and the cyber norms framework. The US, UK, Australia, Canada, Brazil, France, Japan, Germany and Korea instead focused on developing a common understanding on international law’s applicability to cyberspace, including the UN Charter. They pushed for dialogue on international humanitarian law, international human rights law, prohibition on the use of force, and the right to self-defence against armed attacks. Similar to previous failed negotiations at the 5th GGE, these issues continue to remain contentious areas. For instance, Cuba argued against the applicability of the right to self-defence since no cybersecurity incident can qualify as an “armed attack”.

Sovereignty, sovereign equality and non-interference in States’ internal affairs were prominent issues. Other substantive areas included attribution (technical, legal and political), critical infrastructure protection and the peaceful settlement of disputes. To enable common understanding and potential consensus on international law, the US, Singapore and Switzerland advocated the OEWG follow a similar approach to the 6th UN GGE. Specifically, they suggested developing a voluntary compendium of national positions on the applicability of international law in cyberspace.

India addressed issues relating to sovereignty, non-intervention in internal affairs, prohibition of the use of force, attribution, and dispute settlement. It discussed the need to assign international responsibility on States for cyber operations emerging from one State and which have extra-territorial effects. They argued for States enjoying the sovereignty to pass domestic laws/policies towards securing their ICT environments. India advocated imposing upon States an obligation to take reasonable steps to stop ICT-based internationally wrongful acts domestically. Finally, it highlighted that international law must adapt to the role of cloud computing hosting data/malicious activities in cross-border settings.

Conclusion | Previewing Part 3

In Part 2 of this series on the second substantive session of the OEWG on ICT Security (2021-25) we have analysed States’ interventions on matters relating to existing and potential threats to information security; the future role of cyber norms for responsible State behaviour in cyberspace; and the applicability of international law within cyberspace. In Part 3 we assess discussions relating to confidence building measures, capacity building and regular institutional dialogue. While this post reveals the geopolitical tensions which influence international cybersecurity discussions, the next post focuses extensively on the international cooperation, trust building, technical and institutional collaboration, and developmental aspects of these processes.

Call for Applications for the Positions (i) Community and Engagement Associates, (i) Community and Engagement Officers, (ii) Strategic Development and Partnerships Associates, and (ii) Strategic Development and Partnerships Officers

The National Law University Delhi (‘University’), through its Centre for Communication Governance (‘CCG’/‘Centre’) is inviting applications for the posts of (i) Community and Engagement Associates and Community and Engagement Officers and (ii) Strategic Development and Partnership Associates and Strategic Development and Partnership Officers, to work at the Centre. 

About the Centre for Communication Governance

The Centre for Communication Governance at National Law University Delhi was established in 2013 to ensure that Indian legal education establishments engage more meaningfully with information technology law and policy, and to contribute to improved governance and policy making. CCG is the only academic research centre dedicated to working on information technology law and policy in India, and in a short span of time has become a leading institution in the sector. 

Through its Technology and Society team, CCG seeks to embed constitutional values and good governance within information technology law and policy and examine the evolution of existing rights frameworks to accommodate new media and emerging technology. It seeks to support the development of the right to freedom of speech, right to dignity and equality, and the right to privacy in the digital age, through rigorous academic research, policy intervention, and capacity building. The team’s ongoing work is on subjects such as —privacy and data governance/protection, regulation of emerging technologies like artificial intelligence, blockchain, 5G and IoT, platform regulation, misinformation, intermediary liability and digital access and inclusion.

This complements the work of the Technology and National Security team at CCG that focuses on issues that arise at the intersection of technology and national security law, including cyber security, information warfare, and the interplay of international legal norms with domestic regulation. The team’s work aims to build a better understanding of national security issues in a manner that identifies legal and policy solutions that balance the legitimate security interests and national security choices with constitutional rights and the rule of law, in the context of technology law and policy. The team undertakes analysis of international law as well as domestic laws and policies that have implications for national security. Our goal is to develop detail-oriented, principled and pragmatic recommendations for policy makers on national security issues faced by India, with an emphasis on cyber security and cyber conflict. 

The work at CCG is designed to build competence and raise the quality of discourse in research and policy around issues concerning constitutional rights and rule of law in the digital age, cybersecurity and global internet governance. The academic research and policy output is intended to catalyse effective research-led policy making and informed public debate around issues in technology, internet governance and information technology law and policy.

Role

CCG is a young, continuously evolving organisation and the members of the Centre are expected to be active participants in building a collaborative, merit-led institution and a lasting community of highly motivated young professionals. If selected, you will contribute to the institution’s growth and development by playing a key role in advancing our community engagement / strategic development and partnerships. You will be part of a dynamic team of young researchers, policy analysts and lawyers. Please note that our interview panel has the discretion to determine which role would be most suitable for each applicant based on their qualifications and experience. 

We are inviting applications for the following roles-

(i) Community and Engagement Associates (2 position)

(ii) Community and Engagement Officers (2 position)

(iii) Strategic Development and Partnership Associates (2 position)

(iv) Strategic Development and Partnership Officers (2 position)

i. Community and Engagement Associates and Community and Engagement Officers

Some of the key roles and responsibilities of the Community & Engagement Associates and Community & Engagement Officers may include:

  • Developing and supporting the team in community and engagement strategy. The candidate will have to work both independently and collaboratively with the team leadership, researchers and various other members of the team.
  • Building engagement with key stakeholders and community members of the Digital Society ecosystem at the domestic and international level.
  • Conceptualising and implementing events, workshops, roundtables, etc. to engage with stakeholders in the ecosystem.
  • Creating relevant content in the form of posters, social media posts, and other allied material for the various events conducted by CCG. 
  • Strategising and creating visual and written content for newsletters, email communications and other modes of engagement.
  • Strategising and creating internal and external communication material including relevant posts, images and posters, and other allied content for social media dissemination, including Twitter, Instagram, LinkedIn, and Facebook.
  • Strategising and creating visual representations, infographics and other graphical representations to make research and analysis available in an accessible manner.
  • Managing social media accounts and maintaining a social media calendar and database of disseminated content. Working with social media on campaigns using tools like hootsuite, oneup, etc., and oversight and management of websites and blogs.
  • Editorial design and layout for reports, presentations, and other written outputs.
  • Aiding in conceptualising, recording and editing audio, podcasts, and/or video material. 
  • Engaging with CCG’s media networks and other key stakeholders.
  • Identifying opportunities for media engagement for the dissemination of CCG’s work.
  • Maintaining records of media and social media coverage and collecting data for analytics and metrics.
  • Strategising, editing, developing, managing and implementing content for the CCG website, CCG Blog, etc. 

This is an indicative list of some of the responsibilities the person will be involved in and is not inclusive of all activities one might be engaged with. We welcome applicants with an interest in any of the areas that CCG broadly works in to apply.

ii. Strategic Development and Partnership Associates and Strategic Development and Partnership Officers

Some of the key roles and responsibilities of the Strategic Development and Partnership Associates and Strategic Development and Partnership Officers may include:

  • Identifying potential funders and partners (domestic and international) to develop CCG’s work and engaging with them.
  • Developing funding opportunities and networks for CCG programs and research.
  • Drafting grant proposals, presentations and applications in coordination with CCG leadership and researchers and spearheading all phases of the grant process (pre-award, award and post-award phase).
  • Ensuring timely funder reporting, project completion reports, and preparation of project narratives.
  • Proactively managing, building and developing new and existing partnerships (domestic and international) portfolios in consultation with senior leadership at CCG.
  • Building engagement with key stakeholders and community members of the Digital Society ecosystem at the domestic and international level across academia, media, civil society, industry, regulatory bodies, other experts, members of parliament, senior government officers, judges, senior lawyers, scholars, and journalists. We are looking for someone who is very constructive and is not only able to help our community get the most out of CCG’s work but is also able to connect people with each other, playing an enabling, generative role that encourages and supports the ecosystem.
  • Identifying opportunities for CCG to present and highlight its programs and research and working towards applying for and implementing these opportunities.
  • Making use of effective programme/project management tools within the team (leadership, research, admin and community and engagement) to ensure strategic development of CCG’s goals.
  • Identifying opportunities for capacity building for the CCG team and organising and implementing relevant activities.
  • Conceptualising and implementing events, workshops, roundtables, etc. to engage with stakeholders in the ecosystem.
  • Strategising, developing, co-ordinating, organising and implementing events, fellowships, moots and courses such as Summer School, Courses (Certificate Course, etc.), Workshops, DIGITAL Fellowship, Oxford Price Media South Asia Rounds, and Capacity Building events.
  • Strategising, editing, developing, managing and implementing content for the CCG website, CCG Blog, etc.
  • Strategising and supporting the development of engagement and outreach modes such as social media, podcasts, newsletters, events, meetings, etc.
  • Developing and supporting the team in a community and engagement strategy. 
  • Engaging with CCG’s media networks and other key stakeholders and identifying opportunities for media engagement for the dissemination of CCG’s work.
  • Maintaining records of media coverage and collecting data for analytics and metrics.
  • Developing and implementing CCG’s DEI initiatives and programs.

This is an indicative list of some of the responsibilities the person will be involved in and is not inclusive of all activities one might be engaged with. We welcome applicants with an interest in any of the areas that CCG broadly works in to apply.

Qualifications for the Roles

  • The Centre welcomes applications from candidates with degrees in design, media and communication, law, public policy, development studies, BBA, journalism, english and social sciences or other relevant/applicable fields.
  • For the Associate role, preference may be given to candidates with an advanced degree in related fields or 2+ years of PQE and previous experience of working on related issues.
  • For the Officer role, preference may be given to candidates with an advanced degree in related fields or 4+ years of PQE and previous experience of working on related issues.
  • Candidates must have a demonstrable capacity for high-quality, independent work.
  • Strong communication, digital and writing/presentation skills are important.
  • Interest and previous experience in information technology law and policy is preferred. 
  • A Master’s degree from a highly regarded programme might count towards work experience.

However, the length of your resume is less important than the other qualities we are looking for. As a young, rapidly-expanding organisation, CCG anticipates that all members of the Centre will have to manage large burdens of substantive as well as institutional work. We are looking for highly motivated candidates with a deep commitment to building policies that support and enable constitutional values and democratic discourse. We are looking for people who see good research and policy designs as a way to build a better and more equitable world. At CCG, we aim high, and we demand a lot from each other in the workplace.

We look for individuals with work-style traits that include the ability to work both collaboratively and independently in a fast-paced environment, while being empathetic towards colleagues. We aim to create high-quality research outputs. It is therefore vital that you be a good team player, as well as be kind and respectful to colleagues. At the same time, you should also be self-motivated, proactive, creative as well as be capable of independently driving your work when required. We like to maintain the highest ethical standards in our work and workplace, and look for people who manage all of this while being as kind and generous as possible to colleagues, collaborators and everyone else within our networks. A sense of humour will be most welcome. Even if you do not necessarily fit the requirements outlined but bring to us the other qualities we look for, we will be glad to hear from you. 

Remuneration and Location

The remuneration will be competitive, and will be commensurate with qualifications and experience. Where the candidate demonstrates exceptional competence in the opinion of the selection panel, there is a possibility for greater remuneration. These are full time positions based out of Delhi. 

Application Process

Interested candidates may fill the application form provided by 05:00 pm IST on June 20, 2022. Please note that applications will only be accepted via the Google Form. In case of any doubts please contact us at ccg@nludelhi.ac.in with the subject line “Application for Community and Engagement/Strategic Development and Partnerships”. We encourage applicants to apply at the earliest.

 A complete application form will require the following: 

  • A signed and completed Application Form, available here.
  • The form requires a Statement of Motivation which applicants have to answer in a maximum of 800 words. The Statement of Motivation should ideally engage with the following aspects: 

(i) Why do you wish to work with CCG? 

(ii) For those applying for the role of Community and Engagement Associate/Officer: What will be your likely contribution to our work? How would you develop CCG’s community and engagement with stakeholders, the ecosystem and use CCG’s work to add value to the public discourse? 

Or

For those applying for the role of Strategic Development and Partnership Associate/Officer: What will be your likely contribution to our work? How would you undertake strategic development of CCG’s work, fundraising for CCG’s research and programs and build partnerships? 

(iii) What past experiences and skills optimally position you to do so? 

(iv) How does working with CCG connect with your plans for the future?

  • A sample or portfolio of your previous work or writing sample, as relevant. If the candidate does not have anything relevant this is an optional step. However, we encourage candidates to submit any relevant samples they may have of their work. If the 100 MB limit for the upload of the sample is insufficient, please upload an illustrative sample on the google form and the candidate can share a more detailed version of their sample at  ccg@nludelhi.ac.in with the subject line “Call for Strategic Communication and Engagement/ Development and Partnership Associates/Officers – Portfolio”.
  • Please combine the CV, sample of your previous work and statement of motivation in a single PDF file labelled as “Your name – CCG”. The PDF should be uploaded on the link provided in the application form. The single PDF file should contain: (1) a Curriculum Vitae (maximum two pages) (2) a sample or portfolio of your previous work or writing sample as relevant, and (3) Statement of Motivation, to be uploaded in the application form.
  • Applicants should note that they cannot save their work on the application form and return to it later, so they may find it advisable to prepare their Statement of Motivation and merge relevant documents into a PDF document beforehand.
  • Names and contact details of two referees who can be contacted for an oral or a short written reference (to be filled in the form).

Since we require applicants to upload their CV and writing sample, accessing the form requires a Google (Gmail) login. For applicants not having a Google (Gmail) account, we encourage them to create an account, following the quick and simple steps here.

Note

  • National Law University Delhi is an equal opportunity employer.
  • National Law University Delhi reserves the right to conduct telephonic or video interviews. National Law University Delhi is unable to cover the costs of travel, accommodation, etc. for any interviews. 
  • National Law University Delhi reserves the right not to fill these positions.
  • Our selection panel has the discretion to determine which profile/role would be most suitable for each applicant based on their experience, domain understanding and qualifications.
  • The roles, responsibilities and activities enumerated here are indicative and may encompass additional duties related to these.
  • The position is a contractual position and shall be paid under the grants received by the Centre for Communication Governance at National Law University Delhi.
  • We will contact only shortlisted candidates.