Back Go for the golden mean
Kripa Raman
| How liable is the network service provider for malpractices on his platform? The IT Act 2000 seems to veer to extremes, both in the earlier form, and the proposed amendments now. Experts share their views on this, and related issues. |
The Directives of the European Union on Electronic Commerce could be a guiding point.
From the time of the baazee.com episode to now, the law seems to have swung from one extreme to another. If network service providers were then seen as accountable for almost anything under the sun, under the amendments now proposed to the Information Technology Act 2000 `liability' looks like a hard word to pin down. Experts say a fair path down the middle would be a more realistic approach to the issue.
But first, let's do a flashback.
Remember the arrest of the CEO of baazee.com that shocked the technology business world some years ago?
For someone having put up for sale on that Internet auction site a pornographic video clip, Avinash Bajaj, CEO, baazee.com, was arrested. The Web site did not even carry the video clip, a mere advertisement for it had managed to slip through and appear on that site.
The technology world cried out for a reasonable amendment to the Information Technology Act 2000 that would not hold network service providers (connectivity, Internet service, Web site service providers) liable for all third-party data and information made available by them.
"This is like penalising the managers of the Mumbai-Pune expressway for a robbery that happens on it," said an official from Railtel, the broadband network service of Indian Railways.
According to the Act, network service providers are not liable only if they are able to prove that they had no knowledge of contravention of the law or if they prove that despite exercise of all due-diligence, they could not prevent commission of offence.
"Effectively they are liable for everything under the sun," noted a lawyer who is counsel for technology-related matters.
Network Service providers are presumed guilty till proved innocent - a reversal of the onus of proof applicable in some other criminal cases, noted the lawyer. A murderer is considered innocent till proved guilty, but not a network service provider. "Reasonable due diligence, yes, but how can one prove exercise of all due diligence?" asked the lawyer.
From one end to another
After the baazee episode and following the BPO scandals (which raised issues of data protection) that happened more recently, several amendments have been proposed to the IT Act.
In the matter of NSPs, the proposed amendment is equally not a very happy one either, says Pavan Duggal, advocate, Supreme Court, who is associated with several cyber law-related Web sites, publications and organisations.
In the new dispensation — should the proposed amendments go through — network service providers are not going to be liable at all. They would be liable only if it is proved that the service provider has abetted or conspired in an offence.
"From one end of the spectrum the law is going to another," he says.
Obstacles to e-commerce
According to him, the amendment will create far more obstacles in the growth of e-commerce. As an example, he says, imagine that you buy yourself a book from a person through a Web site. You pay on the Net, you get a torn or dilapidated book, you seek remedy. Where do you go? You will first have to prove that the network service provider (the Web site provider here) has conspired in the offence before you can prevail upon the outfit to reveal the seller's identity so that you may take action against him.
The single avenue to identification of the offender is now blocked. There are a couple of cases now in Indian courts where service providers such as Bharti Infotel and Yahoo have been named as respondents, not because they are suspected of collusion but so that the courts can prevail upon them to reveal the identity of, say, a the sender of defamatory mail who uses their network and Web site.
Now this is not possible unless the complainant first proves conspiracy on the service provider's part.
Impact on outsourcing business
This could also adversely affect the outsourcing business in India. Let us say a foreign company is outsourcing data to India that it suspects is stolen or mutilated.
They have to first prove that the service provider abetted in the offence before making him liable in a case.
"If the Government of India could not prove conspiracy in the Parliament attack case, how is an ordinary company going to be able to?" asks Duggal.
According to lawyers, the amendment should follow a more `mean' approach — it should specify conditions in which network service providers will be considered liable.
Problems of definition
It is not just with the rights and liabilities of network service providers, several other matters have not been addressed properly, say lawyers.
One of the observations in a review of the IT Act done by law firm Amarchand & Mangaldas & Suresh A Shroff & Co for a non-profit organisation, `Internet and Online Association,' says the provisions of the IT Act that deal with regulation of obscene material suffer from a few definitional problems.
`Network Service Provider' is a catch-all phrase it says.According to the study, the Directives of the European Union on Electronic Commerce could be a guiding point for gathering international practices. One Directive, for instance, seeks to provide an exception to liability where a service provider's role is restricted to a technical process of operation and giving access to a communication network over which information made available by third parties is transmitted or temporarily stored, notes the report.
The Directive recognises that the Internet has active and passive players, and provides immunity to passive players from liability. When this approach is taken, you will not have a baazee replay. On the other hand, one can approach NSPs to aid a genuine complainant by helping to identify the offender.
The amendments to the IT Act address, among other matters, data protection and privacy issues, something very important in the context of BPOs.
Lawyers say that India does not have a dedicated law on privacy but a judge-based law based on Article 21 of the Constitution pertaining to the right to life and personal liberty.
But the amended Act does address privacy, but only in the context of the private parts of the human body. Issues relating to other kinds of invasion of privacy would still have to fall back on judge-based law. "Still, a beginning has been made in that it is the first law that addresses privacy," says another lawyer. But, say lawyers, as more and more actual suits are actually filed, the law will only get refined down the years. There may be many a painful bump along the way, that is all.
© Copyright 2000 - 2009 The Hindu Business Line