E2E Networks response to draft rules for Intermediary Guidelines

With respect to the Information Technology (Due diligence observed by intermediaries guidelines) Rules, 2011

As per section 2(f) of the proposed rules, an intermediary is defined under clause (w) of sub-section (1) of section 2 of the IT Act, as amended by the IT (Amendment) Act 2008, which specifically includes “web hosting providers”.

Hosting providers do not (and cannot feasibly and comprehensively) monitor, decode, parse, translate and evaluate all data stored on or passing through their facilities (hardware, software and network-based) that they lease on temporary bases to their customers (hereinafter called infrastructure). In addition, hosting providers commonly deal with hundreds or even thousands of gigabytes of data every month. To put this in context, a gigabyte of data can easily contain about 10 years worth of emails (including emails containing pictures, music and videos) of a typical Internet user. It is in this context that point-by-point objections from the point of view of hosting providers with respect to the above-mentioned subclauses of Section 3(2) of the proposed Rules are appended below:

Section 3(3) read with Section 3(2) mandates that intermediaries such as hosting companies SHALL NOT host any information enumerated in Section 3(2), i.e., any information that:

(a) belongs to another person;
(b) is harmful, threatening, abusive, harassing, blasphemous,
objectionable, defamatory, vulgar, obscene, pornographic,
paedophilic, libellous, invasive of another’s privacy, hateful, or
racially, ethnically or otherwise objectionable, disparaging, relating or
encouraging money laundering or gambling, or otherwise unlawful in
any manner whatever;
(c) harm minors in any way;
(d) infringes any patent, trademark, copyright or other proprietary rights;
(e) violates any law for the time being in force;
(f) discloses sensitive personal information of other person or to which the
user does not have any right to;
(g) causes annoyance or inconvenience or deceives or misleads the
addressee about the origin of such messages or communicates any
information which is grossly offensive or menacing in nature;
(h) impersonate another person;
(i) contains software viruses or any other computer code, files or
programs designed to interrupt, destroy or limit the functionality of any
computer resource
(j) threatens the unity, integrity, defence, security or sovereignty of India,
friendly relations with foreign states, or or public order or causes
incitement to the commission of any cognisable offence or prevents
investigation of any offence or is insulting any other nation.

The objections to each sub-sub-clause are respectively:

(a) – Hosting providers are not competent or equipped to legally ascertain rightful title and ownership of every piece of information that is hosted or transmitted, especially when the information that is transmitted through or stored on their IT infrastructure.

(b) – Hosting providers are not legally competent to ascertain whether information stored on or transmitted through their infrastructure is defamatory, vulgar, obscene, pornographic, libellous or contravenes any other law. Further, they are charged with ensuring that information stored on or transmitted through their infrastructure is not harmful, threatening, abusive, harassing, blasphemous, paedophilic, invasive of another’s privacy, hateful, or racially, ethnically or otherwise objectionable. These terms are vague and undefined and hosting providers are not competent to decide on them, even if they were able to monitor, decode, parse, translate and evaluate all data stored on or passing through their infrastructure. Further, hosting providers cannot determine if information stored on or passing through their infrastructure is “objectionable” or “encourages money laundering or gambling”

(c) – Hosting providers are not competent to determine and ensure that information stored on or passing through their infrastructure can “harm minors in any way”.

(d) – It is not possible for hosting providers to ensure that information stored on or passing through their infrastructure does not legally infringe any patent, trademark, copyright or other proprietary right;

(e) – Hosting providers are not competent to ensure that information stored on or passing through their infrastructure does not violate any other law in force.

(f) – Hosting providers cannot ensure that sensitive personal information (which implies information that is not freely available) of third parties is not revealed, transmitted, published or stored by clients using the hosting provider’s infrastructure.

(g) – It is impossible for hosting providers to determine if any information stored on or passing through their infrastructure is capable of causing annoyance or inconvenience or deceives or misleads the addressee about the origin of such messages or communicates any information which is grossly offensive or menacing in nature. Further, the terms “grossly offensive”, annoying, inconveniencing are over-wide, vague and ambiguous.

(h) – It is impossible for hosting providers to determine if any information stored on or passing through their infrastructure is actually furthers the impersonation of some person other than the actual sender.

(i) – As viruses or other computer contaminants are commonly encrypted and their existence obfuscated or otherwise hidden in non-contaminant data, it is impossible for hosting providers to ensure that information stored on or passing through their infrastructure is free of computer contaminants including viruses.

(j) – Hosting providers are not competent to ensure that information stored on or passing through their infrastructure does not threaten the unity, integrity, defense, security or sovereignty of India, friendly relations with foreign states, or or public order or causes incitement to the commission of any cognizable offense or prevents investigation of any offence or is insulting any other nation. It is further submitted that certain strictures in this sub-sub-section, particularly, the stricture against “insulting to any other nation” are so broad as to violate the Constitutional right of freedom of speech. Under this provision, the hosting provider would be culpable for hosting a patriotic website that discussed the conduct of Pakistan or any other nation that harbored terrorists who attacked India.