Trying to set boundaries

India is ready to assign and define responsibilities in the internet world. Indian courts and lawmakers want global Internet companies to be more responsible for the content on their websites. The Information Technology Intermediaries Guidelines draft was released in December 2018 and is opposed by most global Internet players. As for the rules on data localisation, the biggest argument against these rules by these players is that it will split the Internet. The Internet has already been split into Chinese, EU and US Internet. It is a vacuous argument to see the Internet as one single entity where rules will be international and not national.

India is trying to control misinformation and fake news by assigning responsibilities to intermediaries. The government has guaranteed the Supreme Court that these rules will be enacted by January 2020. There are still several gaps in the rules that were made by the Ministry of Electronics and Information Technology (MEITY). The definition of market intermediaries is too broad and open. The definition needs to differentiate between the different category of players and responsibility needs to be assigned category wise.

The first category comprises of infrastructure providers — the access providers to the Internet like ISPs and a subset of them in the form of internet cafes. ISPs have two kinds of subscriber information which records who all have bought access from them and IP addresses of the access to a particular website. If the access is over a WiFi then it becomes difficult to trace the IP, though it's not impossible. ISPs can block a website but the website still exists and can be accessed through a VPN. They can't be held responsible for content as they cannot take down specific content. Hence, their responsibility is limited and needs clarification.

The second category is that of the platform providers. These are players who provide different services and are global players. If they are global players, they do not want to change their platform to meet the requirement of any national law. Global tech players view themselves as nation-states and do not want other nations to dictate the law to them. Rather, they are the ones who want to dictate laws that will work for them globally. They do not want to reconfigure their platform around laws for each country as it would break their platform into multiple segments.

It also involves engineering costs on top of changes to local laws leading to complications with US and EU privacy and data norms. This is their defence against hate content.

This stance is clear from their submission to the Delhi high court as reported by Medianama. Facebook said that it is an intermediary and has no role in starting transmission, selecting the receiver of any of the transmissions and selecting or modifying the information in the transmissions. Facebook also said it didn't have any obligations to proactively monitor content on its platform.

"Facebook also argued that the request for global blocking would result in a conflict of laws situation, as a global injunction might not be in accordance with laws in other jurisdictions and jeopardise Facebook's status as an intermediary in other jurisdictions", Medianama reports. The Delhi HC judge had said that the company has to globally disable access to content if the court directs such content to remove it. The reason the court wants global removal as just geo-blocking does not work and they can still access the content through a VPN and other means.

Twitter has stated that a global blocking order would run contrary to the 'principles of state sovereignty in international law and the principle of international comity'. It said that the laws relating to free speech and defamation are not co-extensive and differ from country to country.

"Any order for a global takedown or global blocking would interfere with the rights of the people over whom the Court has no jurisdiction." Deriving the argument on principles of state sovereignty basically assumes Twitter sees itself as a nation-state. And, an order by Delhi HC does not really have jurisdiction over its functioning.

Chinese Internet

Global tech companies do not want to bend every national law. They want to negotiate for a single global standard typically emerging from their home country. This is despite the fact that almost every tech company has made changes to its platform to meet China's state requirements and not just the laws. Chinese government censorship rules apply to all internet intermediaries including search engine and were the reason Google exited China in 2010.

China does not allow internet companies to access its market if they do not follow its mandate. Messaging platforms like WhatsApp which come with their own encryption are not allowed in China. China has split the internet and censored it for Chinese users resulting in most large US-based internet giants not being present on the Chinese internet. EU interprets privacy more strictly than the US and global tech companies have to play a balancing act.

While India's user base for such global tech platforms is large, their contribution to the tech platform revenue is minuscule as compared to the EU or US. This means that India adds more to their valuation from user growth but does not really matter from a revenue perspective. Take Google India's revenue of 4,147 crores rupees from India in the financial year ending on March of 2019 as compared to its global revenues of 136.2 billion dollars for the fiscal year 2018-19 ending on December of 2018 which can basically be seen as a rounding error.

Therefore, India can chortle all it wants about its importance in the Googleplex. The reality is that Google will not spend engineering dollars to reconfigure its global products to meet Indian legal requirements. The same goes for every global tech company.

If revenue from India was as big as the user base, then these companies would invest to engineer their product specifically for the Indian market. It is easier and cheaper to fight regulations in India than to re-engineer the product.

US Internet v/s EU Internet

Meanwhile, the passage of the CLOUD Act in the US means that all US-based cloud companies – Google, Amazon, Facebook and Microsoft – have to reveal data to US courts irrespective of where it is stored. This allows the US government and countries which have signed a bilateral agreement with it to reach into data centres anywhere in the world. This has already split the Internet into a US version where privacy of data is no longer applicable. Whereas, the European Union, with its strict privacy laws under GDPR, is struggling now to address the new version of the US Internet.

Europe's premier data agency, the European data protection board (EPDB), says that "the US CLOUD Act procedure for service providers to file a motion to quash or modify a US CLOUD Act warrant is limited and subject to several conditions". Service providers may not oppose the order on the ground of common law comity. What EDPB means is that US companies have a very little defence to protect their data stored anywhere in the world to requests made by US and countries that have signed a mutual agreement. It gives the US government extraterritorial reach into data across the world.

EPDB's also says that the US CLOUD Act opens the possibility for service providers to intercept or disclose the contents of a wire or electronic communication in response to an order from a foreign government including a real-time interception. This has repercussions on end-to-end encryption of WhatsApp if it is using Facebook's data centres to store its information.

Technically this opens up the possibility for, say, the UK government to look at the encrypted conversation on WhatsApp between Indian citizens. If tomorrow, Pakistan signs an executive agreement with the US, it will get the same access while they will deny India and Indian courts this access. UK has already signed an agreement with the US for access under the CLOUD Act.

Hypothetically, if all countries were to sign an executive agreement with the US, then the end-to-end encryption will be open to state surveillance. The opposition by these companies to India's endeavours to tackle fake news and hate content will be tested both in court and Parliament in the coming months. The CLOUD Act shows that the US has clearly broken the rules of fair play as would apply to the Internet. China has already barricaded access to the Internet. India will now set the boundaries as the largest internet market for the world.

K Yatish Rajawat is a journalist and policy analyst. Views expressed are strictly personal