The Information technology Act 2000 was enacted to provide legal recognition for electronic documents. Since this meant several provisions of the "Digital Signatures" being part of the Act, many commented that the true nature of the Act would be better described if it had been called  the "Digital Signature Act". 

In similar vein, it appears that the present version of the Act recommended by the "Expert Committee" is more appropriately described as the "Intermediary Protection Act" since this appears to the end objective of the amendments.

What may be specially noted is that the amendments try to provide a near "Immunity" to intermediaries from all responsibilities cast on them during their normal business. In this respect, the IT industry in general which includes say the software development companies do not seem to have been given the same protection as the Intermediaries such as the ISPs and e-Auction centers. Luckily for the Cyber Cafes, they get tagged along with the ISPs and enjoy all the privileges of immunity.

This has been achieved through changes made in Sections 79, 67, 80, and 85.

Let us analyze why such a conclusion is indicated.

LIMITATION ON THE LIABILITY OF INTERMEDIARY NETWORK SERVICE PROVIDERS NOT BE LIABLE IN CERTAIN CASES.

79.     For the removal of doubts, it is hereby declared that no person providing any service as a network service provider shall be liable under this Act, rules or regulations made thereunder for any third party information or data made available by him if he proves that the offence or contravention was committed without his knowledge or that he had exercised all due diligence to prevent the commission of such offence or contravention.

Explanation:- For the purposes of this section, -

 (a)             “network service provider” means an intermediary;

(b)             “third party information” means any information dealt with by a network service provider in his capacity as an intermediary;

79. Exemption from liability of intermediary in certain cases

1.      An “Intermediary” shall not be liable under any law for the time being in force, for any third party information, data, or link made available by him, except when the intermediary has conspired or abetted in the commission of the unlawful act. 

2.      The provisions of sub-section (1) shall apply in circumstances including but not limited to where:

 a.      Intermediary’s function is limited to giving access to a communication network over which information made available by third parties is transmitted or temporarily stored; or The intermediary:

(i) does not initiate the transmission,

(ii) does not select the receiver of the transmission, and

(iii) does not select or modify the information contained in the transmission.

 3. The provisions of sub-section (1) shall not apply if, upon receiving actual knowledge of, or being notified by the Central Government or its agency that any information, data or link residing on a computer resource controlled by the intermediary is being used to commit the unlawful act, the intermediary fails expeditiously to remove or disable access to that material on that resource.

 Explanation: For the purpose of this section:-

a.      Term ‘Intermediary’ has been defined in Chapter I, Section 2(w).

b.‘Intermediary’ shall include, but not limited to, telecom service providers, network service providers, Internet service providers, web-hosting service providers, search engines  including on-line auction sites, online-market places, and Cyber Cafes.

 c.      ‘Third Party Information’ means any information dealt with by an intermediary in his capacity as an intermediary. 

It is stated that this change has been made as per the EU directives on E-Commerce.  This notification meant for EU members is dated 8th June 2000 where as the ITA-2000 got the President's assent on 9th June 2000.  While many other provisions of the guidelines which ought to be thought of as a separate legislation have not come to the notice of the regulators, the fact that only the provision regarding "Protection of Intermediaries" has been picked up by the committee for implementation is  to be noted. Secondly the EU guidelines perhaps meant to protect only the ISPs and not e-auction centers.

The suggested provisions go beyond the scope of ITA-2000 since it exempts the intermediary from liabilities under any law in force unless conspiracy and abetment is proved. This provides them immunity from not only ITA offences, but also offences under IPC or other statutes. Even in cases of drug peddling and terrorism, it is doubtful if the intermediary can be held liable.

The definition of "Intermediary" is wide enough and includes  telecom service providers, network service providers, Internet service providers, web-hosting service providers, search engines  including on-line auction sites, online-market places, and Cyber Cafes.

The list does not extend to IT Companies though they may be operating under a network unless they re-define their work as that of an "Intermediary".

Even the provisions of Section 67 (Excepting the Child Pornography aspect) do not apply to Intermediaries.

Again under Section 72, a special immunity has been provided to the "intermediaries" against being held liable for any disclosure of information collected from subscribers of their services without consent unless there is an "intent to cause injury to him".

The relevant provision is reproduced here.

72 (2) Save as otherwise provided under this Act, if any intermediary who by virtue of any subscriber availing his services has secured access to any material or other information relating to such subscriber, discloses such information or material to any other person, without the consent of such subscriber and with intent to cause injury to him, such intermediary shall be liable to pay damages by way of compensation not exceeding Rs. 25 lakhs to the subscriber so affected

It is left to the imagination of the public how difficult it would be to prove that there was an intention to cause injury to the subscriber of the service when the confidential information was disclosed. A practical example of such an incident is the event recently reported from USA where 40 million credit card numbers were stolen from a service provider. Imagine that a similar disclosure happens in India from a website where people are availing some service. Unless the victim proves that the web site owner had the intention to injure him, there would perhaps be no liability.

The protection available to intermediaries as suggested by the Expert committee apply to  websites such as Indiatimes.com which runs pornographic sub sites under "clubs" or sites such as "Dalitstan.org" which carry anti India content.

In an attempt to protect the intermediaries even the national interest has been put on the side lines. It is therefore appropriate to call the amended law as "Intermediary Protection Act" rather than "Information Technology Act".

Naavi

September 4, 2005