---
abstract: |
  The only way to fix India's IT laws is to change the way they are made
archive-url: "https://web.archive.org/web/20230909085225/https://indianexpress.com/article/opinion/columns/practise-what-you-preach-2/"
author:
- Pranesh Prakash
authors:
- Pranesh Prakash
categories:
- Internet governance
- Freedom of expression
citation:
  abstract: The only way to fix India's IT laws is to change the way
    they are made
  accessed: 2019-01-12
  archive: "https://web.archive.org/web/20230909085225/https://indianexpress.com/article/opinion/columns/practise-what-you-preach-2/"
  author: Pranesh Prakash
  available-date:
    date-parts:
    - - 2012
      - 4
      - 26
    iso-8601: 2012-04-26
    literal: 2012-04-26
    raw: 2012-04-26
  citation-key: prakashPractiseWhat2012
  container-title: Indian Express
  issued:
    date-parts:
    - - 2012
      - 4
      - 26
    iso-8601: 2012-04-26
    literal: 2012-04-26
    raw: 2012-04-26
  language: en_IN
  title: Practise what you preach
  type: article-newspaper
  URL: "https://indianexpress.com/article/opinion/columns/practise-what-you-preach-2/"
comments:
  hypothesis:
    theme: clean
date: 2012-04-26
engines:
- path: /opt/quarto/share/extension-subtrees/julia-engine/\_extensions/julia-engine/julia-engine.js
keywords:
- Internet governance
- regulation
- India
- law
- multistakeholderism
license:
  text: CC BY-NC 4.0
  type: creative-commons
  url: "https://creativecommons.org/licenses/by-nc/4.0/"
listing-page: ../press.html
original-url: "https://indianexpress.com/article/opinion/columns/practise-what-you-preach-2/"
publication: Indian Express
title: Practise what you preach
title-block-categories: true
toc-title: Table of contents
---

# Practise what you preach

------------------------------------------------------------------------

Laws in India relating to the Internet are greatly flawed. The only way
to fix them would be to fix the way they are made. The Cyber-Laws and
E-Security Group in the Department of Electronics and Information
Technology (DEIT, 'DeitY' according to their website) has proved
incapable of making balanced,informed laws and policies. The Information
Technology (IT) Act is filled with provisions that neither lawyers nor
technologists understand.

The rules drafted under Section 43A of the IT Act (on "reasonable
security practices") were so badly formulated that the government was
forced to issue a "clarification" through a press release,even though
the "clarification" was in reality an amendment and amendments cannot be
carried out through press releases. Despite the clarification,it is
unclear to IT lawyers whether the rules are mandatory or not,since
Section 43A (the parent provision) seems to suggest that it is
sufficient if the parties enter into an agreement specifying reasonable
security practices and procedures. Similarly,the IT (Intermediary
Guidelines) Rules (better referred to as the Internet Censorship Rules)
drafted under Section 79 of the act have been called "arbitrary and
unconstitutional" by many,including the member of parliament,P.
Rajeev,who has introduced a motion in the Rajya Sabha to repeal the
rules. These rules give the power of censorship to every citizen and
allow him to remove any kind of material from the internet within 36
hours without anybody finding out. Last year,we at the Centre for
Internet and Society used this law to get thousands of innocuous links
removed from four major search engines without any public notice. In no
case (including one where an online news website removed more material
than the perfectly legal material we had complained about) was the
content-owner notified about our complaint,much less given a chance to
defend herself.

Laws framed by the Cyber-Laws Group are so poorly drafted that they are
often misused. There are too many criminal provisions in the IT
Act,carrying much graver penalties than those for comparable crimes
under the Indian Penal Code. Section 66A of the IT Act,which
criminalises "causing annoyance or inconvenience" electronically,has a
penalty of three years (greater than that for causing death by
negligence),and does not require a warrant for arrest. This section has
been used in the Mamata Banerjee cartoon case,and against former
Karnataka Lokayukta Santosh Hegde. Section 66A imperils freedom of
speech more than is allowable under Article 19(2) of the Constitution.

While Section 5 of the Indian Telegraph Act allows telephone tapping
only if there is a public emergency,or in the interests of the public
safety,the IT Act does not have any such condition,and greatly broadens
the state's interception abilities. Section 69 of the IT Act allows the
government to force a person to decrypt information,and might clash with
Article 20(3) of the Constitution,which provides a right against
self-incrimination. No publicly available governmental document suggests
that the constitutionality of provisions such as Section 66A or Section
69 was examined.

Omissions by the Cyber-Laws Group are also numerous. The Indian Computer
Emergency Response Team (CERT-In) has been granted very broad functions
under the IT Act,but without any clarity on the extent of its powers.
Some have been concerned that the powers granted to CERT-In to "give
directions" on "emergency measures for handling cyber security
incidents" includes the power of an "Internet kill switch",which Egypt
exercised in January 2011. Yet,no rules have been framed for the
functioning of CERT-In. The licences that the department of
telecommunications gives the internet service providers requires them to
restrict usage of encryption by individuals,groups or organisations to a
key length of 40 bits in symmetric key algorithms (i.e.,weak
encryption). The Reserve Bank of India mandates a minimum of 128-bit SSL
encryption for all bank transactions. Rules framed by the DEIT under
Section 84A of the IT Act were to resolve this conflict,but they haven't
yet been framed.

All of this paints a very sorry picture. Section 88 of the IT Act
requires the government,"soon after the commencement of the Act",to form
a "Cyber Regulations Advisory Committee" consisting of "the interests
principally affected or having special knowledge of the subject-matter"
to advise the government on the framing of rules,or for any other
purpose connected with the IT Act. This body still has not been
formed,although it has been more than two years since the IT Act came
into force. Justice Markandey Katju's recent letter to Ambika Soni about
social media and defamation should ideally have been addressed to this
body.

The only way out of this quagmire is to practise at home that which we
preach abroad: multi-stakeholderism. This refers to the need to
recognise that there are multiple stakeholders ---
government,industry,academia,and civil society --- when it comes to
internet governance,and not just the governments of the world. This idea
has gained prominence since it was placed at the core of the
"Declaration of Principles" from the first World Summit on Information
Society in Geneva in 2003,and has been at the heart of India's
pronouncements at platforms like the Internet Governance Forum. The
DEIT's Internet Governance Division,which formulates India's
international stance on internet governance,has long recognised that
such governance must happen in an open and collaborative manner. It is
time the DEIT's Cyber-Law Group,which formulates our national stance on
internet governance,realises the same.

*The writer is at the Centre for Internet and Society,Bangalore*