The draft rules also add new provisions that appear designed to give the government easier access to content from intermediaries. Intermediaries will be required to provide information to authorized government agencies for investigative, protective, cybersecurity or intelligence activity, according to the rules.
Information will have to be provided for the purpose of verification of identity, or for prevention, detection, prosecution and punishment of offenses, on a written request stating clearly the purpose of seeking such information, the rules add.
The IT Act already has specific procedures in this connection for very specific information requirements, but the draft rules have broadened this to a general requirement for intermediaries to provide information, Prakash said. The new rule could in fact be a way of circumventing the earlier laws, he added.
The draft rules assume significance in the context of recent moves by the Indian government to get Research In Motion to provide access to information on BlackBerry services in India. While providing lawful access to its consumer services like BlackBerry Messenger, RIM has declined to provide access to its corporate service, BlackBerry Enterprise Server, claiming that it does not have access to customers’ encryption keys.
The Indian government has previously also said it would demand lawful access from Google’s Gmail and Skype, but has not taken any action so far in this direction.
The draft rules will require compliance from a number of entities who until now had thought they were outside the ambit of compliance, Duggal said.
Google did not immediately respond to e-mailed requests for its comments on the new rules. Microsoft said that the government should set the policy objectives and provide directional framework, and still allow flexibility to intermediaries to set the data protection measures as they deem fit for different situations and services.
“We believe that the intermediary should be obliged to take down non-compliant content on being notified of the same as well as terminate access rights for those who use these platforms for dissemination of non-compliant content,” Microsoft said in an e-mailed statement. Non-compliance include, but is not limited to, copyrights, it added.
Sign up for MIS Asia eNewsletters.