‘Bois Locker Room’ Incident: Liability of Intermediaries in Online Scandals

‘Bois Locker Room’ Incident: A Background

On 4^th May 2020, a very distressing issue came into limelight, when a group of boys, comprising of school-going teenagers, were found to be circulating ‘sexually explicit’ photographs of the juvenile girls in a virtual group ‘Bois Locker Room’ hosted on a social networking website, Instagram. It was also revealed that the members of this group were discussing and planning sexual assaults on minor girls. After speculating the gravity of the aforementioned scandal, the Delhi Commission for Women (DCW) took suo moto cognizance of the transgression and issued a notice to ‘Instagram’ as well as ‘Delhi Police’ in quest of response on this matter.

According to the press reports, the investigating officials were unhappy with the response tendered by Instagram as they have provided the details of limited accounts indulged in such a tormenting activity, which is insufficient to find the actual culprit behind this matter. Even a Public Interest Litigation (PIL) has been filed in the Delhi High Court on 5^th May 2020, which prayed for the transfer of investigation to the Special Investigation Team (SIT) or Central Bureau Investigation (CBI), along with the apprehension of all the people involved in this online scandal.

An application has also been filed under Section 151 of the Civil Procedure Code, 1908 questioning the liability of intermediaries like Instagram, Facebook, Twitter etc in the controversies like ‘Bois locker Room’. The petitioner further contended that the intermediary ‘Instagram’ didn’t take any stern action against the whole episode even after affirmation of fake accounts used in the said group. The petitioner also asserted that Instagram didn’t remove the content from its online platform as it was luring its eyes only on the profit earned from this whole controversy.

Liability of Intermediaries/ Social Networking Websites in Virtual Contraventions

Social Media Platforms have become an indispensable part of one’s life these days. These platforms have even penetrated to a great extent into the lives of people, irrespective of their age or gender, for sharing information and their day to day life experiences. Nevertheless, it is essential to discern that even though the role of social networking websites is to facilitate the information exchange, they can still be held liable if they don’t fulfil the obligation casted upon them under the following legislations:

Information Technology Act, 2000

In today’s world, Intermediaries are widely acknowledged as indispensable cogs in the wheel of exercising the right to freedom of speech and expression on the Internet and cyberspace. Most jurisdictions of the world have legislated laws for limiting the liability of intermediaries in order to ensure that this cycle does not come to a halt. Intermediaries are those links of the chain which act as a service provider, thus facilitating the conveyance of virtual information to the end-user or user at the receiving end.

The Information Technology Act, 2000 (hereinafter referred to as the ‘IT Act’) is the law governing cyberspace in India. The word ‘Intermediary’ is defined in Section 2(1) of the IT Act, which says “Intermediary, with respect to any particular electronic message, means any person who on behalf of another person receives, stores or transmits that message or provides any service with respect to it”. The liability of the intermediaries is lucidly explained in Section 79 of the IT Act, where certain conditions are provided under which the intermediaries are exempted from its liability.

After the landmark Shreya Singhal case, there was a sea change in the legal scenario for intermediaries such as Instagram, Facebook etc. This ruling of the Apex Court not only established the supremacy of the Fundamental Rights guaranteed under the suprema lex but also provided for an ‘exempted’ status to such ‘Intermediaries’ under certain circumstances. Therefore, social media platforms can be classified under the head of ‘Intermediaries’ under Section 79 of the IT Act.

This provision ensures ‘safe harbour protection’ for intermediaries in situations where it merely acts as a facilitator. The protection is available to them till they are not involved in transmission or modification of data or information shared on its platforms. Now, coming on to the aspect of ambiguity in Section 79 of the IT Act, the authors are of the view that it only provides for the conditions under which the intermediaries could be exempted from liability and lacks the aspect that if intermediaries prove their ignorance and due diligence then who could be held liable for such contraventions, where an offence regarding third party information or provision of data is committed.

Information Technology (Intermediary Guidelines) Rules

The Information Technology (Intermediary Guidelines) Rules, 2011 (hereinafter referred to as the ‘2011 Rules’) affirms a duty of taking appropriate precautionary measures on the intermediaries while discharging its obligations, to prevent digital crimes. It [Rule 3(1)] principally mandates the social media platforms to publish general ‘User policy’ which is required to be digitally signed by the users of the said platforms. These virtual agreements form a part of ‘due diligence’ requirements prescribed for the social media platforms under the 2011 Rules. Apart from this, Rule 3(1) also casts an obligation on the intermediary to explicitly notify the end-users to not publish any content which is forbidden by law on their social websites. The said rules were also ratified by the Apex Court of India in the case of Shreya Singhal, contingent to the same restrictions imposed on Section 79(3) (b) of the IT Act.

However, in the next few years, the provisions of the 2011 Rules created a lot of heat-waves in the digital realm concerning the obligations and liabilities of the intermediaries provided under section 79 of the IT Act. Therefore, the Ministry of Electronics and Information Technology, Government of India drafted the Information Technology [Intermediary Guidelines (Amendment)] Rules, 2018 (hereinafter referred to as the ‘2018 Rules) with the objective to rectify the provisions of the IT Rules.

In the 2018 Rules, the Union Government comprehensively elucidates the duties and liabilities of intermediaries in order to make the social media platforms less prone to misuse by the netizens. The 2018 Rules firstly introduced two new clauses to the Rule 3 of the 2011 Rules; wherein the intermediaries are made duty-bound to inform the end-users to not publish any content affecting the public health and critical information structure.

Furthermore, the proposed 2018 Rules also rectify Rule 4 of the 2011 Rules, which mandated the intermediaries to take expedite actions against the complaints registered by the end-users within 36 hours of receiving such grievance, without vitiating the evidence. The intermediaries are required to preserve such information for a minimum period of investigation or for any such longer periods which the courts or authorized governmental agencies may require.

The same was rendered in the case of Google India Pvt. Ltd. v. Vishakha Industries & Anr. However, the said provision is revoked in its entirety under the proposed 2018 Rules. In addition to it, the 2018 Rules also direct the intermediary to notify the end-users once in thirty days about the obligation to comply with the rules and regulations of the social media platform and if not done, the intermediaries are vested with the right to terminate such access and usage of the user. The latest rule also makes it obligatory to ‘disable access’ within 24 hours to information believed to be in contravention to Article 19(2) of the Constitution of India.

Although, the aforementioned 2018 Rules were drafted to make social networking websites accountable under the law, but the non-enforcement of the same has made it futile. Therefore, considering the upsurge of cyber-crimes in the recent past, it has become obligatory for the government to make stringent laws and explicitly delineate the role of intermediary in it.

Protection of Children from Sexual Offences (POCSO) Act, 2012 

It is pertinent to note that Section 20 of the Protection of Children from Sexual Offences Act, 2012 (hereinafter referred to as the ‘POCSO’) says that there is a duty cast upon such intermediaries to provide the necessary details within their knowledge and to report the commission of any offence of ‘sexually exploitative’ nature committed against a child to the local police or Special Juvenile Police Unit. The act further in Section 21 states that failure to report the commission of such offences would invite a prison term upto 6 months or fine or both. 

An NGO named Prajwala, in 2015 wrote a letter to Supreme Court of India through which it raised concerns about the widespread circulation of videos depicting sexual violence like rape/gang rape/child pornography on various online platforms. Taking suo moto cognizance of the matter, the court impleaded social media platforms such as Google, Facebook, Whatsapp, Yahoo and Microsoft as parties and further directed that a committee must be constituted forthwith to advise the court on the feasibility of ensuring that no such videos are available for circulation. Though the matter is still sub judice yet there was a consensus within the committee that the websites and portals which do not proactively censor content depicting sexual violence against children must be blocked by the law enforcement agencies. 

Pursuant to the same the Union Government launched a portal dealing with cyber-crime where such incidents could be conveyed and also recommended ‘PhotoDNA’ software through which such content could be blocked at the threshold. It consists of proactive monitoring tools for auto-deletion of such content using AI-based tools. The court further recommended the establishment of a government-controlled hash-bank of such content.

On 9th March 2020, with a view to increase the role of intermediaries in active monitoring of such content, the Union Government notified the Protection of Children from Sexual Offences Rules, 2020 (hereinafter referred to as the ‘POCSO Rules’). Rule 11 of the POCSO Rules makes it very clear that an intermediary shall also hand over the necessary material including the source of the same to the local police or Special Juvenile Police Unit or the cyber-crime portal along with the report of the same. The report must enclose the particulars of the device in which such illegitimate content was noticed, the suspected device from which it was received including the online-platform where it was published.

Conclusion

It is a known fact that accounts and groups over social media platforms are like a mythological demon Raktabija where the head of one is severed and many new ones are born out in its place. This also raises an issue of monitoring of such illegal content by various social media platforms, considering the privacy concerns of the users simultaneously. The scope of liability of intermediaries is expected to grow as the activities taking place in the virtual world are on a steep rise. This incident raises some interesting questions as the primary purpose of social media was to connect people separated by miles and help them exchange thoughts, ideas and information with each other and not to post, transmit, or share such kind of content.

The forthcoming ‘Personal Data Protection Bill, 2019’ lays down norms specifically for “social media intermediary” by promising to protect the privacy of personal data of individuals using such platforms. At the same time, the draft legislation in Chapter VIII, Section 35 & 36, in particular, provides certain instances where the central government may exempt any of its agencies from the provisions of the Bill i.e. in the interest of the security of State, public order, sovereignty and integrity of India and friendly relations with foreign states, and for preventing incitement to commission of any cognizable offence (i.e. arrest without warrant) relating to the above matters.

Further, under Section 36 processing of personal data is also exempted from provisions of the Bill for certain other purposes such as prevention, investigation, or prosecution of any offence, or personal, domestic, or for journalistic purposes. However, appropriate riders have been provided that such processing must be for a specific, clear and lawful purpose, with certain essential security safeguards.
It will be noteworthy how the government will strike a balance between the monitoring of content and privacy laws of individuals especially in a land where ‘Right to Privacy’ is a Fundamental and Constitutional Right available to the citizens of the republic.

---

About the Author: 

Vaibhav Suppal [2018-23] is pursuing B.A.LL.B. from Symbiosis Law School, Hyderabad. He has a keen interest in Criminal Law, Cyber Law and Arbitration.

Devansh Malhotra [2018-23] is pursuing B.A.LL.B.(H) from National Law Institute University, Bhopal. He has a keen interest in Criminal Law, Constitutional Law & Cyber Law.