A plea filed last year to link Aadhaar with email has effectively culminated in the Madras High Court coordinating efforts by law enforcement agencies and major social media intermediary companies to find more effective ways to curb online crime..Social media giants WhatsApp, Twitter, Facebook, Google and YouTube were impleaded in the case last year. Further, during a hearing held on Thursday, the High Court allowed NGO, Internet Freedom Foundation (IFF) to implead itself in the case..The social media companies also sought time to reply to a common report filed by the State authorities in Tamil Nadu. The Bench, in turn, directed that their replies be filed by July 17..Highlights of the Common Report filed by the State Government.Bar & Bench accessed the Government report – filed on behalf of the State of Tamil Nadu, the Tamil Nadu Information Technology Department and the State Police – which has details on how far such intermediaries have cooperated when it comes to requests made by Law Enforcement Agencies (LEA) to aid investigation in cyber crime..The State Government has cited a case from Salem (2016) to highlight why social media intermediaries should be made to respond expeditiously when requests for information are made by LEA..In this case, a morphed image of a girl was uploaded on to a fake Facebook profile. The Salem police had asked Facebook for IP logs and other information of the fake Facebook account. However, this information was not provided by Facebook for 4 days. In the meanwhile, the girl committed suicide. It was only a day after her death that Facebook provided the information, which led the the police to trace the crime to a local person..The report was filed on the High Court’s direction issued in the earlier hearing held on June 6. Notable takeaways from the report are summarised below..On how Social Media Intermediaries respond to requests for information by LEA.The report informs that social media intermediaries may aid in the investigation of online crimes, on a request being made by the LEA, in the following ways i.e..providing account information, IP logs etc. of the suspected offenderproviding information/content posted or transmitted by an account holder suspected of having committed an offence so that the same may be used as evidenceremoving/deleting objectionable content from online platforms..As for how far the social media companies have cooperated when requests for such aid are made, the common report states,.“The content requests made by LEAs are always denied by SMIs [Social Media Intermediaries]….…. only a portion of requests with regard to access IP logs and account information are accepted and furnished. Facebook provided information sought for in 52% of cases. Twitter in 58% of cases, WhatsApp in 15% of cases, Google in 77% of cases and YouTube in 4% of cases have furnished information sought for, while remaining case information sought for was not furnished..Requests from LEA to remove content were also complied with only partially. Facebook removed content in 62% of requests, Twitter in 53% of cases and YouTube in 52% of cases have removed content, while in remaining cases they did not remove the content.“.The tables below detail the rate of response by the impleaded social media companies to requests for information by LEA, as per the government report. .Table 1.Table 2.Source: Affidavit filed by Government of Tamil Nadu in the Madras High Court.Reasons cited for not furnishing information sought for by LEA.The report goes on to outline two broad reasons cited by social media companies when the information sought for by the LEA is not provided, i.e..The social media companies finds that there is no violation of the “Terms of Use”Under the applicable law and terms of service, a Mutual Legal Assistance Treaty (MLAT) or Letter Rogatory (LR) is required..In response, the State has argued that such reasons should not stand in the way of requests made by LEAs when it comes to the investigation of cybercrime, when the offensive transaction occurs within India’s territorial limits. As stated in the report,.“Just because the SMIs are storing the captured data outside the country, does not mean that the LEA should follow LR/MLAT process to seek such information. Hence SMIs may be directed to provide information sought for by LEA u/s 91 CrPC without asking to come through LR/MLAT process. .…when an activity of an individual is in violation of Indian law and a criminal case is registered by LEA, the SMIs cannot sit in judgment as to whether such activity is in violation of their Terms of Use or not, The Officer investigating the case seeks information pertaining to the activity which is part of a crime to prove evidence before a Court of Law which cannot be denied by the SMIs.“.The case for fixing more responsibility on social media companies.The State government ultimately calls on the Madras High Court to fix more responsibility on social media companies when it comes to monitoring content and cooperating in the investigation of online crimes..“A completely anonymous world where anybody can post any content with an assurance that there is no way to trace them will lead to chaos in the society,“ argues the Government..This particular submission was made in view of WhatsApp’s continued assertion that it cannot track down the original sender of a WhatsApp message given its end-to-end encryption policy. The State has argued for WhatsApp to find a technical solution. The report states,.“… without the technical solution from WhatsApp, it is not feasible to detect and find such culprits [of online crimes]. Hence, in the interest of public order, WhatsApp may be directed to build a mechanism to trace the original source from where an objectionable post/image is first uploaded.“.It goes on to argue that such a mechanism can be developed without breaking WhatsApp’s end-to-end encryption policy..“…. the LEA only requests for the source of the objectionable post and are not demanding the breaking of end to end encryption. WhatsApp is confusing between the privacy concerns and anonymity. Technical solution could be built to trace the originator without breaking end-trend encryption. There should be accountability for the information circulated by a user on the platform.”.On how social media companies can be made more responsible in curbing online crime.The report concludes by putting forth the following suggestions to aid in the monitoring and regulation of online crime..Tracking the original sender of a WhatsApp message.In line with a suggestion made by IIT professor Dr V Kamakoti during the joint meeting held between LEAs and social media companies this month, the State has recommended that “WhatsApp should consider including the phone number of the originator of a message within the message whenever a message is being forwarded.” .The report goes on to argue that this measure, “will not only help LEAs, but give an option to users to verify the authenticity of information before forwarding/sharing.”.Effectively removing offensive online content.The report points out that when offensive content is red-flagged, it is not enough that the immediate URL of the content alone be removed. The content would still resurface in multiple other URLs, states the report. Therefore, it has suggested,.“SMIs may be directed to divide technical mechanisms/tools to identify the unlawful content across the platform and remove it altogether instead of removing only in a specified URL.“.Provide Port Number along with IP address.The report has raised concern that,.“Although IP address is provided, due to network address translation in which singly IP address is allocated to multiple users by the ISPs, it is difficult to trace the exact user to whom the IP address is allocated.”.The possible work around, as per the report, would be for the social media intermediary to provide the “port number along with IP address when access logs are provided, to enable LEAs to trace the users who accessed at a particular point of time.”.Other recommendations.Social media intermediaries must be directed to appoint an India-based Nodal Officer to provide information sought within a 72 hour deadlineSocial media intermediaries and LEAs should mutually arrive at cultural and community standards of the country, by continuous sensitisation programmesSocial media intermediaries should attend periodical meetings conducted by LEAs to strengthen mutual cooperationSocial media intermediaries should be directed to provide information when notice is sent under Section 91 CrPC without asking for MLAT/Letter Rogatory or citing reasons that there was “no violation of Terms of Use” found. All social media intermediaries should be directed to furnish certificate under Section 65B of Indian Evidence Act, like Google presently does. Social media intermediaries should remove objectionable content within a 24 hour time frame on request by LEAsWhatsApp should be directed to provide last seen IP address in full 4 Octets along with Port number. The report has highlighted that when WhatsApp provides basic subscriber information, the last seen IP is provided in only 3 octets. The 4th octet is anonymised. This will not help in tracing the user, submits the State. The State has argued that it would be helpful if WhatsApp stores full IP address of last access by the user and provides the same on request by LEAs..The case has now been posted for hearing on July 24..On linking Aadhaar with E-mail/Social Media.The IFF, through its director Apar Gupta, had argued for allowing it to assist the Court in the matter in view of the substantial issues of public importance being raised. As stated in its impleadment petition,.“These issues require expertise in areas of technology, policy, law and regulation which range from surveillance, intermediary liability, privacy and the freedom of speech and expression of individuals. It is further stated that the outcome of the present writ petition will affect not only the current safeguards provided by law to intermediaries and liberties provided to individual expression, but is also likely to set precedent to the much needed surveillance reform in India.”.As for the original plea raised by two PILs in the case to link Aadhaar with e-mail, IFF has submitted,.“… less restrictive alternatives such as alternative measures of verification, controls placed by platforms, and restrictions on accessing certain types of features and content should be explored before requiring the authentication measure that is likely to cause more harm than good.”.It may be noted, however, that the Bench of Justices S Manikumar and Subramonium Prasad had orally observed last year that it was not inclined to allow the prayer for linking Aadhaar with online accounts..During Thursday’s hearing, the Bench made a similar observation that Aadhaar, being a government record, cannot be linked with e-mail or social media accounts. .Arguments for WhatsApp were made by Senior Advocate NL Rajah during Thursday’s hearing. Earlier, arguments for WhatsApp were also made by Senior Advocates Arvind Datar and Kapil Sibal..Senior Advocate Sajan Poovayya appeared for Twitter. Senior Advocate R Murari has also appeared for Twitter earlier. Senior Advocate PS Raman appeared for Google and YouTube..Facebook is being represented by Senior Advocate Satish Parasaran. Arguments for the IFF were made by Advocate Suhrith Parthasarathy..Submissions for the state were made by Additional Government Pleader, E Manoharan on Thursday..Bar & Bench is available on WhatsApp. For real-time updates on stories, Click here to subscribe to our WhatsApp.
A plea filed last year to link Aadhaar with email has effectively culminated in the Madras High Court coordinating efforts by law enforcement agencies and major social media intermediary companies to find more effective ways to curb online crime..Social media giants WhatsApp, Twitter, Facebook, Google and YouTube were impleaded in the case last year. Further, during a hearing held on Thursday, the High Court allowed NGO, Internet Freedom Foundation (IFF) to implead itself in the case..The social media companies also sought time to reply to a common report filed by the State authorities in Tamil Nadu. The Bench, in turn, directed that their replies be filed by July 17..Highlights of the Common Report filed by the State Government.Bar & Bench accessed the Government report – filed on behalf of the State of Tamil Nadu, the Tamil Nadu Information Technology Department and the State Police – which has details on how far such intermediaries have cooperated when it comes to requests made by Law Enforcement Agencies (LEA) to aid investigation in cyber crime..The State Government has cited a case from Salem (2016) to highlight why social media intermediaries should be made to respond expeditiously when requests for information are made by LEA..In this case, a morphed image of a girl was uploaded on to a fake Facebook profile. The Salem police had asked Facebook for IP logs and other information of the fake Facebook account. However, this information was not provided by Facebook for 4 days. In the meanwhile, the girl committed suicide. It was only a day after her death that Facebook provided the information, which led the the police to trace the crime to a local person..The report was filed on the High Court’s direction issued in the earlier hearing held on June 6. Notable takeaways from the report are summarised below..On how Social Media Intermediaries respond to requests for information by LEA.The report informs that social media intermediaries may aid in the investigation of online crimes, on a request being made by the LEA, in the following ways i.e..providing account information, IP logs etc. of the suspected offenderproviding information/content posted or transmitted by an account holder suspected of having committed an offence so that the same may be used as evidenceremoving/deleting objectionable content from online platforms..As for how far the social media companies have cooperated when requests for such aid are made, the common report states,.“The content requests made by LEAs are always denied by SMIs [Social Media Intermediaries]….…. only a portion of requests with regard to access IP logs and account information are accepted and furnished. Facebook provided information sought for in 52% of cases. Twitter in 58% of cases, WhatsApp in 15% of cases, Google in 77% of cases and YouTube in 4% of cases have furnished information sought for, while remaining case information sought for was not furnished..Requests from LEA to remove content were also complied with only partially. Facebook removed content in 62% of requests, Twitter in 53% of cases and YouTube in 52% of cases have removed content, while in remaining cases they did not remove the content.“.The tables below detail the rate of response by the impleaded social media companies to requests for information by LEA, as per the government report. .Table 1.Table 2.Source: Affidavit filed by Government of Tamil Nadu in the Madras High Court.Reasons cited for not furnishing information sought for by LEA.The report goes on to outline two broad reasons cited by social media companies when the information sought for by the LEA is not provided, i.e..The social media companies finds that there is no violation of the “Terms of Use”Under the applicable law and terms of service, a Mutual Legal Assistance Treaty (MLAT) or Letter Rogatory (LR) is required..In response, the State has argued that such reasons should not stand in the way of requests made by LEAs when it comes to the investigation of cybercrime, when the offensive transaction occurs within India’s territorial limits. As stated in the report,.“Just because the SMIs are storing the captured data outside the country, does not mean that the LEA should follow LR/MLAT process to seek such information. Hence SMIs may be directed to provide information sought for by LEA u/s 91 CrPC without asking to come through LR/MLAT process. .…when an activity of an individual is in violation of Indian law and a criminal case is registered by LEA, the SMIs cannot sit in judgment as to whether such activity is in violation of their Terms of Use or not, The Officer investigating the case seeks information pertaining to the activity which is part of a crime to prove evidence before a Court of Law which cannot be denied by the SMIs.“.The case for fixing more responsibility on social media companies.The State government ultimately calls on the Madras High Court to fix more responsibility on social media companies when it comes to monitoring content and cooperating in the investigation of online crimes..“A completely anonymous world where anybody can post any content with an assurance that there is no way to trace them will lead to chaos in the society,“ argues the Government..This particular submission was made in view of WhatsApp’s continued assertion that it cannot track down the original sender of a WhatsApp message given its end-to-end encryption policy. The State has argued for WhatsApp to find a technical solution. The report states,.“… without the technical solution from WhatsApp, it is not feasible to detect and find such culprits [of online crimes]. Hence, in the interest of public order, WhatsApp may be directed to build a mechanism to trace the original source from where an objectionable post/image is first uploaded.“.It goes on to argue that such a mechanism can be developed without breaking WhatsApp’s end-to-end encryption policy..“…. the LEA only requests for the source of the objectionable post and are not demanding the breaking of end to end encryption. WhatsApp is confusing between the privacy concerns and anonymity. Technical solution could be built to trace the originator without breaking end-trend encryption. There should be accountability for the information circulated by a user on the platform.”.On how social media companies can be made more responsible in curbing online crime.The report concludes by putting forth the following suggestions to aid in the monitoring and regulation of online crime..Tracking the original sender of a WhatsApp message.In line with a suggestion made by IIT professor Dr V Kamakoti during the joint meeting held between LEAs and social media companies this month, the State has recommended that “WhatsApp should consider including the phone number of the originator of a message within the message whenever a message is being forwarded.” .The report goes on to argue that this measure, “will not only help LEAs, but give an option to users to verify the authenticity of information before forwarding/sharing.”.Effectively removing offensive online content.The report points out that when offensive content is red-flagged, it is not enough that the immediate URL of the content alone be removed. The content would still resurface in multiple other URLs, states the report. Therefore, it has suggested,.“SMIs may be directed to divide technical mechanisms/tools to identify the unlawful content across the platform and remove it altogether instead of removing only in a specified URL.“.Provide Port Number along with IP address.The report has raised concern that,.“Although IP address is provided, due to network address translation in which singly IP address is allocated to multiple users by the ISPs, it is difficult to trace the exact user to whom the IP address is allocated.”.The possible work around, as per the report, would be for the social media intermediary to provide the “port number along with IP address when access logs are provided, to enable LEAs to trace the users who accessed at a particular point of time.”.Other recommendations.Social media intermediaries must be directed to appoint an India-based Nodal Officer to provide information sought within a 72 hour deadlineSocial media intermediaries and LEAs should mutually arrive at cultural and community standards of the country, by continuous sensitisation programmesSocial media intermediaries should attend periodical meetings conducted by LEAs to strengthen mutual cooperationSocial media intermediaries should be directed to provide information when notice is sent under Section 91 CrPC without asking for MLAT/Letter Rogatory or citing reasons that there was “no violation of Terms of Use” found. All social media intermediaries should be directed to furnish certificate under Section 65B of Indian Evidence Act, like Google presently does. Social media intermediaries should remove objectionable content within a 24 hour time frame on request by LEAsWhatsApp should be directed to provide last seen IP address in full 4 Octets along with Port number. The report has highlighted that when WhatsApp provides basic subscriber information, the last seen IP is provided in only 3 octets. The 4th octet is anonymised. This will not help in tracing the user, submits the State. The State has argued that it would be helpful if WhatsApp stores full IP address of last access by the user and provides the same on request by LEAs..The case has now been posted for hearing on July 24..On linking Aadhaar with E-mail/Social Media.The IFF, through its director Apar Gupta, had argued for allowing it to assist the Court in the matter in view of the substantial issues of public importance being raised. As stated in its impleadment petition,.“These issues require expertise in areas of technology, policy, law and regulation which range from surveillance, intermediary liability, privacy and the freedom of speech and expression of individuals. It is further stated that the outcome of the present writ petition will affect not only the current safeguards provided by law to intermediaries and liberties provided to individual expression, but is also likely to set precedent to the much needed surveillance reform in India.”.As for the original plea raised by two PILs in the case to link Aadhaar with e-mail, IFF has submitted,.“… less restrictive alternatives such as alternative measures of verification, controls placed by platforms, and restrictions on accessing certain types of features and content should be explored before requiring the authentication measure that is likely to cause more harm than good.”.It may be noted, however, that the Bench of Justices S Manikumar and Subramonium Prasad had orally observed last year that it was not inclined to allow the prayer for linking Aadhaar with online accounts..During Thursday’s hearing, the Bench made a similar observation that Aadhaar, being a government record, cannot be linked with e-mail or social media accounts. .Arguments for WhatsApp were made by Senior Advocate NL Rajah during Thursday’s hearing. Earlier, arguments for WhatsApp were also made by Senior Advocates Arvind Datar and Kapil Sibal..Senior Advocate Sajan Poovayya appeared for Twitter. Senior Advocate R Murari has also appeared for Twitter earlier. Senior Advocate PS Raman appeared for Google and YouTube..Facebook is being represented by Senior Advocate Satish Parasaran. Arguments for the IFF were made by Advocate Suhrith Parthasarathy..Submissions for the state were made by Additional Government Pleader, E Manoharan on Thursday..Bar & Bench is available on WhatsApp. For real-time updates on stories, Click here to subscribe to our WhatsApp.