Aditi Agrawal Profile picture
Mar 9 74 tweets 18 min read
The first consultation on the Digital India Act has begun.

There are more than 200 people who have connected via Zoom. I could see at least 70-80 people in person via Zoom.

#DIA2023
Group Coordinator for Cyber Laws, Rakesh Maheshwari, mentioned that the Jan Vishwas Bill, currently before the Parliament, has also proposed amendments to the IT Act.

All screenshots until now are from the presentation being given by MoS IT Rajeev Chandasekhar.
#DIA2023
MoS IT Rajeev Chandrasekhar: This is what the new framework of cyber laws will look like.
MoS IT RC: Summary of changes in the IT sector
MoS IT RC: There is a question about how many different types of intermediaries today are serving of safe harbour. Internet in 2000 was a place of good, a warm and fuzzy place to do good. Now, it is also a place of criminality and user harms.
MoS IT RC: The new law that has to be future proof, future ready and must be a structure whose rules can stay ahead of the entities that it seeks to regulate.

The act must deal with five categories, these are not chapters.

#DigitalIndiaAct2023
MoS IT RC: Our govt respects anonymity from a privacy perspective but anonymity combined with platforms pretending to be dumb intermediaries and allowing cybercrime to proliferate will not be tolerated. That will be addressed in DIA. [this one is paraphrased] #DigitalIndiaAct2023
MoS IT RC: The law should not be prescriptive, it should be principle-based.

This is a demonstrable index:

#DigitalIndiaAct2023
MoS IT RC: Openness is from a compeittion perspective as well as freedom from govt control. I recognise that there is a parallel conversation happening about the DMA and proposed amendments to the CCI Act. There are multiple questions about certain intermediaries exerting
significant amount of influence ... play stores ... some press cuttings to give you a sense of how the rest of the world is thinking about this ... we are going to address it
MoS IT RC: We are very particular about addressing user harm online. Senior citizens are using it for pensions, students are using it, women and men are using it for work. Digitally literate people are using it as are digitally illiterate people are using it. Online safety must
be maintained. Indian internet cannot be allowed to become a toxic place.

I was in an angry meeting recently conducted by the NHRC where their data showed that 1 out of 3 or 3 pieces of content online was CSAM. Thus, protecting children online is of paramount importance.
When we are looking at misinfo, deepfakes and AI-enabled deepfakes are going to make it much, much worse.

What should be our view towards privacy invasive devices such as spy camera glasses? Currently, it is completely unregulated.

Again, some other clippings about how the
rest of the world is looking at user harm.

Abuse of AI already exists. At least on three loan apps that we have recently shut down, their way of making sure that the borrower returned the money included using their photos and morphing them into pornographic content and sending
them to their phone book.
...
Weaponisation of disinfo is not the same as free speech and that needs to be addressed.
We are taking some baby steps towards defining kindso f content that are no-go areas. But this raises questions of who should get safe harbour? Should the govt be playing the arbiter between intermediaries and those who are aggrieved by content? Should it be left to the courts?
Something for you to think about.

Earlier, grievance officers were just 'naam ke vaaste' [for sake of it] but then we had to create GAC. This [the DIA] might be a nice opportunity for us to relook at this accountability. mechanism and related issues.
The last point about anonymised data is from the Gopalakrishnan report about who owns NPD.
We have to take a decision about whether we call them intermediaries, paltforms, or what?

For good measure, you can add fact-checkers and all of them as well. There is greater diversity and complexity about platforms on the internet.
Shoudl there be safe harbour at all? If there is a need of safe harbour, who should be entitled to it? In this day and age, is safe harbour required?

This is the first step. You can send us emails. We will break this into two phases: consultation on the principles and
consultation on the draft bill.

[end of MoS IT's presentation]

[opening the discussion for interactive part]

#DigitalIndiaAct2023 #DIA2023
Rakesh Maheshwari announced that Dr Sandip Chatterjee is likely to replace him as GC Cyber Laws on April 1.
Question from ITIC: Will we see the policy in 2026?
RC: No, in 2023 itself

Arun Prabhu, CAM: Fear of multiple levels of regulation that an intermediary at the bottom of the pyramid, such as a CSP, will find it tough to comply with. Is it still possible to have a [dumb]
intermediary as envisioned under IT Act 2000?
RC: We need to define what constitutes an intermediary, we are in agreement about that. The internet consists of more than intermediaries that need safe harbour. The q is whether we will call them intermediaries or platforms is what
we have to decide.
Q from a blockchain-based start-up founder: How will DIA look at blockchain? How will it look at blockchain from a token-based pov vs money-based pov.

RC: A reality of the internet is going to be than an entity is going to be regulated from multiple places. We have to figure
out how that permutation and combination will work out. If you are in the money-based blockchain, you will certianly be regulated by RBI more than MeitY. MeitY will look at distributed ledger, token-based things more than money based blockchain.
Namita, IndusLaw: How does DIA look at overlaps with other sectoral regulators? For eg: E-Commerce rules and conusmer protection act?
RC: We have to figure that out. SEBI has also come up with guidelines for CSP. If there is an omnibus law, we suspect that a lot of it will be
subsumed into this. But we understand that needs to be sorted out.

Anon: How will data residency [data localisation] work?
RC: Enforceability of Indians' rights in a jurisdiction will determine whether or not PD processing is allowed in that jurisdiction.
Venkatesh, BSA: 1. Good to see distinction between intermediaries. We'd want a separate category of enterprise software to be recognised so that they are not caught up in regulation of intermediaries. In terms of AI, look at developers vs deployers.

RC: No answer to part 2.
We will cross the bridge with the draft.

Vijay Shankar, Foundation of Data Protection Professionals: One area of concern is enforcement of the law which is affected because cybercrime requires instantaneous coordination between states is reqd. Could there thus be an all-India
cadre to deal with cyber crimes? Can the enforcement of law on both civil and criminal side be improved by the govt? [reward police officers with expertise in cyber crime by allowing that expertise to be built on]
RC: We will work on that deterrent factor. But I will make one
thing very clear --- we are not going to have policemen inside MeitY. We are not going to create a cadres of policemen in MeitY and please do not suggest that. We are thinking of amendments to CrPC and IPC but MeitY cadre of policemen is not going to happen.
Kanishk Gaur, IFF (not Internet Freedom Foundation): 1. Define intermediaries more narrowly. 2. Define user harm. 3. Define principles for emerging tech including IoT [I missed the fourth point].

Amitabh, Ranga: Impact on mental health of children. Look at child safety online
as a priority.
RC: We have had more than 1-2 consultations with parents, teachers, students, etc. about gaming. We ahve a greater understanding the issues. We are certainly determined to make it safe for children.
Huzefa, Nishith Desai Associates: There's going to be a lot of convergence when DIA is going to come out. Eg: MIB and MeitY should work with the same definition.
RC: Under this proposed law, there are going to be specific rules for different kinds of platforms. These rules will be prescriptive.

Alok Prasanna Kumar, Vidhi: For certain issues, challenges are going to be faced by state govt. Eg: online gambling. What interface does the DIA
propose with states? For cybercrimes, the enforcement will be at state level.
RC: Cybercrimes will be prosecuted at state level. We are only prescribing what the law is. The penal code will be amended so that it is more rflective of the DIA.
Blaise Fernandes, Indian Music Industry: Tweaks in Sec 79 will certainly benefit the industry. [didn't catch the entire argument]

S. Chandrasekhar, K&S Partners: [can't be heard in BLR. The irony of tech not working on consultation of the DIA 🤦‍♀️]
Lyric, Logical.ly: User harm v societal harm? How do we tackle content that is harmful but not illegal?
RC: The idea of the act is to make what is legal but harmful content into illegal and harmful content. Should addictive behaviour, psychological harm be considered
user harm? This is something we will have to discuss and we need to be careful while classifying content as illegal.

Sandeep, Jio: 1. In all the key pointers, not much on NPD [non-personal data]. Will DIA cover NPD? 2. How will Quality of Service be defined and monitored?
RC: No answers to either of your questions.

2. Accountability also refers to QoS. QoS becomes an area where a platform must have accountability towards the user. The question is that should this be legislated? Do we need only principles or an internet regulator?
1. DIA will deal with who owns and controls NPD.

Sandeep, Jio: What about the anonymisation standards? [missed his question about syncing with TSp requirements]
Anon: 1. [missed it] 2. Some statement about internet inclusion, internet governance, resilience (how to get diversity of supply there viz. international bandwidth without blocking - accessibility there) to be included in the DIA. 3. Views on tech neutrality vs proscribing tech
4. OTTs are under the IT Act. But we're confused by other contemplated measures. KYC to be done by IT Act. [not clear what this means] 5. some offences need to be decriminalised. 6. to keep internet open, licensing regime, as prescribed in other rules, should not be there.
RC: Most of what you have said is policy. We don't want to confuse the law by including things about internet exchanges. Send your inputs in writing.
Anon: Include things about people with disabilities. How much time will we have for inputs?
RC: Send it in writing. You'll have
plenty of time.

[RC refuses question from TOI. Media questions later.]

Ravindra Reddy, Logical.ly: Question about statutory regulator for content
RC: There is no discretion about what kind of content is allowed and what isn't under Rules 3.1.b i-ix. It is upto
the intermediary's discretion to follow those Rules and then Rule 7 will kick in.
Arnab, Coinbase: Nuanced approach to emerging tech?
RC: We are not domain specialists. We will certainly concede to sectoral regulator's views on sectoral issues. I think you are pitching Web3. That's not what I mean. I mean that the internet should be a trusted space for digital
nagriks. It is not about management via trust, etc. about tokens, etc. but creating trusted internet.

Prashant Mali: 1. Practical difficulties of changing the name of the law as citation will become harder. Don't call it DIA. 2. Adjudication mechanism has failed in India.
It is in the hands of principal secys etc. and there's a backlog of 6-7 years like in Maharashtra. The appointed bureaucrats look at it in a part-time manner. So have online adjudicators at a central level.
RC: We will look at the adjudication mechanism ab initio. We look for
ideas from you. Don't agree with you on retaining the name as it will lead to more confusion. This will be a successor act. Jurisprudence from IT Act 2000 remains intact.

RM (on behalf of Gowree Gokhale via VC): 1. Will the govt retain obligations for intermediaries?
2. Principle for distinguishing between criminal and civil liabilities?
RC: That's the point of consultation.

Rahul Sharma, IAPP: 1. Will DIA directly tackle issues of content regulation on social media and OTTs? 2. Will DIA look at data embassies and NPD flows which are not
covered by the DPDP Bill. 3. Will DIA look at rehauling surveillance and interception rules?
RC: 1. Prima facie, don't see DIA getting into content regulation. That'll probably be the domain of MIB. But platforms will have an obligation to restrict user harm. We need to figure
out how to distinguish between intermediaries and platforms. In one case, the safe harbour will kick in and in the other case, we will have prescriptive rules about what they can do and can't do [didn't catch which of im and platforms will be what].
For other two questions, emai.
Murugavel Janakiraman, BharatMatrimony CEO: Both app stores function as gatekeepers despite the internet being open. What remedies are available?
RC: Openness as a policy objective of the DIA addresses these issues. We have to come up with issues of monopolies, duopolies, Big
Tech. How do we address it? Here in DIA? In Competition act? Via Rules?

Ashish Aggarwal, NASSCOM: 1. Any thinking in terms of regulator of the internet? (see evolution of DPA in PDP Bill to DPB in DPDP Bill) 2. Start-ups? 3. Cybersecurity? Will there be a framework around
cybersec in DIA?
RC: 3. Cybersec will be a part of DIA because essential for safe and trusted internet. 1. Don't have anything in mind but it will be light-touch so that start-ups are not scared away.
Karnika Seth, SC lawyer: 1. More countries are enacting separate laws on AI and metaverse. We too, like EU and UK, have a separate law for AI and metaverse and emerging tech.
2. If you are amending the IPC to include cyber crimes, focus on deterrence, not being punitive.
3. Viz. children, make it obligatory to [do something about reporting credit cards - didn't catch the rest of it]
4. Intermediaries and safe harbour - intention and knowledge are important since they perform multiple functions.
5. Accountability of app stores for due diligence
can't only be for sectoral regulators [aren't app stores governed as intermediaries already?]
6. Cross-border data flows - have mirroring obligations to help in cybercrime.
7. Harmonise DIA with other proposed laws.
8. Voluntary undertaking under DPDP Bill is insufficient.
Puneeth Nagaraj, SAM: 1. [Something about encryption that I missed 🤦‍♀️] 2. How will you deal with overlap between between DPB of DPDP Bill and regulator here?
RC: 2. DPB is only for deciding what happens in case of PD breach. DIA is more overarching as it deals with user harm.
DPDP Bill doesn't deal with encryption.

TOI reporter: How many more principle related consultations? Timeline?
RC: No answers because it is a very important legislation. We want to make sure that there is extensive consultation so that everyone has an opportunity to contribute
No artificial timeline on this possible. We will criss-cross across the country.
TOI reporter: Which cities?
RC: No itinerary but definitely in Delhi where big lawyers sit, that they think so. And in a few other cities. We will see.
[A question from Khaitan that I missed about Schedule I of the IT Act]

Consultation ends. Send comments to gccyberlaw@meity.gov.in

Dr Sandip Chatterjee is giving the vote of thanks
Questions from Zoom that couldn't be taken up due to paucity of time:

Abhishek Singh: Will the bill be addressing the aspects of Data monetisation? Will the amendments in IPC be exclusive in nature or be read with Digital India Act ?
Saksham Malik: The presentation notes regulation of competition , including fair trade practices, pertaining to concentration of market power, gatekeeping, dominant ad tech platforms etc.. The parliamentary committee on finance has noted these concerns and recommended a new
Digital Competition Act to regulate these. A new committee by Ministry of Corporate Affairs is now working on these issues. Is the DIA also going to look at competition concerns of this nature? How will the DIA interact with the proposed Digital Competition Act and competition
law in general?
Aditya Nath, Anand and Anand: In light of the various developments in tech, there have been various Drafts such as the recent AI fairness standardisation guidelines released by the TEC. Does the DIA aim to create a unified framework which encompasses these drafts or will
there be multiple regulators which a business entity or a citizen has to deal with? (only related to technology and not sectoral regulations)
Joy Bhattacharjya, Federation of Indian Fantasy Sports: Will online gaming be a separate chapter under the DIA or will it only be defined in the act and rules be framed to govern the sector?
Vote of thanks ends. In person attendees are having tea. That is not being broadcast so can't tweet what's happening there and who's talking to whom. :(
Send all comments to gccyberlaw@meity.gov.in

/end

#DIA2023 #DigitalIndiaAct #DigitalIndiaAct2023

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Aditi Agrawal

Aditi Agrawal Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @Aditi_muses

Oct 20, 2022
🧵There are multiple red flags in The Wire's reports.

I spoke to @debayan0, @alexstamos, @elegant_wallaby and @matthew_d_green to understand the biggest ones.

🚩1. Entire process relies on screenshots and videos that can be easily faked.
🚩2. XCheck does not work the way it was described
- multiple current and former employees were baffled by the sweeping powers described in article 1
- content moderation reports are NOT posted to
fb.workplace.com but reside on internalfb.com
- content moderation reports require some action to be taken which cannot be taken from Notes in Workplace

🚩3. fb.workplace.com is the Slack equivalent for internal FB communication; UI in video does not match
Read 25 tweets
May 26, 2021
Facebook and WhatsApp have both filed petitions in the Delhi High Court against the traceability requirement in the Intermediary Rules. Both ask for the traceability rule to be declared ultra vires and for no criminal liability to be imposed if intermediaries do not comply with
the traceability requirement.

Protection of rights to privacy and free speech extensively cited as arguments.

In an expected move (as I had reported on it earlier), Facebook's petition is actually a preemptive move to save the Secret Conversations feature. Read on to know why
Many of the arguments that have been made were also brought up by legal and technical experts in my previous reportage. Read those too:
forbesindia.com/article/take-o…
Read 4 tweets
Aug 7, 2019
Hello humans! Settle down as I summarise for you the #WhatsApptraceability case that will potentially set a global precedent for how governments approach encrypted communication. I have been reporting on it for @medianama

bit.ly/2ZETpi5
It all started with @AntonyRubin's PIL to link Aadhaar and social media accounts. bit.ly/2LqkDpl

The latest: I spoke to IIT Madras's Dr Kamakoti about the submissions he has made to Madras HC. bit.ly/2KA4tqj
Kamakoti is very clear: "WhatsApp remains the same. Their end-to-end encryption remains the same. There’s nothing that we want to change. There’s nothing that warrants the change."
BUT
traceability is also important to prevent social harm, scams bit.ly/2KA4tqj
Read 22 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(