Information Technology - Guidelines For Intermediaries and Digital Media Ethics Code - Rules, 2021

This chapter is divided into two sections:

1. Impact of IT Rules on personal lives, mainly freedom of speech and expression, and privacy.
2. Lack of empowerment with respect to participation and advocacy in tech-policy issues despite personal concerns.

IT Rules and impact on freedom of speech and expression

Over 50% of the respondents believe their freedom of speech will be seriously harmed.

Freedom of speech

{ 
"data": {
"values": [
 {"Percentage":4.52,"Response":"N/A","Role":"Code","Percent":3.03,"Org":"Large"},{"Percentage":0.5,"Response":"N/A","Role":"Design","Percent":1.01,"Org":"Medium"},{"Percentage": 0,"Response":"N/A","Role":"Documentation","Percent":2.02,"Org":"Small"},{"Percentage":1.01,"Response":"N/A","Role":"None of the above"},
 {"Percentage":9.05,"Response":"No effect","Role":"Code","Percent":8.08,"Org":"Large"},{"Percentage":4.02,"Response":"No effect","Role":"Design","Percent":4.55,"Org":"Medium"},{"Percentage":2.51,"Response":"No effect","Role":"Documentation","Percent":4.04,"Org":"Small"},{"Percentage":1.01,"Response":"No effect","Role":"None of the above"},
{"Percentage":0.5,"Response":"Offer some benefits","Role":"Code","Percent":1.52,"Org":"Large"},{"Percentage":1.01,"Response":"Offer some benefits","Role":"Design","Percent":0.51,"Org":"Medium"},{"Percentage":0,"Response":"Offer some benefits","Role":"Documentation","Percent":0,"Org":"Small"},{"Percentage":0.50,"Response":"Offer some benefits","Role":"None of the above"},
 {"Percentage":10.05,"Response":"Pose challenges","Role":"Code","Percent":11.62,"Org":"Large"},{"Percentage":4.02,"Response":"Pose challenges","Role":"Design","Percent":6.06,"Org":"Medium"},{"Percentage":3.52,"Response":"Pose challenges","Role":"Documentation","Percent":5.05,"Org":"Small"},{"Percentage":5.03,"Response":"Pose challenges","Role":"None of the above"},
 {"Percentage":27.14,"Response":"Seriously harm","Role":"Code","Percent":28.79,"Org":"Large"},{"Percentage":11.06,"Response":"Seriously harm","Role":"Design","Percent":6.57,"Org":"Medium"},{"Percentage":6.53,"Response":"Seriously harm","Role":"Documentation","Percent":14.65,"Org":"Small"},{"Percentage":5.53,"Response":"Seriously harm","Role":"None of the above"},
 {"Percentage":1.01,"Response":"Strongly benefit","Role":"Code","Percent":2.53,"Org":"Large"},{"Percentage":0.50,"Response":"Strongly benefit","Role":"Design","Percent":0,"Org":"Medium"},{"Percentage":0.50,"Response":"Strongly benefit","Role":"Documentation","Percent":0,"Org":"Small"},{"Percentage":0.50,"Response":"Strongly benefit","Role":"None of the above"}]
},
"vconcat":
[
{
"encoding": {
 "color": {
         "field": "Role",
         "title": "Role",
         "type": "nominal",
         "scale": {
           "domain": ["Code", "Design", "Documentation", "None of the above"]
         },
     "legend": {
     "orient": "top",
     "direction": "horizontal",
     "title": "Roles"
   }
 },
 "x": {"aggregate": "sum", "field": "Percentage","title": "Percentage", "scale": {"domain": [0, 70]}},
 "y": {"field": "Response"}
},
"height": 300,
"width": "container",
"mark": {"type":"bar","height":30}
},
{
"title": {
 "text":["Will the IT Rules affect","Freedom of speech?"],
 "orient": "bottom",
 "dy": 15
},
"encoding": {
 "color": {
         "field": "Org",
         "title": "Organization",
         "type": "nominal",
         "scale": {
           "domain": ["Large", "Medium", "Small"]
         },
         "legend": {
     "orient": "top",
     "direction": "horizontal",
     "title": "Organization Size"
   }
 },
 "x": {"aggregate": "sum", "field": "Percent","title": "Percentage", "scale": {"domain": [0, 70]}},
 "y": {"field": "Response"}
},
"height": 300,
"width": "container",
"mark": {"type":"bar","height":30}
}
],
"resolve": {"scale": {"color": "independent"}}

}

Over 70% of the respondents felt that their individual privacy will be affected by the IT Rules. This cuts across organization size and nature of work.

Related to this is the concern that speaking up about the harmful effects of the IT Rules will lead to repercussions from the government, potentially in terms of intimidation and punitive action.

Concerns about freedom of speech and expression, and privacy stem mainly from the IT Rules mandate to break encryption and to determine the first originator of offensive messages. The presumption of guilt, where every individual is by default deemed as a potential harm creator, adds to the fear that tech workers’ privacy will be invaded. These concerns were voiced most vociferously in the FGD held with Public Interest Technologists in May 2021.

Concerns about privacy and increased surveillance

Tech workers engage in a number of practices to protect individual privacy, including use of VPNs to access websites and applications which have been blocked by their ISPs, use of tools to prevent browsers from ad targeting, etc. With the IT Rules and the presumption of guilt, tech workers are concerned whether surveillance on these practices will increase. Governments across the world have, from time to time, deemed such practices as “criminal” to prevent their widespread use. Similar concerns emerged during the session with PyDelhi Community on IT Rules where software programmers asked public policy expert Udbhav Tiwari questions about how their use of mesh networks, Tor and other privacy preserving tools will be affected by the IT Rules.¹

1. How will the developer community be affected by the IT Rules: Developers will have to be a lot more careful about what they say in such platforms and must choose platforms that are likely to not be blocked. For those developers who want to build start-ups, they have to take into consideration the obligations of the IT Rules and the resources required to comply.

2. How does the use of Tor services get impacted by IT Rules: Tor either needs to change its features in India, or it might get blocked. Tor services can be degraded and users can be disincentivised by the government.

3. How will mesh networks be impacted: For mesh networks, government can enforce their Rules against owners/operators, and if they don’t comply, they will either lose safe harbour (which could lead to them being blocked) or be allowed to function after making product changes, as with other intermediaries.

4. Expanding on the traceability argument and how it may be implemented: Traceability provision was created to trace illegal content. Intermediaries will either have to break encryption or implement traceability in a manner that increases data collection (if at all). On the flip side, they can get banned or taken to court.

The survey data presented here, previous research about privacy practices and beliefs[^privacy-tech survey], and anecdotal accounts show that tech workers lack spaces in which they can speak about these concerns, and often do not feel empowered enough to do so. Any organization or forum looking to address this concern must make available knowledge and legal resources, and create safeguards for members/employees, in order to encourage them to raise concerns publicly, without fear of losing their jobs.

Impact on participation and advocacy

The impact of IT Rules on personal lives was felt even more because of the lack of three critical resources:

1. Lack of knowledge and awareness about the intricacies of the law: Respondents believed that they do not have the means to speak up openly about IT Rules because they are unsure about the legal challenges to these Rules, and how the Rules stand the test of legality and constitutionality in a court of law. A similar concern was witnessed when startup founders were flummoxed by the Non Personal Data (NPD) framework and the short time frame set by the ministry to give comments on the framework². They were concerned that a framework laced with extensive legalese and lack of a forum to discuss each clause and its impact, prevented them from representing their concerns in a comprehensive manner.

This gap in awareness is compounded by the lack of resources to learn about new regulations, and avenues to discuss concerns about how laws can affect professional and personal lives. The survey results show that if tech workers are to learn about IT Rules and similar laws, they prefer to go to digital advocacy groups such as the Internet Freedom Foundation (IFF) for information and awareness.

| Experts Preferred  | Response Percent  |
|--- |---: |
| Professional advocacy organizations such as Internet Freedom Foundation (IFF) or similar  | 60.40%  |
| Newsletters/shows by commentators  | 26.24%  |
| Discussion groups or events that cover such topics  | 47.52%  |
| Chat groups of friends/peers  | 41.09%  |
| I have a contact I usually ask  | 13.86%  |
| None/other  | 11.39%  |

{
"title": {
 "text": ["Preferred mode of learning", "about the IT Rules"],
 "orient": "bottom",
 "dy": 20,
 "fontSize": 16
},
"height": 300,
"width": "container",
"data": {
 "values": [
   {"Response": ["Professioal advocacy organizations", "such as Internet Freedom Foundation"], "Percentage": 60.4},{"Response": ["Newsletters/shows", "by commentators"], "Percentage": 26.2},{"Response": ["Disucssion groups or events", "that cover such topics"], "Percentage": 47.5}, {"Response": "Chat groups of friends/peers", "Percentage": 41.1},  {"Response": "I have a contact who I usually ask", "Percentage": 13.9}, {"Response": "None/other", "Percentage": 11.4}
 ]
},
"encoding": {
 "y": {"field": "Response", "type": "nominal"},
 "x": {"field": "Percentage", "type": "quantitative", "axis": {"title": "Percentage of respondants", "dy": 5}}
},
"layer": [{
 "mark": {"type":"bar","height":25}
}, {
 "mark": {
   "type": "text",
   "align": "left",
   "baseline": "middle",
   "fill": "#fff",
   "dx": -25
 },
 "encoding": {
   "text": {"field": "Percentage", "type": "quantitative"}
 }
}]
}

Tech workers also rely heavily on social media platforms and digital news publications for information and awareness about IT Rules. Mainstream news media and legacy print publications are not high on their sources of learning about tech-policy developments.

| Awareness   | Other  | TV shows/TV News Broadcast  | Grand Total  |
|--- |---: |---: |---: |
| I think I remember seeing something.  | 81.82%  | 18.18%  | 100.00%  |
| N/A  | 100.00%  | -  | 100.00%  |
| No  | 83.33%  | 16.67%  | 100.00%  |
| Somewhat. I saw some headlines.  | 92.96%  | 7.04%  | 100.00%  |
| Yes. I followed the news closely.  | 88.89%  | 11.11%  | 100.00%  |
| Yes. I read the rules in detail.  | 92.31%  | 7.69%  | 100.00%  |

| Grand Total | 89.45% | 10.55% | 100.00% |

{
 "title": {
 "text": ["Awareness about the IT Rules"],
 "orient": "bottom",
 "dy": 20,
 "fontSize": 16
 },
 "width": "container", 
 "data": {
 "values": [
   {"category": ["Somewhat. I saw", "some headlines"], "value": 46.8, "label": "46.8%"}, 
   {"category": ["Yes. I followed", "the news"], "value": 26.6, "label": "26.6%"},
   {"category": "NA", "value": 1.5, "label": "1.5%"},
   {"category": ["Yes. I read", "the rules in", "detail"], "value": 13.1, "label": "13.1%"},
   {"category": "No", "value": 12.1, "label": "12.1%"}
 ]
},
"mark": "arc",
"encoding": {
 "theta": {"field": "value", "type": "quantitative", "stack": true},
 "color": {"field": "category", "type": "nominal", "legend": null}
},
"layer": [
 {"mark": {"type": "arc", "outerRadius": 120}},
 {
   "mark": {"type": "text", "radius": 150},
   "encoding": {
     "text": {"field": "label", "type": "nominal"},
     "size": {"value": 18}
     }
 },
 {
   "mark": {"type": "text", "radius": 75},
   "encoding": {
     "text": {"field": "category", "type": "nominal"},
     "fill": {"value": "#fff"},
     "size": {"value": 12}
     }
 }
]
}

Going forward, if IT Rules censor digital media heavily, there will be a further impact on the awareness that tech workers can build about such regulations, further complicating existing problems of a poorly informed citizenry.

2. Lack of legal resources and absence of formal and informal forums and advocacy organizations at an industry or sector level that can act as ‘speakeasy’ for employees, and protect their rights is a big gap that this research points to. The survey data reveals that 91% of the respondents believe that IT Rules should either be repealed or amended. But when asked which organizations they trust for advocacy and litigation about IT Rules, the first preference again was for digital rights groups such as IFF and Software Freedom Law Center (SFLC), not an industry body or association.

   Organizations preferred for Representation	Response Percentage
   Advocates for digital rights - Eg: Internet Freedom Foundation, SFLC	77.37%
   Advocates for FOSS - Eg: FSMI, FOSS United	46.84%
   Organizations behind large public projects, like Mozilla and Wikimedia	59.47%
   Big Tech organizations like Google, Amazon, Facebook, etc	64.74%
   Industry bodies such as ASSOCHAM, FICCI, etc	41.05%
   Startup related organizations and associations	32.63%
   Others	13.68%

{
"title":{
 "text": ["Organizations preferred for represention"],
 "orient": "bottom",
 "dy": 20,
 "fontSize": 14
},
"height":350,
"width": "container",
"autosize": {
 "type": "fit",
 "contains": "padding"
},
"data": {
 "values": [
   {"Response": ["Advocates for digital rights", "Eg. IFF, SFLC"], "Percentage": 77.37},{"Response": ["Adovates for FOSS", "Eg.FSMI, FOSS united"], "Percentage": 46.84},{"Response": ["Startup related organizations ", "and associations"], "Percentage": 32.63}, {"Response": ["Organizations behind large public"," projects like Mozilla and Wikipedia"], "Percentage": 59.47},  {"Response": ["Big tech organizations","like Google, Amazon", "and Facebook, etc"], "Percentage": 64.74}, {"Response": ["Industry bodies such as", "ASSOCHAM, FICCI, etc"], "Percentage": 41.05}, {"Response": "Others", "Percentage": 13.68}
 ]
},
"encoding": {
 "y": {"field": "Response", "type": "nominal", "axis":{"labelAlign": "right"}},
 "x": {"field": "Percentage", "type": "quantitative", "axis": {"title": "Percentage of respondants", "dy": 5}}
},
"layer": [{
 "mark": {"type":"bar","height":30}
}, {
 "mark": {
   "type": "text",
   "align": "left",
   "baseline": "middle",
   "fill": "#fff",
   "dx": -35
 },
 "encoding": {
   "text": {"field": "Percentage", "type": "quantitative"}
 }
}]
}

3. Lack of legal resources such as legal counsel and lawyers and monetary resources required for litigation and larger campaigning efforts for speaking up about IT Rules: this dearth is most succinctly expressed in the words of a developer working in a media-tech startup,

   “Also what is constantly interesting is that the questionnaires that I have responded to seem to try to understand the money power to fight back (the IT Rules) by small companies. It is hard to even find lawyers. We are again forced to bombard the same SFLC and IFF lawyers who are already overloaded. What I think the community is missing is the legal support to not just fight the law, but to fight issues on specific cases.”

Unsurprisingly, 65% of the respondents have mentioned that big tech firms can represent and do advocacy on IT Rules. FAANG companies have the wherewithal and the resources to do the same.

Broader conclusions from the developer survey

The survey responses and data analyses clearly show that tech workers feel certain and reassured with respect to the security of their professional lives i.e., there is no real threat to their job security from the IT Rules or that their organizations will be negatively impacted to the extent of closure of business. It will be important to survey the tech industry and the media tech industry one year after the enforcement of the IT Rules to assess more carefully whether tech workers experience mental stress from implementing the compliance work for IT Rules i.e., tracking messages, filtering content, fulfilling content takedown requests etc. We draw this analysis from the negative stress and mental health pressures that workers in back offices of social media platforms face when they have to filter and censor content under organizational mandates.

At present, tech workers are most impacted by the IT Rules personally. Here too, there is no vocalization of the concerns publicly, owing to the factors explained above. The way forward from here is for existing tech communities to actively discuss privacy and law-related concerns, thereby encouraging more tech workers to join these forums.

Of the 200+ tech workers we surveyed, and the representatives and experts we spoke to, the majority agree that there are deep concerns in the way the Rules have been formulated and that it needs to change.

Interestingly, over 57% of the survey respondents felt they didn’t have the means to speak up about the IT Rules.

When probed further, a large number of respondents feared government repercussions for doing so, thus signifying an atmopshere of fear and intimidation that is created by the IT Rules and policies that are implemented to increase surveillance on individuals and communities.

{
"title":{
 "text": ["Reasons you maybe hesitant", "about speaking about the IT rules"],
 "orient": "bottom",
 "dy": 20,
 "fontSize": 14
},
"height":300,
"width": "container",
"autosize": {
 "type": "fit",
 "contains": "padding"
},
"data": {
 "values": [
   {"Response": "Lack of an effective forum", "Percentage": 51.1},{"Response": ["Lack of awareness", "on the rules"], "Percentage": 57.4},{"Response": ["Fear of government", "repercussions"], "Percentage": 58}, {"Response": "Irrelevant to my life", "Percentage": 8}
 ]
},
"encoding": {
 "y": {"field": "Response", "type": "nominal"},
 "x": {"field": "Percentage", "type": "quantitative", "axis": {"title": "Percentage of respondants", "dy": 5}}
},
"layer": [{
 "mark": {"type":"bar","height":30}
}, {
 "mark": {
   "type": "text",
   "align": "left",
   "baseline": "middle",
   "fill": "#fff",
   "dx": -25
 },
 "encoding": {
   "text": {"field": "Percentage", "type": "quantitative"}
 }
}]
}

Civil society has been consistently battling for consultations that take into consideration the very people these policies attempt to regulate. As a respondent in the qualitative interviews says,

“My experience of the last like 10-12 odd years, looking at how things have evolved in India, is that the impetus for change has come from civil sector organizations rather than from the government. You can literally count the number of people in the government, both establishment and anti-establishment, who advocated for strong user protections and user rights. That number in the civil society context continues to grow.”

There is a growing need for building awareness among members of the tech worker community. The focus of the awareness building cannot just be on the technical aspects of product development, but also on legal and ethical concerns, and therefore the impact of the work that tech workers do, on society. As an interviewee mentioned,

“Look, the most tempting solution is regulation. But that immediately raises the next question: ‘who regulates’. Is the government that is in power in India currently - do I trust it with regulating social media? I don’t. Do I trust progressive governments with regulating social media? I don’t. What has to happen is that stakeholders like yourselves, myself and a whole host of other entities whose interests are directly being affected by how these companies are governed, they need to have a bigger seat at the table. And it has to be a consultative process through which we come upon what could potentially look like regulation.”

[^privacy-tech survey]: Hasgeek: Privacy practices in the tech ecosystem 2020. The survey results show that “Over a fifth of respondents across all organization sizes say there is a lack of a peer group across the tech ecosystem to discuss and find solutions to privacy concerns. This lack was felt both within the organization and outside of it. This points to a larger concern where even those who may want to implement privacy-respecting features in products or services do not have the adequate support or use-cases to guide them.” Read summary of findings of this survey at https://hasgeek.com/PrivacyMode/privacy-in-indian-tech-2020/