Over the years we have witnessed gradual development of internet and digital communication technology and rapid over flow of users of the same who may or may not know the digital socio-legal culture. This internet and digital communication technology that I have mentioned here, primary includes WhatsApp. When this platform started becoming popular in India since 2014-15 onwards, it also became popular platform to form opinions, disseminate news including fake news, harassing remarks for group members and other individuals who may not be group members but may be known to one or other group members. Soon Indian users could get connected with users from other jurisdictions through WhatsApp and the groups formed on the basis of WhatsApp became better connected than networks of people connected on Offline. Consider groups like law teachers’ groups, or groups formed on the basis of common interest like terrace gardeners, animal lovers, theological groups, chartered public vehicle commuters’ groups, health service providers groups etc.: members did not necessarily stay in the same locality, did not work in the same organization or may not speak the same vernacular language. But what bonded them was their common interest. This was some thing more popular than Facebook which was ruling internet during 2012-18 era. Slowly WhatsApp became more popular with specific service people like the IPS or IAS association (non official groups) and judicial officers’ groups. The popularity grew because individuals could actually control who would view their opinion and images that may have been ‘consensually’ shared by the members. It must not be however forgotten that WhatsApp has also notoriously become a platform for several online crimes including crimes against State, against individuals, cybercrimes against women and children, economic crimes, cyber terrorism etc.
Understanding stronger confidentiality setup of WhatsApp, soon workplaces and schools also started their own WhatsApp groups. Presently almost all organizations, schools and educational institutes have their respective division /unit/team-based WhatsApp groups. Some of these groups are moderated and monitored by senior members of the organization or the HR department member or the creator of the group or teachers (in case they are the creators/members of the said groups). The bright side of the story is, people can get the necessary information in their hand phones (which may include WhatsApp services) and they may not necessarily look into their mails unless it is for immediate verification necessity. Mails now have become more official and WhatsApp groups are more personal. The negative aspect is quick circulation of offensive, harassing and unwanted contents.
Here comes the question of liabilities of three groups especially regarding creation, publication and circulation of offensive and unwanted contents. These liabilities may vary according to the age of the creators/publishers/circulators and position of the creators/publishers/circulators. ‘Position’ here necessarily means the website who is hosting the communication, the admin who is moderating or who may have created the group and general members who may be the creators/publishers/circulators of the content. This three groups are as follows:
Let me first start with the website. WhatsApp as the web platform of the communications or Facebook as the parent company facilitating WhatsApp, may seek their excuse from any legal tangle in case of creation, circulation, publication of any offensive contents by virtue of Due Diligence clause which they exercise in almost cases of creation/circulation/publication of contents which are offensive. For this purpose, we need to understand the Indian version of Due Diligence law which can be found in S.79 of the Information Technology Act, 2000(amended in2008); the first two subclauses address the points which may be used by the websites. To summaries:
Websites or intermediaries who provide services including web hosting services, search engines etc (as per S.(w) of the Information technology Act, 2000(amended in 2008), may not be liable for any third-party activities carried out on their web platforms if such activity (which includes creation/publication/circulation etc. of any offensive, harassing etc. contents) is not initiated by the website, the website dies not select the receiver of the transmission and the website does not select or modify the information contained in the transmission. The website or the intermediary will also be excused from the third party liability in case the same has practiced due diligence as per the laws, rules and guidance as has been mandated by the Indian government. These Rules are mentioned in Information Technology (Intermediaries guidelines) Rules, 2011, which have further been suggested for amendment. As such, these Rules include the following responsibilities of the intermediary or the web platform:
Publishing of Rules, regulations, privacy policies and user agreements which will clearly make the user understand that posting/transmission of/uploading/modification etc of contents which may be grossly harmful, harassing, blasphemous, defamatory, obscene, pornographic, paedophilic, libellous, invasive of another’s privacy, hateful, or racially, ethnically objectionable, disparaging, relating or encouraging money laundering or gambling, or otherwise unlawful in any manner whatever; harm minors in any way; infringes any patent, trademark, copyright or other proprietary rights; violates any law for the time being in force; deceives or misleads the addressee about the origin of such messages or communicates any information which is grossly offensive or menacing in nature; impersonates another person; contains software viruses or any other computer code, files or programs designed to interrupt, destroy or limit the functionality of any computer resource; threatens the unity, integrity, defence, security or sovereignty of India, friendly relations with foreign states, or public order, or causes incitement to the commission of any cognisable offence or prevents investigation of any offence or is insulting any other nation. threatens public health or safety; promotion of cigarettes or any other tobacco products or consumption of intoxicant including alcohol and Electronic Nicotine Delivery System (ENDS) & like products that enable nicotine delivery except for the purpose & in the manner and to the extent, as may be approved under the Drugs and Cosmetics Act, 1940 and Rules made thereunder; (k) threatens critical information infrastructure.
Provide all support to the criminal justice machinery to disclose incidences of cyber security, the identity and all other relevant details of the harasser/originator of the offensive content.
Not to host/transmit/publish etc any information which the website management known to be illegal and offensive.
Provide periodic update on the policy of the web company related to users liabilities, rights and duties etc.
Take down reported content within considerable time of maximum 24 hours (as the draft Intermediary Guidelines (Amendment) Rules, 2018 indicates). 
In short, the web companies, intermediaries may not be directly liable for WhatsApp mess-ups that may be done by the individual users.
The second party which may attract the liability for publication/creation/circulation of any offensive content on the platform is the group admin. Now, let us first understand who are called as ‘group admins’: WhatsApp provides certain features especially for group chats and this includes monitoring of the group by designated persons who are known as admins. Admins may not necessarily be the creators of the group. However, the latter may always remain as admin in spite of creation of multiple admins by him/her. Admins may have the power and authority to include and exclude members, block members, restrict the publication of comments and create group policies which may be used to restrict a particular member/s in case of violation of the same. Indian courts have in numbers of occasion, held that group admins may not be held liable for the activities of the members of the group in case the said admin had shown due diligence to restrict publication/circulation/creation of offensive comments. This due diligence is however derived from the understanding of criminal law sanctions mixed with tortuous liabilities. For example, consider the followings:
If the group admin has not been made group admin consensually and he does not know the subject of discussion of the group, he may have a very narrow defence of being misled by other admins/creator who forced him to join them in criminal activities like creation/publication/circulation of offensive contents which violate the existing laws of the Land.
If the group admin himself had not created/circulated any offensive content and had warned any user for not sharing/posting etc any content which is offensive, he may not be made liable for creating/sharing contents which may be offensive under any law if any member had even for some time (when the admin was not expected to watch/monitor the group) had posted/circulated some offensive content. But in such case, if the content falls in the category of child sexual abuse material which may be categorised under S.67B of the Information Technology Act, 2000(amended in 2008) or POCSO Act, the admin may not avail any excuse.
In case the group admin is a child, the question becomes tricky. If the group is specifically made by minors, the police, the prosecution and the court have to see who may have provided the basic assistance in accessing the web platform and the contents (including the offensive contents). Necessarily in such cases, courts may have to use the principles of vicarious liability because a child may not be eligible to own a SIM card unless an adult provides him the same. Here, the basic understandings of contract laws and age of maturity may be applied. Now, let us see the case of the WhatsApp group of students of an elite school in Mumbai where minor students were discussing about child sexual abuse of their own female classmates: parents may be made vicariously liable in such case, which actually did not take place, may be because here the parents of the accused children themselves alerted the school and restricted further violation of rights of those children who were targeted for the sexual fantasy of the adolescent boys. But here one needs to check whether personal information including images of the ‘victim children’ were disseminated unauthorizedly or not, or whether it was restricted only to the use of names. In both cases POCSO Act may be applied (in the latter case , Ss.11 (sexual harassment), 13(use of children for pornographic purposes) and S.14 (punishment for using children for pornographic purposes) of the POCSO Act may be narrowly applied.
However, if the group admin/s knowingly allow creation/circulation /publication of posts which may be offensive in nature, they may not get any excuse from the clutches law specifically made to punish the commitment of such acts like creation/circulation/dissemination of obscene images (S.67), sexually explicit contents (S.67A), voyeurism and sharing non-consensual images (S.66E of the Information Technology Act, 2000(amended in 2008) and S.354C of the Indian Penal Code, defamation (S.499, 500 Indian Penal Code), sharing information which has been restricted as seditious material under S.124A IPC or any other law which may restrict freedom of speech in the line of Article 19(2) of the Constitution of India, all of which may be read together with Ss.107 and 108 of the Indian Penal Code and S.84B of the Information Technology Act, 2000(amended din 2008)( laws related to abetment of offence ).
Coming to the liability of the third group of users of WhatsApp, it may be seen that if a user/user create/publish/circulate any content which is offensive in nature, they may be liable as per the respective legal sanctions. However, the act of forwarding any content has also been considered as within the scope of defamation laws (under S.499/500 IPC ) or in case of online harassment of women and children, within the meaning of different kinds of offences recognised by law including voyeurism, stalking, non-consensual image sharing, indecent representation of women, child sexual abuse, grooming etc.
But the question larks on the issue of machine and artificial intelligence, which may make the admins responsible in case they may not be aware about the usage. For example, if the admin is a new user or not accustomed with the privacy and security features of WhatsApp, he may not be able to restrict certain ‘posts’ which may be published because of the machine intelligence: this may include certain words which the phone may suggest presuming the first few alphabets. He may neither be able to restrict a member which may have been suggested by the computer system of the platform and the device. Further, he might also not be able to remove certain posts which may have surfaced in the group due to resharing or forwarding by other members. Here, the group admin’s liability must be seen exclusively. Websites or intermediaries however would not be liable by virtue of the proviso clause of Rule 3 of the Intermediary Guidelines Rules, 2011 (and also Amended draft version of 2018), which says “……………….the following actions by an intermediary shall not amount to hosting, publishing, editing or storing of any such information as specified in subrule(2): (a) temporary or transient or intermediate storage of information automatically within the computer resource as an intrinsic feature of such computer resource, involving no exercise of any human editorial control, for onward transmission or communication to another computer resource; (b) removal of access to any information, data or communication link by an intermediary after such information, data or communication link comes to the actual knowledge of a person authorised by the intermediary pursuant to any order or direction as per the provisions of the Act.”
As may be understood from the above, WhatsApp group admins therefore may not always claim to be immuned especially when they were aware of the group activities, they had not practiced due diligence from their side and they had published or forwarded offensive contents themselves for the wider circulation of the same.
*Prof(Dr)Debarati Halder, LL.B., M.L., Ph.D(Law)(NLSIU) is the Managing Director (Hon) of Centre for Cyber Victim Counselling (www.cybervictims.org) . She can be reached @email@example.com
 See Halder D., & Jaishankar, K (2016.) Cyber crimes against women in India.
New Delhi: SAGE Publications. ISBN: 9789385985775 for understanding types of cyber crimes against women and laws.
 See Halder, D. (2018). Child Sexual Abuse and Protection Laws in India. New
Delhi: SAGE Publications. ISBN: 9789352806843, Halder D., & Jaishankar K. (2014). Patterns of Sexual Victimization of Children and Women in the Multipurpose Social Networking Sites. In C. Marcum and G. Higgins (Eds.), Social Networking as a Criminal Enterprise (pp. 129-143). Boca Raton, FL, USA: CRC Press, Taylor and Francis Group. ISBN 978-1-466-589797 for more understanding on types of cyber crimes against children.
 See for example, Kurowski, S., (2014). Using a whatsapp vulnerability for profiling individuals. In: Hühnlein, D. & Roßnagel, H. (Hrsg.), Open Identity Summit 2014. Bonn: Gesellschaft für Informatik e.V.. (S. 140-146). Available @ https://dl.gi.de/handle/20.500.12116/2633 Accesed on 21.01.2020
 See for example, Broadhurst, Roderic and Woodford-Smith, Hannah and Maxim, Donald and Sabol, Bianca and Orlando, Stephanie and Chapman-Schmidt, Ben and Alazab, Mamoun, Cyber Terrorism: Research Review: Research Report of the Australian National University Cybercrime Observatory for the Korean Institute of Criminology (June 30, 2017). Available at SSRN: https://ssrn.com/abstract=2984101 or http://dx.doi.org/10.2139/ssrn.2984101 Accessed on 20.01.2020
 By way of Intermediary Guidelines (Amendment) Rules, 2018
 The Intermediary Guidelines (Amendment) Rules, 2018 also mentions that if the intermediary has more than 50 fifty lakh users in India or is in the list of intermediaries specifically notified by the government of India, it shall:
(i) be a company incorporated under the Companies Act, 1956 or the Companies Act,2013;
(ii) have a permanent registered office in India with physical address; and
(iii) Appoint in India, a nodal person of contact and alternate senior designated
functionary, for 24×7 coordination with law enforcement agencies and officers to
ensure compliance to their orders/requisitions made in accordance with provisions
 For understanding this, we need to see S.11 of the Indian Contract Act, which says minors, persons of unsound mind and persons disqualified by law may not be able to enter into any agreement.
 See India Today Webdesk. Schoolboys at posh Mumbai school talk about raping classmates, ‘gang bang’ in horrific WhatsApp chats. Available @https://www.indiatoday.in/india/story/mumbai-ib-school-students-whatsapp-chat-horror-1629343-2019-12-18 . Accessed on 21.01.2020
years YouTube has won millions of hearts in India as a social media platform
especially among women. This is because unlike other social media websites, YouTube
has provided a platform to earn money based upon views and subscribers.
Contents uploaded by users may be varied: it can be home decor, power point
presentations of simplified versions of undergraduate subjects, subject lectures
by professional teachers or amateur subject experts, cooking recipes, Do It
Yourself (DIYs), home organisations, daily routines of home makers, technological
solutions, how to do stuffs etc . Several women have used YouTube to earn money
generated through the revenue that YouTube promises once the user can reach some
criteria like getting 1000 subscribers or 4000 watch hours etc. 
YouTube however would not lead the user to create contents that may earn more
watch hours or subscribers. Users may go for market survey to understand which
sorts of videos may attract more views, ,more subscribers etc. mostly new users
including men and women may try to create videos on anything that they feel
proper to share to the world. YouGTube , like Facebook and Instagram has
features for allowing users to create videos for private sharing. This enables
the users to share the video which may be watched only by those whom the
creator chooses. The users may however go for wide circulation of their contents
by not only making the videos public, but also by going live whereby the users may directly communicate
with their subscribers or may share information while live. Even though going Live may be a feature specifically
for improving the relationship between the user and his/her subscribers, live
videos can be watched by the world wide audience even if they are not
subscribers to that particular user. Here, YouTube may not play a vital role to
restrict uploading and sharing the contents unless the subscribers or viewers may flag the content as inappropriate. In short, YouTube may actually provide a wide
platform to share anything including bullying videos, mashed up videos, child and
woman abuse videos, birthing videos, adult sexual interaction videos and so on.
While the adult sexual videos and birthing videos may not be universally accessible
unless the user logs in to his/her YouTube accounts, other sorts of videos are accessible
to all irrespective of age. YouTube however uses the due diligence clause to
escape from any third party liability by providing notification which restricts
children from viewing adult sexual contents or violent contents which may
traumatise children. Hardly this has any
practical implication because children may access these videos by using email
ids which may be created on the basis of fake age , or may even log in through
their parents’ or friends’ email /YouTube ids.
attention here is however attracted to the contents shared by YouTubers: I have
been an avid watcher of YouTube since many years now. I have been following the
changing trends of users in uploading the contents. Earlier it was more on
creating mashed up videos which may have the potentials of violating the copyrights.
Such videos have also been silently encouraged by actors, singers and producers
because these actually publicise their work even though it may violate the
But slowly, the content creators, especially women started becoming reviewers
of products on YouTube as well. This included using of cosmetics, kitchen wares
organisers etc that may be shown in the daily routine videos, home organisation
videos or make up tutorials.
not only get views and subscribers as may be needed for fulfilling the YouTube
monetising criteria, they may also be connected with the brands manufacturing
the products or dealers of the products who may wish to showcase their products
through these non-professional videos. Several urban and rural women home
makers have actually benefitted from this: consider Youtubers like Radhika Real
who may be rural homemakers, but may have made a moderate to comfortable living
because of their YouTube videos advertising about different brands including retailer
brands. Nonetheless, these YouTubers may
also be victims of bullying and trolling for the quality of their videos, their
pronunciation, lifestyle and even house decorations.
While these women may have made a landmark professional/personal achievement because of YouTube, they may unknowingly violate privacy of their own children or even spouses or other family members as they may be showing and informing the worldwide audience about their family members who may not may consent for such wide distribution of images of themselves. These YouTube videos may also be the subject matter of bullying and ridiculing the children of such YouTubers since these may stay on worldwide web for long time. YouTube videos may also create severe domestic violence for several reasons which include live fights between spouses which may be captured by third party YouTubers for fun and uploaded and circulated for getting more views; or airing of grievances by women YouTubers against the other spouses, without knowing the far-reaching consequences etc. These videos may attract huge views and opinions, comments in the nature of cyber bullying and also trolling targeting the YouTuber concerned or supporters of the same. Consider the case of two specific youtubers from Delhi, who are spouses in real life : the wife is a senior YouTuber whereas the husband is a recent Youtuber: They had severe altercations and started living apart. But this was not enough: both used YouTube to throw insults and humiliating words to each other and their teen daughter was allegedly dragged in between. The recent reports suggested that the teenager girl who was staying with her father for couple of months after the separation, was beaten by the latter while on live and her t-shirt was torn in a manner which would show her inner wares. The girl was beaten because she wanted to visit her mother. This video became viral as several supporters of the wife started showing the clippings through their own channels. Some had also informed ChildLine and the police who had rescued the teenager and sent her to her maternal grandmother. There are several other YouTubers who started discussing about incident using the profile name of the husband wife duo. While the news report published in the local news media suggested that the teenager was often beaten by both the parents when they were drunk and she was forced to come on live which she refused many times, the news clipping did not mention about the name of the girl and that of her parents as S.74 of the Juvenile Justice Care and protection Act, 2015 prohibits publication of the identity of the child in need of care and protection or child in conflict with law. The provision reads as below:
S.74. Prohibition of publication of name, etc., of juvenile in conflict with law or child in need of care and protection involved in any proceeding under the Act.-1. No report in any newspaper, magazine, news-sheet or visual media of any inquiry regarding a juvenile in conflict with law or a child in need of care and protection under this Act shall disclose the name, address or school or any other particulars calculated to lead to the identification of the juvenile or child nor shall any picture of any such juvenile or child be published: Provided that for reasons to be recorded in writing, the authority holding the inquiry may permit such disclosure, if in its opinion such disclosure is in the interest of the juvenile or the child. 2. Any person who contravenes the provisions of sub-section (1), shall be liable to a penalty which may extend to twenty-five thousand rupees.
Now, let us understand the scope of this provision in the light of this particular case: the first subsection prohibits any report including news report, inquiry etc from disclosing the name, information etc of the concerned child. The second proviso extends the scope to ‘anyone’ who may contravene the prohibitory scope of S.74. Seen from the perspective of electronic media and the concept of citizen journalism, which gives every one right to share information, the term ‘anyone’ may literally include anyone including the good Samaritans who may have wanted to alert the concerned authorities, share their opinion against such acts of women and child abuse. Further, note the words “any other particulars calculated to lead to the identification of the juvenile or child nor shall any picture of any such juvenile or child be published” mentioned in the first sub clause. This may include the name of the concerned child and names of the parents. But apparently, this provision became a just a paper tiger in this case because those who had watched or subscribed to the videos of the couple had already known about the identity of the teenager because of the daily Lives put up by the parents and discussion about the girl in the videos posted by them. If one visits the comment section of the recent videos of both the parents in the recent past, it would be seen that commenters have taken the name of the girl, asked about her whereabouts and in some cases, some had also suggested about her changed behaviour after she had stayed with her respective parents separately. Nothing is confidential for those thousands of worldwide audiences now who had watched the parents daily and who had also witnessed the Live video where the girl was beaten up by the father. In spite of repeated request by the mother of the girl, several YouTubers still did not take down videos mentioning about the name of the father (which broadly falls within the meaning of “any other particulars calculated to lead to the identification of the juvenile or child”) when this writeup was published. While the Juvenile Justice Care and Protection and Act provides a base rule, the concerned YouTubers may not be held solely responsible because the parents already violated the privacy of the teenager and encouraged thousands to watch the couple fight which had every potential to attract penal provisions for using words etc for harming the modesty of the wife under S.509 Indian Penal Code as well as defamation of both the wife and the husband under Sections 499 and 500 of the Indian Penal Code. YouTube on the other hand has not taken down the videos of either of the spouses or that of the other YouTubers which may showcase the names of the parents and the child because it is guided by First Amendment of the US which may hardly be affected unless YouTube has been approached to take the videos down by concerned stakeholders.
It is now
a typical love triangle of three parties : YouTube, which is loved by all for
providing such an open platform for airing opinions and consumption of real
life family dramas, the YouTubers who may expect to get support, views,
popularity and money because of participating in the trolling and independent
discussions on such issues which may rip open privacy of general individuals including
children and criminal justice machinery, most of whom may never know how to
manage legalities of YouTube videos because they are completely ignorant of
this new type of electronic media.
But this is
not a unique incident that attracts the attention of legal researchers,
especially privacy law and speech law researchers. YouTubers, especially women YouTubers
continue to violate privacy knowingly or unknowingly and provide more opportunity
to trolls, bullies and offline perpetrators to victimise them because they may
not be aware about the netiquettes of YouTube. Time has come that YouTube users
become cautious of the contents uploaded by them and legalities attached with
such uploading and sharing. In this festive season YouTube content uploading
and sharing may have seen a steep rise. But it is upon YouTubers to control
what must be shared and may not.
is more powerful than televisions, more demanded than movies and more
devastating than what is generally apprehended.
example see Halder D., & Jaishankar K. (2016) Celebrities and Cyber Crimes:
An Analysis of the Victimization of Female Film Stars on the Internet. Temida –
The journal on victimization, human rights and gender. 19(3-4), 355-372
Two men get arrested under Sections 20 (offences against the dignity of a natural person), 21 (offences against modesty) and 24 (cyber stalking) of the Prevention of Electronic Crimes Act (Peca), 2016.and Section 109 (abatement) of the Pakistan Penal Code (PPC) for harassing women with objectionable contents over WhatsApp in Pakistan https://www.dawn.com/news/1503129
35 year old Philippine woman who was arrested in July, 2019 for sending photos of her 4 year old son being sexually abused through an online messaging platform in lieu of money, is now sentenced for jail for 25 years by Philippines court. The woman is also sentenced to pay fine and damages. https://www.sunstar.com.ph/article/1821966
Information communication technology and digital communication technology have opened up new vistas for human relationships. The innovative technology with the help of Artificial Intelligence (AI) can now read minds, predict illness, predict crime occurrence, enhance the professional and social network, and help in better analytical understanding of subjects. But it can also leave devastating impacts on human life. It can alter the data (including personal data), harm social reputation and can even instigate victims to take extreme steps like committing suicide. All these may be done by positive and negative usage of artificial intelligence which plays the base role for empowering Apps which in turn may be used for positive and negative usages. Artificial Intelligence (AI) has been used by web companies like Facebook for facial recognition of users earlier. AI has also been used for companies (other than web companies) for processing employee data. In short, AI has been used to access private information of individuals either consensually or without consent. Here are three ways as how AI may create an uncomfortable situation for women specifically in India :
Recognition Apps and harassment of women: Remember the time when Facebook suddenly
started asking for nude photos individuals for upgrading their own safety
system apparently for providing safety mechanisms for subscribers? This
project was intended to build up a safety mechanism against revenge porn with
the help of Artificial Intelligence. Facebook wanted to empower their
subscribers, especially women to report revenge porn. But before that, the
company wanted to ensure that the revenge porn content showcased the image that
belonged to the victim specifically. The facial recognition app, the skin
texture, hair color, biometric recognition technology would be matching both
the images (the nude picture of the victim and the revenge porn content created
by the perpetrator) and would be identifying the revenge porn content as illegal.
But this project received stern objections because there were more possibilities
of misuse of nude photos than positive use of the same. Facebook -Cambridge analytica
case did prove that nothing is impossible when it comes to preservation of data
by body-corporates and data of individuals is always profitable and the security
of the same is vulnerable. But this may
not seem to be as dangerous as misuse of Face App may seem to be . FaceApp is
basically used to change the face structure of the person whose photograph
would be used in this App. It can change the texture of the skin and density of
hair including facial hair. In July,
2019, FaceApp became the center of concern for Indian cyber security
stakeholders especially when several celebrities started using FaceApp and
started showcasing their changed faces on Instagram. While FaceApp was basically being used for
fun purposes, it may also throw challenges for data safety and security of
person concerned. FaceApp helps to change the structure of faces. But we should
not forget that the altered facial image can be saved in devices and cloud of
different individuals. This altered image may be used for several illegal
activities. Predators may unauthorizedly access the social media profiles and
change facial images of the victims to create fake profiles; they may also use
such images to create a completely new impersonating profile to harass women.
Altered facial images of women may also be used for revenge purposes especially
when the victim is looking for opportunities in the entertainment or
advertisement sector where her appearance may be considered as her biggest
asset. Apart from this, FaceApp may be used to attract bullies and trolls to
intensify victimization of women.
back the memory: No one, but the web companies clearly remember what we posted
in last summer. Every day social media companies would show what was posted by
the user a year back or a couple of years back and would gently remind the user
that he/she can share the said post as a memory. How does it happen? The web
companies look for algorithm and the highest likes and comments for posts on
daily or even hourly basis. When the posts earn more likes and comments, the AI
decides to bring it forth. In certain situations, such refreshing of memories
might not be ‘wanted’ at all especially when the victim might had a bitter
ending of the relationship with persons in the said image or the text in
question may no longer evoke good memories, but rather traumatize the victim
more. But machine intelligence does not fail the company: it is a matter of
consent and choice after all. But consider if the account is unauthorizedly accessed:
the hacker may get to know something from the past which the victim may never
wanted the hacker to know.
the user about best low prices : AI runs over the internet like blood vessels
carrying oxygen all over the body. When a user decides to compare prices of any
product or services, AI helps to share the same almost always on any platform
the user would be visiting. It might be extremely embarrassing for any woman if
such searches start showing results when she is surfing the social media or
even the search engine with a friend or another individual. Nothing is left by
the AI from prices of lipsticks, hotels at cheaper rate, flight details to last
watched videos on how to conceive. This might also make women face
discrimination, office bullying and harassment due to several reasons.
These are but some of the many ways as how AI may make
women to land in trouble. AI is necessarily connected with data privacy protection
policies of web companies. The EU General Data Protection Regulation, 2018
provides that personal data may not be processed without the consent of the
owner of the data.
But in this case, there can be legal tangles as web companies may claim that they do not breach the data
confidentiality or transfer the data to any other jurisdiction, neither they
process the data without proper authorization. Here, multiple stakeholders may
be involved which may include the original owner of the content or the picture
which may have been processed for the purpose of harassment : the perpetrator,
who may have carried out changes on the data using the AI supported Apps,
perpetrators who may have unauthorizedly
stored the altered contents, picture or information or may have used the
altered information, picture for creating impersonating profile etc. As per
Indian legal understanding, altering, modifying etc of contents/ information/ image
/images without proper authorization of the original owner of the information etc may attract penal provisions
under the Information Technology Act, 2000 (amended in 2008): these provisions
may include Ss 43 (Penalty and compensation for damage to computer, computer
system etc, ), 66 (computer related offences, 66C (punishment for identity
theft) and 66D (punishment by cheating by personation by using computer
resource etc. This may also attract penal provisions for Copy Right violation
as well. Further, the web companies may be narrowly be liable for protecting
data properly under several provisions including S.43A which speaks about body
corporates liability to protect data. But irrespective of existing provisions,
web companies may always escape the clutches of law due to due diligence clause
and on the question of consent expressly or impliedly provided by the woman
victim concerned. In the EU, courts are becoming more and more concerned about
policy violations by web companies to fool the users. In India too, the courts
must throw light on the web companies responsibility as data repository. Regulations
like Data protection Bill, 2018 must be considered with utmost care. These may
have the key to solve problems of online victimization of women.
Also, women users need to be extremely cautious about machine intelligence. Awareness must be spread about how the hidden ‘safety valves’ of the web companies (which may actually make the web companies more powerful against claims of lack of due diligence) may be used properly.
Often I have been asked by victims, stakeholders and students of law about the jurisdictions of the courts and court system as a whole under the Information Technology Act, 2000 (Amended in 2008). This query carries great significance especially at a time when subscribers, consumers and civil society members are facing numerous problems due to data theft, data diddling, and data leaking etc. by the body corporate, intermediary and service providers themselves. Such issues of piercing the veil of cyber security and data privacy due to inefficient data protection mechanism of the body corporate may in turn help individual predators and even criminal gangs to target individuals including women and children to make it a large scale offence. Let us consider the case of Facebook facial recognition case in the US : even though Facebook as a company has been strongly contesting the case, the federal appeals court has given a green signal for this class suit whereby Facebook can be prosecuted for infringement of data privacy and would be liable to pay a huge compensation to the petitioners. What we understand from here is, such cases in the field of cyber law, may be dealt by courts in the nature of civil cases as well as in the nature of criminal cases.
In India, the primary regulatory provision for cyber issues is the Information Technology Act, 2000(amended in 2008) (IT Act, 2000, amended in 2008). This provision indicates that there are two types of authorities and tribunals/courts who may handle cases in the nature of civil and criminal liabilities, i.e., civil and criminal court and tribunals . We may understand this typology by understanding the nature of the cases under the Information Technology Act first, which is as follows:
In the issue of civil nature of cases, the administrative tribunal system under the IT Act has three tiers.
As may be seen from the above flow chart, at the grass-root level is the Certifying Authorities. A licensed Certifying Authority (CA) who has been granted licence under S.24, issues the digital signature certificates. CAs are controlled by Controllers, who are appointed by central government under S.17 of the Act. This provision also mentions about the appointment deputy /assistant controllers who should work under the instructions of the Controller.
Functions and responsibilities of the controller can be discussed under three broader heads:
S.18 of the IT Act provides essential
functions of the Controller. Apart from S.18, there are certain other
provisions under the IT Act, which speaks about other responsibilities and
powers of the Controller. The functions
under S.18 are as under:
supervision over the activities of the Certifying Authorities;
public keys of the Certifying Authorities;
Laying down the standards to be maintained by
the Certifying Authorities;
the qualifications and experience which employees of the Certifying Authority
the conditions subject to which the Certifying Authorities shall conduct their
Specifying the contents of written, printed or
visual materials and advertisements that may be distributed or used in respect
of an Electronic Signature Certificate and the public key;
the form and content of an Electronic Signature Certificate and the key;
the form and manner in which accounts shall be maintained by the Certifying
Specifying the terms and conditions subject to
which auditors may be appointed and the remuneration to be paid to them;
Facilitating the establishment of any
electronic system by a Certifying Authority either solely or jointly with other
Certifying Authorities and regulation of such systems;
Specifying the manner in which the Certifying
Authorities shall conduct their dealings with the subscribers;
Resolving any conflict of interests between
the Certifying Authorities and the subscribers;
Laying down the duties of the Certifying
Maintaining a database containing the
disclosure record of every Certifying Authority containing such particulars as
may be specified by regulations, which shall be accessible to public.
As such, other than the functions
mentioned above, the Controller may also have the following powers and
Controller may also recognize the foreign certifying authorities with prior approval from the government under S.19.
Controller is the authority to suspend license of the CA in case of any discrepancies in the function of the CA under S.25
Controller has power investigate contraventions or authorize any officer to do the same under S.28.
Controller may also access to computer and data under S.29 if he has reasonable cause to suspect for any contravention of the provisions etc.
Apart from this, controller also
has powers for dispute resolution: As such, .controllers can take over matter
for regulating and resolving any conflict of interests between the Certifying Authorities
and the subscribers.
Adjudicators along with the
controllers form the second tier of tribunal system for civil nature of cases
under the IT Act. Adjudicating officers
are appointed by the Central Government under S.46 of the IT Act for holding inquiry
(in the manner prescribed by the Central Government) in cases where any person
has committed a contravention of any of the provisions of this Act or of any
rule, regulation, direction or order made thereunder which renders him liable
to pay penalty or compensation. Such officer should not be below the rank of a
Director to the Government of India or an equivalent officer of a State
Government.S.46 clearly mentions that no person shall be appointed as an
adjudicating officer unless he possesses such experience in the field of
Information Technology and legal or judicial experience as may be prescribed by
the Central Government. The adjudicating officer appointed under S.46(1) are empowered to exercise jurisdiction to
adjudicate matters in which the claim for injury or damage does not exceed
rupees five crore. In case the jurisdiction in respect of claim for injury or
damage exceeds Rs. five crore, the jurisdiction to try such cases then shall
vest with the competent court. Every adjudicating officer shall have the powers
of a civil court which are conferred on the Cyber Appellate Tribunal under
sub-section (2) of section 58. As such, all proceedings before the adjudicator (a)
shall be deemed to be judicial proceedings within the meaning of sections 193
and 228 of the Indian Penal Code; (b) shall be deemed to be a civil court for
the purposes of sections 345 and 346 of the Code of Criminal Procedure, 1973. And
(c) shall be deemed to be a Civil Court for purposes of order XXI of the Civil
Procedure Code, 1908
But, the adjudicating officer cannot
fix the quantum of punishment (especially fines, damages and compensation) at
his own whimsies and fancies. S.47 says while adjudging the quantum of
compensation under Chapter IX, the adjudicating officer shall have due regard
to the following three factors, namely –
amount of gain of unfair advantage, wherever quantifiable, made as a result of
amount of loss caused to any person as a result of the default;
repetitive nature of the default
As such, adjudicators are
responsible to handle cases of data infringement, unauthorised access to
computer, offences to the computer (of civil nature), and fraudulent data
leaking cases etc. under chapter IX of the IT Act.
At the top tier of the tribunals
for dealing with cases of civil nature under the Information Technology Act,
2000(amended in 2008) exists the Cyber Appellate Tribunal. S.48 of the
Information Technology Act, 2000 (amended in 2008) stated that the central
government shall by notification establish one or more appellate tribunals to
be known as Cyber Appellate Tribunal. However, it has been observed by several
cyber law practitioners that the Cyber Appellate Tribunals in some places in
India were not functioning properly. As such, since 2017 The Telecom Disputes
Settlement and Appellate Tribunal (TDSAT) established under section 14 of the Telecom
Regulatory Authority of India Act, 1997 (24 of 1997), (TRAI Act) has
substituted CAT & working as Appellate Tribunal for the purposes of IT Act.
It also exercises the jurisdiction, powers and authority conferred on it by or
under IT Act. The TDSAT shall consist of a Chairperson, and not more than two members to be appointed by the Central Government.
Prior to the coming into existence of TDSAT
within the meaning of Appellate tribunal under the IT Act, online High Court
judges could qualify to be appointed as Chairpersons of the cyber appellate tribunal as per S.50 of
the IT Act. However, presently as per S.4 of the TRAI Act, the Chairperson
and other members of the Authority shall be appointed by the Central
Government only if such candidate has special
knowledge of, and professional experience in, telecommunication, industry,
finance, accountancy, law, management or consumer affairs. Further, a person who is, or has been, in the
service of Government shall not be appointed as a member unless such person has
held the post of Secretary or Additional Secretary, or the post of Additional
Secretary and Secretary to the Government of India or any equivalent post in
the Central Government or the State Government for a period of not less than
three years (as per Proviso to S.4 of the TRAI Act). s. 57, IT Act,
2000(amended in 2008) speaks about the jurisdiction & limitations of the
Appellate authority , which to large extent is practiced by the TDSAT now.
According to S.57, any person aggrieved by an order made by controller or an
adjudicating officer under this Act may prefer an appeal to Appellate Tribunal
having jurisdiction in the matter. However, no appeal shall lie to the
Appellate Tribunal from an order made by an adjudicating officer with the
consent of the parties. Every appeal under 57(1) shall be filed within a period
of forty-five days from the date on which a copy of the order made by the
Controller or the adjudicating officer is received by the person aggrieved and
it shall be in such form and be accompanied by such fee as may be prescribed. Appellate
Tribunal may entertain an appeal after the expiry of the said period of
forty-five days if it is satisfied that there was sufficient cause for not
filing it within that period.
Court for dispute resolution of criminal nature: Information
Technology Act, 2000(amended in 2008) does not specifically mention about any
court which may handle cases of criminal nature under this Act. But S.77A of
the Information Technology Act is mentionable here, which speaks about
compounding of offences According to S.77A of the IT Act, 2000(amended
in 2008), a court of competent jurisdiction may compound offences, other than
offences for which the IT Act provides punishment for life or imprisonment for
a term exceeding three years. As per
S.77A, the court however, shall not compound offences falling under the
categories as below:
the accused is, by reason of his previous conviction, liable to either enhanced
punishment or to a punishment of a different kind:
such offence affects the socio economic conditions of the country.
Has been committed against a child below the
age of 18 years or a woman.
the IT Act states that a person accused
of an offence under this Act may file an application for compounding in the
court in which offence is pending for trial and the provisions of sections 265B
and 265C of the Code of Criminal Procedure, 1973 (2 of 1974) shall apply. From
the above discussion, it may be inferred that any competent criminal court
under Cr.P.C which are competent to handle cases involving offences and punishments
as has been prescribed under Chapter XI under the IT Act, may be considered as
competent court for the purpose of this Act. Now, the question which may arise
is, which criminal courts may handle cases of criminal nature under IT Act,
2000 (amended in 2008). For this, we may need to understand the patterns of
punishments under Chapter XI of the IT Act, 2000 (amended in 2008). These can
be listed as below:
Imprisonment for a term which may extend to two
years, or with fine which may extend to one lakh rupees, or with both.
Imprisonment of either description for a term
which may extend to three years or with fine which may extend to rupees one
lakh or with both
Imprisonment of either description for a term
which may extend to three years and shall also be liable to fine which may
extend to rupees one lakh.
Imprisonment which may extend to three years or
with fine not exceeding two lakh rupees, or with both
Imprisonment up to three years, or with fine
which may extend up to two lakh rupees, or with both.
Imprisonment for a term which may extend to
three years or with fine which may extend to five lakh rupees or with both.
Imprisonment extending to imprisonment for life.
Imprisonment in first conviction of either
description for a term which may extend to three years and with fine which may
extend to five lakh rupees and in the event of second or subsequent conviction
with imprisonment of either description for a term which may extend to five
years and also with fine which may extend to ten lakh rupees.
On first conviction with imprisonment of either
description for a term which may extend to five years and with fine which may
extend to ten lakh rupees and in the event of second or subsequent conviction
with imprisonment of either description for a term which may extend to seven
years and also with fine which may extend to ten lakh rupees
Now, to find the answer as which court may try cases of criminal nature under the IT Act, the above mentioned list has to be matched with the powers of various criminal courts under Ss.28 & 29 of Cr.P.C. The powers of the courts under the Cr.P.C can thus be categorized as follows:
As such it may be understood that cybercrimes and offences recognised under Chapter XI with various degrees of punishment may be dealt by various criminal courts as has been discussed under Ss.28 and 29 of the Criminal Procedure Code. But, in such cases also, the aggrieved party (including the offender) may make an appeal to the appropriate courts including the Session’s court, High Court and also to Supreme court. However, in case the offence includes any offence targeting children, then along with Information Technology Act, 2000(amended in 2008), provisions of Protection of Children from sexual offences Act may also be applied. In such cases, the offence may necessarily be dealt with by courts designated under POCSO Act : such courts may be Special Court or Children’s Court or the Sessions court itself.
Note: Please do not violate the copyright of this writeup. If you wish to use this writeup for your report/assignment/project etc, please refer it as Halder Debarati (2019) Court system under Information Technology Act, 2000 (amended in 2008). Published in http://www.internetlegalstudies.com on 12-08-2019
 For example see @https://www.theguardian.com/technology/2019/aug/09/facebook-facial-recognition-lawsuit-can-proceed-us-court?CMP=share_btn_fb&fbclid=IwAR3RvbLbL9TmFCkeBgypZORu4dRYnQNFvbWuFfIoQN1m-n80UlFO8_26qIk
Court releases man accused of dating underage girl, on the ground that the accused was intellectually disabled, due to his disability he was attracted to internet dating sites and the concerned dating site clearly mentioned that no one below the age of 19 can be the member of the said site. The court also considered that the accused stopped communicating with the woman understanding that she may be under 14. https://www.irishtimes.com/news/crime-and-law/man-released-without-charge-after-sting-in-cork-1.3970574