QUESTION

(a) the measures taken by Government in ensuring ethical use of futuristic technologies
such as Artificial Intelligence (AI), machine learning, blockchain and web3;

(b) the measures taken by Government in identification and resolution of cases pertaining
to the AI generated deep fake content and identity theft; and

(c) whether Government has set up teams for active monitoring of the dark web to identify
malicious activities such as sale of leaked Government data, individual financial data, and
personal identity data, if so, the details thereof?

ANSWER

MINISTER OF STATE FOR ELECTRONICS AND INFORMATION TECHNOLOGY (SHRI RAJEEV CHANDRASEKHAR)

(a) to (b): The policies of the Government are aimed at ensuring that Internet in India is open, safe, trusted and accountable to all users. Under Section 66 D of Information Technology Act, 2000, cheating by personation by using computer resource is punishable with imprisonment up to 3 years and fine up to Rs 1 lakh. Further, under Rule 3(1)(b)(vii) of Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, (“IT Rules, 2021) every social media intermediary is mandated to observe due diligence including ensuring the rules and regulations, privacy policy or user agreement of the intermediary inform users not to host any content that impersonates another person. Under Rule 3(2)(b) of IT Rules, 2021 an intermediary is obliged to remove and disable access to content in nature of impersonation, within 24 hours from the receipt of a complaint in relation to such content. Under Rule 7 of IT Rules, 2021, where an intermediary fails to observe these rules, the provisions of sub-section (1) of section 79 of the Information Technology Act, 2000 (immunity) shall not be applicable to such intermediary and the intermediary shall be liable for punishment under any law including the provisions of the Act and the Indian Penal Code. Further, to prevent the harms caused by such misinformation through deepfakes, the Ministry of Electronics and Information Technology has issued advisories to significant social media intermediaries or platforms, drawing their attention to the above provisions and advising them as under:

(i) That they should ensure that their rules and regulations and the user agreement contain appropriate provisions for the users not to host, display, upload, modify, publish, transmit, store, update or share any information which are prohibited under IT Rules; (ii) That they shall align their terms of use to ensure that all users are aware and they shall play a proactive role in sensitizing their users about what is permissible or not on their platforms under the IT Rules; (iii) That, as part of the reasonable efforts made by them in this regard, they may also put in place appropriate technology and processes for identifying information that may violate the provisions of rules and regulations or user agreement; and

(iv) That they are advised to ensure expeditious action, well within the timeframes stipulated under the IT Rules, 2021, to remove or disable access to information/content that violates the aforesaid provisions of the IT Rules, 2021, upon receipt of court orders or notification from the Appropriate Government or its authorised agency or on complaint made by the impersonated individual or person authorised by him in this behalf. (v) That in case of failure to follow diligence as provided in the IT Rules, 2021, by intermediaries, they shall lose their safe harbour protection under section 79 of the IT Act and shall be liable for consequential action as provided in IT Act, 2000, IT Rules, 2021, Indian Penal Code, 1860 and other applicable laws, as per the rule 7 of the IT Rules, 2021.

(c) The term “Dark Net” is used to denote a class of content on the Internet that is not visible through general browsing and not indexed by search engines. To protect personal data of users, the Central Government, in exercise of its powers under the Information Technology Act, 2000, has prescribed reasonable security practices and procedures and sensitive personal data or information through the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. These include the requirement that any person collecting, receiving, possessing, storing, dealing or handling information provided should publish on its website a policy for privacy and disclosure of personal information, that such person use the information collected for the purpose for which it was collected and keep it secure, that disclosure of sensitive personal data be done with prior permission of the information provider, that sensitive personal data or information not be published, and that a third party receiving sensitive personal data or information shall not disclose it further.Section 72A of the Information Technology Act, 2000 provides for punishment for disclosure of information in breach of the lawful contract. It provides that any person including an intermediary who, while providing services under the terms of lawful contract, has secured access to any material containing personal information about another person, with the intent to cause or knowing that he is likely to cause wrongful loss or wrongful gain discloses, without the consent of the person concerned, or in breach of a lawful contract, such material to any other person, shall be liable to penalty which may extend to twenty-five lakh rupees.