advertisement
India tried to demonstrate the power of a 56-inch chest on Wednesday, 21 March, when Union Minister for Law and IT Ravi Shankar Prasad issued a “stern observation” to Facebook (FB) CEO Mark Zuckerberg over reports that information harvested from the social media site was used to influence elections in India.
The “warning” was part of the government’s response to news of how Cambridge Analytica, a data-driven election strategy company, got access to data of 50 million Facebook users and allegedly retained this to build their profiling tools despite telling Facebook that they had deleted it. Prasad also alleged that the Congress utilised the services of CA during the Gujarat elections last year.
Too caught up to read the whole story? Listen to it here:
If someone commits a criminal offence which applies to India, but is based outside the country, the good news is yes, the long arm of the law can still get to them.
Section 105 of the Code of Criminal Procedure deals with how requests can be made to issue summons to suspected criminals in foreign countries, and we also have Mutual Legal Assistance Treaties (MLATs) with 39 countries (including the US) which makes the process much simpler. As the Hon’ble IT Minister of India points out, the Information Technology Act 2000 (IT Act) covers offences committed by a person outside India as well (section 75), provided it involves a computer, computer system or computer network located in India.
This is because even in situations where we have a MLAT, a summons issued from India isn’t immediately binding on the foreign national in question. To take the example of Zuckerberg, if India wants to summon him in relation to data theft from Indians, the ministry for home affairs will need to make a request to the US central authority under the India-US MLAT to issue a summons to him. Because of the MLAT, the US Authority is bound to consider the request, but is not bound to accede to it.
And even if it does this, the way the whole process works is very different from what you might expect.
Even if a summons (or a bailable warrant) is sent by India through the right channels, with all the necessary documents, there’s no guarantee that it will even be sent to Zuckerberg. However, requests under an MLAT are generally meant to be complied with, and only refused in limited circumstances like political offences, or where the law of the ‘requested state’ wouldn’t allow compliance.
So let’s be optimistic and say that the request is granted, and the summons is served to him. What happens then? Does he have to promptly book the next flight to India?
Well, not quite. The Indian government reportedly sent a notice to Cambridge Analytica on Friday, asking whether the data of any Indian citizens was compromised — though this has not been specified to be under any legal provision, and it is unclear what legal provision would even apply to CA. However, this is reflective of the fact that in the event the Indian government does want to look into any data theft, it will need to make inquiries, ask questions and collect evidence.
Article 8 of the India-US MLAT would allow Indian authorities to go to the US to be part of any questioning, but it is important to note that even any evidence or documents collected by the US would not be automatically transferred to India. The US would have to check whether their own law prohibits sending the relevant evidence first, and only then agree to send it across.
Continuing our vein optimism, let’s say things are going swimmingly and we’ve got some interesting information we want to follow up on by getting Zuckerberg to India. Can we get him hauled over here and arrested?
The answer is not one that Prasad is going to like.
All in all, this makes the IT Minister’s warning not much of a warning, because it means that a summons from India would have very little coercive power over Zuckerberg, who could very well ignore it and not face any major consequences for doing so.
If Prasad really wanted to flex the mighty arm of the Indian state, he would, of course, have the option of trying to get Zuckerberg extradited. Extradition, unlike procedures under an MLAT, would compel Zuckerberg to arrive here.
Unfortunately, India isn’t very good at extradition, with only 33% (or even fewer) extradition requests successful, owing to a combination of bumbling incompetence by Indian authorities, poor jail conditions and concerns over human rights violations. India has also never managed to get any foreign nationals extradited to India from the US.
Even if extradition were an option on the table, what would we be looking to extradite Zuckerberg for? Not every offence is extraditable – they have to at least involve one year’s imprisonment, for instance, and, under the India-US Extradition Treaty, cannot be a political or military offence.
Sensitive personal data or information (SPDI) is defined in the IT Rules 2011 refers to (i) passwords, (ii) financial information (such as bank account and payment instrument details), (iii) physical and mental health condition, (iv) sexual orientation, (v) medical records and history, and (vi) biometric information.
Going by the kind of data harvested in the Cambridge Analytica fiasco, it is not clear that any data theft from Facebook would necessarily involve SPDI, and so this provision may not apply in such cases — though it really should, as the profiling potential is just as bad. Even if it did, this is not a criminal offence, so any proceedings against Facebook for this issue would neither provide grounds to summon Zuckerberg under an MLAT nor extradite him.
Unfortunately, Facebook’s terms and conditions, like everything we happily sign to get access to apps and online services, are labyrinthine and give the company and third party developers all sorts of access and rights to your data. They were improved in 2012 to no longer allow your data to be signed away, per se, by one of your Facebook friends, but as the expose by The Guardian, Channel 4 and the New York Times shows, Facebook’s enforcement of data protection rules leaves a lot to be desired.
Regardless, when we can’t get the Vijay Mallyas and Tiger Hanifs and David Headleys extradited to India, it would be inconceivable that the US would agree to extradite someone like Zuckerberg for some random IT Act offence. If anything, it helps underscore the urgent need for a comprehensive data protection law in India.
As a result, it would seem that even the remote possibility of extradition is off the table, as is the possibility of any criminal punishment for Facebook.
The only option left to give any sort of pause to the billionaire is to seize Facebook’s assets in India or block the website. The former will not be possible unless some sort of economic offence or fraud can be shown to have taken place — of which there is no current evidence.
Blocking the site would be easier for the government to do under section 69A of the IT Act, for instance, which doesn’t require a criminal offence to have taken place, just that the government or one of its authorised officers be satisfied that this is necessary in certain circumstances.
Too bad then, that there’s pretty much no possibility of it happening. Social media has been a key forum used by the ruling BJP to gain and maintain support, as anyone with the faintest online presence can attest.
The party’s strategy also relies heavily on Facebook, with its use specifically encouraged among party lawmakers. The Indian Express reports that at the BJP parliamentary party meeting – which took place two days after Prasad made his “stark observation” – MPs were “reminded of the importance of social media, especially Facebook, in their outreach programmes and poll campaigns.”
It would appear, therefore, that no matter what Union Minister Ravi Shankar Prasad says, pretty much everything Facebook does is likely to be tolerated. All threats, warnings and “stern observations” have no substance and are meant to deflect attention from other things — perhaps even the fact that Cambridge Analytica and its Indian arm claim that they have worked for the BJP.
It should also be pretty clear by now that the Hon’ble IT Minister’s warning was pure bluster, and that Mark Zuckerberg has nothing to fear personally and will not be getting any sleepless nights.
(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)
Published: 24 Mar 2018,10:22 PM IST