Delhi High Court: In a writ petition filed by the petitioner, a married woman with a nine-year-old son seeking the blocking of certain sites exhibiting intimate images of the Petitioner, and for registration of a First Information Report (FIR) arising out of the complaint dated 03-08-2021 made by the Petitioner to Lajpat Nagar Police Station, New Delhi. Subramonium Prasad J., issued directions and recommendations to the intermediaries, the Ministry of Electronics and Information Technology (MEITY), as well as the Delhi Police, for ensuring that cases related to Non-Consensual Intimate Images are dealt with in a manner that minimises the trauma caused to the victim and resolves the problem.
In December 2019, she became acquainted with one Mr. Richesh Manav Singhal, who introduced himself as a British Chartered Accountant. Mr. Singhal got acquainted with the Petitioner as she was living with her son in rented accommodation in Gurugram on account of her job and financial constraints. Mr. Singhal took advantage of the absence of the Petitioner’s family members, came over to her place and forced himself upon her, took objectionable pictures and blackmailed her for money and later leaked them when her funds depleted.
The petitioner filed a complaint and approached the Grievance Cells of Respondents 3 to 6, i.e., Google LLC, Microsoft India Pvt. Ltd., YouTube.com, and Vimeo.com, as well as having placed multiple complaints on cybercrime.gov.in, for taking down the explicit images. As per Status Reports dated 28.08.2021 and 14.09.2021 regarding URL’s being blocked/removed. Vide Status Report dated 16.03.2022, this Court was apprised of the fact that the accused Richesh Manav Singhal and Shweta Chhabra had been arrested after an investigation at their residence which led to the discovery of more than 83,000 explicit pictures. Later it was also found that he was involved in other cases as well pending investigation and under police custody remand. The Court issued directions and recommendations to the Intermediaries, the Ministry of Electronics and Information Technology (MEITY), as well as the Delhi Police, for ensuring that cases of the instant nature are dealt in a manner that minimises the trauma caused to the victim and resolves the problem at hand expeditiously:
-
On approaching the Court for a takedown order in a matter involving NCII content, the Petitioner must, along with the petition, file an affidavit in a sealed cover identifying the specific audio, visual images and key words that are being complained against, in addition to the allegedly offending URLs for ex facie determination of their illegality.
-
The Grievance Officer, as defined under Rule 2(1)(k), who is appointed by the intermediary for receiving complaints of the users/victims must be appropriately sensitised. The definition of NCII abuse must be interpreted liberally by the intermediaries to include sexual content obtained without consent and in violation of an individual’s privacy as well as sexual content obtained and intended for a private and confidential relationships.
-
The “Online Cybercrime Reporting Portal”, which is a central platform available on cybercrime.gov.in, must have a status tracker for the complainant, commencing from filing of a formal complaint to the removal of the offending content. The portal must specifically display the various redressal mechanisms that can be accessed by the victim in cases of NCII dissemination. This display should be in all languages specified in the Eighth Schedule. The cybercrime.gov.in website, along with every other website of Delhi Police, should also notably display the contact details/address of each District Cyber Police Station present in the National Capital Territory of Delhi.
-
On the receipt of information, noting the nature of NCII content which is punishable under Section 66-E of the IT Act and the distress that its continued existence may cause to the victim, the Delhi Police must immediately register a formal complaint in order to initiate an investigation and bring the perpetrators to book as soon as possible so as to prevent the repeated upload of the unlawful content.
-
Every District Cyber Police Station must have an assigned Officer who must liaise with the intermediaries against which grievances have been raised by the victim who has approached the Delhi Police and an endeavour should be made to ensure that the grievance is resolved within the time schedules stipulated under the IT Rules. The intermediaries are directed to cooperate unconditionally as well as expeditiously respond to Delhi Police, and thereafter follow the time schedules under the IT Rules.
-
A fully functioning helpline which is available round-the-clock should be devised for the purpose of reporting NCII content. Operators and individuals manning this helpline must be sensitized about the nature of NCII content and must, under no circumstances, indulge in victim-blaming or shaming the victim. Considering the impact that NCII content has on the mental health of its victims, these operators should also have a database of organisations with registered counsellors, psychologists and psychiatrists available for reference to the victims. The Delhi Legal Services Authority may also be apprised and engaged in case the victims need legal aid
-
Search engines must employ the already existing mechanism with the relevant hash-matching technology on the lines of the one developed by Meta as has been discussed above. They cannot be allowed to avoid their statutory obligations by stating that they do not have the necessary technology, which is patently false as was exhibited during the hearing.
-
The reporting mechanism under Rule 3(2)(c) of the IT Rules must be conveyed to the users by the intermediaries by way of prominent display of the same on the website of the intermediary. It is necessary for users to be made aware of the reporting mechanism and the onus for educating the users lies on the intermediaries.
-
The timeframe as stipulated under Rule 3 of the IT Rules must be strictly followed without any exceptions, and if there is even minor deviation from the said timeframe, then the protection from liability accorded to a search engine under Section 79 of the IT Rules cannot be invoked by the search engine.
-
When a victim approaches a Court or a law enforcement agency and obtains a takedown order, a token or a digital identifier-based approach must be adopted by search engines to ensure that the de-indexed content does not resurface. This means that the user/victim may be assigned a unique token upon initial takedown of NCII content. If the user/victim subsequently discovers that the same content has resurfaced, then it is the responsibility of the search engine to use the tools that already exist to ensure that access to the offending content is immediately ceased without requiring the victim to approach the Courts or other authorities again and again for removal of the same. The search engine cannot insist on requiring the specific URLs from the victim for the purpose of removing access to the content that has already been ordered to be taken down, and the victim cannot be made to face humiliation or harassment by having to approach the authorities or Courts seeking the same relief.
-
As a long-term suggestion, a trusted third-party encrypted platform may be developed by MEITY in collaboration with various search engines under Rule 3(2)(c) for registering the offending NCII content or the communication link by the user/victim. Accordingly, the intermediaries in question may assign cryptographic hashes/identifiers to the said NCII, automatically identify and remove the same through a safe and secure process. This would reduce the burden on the victim/user to constantly have to scour the internet for NCII pertaining to them and have to request the removal/de-indexing of individual URLs. The utmost importance should be accorded to the fact that the privacy of the user/victim must remain inviolable, and the data collected for the purposes of using the hash matching technology is not stored and misused. Because of the vulnerability of the data involved, the platform must be subject to the greatest of transparency and accountability standards.
[Mrs. X v Union of India, 2023 SCC OnLine Del 2361, decided on 26-04-2023]
Advocates who appeared in this case :
Mr. Sanjeev Mahajan, Mr. Sachin Tandan, Advocate for the Petitioner;
Mr. Anurag Ahluwalia, CGSC with Mr. Gursihar Preet Singh, Mr. Danish Faraz Khan, Advocate for UOI. Ms. Nandita Rao, ASC for the State with Mr. Amit Peshwani;
Ms. Aaliya Waziri, Advocates and Inspector Kusum Dangi, IFSO Cyber Cell, Dwarka;
Mr. Arvind Nigam, Sr. Advocate along with Ms. Mamta Rani Jha, Ms. Shruttima Ehersa, Mr. Rohan Ahuja, Mr. Vatsalya Vishal & Ms. Riya Gupta, Advocates for R-3/Google LLC;
Mr. Jayant Mehta, Sr. Advocate with Ms. Anushka Sharda, Mr. Madhav Khosla, Ms. Moha Paranjpe, Advocates for Respondent No. 4 (Microsoft);
Mr. Debopriyo Moulik and Ms. Shweta Chabbra, Advocates for R-10 Mr. Saurabh Kripal, Sr. Advocate (Amicus Curiae) with Ms. Tanima Gaur, Mr. Sidhant Kumar, Ms. Manyaa Chandok, Ms. Vidhi Udayshankar, Advocates.