Expanding Freedom and Democracy
Freedom on the Net 2019

India

Partly Free
55
100
A Obstacles to Access 12 25
B Limits on Content 24 35
C Violations of User Rights 19 40
Last Year's Score & Status
57 100 Partly Free
Scores are based on a scale of 0 (least free) to 100 (most free). See the research methodology and report acknowledgements.

header1 Overview

Internet freedom declined in India—the result of an increase in arrests for online activity, and continued internet shutdowns during times of perceived unrest. Plagued by the spread of disinformation and its violent effects offline, the government proposed worrisome new rules that would undermine freedom online. Data protection and surveillance issues remained of key concern to Indians during the coverage period; controversies also continued around Aadhaar, the world’s largest biometric identification system, and a problematic draft data protection bill remained in limbo. Meanwhile, ahead of and during the 2019 elections, incumbents and candidates alike manipulated content, used bots, and employed volunteers to push inorganic content and exacerbate existing social tensions for political gain. Within this environment, marginalized groups in particular experienced online harassment and trolling.

India maintains a robust electoral democracy with a competitive multiparty system at federal and state levels, though politics are beset by corruption. While the constitution guarantees freedom of expression, and the news media are vibrant, harassment and violence against journalists has increased under the administration of Prime Minister Narendra Modi and his right-leaning, Hindu nationalist Bharatiya Janata Party (BJP), as have religiously motivated attacks against non-Hindus.

header2 Key Developments, June 1, 2018 – May 31, 2019

  • Local authorities continue to restrict connectivity routinely in India, justifying shutdowns on the basis of protests, misinformation, exams, and to maintain public order, among other things (see A3 and B8).
  • In December 2018, new draft intermediary guidelines were proposed that would undermine encryption, set new retention requirements on content removed, and mandate that intermediaries deploy automated tools to proactively identify and remove content deemed illegal (see B2, C4, and C6).
  • Political propaganda proliferated during the 2019 election, with both major parties using armies of volunteers and managed bots to push out content and drive inorganic traffic online (see B5).
  • In July 2018, India adopted robust new net neutrality rules (see B6).
  • More users were arrested and detained for social media posts, including journalists and politicians. In one case, a journalist was held in detention from November 2018 to May 2019 under the National Security Act for a provocative condemnation of local BJP officials and Prime Minister Narendra Modi (see C3).
  • The Supreme Court ruled in September 2018 that the government’s controversial biometric Aadhaar project is constitutional, but set limits on the program’s use. In March 2019, despite the court’s restrictions, the government promulgated the Aadhaar Ordinance, allowing for the voluntary linking of Aadhaar numbers for commercial use (see C5).
  • In July 2018, the Srikrishna Committee, established in 2017 to create a data protection framework, submitted a draft Personal Data Protection Bill for review. The legislation would create new criminal liabilities and establish a data protection agency that was seen as susceptible to politicization, and prompted concern among civil society groups and tech companies (see C5).
  • Information that became public during the coverage period via media reports and Right to Information requests suggests that state and central government agencies continue to monitor social media, and to proactively search for activity the government deems as wrongdoing (see C5).

A Obstacles to Access

Internet penetration in India continues to improve, with many people going online using their mobile phones. However, inadequate infrastructure remains a significant obstacle to access, especially in rural areas. Various governmental and nongovernmental efforts to improve access nationwide are underway. Information and communication technology (ICT) shutdowns ordered by local authorities continued during the coverage period.

A1 1.00-6.00 pts0-6 pts
Do infrastructural limitations restrict access to the internet or the speed and quality of internet connections? 3.003 6.006

Internet access and speeds improved during the reporting period. India continues to have the second largest number of internet subscribers in the world after China, having overtaken the United States in 2016.1 Official statistics recorded almost 605 million subscribers in December 2018,2 though only 21.42 million had fixed-line internet connections.3 There were an estimated 391 million internet users in urban India, and 213 million in rural India in December 2018.4

While access is expanding, the rate of internet penetration among India’s nearly 1.4 billion residents remains low, reaching only 46 percent in December 2018,5 though that was up from 38 percent in March 2018.6 Mobile penetration was much higher, at almost 90 percent by December 2018,7 though it was down 2 percent from the 92 percent in September 2017.8 The Broadband Commission in 2018 ranked India 79 out of 196 countries in terms of mobile broadband penetration,9 down from 78 the previous year.10

India’s average connection speed was among the lowest in Asia, at 6.5 Mbps, according to a 2017 report by the cloud service provider and content delivery network Akamai.11 However, the report found that it was catching up to the global average of 7.2 Mbps in the first quarter of 2017.12 The share of broadband subscribers has significantly increased from 57.33 percent in September 201613 to 87 percent in December 2018.14 Despite overall growth, India has a relatively low adoption rate for high-speed broadband (faster than 10 Mbps), at just 19 percent as of 2017.15 The minimum speed required to qualify as broadband in India has been 512 Kbps since 2012,16 though the Telecom Regulatory Authority of India (TRAI) has recommended raising the threshold to 2 Mbps.17

The Inclusive Internet Index 2019, a project of the Economist, puts India at 68 out of 100 in terms of availability, which is determined by quality and breadth of available infrastructure.18 Similarly, India ranked 63 out of 140 countries for infrastructure in 2018, according to the World Economic Forum’s Global Competitiveness Index.19 Though up from 66 the previous year,20 the results suggest poor infrastructure is still an obstacle to access. India ranked a low 105 for electricity supply21 and 117 for ICT adoption.22

A number of ambitious public- and private-sector initiatives to improve access continue. The government is developing free public Wi-Fi zones in major cities. By one account, there were around 300,000 Wi-Fi hotspots in India in mid-2019;23 the government aims to have 5 million in place by 2020 and 10 million by 2022.24 In 2016, the public sector company RailTel launched a project, with technical support from Google, to provide free Wi-Fi at train stations.25 By April 2019, 1,600 stations were connected,26 and in May 2019 over 23 million people ha used these services.27 RailTel has said it aims to provide free Wi-Fi at the remaining 4,900 railway stations across India by the end of 201928 by using fiber-optic cables laid down along railway tracks.29

A2 1.00-3.00 pts0-3 pts
Is access to the internet prohibitively expensive or beyond the reach of certain segments of the population for geographical, social, or other reasons? 1.001 3.003

While mobile data plans in India are quite cheap, digital divides remain across geography, language, and gender.

According to a 2018 report from the British-based company Cable, India has the cheapest mobile data pricing in the world, with an average cost of $0.26 for one gigabyte of data.1 According to the Economist’s Inclusive Internet Index 2019, India ranks 10 out of 100 countries surveyed in its affordability index, defined by cost of access relative to income and the level of competition in the internet marketplace.2 However, prices have increased in recent years. Between 2014 and 2017, there was a 26 percent increase in the affordability of mobile internet—the largest increase among all countries assessed in the Mobile Connectivity Index during this period. (That index is compiled by GSMA, a trade body that represents mobile network operators worldwide.)3

India’s rural areas are poorly connected, though a number of public and private initiatives aim to narrow the urban-rural divide. The government’s ongoing Digital India Programme, launched in 2014,4 aims to extend fiber-optic cables to more rural areas, establish Internet-connected common service centers (CSCs),5 and provide residents with e-literacy programs.6 The Digital India Programme has also proposed using satellites, balloons, or drones to bring faster digital connections to remote parts of the country,7

Language also remains a barrier to access. With 22 official languages, only about 12 percent of the population of India speaks English,8 yet a significant proportion of news and other material available to users in India is in English.9 Projects to encourage local language usage online are underway. In 2014, the National Internet Exchange of India (NIXI), which operates and manages Indian domain names, launched the Dot Bharat domain for local language URLs.10 By April 2017, the number of local language users in India had overtaken the number who rely on English.11 In July 2018, there were 234 million Indian language users online,12 and this number is expected to grow.13

There is also a significant gender divide, with studies in 2017 and 2018 finding that only about a third of Indian internet users are women.14 However, the GSMA’s Mobile Gender Gap Report 2019 found that the percentage of women who were aware of mobile internet rose from 19 percent in 2018 to 42 percent in 2019.15 Internet Saathi, a partnership between Google and Tata Trusts to promote digital literacy among rural women, trains hundreds of women per week in villages across the country, 16 and by July 2019 had reached some 70,000 participants.17

A3 1.00-6.00 pts0-6 pts
Does the government exercise technical or legal control over internet infrastructure for the purposes of restricting connectivity? 2.002 6.006

The government does not routinely block the protocols or tools that allow for instant, person-to-person communication. However, India is a global leader in the number of internet shutdowns imposed,1 and new broad rules regulating shutdowns were instituted in August 2017.

Local authorities around India have restricted ICT connectivity and usage during times of perceived unrest since at least 2010.2 The frequency, geographic distribution, and duration of these shutdowns have increased significantly in the past five years. Authorities ordered providers to restrict local mobile phone, SMS, wireless, or occasionally fixed-line internet service in at least 30 reported incidents between January 2018 and May 2019.3 (If Indian Kashmir—which is not assessed in this report—were included, that number dramatically increases to over 180.)

Shutdowns were implemented in at least 14 states in 2018, and 7 states had seen internet shutdowns in 2019 at the time of writing, with government officials typically justifying them as cautionary measures to maintain law and order, quell violence, prevent cheating on exams, restrict protests, or prevent the spread of disinformation; they affected both mobile and fixed-line connections,4 and lasted anywhere from a few hours to a few days (see B8). For example, internet was restricted for 24 hours in September 2018 in Rajasthan after three men were murdered to prevent misinformation and hate speech online.5 In Meghalaya in June 2018, internet services were cut off across five districts to limit the spread of rumors after local residents called for the resignation of the chairman of a local Forest Advisory Committee.6

Authorities use legal and policy frameworks to order connectivity restrictions, as the government does not exert much control over the internet infrastructure (see C4). Orders to restrict connectivity are often justified under Section 144 of the Code of Criminal Procedure (1973), which permits broad state action to curb any violation of law and order.7 The Gujarat High Court upheld the use of this general law to order shutdowns in September 2015.8 The Supreme Court has yet to consider the matter substantively and refused a petition challenging it in early 2016.9 Section 69A of the Information Technology (IT) Act permits the central government to order website blocks, while section 5 of the Indian Telegraph Act allows state and central authorities to order that any message not be transmitted in public emergencies, and has been cited in support of service disruptions (see B3).10

In August 2017, the Department of Telecommunications of the Central Government issued new rules under the Telegraph Act to regulate the temporary suspension of telecom services.11 The broad rules authorize national or state-level officials to issue temporary suspension orders to shut down telecommunications services in times of public emergency or threats to public safety.12

A4 1.00-6.00 pts0-6 pts
Are there legal, regulatory, or economic obstacles that restrict the diversity of service providers? 4.004 6.006

Internet users have a range of choice for mobile and internet connections, but fees to enter the market have served as an economic barrier for some providers. As of December 2018, there were 326 operational ISPs in India1 up from 156 in 2017.2 While there is no monopoly, Reliance Jio has almost 47 percent of the market, and the top three ISPs together control 93 percent of the market.3 There are seven mobile operators,4 with Vodafone Idea controlling almost 36 percent of the market and the top three operators controlling 88 percent of the market.5

A universal license framework, for which guidelines were published in November 2014,6 reduced legal and regulatory obstacles by combining mobile phone and ISP licenses. Licensees pay a high one-time entry fee, a performance bank guarantee,7 and annual license fees adjusted for revenue.8

By 2017, the Cybercafé Association of India (CCAOI) said that over 70 percent of cybercafés had closed in the past year.9 In 2011, the Indian government introduced rules under Section 79 of the IT Act requiring cybercafés to obtain a government-issued identification number in addition to a license, as well as to register and monitor customers.10 Critics said the rules were “poorly framed.”11 Penalties for noncompliance are unclear, and enforcement has reportedly been patchy. Common service centers are exempt and operate under separate guidelines.12

Roughly a dozen submarine cables connect India to the global internet,13 most of which are consortium-owned.14 There are at least five landing stations where the cables meet the mainland, with ownership divided roughly between BSNL, the state-owned telecom operator, and private owners.15

A5 1.00-4.00 pts0-4 pts
Do national regulatory bodies that oversee service providers and digital technology fail to operate in a free, fair, and independent manner? 2.002 4.004

The Ministry of Electronics and Information Technology (MeitY) formulates policy relating to information technology, electronics, and the internet.1 The Department of Telecommunications (DoT), under the Ministry of Communications, manages the overall development of the telecommunications sector, licenses internet and mobile service providers, and manages spectrum allocation.2

Internet protocol (IP) addresses are regulated by the Indian Registry for Internet Names and Numbers (IRINN).3 Since 2005, the registry has functioned as an autonomous body within the nonprofit National Internet Exchange of India (NIXI).4

The Telecom Regulatory Authority of India (TRAI), an independent regulator, was created in 1997 to regulate the telecommunications, broadcast, and cable TV sectors.5 The Telecom Regulatory Authority of India Act (TRAI Act) mandates transparency in the exercise of its operations, which includes monitoring licensing terms, compliance, and service quality.6 Its reports are published online, usually preceded by a multistakeholder consultation.7 An amendment to the TRAI Act in 2000 established a three-member Telecommunications Dispute Settlement and Appellate Tribunal chaired by a former senior judge.8

There are some reservations about TRAI’s independence.9 Appointment and salary decisions for members remain in the hands of the central government. The TRAI Act initially barred members who had previously held central or state government office, but 2014 amendments allowed them to join the regulator two years after resigning from office or earlier, with government permission.

TRAI opinions, however, are generally perceived as free of official influence.10 In 2016, it was involved in framing net neutrality regulations prohibiting discriminatory tariffs for data services.11 It has also recommended a reduction in charges levied for use of cable landing stations12 and pitched for lower taxes on telecom services.13

B Limits on Content

Content blocking continued to affect legitimate political and social information during the coverage period, and some content removals by private companies caused controversy. While the digital media landscape remained lively, and citizens continued to use digital tools to mobilize around important social issues, local authorities at times suspended internet access during times of perceived unrest. In a troubling development, many prolific and effective disinformation campaigns emerged during the general election campaign, while fraudulent or misleading content led to instances of offline violence.

B1 1.00-6.00 pts0-6 pts
Does the state block or filter, or compel service providers to block or filter, internet content? 3.003 6.006

Legitimate political and social information has been blocked by court or government orders in India. Since such orders that are not often made public, it is difficult to assess the extent of the blocking. In its 2017 response to a Right to Information request, the Ministry of Electronics and Information Technology confirmed that as many as 23,030 websites or URLs had been blocked.1 In another acknowledgement reflecting scale of government blocking, the DoT confirmed in August 2018 that it had requested the blocking of 11,045 websites, webpages, and URLs since 2016.2 Some of the content that has been said to be blocked includes has included social media networking groups and websites engaged in flaring up anti-India sentiments.3

A number of users reported difficulty in accessing popular websites and platforms during the coverage period, including Reddit; India’s biggest free legal database, Indian Kanoon; the website of Telegram; SoundCloud; and various virtual private networks (VPNs).4 The blocking of these websites varied dependent upon the ISP and location of the user.5 There is a lack of clarity on whose orders and under what laws these pages were blocked.

The government again attempted to block pornography online during this report’s coverage period. In compliance with the Uttrakhand High Court,6 the DoT issued blocking orders in October 2018 for 827 sites hosting pornographic content.7 In April 2019, the Madras High Court issued an order to ban TikTok, which has 120 million monthly active users in India, also on grounds of “encouraging pornography” (see B2).8

In April 2018, research by Citizen Lab found that India was using internet filtering technology from the Canadian-based company Netsweeper.9 The group identified 1,158 unique URLs blocked, including content related to the Rohingya refugee crisis and websites documenting fatal violence against Muslims in Myanmar and India.10 Some URLs on Facebook, Twitter, and YouTube dedicated to religious minorities were also blocked, but available for those accessing the pages through HTTPS.

B2 1.00-4.00 pts0-4 pts
Do state or nonstate actors employ legal, administrative, or other means to force publishers, content hosts, or digital platforms to delete content? 3.003 4.004

Improvements to the framework for intermediary liability mean that less political and social content is subject to removal than in the past. However, takedowns and private censorship by companies still caused concern during the reporting period, as did worrying proposed changes to intermediary liability.

In an effort to restrict pornographic content online, the Madras high court ordered that Google and Apple remove TikTok from their app stores in April,1 and the app was subsequently removed from the app stores. However, three weeks later the court reversed its decision.2

In March 2019, a number of social media platforms and the Internet and Mobile Association of India (IAMAI) released a Voluntary Code of Ethics for the General Election 2019,3 which outlined how the Election Commission of India (ECI) can notify platforms to remove content. By the end of April 2019, platforms had removed over 600 posts, originally reported by ECI, during the first three phases of Indian elections.4 Removals included content deemed to have constituted hate speech, “offended public morality and decency,” spread “voter misinformation,” and violated the country’s model code of conduct.5 Ahead of the elections, Facebook removed “coordinated inauthentic behavior” on its platform that linked back to the ruling Bharatiya Janata Party (BJP) and the opposition Indian National Congress, often known simply as Congress (see B5).6

Following the 2017 Shreya Singhal v. Union of India ruling—in which the Supreme Court ruled that intermediaries were only obligated to take down content on receiving an order from a court or government authority—Facebook said it would require more formal notifications to restrict content (see C3).7 Facebook restricted 17,685 items from July to December 2018, up from 1,500 total restrictions during the previous six-month period. The restrictions were primarily for hate speech, anti-religion content constituting incitement to violence, extremism, and antistate content. A massive 16,600 items were restricted based on a John Doe order from the Delhi High Court.8 The court order followed a July 2018 civil defamation suit filed by PepsiCo on claims that the company’s Kurkure corn puffs contained plastic.9

Other international companies reported receiving a high number of requests to remove content from Indian courts or government representatives. Google reported receiving 1,190 content removal requests affecting 6,202 items from January to June 201810 up from 1,074 requests from July and December 2017. 11 It complied with around 20 percent of these requests, 32 percent of which came from the judiciary and 19 from executive orders. The most commonly cited reasons for removal requests were defamation and privacy and security.12

Twitter received a total of 667 removal requests between July and December 2018, affecting 2,228 accounts. Ten of these were based on court orders and the rest, 657, on executive and law enforcement orders. Twitter withheld material in 95 accounts and 114 tweets, amounting action taken in 2 percent of these requests.13

A 2008 IT Act amendment protected technology companies from legal liability for content posted to their platforms, with reasonable exceptions to prevent criminal acts or privacy violations.14 Intermediary guidelines issued in 2011 under Section 79 of the IT Act required intermediaries to remove access to certain content within 36 hours of a user complaint.15 The government later clarified this rule.16 In the Shreya Singhal case, the Supreme Court read down Section 79 and the intermediary guidelines, and companies are no longer required to act on user complaints. Court and government takedown orders, furthermore, are only legitimate if they fall within the reasonable restrictions provided for under Article 19(2) of the constitution. Unlawful content beyond the ambit of Article 19(2) cannot be restricted.17

In December 2018, MeitY released new draft intermediary guidelines intended to replace the 2011 rules under Section 79 of the IT Act (see C4 and C6).18 Purportedly aimed to curb the spread of disinformation and misinformation, the rules mandate that intermediaries deploy automated tools to proactively identify and remove illegal content, including that which harms “public health or safety.” Intermediaries—defined broadly to include ISPs, social media platforms, email providers, and cloud services, among others—would have 24 hours to comply with a government removal order.19 Civil society groups and internet experts have urged the government to withdraw the proposal, noting that it conflicts with the Shreya Singhal ruling and would be ineffective at limiting disinformation.20 By the end of the coverage period, the rules remained in draft form.

Intermediaries can separately be held liable for infringing the Copyright Act 195721 under the law and licensing agreements.22 The Shreya Singhal decision has had no impact on the legal framework on intermediary liability for copyright infringement. A 2012 amendment limited liability for intermediaries such as search engines that link users to material copied illegally, but mandated that they disable public access for 21 days within 36 hours of receiving written notice from the copyright holder, pending a court order to remove the link.23 Rules clarifying the amendment in 2013 gave intermediaries power to assess the legitimacy of the notice from the copyright holder and refuse to comply.24 However, critics said the language was vague.25

B3 1.00-4.00 pts0-4 pts
Do restrictions on the internet and digital content lack transparency, proportionality to the stated aims, or an independent appeals process? 2.002 4.004

The restrictions on digital content are opaque, and there are limited avenues for appeal.

Blocking of websites takes place under Section 69A of the IT Act, and a 2009 subordinate legislation called the Information Technology (Procedure and Safeguards for Blocking for Access of Information by Public) Rules (or simply, Blocking Rules).1 The Blocking Rules empower the central government to direct any agency or intermediary to block access to information when satisfied that it is “necessary or expedient” in the interest of the “sovereignty and integrity of India, defense of India, security of the state, friendly relations with foreign states or public order, or for preventing incitement to the commission of any cognizable offence relating to above.”2 Intermediaries failing to comply are punishable with fines and prison terms of up to seven years.3

The Blocking Rules apply to orders issued by government agencies, who must appoint a “nodal officer” to send in requests and demonstrate that they are necessary or expedient under Section 69A.4 These requests are reviewed by a committee, which includes senior representatives of the law, home affairs, and information ministries, and the nodal agency for cybersecurity, the Indian Computer Emergency Response Team (CERT-IN).5 The “designated officer,” who chairs the committee, issues approved orders to service providers; the committee must also notify the source or intermediary hosting the content, who may respond to defend it within 48 hours.6 In emergencies, the Secretary of MeitY may issue blocking orders directly under written instruction from the designated officer, but the content must be unblocked if the review committee does not approve them within 48 hours.7

Indian courts can order content blocks without government approval. The designated officer is required to implement the court order after submitting it to the Secretary of MeitY. Court orders can be challenged in a higher court, but internet users are not consistently notified of their implementation.8

ISPs are not legally required to inform the public of blocks and the Blocking Rules mandate that executive blocking orders be kept confidential.9 In the landmark Shreya Singhal v. Union of India, decided by the Supreme Court in 2015, the petitioners challenged the constitutionality of Section 69A, citing opaque procedures among other issues.10 The Supreme Court upheld Section 69A and the Blocking Rules,11 saying safeguards were adequate, narrowly constructed, and constitutional.12 But the court read the Blocking Rules to include both the right to be heard and the right to appeal. Blocking orders must now provide a written explanation, allowing them to be challenged by writ petition, and allow for reasonable efforts to contact the originator of the content for a predecisional hearing.13 However, the rules continue to require that the orders and actions based on them be kept confidential;14 it is difficult to know the extent of compliance with the judgment.

Judges sought to improve the framework for blocking content under copyright injunctions in 2016, but broad restrictions continued to be observed. Since 2011, courts have blocked content relating to copyright violations through broad John Doe orders, which can be issued preemptively and do not name a defendant.15 ISPs have occasionally implemented such orders by blocking entire websites instead of individual URLs, irrespective of whether the websites were hosting pirated material.16 The judiciary has noted that John Doe orders can lead to over blocking,17 and activists have called for greater transparency.18

In July 2016, a ruling by the Bombay High Court laid down rules for seeking John Doe orders, limiting blocks to URLs, not entire domains, and allowing all affected content to be unblocked after 21 days if a court order is not obtained.19 The Court also dictated an unambiguous block message and suggested the appointment of an independent ombudsman to oversee implementation.20 Observers hailed this as a progressive and nuanced approach.21 However, the ruling did not resolve the issue.22 The same month, the Delhi High Court separately ruled that John Doe orders could continue to be used to block websites if more than one page on the site was identified as a potential source of copyright violations. Seventy-three websites were involved in the judgment, not because they were proven to violate copyright, but because the plaintiff had preemptively identified them as possible violators of exclusive broadcast rights to cricket matches dating from 2014.23 Other John Doe orders continued to be issued.24

The IT Act and the Indian Penal Code prohibit the production and transmission of “obscene material,”25 but there is no specific law against viewing pornography in India. Child sexual abuse imagery is prohibited under the IT Act (see C2).26 Extreme child sexual abuse is blocked based on guidance from INTERPOL,27 but other content restrictions threaten content that has not been found to break the law. In the case of Kamlesh Vaswani v. Union of India, the petitioner asked the Supreme Court to direct the government to block all online pornography.28 A judgment had not been issued in mid-2017, but the government has informed the Supreme Court that it is not feasible to block pornography entirely and that doing so would violate the constitution.29

An interim order by the Supreme Court had implications for content removal by private companies. In late 2016, the court ordered search engines operated by Google, Microsoft, and Yahoo to “auto-block” advertisements offering services to determine the sex of a child before birth, which contravened a 1994 law in an attempt to stop female feticide. The ruling went further than delisting specific content, asking search engines to block results for specific search terms and ordering the creation of a nodal agency to oversee the process.30 Critics fear the ruling would restrict related information and breach the Shreya Singhal v. Union of India judgment.31 In a subsequent order in April 2017, the court also directed the search engines to set up an in-house expert body to monitor and block content that would contravene the law; however, this order was reversed in December 2017, with the court reaffirming its previous directions.32

B4 1.00-4.00 pts0-4 pts
Do online journalists, commentators, and ordinary users practice self-censorship? 3.003 4.004

While self-censorship is generally not widespread, instances of threats of violence have resulted in people as well as news outlets censoring online content. Over the past five years, developments, like threats to press freedom, growing influence of the ruling BJP, and increased online harassment, have contributed to more self-censorship.1 In December 2017, for example, the administrator of the political satire Humans of Hindutva took down its Facebook page because right-wing trolls threatened him and his family.2 The administrator reactivated the Facebook page a few months later, claiming that he would not be intimidated by trolls.3

B5 1.00-4.00 pts0-4 pts
Are online sources of information controlled or manipulated by the government or other powerful actors to advance a particular political interest? 2.002 4.004

Manipulated content, disinformation, and misinformation plague the online environment in India. In the lead-up and during the April to May 2019 elections, political propaganda was linked back to both major parties.

Allegations of politicized content manipulation have been around for years. Prior to their successful 2014 election, BJP politicians had been accused of paying specialized companies to artificially boost their popularity on social media,1 and some party representatives were reported to have paid citizens to post messages of support.2 Rival parties have likewise been accused of secretly sponsoring online support.3

During the 2019 election period, political propaganda proliferated online. For example, Amit Malviya, the national head of the BJP information technology unit, was an administrator of the BJP Cyber Army 400+ WhatsApp group, which described itself as a league of “Hindu warriors working to save nation from break India forces led politically by congress, communist and religiously by Islam and Christianity [sic].”4

A range of political parties had armies of volunteers pushing out content and driving trending hashtags across multiple platforms.5 Malviya reported that the BJP had an estimated 1.2 million volunteers, and Congress 800,000. Volunteers routinely reported to or checked in with social media coordinators or “office-bearers” affiliated with each party.

The use of bots continue to be documented in the country. In February 2019, as Prime Minister Modi visited the state of Tamil Nadu, the Atlantic Council’s Digital Forensic Research Lab determined that about 66 percent of the first 49,000 tweets causing #TNwelcomesModi to trend came from just 50 accounts.6 One of them, @SasiMaha6, shared 1,803 tweets with only 15-second intervals between each post—a strong indicator of automation. The opposition hashtag #GoBackModi, which trended during the same period, also received a heavy boost from Twitter bots: @PhillyTdp, for example, tweeted using this hashtag every 5.3 seconds for a total of 2,179 posts.

In April 2019, Facebook discovered “coordinated inauthentic behavior” linking back to both the BJP and Congress.7 The hundreds of pages, accounts, and groups removed had a total of over 2.5 million followers. Additionally, misleading and inflammatory content is frequent on Prime Minister Narendra Modi’s “NaMo” app, which has been marketed to all Indians as a way to keep up with official government news.8

The government has actively discussed regulating and monitoring social media, in the meantime. In the lead-up to the 2019 elections, the ECI established a panel to help curb misinformation on Facebook, WhatsApp, and YouTube (see B2).9 A resulting Voluntary Code of Ethics for the General Election 2019 established a high-priority communication channel between platforms and ECI-designated nodal officers. The code also aimed to provide more transparency in political campaigning, outlining that companies should label paid political advertisements and only accept advertising that was precertified by election officials.10 However, its development and launch was accompanied by general concern that the efforts would be ineffective and were undertaken too close to the election.11

Disinformation and doctored videos have led to offline violence, with at least 35 people killed in apparent connection with online activity or content in 2018.12 Specifically, rumors of child kidnappings and murder have proliferated across the internet, such as a video with imagery of corpses under a sheet—images actually showing children killed in Syria—while audio warns Indian parents to be vigilant of kidnappers in the area.13 In July 2018, five men traveling through Rainpada were killed after giving a young girl a biscuit, by residents who has assumed they were kidnappers. In May 2018, a transgender woman was killed in Hyderabad because a WhatsApp message claimed that transgender women were planning to kidnap children.14

The government has responded to the violence with at least one internet shutdown15 and a number of arrests, some of which were directly related to WhatsApp content (see A3 and C3).16 WhatsApp has also taken action by restricting the number of times a message can be forwarded in the country.17

B6 1.00-3.00 pts0-3 pts
Are there economic or regulatory constraints that negatively affect users’ ability to publish content online? 3.003 3.003

Apart from the laws that limit certain types of speech, there are no economic or regulatory constraints that affect users’ ability to publish. Online news outlets, blogs, and other publishing platforms are not required to obtain registration or licensing.

In July 2018, India adopted new net neutrality rules proposed in November 2017 by the Telecom Regulatory Authority of India.1 The rules, with only some exceptions, prevent internet providers from interfering with content, including prohibiting blocking, throttling, and zero-rating. Breaking of the rules could result in operators losing their licenses in the country. It was also reported that the government will establish a multistakeholder body to ensure that net neutrality rules are enforced.2 By some accounts, the new rules make India the strongest backer of net neutrality in the world.3

B7 1.00-4.00 pts0-4 pts
Does the online information landscape lack diversity? 3.003 4.004

Online media content is diverse and lively. The internet has given voice to people in remote areas, helping them become part of the public discourse. The Delhi-based company Gram Vaani operates a Mobile Vaani initiative, using an interactive voice response (IVR) system to disseminate reports by mobile phone users to different audiences and stakeholders. It enables over 80,000 households across 12 states to create their own media.1

However, disinformation, increased online harassment, and a lack of content in local languages, among other things, still restrict the diversity of the online information landscape.

B8 1.00-6.00 pts0-6 pts
Do conditions impede users’ ability to mobilize, form communities, and campaign, particularly on political and social issues? 5.005 6.006

Digital activism is popular and has driven important social debates, and at times has helped usher in policy changes. However, while online tools used to mobilize generally remain available in the country, local authorities have increasingly imposed internet shutdowns to restrict protests.

Authorities have imposed temporary internet shutdowns in response to protests and political action. In February 2019, authorities in Rajasthan suspended internet services for a day during a five-day sit-in at which participants demanded better job and educational opportunities for members of the Gujjar community.1 Also in February, local authorities in Manipur suspended connectivity for 36 hours during protests against a controversial citizenship amendment.2

The reporting period saw the rise and massive traction of the #MeToo movement across the country, making the conversation on sexual and other forms of gender-based harassment much more mainstream.3 A range of allegations against prominent men surfaced online after a Bollywood actor shared her sexual harassment story in September 2018.

C Violations of User Rights

More arrests for online speech were reported during the coverage period, including political speech that local authorities deemed derogatory or objectionable. Controversies surrounding India’s Aadhaar project continued, and the Supreme Court ruled in September 2018 that the program is constitutional. In July 2018, the Srikrishna Committee submitted a draft privacy framework, the Personal Data Protection Bill, which would create new criminal liabilities and establish a data protection agency that was seen as susceptible to politicization; the legislation, which was pending at the end of the coverage period, prompted concern among civil society groups and tech companies.

C1 1.00-6.00 pts0-6 pts
Do the constitution or other laws fail to protect rights such as freedom of expression, access to information, and press freedom, including on the internet, and are they enforced by a judiciary that lacks independence? 4.004 6.006

The Constitution of India grants citizens the fundamental right to freedom of speech and expression,1 including the right to gather information and exchange thoughts within and outside India.2 Press freedom has been read into the freedom of speech and expression.3 However, these freedoms are subject to certain restrictions in the interests of state security, friendly relations with foreign states, public order, decency and morality, contempt of court, defamation, incitement to an offense, and the sovereignty and integrity of India. These restrictions may only be imposed under a law, not by executive action.4

A 2015 Supreme Court ruling struck down a problematic provision of Section 66A of the IT Act, which had criminalized information causing "annoyance,” “inconvenience,” or “danger,” among other ill-defined categories, and had led to several arrests for social media posts from 2012 through early 2015. The court in the Shreya Singhal judgment5 affirmed that freedom of speech online is equal to freedom of speech offline and held that Section 66A went beyond reasonable restrictions on freedom of speech specified in Article 19(2) of the constitution.6

  • 1Article 19(1)(a), The Constitution of India.
  • 2Maneka Gandhi v. Union of India, 1978 AIR 597.
  • 3Report of the Press Commission, Part I, 1954, Government of India, p. 357.
  • 4Article 19(2), The Constitution of India; Bijoe Emmanuel v. State of Kerala, (1986) 3 SCC 615.
  • 5(2015) 5 SCC 1.
  • 6Ujwala Uppaluri and Sarvjeet Singh, “Supreme Court ruling on Section 66A: As much online as offline,” The Economic Times, March 25 2015, http://blogs.economictimes.indiatimes.com/et-commentary/supreme-court-r….
C2 1.00-4.00 pts0-4 pts
Are there laws that assign criminal penalties or civil liability for online activities? 2.002 4.004

The Indian Penal Code (IPC) criminalizes several kinds of speech and applies to online content. Individuals can be sentenced to between two and seven years in prison for speech that is found to be seditious,1 obscene,2 defamatory,3 “promoting enmity between different groups on ground of religion, race, place of birth, residence, language,”4 committing acts “prejudicial to maintenance of harmony,”5 or consisting of statements, rumors, or reports that may cause fear, alarm, disturb public tranquility, or promote enmity or ill will.6 Internet users are also subject to criminal punishment under the Official Secrets Act for wrongful communication of information that may have an adverse effect on the sovereignty and integrity of India.7

Section 67 of the IT Act bans the publication or transmission of obscene or sexually explicit content in electronic form, and Section 66D punishes the use of computer resources to impersonate someone else to commit fraud. The Supreme Court in 2015 struck down Section 66A, criminalizing speech that, among other things, is grossly offensive or causes annoyance or inconvenience. However, similar complaints continue to be registered under 66A despite the ruling, and under Sections 67, 66D, or the IPC (see C3).8

A 2016 Supreme Court judgment upheld laws criminalizing defamation (Sections 499 and 500 of the IPC and Section 119 of the Code of Criminal Procedure) as consistent with the Indian Constitution.9 The sections have been used against online speech in the past.10

C3 1.00-6.00 pts0-6 pts
Are individuals penalized for online activities? 2.002 6.006

More users were arrested and detained for their online activity during the coverage period, often over speech authorities deemed objectionable or derogatory.1 A number of users were also arrested and held in detention for online political commentary criticizing the ruling BJP, opposition parties, and government policies. Charges under the National Security Act allow police to detain the accused for up to one year.

In February 2019, a student activist was charged with sedition under the IPC for social media posts criticizing the Citizenship Bill (see B8).2

In a clearly politically motivated case, between November 2018 and May 2019 journalist Kishorechandra Wangkhem was held in detention after being arrested and charged under the National Security Act for social media posts containing vociferous and somewhat incendiary criticism of local BJP officials and Modi.3 Only a few days prior to being charged under the National Security Act, Wangkhem had been arrested and charged with sedition under the IPC. However, a court ruled that his critical posts were legitimate expressions of opinion and not seditious, and that he be released from detention.

In another prominent case, Abhijit Iyer-Mitra was detained from late October to December 2018 on charges under several sections of the IPC, as well as Section 67 of the IT Act, for derogatory tweets about historic temples. Charges were withdrawn after he apologized to officials and petitioned the state government to drop charges for his lack of malicious intent in making the statements.4

Political parties have not been immune from India’s increased criminalization of online political speech. In September 2018, Congress’s social media chief was charged with sedition and Section 67 of the IT Act for sharing a meme of Modi that claimed he is a thief.5 In another example from January 2019, an elected leader of a local pro-Tamil party was arrested on charges of intent to disturb the peace and spreading ill will, for sharing an edited, unflattering image of Modi.”6

Despite the Supreme Court’s 2015 decision to striking down Section 66A of the IT Act, there were 45 arrests under it between January and September 2018, most likely due to police being unaware of the ruling.7 For example, one user was arrested in November 2018, in part under section 66A, for allegedly posting “derogatory” comments about a local government official on social media.8

People continued to be arrested during the coverage period for spreading misinformation.9 In June 2018, at least seven people were arrested in the Kozhikode district for spreading false information about the Nipah virus.10 Social media posts and audio messages that were shared or forwarded contained false statements such as who was undergoing treatment and how the Nipah virus could be transferred.

C4 1.00-4.00 pts0-4 pts
Does the government place restrictions on anonymous communication or encryption? 3.003 4.004

Some restrictions limit anonymity on the internet in India, and privacy rights are unevenly upheld.

Prepaid and postpaid mobile customers have their identification verified before connections are activated.1 There is a legal requirement to submit identification at cybercafés2 and when subscribing to internet connections.

Communications surveillance may be conducted under the Telegraph Act,3 as well as the IT Act,4 to protect defense, national security, sovereignty, friendly relations with foreign states, public order, and to prevent incitement to a cognizable offense. Section 69 of the IT Act appears to add another broad category, allowing surveillance for “the investigation of any offence.”5

While users can freely use encrypted tools, the government has ramped up efforts to work around encryption, citing a number of deaths based on the spread of misinformation WhatsApp. Proposed in December 2018, draft intermediary guidelines under Section 79 of the IT Act could undermine encryption (see B2 and C6).6 The rules would require “traceability,” which would force intermediaries such as encrypted platforms to provide the originator of content if requested by the government.7 In order to provide this information, intermediaries may have to break encryption on their platforms.8

C5 1.00-6.00 pts0-6 pts
Does state surveillance of internet activities infringe on users’ right to privacy? 2.002 6.006

Significant state surveillance of online content and activity infringes on users’ right to privacy. In August 2017, a landmark Supreme Court ruling recognized privacy as a fundamental right embedded in the right to life, liberty, and freedom of expression.1 The ruling on privacy came in the context of Aadhaar, a unique identification project that collects and stores biometric and other data like fingerprints, iris scans, and photos of over one billion Indians. The scheme raises serious concerns regarding data privacy, security, and usage.2

The government uses Aadhaar enrollment for the provision of multiple public services including food stamps and cell phone connection.3 Controversies have also erupted around the relationship between the project and private companies such as Microsoft, Amazon, Facebook, and Google.4 In 2017, it was reported that millions of Aadhaar records had been treated as publicly shareable data by different government departments.5 A national-government administered rural employment scheme was among several initiatives or agencies reported to have accidentally revealed Aadhaar numbers.6 Additional breaches were reported in 2018.7

In September 2018, the Supreme Court ruled that Aadhaar is constitutional, but set important limits on the program’s use.8 The ruling held that the program is mandatory for government welfare schemes and that Indians must link their Aadhaar number to income tax filings and permanent account numbers. The court also ruled that there were sufficient existing safeguards against security and data breaches. However, Aadhaar numbers cannot be made required for services such as obtaining a SIM card, opening a bank account, and receiving educational grants and admissions. It is unclear how the government and private companies utilizing Aadhaar data will implement the ruling, and what they will do with the Aadhaar data they have on users.

Despite the court’s restrictions to how Aadhaar can be used, the government promulgated the Aadhaar Ordinance in March 2019. The temporary ordinance allowed for the voluntary use of Aadhaar as proof for bank accounts and mobile SIM connections,9 and private companies had access to some Aadhaar information, which they were barred from after the Supreme Court judgment. Following the coverage period, in July 2019, Parliament passed the Aadhaar and Other Laws (Amendment) Bill,10 which includes the same provisions as and replaces the March 2019 ordinance.11 Civil society groups have expressed serious concerns, arguing the bill ignores the 2018 Supreme Court ruling.12

In July 2018, the Srikrishna Committee, established in 2017 to create a data protection framework,13 submitted a draft privacy framework for the Personal Data Protection Bill, 14 and a report15 to the MeitY. India’s IT minister had stated that there would be consultations on the law,16 and cabinet and parliament will further review the recommendations.17 In June 2019, India’s IT Minister stated that the data protection law is finalized and will soon be sent for approval to the cabinet.18

The Personal Data Protection Bill raised controversy from both civil society and tech companies.19 The bill supplies the central government with more powers through a range of provisions, such as creating new criminal liabilities and establishing a Data Protection Authority of India comprised of six government-appointed members, raising issues of independence, transparency, and accountability.20

The home secretary at the central or state level issues interception orders based on procedural safeguards established by the Supreme Court and rules under the Telegraph Act.21 These are reviewed by a committee of government officials of a certain rank, and carried out by intermediaries.22 Interception orders, which are not reviewed by a court, are limited to 60 days, renewable for up to 180 days.23 In emergencies, phone tapping may take place for up to 72 hours without clearance; records must be destroyed if the home secretary subsequently denies permission.24

Besides retrieving data from intermediaries, the government’s own surveillance equipment is becoming more sophisticated. The Central Monitoring System (CMS) allows government agencies to intercept any online activities directly, including phone calls, text messages, and VoIP communication, using Lawful Intercept and Monitoring (LIM) systems on intermediary premises.25 In May 2016, the Minister for Communications and IT stated that the monitoring centers were already operational in Delhi and Mumbai.26 More centers were due to be rolled out across the country, but no updates were available in mid-2018.

MeitY officials indicated that security agencies could access messaging services such as WhatsApp in 2017, though they are unable to view encrypted content. In response to a question in the lower house of Parliament, the Minister of State for Information Technology stated that “security agencies are able to intercept these encrypted communication services through the lawful interception facilities provided by the Telecom Service Providers, but they are not able to decrypt some of encrypted intercepted communication to readable format.”27

Evidence suggests that government and state agencies, including law enforcement, proactively monitor social media for signs of wrongdoing, although the legal grounds for doing so is unclear. In December 2018, a Right to Information request revealed that the Ministry of Information and Broadcasting had used a private firm to monitor social media for two years.28 In another report from September 2018, both state and central government agencies were reported to be using Advanced Application for Social Media Analytics.29 While detailed information about the sophistication of this technology is unclear, documents suggest that it uses sentiment analysis to categorize online content—such as “sensitive” information like protests—as positive or negative, and can aggregate and analyze content and other data on social media platforms in real-time. In April 2018, the government announced plans to set up a Social Media Communication Hub and released a tender to purchase sophisticated monitoring technology. Only a few months later in August, the government withdrew the plans after the Supreme Court raised significant surveillance concerns over the monitoring.30

C6 1.00-6.00 pts0-6 pts
Are service providers and other technology companies required to aid the government in monitoring the communications of their users? 2.002 6.006

Companies are required to collect extensive data on users, and a variety of government agencies may invoke a range of laws to access the information collected.

Eight separate intelligence bodies are authorized to issue surveillance orders to service providers.1 Online intermediaries are required by law to “intercept, monitor, or decrypt” or otherwise provide user information to officials.2 The Telegraph Act levies civil penalties or license revocation for noncompliance,3 and the IT Act carries a possible seven-year jail term.4 Unlawful interception is punishable by just three years’ imprisonment.5

ISPs setting up cable landing stations are required to install infrastructure for surveillance and keyword scanning of all traffic passing through each gateway.6 The ISP license bars internet providers from deploying bulk encryption; restricts the level of encryption for individuals, groups, or organizations to a key length of 40 bits;7 and mandates prior approval from the DoT or a designated officer to install encryption equipment.8

In September 2018, the Supreme Court set new data retention requirements and called for the immediate passing of a “robust” data protection law.9 A draft Personal Data Protection Bill intended to better protect privacy includes a data localization requirement for personal data10 that could facilitate more government surveillance (see C5).11

Standard Operating Procedures (SOP) for Lawful Interception and Monitoring of Telecom Service Providers—regulations issued in 201412 —restricted interception to a service provider’s “chief nodal officer,” and mandated that interception orders be in writing.13 Rules issued in 2011 under the IT Act provided for greater protection of personal data handled by companies,14 but do not apply to the government.

The draft intermediary guidelines under Section 79 of the IT Act, which are designed to replace 2011 rules, would require intermediaries to retain any content removed for at least 180 days or longer if it is requested by a court or a government agency (see B2). In the meantime, many components of the legal framework surrounding data retention and lawful interception remain inconsistent with one another.

License agreements require service providers to guarantee the designated security agency or licensor remote access to information for monitoring;15 ensure that their equipment contains necessary software and hardware for centralized interception and monitoring; and provide the geographical location, such as the nearest Base Transceiver Station, of any subscriber at a given point in time.16 Under a 2011 Equipment Security Agreement that did not appear on the DoT website, telecom operators were separately told to develop the capacity to pinpoint any customer’s physical location within 50 meters.17 “Customers specified by security agencies” were prioritized for location monitoring, with “all customers, irrespective of whether they are the subject of legal intercept or not,” to be monitored by June 2014.18 The agreement apparently remains in effect.

In 2014, an amendment to licensing conditions mandated government testing for all telecom equipment prior to use, effective in 2015.19 Cybercafé owners are required to photograph their customers, arrange computer screens in plain sight, keep copies of client identification and their browsing histories for one year, and forward this data to the government each month.20

The government also seeks user information from international web-based platforms. Google reported that the government made 6,371 user data requests and 13,728 requests to access accounts between July and December 2018. Google made disclosures in 63 percent of the cases.21 To Facebook, the government requested access to 20,805 accounts between July and December 2018 and data was produced by Facebook in 53 percent of cases.22 Twitter also reported that the government made 422 account information requests between June and December 2018. Twitter said it produced data in 18 percent of cases.23

C7 1.00-5.00 pts0-5 pts
Are individuals subject to extralegal intimidation or physical violence by state authorities or any other actor in retribution for their online activities? 2.002 5.005

Trolling and violent threats for online activity are common. Aggressive online commentators who self-identify as Hindu nationalists routinely abuse their opponents. Reports suggest that this form of abuse and trolling is heightened when the victim is a woman, a Muslim or member of another minority religion, is from a lower caste, or otherwise identifies within a marginalized group.1 Women in politics commonly experience trolling.2 A few journalists working for online outlets have been the targets of physical violence in the process of their reporting.

In February 2019, Suman Pandey and Vinod Dongre, reporters for the online outlet he Voices, were attacked by local BJP members while reporting on a “scuffle” at a BJP meeting.3 During the attack, Pandey was forced to delete video footage from his phone. In another instance of violence in October 2018, Saritha Balan, from the online outlet the News Minute, was kicked by right-wing Hindu protestors while covering demonstrations against a Supreme Court ruling allowing women of all ages to enter the Sabarimala temple in Kerala.4

Separately, in June 2018, a barrage of users attacked, using misogynistic and hateful language, the then Minister of External Affairs Sushma Swaraj for helping an interfaith couple obtain a passport.5

As newer platforms like TikTok gained in popularity during the coverage period, they also become another source for online harassment of people from minority groups and particular castes.6 In some cases, this led to consequences such as suicide and physical violence.

Much trolling appears to align with the BJP agenda under the BJP administration, but there is limited evidence that government actors are directly involved. Rather, officials’ tacit support of online abuse—evidenced, for example, by the prime minister following known troll accounts on Twitter, or the use of volunteers to push out some anti-Muslim content across WhatsApp ahead of the elections—contribute to a climate in which people who are perceived to oppose popular discourse face intimidation, even as robust political debate continues in many online forums.7

C8 1.00-3.00 pts0-3 pts
Are websites, governmental and private entities, service providers, or individual users subject to widespread hacking and other forms of cyberattack? 2.002 3.003

India remained a frequent target of cyberattacks during the coverage period, although there was no evidence of politically motivated attacks against civil society and activists. The Indian Computer Emergency Response Team (CERT-In) reported over 208,000 cybersecurity incidents in 2018, a nearly fourfold increase from 2017.1 The majority of these, about 127,000, were network scanning, probing, or vulnerable services. Another 61,000 were incidents related to a virus or malicious code, while just over 16,000 were website defacements. CERT-In issues periodic advisories, and the government updates a crisis-management plan for central and state governments to respond to cybercrime on an annual basis.2 CERT-In also established that 35 percent of attacks against India were orchestrated by China.3

A study from a UK-based company placed India third in the world for cyberattacks in 2018, with 76 percent of Indian businesses subjected to attacks.4 According to Symantec’s 2018 Internet Security Threat Report, India received the second-highest number of targeted attacks in the world between 2015 and 2017.5

Explanatory Note:

Indian Kashmir is not covered in this report. Certain territories that are assessed separately in Freedom House's Freedom in the World report are excluded from the relevant country reports in Freedom on the Net, as conditions in such territories differ significantly from those in the rest of the country.

On India

See all data, scores & information on this country or territory.

See More

Country Facts

  • Global Freedom Score

    66 100 partly free

  • Internet Freedom Score

    51 100 partly free

  • Freedom in the World Status

    Free

  • Networks Restricted

    Yes

  • Websites Blocked

    Yes

  • Pro-government Commentators

    Yes

  • Users Arrested

    Yes