Draft rules proposed by the Indian government for intermediaries such as telecommunications companies, Internet service providers and blogging sites could in effect aid censorship, according to experts.

Under the draft rules, intermediaries will have to notify service users to not use, display, upload, publish, share or store a variety of content, for which the definition is very vague and liable to misuse.

Content prohibited under these guidelines ranges from information that may “harm minors in any way” to material that is “harmful, threatening, abusive."

Some of the terms are so vague that to stay on the right side of the law, intermediaries may have to remove third-party content that is even mildly controversial, said Pavan Duggal, a cyberlaw consultant and advocate in India's Supreme Court.

While the definition of some of the terms like obscenity have been ruled on by India’s Supreme Court, some of the others do not have a precise legal definition, said Pranesh Prakash, program manager at the Centre for Internet and Society, a research and advocacy group focused on consumer and citizen rights on the Internet.

“Would creating a Facebook profile for a minor, for example, be considered as harming a minor?” Duggal said.

The draft rules are secondary legislation framed by the government under the country’s Information Technology (Amendment) Act of 2008. Under the IT Act, an intermediary is not liable for any third-party information, data, or communication link made available or hosted by it, if among other things, due diligence under the draft rules has been observed.

The new rules will give rise to subjective interpretations, thus giving non-judicial authorities in the country the power to decide whether the intermediary has observed due diligence or not, Duggal said.

According to the draft rules, an intermediary has to inform users that in case of non-compliance of its terms of use in the services and privacy policy, it has the right to immediately terminate the access rights of site users. After finding out about infringing content, either on its own or through the authorities, the intermediary has to work with the user or owner of the information to remove access.

Rather than recognizing the diversity of the businesses of intermediaries, the draft rules use a “one-size, fits all” approach across a variety of intermediaries including telecom service providers, online payment sites, email service providers and Web hosting companies, Duggal said.

An intermediary such as a site with user-generated content, like Wikipedia, would need different terms of use from an intermediary such as an email provider, because the kind of liability they accrue are different, Prakash wrote in his blog.

The draft rules also add new provisions that appear designed to give the government easier access to content from intermediaries. Intermediaries will be required to provide information to authorized government agencies for investigative, protective, cybersecurity or intelligence activity, according to the rules.

Information will have to be provided for the purpose of verification of identity, or for prevention, detection, prosecution and punishment of offenses, on a written request stating clearly the purpose of seeking such information, the rules add.

The IT Act already has procedures for very specific information requirements, but the draft rules have broadened this to a general requirement for intermediaries to provide information, Prakash said. The new rule could be a way of circumventing the earlier laws, he added.

The draft rules assume significance in the context of recent moves by the Indian government to ensure Research In Motion (RIM) provides access to information on BlackBerry services in India. While providing lawful access to its consumer services like BlackBerry Messenger, RIM has declined to do the same for its corporate service, BlackBerry Enterprise Server, claiming that it does not have access to customers’ encryption keys.

The Indian government has previously also said it would demand lawful access from Google’s Gmail and Skype, but has not taken any action on these services.

The draft rules will require compliance from a number of entities who until now had thought they were outside the ambit of compliance, Duggal said.

Google did not immediately respond to emailed requests for a reaction to the new rules. Microsoft said that the government should set the policy objectives and provide directional framework, and still allow flexibility to intermediaries to set the data protection measures as they deem fit for different situations and services.

“We believe that the intermediary should be obliged to take down non-compliant content on being notified of the same as well as terminate access rights for those who use these platforms for dissemination of non-compliant content,” Microsoft said in an emailed statement. Non-compliance includes, but is not limited to, copyright, it added.