Non-consensual sharing of intimate images online: Solutions in Criminal, Media & Technology Laws
- Raghav Mendiratta*
In March 2018, a District Court in West Bengal convicted an engineering student for sharing intimate videos of his ex-girlfriend on a porn website. The court convicted the accused under Sections 354A, 354C, 354D, 509 of the Indian Penal Code, 1860 (‘IPC’) and Sections 66C and 66E of the Information Technology Act, 2008 (‘IT Act’). The Court sentenced the accused to 5 years in prison, imposed a fine of Rs. 9,000 and directed that the victim be compensated under the State’s Victim Compensation Scheme. While imposing the sentence, the judge stated that deterrence was one of the prime considerations for convicting the accused and an inadequate sentence would do more harm than justice, as it would undermine public confidence in the seriousness of the issue. The judge said that the victim suffered from ‘virtual rape’ every time a user of the openly accessible global website saw the video.
This problem of non-consensual sharing of intimate images [‘NCSIA’] is multi-faceted and transcends across Criminal law, Privacy law and Media Law. In this article, I lay out the collective legal framework to deal with the problem; highlight the inadequacies in this current regime and propose an effective solution to bridge the loopholes in the law.
I. Cyber Crimes in India
In India, Internet penetration has increased manifold since September 2016 with the introduction of Reliance Jio’s affordable data plans. With increased Internet penetration, it is a natural corollary that coming years will see a rise in cyber-crimes, including NCSIA. Thus, the need to have a watertight legal regime for NCSIA is now stronger than ever.
The most recent statistics released by the National Crime Record Bureau present a gloomy picture of the efficacy of the law enforcement machinery in dealing with cybercrimes. The report reveals that of the total five thousand nine hundred and eighty-seven cyber-crimes reported in 2015-2016, five hundred and sixty-nine cases were motivated by ‘sexual exploitation’ and four hundred and forty-eight cyber-crimes were motivated by ‘causing disrepute’. In stark contrast is the court disposal of cybercrime cases, this period saw 0 convictions for offences under Section 66E (Violation of privacy) of the IT Act and 90.6% of the cases still remain pending. The high rate of pendency may be attributed to lack of trained police personnel to effectively investigate these crimes, frequent transfers of the small number of trained personnel leading to incomplete investigations and the lack of standard procedures for seizure and analysis of digital evidence. This is perhaps indicative of the ineffective institutional mechanism for dealing with cybercrimes and shows the need for structural reform.
II. How Indian Courts Have Tackled NCSIA
The perils of NCSIA in India first came under the public scanner in 2004, by the infamous Delhi Public School MMS Case. The case pertained to an incident that involved the creation of a pornographic MMS by two students of Delhi Public School, New Delhi and its illegal distribution as well as bid to auction on eBay India (then known as Baazee.com). Since the sharer(s) of the image were minors, prosecution was never formally initiated against them, however, proceedings were initiated against the Director of Baazee.com, Avinash Bajaj. The Supreme Court later absolved him of liability on the ground that the prosecution had failed to establish a satisfactory case against him.
Since 2004, despite numerous devastating cases coming to light, it has taken 14 years for the first conviction in an NCSIA case (Animesh Baxi case in West Bengal from March 2018). This delay may possibly be attributed to factors such as judicial pendency, under-reporting of sexual crimes, lack of awareness of provisions dealing with the invasion of privacy, ineffective investigation leading to discharge/acquittal and compromise between the parties.
III. Legal Framework
In India, owing to the absence of special legislation dealing with the issue, the accused persons are charged under various provisions of the IPC and the IT Act. Countries across the world, such as the UK, Canada, Scotland, Israel and many states in Australia and the USA have either enacted specific legislations to counter NCSIA or have made amendments to effectively tackle revenge porn.
Since provisions of the IPC and the IT Act were not specifically intended to counter NCSIA, they are ripe with loopholes that may be exploited by accused persons to evade the clutches of law.
Section 354C (Voyeurism) of the IPC is most commonly used to deal with NCSIA offenders. After the amendment in 2013, Explanation 2 of Section 354C punishes the act of disseminating images that were captured consensually but are being disseminated without the consent of the person in the image. However, this section still has two major loopholes. Firstly, the provision excludes from its ambit photoshopped/morphed pictures that the perpetrator creates by morphing the victim’s face from a non-intimate photo and transposing/pasting it on the image of a naked body of another woman. Such pictures would likely cause the same harm as a captured/un-morphed photo but would be excluded from the ambit of Section 354C. Secondly, Section 354C is not a gender-neutral provision and cannot be used by male victims as it envisages only a woman being captured in the midst of a private act.
To make the provision watertight, an explanation to Section 354C should be inserted, which would state that the Section also applies to photoshopped images. This would be similar to the approach taken by the UK and Scotland. The phrase ‘image of a woman’ must also be replaced with ‘image of a person’.
Section 292 of the IPC punishes the act of distributing obscene content that appeals to the prurient interest. Section 67 and Section 67A of the IT Act are also similarly worded and are aimed at countering the spread of obscene content online. Although these provisions are gender-neutral and may be used to target perpetrators who have photoshopped/morphed the images of their victims, they may prove to be a two-edged sword for a different reason: the victim himself/herself may be charged for creating/distributing ‘obscene’ content in the first place. While it seems improbable for the police to turn on the victim, the fact remains that the decision to book a victim is the sole prerogative of the investigating officer of the case and she/he may not choose to empathize with the victim, especially in a social setting where women are often blamed for sexual crimes committed against them. Thus, a soft approach must be adopted to sensitize law enforcement agencies and the civil society towards the psychological, economic and social consequences to the victim so as to check victim blaming in such matters.
Section 66E of the IT Act punishes the violation of privacy by transmission of images of the private area of persons without their consent. However, this section is problematic since it requires that the image be captured without the consent of the person depicted in the image. Considering that in most cases of NCSIA, the person depicted in the image himself/herself sent the image to his/her partner; or that the person depicted initially consented to the image being taken, albeit not subsequently shared, the accused person can technically take the defense that the person in the image consented to such disclosure. To make the provision watertight, an explanation similar to Explanation 2 of Section 354C must be added that punishes the act of disseminating images which were captured consensually but are being disseminated without consent.
IV. Providing an Effective Remedy to Victims: Role of Internet Intermediaries
If victims of leaked intimate content are to have an effective remedy, the onus should be on intermediaries who derive financial benefits from virality of the content by hosting it and making it available to the public at large. These search engines, social media platforms, and network hosts are the focal points of the internet and present the most efficient means of policing content available.
There are two aspects of intermediary liability that come into play to give relief to victims of NCSIA. Firstly, the aspect of disabling access to the video/photograph in question by establishing an expeditious takedown mechanism. Rule 3(4) of the Information Technology (Intermediary Guidelines) Rules, 2011 (‘IT Guidelines’) deals with the obligation of intermediaries to expeditiously to take down content. In Shreya Singhal v. Union of India, the Supreme Court held, inter alia, that a combined reading of Section 79(3)(b) of the IT Act with Rule 3(4) of the IT Guidelines would mean that the 36-hour period to take down content would be triggered when a court orders the Intermediary to take down content or when a Government notifies the Intermediary to do so. Thus, Intermediaries are not obligated to undertake any takedown/removal action upon receipt of user complaints, no matter how grave or severe the effects of non-removal could be. To remedy this situation, the immunity given to online intermediaries may be tweaked to obligate them to take down content in the absence of a court order if the illegality of the content is prima-facie evident. Such as an approach has been adopted in the 2018 German legislation, the NetzDg.
Yet, even with expeditious removal of infringing images, the victim would not have a complete remedy as all references to the image/video would still be out there on other websites. Accordingly, the second aspect of intermediary liability that comes into play is the aspect of removing all search results or online references of the incident. This is referred to as the right to be forgotten and is the right of an individual to request search engines to take down certain results relating to the individual, such as links to personal information if that information is inadequate, irrelevant or untrue. This is important so that the incident does not surface every time someone does an online search of the victim’s name (for example, during a background check for a job interview). The right to be forgotten would be a lasting remedy since it seeks to remove all references to the infringing image/video on the Internet and create a situation such that the infringing content never existed on the Internet.
Internationally, this right first found its origins from the landmark Google Spain case decided by the Court of Justice of the European Union.  However, the right remains at a nascent stage in India and is not fully developed or fleshed out. It has been read to be included in the right to privacy by the Karnataka High Court,  Kerala High Court and the Delhi High Court. However, in a case dealing with restraining the publication of a ‘non-reportable’ judgment in a criminal case, the Gujarat High Court denied recognizing the right stating that in the absence of a specific provision in the law that is being supposedly violated, the Court cannot interfere.  Section 27 of the Data Protection Bill, 2018 seeks to resolve this discrepancy as it grants the data principal (natural person/user) the right to restrict or prevent the continuing disclosure of personal data made contrary to the provisions of any law made by the Parliament or any State Legislature (in the case of NCSIA, the IPC).
Thus, the most effective remedy from a victimological perspective is to give the victim a clean slate on the Internet through a single expeditious court order that removes the infringing content not just from hosting websites (porn website/social media site) but also removes all remaining references on search engines. From a theoretical and hyper-technical perspective, such a right would still be limited as individual social media posts talking about the incident would not be removed due to the sheer logistical impossibility of removing each and every post from the Internet. However, from a practical perspective, such a remedy would be effective, as by removing the post and search results relating to the incident, it would make information about the incident obscure to an extent that it would be almost impossible to find.
*Raghav Mendiratta is a student of the Rajiv Gandhi National University of Law.
 State of West Bengal v. Animesh Boxi, GR: 1587/17.
 Animesh Boxi, id,
 Telecom Regulatory Authority of India (2017), Yearly Performance Indicators of Indian Telecom Sector 2016; Ivan Mehta, Reliance Jio Is Driving Indian Internet Growth, Says The Mary Meeker Report, Huffington Post (June 1, 2017) available at https://www.huffingtonpost.in/2017/06/01/reliance-jio-is-driving-indian-internet-growth-says-the-mary-me_a_22120777/.
 Chaitanya Mallapur, As internet use spreads, cyber crimes rise 19 times over 10 years, Scroll (June 3, 2016) available at https://scroll.in/article/809244/as-internet-use-spreads-cyber-crimes-rise-19-times-over-10-years.
 Crime in India 2016, National Crime Records Bureau (Ministry of Home Affairs) (2017), http://ncrb.gov.in/StatPublications/CII/CII2016/pdfs/NEWPDFs/Crime%20in%20India%20-%202016%20Complete%20PDF%20291117.pdf.
 M. Elavarasi1 & N. M. Elango, Analysis of Cybercrime Investigation Mechanism in India, 10 Ind. J. of Science and Tech. 40, 41 (2017); Arunabh Saikia, Why most cybercrimes in India don’t end in conviction, LiveMint (July 29, 2016), available at https://www.livemint.com/Home-Page/6Tzx7n4mD1vpyQCOfATbxO/Why-most-cyber-crimes-in-India-dont-end-in-conviction.html.
 Ayswaria Venugopal, Scandal in school shakes up Delhi, The Telegraph (November 11, 2004) available at https://www.telegraphindia.com/india/scandal-in-school-shakes-up-delhi/cid/1667531.
 Aneeta Hada v. Godfather Travels and Tours (P) Ltd., (2008) 13 SCC 703.
 Criminal Justice and Courts Act, 2015, c. 2, § 33 (2015) (UK).
 Protecting Canadians From Online Crime Act, 2014, S.C. 2014, c. 31, § 161.1 (2014) (Canada).
 Abusive Behaviour and Sexual Harm (Scotland) Act 2016, 2016 asp 22, § 2 (2016) (Scotland).
 Prevention of Sexual Harassment Law, 5758-1998, § 3 (2014) (Israel).
 NSW Crimes Amendment (Intimate Images) Act 2017, §§91N - §§91T (2017) (New Zealand).
 NJ Rev Stat, § 2C:14-9 (2013) (USA); Illinois Crim. Offences, 720 ILCS 5, § 11-23.5 (2012) (USA); Code of Alabama, AL Code § 15-20A-4, 15-20A-43 (2017) (USA).
 Criminal Justice and Courts Act, 2015, c. 2, § 33 (2015) (UK).
 Abusive Behaviour and Sexual Harm (Scotland) Act 2016, 2016 asp 22, § 2 (2016) (Scotland).
 Suzanne Hill & Tara C. Marshall, Beliefs about Sexual Assault in India and Britain are Explained by Attitudes Toward Women and Hostile Sexism, 79 Sex Roles 421, 422 (2018).
 Nicolas Suzor, Bryony Seignior & Jenifer Singleton, Non-Consensual Porn and the Responsibilities of Online Intermediaries, 40 Melb. U. L. Rev. 1057, 1066 (2017).
 Jack Goldsmith & Tim Wu, Who Controls the Internet? Illusions of a Borderless World 70 (1st ed. 2006).
 Information Technology (Intermediaries Guidelines) Rules, 2011, Gazette of India, pt. II sec. 3 (Apr. 11, 2011).
 Shreya Singhal v. Union of India, AIR 2015 SC 1523 (2015).
 Netzdurchsetzunggesetz [NetzDG] [Network Enforcement Act], Sept. 1, 2017; Bundesgesetzblatt [BGBL] at I 3352 (Ger.) Sept. 7, 2017.
 Case C-131/12, Google Spain SL, Google Inc. v. Agencia Española de Protección de Datos (AEPD), Mario Costeja González, ECLI:EU:C:2014:317.
 Swapnil Tripathi, India And Its Version Of The Right To Be Forgotten, Socio-Legal Review (July 23, 2017) available at http://www.sociolegalreview.com/india-and-its-version-of-the-right-to-be-forgotten/.
 Sri Vasunathan v. The Registrar, 2017 SCC OnLine Kar 424.
 M.A. Rashid, Right To Be Forgotten: Kerala HC Asks Indian Kanoon To Remove Name Of Rape Victim From Judgment, Livelaw (December 30, 2018) available at https://www.livelaw.in/right-forgotten-kerala-hc-asks-indian-kanoon-remove-name-rape-victim-judgment/.
 LakshVir Singh Yadav v. Union of India, WP(C) 1021/2016 (Delhi High Court).
 Dharmaraj Bhanushankar Dev. State of Gujarat & Ors., SCA No. 1854 of 2015 (High Court of Gujarat).
 The Personal Data Protection Bill, Ministry of Electronics & Information Technology, Government of India, http://meity.gov.in/writereaddata/files/Personal_Data_Protection_Bill,2018.pdf.