Stop Pakistani content at the border, India tells media, tech biz

India’s Ministry of Information and Broadcasting has issued an advisory calling for media companies and online platforms to block all content originating in Pakistan.

The order follows a terrorist attack in April that killed at least 26 tourists in Kashmir, which India attributes to Pakistan-backed actors.

The ministry’s advice [PDF] points to clauses in India’s Information Technology Rules, a regulation that requires social media services, video and audio streamers, messaging services, and other online platforms to take great care before allowing access to content which “affects the sovereignty and integrity of India” or “threatens, endangers or jeopardises the security of the State.”

The IT Rules also cover content felt to be “detrimental to India's friendly relations with foreign countries” or material “likely to incite violence or disturb the maintenance of public order."

Those rules were intended to stop the spread of violent or hateful material, but India’s government used them to censor a BBC documentary critical of Prime Minister Narendra Modi.

Amnesty International criticized the IT Rules on grounds they “imperil freedom of expression and the right to privacy … empower the government to summarily compel the removal of online content without any judicial oversight” and “jeopardize encryption.”

The Indian government now advises all OTT platforms, streaming services, and intermediaries to discontinue any “web-series, films, songs, podcasts and other streaming media content … having its origins in Pakistan,” citing national security concerns.

That language leaves little room for nuance. Even entirely innocent Instagram Reels from a Pakistani user, or a podcast discussing cricket – India’s and Pakistan’s shared sporting obsession – could fall under the advisory's broad sweep.

• India ready to greenlight Starlink – as long as it lets New Delhi censor, snoop
• India gets Google to unbundle Android and the Play Store on Smart TVs
• India shuffles away draft law treating influencers like real broadcasters
• Indian authorities reject Infosys 'COVID ate my homework' excuse

We understand that the user-generated content uploaded to major social networks and vid-sharing sites may contain metadata that platform operators can use to indicate its origin. We’ve asked Google/YouTube and Meta if that’s the case and if they feel it is possible to comply with India’s advice.

This would not be the first time India has decreed absurd compliance requirements: Back in 2022, the nation demanded service providers, intermediaries, data centers, and government bodies report information security lapses such as “suspicious activities affecting Cloud computing systems/servers/software/applications” within six hours but didn’t initially define “suspicious”.

Reports could be submitted via email or even fax to India’s Computer Emergency Response Team (CERT-In), which said it needed them urgently to plug "gaps hindering incident analysis." Observers noted the move hinted at building a centralized database of incident data for future analysis. However, few bothered to comply with the rapid reporting requirement.

In the current climate, however, it would be folly for those covered by the IT Rules to ignore the government’s advice, as anti-Pakistan sentiment is running high in India. The nation has a love–hate relationship with Big Tech operators, who are seen as enablers of a cultural and productivity revolution, but also as wielding perhaps-inappropriate levels of influence over local affairs. ®