Can journalists face prosecution — or be investigated — under the Information Technology Act, 2001, if they use material that has been illegally accessed from a computer and e-mailed to them by someone else?

That is the question the media face in the wake of a corporate espionage scandal involving the Tata-run Videsh Sanchar Nigam Ltd (VSNL) and Reliance Communications. And there are no clear answers, with lawyers divided on the issue.

A few journalists were questioned in the course of police investigations into the espionage case, which revolves around allegations that a VSNL employee passed on sensitive and confidential information about the company to an official of Reliance Communications, over e-mail, through pen drives as well as printouts. The police have charged him with hacking under the IT Act and also questioned the Reliance Communications official.

With corporate battles increasingly being played out through the media — rival companies tend to leak information on each other to journalists — the case is a wake-up call for journalists. Here’s why. The journalists were questioned because they had written reports based on the leaked information and the police suspected that the Reliance official had passed this on to them, by e-mailing it. The journalists, when asked where they got the information from, took shelter behind the need to protect sources. The argument was accepted, but it was, say experts, a close shave.

“A journalist does not have the sacrosanct right to withhold information regarding a crime under investigation,” says Supreme Court lawyer Rebecca Mammen John, referring to a Supreme Court judgement in 2003 on a petition by the People’s Union of Civil Liberties challenging some provisions of the Prevention of Terrorism Act, 2002. The powers of the police to elicit information, she says, come from the Code of Criminal Procedure, 1973. However, Anirban Mazumdar, lecturer at the National University of Juridical Sciences, Calcutta, feels that only a court can direct the journalist to disclose the source. What’s more, the disclosure is to be made only to the court and not to the police or any arm of the government.

What’s less clear is whether the journalists were violating the IT Act by accepting information accessed illegally from a computer. They were, says cyber law expert Pavan Duggal, not the least because the reports appeared in the Net editions of their newspapers (content on the Internet is regulated by the IT Act) and because the information came to them through e-mail.

Accessing confidential information from a computer system or network, without the permission of the owner, or enabling someone else to do so, invites damages of up to Rs 1 crore under Section 43 of the Act.

But merely receiving illegally accessed information is not a crime, Duggal elaborates, as long as journalists do not themselves use illegal means to do so. What makes journalists liable is the use of this information for reports that appeared on the web. The fact that they themselves had not stolen the data is, then, he argues, of little relevance.

Duggal goes so far as to say that journalists could become liable under Section 66 of the IT Act which relates to hacking, since their writings, using information stolen from a computer, can “diminish its value or utility”. The journalists’ employer, he argues, can also become liable because the information was accessed either on an official e-mail or through the office server, unless it can prove that the crime was committed without its knowledge or that it exercised all due diligence to prevent the crime. This is something Section 79 of the Act requires network service providers or intermediaries (those who receive, store or transmit a message on behalf of another person) to do.

Manish Singhvi, a lawyer who has assisted the National Association of Software and Service Companies (Nasscom) in suggesting amendments to the IT Act, however, dismisses these assertions. Accusing journalists of hacking merely because the publication of a story diminishes the value of a piece of information, he argues, is stretching the definition too far, a point Mazumdar agrees with. “Hacking only refers to material alteration, not to divulging or sharing that information,” says Singhvi, adding, however, that everything would depend on how a judge would interpret the provision.

Nor do they think that Section 79 would apply, since media organisations are not network service providers or intermediaries. Mazumdar draws parallels with the bazee.com case when the online shopping site was slapped with a case because some obscene MMS clips were posted on it and sold from the site. Bazee.com, he notes, was an Internet service provider, which a newspaper is not.

For Singhvi, it hardly matters if the journalist has received information in an electronic or physical form or used it for a report published either in print or on the Internet. If an article, based on confidential information of a company, jeopardises the company’s commercial interest in any way, the firm can file a civil suit and claim damages for whatever loss it may have suffered. The journalist will not be liable for getting hold of documents or other confidential information. It is the employee who has illegally accessed and distributed the information who has committed breach of trust and can be prosecuted under Section 406 of the Indian Penal Code. None of this changes because of the IT Act, he asserts.

Journalists and their employers would, however, do well to heed Duggal’s warning: that the questioning of journalists in the corporate espionage case shows the need for them to be careful about how they get information and from whom.