The curious case of Anirban Dey: India’s internet laws work against anonymous whistleblowers

The SAP India Labs campus in Bangalore.
The SAP India Labs campus in Bangalore.
Image: Reuters/Punit Paranjpe
We may earn a commission from links on this page.

When the human resources department of SAP Labs India filed a case with the Bangalore police about a persistent anonymous emailer, it had little idea it would result in the resignation of the company’s India managing director.

Anirban Dey, who took over as MD in November 2012, quit the company last week after a police investigation tracked the emails down to an account he held. The case was filed under the infamous Section 66(A) of the Information Technology Act, 2000, which has been criticised for being so catch-all and vague that nearly anything you write in an email could be deemed offensive. Writing an email that causes “annoyance” or “inconvenience” to the recipient is also an offence under the Act.

Dey is reported to have been trying to pressure the company’s grievance redressal cell to take appropriate action against a senior executive in a case of assault against another employee. According to Mumbai Mirror, which reported on the contents on the emails, it was when the anonymous correspondent threatened to escalate the matter to the German headquarters of the company, that the Indian arm went to the cops.

The complaint was against spam emails with “fabricated and false content”. After the revelation that Dey was behind the emails, the company seems to want to drop the case. But the Bangalore police has said investigations will continue.

Dey did what many a whistleblower would do. A Deloitte survey on whistleblower protection finds that most people reporting an abuse within a company fear retaliation or harassment and a large number would prefer to make their complaints anonymously and by email. But, as the case of Anirban Dey shows, the all-encompassing Section 66(A) throws a spanner in the works. Take a look again at what it says:

66A. Punishment for sending offensive messages through communication service, etc.

Any person who sends, by means of a computer resource or a communication device,—

(a) any information that is grossly offensive or has menacing character; or

(b) any information which he knows to be false, but for the purpose of causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred or ill will, persistently by making use of such computer resource or a communication device,

(c) any electronic mail or electronic mail message for the purpose of causing annoyance or inconvenience or to deceive or to mislead the addressee or recipient about the origin of such messages, shall be punishable with imprisonment for a term which may extend to three years and with fine.

So if someone doesn’t like a whistleblower’s electronic message or judges it to be false even before an investigation, a legitimate case under Indian law can be registered against the whistleblower. The ensuing police investigation will, at the very least, reveal the whistleblower’s identity—as the Dey case has shown.

India’s law on whistleblower protection came into effect last month, even though it mostly deals with corruption among public officials. It promises a mechanism for people to complain against the misuse or power. While it does not allow for anonymous complaints, the law provides for keeping the complaint confidential and list penalties for any public official who reveals the whistleblower’s identity. In step with the government, markets regulator, the Securities and Exchange Board of India, has made it mandatory for all listed companies to put a whistleblower protection policy in place for their employees and directors.

When the news of Dey’s departure first came out last week, it was speculated that he was joining his former colleague Vishal Sikka at Infosys. It didn’t exactly play out that way.