India is becoming a hub of cybercrime and needs much more dedicated cyber laws, Supreme Court lawyer and well-known cyberspace expert Dr Pavan Duggal said at the India Precursor Sessions, an event organized by Cyberlaws.Net and Pavan Duggal Associates, ahead of the official launch of the International Conference on Cyberlaw, Cybercrime & Cybersecurity 2022.
Duggal’s views coincided with AIIMS Delhi being hit by what is suspected to be a major cyberattack.
According to experts who attended the India Precursor Sessions, it is a fact that critical infrastructures, including healthcare systems, are under massive cyber threat.
Citing such persistent issues, Dr Duggal said: “There are so many attacks happening on a daily basis, coming from our neighbours, but we don’t have the appropriate legal framework to safeguard, especially when attacks take place targeting critical information infrastructures.”
He stated that today the problem is the majority of modern cybercrimes have evolved but they are not coverable yet under current Indian cyber laws.
“We still don’t have a dedicated cybersecurity law in place. But countries like China, Vietnam, Singapore and Australia have. So we are lagging behind,” he added.
Duggal also said that India needs to learn from the comparative cyber legal analysis, cyberlearning is required while looking at different countries and then tactics can be adopted in the form of what would be suitable considering the need and usage in the Indian context.
Issues with Current Laws
Focusing on challenges in the Indian cyber-ecosystem, Duggal highlighted that there are three most significant legislations of Indian history —Information Technology Act, The Constitution of India and the Indian Penal Code.
Dr Duggal stated that unfortunately the IT Act is still a “generic law and we have to keep amending it”.
He suggested that social media specifically has to be covered, something beyond what is already covered in the current legislation. Additionally, according to him, there is a need to make Big Tech more responsible and accountable.
“Is India doing enough about crypto legalities? The answer is no,” he added. Considering the growth of the crypto ecosystem, he believes that there is a need for regulations.
“Let it be at the minimal level, but that is required,” he noted.
Touching upon artificial intelligence, Duggal said AI is coming in a big way to India and the country has to do a lot of work.
“We neither have a national policy on AI nor any legal framework. So along with AI, Blockchain and IoT all these have to be specifically addressed in the Indian context,” the Supreme Court lawyer highlighted.
During the event, he also talked about having a separate ministry for cybersecurity.
In an interview to News18, Duggal explained that cybersecurity affects all sectors of human activity. Thus, it would be futuristic and innovative if India comes up with a specialised Ministry of Cybersecurity that would deal with all aspects of cybersecurity.
Speakers at the event talked about the increase in ransomware attacks and how consistent this threat has become. Talking particularly about this threat, Duggal called it the “Jamtara Model”.
“During Covid-19 we actually saw a new phenomenon. We witnessed the emergence of the Jamtara Model which is about when a community gets together and decides that everyone in the community has to do cybercrime. Why? Because that’s the best for economic prosperity and growth.”
As per the cyber law expert, this model was seen to be replicated in big cities, small towns and rural areas.
“This is another reason why the current cyber laws need to be evolved and amendments need to be made while ensuring that government’s interest are protected in one hand and the rights of citizens are also appropriately safeguarded,” he added.
Digital Personal Data Protection Bill, 2022
Duggal spoke to News18 during the India Precursor Sessions to highlight a few issues related to the new bill that is now up for comments.
He said that though it is “a right step in the right direction”, he still doesn’t consider the bill “adequate” enough.
“First of all, when we compare it with the 2019 bill, it is a very, very small copy. Secondly, when I read through this law, there is a disconnect, it appears that some big chunk of the law has been taken out because there is no connection between certain provisions.”
“Thirdly, it is only talking about the protection of personal data and the fourth point is, it has no reference to cybersecurity; you cannot talk about data protection today without referring to cybersecurity,” he highlighted.
The Supreme Court advocate also talked about cross-border data transfer.
He said: “It may have happened due to some pressure from various sectors but it is ultimately going to be detrimental to the protection and preservation of the security, sovereignty, and integrity of India.”
“As we will become the most populist nation our biggest strength is going to be our population and our data. So if our data is going outside the country then what kind of power or what kind of cyber sovereignty we are going to have?” he added.
Read all the Latest India News here