“Cyberspace is a domain in which security, responsibility, and accountability is very essential. Cyber Laws provide security backing to the digital society. “
Indian Cyber Laws
India parliament passed the Information Technology Act, 2000 on 17th October 2000 which is applicable to the whole of the country including Jammu and Kashmir, and also is for acts committed outside India but having effects in India. It provided a legal foundation for E-Commerce. The Act covers computer-related crimes such as hacking, cyberstalking, espionage, cyber terrorism, obscenity, identity theft, patent infringement, etc but does not cover cyber warfare. This Act also amended the existing acts such as the Indian Penal Code, Indian Evidence Act, and Bankers Books Evidence Act. Few provisions were added/amended to it after deliberations. The amended act is known as ‘The Information Technology (Amendment) Act, 2008’. The main objective of the IT Act (amendment) 2008 was to provide security backing to the digital society.
Global Cyber Laws and Treaties
As on date, there is no international law or treaty which has been accepted universally by all nation-states. Every country has its own cyber law which is the final law of the land and supersedes laws of other nation-states. There are bilateral and multilateral treaties that exist between two or more countries and are the only way the cyber-related issues are being resolved. Budapest Convention and Tallinn Manual are two such positive attempts in this direction but they do not deal with cyber warfare.
Budapest Convention (Convention on Cyber Crime)
This is the first international treaty related to the internet and computer crimes which were signed on 23 November 2001 and is effective since 01 July 2004. At present, there are 55 parties, and 56 signatories (52 states have ratified the convention) to this treaty. This treaty deals with balancing national laws, improving investigative techniques, and increasing cooperation of nations who are the signatories to it. Countries such as Russia, Brazil, and India have declined to sign the convention due to varied reasons.
Budapest Convention deals with crimes related to copyright infringement, computer fraud, child pornography, hate crimes, and other network-related violations. Its main objective is to have a common policy on cyber-crime by adopting appropriate legislation and international cooperation.
After the Russia-Estonia crisis in 2007, the North Atlantic Treaty Organization (NATO) understood the significance of global cyber warfare. A NATO Centre was set up in Tallinn, Estonia. The NATO Cooperative Cyber Defence Centre of Excellence was established and initiated a course of action that led to the preparation of guidelines to address Laws of Armed Conflict (LOAC) as applicable to cyberspace. The experts agreed that the existing LOAC also applies to cyberspace. The team was led by Professor Michael Schmitt (the United States Naval War College) and took four years, involved 20 experts, culminating in the manual being published in 2013. Numerous experts were consulted in their individual capacity including lawyers, academicians and technical experts who were the best in their field. The Tallinn Manual is considered as the first step towards illuminating the global law pertaining to cyber-attacks.
The Tallinn Manual is not a NATO directive. It clearly mentioned, “Prepared by the International Group of Experts at the Invitation of the NATO Cooperative Cyber Defence Centre of Excellence”. The conclusions of the manual are the opinions of the authors/experts in their personal capacities, and not a statement of official policy by NATO, any of its member governments, or any other participating organization . The inferences drawn are based on historical wars while cyberwar is a continuous state of affair and going forward. The rules of engagement and interest of nation-states in cyberwar are different. Tallinn Manual falls short on illustrations and experience to articulate any laws to govern the cyberspace.
Bilateral treaty on data sharing between the USA and the UK exists but to date, we have not heard any success stories. China and Russia have crafted their own world cyberspace treaty which the western world doesn’t pay attention to. There are few more bilateral treaties signed between nation-states but when it comes to execution there is a big question mark.
ROLE OF INTERNATIONAL COMMUNITY
- The international community should consider making data as the basis of sovereignty in cyberspace.
- All should work towards understanding the concept of cyber deterrence, cyber attribution, and cyber sovereignty in regard to individuals and nations so as to protect the state and non-state actors from stealing of data and information as also the intellectual property intrinsic therein through cyber espionage.
- Time has arrived for the global community to work together towards evolving international policy solutions to deal with the legal challenges presented by a multiplicity of cybersecurity legislation covering various sectors including, but not limited to banking, finance, capital markets, securities, healthcare, anti-trust, child rights, intellectual property, aviation, outer-space, etc.
- The international community must work together towards evolving international solutions to deal with the legal challenges presented by digital trade and its relation to the existing International regime.
- Working together towards evolving international solutions and legal approaches to deal with the legal challenges presented by Public International Law principles of Use Of Force and Armed Attack on the Internet is a must.
- All should work together towards evolving international perspectives to deal with the legal challenges presented by cyberspace in a time-bound manner.
- The international community should also develop and introduce a synchronization of legislative frameworks and policies that can be used throughout the world in order to help the international community by the way of exchanging and extending information having an adequate balance in regards to cyber attribution, cyber sovereignty, and its jurisdictions.
- Collaboration with the international community by creating a legal, policy, and regulatory roadmap to strengthen the need for cybersecurity of critical information infrastructure of state and non-state actors.
- Actively participate in identifying, defining, and demarcating the broad legal and policy principles of Cyber Operations in order to protect the sovereignty of states.
- Actively insist on having international coordination to analyze how multiple sovereign governments can and should address questions of cyber governance that cannot be solved by or within a single state.
- Strengthen the cyber defences of each nation, build resilience, derive trust and confidence in order to continue to share and collaborate between the public and private sectors.
- The international community should introduce legal, policy, administrative changes on a priority basis towards establishing safe and secure cyberspace and aid in its further development.
RECOMMENDATIONS TO INDIAN GOVERNMENT
- India should take lead and be a catalyst for discussions on the important aspects of the cyber domain, including legal, policy and regulatory issues thereof and present an integrated strategic view to the global community of the issues therein whilst recognizing that there is an urgent need for international cooperation on cyber issues amongst all stakeholders.
- India should map out key developments in the cyber domain and cybersecurity law with a view to collate principles of cybersecurity law jurisprudence in collaboration with distinct thought leaders and international stakeholders including International Commission on Cyber Security Law and come up with minimum denominators of best practices that can be followed in real-world by various stakeholders.
- To strengthen the cooperation on cyberlaw, India should create more opportunities for governments, private sector, civil society, the technical community, and academia from various regions of the world to engage and develop innovative and effective legal frameworks to address the truly global challenge.
- It is need of the time that India continues to be at the center of the emerging discourse on issues related to the cyber domain and connected legalities in the digital ecosystem and also assist international organisations, enabling better preparation, management and forecasts of potential incidents, cyber-attacks, cyber espionage, cybercrimes, and all other related challenges.
- India needs to work towards identifying the legal and policy basis for regulating cybersecurity in the Internet of Things at a global level and to work with various international stakeholders in this regard.
- We need to contribute to the international discussions and debates on Attribution related issues concerning acts in cyberspace.
- It also contribute to the international debate on the evolution of norms of behavior in cyberspace by state and non-state actors.
- One more important aspect is working towards identifying the legal challenges posed by the Darknet/Deepweb and to help identify potential legal strategies on how to mount an effective legal response.
- Legal issues related to blockchain technology can also be taken up at the international level so that India as a responsible player is there from the word go. Issues related in its application such as cryptocurrencies and its legal fallout also need to be discussed.
- We should also examine and work on basic legal principles underlying cyber sovereignty.
- India should call upon thought leaders from across the world to discuss, debate, and deliberate towards harmonizing and regulating the legal frameworks on Cyberlaw.
- Ain should be to work towards harmonizing principles on Cyberlaw globally to include ethical values, virtues, and balancing conflicting value perceptions in all instruments to strengthen cyber laws, aligned with international cooperation principles.
- As a responsible nation, we should continue to work towards convergence of opinions in the sphere of Cyberlaw, Cybercrime and Cyber Security to enable us to adapt to rapid technological developments and continue to shape our societies, making them more cyber capable, cyber aware and cyber secure.
- India should continue to identify and address the implications of cyberspace in capability development and at operational planning, especially regards to public awareness.
- India should collaborate with international stakeholders and collate international best practices concerning emerging jurisprudence concerning cyber domain and further to engage in distinct deliberations with stakeholders to help collate common universally accepted principles concerning it.
- Conduct of Global Conferences and Workshops on Cyberlaw, Cybercrime, and Cybersecurity.
CHALLENGE TO IT SUPER POWER
There is a surge of new National Cybersecurity legislation around the globe but there are numerous inconsistencies in them. An international legal framework integrating the varied features and nuances of the interconnected fields of Cyberlaw, Cybercrime, and Cybersecurity needs to be established which shall promote the development of the Internet and technologies and also aid in the development and peacebuilding amongst the world community. India a nation of the younger population is the cyber warriors of the future and is ready to contribute to making the nation cyber safe. We need the policy to harness this untapped power and make concerted efforts to reward these unsung cyber warriors. Massive economy, young workforce, and technological developments have forced the world to look towards India as a lucrative marketplace for their finished products. With the internet reaching remote places, digital gadgets in every household, and booming e-Commerce industry India’s present and future looks more promising and interconnected to the cyber mesh.
National cyber laws of all nation-states are becoming an issue. Internet jurisdiction is the biggest problem as there are no fixed boundaries and the problem of attribution worsens it. Attempts to hold a rogue nation-state accountable for its cyber intrusions are always met with denials and veiled threats . International Humanitarian Law could be used as a reference point for creating an acceptable global cyber law but it would only evolve when cases related to cyberwar are argued and settled in Hague International Court. Some common points can be filtered out from Budapest Convention, Tallinn manual, International Space Treaty, etc and agreed upon to start with.
India may be an IT superpower but it needs a long term strategic plan for governing cyberspace with the help of civilian and defence establishments. It also has to take lead in getting other nation-states to sit across the table and formulate common international cyber law or treaty which will help everyone and make the cyberspace more secure.