Future – Cyber law and need for cyber lawyers

If I pose a single word, crime, what strikes your mind? Isn’t it the conventional methods that we have been listening to or experiencing from childhood, like assault, robbery, extortion, threats, abuses, and the list can go on forever. But, what we still fail to realize is that it’s been more than a few decades with the world gone digital, and thereby, the horizon of committing crimes has also expanded exponentially with the introduction of a pool of crimes under the tag of cybercrime.

Defining cybercrimes. The term cybercrimes is not defined in any statute or rulebook. The word “cyber” is slang for anything relating to computers, information technology, Internet and virtual reality. Therefore, it stands to reason that “cybercrimes” are offences relating to computers, information technology, Internet and virtual reality.

One finds laws that penalise cybercrimes in a number of statutes and even in regulations framed by various regulators. The Information Technology Act, 2000 (“IT Act”) and the Indian Penal Code, 1860 (“IPC”) penalise a number of cybercrimes and unsurprisingly, there are many provisions in the IPC and the IT Act that overlap with each other.

The overlap between the provisions of the IPC and the IT Act may sometimes lead to an anomalous situation wherein certain offences are bail able under the IPC and not under the IT Act and vice versa and certain offences are compoundable under the IPC and not under the IT Act and vice versa. For instance, in case of hacking and data theft, offences under sections 43 and 66 of the IT Act that are bail able and compoundable while offences under section 378 of the IPC are non-bail able and offences under section 425 of the IPC are non-compoundable. Further, in case of the offence of receipt of stolen property, the offence under section 66B of the IT Act is bail able while the offence under section 411 of the IPC is non-bail able. Similarly, in case of the offence of identity theft and cheating by personation, the offences under sections 66C and 66D of the IT Act are compoundable and bail able while the offences under sections 463, 465 and 468 of the IPC are non-compoundable and the offences under sections 468 and 420 of the IPC are non-bail able. Finally, in case of obscenity, the offences under sections 67, 67A and 67B of the IT Act are non-bail able while the offences under section 292 and 294 of the IPC are bail able. This issue has been dealt with by the Bombay High Court in the case of Gagan Harsh Sharma v. The State of Maharashtra2 (discussed below) wherein offences under sections 408 and 420 of the IPC that are non-bail able and cannot be compounded other than with the permission of the court were in conflict with offences under sections 43, 65 and 66 of the IT Act that are bail able and compoundable.

Many of the cybercrimes penalised by the IPC and the IT Act have the same ingredients and even nomenclature. Here are a few examples:

Hacking and Data Theft: Sections 43 and 66 of the IT Act penalise a number of activities ranging from hacking into a computer network, data theft, introducing and spreading viruses through computer networks, damaging computers or computer networks or computer programmes, disrupting any computer or computer system or computer network, denying an authorised person access to a computer or computer network, damaging or destroying information residing in a computer etc. The maximum punishment for the above offences is imprisonment of up to 3 (three) years or a fine or ₹5,00,000 or both.

Section 378 of the IPC relating to theft of movable property will apply to the theft of any data, online or otherwise, since section 22 of the IPC states that the words movable property are intended to include corporeal property of every description, except land and things attached to the earth or permanently fastened to anything which is attached to the earth. The maximum punishment for theft under section 378 of the IPC is imprisonment of up to 3 (three) years or a fine or both.

Interestingly, not only have people been negligent, but even our government is slow towards this aspect requiring amendments for quite some time now. The only point of reference that remains is the IT Act, 2000, and hilariously cybercrime is not defined officially in the Act or any other legislation as like IPC and CrPC.

The most significant issue in managing data protection and data privacy compliance, according to 41 percent, is a lack of understanding of relevant rules in different jurisdictions, and 50 percent of organizations do not have a Data Protection Officer or a Cyber Lawyer. It is tough to believe, but the reality is there had hardly been sanctions or legal validity in Cyberspace. For example, we use the majority of the time the internet for access to information. However, until today, email has not been legal in our country, where most people use it for many business and other purposes. Many frauds are happening daily, and mail accounts are hacked; even courts and many other reputed institutions use emails to communicate. As such, the need has arisen for Cyberlaw to be amended as the need for time.

Thanks to the scale of organizations currently operating in India, and the use of IT, the demand for an official statement from the government is not far. The importance of having cyber laws is no more behind curtains with the growing numbers of people going online each day. We are in the peak phase of exponential growth of the number of internet users in India, and the above graph from stastica.com gives testimony to this fact.

Also, the certainty that strikes is that there will be exponential growth in the number of people exposed to cybercrimes. And it’s not only about individuals but also organizations that have adopted digital transformations that promise efficient and effective ways to impact both top and bottom lines positively. The need of the hour remains to bring in robust cyber security systems and cyber laws to protect everyone and everything going digital.

There has been exponential growth in any organization’s Digital Footprints, and steps taken toward the Global Digital Village agenda have increased the multi-fold chance of cybercrime in B2C and B2B business involvements.

Data privacy challenges and cyber breaches continue to ravage the industry. Concerns around data privacy, cybercrime, and ransomware increased tremendously over the last few years.

Now, the query that arises is: Do we have skilled personals who have extensive knowledge of law and technology that can provide these solutions to clients as a single stop?

And that is the reason for India needing cyber lawyers apart from technology and process champions. Well, the point to acknowledge is that these experts in technology and process management can understand demand, implement it, and put all controls to protect them from cybercrime, but it’s more than that as we see:

• Who will be dedicatedly negotiating contracts with vendors or clients to help mitigate cyber risk and conceptualize the cyber implementation plan
• Who will prepare the business case for cyber insurance understanding and evaluating the critical assets, coverage, it deployment, and cyber protection
• Who will conduct the audit controls as per the cyber law of the country

And therefore, there is a need to have cyber lawyers and professionals who understand cyber technology and processes and corresponding laws to reduce risk liabilities to their enterprises and define a framework to design a cyber risk framework along with the team.

In fact, the role played by the cyber lawyer is not limited to the initial implementation phase. The requirement remains as per the daily functioning of the organization for seamlessness in the following categories:

• Maintaining dynamic cyber business case framework depending on Technological changes
• Dealing in claim settlement with vendors, partners, or clients for any violations relating to cyber law.

Cybercrime is something with no physical boundary, and therefore, defining jurisdiction, and municipal laws won’t really help. It is time to look into it with a broader perspective and consider the global need to emend international cyber laws defining homogeneity across all regions. As we all see, the future isn’t coming without technological revolutions. This also confirms the dire need for addressing cybercrimes and data breaches with a dedicated body within organizations. There won’t be any organization not operating on digital fronts soon. Therefore, it’s high time for the government to move on with the IT Act, 2000, and develop dynamic compliances considering the evolving techno-worlds. And from an organizational perspective, the need to understand the importance of new roles and responsibilities that none other than cyber lawyers will deal with. Organizations, therefore, should gear up robust cybersecurity practices and controls as business environments are turning out to be more complex with increased interconnectedness of systems and information. Also, organisations should actively invest in hiring and training of personals as cyber lawyers because the need is there if not today, but definitely within five years down the line. And it is not just an assumption but a certainty, as we see there are various laws laid in the constitution of India, and hence we have professionals who are conventional lawyers. And in a similar fashion, India will certainly see a massive demand for cyber lawyers when the government flushes in cyber laws.

Because cybercrime is not a standard crime, comprehending something unorthodox and untraditional, gathering evidence, and preparing a case takes both technological and legal knowledge. And it is here that the necessity for cyber lawyers emerges, as well as a compelling argument for Why India Needs Cyber Advocates…?