Intro: Did you know that India does not have a dedicated cyber security law? Did you know how feasible it is to park your funds in Crypto assets? Are you aware that posting absurd things on social media is legally not Freedom of Speech? Why is that content being shown on OTT which Indian TV channels aren't allowed to be aired? Answers to all these and more on our Socio-Economic Voices Series where this week we have Dr Pavan Duggal, Chairman, International Commission on Cyber Security Law in an exclusive interaction with Senior Journalist Mahima Sharma. Dr Duggal who is also an Advocate with the Supreme Court of India, shares an exclusive 11 point advice for the Central Government to ensure top most priority to cyber security because he asserts that India must eye not only Indian but global investors by ensuring that country as a 'cyber secure digital nation'. But he asserts that Cyber security is a collective responsibility, and not just the job of the governments to assure. Let’s now delve deeper into what Dr Duggal has shared exclusively with us including the digital future - the Metaverse - its nuances, opportunities for the youngsters in this field plus the legal challenges. Take a read…
MS: Recently the Home Minister stressed upon the need To Build A 'cyber-secure India' For Country's Development. How can this be achieved at a better pace? Please enlist the essential steps including digital awareness to curb tech handicap, needed among the masses.
PD: India needs to be digitally cyber secure. For that, we need to take some necessary steps. I have eleven points of advice towards the same.
If all the aforesaid steps are taken in conjunction with each other, they will strongly contribute to the evolution of India as a cyber secure digital nation.
MS: RBI has slammed crypto assets, stablecoins and DeFi and crypto asset trading platforms, underscoring need for regulatory guardrails to ensure financial stability and consumer and investor protection. What kind of rules, regulations and laws must India bring in and what time frame, amid such burgeoning platforms, which are sucking in consumer money big time without legalities involved? Also what would be your advice to the citizens towards their safe financials?
PD: India needs to quickly come up with enabling legal frameworks on crypto assets, stablecoins and DeFi and crypto asset trading platforms. Currently, India has not worked on the legalities of crypto assets, stablecoins and DeFi and crypto asset trading platforms, but India needs to speed up by learning from the experience of other nations including Malta, Belarus and Estonia who have come up with enabling legal frameworks to regulate crypto-currencies and crypto-assets. The Finance Minister during the speech of Budget 2022 has further created a lot of uncertainty asking people to pay 30% tax on sale or purchase of crypto assets without addressing the legalities of the same. This uncertainty will ultimately prove to be counter-productive. India needs to realize that it ought not to miss the crypto ecosystem train which has come on its platform.
The focus on first trying to launch the Indian Digital Rupee and making the same a success, without addressing the legalities of crypto-assets is a misplaced approach. India should not drive the crypto ecosystem stakeholders away from India due to its ambivalent approach. Till such time there are no legal frameworks in this regard, dealing with such crypto-assets and crypto-currencies blindly, without exercising due diligence, while being misled by advertisements on electronic and social media as also on cyberspace, is not a good idea.
Any oversight or negligence in adopting due diligence for dealing and handling crypto-currencies and crypto-assets by companies is going to be a futile exercise and is aimed at prejudicially impacting the consumer interest. Users must preserve their money in a safe and secure manner. Any unwarranted exercise of adventurous activities of crypto-currencies and crypto-currencies need to be avoided.
MS: The Union Budget 2022 has inter alia introduced a levy of 30% tax on income from cryptos and other digital assets with no offset and 1% TDS, discouraging the crypto community. Your take on the same and how can this prove beneficial to the masses who seek better returns, till India brings in its own Digital Currency?
PD: The Union Budget 2022 is more grounded with the vision to generate money from crypto assets for the Government. However, the said vision is neither pragmatic nor practical primarily because the payment of 30% tax is not accompanied by any legal recognition of the digital assets. Hence, it is not likely to have any incentive for a digital stakeholder to pay such money in the absence of legal recognition of crypto assets. As a nation, India is sleeping on the question of crypto-currencies and crypto assets legalities. India is missing the big picture, particularly in the context of the crypto ecosystem. India needs to learn from experiences of countries like Malta and Belarus on the question of legal recognition and legal enactment of crypto-currencies and crypto assets. The quicker we come up with enabling legal frameworks for crypto assets and other digital assets, the better it will be for India as a nation and also for Indian digital stakeholders.
MS: Amidst the burgeoning universe of crypt, the phishing attacks on online accounts, OTP asking-scams, Wallet Code screen-share asking scams, etc. Your take on the same and how can these be stopped on an urgent basis?
PD: First and foremost, we need to realize that the Golden Age of Cybercrime has already emerged with the advent of Covid-19. Further, this Golden Age of Cybercrime is likely to be with us for the next many decades. Hence, any expectation that these kinds of online frauds and online cyber criminal activities like phishing attacks on online accounts, OTP asking-scams, Wallet Code screen-share asking scams, etc., would come to an end, must instantaneously evaporate. It is very difficult, if not outright impossible, to stop these online frauds. All stakeholders need to do everything possible in their power and possession to contribute in the fight against the menace of cybercrimes. Indian legal frameworks impacting such online frauds and cybercrime are grossly inadequate and not comprehensive and the same need to be updated and revised in their coverage, applicability and ambiguity with regard to cybercrimes.
Further, effective remedies need to be provided to affected victims of cybercrimes in an efficacious manner. More capacity building and awareness needs to be generated amongst all digital stakeholders pertaining to how they can avoid becoming victims of cybercrime. Constant vigil is the price that is required to be paid in order to avoid becoming victims of cybercrimes. Further, effective enforcement of existing provisions of law needs to be done in order to bring in the right deterrent effect for all stakeholders in the digital ecosystem.
MS: Given India's new cyber security legal frameworks, what key advice would you like to share towards legal parameters and strategies that companies need to specifically adopt in the coming times?
PD: It is important to note that today India does not have a dedicated cyber security law. The National Cyber Security Policy 2013 has remained a mere paper-tiger and India now awaits the unveiling of the National Cyber Security Strategy. In this context, the Government of India has quickly realized that there are big gaps in the existing legal frameworks.
That is the reason why the Government of India has notified the IT Directions 2022 on 28th April, 2022. These are mandating a variety of stakeholders including all body corporate, intermediaries, data centers, service providers and also governmental agencies to mandatorily report all kinds of cyber security breaches within 6 hours of coming to know about the same.
Further, various other parameters of cyber security have to be mandatorily complied with by aforesaid stakeholders. If the covered stakeholders do not comply with the IT Directions 2022, this itself constitutes an offence under Section 70B of the Information Technology Act, 2000 punishable with imprisonment and fine. In this context, it becomes imperative that corporates will now have to take a very serious look at proactively complying with the parameters of the IT Directions 2022, if they don’t want their top management to be exposed to legal liability.
The intermediaries also need to comply with the parameters of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 to the extent that they are applicable to cyber security. So, cyber security is no longer a technical buzzword nor is it something that is the responsibility of the Government. Cyber security is a shared responsibility for every constituent of the digital stakeholder ecosystem. Corporates will now have to ensure substantial attention to compliance with the applicable parameters of cyber security if they want that their statutory exemption from legal liability is not snatched away by operations of law or if they want themselves to be insulated from exposure to potential criminal liability.
MS: Cyber Crimes and delay in action or justice to the victim. Your take on the same and what kind of awareness generation, reforms and fast track justice India needs amid the fast booming Digital Tech, fast-picking up Metaverse and more.
PD: Cybercrime has been growing like a phenomenal wildfire. As I pointed out earlier, the Golden Age of Cybercrime is going to be with us for the next many decades. In this context, it becomes very important that cybercrime detection, investigation and prosecution must be expeditious in their speed. This is so as today information is traveling at the speed of light and peoples’ expectations are rising that the Government must act quickly in prosecuting cyber criminals.
But unfortunately, in this space, we find that most of the countries are not having a good track record. India also does not have a successful track record in this regard. India has a cybercrime conviction ratio of less than 1%. The first cybercrime conviction took place in 2003 when I was the counsel for the complainant. Since then, we have got some convictions but with the coming of the Information Technology (Amendments) Act, 2008, we found that getting cybercrime convictions became even more difficult. From 2008, there has been a drought of cybercrime convictions in India, because the majority of cybercrimes have been made bailable. In a majority of Indian cybercrime cases, once the accused person comes out on bail in a cybercrime matter, the said person goes ahead and destroys the relevant incriminating electronic evidence, thereby rendering the entire exercise of getting a cybercrime conviction a completely fruitless exercise in the majority of cases. Therefore, the time has come when we need to have specific and special courts, wholly dedicated to cybercrime cases. We need to provide a specific time frame within which a cybercrime matter needs to be decided and we need to also ensure that the complicated law pertaining to production and proof of electronic evidence needs to be simplified so as to get enough convictions.
At the end of the day, people want a vindication of their mental thought processes. People want cyber criminals to be prosecuted so that the rights of law-abiding people can prevail. But in this regard, there is a need for massive improvement in all elements from various quarters. Not only a better infrastructure is required, not only dedicated cybercrime courts but also the law needs to be substantially amended to enhance not just the coverage of cybercrimes under the existing Cyberlaw but also to provide stringent and effective legal provisions and punishments for various cybercrimes. Also the law pertaining to the production and proof of electronic evidence needs to be simplified.
Finally, people need to be sensitized about the massive impact of cybercrimes and also about various aspects of cybercrimes impacting their daily life.
Very quickly, we have to realize that cybercrime is growing like wildfire. In the year 2021, the world lost more than USD 6 Trillion thanks to cybercrime and by the end of 2022, we are expected to lose more than USD 8 Trillion thanks to cybercrime. Therefore, our investment in capacity building concerning fighting cyber crimes per se is going to be the single biggest significant factor which is going to empower users in the fight against cybercrime.
In this regard, I wanted to point out that we have created a platform called "www.cyberlawuniversity.com", which is offering various courses on Cyberlaw, Cybercrime and Cybersecurity. These courses have already been done by 27,500 professionals and students from 174 countries speaking 53 national languages. So, initiatives like Cyberlawuniversity.com need to be specifically encouraged.
Further, there needs to be enhanced public-private-partnership in the entire area of creating awareness and capacity building on cybercrimes because ultimately the more empowered you are, the more aware you make your digital netizens and the better they contribute in the fight against the menace of cybercrimes.
MS: The IT Act and Media Legality - don't you think they need sharper claws and stringent laws towards social media which is allowing unfiltered words in the name of freedom of speech? What kind of laws and reforms are needed?
PD: India does not have dedicated laws on social media at the time of writing. Even the Information Technology Act, 2000 after amendments is not a social media law. However, certain aspects of social media are sought to be covered as offences under Chapter XI of the Information Technology Act, 2000. But we find the coverage of social media cybercrimes neither adequate nor comprehensive under the Information Technology Act, 2000.
There is a need for amending the Information Technology Act, 2000 so that we can cover more elements of social media crimes and criminal activities on the internet. We also find that even getting a conviction in social media cybercrime is a tall order, assuming that the provisions of the Information Technology Act, 2000 and the Indian Penal Code, 1860 are fully applicable.
In the majority of these kinds of cases, proving electronic evidence from social media in a court of law itself becomes a tall challenge. So, I believe social media appears to have become a wild-wild-west. Everybody believes that they can just about do anything in the name of freedom of speech and expression without even realizing that your fundamental right of freedom of speech and expression under Article 19(1) of the Constitution of India is not absolute but is subject to certain reasonable restrictions.
However, most of the people believe that on social media, there are no restrictions and therefore they can be free to hit other people below the belt and not just publish defamatory and derogatory content but also abusive and humiliative content.
Trolling has become one huge problem on social media. Similarly, the routine threats of rape, murder and kidnapping which are given on social media have further polluted the entire social media ecosystem. The time has come that India needs to take a strong stand on intermediary liability because the existing Indian legal approach on intermediaries has led to this current chaotic situation.
India has, by and large, made these social media companies not liable for third party data and information, resulting in these social media companies having a tremendous honeymoon period from 2008 till 2021, till such time the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 came into force.
Even now the Government has not woken up to the need to really go ahead and regulate social media. There is a massive pushback by social media companies who are finding one pretext or the other to legally challenge such governmental initiatives. Ultimately, the Government of India wants accountability and transparency from social media companies and social media companies want to continue their existing status quo of being spectators while mayhem happens on their networks.
It is a classical case of conflict that is happening. A lot of these issues are going to be decided by the judiciary of India. Till such time the judiciary adjudicates upon these issues, it is open to the Government of India to come up with stringent rules and regulations under the Information Technology Act, 2000 so as to define more effective parameters of due diligence, that have to be exercised by social media companies when they are providing social media platforms and social media services to various users.
At the end of the day, social media companies need to see the writing on the wall. They are more than happy to go ahead and do their business in India and offer their social media services in India. But they have to understand that for doing their business in India, they will have to be more sensitized about the need for complying with the applicable legal frameworks impacting social media in the Indian context.
MS: What is your advice to the common man amid all these fast developments in the Cyber Space and our financial, mental and digital well being?
PD: I would like to say that cyber is now an integral part of our lives. Let's begin to start realizing that. Let's not begin to start taking the internet for granted, let’s quickly visualize the internet as a new paradigm which is central to our day-to-day lives. However, the internet is not our life. The Internet is at best only a tool which needs to be used by humans for doing various human activities.
It is very important that people need to adopt and understand the distinction between cyberspace and the real world at large. It is in this context I believe that we will have to start embracing cyber security as a way of life, because cyber security is going to impact everything and every activity of ours in the digital ecosystem.
Also, I believe that all of us will have to become far more aware of our digital skill sets and will have to keep on constantly adopting new emerging trends on cyber hygiene, cyber security and cyber resilience and cyber confidence in the coming times.
If there is one element which is going to contribute in our future lives, that is change, which will be the only constant in our lives. Since there will be dramatic rapid transformational changes as far as technologies are concerned, it will be very important for us to go ahead and enhance our digital skill sets so that we are prepared to deal with these newly emerging digital paradigms.
Ultimately, the more prepared we are in terms of these new changes in the digital ecosystem, the more cyber resilient we will be and the more confident we will be in terms of meeting with various challenges thrown up by cyberspace and newly emerging technologies like Artificial Intelligence, Blockchain, Internet of Things (IoT) or Quantum Computing.
MS: What else is on the cards from the Ministry of IT and Ministry of Law, which you can share with us? Or anything else that needs to be shared by you on the same?
PD: From the information available in the public domain, it is very clear that the Government of India is working on a number of priority areas. The Government of India is coming up with the revised version of Personal Data Protection Bill, 2019 which is expected to be much broader and wider in its scope, applicability and ambit on the question of data protection.
Further, the Government is also working on amending the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021. Also, another thrust area of the Government appears to be amending the mother legislation of cyberlaw in India, the Information Technology Act, 2000, since there are reports that the Central Government is coming up with and will soon propose amendments to the Information Technology Act, 2000.
The Government of India appears to be also keeping in mind that there is an urgent need of regulating fake news and is keeping the requirement on an important pedestal. There appears to be a move within the Government to make intermediaries more accountable for what happens on their platforms. These are some of the broad trends that one can see based on the information available in the public domain.
MS: Moving on to the ‘Nuances of Metaverse, opportunities and legal challenges.’ Your take on the same and what kind of regulations and policies are needed, in India as well as with collaborating nations?
PD: Metaverse represents a new paradigm of reality.It is a new avatar of the internet which is based not just on the already existing internet but which is also going to be a combination of virtual reality and augmented reality. Consequently, Metaverse is beginning to throw up a number of very complicated and complex legal, policy and regulatory issues. These issues have to be appropriately addressed in order to ensure and enable the further growth and adoption of Metaverse. Metaverse is a place where not just the Metaverse crimes will have to be appropriately regulated but more significantly, maintaining cyber security on the Metaverse will also present immense new legal challenges for countries across the world.
Further, we have also begun to start realizing that on the Metaverse, you will be interacting with the other participants using your digital avatar. The legalities pertaining to a user’s digital avatar and its legal recognition are also important vectors that have to be kept in mind as we go forward.
Fortunately, at the time when we talk, there is no one global law on Metaverse. Even the most advanced and developed countries have only begun to start thinking in the direction of coming up with legal frameworks on Metaverse.
For a country like India, I believe having a minimal enabling regulatory approach on Metaverse would be a good starting point. When one looks at the Information Technology Act, 2000, one finds that it is not completely applicable in the context of Metaverse, because it was drafted 22 years back and Metaverse was not a reality at that point of time. So therefore, minimal legal recognition of Metaverse, the minimal legal recognition of digital avatars and the minimal regulation of activities on the Metaverse should be important thrust areas for any governments, specifically the Government of India.
Also, the governments of the world would be in a better position if they look at how the evolving legal jurisprudence on Metaverse is continuing to develop and how they can look at common legal principles of universal applicability which can be made applicable in the context of the Metaverse.
MS: Can you please throw some light on how Metaverse is expected to evolve in the coming times?
PD: Metaverse as a paradigm is expected to be adopted very quickly by the stakeholders of cyberspace and those who access the cyberspace for a variety of activities. This is because of the unique appeal of the combination of the Augmented Reality and Virtual Reality, alongwith the present world internet, also referred to as Web 2.0.
The metaverse market was worth $478.7 billion in 2020 and is expected to be worth $800 billion by 2024. By 2026, 25% of people will spend an hour in the metaverse and 30% of companies will offer services and products for the Metaverse. It is estimated that by 2030 the users on Metaverse could grow to 5 billion unique internet users.
The average metaverse player is around 27 years old, compared to the average gamer who is about 38 years of age.In terms of gender, metaverse players are mostly males (59% vs 41%). On the other hand, when out of the total gamers surveyed, metaverse players were excluded, then the proportion was 47% males as compared to 53% females. Metaverse is going to impact every aspect of our digital life. Hence, legal, policy and regulatory measures pertaining to Metaverse must be appropriately worked on and addressed in an efficient and effective manner so as to promote the further growth and adoption of the Metaverse, while ensuring that people are not exploited. Since metaverse becoming a part of our daily lives is probable, its users must be safe through adequate legal protection, much like is the case with online commerce, online banking and online studying.
MS: The new-age media especially OTT platforms, Digital Videos, and other Digital Media are showcasing content that depicts drug use, alcoholism, violence etc, etc. There is no control over what is being streamed. It remains a grave concern especially for parents. What kind of laws India needs and how soon must these be implemented so that a midway, safe way can be found out?
PD: OTT represents a dream for all publishers. Because, this is one area where there is hardly any regulation. The Government of India has now sought to regulate OTT platforms by coming up with the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 which stipulate these OTT platforms to not just adhere to the basic Code of Conduct but also to ensure taking appropriate steps so that inappropriate sexual, pornographic or other illegal content does not find mention or presence on their platforms.
But now with the matters challenging the said Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 being sub-judice, the matter ultimately is still going to be decided by the higher courts in India. However, as of now, there is a complete lack of any law in the context of OTTs. That is the reason why a lot of these OTT platforms are showing content which is not just detrimental to the growth of innocent minds but could ultimately have a huge prejudicial impact upon the further evolution of Indian society at large.
There is no denying the fact that OTT space needs to be regulated but the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 are neither sufficient nor adequate in the direction of effective regulation of the OTT ecosystem.
India requires new legal frameworks specifically to deal with OTT regulation so that the legal position across all paradigms is very clear.
What is not permissible in the physical world, ought not to be made permissible in the context of OTT or in cyberspace at large. Everything in this regard is going to depend upon the political will of the Government as to how soon and how quickly it comes up with effective legal frameworks in this regard to regulate OTT platforms.
MS: As the Chairman of the Confederation of Indian Industry Panel on Cyber Security, what would be your advice to our student readers who would like to make a career in Cyber Laws, Cyber Security and NFTs? Please detail each one separately.
PD: As a youngster, you need to realize that a world of new opportunities awaits you. The coming of the Covid-19 has effectively acted as a blessing in this regard, if one looks at the overall picture from the perspectives of the digital ecosystem. Because, this digital ecosystem has had a massive thrust in terms of its adoption.
Consequently, we are finding that there are new opportunities that are coming. As the Chairman of the Confederation of Indian Industry Panel on Cyber Security, I can clearly tell you one thing that Cyber Law as a career is going to open up remarkably. There is going to be more litigation because a lot of digital disputes have arisen and they will ultimately find their ways to courts. There will be more work for digital lawyers, cyber lawyers would be in great demand as far as companies, corporates and other organizations are concerned.
Today, when everything is happening digitally. The legal, policy and regulatory aspects pertaining to activities done in cyberspace suddenly assume significance. I see massive growth of cyberlaw as a discipline growing phenomenally well in the coming times.
As regards the NFTs, the Non-fungible Tokens represent a very interesting aspect of digital activities. I see a lot of potential in the entire ecosystem of NFTs. But today, primarily because there is a lack of adequate legal clarity on NFTs and their legal status, a lot of people are slightly confused. There needs to be more legal clarity on NFTs, after which I expect the NFT ecosystem to constantly keep on growing and ultimately offering new kinds of job opportunities and other potential opportunities for users and the digital stakeholders at large.
These are some huge areas of potential growth and if I was to be a student today, I would be super excited, because I have so much to choose from, whether it is Cyberlaw, Cyber Security or NFTs.
Today, the world opens up to new vistas, new horizons in terms of new opportunities, new issues, new challenges and ultimately new vistas of growth and evolution in the coming times.
About Dr. Pavan Duggal
While a practicing Advocate, Supreme Court of India, Dr. Pavan Duggal has made an immense impact with an international reputation as an Expert and Authority on Cyber Law, Cyber Security Law, Artificial Intelligence Law & E-commerce law.
WDD [World Domain Day] recognizes him as one of the top 10 Cyber Lawyers around the world. Dr. Pavan Duggal, is the Founder & Chairman of International Commission on Cyber Security Law. He is also the President of Cyberlaws.Net, Chief Executive at Artificial Intelligence Law Hub and Chief Mentor at Blockchain Law Epicenter and Founder-cum-Honorary Chancellor of Cyberlaw University.
Dr. Pavan Duggal is the Chief Evangelist of Metaverse Law Nucleus and Conference Director of the International Conference on Cyberlaw, Cybercrime & Cybersecurity.
As an internationally renowned Cyber law and Cyber security subject expert, at the world stage during the High-Level Policy Statement delivered by him at the World Summit on Information Society (WSIS) organized by the International Telecommunications Union (ITU) in Geneva, Switzerland from 25th May - 29th May, 2015, Dr. Pavan Duggal has recommended the need for coming up with an International Convention on Cyber Law &Cyber Security.
Dr. Duggal is a regular on the lecture circuit. He has spoken at over 2500 Conferences, Seminars and Workshops in the last two decades, and has lectured extensively in select Law Colleges. As a Writer, he has made his mark with 179 Books on various aspects of the law in the last 20 years. Dr. Pavan Duggal’s books have been conferred various awards by Book Authority in various categories over a couple of years. More about Dr. Pavan Duggal is available at https://www.pavanduggal.com/.
About the Interviewer
Mahima Sharma is a Senior Journalist based in Delhi NCR. She has been in the field of TV, Print & Online Journalism since 2005 and previously an additional three years in the allied media. In her span of work she has been associated with CNN-News18, ANI - Asian News International (A collaboration with Reuters), Voice of India, Hindustan Times and various other top media brands of their times. In recent times, she has diversified her work as a Digital Media Marketing Consultant & Content Strategist as well. Since March 2022, she is also an Entrepreneurship Education Mentor at Women Will - An Entrepreneurship Program by Google in Collaboration with SHEROES. Mahima can be reached at firstname.lastname@example.org
Disclaimer : The opinions expressed within this interview are the personal opinions of the interviewed protagonist. The facts & statistics, the work profile details of the protagonist and the opinions appearing in the answers do not reflect the views of Indiastat or the Journalist. Indiastat or the Journalist do not hold any responsibility or liability for the same.
"Newer Grades of Steel are the Need of the Hour"... Read more