0

Navigating the Legal Terrain of AI-Driven Cyber Threats

AI, Articles , , , , , , ,

ABSTRACT

This research proposal aims to investigate the legal implications surrounding AI-enhanced cyberattacks, focusing on the influence of AI on cyber threats, attribution challenges, adequacy of existing cybersecurity regulations, and the development of recommendations for legal reforms and ethical standards. Employing a mixed-methods approach, the study will involve a literature review, data collection, case studies, and legal analysis. The proposed chapters will cover topics such as AI’s role in cyberattacks, legal hurdles in attribution, regulatory frameworks, ethical and privacy considerations, AI’s role in cyber defense, international perspectives, and case studies. The conclusion will summarize the key findings and emphasize the need for proactive legal measures and international collaboration to address the evolving nature of AI-enhanced cyber threats. It will also suggest recommendations for legal reforms and ethical guidelines to tackle the legal implications of AI-enhanced cyberattacks.

INTRODUCTION

In the digital age, Artificial Intelligence (AI) stands as both a boon and a bane, offering groundbreaking solutions across various domains while simultaneously presenting formidable security challenges. The integration of AI into cyber operations has birthed a novel menace: AI-enhanced cyberattacks. These sophisticated assaults leverage AI’s capacity to learn, adapt, and execute with unprecedented speed and stealth, surpassing conventional cybersecurity defenses and confounding legal countermeasures.

As malicious actors harness AI to automate attacks, infiltrate networks, and mimic human behavior, the implications for privacy, security, and digital trust loom large. Legal frameworks, once relied upon for recourse, now find themselves strained under the weight of these contemporary technological stratagems. Cyber law, traditionally playing catch-up, now faces the Herculean task of evolving in tandem with innovation, prompting concerns about adequacy, jurisdictional reach, and enforceability.

This research endeavors to unravel the intricate interplay between AI-driven cyber threats and the global legal systems charged with mitigating their impact. It delves into the essence of AI-enhanced cyberattacks, unpacks their legal implications, scrutinizes existing and prospective cyberspace governance mechanisms, and delves into ethical considerations surrounding the utilization of AI in both offensive and defensive cybersecurity strategies. We contend that adaptability and foresight are paramount in crafting legal remedies capable of confronting today’s AI-amplified cyber perils while possessing the resilience to anticipate future cyber battlegrounds.

BACKGROUND:

Throughout history, technological progress has been synonymous with the emergence of cyber threats. In the nascent stages of the computer era, simple viruses and malware marked the initial onslaught of cyberattacks, primarily aimed at system disruption or garnering notoriety for their creators. However, as the internet expanded its reach, so did the sophistication and incentives driving cyber breaches, with attackers increasingly motivated by financial gain, espionage, or political leverage.

Before the advent of artificial intelligence (AI), legal responses to cyber threats predominantly revolved around identifiable risks posed by human actors. Established legal frameworks and regulations, such as the United States’ Computer Fraud and Abuse Act and the global Budapest Convention on Cybercrime, were tailored to combat cybercrime on a human scale. However, these frameworks have struggled to keep pace with the scale, velocity, and intricacy ushered in by AI.

The once-clear delineations between accountability and culpability in cyber incidents have become increasingly blurred as AI systems gain autonomy. In addition to human attackers, AI developers, operators, and, in certain conceptual paradigms, AI entities themselves may also play roles in AI-enhanced cyberattacks. Compounding the complexity, the borderless nature of the internet enables AI systems trained on data from one jurisdiction to be wielded against targets in another, challenging established notions of sovereignty and jurisdiction.

This backdrop sets the stage for a comprehensive exploration of AI-enhanced cyberattacks, emphasizing the imperative for fundamental legal principles to evolve in tandem with technological advancements. Understanding this historical context is crucial for dissecting the intricate interplay between legal frameworks and technological progress, which constitutes the primary focus of this study.

AI-powered threats:

In today’s digital landscape, the convergence of artificial intelligence (AI) and cyber threats has ushered in a new era of complexity and urgency for cybersecurity professionals worldwide. The emergence of AI in cyber threats represents a paradigm shift, as malicious actors leverage machine learning algorithms and other AI technologies to augment the potency of their attacks. This article delves into the multifaceted dimensions of AI-powered threats, exploring their dynamic nature, diverse forms, stealth tactics, ethical implications, and mitigation strategies.

Emergence of AI in Cyber Threats:

The integration of AI into cyber threats marks a pivotal juncture in the evolution of digital warfare. Malicious actors utilize AI to automate and enhance various aspects of cyberattacks, ranging from reconnaissance to payload delivery. By leveraging machine learning algorithms, these adversaries craft dynamic, cutting-edge tactics that surpass conventional, static assault techniques. This infusion of AI not only amplifies the effectiveness and evasiveness of cyber threats but also poses unprecedented challenges to traditional cybersecurity defenses.

Dynamic and Adaptive Nature:

AI-powered threats exhibit a dynamic and adaptive nature, enabling them to evolve and refine their strategies in real-time. Machine learning algorithms empower these threats to learn from past interactions, thereby enhancing their efficacy over time. This dynamicity renders traditional cybersecurity defenses reliant on established patterns or fingerprints inadequate, as AI-driven adversaries continually adapt their tactics to evade detection.

Forms of AI-Powered Threats:

AI-powered threats manifest in various forms, each posing unique challenges to cybersecurity professionals:

  • Advanced Malware: AI is utilized to construct polymorphic malware that can alter its code to evade signature-based detection.
  • Adaptive Phishing: AI enables the customization of phishing attacks, tailoring content to exploit target behavior, preferences, or previous interactions.
  • Social Engineering: AI assists in crafting socially engineered attacks through personalized messaging, chatbots, or deepfake technologies.

Targeted Attacks and Scalability:

AI empowers threat actors to execute highly targeted assaults by analyzing vast datasets to identify specific vulnerabilities in target systems. This targeting precision enhances the likelihood of successful exploitation. Furthermore, AI-powered attacks exhibit scalability, enabling adversaries to deploy identical strategies against a multitude of targets, thereby amplifying their impact and expanding the threat landscape.

Stealth and Evasion Tactics:

AI-powered attacks employ sophisticated evasion techniques to evade detection and blend in with normal network activity:

  • Evasion Techniques: AI-driven attacks actively evade detection by adapting to security measures such as behavioral analysis and signature-based detection.
  • Mimicking Genuine Behavior: By replicating authentic user behavior, these attacks camouflage themselves amidst legitimate network activity, complicating the task of security systems in distinguishing between malicious and legitimate actions.

Ethical Considerations and Unintended Consequences:

The proliferation of AI-powered threats raises profound ethical concerns and unintended consequences:

  • Privacy Invasion: AI-powered threats may infringe upon privacy rights by conducting illegal surveillance, breaching confidentiality, or harvesting sensitive personal information.
  • Manipulation of Information: Threat actors can exploit AI to fabricate and disseminate misinformation, manipulate digital content, or orchestrate disinformation campaigns, with far-reaching social, political, or economic ramifications.
  • Autonomous Decision-Making: The deployment of AI in cyber threats introduces the risk of unintended consequences, as autonomous decision-making algorithms may exhibit unpredictable behavior or inflict unforeseen harm.

Mitigation Strategies and Future Preparedness:

Effectively combating AI-powered threats necessitates a multifaceted approach encompassing:

Holistic Approach: Addressing AI-powered threats requires a holistic strategy that transcends traditional cybersecurity measures, involving the integration of cutting-edge technology, threat intelligence, and fostering collaboration among stakeholders.

Research and Development: Continuous research and development efforts are imperative for staying ahead of emerging threats. This entails the development of sophisticated AI-driven security solutions, enhancement of threat detection capabilities, and exploration of ethical frameworks governing the use of AI in cybersecurity.

As AI continues to reshape the cybersecurity landscape, proactive measures are indispensable to mitigate the risks posed by AI-powered threats. By embracing a comprehensive approach, fostering innovation, and upholding ethical standards, the cybersecurity community can effectively navigate the complexities of this new era of digital warfare and safeguard the integrity of cyberspace for generations to come.

The rise of AI-driven cyberattacks heralds a new era of digital warfare, characterized by unprecedented sophistication and covert operations. These attacks pose far-reaching dangers beyond mere data breaches, with the potential to inflict severe and catastrophic effects on organizations, infrastructure, and even human lives. This article explores the multifaceted impact of AI-driven cyber threats, examining their transformative capabilities, economic ramifications, legal complexities, and ethical implications.

Transformative Powers of AI:

AI’s transformative powers, particularly its capacity to learn and adapt, enable the creation of scaled, precisely targeted, and remarkably human-like cyber threats. Unlike traditional attacks, AI-driven assaults possess the ability to continually evolve and adapt by assimilating knowledge from their environment. This adaptability presents a formidable challenge, as offensive AI can seamlessly exploit vulnerabilities, increasing the risk of undetected infiltration and long-term damage to critical systems.

Insidious Nature of AI-Driven Attacks:

One notable example is PassGAN, an AI-powered attack capable of generating a myriad of potent password guesses, effectively circumventing existing cybersecurity authentication systems. Such attacks underscore the insidious nature of AI-driven threats, which operate discreetly and evade conventional detection methods. The long-term repercussions of these assaults extend beyond the initial breach, undermining trust in digital systems and necessitating robust cybersecurity solutions capable of combating these adaptive and powerful adversaries.

Impact Areas of AI-Driven Cyberattacks:

AI-powered cyberattacks exert significant impacts across various domains:

  • Economic Impact: These attacks can result in substantial financial losses for businesses, encompassing direct cash losses, regulatory fines, legal expenses, and brand damage. Indirectly, they erode trust in the digital economy, causing ripple effects throughout industries.
  • Data Privacy Violations: AI amplifies the scope and precision of data breaches, compromising personal and sensitive information at a rapid pace, leading to serious privacy violations and potential exploitation.
  • National Security Threats: Critical infrastructure, such as power grids and banking institutions, faces heightened risks from AI-driven assaults, jeopardizing state security, disrupting services, and eroding citizens’ trust in government capabilities.
  • Acceleration of Cyber Arms Race: The advancement of AI enhances cyber attacker capabilities, prompting governments and companies to escalate their use of AI for cyber defense, fueling a cyber arms race and hastening the development of hostile AI capabilities.

Legal, Regulatory, and Ethical Considerations:

AI-powered cyberattacks pose significant challenges to existing legal, regulatory, and ethical frameworks:

  • Legal and Regulatory Difficulties: The complexity of AI-driven assaults complicates accountability and jurisdictional determinations, especially when attacks originate globally and involve autonomous systems.
  • Ethical and Social Consequences: Widespread ethical concerns surround the malicious use of AI, including its impact on democratic processes through disinformation campaigns and the erosion of human autonomy and freedom due to mass surveillance.
  • Unpredictability and Loss of Control: The self-learning and adaptive nature of AI systems introduce unpredictability in cyber assaults, leading to unforeseen consequences or collateral damage, including the loss of control over the AI system itself.

As AI-driven cyberattacks continue to evolve and proliferate, addressing their multifaceted impacts requires a holistic approach that spans technological innovation, regulatory reform, and ethical stewardship. By fostering collaboration among stakeholders, advancing AI-driven cybersecurity solutions, and upholding ethical norms, we can navigate the complex challenges posed by AI-driven threats and safeguard the integrity of cyberspace for future generations.

Fortifying Cyber Defense: Strategies Against AI-Driven Cyberattacks

As AI-driven cyberattacks become increasingly sophisticated and pervasive, traditional reactive defense models are no longer sufficient to safeguard against emerging threats. To effectively counter these dynamic adversaries, organizations must adopt proactive and adaptive defense strategies. This article elucidates the critical components of a robust defense strategy against AI-driven cyber threats, encompassing AI-powered threat intelligence, advanced behavioral analysis, continuous security training, robust encryption practices, incident response and recovery, adaptive defense mechanisms, decoy techniques, international collaboration, and ethical considerations.

AI-Powered Threat Intelligence:

Harnessing AI for threat intelligence enables organizations to anticipate and identify potential risks before they materialize. By analyzing data trends and anomalies, AI systems can predict attack vectors, providing an early warning system to thwart cyberattacks before they inflict damage.

Advanced Behavioral Analysis:

Detecting AI-driven threats requires advanced behavioral analysis to distinguish between genuine user activity and AI-generated patterns. This entails scrutinizing network traffic, user actions, and system behaviors to identify anomalies indicative of malicious activity.

Continuous Security Training:

An effective defense strategy necessitates ongoing security training based on the latest threat intelligence to keep defensive AI models updated. By leveraging data from current attacks and emerging threats, AI systems can continuously enhance their detection capabilities.

Robust Encryption Practices:

Strengthening encryption protocols is essential to safeguard data from AI-powered decryption attempts. Quantum-resistant algorithms and secure key management techniques bolster encrypted data, mitigating the risk of unauthorized access.

Incident Response and Recovery:

A comprehensive incident response plan is imperative for effective defense. This includes protocols for containment, eradication, and recovery in the event of a breach. AI-powered crisis response facilitates swift and efficient mitigation of cyber incidents.

Adaptive Defense Mechanisms:

Defensive measures must adapt in real-time to counter AI-enhanced threats. Dynamically configuring firewalls, intrusion detection systems, and other security measures enables organizations to respond swiftly to evolving threat landscapes.

Decoy Techniques and Honeypots:

Deploying decoys or honeypots can deceive and analyze AI-driven attack strategies. These controlled environments divert attacks away from critical systems while gathering valuable insights into attacker behavior and tactics.

International Collaboration and Information Sharing:

Given the global nature of cyber threats, international collaboration is indispensable. Sharing knowledge about new threats, tactics, and mitigation measures fosters collective defense against AI-powered assaults.

Legal and Ethical Frameworks:

Establishing legal and ethical frameworks for the use of defensive artificial intelligence ensures responsible and effective cybersecurity practices. Setting standards for appropriate AI usage safeguards privacy and human rights while bolstering cyber defenses.

End-User Education and Awareness:

Human users remain a prime target for cyberattacks. Educating employees and end-users about current threats and best practices mitigates the risk of breaches resulting from AI-driven social engineering attacks.

In the face of escalating AI-driven cyber threats, organizations must adopt a proactive defense posture that incorporates AI-powered threat intelligence, advanced behavioral analysis, continuous security training, robust encryption practices, incident response and recovery protocols, adaptive defense mechanisms, decoy techniques, international collaboration, and ethical considerations. By implementing a comprehensive defense strategy, organizations can effectively mitigate the risks posed by AI-driven cyberattacks and safeguard their digital assets and operations.

CASE LAW:

Navigating the Legal Landscape: The Rashmika Mandanna Deepfake Video Case

In the digital age, the proliferation of advanced technologies has given rise to a new form of deception known as deepfakes, presenting unprecedented challenges for law enforcement and judicial systems worldwide. The Rashmika Mandanna deepfake video case, which surfaced on November 7, 2023, serves as a stark reminder of the ethical and legal complexities surrounding the manipulation of digital content. This article delves into the intricacies of the case, examining the implications of deepfake technology, the legal framework governing cybercrimes, and the proactive measures taken by law enforcement agencies and advocacy groups.

Understanding Deepfake Technology:

Deepfakes represent a sophisticated form of manipulation, wherein artificial intelligence algorithms are employed to seamlessly graft one individual’s likeness onto another’s body in videos or images. These deceptive creations are designed to mislead viewers and propagate misinformation, posing significant ethical and societal challenges.

Legal Ramifications and Prosecution:

The Rashmika Mandanna deepfake video case has triggered swift legal action, with authorities invoking relevant statutes to address the cybercrime. The arrest of the primary suspect under Sections 465 and 469 of the Indian Penal Code, which pertain to forgery and tarnishing reputation, underscores the gravity of the offense. Additionally, Sections 66C and 66E of the Information Technology Act have been invoked to address the digital aspect of the crime, reflecting the need for comprehensive legislation to combat emerging threats in cyberspace.

Role of Law Enforcement and Advocacy Groups:

The arrest of the primary suspect in the deepfake video scandal is a testament to the proactive efforts of law enforcement agencies, particularly the Delhi Police’s Special Cell’s Ifso unit, which conducted operations across multiple states to apprehend the perpetrator. Furthermore, the Delhi Commission for Women’s suo-moto cognizance of the matter and subsequent lodging of an official complaint highlights the crucial role played by advocacy groups in catalyzing legal action and ensuring justice for the victims of cybercrimes.

Ethical Implications and Societal Impact:

Beyond the legal implications, the Rashmika Mandanna deepfake video case raises profound ethical concerns and underscores the potential societal impact of deepfake technology. The unauthorized manipulation of an individual’s likeness not only violates their privacy and dignity but also undermines public trust and perpetuates harmful stereotypes. As such, the case serves as a sobering reminder of the need for ethical guidelines and responsible use of AI-driven technologies in the digital realm.

Mitigation Strategies and Future Preparedness:

Moving forward, addressing the threat posed by deepfake technology requires a multifaceted approach encompassing legal reform, technological innovation, and public awareness campaigns. Strengthening cybersecurity measures, enhancing digital literacy, and fostering international collaboration are essential steps in mitigating the risks associated with deepfake manipulation and safeguarding against future instances of cyber deception.

The Rashmika Mandanna deepfake video case serves as a wake-up call for stakeholders across the legal, technological, and societal spheres to confront the challenges posed by deepfake technology. By leveraging legal frameworks, empowering law enforcement agencies, and promoting ethical guidelines, society can mitigate the risks of cyber deception and uphold the integrity of digital content. Ultimately, proactive measures and collaborative efforts are essential in navigating the evolving landscape of cybercrimes and protecting individuals’ rights in the digital age.

CRITICAL ANALYSIS & CONCLUSION:

In conclusion, this research paper has delved deeply into the legal ramifications of AI-enhanced cyberattacks, shedding light on the transformative influence of artificial intelligence on the cyber threat landscape. Through a comprehensive mixed-methods approach, the study has unraveled the intricacies surrounding attributing cybercrimes to AI systems, evaluated the efficacy of existing cybersecurity regulations in countering AI-powered threats, and put forth recommendations for legal reforms and ethical frameworks to combat these evolving challenges in cybersecurity.

The research has illuminated the dynamic and adaptive nature of AI-powered threats, from targeted attacks to stealth tactics and evasion techniques, while also bringing into focus the ethical considerations and unforeseen consequences inherent in the utilization of AI in cybercrimes. Moreover, the study has underscored the paramount importance of international collaboration and information exchange in bolstering cybersecurity resilience against the onslaught of AI-driven cyberattacks.

To effectively navigate the legal complexities arising from AI-enhanced cyber threats, several key suggestions emerge from this research. Firstly, urgent legal reforms tailored specifically to address AI-powered threats are imperative. These reforms should provide a robust framework for prosecuting offenders who exploit AI technologies in cybercrimes, while also tackling the unique challenges associated with attributing cybercrimes to AI systems.

Secondly, the research underscores the critical need for the development of ethical guidelines governing the responsible deployment of AI in cybersecurity practices. These guidelines should outline best practices for the transparent, accountable, and privacy-preserving utilization of AI technologies in cyber defense strategies. By adhering to ethical AI principles, organizations can mitigate the risks associated with AI-driven cybercrimes and uphold the integrity of cybersecurity operations.

Furthermore, the study emphasizes the significance of fostering international collaboration and information sharing among cybersecurity agencies. By forging partnerships and exchanging intelligence on emerging threats, nations can collectively enhance their cybersecurity resilience and mount a more robust defense against sophisticated cyberattacks fueled by AI technologies.

In summation, this research paper offers invaluable insights into the legal implications of AI-enhanced cyberattacks and provides actionable recommendations for addressing these multifaceted challenges. By enacting legal reforms, instituting ethical guidelines, and fostering international cooperation in cybersecurity endeavors, stakeholders can fortify their defenses against the evolving threat landscape and thwart the misuse of AI in cybercrimes effectively.

“PRIME LEGAL is a full-service law firm that has won a National Award and has more than 20 years of experience in an array of sectors and practice areas. Prime legal fall into a category of best law firm, best lawyer, best family lawyer, best divorce lawyer, best divorce law firm, best criminal lawyer, best criminal law firm, best consumer lawyer, best civil lawyer.”

Written by- Chiraag K A

REFERENCES:

  1. Fraud detection system: A survey
  2. Anomaly Detection in Traffic Surveillance Videos Using Deep Learning
  3. sciencedirect.com
  4. https://ensarseker1.medium.com/data-poisoning-attacks-the-silent-threat-to-ai-integrity-d83900eea276
  5. https://www.ilink-digital.com/insights/blog/financial-impact-cyber-breaches-business-costs/
  6. https://www.sciencedirect.com/science/article/pii/S2543925123000372
  7. Lindsay and J. Krysik, “Online harassment among college students,” Information, Communication & Society, vol. 15, no. 5, pp. 703–719, Jun. 2012. [Online]. Available: https://doi.org/10.1080/1369118x.2012.674959
  8. indiatoday.in
0

Right to be Forgotten: An Indian Perspective

Articles ,

Introduction  

Everyone would face insults and humiliations in life, But nobody wants to remember those. We all try to forget it and motivate ourselves to move forward, while the world never forgets it irrespective of our growth and achievement. Right to be Forgotten means the right to get one’s information removed from internet or any public platforms. This right was first established by European Union in 2014 and enforced in 2018 through the General Data Protection Regulation which provides the right to individuals to delete or erase their personal information. Till date there is no law in India to deal with the right to be forgotten specifically. 

Right to be Forgotten in India  

An attempt was made in India to bring the ‘right to be forgotten’. Ravi shankar prasad, ministry of Electronics and Information Technology, introduced The Personal Data Protection Bill to the Lok Sabha on 11th december 2019. The purpose of the Personal Data Protection Bill is to protect an individual’s privacy relating to their personal data. Under the Personal Data Protection Bill, Chapter 5 provides about Right of Data Principal and clause 20 mentions the Right to be Forgotten;  

Clause 20 (l) states that: “Data principal (the person to whom the data is related) shall have the right to restrict or prevent the continuing disclosure of his personal data by data fiduciary”. 
The users can delink, delete, or correct an individual’s personal information under this right but it is yet to be passed in the parliament. 

The right to be forgotten was first raised in India in the case of Dharamraj Bhanushankar Dave v. State of Gujarat & Ors (2015) before the Gujarat High Court. The petitioner was accused of criminal conspiracy, murder, and kidnapping. After he was acquitted by the Court, he requested that the respondent must be barred from publishing the non-reportable judgement on the internet, as it could be damaging to the petitioner’s personal and professional life- leading to defamation. However, the court did not recognize the existence of the ‘Right to be Forgotten’ in India.  

Supreme court in the case of Justice K.S. Puttaswamy (Retd.) and Anr. vs Union of India, held Right to Privacy as a fundamental right as it will be included in the Right to Life enshrined under Article 21 of the Constitution. The aim of Article 21 is that No person shall be deprived on his life or personal liberty expect according to a procedure established by law. Court observed that: “right of an individual to exercise control over his personal data and to be able to control his/her own life would also encompass his right to control his existence on the Internet.” 

In the case of Jorawar Singh Mundy vs. Union of India (W.P. (C) 3918/ 2020), Single Judge bench comprising Justice Pratibha M. Singh held that, on the one hand, there is petitioners’ right to privacy and on the other hand, the public’s right to information & the preservation of transparency in judicial records. The court prioritizing the petitioner’s right to privacy, ordered the respondents to delete access to the judgement from their websites.  

In Zulfiqar Ahman Khan v. M/S Quintillion Business Media Pvt. Ltd. And others, High Court of Delhi recognized the Right to be Forgotten and the right to be left alone as the integral part of an individual’s existence.  

There are certain challenges associated with the implementation of Right to be Forgotten. It would be a disadvantage for the journalists in providing information and news. This right clearly benefits the individual claiming it, while on the other side it hinders the right of freedom of expression of others who have expressed their opinion through various modes of publication. Thus, Right to be forgotten is a complex right. It has to decide between a person’s Privacy and others freedom of speech and expression. 

Conclusion  

The right to be forgotten is a subset of the right to privacy, which is a basic right under Article 21 of the Indian Constitution. However, whether the right to be forgotten is a basic right is ambiguous. The “right to be forgotten” being widely significant in present days is a developing right in India. Each one make mistakes remarking their character and everyone deserve the right to be forgotten of that remark once they are exonerated.  

 

“PRIME LEGAL is a full-service law firm that has won a National Award and has more than 20 years of experience in an array of sectors and practice areas. Prime legal fall into a category of best law firm, best lawyer, best family lawyer, best divorce lawyer, best divorce law firm, best criminal lawyer, best criminal law firm, best consumer lawyer, best civil lawyer.” 

Written by- K R Bhuvanashri 

 

References: 

  • https://www.legalserviceindia.com/legal/article-7112-right-to-be-forgotten-in-india.html 
  • https://timesofindia.indiatimes.com/readersblog/myblogpost/is-the-right-to-be-forgotten-a-fundamental-right-52529/ 
  • 2015 SCC OnLine Guj 2019, 
  • https://main.sci.gov.in/supremecourt/2012/35071/35071_2012_Judgement_26-Sep-2018.pdf  
0

Data Theft Becoming A Menace Of Digital Age, Must Be Nipped In The Bud: Karnataka High Court

Blog ,

Title: Naveen Kumar R @ Naveen & ANR And State of Karnataka.

Case No: CRIMINAL PETITION NO. 3173 OF 2023

Date of Order: 12-07-2023

CORAM: HON’BLE JUSTICE M NAGAPRASANNA

INTRODUCTION

The Karnataka High Court recently remarked that the act of stealing data has become a significant problem in the digital era and needs to be curbed.

FACTS OF THE CASE

The complainant company alleged that the petitioners violated a non-disclosure agreement and stole essential client data from the company. They used this information in their rival company named Conscala. Consequently, the complainant company filed civil proceedings seeking an injunction against the use of the stolen data. The court granted a temporary injunction in favor of the complainant.

Prior to filing the civil case, the complainant also lodged a complaint with the police, stating that the data belonging to their company had been stolen by the petitioners and others. The police registered a crime  for the mentioned offenses. However, an interim order from the court prevented the investigation against the petitioners from being conducted.

The petitioners’ counsel argued that there is no substantial evidence to support the allegations of offenses under Sections 408, 504, 506 of the IPC, or even under Section 66 or 66C of the Information Technology Act.

COURT ANALYSIS

The court while refusing to quash the proceedings initiated against two persons accused of having stolen client data from their previous employer and misusing it by joining a rival company. The court said after going through the records the case is shrouded with seriously disputed questions of fact and therefore, it would not be prudent to quash the proceedings at this stage. It held “The allegation against the petitioners is that they have been thieving all the data belonging to the clients of the complainant/Company and using it for the purpose of development of business of the rival Company, and have therefore, violated the non-disclosure agreement of the Company, which would become an offence as alleged for the aforesaid offences.

“PRIME LEGAL is a full-service law firm that has won a National Award and has more than 20 years of experience in an array of sectors and practice areas. Prime legal fall into a category of best law firm, best lawyer, best family lawyer, best divorce lawyer, best divorce law firm, best criminal lawyer, best criminal law firm, best consumer lawyer, best civil lawyer.”

Written by- Shreya Sharma

Click here to view judgement

0

DATA PRIVACY LAWS AND THEIR IMPACT ON BUSINESS OPERATIONS

Articles , , ,

Appropriate risk governance management in the fields of digital data privacy and security in the business world requires not only understanding of applicable laws and regulations, but also at least a reasonable awareness of modern techniques and the activities of the organization or other organization that are accumulating or using private information or controlling behaviour. The Data Protection Act (DPA) regulates the gathering and use of private information. ‘Personal data’ refers to information that may be used to identify any living individual or that, when combined with other information stored by you, can be used to identify any person.

The term ‘processing’ of personal data refers to the act of acquiring, collecting, or storing information. Because you will be managing the private information of your workforce, suppliers, and/or customers as a company, it is probable that your actions will fall under the purview of the DPA. If you are a ‘data controller’ under the Act and fail to tell the Information Commissioner about your organization, your directors may face criminal prosecution. A system administrator is an individual or organization that determines why personal data is handled. Private data must be protected under the DPA.

 Personal information according to the DPA must be:

  1. fairly and legally processed;
  2. processed for reasons; adequate, meaningful, and not unnecessary; Personal information must be:
  3. fairly and legally processed;
  4. processed for reasons;
  5. adequate, meaningful, and not unnecessary;
  6. accurate and, where required, updated regularly;
  7. not kept for longer than needed;
  8. processed in accordance with the person’s freedom;
  9. kept safe; and
  10. not transferred to countries outside the EEA unless the information is adequately protected.

Failure to comply can lead to an enforcement letter prohibiting your company from analysing information, thus shutting down numerous firms, as well as severe fines may be imposed. Furthermore, a company’s officials, managers, and directors could be held personally criminally accountable for the violation. Laws governing information privacy, data privacy, or data protection establish a legal framework for obtaining, using, and storing personal data.

 The different laws throughout the globe define natural individuals’ rights to regulate who uses their information. This often involves the right to obtain information about which information is held, for what purpose, and to seek deletion if the objective is no longer specified.

Personal Data Protection Bill (PDP)

The PDP Bill (Personal Data Protection Bill) was proposed and passed in India to protect the current data protection system of India.  Currently governed under the Information Technology Act 2000. The Personal Data Protection Bill provides rules for notice and previous approval for the use of personal information, constraints on the reasons for which organizations can handle data, and limitations to guarantee that only information needed to provide a service to the person concerned is gathered.

 It also contains criteria for data localization and the designation of data protection administrators inside enterprises. This precise data protection regulation has not yet been established in India. The Indian legislature did, nevertheless, alter the Information Technology Act (2000) to add Sections 43A and 72A, which provide for reimbursement for wrongful personal data. Rules governing the acquisition and sharing of private information.

Under Article 43A of the IT Act, the Indian federal government later enacted the Information Technology Rules. The Regulations place extra duties on corporate and commercial enterprises in India for the acquisition and disclosure of sensitive private and confidential information, which are comparable to the GDPR and the Data Protection Regulations. Organizations in regulated industries, such as financial services and telecommunications, are subordinate to confidentiality obligations under sectoral laws that force them to keep customers’ data kept private and use it only for recommended purposes or in the sort of way agreed upon with the customer.

PDP will be introduced in stages. The Indian government and a Joint Parliamentary Council have submitted the original PDP Bill on data protection, which would be India’s first legislation on the protection of personal information and therefore will abolish Section 43A of the IT Act. Nevertheless, yet after approval, the law is likely to be adopted in stages. There is currently no available information concerning the deployment timeframe.

Furthermore, India lacks a national regulatory authority for personal data protection. The Ministry of Electronics and Information Technology oversees overseeing the IT Act and making regulations and other adjustments under the IT Act. The Personal Data Protection Bill proposes the establishment of a Data Protection Authority of India, which would be accountable for safeguarding data principals’ rights, prohibiting the exploitation of personal information, and enforcing compliance with the new legislation.

WhatsApp clashes with the Indian government Regarding Privacy Rules 

Recently WhatsApp filed a suit in Delhi against the Indian Government to block the rules which may be coming into force. Experts suggested that would compel Facebooks messaging application to break the privacy and protection. The appeal seeks the Delhi High Court to determine since one of the new IT rules violates India’s constitution’s right to privacy by requiring social media websites to identify the “original source of data” when officials seek so. WhatsApp claims that since conversations are secured end-to-end, it would have to decrypt messages for both message recipients and senders in order to keep up with the changes in the new legislation.

When asked to elaborate on the court case, WhatsApp said in a statement, “Mandating text messaging applications to detect chats is the equivalent of having others to maintain an information of every particular message sent through WhatsApp, which might dissolve end-to-end encryption and profoundly diminish anyone’s privacy rights.” The court determined that privacy should be protected unless legality, need, and proportionality all counted against this. WhatsApp says that the new legislation breaches all those requirements, beginning with a lack of clear legislative support.

Data Protection Act and its Impact on Small Businesses

The Data Protection Act of 1998 safeguards personal data held by corporations and governments by setting restrictions on the transmission of such data and information. The Legislation contains various provisions that should be followed while acquiring and providing data. These guidelines, or Data Protection Policies, are issued by the Information Committees Office, which oversees determining how businesses utilize personal information and if they are accountable enough while collecting and distributing such data. Every day, many enterprises, especially huge ones, manage massive amounts of data. Therefore, they must devise methods for auditing enormous amounts of redundant or outmoded data. Previous Information is already out of date as well as prone to mistakes like transmitting incorrect information.

 Records having past data are harder to verify than those carrying recent data. It is difficult to uncover private information among a slew of worthless data. Given all these factors, it becomes critical for businesses, whether big or small, to maintain and update on a regular basis and discard older data that might create errors in sharing information, as well as safeguard confidential material from ending up in the hands of a rival

Conclusion

Data protection regulations have become more important not only in our country but then also throughout the globe. Because more and more technologies are used in their daily lives, users’ security must be safeguarded because they are surrendering it with each usage. Nowadays, practically every element of our interaction and privacy is controlled by a third person. The dimensions of the current virtual era are such that practically every single transaction that persons engage in includes some type of information transmission or another.

This might also raise concerns about the “data protection expectations” which have been established as a significant foundation in the scope of Data Protection Legislation. While the information may be put to good use, the uncontrolled and random use of data worldwide has generated concerns among people about their security and liberty. In addition, the Apex Court issued a historic decision on the subject topic, which resulted in the implementation of the right to privacy and freedom of expression as a fundamental right. 

 

“PRIME LEGAL is a full-service law firm that has won a National Award and has more than 20 years of experience in an array of sectors and practice areas. Prime legal fall into a category of best law firm, best lawyer, best family lawyer, best divorce lawyer, best divorce law firm, best criminal lawyer, best criminal law firm, best consumer lawyer, best civil lawyer.”

References:

Petrescu, M., & Krishen, A. S. Analysing the analytics: Data privacy concerns

–   Journal  of   Marketing  Analytics. Retrieved         from

https://link.springer.com/article/10.1057/s412700180034x

Martin, K. D., Borah, A., & Palma tier, R. Data Privacy: Effects on Customer and firm performance. Retrieved from

https://www.researchgate.net/publication/305822708_Data_Privacy_Effects_on_Customer_a nd_Firm_Performance

LLP, P. What is the Data Protection Act, and how does it affect my business? Retrieved from https://www.bdbpitmans.com/insights/whatisthedataprotectionactandhowdoesitaffectmybusiness/

Data     Protection        Act      1998.          Retrieved from https://en.wikipedia.org/wiki/Data_Protection_Act_1998

What      is      a      Data      Subject?      Experian      Business.    (n.d.).          Retrieved       from

https://www.experian.co.uk/business/glossary/datasubject/index

Data       Protection       /       Privacy       Policy       –       DCD.      (n.d.).                Retrieved    from

https://www.datacenterdynamics.com/en/dataprotectionprivacypolicy/

Johnson, K.Council Post: The Impact of Data Privacy on Your Business. Retrieved from https://www.forbes.com/sites/forbestechcouncil/2018/09/14/theimpactofdataprivacyonyourbusiness/?sh=54fb2fe0196c

Written by- Anushka Satwani