'New legislations will increase demand for cyber lawyers’
By Pavan Duggal
From the beginning of civilisation, law has been an important discipline. With time, the profession’s various aspects crystallised into verticals. The twentieth century was all about the consolidation of these verticals. The century also saw the greatest game-changer since the discovery of fire – the advent of the internet. No other event has impacted the way people think, believe or do commerce, on this scale. Its wide adoption prompted an examination of the legal policy and regulatory nuances pertaining to the internet. That’s where the discipline known as cyber law originated.
The internet was born in 1969 but it was only in the 1990’s when it came to be adopted on a global scale. This presented challenges that questioned basic jurisprudence. It demanded a new and separate legal discipline.
Today, that discipline is more than two-and-a-half decades old, but is constantly evolving as new technologies and technological paradigms confront us in our daily lives.
Need for cyber laws
There is no one global cyber law in place and there’s a lack of norms of behaviours in cyber space. That’s why countries have started coming up with their own distinctive legislations, cyber-legal regimes, on things like e-commerce and the internet in general.
India was inspired by the January 1997 United Nations General Assembly resolution asking member nations to come up with national laws to promote e-commerce. India’s Information Technology Bill was enacted into law in 2000. The Information Technology Act 2000 is India’s cyber law, the mother legislation pertaining to everything digital. If you’re using any of the seven raw materials in your daily life – computers, computer systems, computer networks, resources, communications devices, data and information in electronic form – you are covered by the law.
While the discipline has been evolving very rapidly, the educational system hasn’t kept up. Some institutions have introduced specific modules in a semester. In a normal curriculum of the law programme in India, among the many semester subjects offered, one tends to be on law and technology, or cyber law or the IT Act. This is covered in one semester of a three-year or five-year LLB curriculum.
Cyber law has not really received the sort of attention it deserves. However, there are organisations and institutions offering new kinds of specialisations or focussed exposure to cyber laws as short term courses.
Then, you have institutions like the University of Petroleum and Energy Studies, Dehradun, that offers a BA-LLB programme with a one-year specialisation on cyber law. This is a six-year programme. These kinds of programmes are coming in but educational authorities must realise that cyber law impacts everyone. The time has come to offer detailed courses on cybersecurity law for the general masses and not necessarily only for law students.
The entire community of users must be targeted. You’ll need customised courses for professionals who just need to be sensitised. Some elements should be taught in school because we have started giving devices to two and three-year-olds without realising the dangers.
Specialists in demand
Although demand for them hasn’t quite exploded yet, more lawyers are beginning to work in this space. But lots of law firms claim they specialise in cyber law without doing any concrete work in it. Cyber law is very complex. Unless you are working on it on a daily basis, the chances of your being in step with the latest updates are negligible. At the same time, more Indians are becoming part of the digital ecosystem and thanks to demonetisation [in November 2016 when currency notes of Rs.500 and Rs. 1,000 value were invalidated], more financial transactions are taking place digitally. Indians are also becoming huge generators of big data.
Indians are also starting to face digital challenges. These are currently addressed under both cyber and normal Indian laws but the fact remains that we require far more lawyers and very soon, clients will start sifting specialists from the generalists.
There are, of course, some boutique law firms that work only at the intersection of law and technology. My firm, for instance, is a niche technology firm. I had no clue I was going to land up in this space. I began as a civil and corporate lawyer in 1988. But early on, I got some clients who were into technology. That triggered my interest. Little was happening in India then but I worked with people outside. I got associated with the internet Corporation for Assigned Names and Numbers (ICANN) and the United Nations Educational, Scientific and Cultural Organisation (UNESCO). I contributed to the process of drafting the IT Bill and after the law was passed, started working in this space almost exclusively, working on domain name issues and cybercrimes.
As clients started asking for help on a range of issues, we expanded our ambit to cybersecurity in general. We worked on outsourcing and cybersecurity breaches. Now we also work on artificial intelligence and their emerging legalities, on cybersecurity, blockchain and the Internet of Things. Boutique law firms don’t just service clients but also lend their expertise to general law firms.
Demand is set to increase
New legislations will also increase demand for cyber lawyers. Once enacted into law, the Personal Data Protection Bill will establish data protection regimes and define the authorities responsible for regulating the ecosystem. It will affect everyone dealing with personal data. New kinds of compliances will be required and lawyers who can advise businesses on them. Further, Indians are joining the digital health domain in large numbers without adequate safeguards. There are demands from that sector and from banking and insurance. The number of unauthorised transactions will only rise. Even the critical information infrastructure sector needs cyber lawyers because these are also under attack
India’s data breach notification law, which came into effect from January 2017, requires any corporate body that suffers any of the 10 specified cybersecurity breaches to report them. But how do they do it and in what format, what the compliance levels are – these are questions for cyber lawyers.
Thus far, the law’s implementation has been affected by mind-set problems. It is a complex piece of legislation and many don’t want to deal with it. If you try to report an unauthorised transaction and file an FIR [first information report], the police will not register an FIR under the IT Act because they are not very sure which section will apply. They’d file it under the Indian Penal Code with which they are more comfortable. I believe the 2008 amendments also did great disservice to the discipline. Almost all cybercrimes became bailable offences. People bailed destroyed electronic evidence and then there’s no question of convictions. Because there were few convictions, there was practically no demand for lawyers. But with increased focus on personal data protection and emerging technologies, the legal field is more fertile for the growth of cyber law as a jurisprudence. The Supreme Court declaring the Right to Privacy a Fundamental Right will also help.
Pavan Duggal is a Supreme Court advocate and an expert on cyber law
Write to us at email@example.com