CYBER LAW IN 2019 – TWO MAJOR INTERNATIONAL THRUSTS

CYBER LAW IN 2019 – TWO MAJOR INTERNATIONAL THRUSTS

 

BY

 PAVAN DUGGAL

ADVOCATE, SUPREME COURT OF INDIA

CHAIRMAN, INTERNATIONAL COMMISSION ON CYBER SECURITY LAW

CHIEF EXECUTIVE, ARTIFICIAL INTELLIGENCE LAW HUB

PRESIDENT, CYBERLAWS.NET

Cyberlaw as a discipline saw some massive advances in 2019. These advances were seen in different thrust areas of this discipline.  The first significant element of 2019 was the determined focus of sovereign governments across the world, to come up with strong national cybersecurity legislations and legislative frameworks. Consequently, different countries and sovereign governments started moving in the direction of trying to regulate cybersecurity. These regulations normally took two distinctive manifestations. The first manifestation was in the form of specific legislations on cybersecurity while the second manifestation was in the form of soft legislation or policies on cybersecurity. In the first category of approaches we found that many countries specifically legislated new cybersecurity laws. Thailand implemented its national cybersecurity law being  Cyber Security Act of Thailand B.E. 2562 (2019) (“CSA”). The middle of the year saw Vietnam coming up with a distinctive national cybersecurity law.

We also saw Taiwan coming up national cybersecurity law being The Cyber Security Management Act. In addition Macau, recognizing the importance of cybersecurity for the gaming ecosystem, also came up their national cybersecurity laws being Macau Cybersecurity Law (“MCSL”). These laws in their own distinctive manners tend to regulate different aspects of cybersecurity and activities in the cybersecurity ecosystem, thereby contributing to the evolving jurisprudence on cybersecurity law which is an emerging sub discipline under the cyber law umbrella. While some of these legislations have sought to stipulate the rights, duties and responsibilities of various stakeholders, the fact also remains that these legislation are also being viewed as a vehicle for strengthening cyber sovereignty.

No wonder cyber sovereignty as a concept got increasingly far more attention and focus from various national governments as they came up with distinctive legal provisions in their cybersecurity laws to protect and preserve national cyber sovereignty. A number of these said legislations were very broadly drafted in extremely wide language, so as to be more futuristic so as to enable the government to effectively deal with newly emerging challenges in the context of cyber security. A number of the said legislations have been repeatedly criticized and targeted by activists who believe that said legislations became an instrument for potential misuse or for cracking down on civil liberties. Nonetheless, the said aforesaid actions clearly underline the increasing significance of cybersecurity law as an emerging sub discipline.

In the second category approaches to regulating national cybersecurity, we found that different countries started coming up with the national cybersecurity policies. The year 2019 specifically saw the various countries coming up with various policies to regulate and enable cybersecurity. Said policies do not have the status of legislation, but represent the embodying of mother policy statements and ideas stipulating the visions of the countries concerned, on how they are seeking to approach the complicated issues of cybersecurity. Further we also saw different other countries coming up with their own subordinated legislation in the form of rules, regulations and guidelines on different aspects pertaining to cybersecurity protection.

The aforesaid approaches became more and more imperative by cybersecurity breaches constantly kept on increasing in the year 2019. Data breaches have run at a record pace in 2019. Consider these statistics for the first half of the year:-

  • 3,800: The number of publicly disclosed breaches.
  • 4.1 billion: The number of records exposed.
  • +54%: Increase in number of reported breaches vs. first six months of 2018.

Some of the important and most significant cybersecurity breaches that are emerged in the year 2019 include:

  1. It was reported that A file containing sensitive private information like usernames, email addresses and password hints of about 2.4 million Blur users was left exposed on unsecured servers, demonstrating a big cyber security breach.
  2. Massive data breach was revealed by the discovery of enormous database on the cloud storage website called MEGA. The ‘Collection #1’ folder contained approximately 1 billion email and password records and was later uploaded to several hacking portals and forums.
  3. In a year-long data breach, personal data of around 42,000 patients of Florida based health company Advent Health Medical Group was compromised.
  4. In another significant event, hackers accessed Toyota servers containing information of about 3.1 million Toyota and Lexus customers.

The trend that developed in the year 2019 the clearly showed that countries are beginning to increasingly realize the significance of cybersecurity and how the same has a direct connection with national security. Some countries reiterated their existing stands that their cybersecurity is a part of their national security and hence came up with holistic blanket visions to deal with regulating cybersecurity.

The year 2019 was also the year which witnessed remarkable development pertaining to Artificial Intelligence. The year 2019 had begun with lot of skepticism on how artificial intelligence need to be treated on a legal basis. However by the time the year came to an end, artificial intelligence law as a sub disciple of Cyberlaw already began start emerging. Various stakeholders are working on different legal nuances impacting artificial intelligence. This became all the more imperative as lot of work and technological progress was done on artificial intelligence in 2019 forcing stakeholders to wake up to the need to come up with legal principles to govern Artificial Intelligence. The year 2019 saw various international stakeholders trying to underline and come up with ethical principles and standards to govern artificial intelligence, given the propensity of artificial intelligence to be manipulated, by a variety of external elements. IEEE had come up with its ethical standards being Ethically Aligned Design (EAD1e), “A Vision for Prioritizing Human Well-being with Autonomous and Intelligent Systems on AI . Further other players who came up with ethical principles to govern AI “Australia ethics framework for AI”, “JSAI Ethical Guidelines” & “IBM ethical AI principles” with their principles entitled “Fairness”, “Respect for Privacy” & “Do not harm”. At the end of 2019 council of Europe, Council of ministers and committee of ministers appointed the Adhoc committee on AI(CHAI) which is having the responsibility to come up with the regulatory framework to regulate AI at global level.

Artificial intelligence law Hub created at New Delhi is researching on common legal principles to regulate Artificial intelligence at global level.

As the year closes, it become more imperative that the legal issues concerning artificial intelligence will have to be more seriously looked at, all the stakeholders. This becomes more important since lot of existing legal principles and jurisprudence may not be directly applicable to Artificial Intelligence. Artificial Intelligence is beginning to throw up new distinctive challenges which requires new legal mindset and new legal approach . That’s why Cyberlaw is increasingly seeing the emergence of a new subdiscipline therein, being artificial intelligence law. In the coming years both cybersecurity and artificial intelligence will continue to be very important thrust areas in evolving Cyberlaw jurisprudence. This is so as countries in world have increasingly gone over the first and second phases of Cyberlaw developments. The first phase was based on UNCITRAL Model Law of Electronic Commerce while the second phase was based on UNCTRAL Model Law on Electronic Signatures. The new horizons of social media and mobiles were added in the third phase of Cyberlaw jurisprudence. The fourth phase of Cyberlaw jurisprudence increasingly will consist of focusing more on cybersecurity law and artificial intelligence. I m confident that legal developments, that have taken place in year 2019 in these two thrust areas of Cyberlaw jurisprudence, will increasingly be consolidated and built upon for the development of further subsequent growth of cyber legal jurisprudence.

The author Dr. Pavan Duggal, Advocate, Supreme Court of India, is an internationally renowned expert authority on Cyberlaw, Cybersecurity law and Artificial Intelligence Law. He has been acknowledged as one of the top four Cyber lawyers in the world. He is also the Chairman of International Commission on Cybersecurity Law. You can reach him at pavan@pavanduggal.com.  More about Dr. Pavan Duggal is available at www.pavanduggal.com.