Indian law enforcement agencies are looking for the widest range of international cooperation to tackle challenges that come with a lack of “capacity building” and “technical assistance” when dealing with different types of cybercrimes, according to Sukanya Thapliyal from Centre for Communications Governance, which participated in the discussions lead by the Ad-Hoc Committee at the UN Cybercrime Convention. Thapliyal was speaking as one of the panelists at MediaNama’s MarketsNama conference on May 19, 2023.
For the fourth session of the conference ‘Privacy, Cybercrime and Cybersecurity’, Thapliyal and other panelists—Venkatesh Krishnamoorthy from BSA-The Software Alliance and Atul Kumar from the Data Security Council of India—discussed the various roadblocks that law enforcement agencies face when they need to access data to investigate cybercrimes. They also talked at length about how the IT Act casts an obligation on companies or service providers to meet all kinds of requirements of law enforcement entities and how this impacts their operations as well as people’s privacy rights.
MediaNama hosted this discussion with support from Salesforce, Google and Mozilla. Internet Freedom Foundation, and our community partners, the Centre for Internet and Society and Alliance of Digital India Foundation.
On accessing data across borders: According to Krishnamoorthy, law enforcement agencies are trying to access data predominantly from across borders, and 85 percent of the crime and forensics data is digital. The panelist cited the data from a study on ‘Electronic Evidence in Criminal Matters’ by the EU Parliament, which highlights the challenges in accessing cross-border data for criminal investigations like determining the location of data and tackling the disagreement between countries over the “applicable national law” on the data sought. Adding to this, Thapliyal stated that this is one of the hurdles that the Indian government is aiming to address through its proposals at the UN Cybercrime Convention.
FREE READ of the day by MediaNama: Click here to sign-up for our daily newsletter with the top story of the day delivered daily before 9 AM in your inbox.
In its submission to the second session of the Ad-Hoc Committee in August 2022, India proposed “data-oriented jurisdiction” which mainly emphasised “data ownership” and enabled a country to have more control over its citizens’ data irrespective of where such data is “physically stored/ processed/ screened/ federated”. India’s submission also noted the complexities that cloud-based processing of data adds to cybercrime investigations. This is because the parties involved may be located in different countries, and determining which country’s laws would be applicable becomes a challenge.
“Most of the times our legal enforcement agencies, the one who work at the very grassroot level, they don’t really have a very clear idea of how to transmit these requests and what all should form part of this. So, I think these are some of the core issues and I see India raising these concerns in numerous sessions that we have had so far on cybercrime convention,” Thapliyal added.
Tackling wide-range of cybercrimes:In addition to participating in conversations around the capacity building—that is, access to basic technology and resources to deal with cybercrimes, Thapliyal stated that India is also looking for international cooperation on different types of cybercrimes. “India probably wants to expand its authority over areas that include cyber-dependent and cyber-enabled crimes,” she adds.
Thapliyal explains that cyber-dependent crimes are the ones that cannot occur without the use of computers. For example, malware or injecting wrongful data into systems, etc. Whereas cyber-enabled crimes are those which already exist in real life, but are amplified using computers. For example, dissemination of child sexual abuse material, hate-speech, misinformation, etc.
“But there seems to be some sort of disagreement between the countries. So, for example, a lot of developing countries including India, China, Russia, they want a very broad set of cybercrimes to be included in this convention. And they want both cyber-dependent and cyber-enabled crimes to be included and at the other end, we have a lot of multistakeholder groups in developed countries which just want this convention to have a very limited scope. So, most of their submissions are around that,” Sukanya added.
Note: The article was edited on May 26, 2023, at 2:40 pm to update Venkatesh Krishnamoorthy’s quote about digital forensic data upon request from the speaker.
This post is released under a CC-BY-SA 4.0 license. Please feel free to republish on your site, with attribution and a link. Adaptation and rewriting, though allowed, should be true to the original.
Also Read:
What Are The Problems That Companies Face When Law Enforcement Agencies Demand For Data? #NAMA
India Proposes “Data-Oriented Jurisdiction” At The UN To Assert Control Over Citizens’ Data Abroad
