Naavi.org

India is in the process of revising its age old Criminal law namely the Indian Penal Code 1872 and Criminal Procedure Code 1973 with the new laws Bharatiya Nyaaya Samhita and Bharatiya Nagarik Surakshita samhita 2023 drafts of which are already presented in the Parliament.

In the meantime India is also expected to revise the ITA 2000 with the Digital india Act which may alter the Cyber Jurisprudence that has been developing since last two decades of the existence of ITA 2000.

The Artificial Intelligence itself as a technology is growing along with the developments of Neuro Science, Meta Verse etc.

The society will soon have many confrontations between AI and law and most complicated aspect of this would be in criminal Jurisprudence.

We have seen that evidentiary aspects introduced by ITA 2000 (Section 65B of IEA) have not been absorbed by the Judicial community till date since unlearning the past is that difficult. Now to unlearn the criminal jurisprudence and think of any change arising out of Artificial intelligence is a challenge.

How the Higher Judiciary would react to this need and come up with its own jurisprudential guideline is for the future society to witness.

However we can try to highlight some of the issues that need to be sorted out immediately to avoid a blackout when the new DIA becomes operative.

The essence of Criminal Jurisprudence is the definition of a Crime, definition of a criminal and definition of justice.

Crime can be defined as “an act that is deemed by statute or by the common law to be a public wrong and is therefore punishable by the state in criminal proceedings”

Law and Justice donot always converge and experts define Justice as “A moral ideal that the law seeks to uphold in the protection of rights and punishment of wrongs.”.

Many times Justice has to be an interpretation of the written law and herein lies the domain of “Jurisprudence”.

Jurisprudence has to interpret what is “Ethics” which can be considered as an extension of written law. The distinction of what is a crime in written law and what is a crime in the minds of a victim is always a tough challenge to the Judiciary.

Most of the time criticism of judiciary arises because Judiciary may either stick to the law in words and ignore the law in spirit. Some times Judiciary goes to the other extreme and interprets law as they consider necessary invoking principles such as the “Basic Structure of the Constitution” etc and take complete control of defining what is law irrespective of what is written in the statute and what the public think is ethics.

If we look at Criminal Jurisprudence in the light of emerging technologies such as Artificial Intelligence, Humanoid robots, Virtual Reality, Augmented reality etc there is a basic problem of identifying the “Actor” who has committed a Crime and the “Act” which constitutes a Crime.

The “Act” which constitutes a “Crime” is being defined in the law. For example Section 66 of ITA 2000 defines an offence punishable with 3 years of imprisonment as

“if any person dishonestly or fraudulently does any act refered to in section 43, he shall be punishable with imprisonemnt which may extend to three years or fine which may extend to five lakh rupees or both”

Section 43 associated with this section is a compendium of 10 subsections and commission of any of these 10 acts without the “Permission of the owner or any person who is in charge of a computer, computer system or computer network” shall be liable ….

The 10 acts represented by the subsections of Section 43 of ITA 2000 are ….

Determining an offence under Section 66 therefore involves the interpretation of “Dishonesty” and “Maliciously acting” and also “diminishing of value of information” , “Causing injury to information” etc.

(1) accessing or securing access to such computer, computer system or computer network or computer resource

(2) downloading, copying or extracting any data, computer data base or information from such computer, computer system or computer network including information or data held or stored in any removable storage medium;

(3) introducing or causing to be introduced any computer contaminant or computer virus into any computer, computer system or computer network;

(4) damaging or causing to be damaged any computer, computer system or computer network, data, computer data base or any other programmes residing in such computer, computer system or computer network;

(5) disrupting or causeing disruption of any computer, computer system or computer network;

(6) denying or causing the denial of access to any person authorised to access any computer, computer system or computer network by any means;

(7) providing any assistance to any person to facilitate access to a computer, computer system or computer network in contravention of the provisions of this Act, rules or regulations made thereunder,

(8) charging the services availed of by a person to the account of another person by tampering with or manipulating any computer, computer system, or computer network,

(9) destroying, deleting or altering any information residing in a computer resource or diminishing its value or utility or affecting it injuriously by any means

(10) Stealing, concealing, destroying or altering or causing any person to steal, conceal, destroy or alter any computer source code used for a computer resource with an intention to cause damage,

Here in lies the jurisprudential requirements to be taken into account in defining an act as a crime.

The second aspect of Cyber Crime jurisprudence is the interpretation of who is the “Person” who is responsible for the offence.

In the Artificial Intelligence scenario, an attempt is made to make computer program so sophisticated that it appears that decisions are taken “Automatically”.

When a computer output directly comes out of an input and the process of interpretation of the program, the output follows the principle of GIGO (Garbage in Garbage out) and the programmer takes the responsibility for determining “Means of processing”. The person who provides the input is the user of the software who takes the output as the result of the Computer based automated decision and acts further on the basis of this decision.

We shall take the example of an industrial process in which a Chemical process takes into account the temperature, composition of the processed material etc and determines the time upto which the process should run to generate a required chemical process resulting in a output finished product. If the parameters of input in such a process are dishonestly altered, the process would result in a loss or may even lead to an accident and cause death or injury.

Is this a Section 66 offence? If so who is responsible for it?..is it the programmer? or the process owner who provided the input? or is it the fault of the sensors which gave a certain reading based on which the operator pressed a button to continue the process?. What if the operator wanted to stop the process but the buttons were mis-wired that the process was triggered instead of being stopped?

These are the issues which require Cyber Jurisprudents to resolve.

When we term certain software as “Artificial Intelligence”, either ANI (Artificial Narrow Intelligence) or even AGI (Artificial General Intelligence), it still follows instructions already in the library and hence the actions of the AI depends entirely on the owner of the library or creator of the library. Hence in such circumstances criminal jurisprudence requires the owner of the software to take the responsibility for the actions of the software and if the creator of the software has not provided the necessary disclosures, the creator (Developer) may also have back to back responsibility. This is clear even in ITA 2000 by virtue of Section 11. (Attribution of an automated activity).

When we enter the realms of “Generative AI” or ASI (Artificial Super Intelligence) where, by design the creator of the algorithm has enabled the software to hallucinate, predict and give out decisions and also learn from its own decisions and modify the next set of outputs on similar inputs, then we are looking at a system which is behaving beyond the original instructions input by the developer.

It is in such circumstances that Cyber Jurisprudence has to interpret whether even the modification of code based on the learnings are to be attributed to the original creator of the algorithm or should the AI itself be considered as a juridical person.

With the emergence of humanoid robots at least one of which is presently acting as Chief Executive of a Company which bears health risks in its products, the consequences of malfunctioning of AI has to be determined in law. Will you put the humanoid robot acting as CEO of a company taking a bad decision that causes death and destruction in the jail for 10 years or for life? or will you give it a death sentence? … is the Criminal Jurisprudence challenge.

I welcome a debate on this aspect so that Meity and MHA may take these into account during the framing of the new IPC law and DIT.

Naavi

FDPPI which is in the forefront of Privacy and Data Protection Compliance related activities in India released a framework for Compliance and Certifiable Audit titled “Data Governance and Protection Standard of India (DGPSI) in Bangalore at Hotel Chancery.

The Following press release was issued on the occasion.

PDF version of the press release available here

The Framework DGPSI is a unique framework which is a combination of DPDPA 2023 compliance requirements, ITA 2000/8 compliance requirements as well as the Draft BIS standard on Data Governance and Management.

FDPPI has developed the standard to replace all other frameworks presently being adopted for compliance to DPDPA 2023. This framework-DGPSI would be available for the industry for developing a Business System of DGPMS which can be also certified by accredited auditors of FDPPI.

This unified framework is open for one unified audit and certification instead of three separate audit and certification for DPDPA Compliance, ITA 2008 compliance and BIS-DGDMS compliance.

FDPPI will be conducting separate training programs for training professionals under this framework and the first of such program will commence by the end of OCtober 2023.

With this FDPPI is ushering in a new era in Data Protection Compliance audits in India.

Enquiries from organizations interested in getting certified as “FDPPI Accredited DGPMS auditors” may be sent to the undersigned.

Naavi

Justice Sri Koratagere S Puttaswamy (retd) the petitioner on the Supreme Court case which led to the Privacy Judgement of the Justice Kehar bench on 24th August 2017 and the passing of the DPDPA 2023 was honoured in a historic event at Bengaluru on 24th September 2023 with a title “Privacy Pitamaha”, by FDPPI and Manipal Law School.

The 98 year old Sri Puttaswamy was honoured in a simple ceremony at his residence while in a Press Conference at Hotel Chancery, Lavelle Road, a detailed discussion was held and the following press release was issued.

PDF Version of the above press release available here

The following Citation was presented during the event.

Naavi

October 17 each year we remember to celebrate as the “Digital Society Day” recognizing that on this day in 2000 India moved from a “No Legal Recognition” for digital documents to “Legal Recognition of electronic documents” and “Digital Signature” paving the way for valid Digital Contracts and giving birth to the legally recognized Digital Society.

On October 17, 2023, Naavi with FDPPI is planning to have a virtual roundtable and take on a campaign “Jago”.

It is customary for “Jago” campaign to be directed at citizens as if it is only the citizens who need to be awakened from slumber whether it is for prevention of Cyber Crimes or implementation of Data Protection.

This year, we would like to extend this “Jago” campaign to the inactive regulators also. Watch out for the detailed agenda.

Naavi

Yesterday, Mr Anil Rachamalla, Founder of www.endnowfoundation.org addressed the members of FDPPI.in on Social Media Crimes and shard the details of the yeoman service he has been rendering to the community.

I invite visitors to naavi.org to check out www.endnowfoundation.org and participate in the activities of the organization.

The presentation made by Mr Anil Rachamalla is available here:

Additionally, I would like the visitors to a research report from the Future Crime Research Foundation about the nature of Cyber Crimes presently affecting our country.

In these discussions we speak of the emergence of Cyber Crime hubs in the country.

We also know that there is the “Deep Web” which is nothing but a Cyber Crime adda.

While all of us have spent years in creating awareness about Cyber Crimes, it surprises me that there is no seriousness with the Government in tackling Cyber Crimes.

MeiTy has made the laws way back in 2000 through ITA 2000 and fortified it with amendments in 2008. This law has a clause called “Cyber Terrorism” under Section 66F.

Unfortunately the activities of the entire villages developing into Cyber Crime hubs has not been recognized by the Ministry of Home Affairs as an activity of terror against the Country.

I have been from time to time bringing similar incidents to CERT In and MeitY and even in cases of attacks on Government Property, MeitY is not willing to even file an FIR if not under Section 66F, under Section 66.

I consider this as a serious dereliction of duty on the part of the officials of MeitY. Keeping quiet when cyber crimes are being committed is a passive assistance to the crime.

In the historic Umashankar Vs ICICI Bank case, the TDSAT declared that “Not placing adequate security measures” is a passive assistance to the commission of a crime under Section 43(g) of ITA 2000 read with Section 66.

I allege that CERT In and MeitY on several occasions are guilty of such forbearance. It is time for NGOs like Anil Rachamalla to question this attitude of Meity which is nothing different from the attitude of the Courts on Urban Naxalites and Teesta Setalvad type of law breakers. Our honourable Chief Justice allegedly takes time to come out of a dance concert to set up a late evening bench one after another to hear the bail petition of Ms Teesta Setalvad during Court holidays and ensures that she gets immediate bail and then forgets the case for month. The same supreme court reserved the judgement in the case of late J Jayalalitha and allow the judgement to lapse after her death. Similar things we can expect in many current cases where influential accused are standing trial at Supreme Court. This is an indication to the public that justice in India is selective. The people of Jamtara et al are the new breed of such privileged criminals.

The same attitude percolates with sections of the Government which donot take action when required in the face of the raising Cyber Crimes and await a disaster to happen before running around.

I have recently sent some emails to the Secretary MeitY, DG-CERT In with copies to Mr Rajeev Chandrashekar and awaiting response for one such cases. I am not sure of their response because Government thinks that people who fight to change the system are fools and they donot know how to flow with the tide. Instead of complaining against organized Crimes, if Naavi or Anil Rachamalla compromises on principles , we can be more prosperous than fighting against Crime and against Criminals who retaliate in different forms.

If researchers can identify towns which are epicenters of crimes, we need to simply take an army of CRPF to cleanse the towns of these Cyber Criminals. We need to close down all bank branches in these towns since these Banks are facilitators of crime, close down all SIM card sellers since MSPs are also facilitators of crime. We need to ensure that these epi centers should be converted into deserts of information at least until the responsible elders of the town try to discipline the society.

Does Mr Amit Shah has the guts to take on these Cyber Criminals? Does MeitY has the intention of acting against such crimes?

If not, the selfless services of persons like Endnowfoundation or Future Crime Research Foundation or Naavi.org will go waste. When I look back and see that I spent 14 years pursuing the Umashankar Vs ICICI Bank case, I feel that the justice delivery system in the Country requires a major overhaul.

I am aware that there are heros in Police such as Dr Triveni Singh who have been tirelessly working on mitigating Cyber Crime incidents. But we need at least one Dr Triveni Singh for every district in the country and an army of Triveni Singhs for the epicenters mentioned above.

I invite all interested persons to join Naavi,org this October 17, the Digital Society Day 2023 which we try to remember each year because ITA 2000 became a law in this day in 2000 and undertake a pledge to find solutions to Cyber Crimes. The days of creating awareness is over. The time is to fight back with criminals.

I liked Anil Rachamalla’s call “Be an Upstander…not a Bystander” . I echo these words against MHA, MeitY and CERT IN also.

Please write back to me through email if you want to participate in the activities of Naavi.org on October 17, 2023.

Naavi

The next frontier for Naavi and FDPPI

Yesterday, (12th September 2023), Naavi brought Privacy and Data Protection to the Management Education in India starting a Credit Course with IIM U

Just as KLE Law College, Bangalore became the first Law college to adopt Cyberlaw into law curriculum, PESIT, Bangalore became the first Engineering college to start a Cyberlaw course, NALSAR became the first law institute to start Data protection course, IIM Udaipur became the first IIM to start a course on Data protection which includes not only DPDPA 2023 but also the essence of ITA 2000, ISO 27701 and Data Governance standard of BIS.

While I am proud to be associated with all these institutions in the pioneering efforts, leaders in each of these institutions need to be congratulated on the initiatives they have taken displaying qualities of leadership themselves.

Look forward now to work with Manipal Law School to break new barriers.

Naavi