12 January 2015

LOGGING INTO TERROR

Pavan Duggal

Cyber criminals and terrorists are increasingly using social media networks with impunity for not just the dissemination of their designs and intentions, but more significantly for the purpose of crowd sourcing and further giving effect to their illegal designs

The year 2014 proved to be a golden year for cyber criminals. Not only has cyber crime emerged as the number one challenge for all stakeholders but more significantly, cyber crime as a value proposition has started getting permeated in the Internet ecosystem values. There is an old age saying that wherever there is nectar, honeybees will go there. This dictum is demonstrated accurately in the phenomenon of emerging cyber criminals and cyber crime. Given the fact that social media is today a major component of people’s lives, it is but natural to expect that cyber criminals would also permeate social networks. However, the adoption and seamless integration of terror related approaches with social media have been more prolific in the past one year. 

The recent arrest of Mehdi Masroor Biswas, creator of the highly influential Twitter account @ShamiWitness on the grounds of misusing a Twitter handle and for disseminating the terror philosophy of an organisation is only a case in point. This goes to show that this case is nothing but the tip of the iceberg. All over India, social media networks below the subcutaneous level have been fragmented by terror networks. Cyber criminals and terrorists are increasingly using social media networks with impunity for not just the dissemination of their designs and intentions, but more significantly for the purposes of crowd sourcing and further giving effect to their illegal designs.

No wonder, social media has also been plagued by an increased role by fundamentalists so as to further the cause of fundamentalism. More significantly, cyber terrorists are now increasingly using social media for reaching out to the target audience and for indoctrinating innocent young minds. In India, the advent of unregulated use of ethical hacking schools as institutions has further had a triggered effect. Every year, India is producing thousands of trained ethical hackers. However, in the absence of a regulatory mechanism on how to monitor the activities of these trained ethical hackers, these Indian trained personnel become fertile hunting grounds for cyber criminals and cyber terrorists.

Along with cyber terrorism, cyber naxalism is a big challenge which has already started impacting countries like India. We find that cyber criminals with their illegal intentions are also increasingly using social media for the purpose of propagating cyber naxalism-related thought processes and perspectives. No wonder, social media is now a double-edged sword. Even the inventors of social media could never have envisaged that it could be used in such a potent manner by cyber criminals and cyber terrorists. Unfortunately, the law appears to be a sitting duck when it comes to giving a helping hand to prevent and regulate the misuse of social media for fundamentalism and terrorist purposes.

India was one of the earliest nations in the world to have enacted a detailed provision on cyber terrorism. Section 66F was inserted in the earlier Information Technology Act, 2000, by virtue of the Information Technology (Amendment) Act, 2008. The said provision defined in detail the offence of cyber terrorism, which was made a heinous offence punishable with imprisonment which may extend to imprisonment for life. However, while the said Section was implemented in 2008, its invocation was not done in various cases for a variety of reasons. It is only in the recent Bangalore Mehdi Masroor Biswas case that Section 66F has been invoked. However, this case has demonstrated loopholes in the law and also how cyber criminals are a far more intelligent lot. They manage to exploit the loopholes in the law and try to limit their potential exposure to legal liability. Thus, the advent of new social media networks like Twitter and Facebook has demonstrated that Section 66F has remained a limited mandate provision and needs to be substantially increased in its ambit and scope so as to cover newly emerging and innovative misuses of social media by cyber criminals and cyber terrorists.

Clearly Section 66F of the amended Information Technology Act, 2000, needs to be revised to make it far more comprehensive. Further, the law needs to recognise that the mere factum of sending a tweet of 140 characters could be enough to contribute to cyber terror/propagating fundamentalism, and those aspects of misuse of social media for cyber terrorists/fundamentalism perspectives need to be appropriately covered under the law. 

India is not alone in dealing with the menace of online fundamentalism, which is using social media to its hilt. Other countries are adopting different mechanisms to deal with the same. It may be pertinent to note that there is no one international treaty to deal with issues pertaining to misuse of social media for terrorism/fundamentalism purposes. Consequently, different countries have adopted their own national mechanism to deal with such a scenario. Some countries have resorted to banning the websites of social media for example, China banned Facebook and Twitter in the last few years, which only led to the propagation of domestically nurtured social media.

I am of the firm opinion that banning social media today is an illusionary exercise. The banning of social media networks exists on paper, but the huge technological advances of technology and the intrinsic architecture of the Internet allows access to banned social media sites through various indirect means. Countries have to look at more innovative approaches of dealing with social media misuse and it is here that the law pertaining to liability of social media providers needs to be further developed and stringently implemented. Social media service providers, if they are focusing on one jurisdiction and taking the benefit of users from the same jurisdiction, should not be allowed to argue that they are not amenable to the said jurisdiction on the grounds that their physical offices are not located there. 

Meanwhile, efforts are on to push the permissive limits of law. Further, given the expansive impact of some national legal instruments, some stakeholders believe that there is a legal basis for the argument that the right to like or support terror or fundamentalism influenced philosophy is part of right to free speech on the Internet. This, in my humble opinion, is like taking the argument of free speech to the extreme and may not be sustainable in the eyes of law. 

We have also seen that social media negatives are permeating more in the liberal permissive societies. Further, we are beginning to see that given the permissiveness of some societies, social media is continuing to be misused by cyber criminals. Lack of appropriate and relevant prosecutions against the perpetuators who misuse the social media for cyber terror and fundamentalism purposes further emboldens them.

Clearly there are no magical ways forward. A lot of work needs to be done in this regard. Cyber legal regimes need to be beefed up so as to cover therein issues pertaining to misuse of social media for cyber terrorism and/or fundamentalism. At the end of the day, there needs to be increasing clarity that social media cannot be used for decisive criminal purposes in supporting, promoting or encouraging cyber terror or fundamentalism. Provisions in cyber legal regimes need to be inserted in that regard which criminalise such actions. Further, such provisions need to be specifically and stringently implemented. 

Social media service providers need to be increasingly made liable in case they fail to check the misuse or continued usage of social media networks for cyber terror purposes and/or fundamentalism purposes. Further, the intrinsic power of social media service providers to remove or disable access to such information needs to be strictly implemented. The inability of social media service providers to cooperate in such exercises should be specified as undesirable conduct under cyber legal regimes, which could attract civil and criminal consequences.

Nations need to come up with appropriate strategies to counter cyber terrorism and fundamentalism. There are no fixed formulas available. It is a long way ahead. Given the fact that cyber criminals and fundamentalist tendencies have already permeated social media networks in large number, the first significant challenge will be to ensure sanitisation of the said networks. Such an exercise is going to take a lot of time, effort, energy and resources.

It is crystal clear that if service providers are duly diligent enough in coming up with appropriate frameworks to prevent the misuse of their social media networks for all cyber terrorist and/or fundamentalist purposes, and if they effectively implement their policies to the strictest extent possible, then to a large extent, the said problem of misuse of social media could be effectively addressed.

Another major challenge in this regard is the issue of Internet jurisdiction. The very fact that the social media service providers are located outside the territorial boundaries of a country makes it even difficult for countries’ national laws to be implemented. Experience has shown that the Mutual Legal Assistance Treaty (MLAT) route is an unsuccessful experience from the word go. Given the extensive time that it takes to get information under the MLAT route and the distinct hesitancy of some nations and service providers to share information, the problem gets even more confounded.

The Daily Mail in the UK has recently come up with a disclosure that social media service providers are not providing information in respect of the misuse of the networks for cyber criminal purposes which is hampering convictions. The same is an equally applicable position in India as well where we do not yet have a single conviction pertaining to misuse of social media for cyber terrorist and/or fundamentalist purposes.

Another major challenge in this regard is the issue pertaining to detection, collection and preservation of relevant incriminating electronic evidence. A number of times, the said incriminating electronic evidence would be located outside the territorial boundary of the country, which could create further serious problems for effectively procuring the same and proving it in accordance with national legal regimes concerning electronic evidence. The change of the law in India pertaining to electronic evidence by the Hon’ble Supreme Court of India in Anvar PV vs PK Basheer makes it even more difficult for law enforcement agencies to prove cyber crime. 

At the end of the day, a more proactive approach needs to be adopted in terms of coming up with appropriate enabling presumptions in law. There is a need for stipulating time-bound approaches in trials while dealing with matters pertaining to misuse of social media for cyber terror/fundamentalist purposes. There needs to be far more capacity-building amongst all stakeholders. Creating more awareness amongst users will help countries as they go forward so that innocent young minds are appropriately protected.

There is a need for constant and persistent efforts from all stakeholders, including taking steps in making changes in law and effectively implementing the law to the fullest extent possible. More significantly, it is also imperative that countries need to continue their dialogue amongst each other as to how to address the said issue at international levels, given the absence of special mechanisms to assist countries in this regard. The onus is on the relevant stakeholders.

The time bomb is ticking. We have to be quick in our response, lest the situation become more problematic. At the end of the day, it is not the network which is in trouble, it is the sovereignty and sovereign interests of nations, apart from personal human liberties of netizens which are at stake. We all must contribute to ensure that the network does not get misused and does not become a destructive weapon in the arsenal of cyber criminals, cyber terrorists, cyber naxalists and cyber fundamentalists.

The writer is Advocate, Supreme Court of India. He is Asia’s and India’s leading expert and authority on cyber law and mobile law, and has been acknowledged as one of the top four cyber lawyers in the world. He can be contacted at pavan@pavanduggal.net and pavanduggal@yahoo.com

No comments: