The new global currency of the digital era is data. Yet, enhanced reliance on data can expose economies, institutions and individuals to significant risks. Given India’s failure to usher in a comprehensive legislation on data protection, newer methods merit examination. For instance, the Calcutta Police recently organised its first ‘Hackathon’ — a collaborative computer programming event — to select experts who can assist law-enforcement officials in solving cyber crimes. This is a welcome intervention. India ranks among the top five countries most affected by cyberattacks. According to a recent report by the Internet and Mobile Association of India, its digital population is set to grow to around 900 million by 2025; incidentally, rural India is expected to lead the charge in internet penetration in the coming years. This will bring attendant challenges. Widespread digitisation will increase the likelihood of cyberattacks on individuals, financial and strategic institutions and industries; lack of digital literacy would render a significant segment of the population vulnerable to data theft, ransomware attacks, electronic transfer frauds, phishing and other kinds of cyber threats. The advancement in technology has led malicious actors to find newer — more sophisticated — breaches to exploit. Traditional methods of fighting internet crimes, therefore, are proving to be less effective. Hence, there is an urgent need to overhaul the securitisation of cyberspace.
Admittedly, no digital technology is fool-proof. So innovation would be the key to deterrence. For instance, threat intelligence skills — ethical hacking — can be looked at to plug breaches. Unlike mala fide hacking, ethical hackers break into the cyber system to detect weaknesses. While most developed economies use ethical hacking to secure data, India — home to the highest number of ethical hackers in the world — has been reluctant to tap into this manpower. There is a case for a greater number of ethical hackers to be employed by government institutions and law enforcement agencies after subjecting them to mandatory scrutiny. But this is just one option. It must be accompanied by complementary steps, such as raising public awareness about the dangers of cybercrime along with the quick implementation of a data protection law. Care must also be taken to ensure that India’s data protection apparatus cannot be used by agencies to weaken civil rights and liberties under the watch of an authoritarian regime.