Profiles in Leadership: Dr. Pavan DuggalAdvocate Duggal Discusses Why Legal Frameworks Do Not Match the Speed of Technology
How has cybersecurity technology evolved, and are legal frameworks keeping pace with the evolution? Dr. Pavan Duggal, an advocate at the Supreme Court of India and chairman of the International Commission for Cyber Law, shares his journey and talks about his passions.
Speaking about his career trajectory, Duggal says, "I consider myself still to be a student. Every day is a new day, and because the technology is evolving, the law has to catch up." Elaborating on his passion, he adds that it's been a constant learning. Technology is ruthless and moving at a fascinating speed, almost like the speed of light, and the legal frameworks are inadequate to deal with the same, Duggal says.
In a video interview with Information Security Media Group conducted as part of the CyberEdBoard's ongoing Profiles in Leadership series at ISMG's Cybersecurity Summit in New Delhi, Duggal discusses how he advised the Indian parliamentarians about the need for the new cyber legislation in the country and offers insights on:
- Why cybersecurity is a shared responsibility;
- How to manage the need for capacity building in the cyber law domain, and what are the relevant cybersecurity courses the industry needs today;
- How cyber law has grown as a discipline across the technology spectrum.
Duggal is also the founder and conference director of the International Conference on Cyberlaw, Cybercrime and Cybersecurity and the president of Cyberlaws.Net. He has held several leadership roles in cybersecurity law and mobile law.
Geetha Nandikotkur: Hi, I'm Geetha Nandikotkur, managing editor for Asia and Middle East with Information Security Media Group. I'm pleased to invite Dr. Pavan Duggal, advocate, Supreme Court of India, and Chairman International Commission for cyber law, to the ISMG studio today to discuss some of his accomplishments as a cybersecurity practitioner. Thanks, Pavan, for joining us today.
Pavan Duggal: Thanks, Geetha, for having me. It's a pleasure to be with you on your show.
Nandikotkur: Thank you, same here to have you with us. Pavan, you have been an accomplished cyber law practitioner. So can you walk us through your journey, career trajectory?
Duggal: Well, my journey has been a very different kind of a journey. You didn't anticipate when you begin your life as a normal civil and corporate lawyer. You think of a distinctive area how you will go in law. Little did you realize that early 1990s, you'll get access to some technology clients, and you will get interested in technology. Little did you realize, in 1995, internet is going to be introduced to the country. You get interested in the cyber legal aspects of the internet, and little did you realize that you start your own journey in cyber law. We thought it was a sector-specific journey. Little did we realize that this particular journey - is today, over a period of time - going to evolve into a very complex but very exciting and fascinating journey. So I've seen cyber law grow as a discipline from just a small baby discipline to mother discipline, where now distinctive sub-disciplines are evolving under cyber law. So whether it's cybersecurity law, cybercrime law, artificial intelligence law, blockchain law or IoT law, as far as my journey is concerned, I consider myself still to be a student. Because when you're in law, you're always told that you must keep on reading. But when you're in cyber law, you're always told one thing that every day is a new day. And because technology is evolving, the law has to catch up. So this constant law and legal frameworks and legal provisions and principles, which are evolving, so you can never rest for a day and say, look, I've done enough, I know enough. You don't know anything. Technology tells you every eight hours that you sleep, I have moved substantially forward. And that's the reason what I learned that you must constantly keep on updating your skill sets on technology law, because, world over, things are moving very rapidly. A lot of things have happened in my career. And I was the counsel for India's first cybercrime conviction, way back in 2003. I've been advising the Ministry of Electronics and Information Technology, Government of India, for the last more than two decades. Way back in 2015, when the world was talking in different directions at the Business Forum, I had to moderate, in Geneva, the idea of the need for having in place an international convention on cyber law and cybersecurity. The idea was a bit early in its time, so the nation states were not able to bite it. Come 2022, and you find the United Nations setting up a UN ad hoc committee on cybercrime, which is now elaborating on a new convention to regulate the misuse of ICTs for criminal purposes. So I think each day is a fantastic new journey day. And I think, each day has to be relished to the fullest extent possible.
Nandikotkur: Okay, Pavan, that's been an interesting journey, and you are associated with across the spectrum of cyber law and cybersecurity. So coming back to cybersecurity, the relevance of cybersecurity in the cyber law. Can you discuss some of your accomplishments that you cherish most?
Duggal: Well, I cherish some things more than others. Way back in 1998, The Internet Corporation for Assigned Names and Numbers got formed. That was one of the earliest days, and I got involved with the formation of ICANN. I was part of the membership implementation taskforce, and the nominating committee of ICANN in those early days. I cherish the time when the uniform domain name dispute resolution policy had come in, in 1999. In how I became an arbitrator, or kind of a service provider, with the WIPO's, or the World Intellectual Property organization's Center for Arbitration and decided various interesting domain name disputes. I cherish the time when I was advising the Indian parliamentarians on the need for a new law. I cherish the time when, even after the Indian cyber law got passed, I was one of the first people to go back to government and say, it's time that you should amend the law. I cherish the time when I testified before the Indian parliament on three different occasions as subject expert on the need for amending into the Indian Information Technology Act. I cherish my work with international organizations like UNESCO, where I worked extensively on the cyber issues and also with the International Telecommunications Union. I cherish the day when I conducted this day-long program for the electric judges of the International Court of Justice at Hague, along with the International Telecommunications Union. I cherish my speaking at the various World Society and World Summit on the Information Society, OASIS summits that have happened over the years at Geneva where I've been addressing. I cherish the time when I've been working on the legalities of cybersecurity and chairing the International Commission on cybersecurity law. I enjoy the time when I'm now heading the artificial intelligence law hub and working on the legalities of artificial intelligence. I cherish the time I've been working with various international stakeholders on different aspects of cyber law and cybercrime law. And of course, I cherish the fact that I've been able to create an online platform called cyberlawuniversity.com, which is an online cyber law education platform. And I cherish the fact that I've done about 44 courses with that particular platform. And over three years, 27,500 professionals from 174 countries speaking 53 national languages have already done those courses. And these figures are telling me that there's a need for much more awareness and much more capacity building. So I think there's a lot of work that's cut out, but each day is a day to cherish.
Nandikotkur: Wonderful! And you have had such vast exposure to various international commissions and education. So coming to the interesting point that you raised. You have done so many courses, the university part of it, what are the relevant courses that today's cybersecurity industry needs? And where is India lagging, and as compared to other international areas or regions?
Duggal: I believe cybersecurity has moved center stage. And that being so, today, nobody wants to do a course for academic purposes or for academic knowledge or gyaan. Everybody wants to know, what is in it for me? And how am I going to benefit from it? So the way I've structured these courses, I've kept in mind the working professional, who doesn't have time, who doesn't have much patience, but who requires to update his skill sets. So I've created those courses keeping the practical strategies and approaches that a common professional needs to know as part of his professional journey, being a professional and being an aware cyber stakeholder. So that's the main focus. I've structured those courses in that regard. And that's the reason why I tested waters. I said, look, cyber law is such a niche area, why would somebody be interested in this, and I started testing some of these courses. And little did I realize that there is a need. So today when I'm talking about cybersecurity, people have to realize that now, cybersecurity is a shared responsibility. You cannot mess around on your phone, have a cybersecurity breach, and expect that your company or your government is going to be responsible for the same. Somewhere down the line, we will all have to take cumulative responsibility for protection and preservation of cybersecurity, and number of my courses are specifically focused. I'm providing an international certification course on cybersecurity law, where we look at the international legal principles impacting cybersecurity, and how different nations have started coming up with distinctive national laws on cybersecurity and the legalities. Also I have tied up with the National Law University, Odisha, and are offering a diploma course on cyber law and cybersecurity, which is a short one-month course. But that course can keep you up to date with what you want to do.
Nandikotkur: So Pavan, can you highlight some of the three passions that you can discuss with us?
Duggal: I think, in cyberspace, I've got one passion, and that is the passion to write. Every morning, I get up and for one hour, I do nothing but writing and dictating to my computer. And when you do that, for the last more than 25 odd years, you will end up authoring 179 books on different aspects of cyber law and cybersecurity. So that's a big passion. Because when I started, I was looking for books, and I couldn't find anything off the shelf. And that's the thing I realized that this is a huge paucity area that you need to focus on. The second passion that I get fired with is the need for more capacity building. Because I find that you have been blessed enough because you know the cutting edge of the law and technology. But large number of stakeholders still are pretty much clueless on how the cyber law as a discipline impacts the day-to-day life. So I teach regularly at various institutions. I teach at the National Judicial Academy in Bhopal and the National Police Academy in Hyderabad. I go and do teachings for governmental organization of governments outside India on basic principles concerning cyber law and cybersecurity. Yet another passion that I think I get inspired is how can one disseminate more effective administration of justice to the affected persons. So we create a helpline, where all these people who find that the monies are gone, we assist them and help them on how they can get their monies back. In number of cases, we can even pro bono fight on their behalf and represent to the concerned organizations so that they can get their monies back. Because giving voice to the voiceless is one philosophy that has substantially impacted me. And finally, I get inspired by the words of Mahatma Gandhi. Mahatma Gandhi said, I want to keep all the windows in all the four walls of my house open, so that the air from all the four directions can come in and populate my home. I think that's what I'm concerned about. I believe in cross-pollination. I believe the more you can learn from other people's experience as countries, the more you can leapfrog in the context of technology. And the more you can customize other person's learning, as per your own specific requirements, is the best way forward, as you want to go forward because technology is ruthless. It's moving at a fascinating speed, maybe at the speed of light. And the legal frameworks are just not adequate to deal with the same. Hence, the quicker we are able to come up with more cogent, effective mechanisms in this regard, the more helpful it would be.
Nandikotkur: So finally, Pavan, how do you see the value of a forum such as CyberEdBoard?
Duggal: I believe a forum like CyberEdBoard is a remarkable initiative. Why? Because in this ecosystem, there are different initiatives. But this initiative is different. Why? You're focusing on ultimately creating more capacity building in that area of the population, who are going to be leaders and going to lead others by their example. And it's not a notion to say the leaders don't require training. Leaders require training, they require hand-holding. They also require an appropriate platform and a platform that they can trust. They can be confident about it. I believe CyberEdBoard is a fantastic initiative, from the perspective of the community and professionals, where they can go ahead, interact with other stakeholders, learn from each other's experience, and ultimately contribute back to the further growth of the cyber ecosystem.
Nandikotkur: Wonderful. Thank you so much for sharing some of your perspectives and also experiences as part of your journey.
Duggal: Thank you, Geetha. It's been a pleasure being with you on your show. Thanks.
Nandikotkur: This is Geetha Nandikotkur for ISMG. Thanks for watching.