TERRORISM AND THE INTERNET: THE NEED FOR A BETTER CYBERSECURITY FRAMEWORK IN INDIA
Yash Chadha, III year of B.A.,LL.B. from School of Law, Christ (Deemed to be University), Bangalore
The internet in the last few decades has completely revolutionized how human beings communicate, interact and learn in their daily lives. The internet today is regularly used for a wide range of purposes by over half the world’s population and in India, a recent report by the Internet and Mobile Association of India and Nielsen has revealed that India has over 50 crores, active internet users.[i]
Although the percentage of users in India is relatively poor in comparison to most developing countries, the absolute figures imply a massive internet audience in India that is rapidly growing thanks to cheaper availability of internet services. As observed by the United Nations Office on Drugs and Crime in its 2012 report on ‘The use of the internet for terrorist purposes’, the same technology that has changed everything about the world we live in also leaves plenty of scope for misuse and exploitation by terror outfits. India is no stranger to this harsh reality. A July 2020 report of the Analytical Support and Sanctions Monitoring Team, which is a United Nations-backed counter-terrorism initiative, revealed that the Indian wing of the Islamic State of Iraq and Syria (hereinafter the ISIS) called the ‘Hind Wilayah’ had around 180-200 members with many of them operating in the states of Karnataka and Kerala.[ii]
As recently as August 2020, the National Investigation Agency arrested Abdur Rahman, a doctor from Bangalore for alleged links with the Islamic State (ISIS) and it has been revealed that he was in constant touch with IS operatives both in India and in Syria through secure messaging platforms.[iii] Technology is not just a platform for terrorism-related communications, however, and is also used for three main other purposes; propaganda, recruitment and financing. Each of these issues has been identified by the UNODC as global cyberterrorism threats that need to be addressed.[iv]
The three aspects usually go hand in hand as it is the propaganda that usually supports the recruitment and fund-raising activities of terror outfits. In another press release in July 2020, the NIA revealed that two individuals were arrested in Pune for ISIS links and planning terror attacks in India while one of them had been in contact with ISIS recruiters through social media since 2015.[v]
This appears to be the overwhelming trend in close to all cases involving terror activities in India with social media being used to radicalize youth, encourage terrorist activities and increase the reach of terror outfits in the country. Moreover, terror funding also happens online, either by donations that are made over the internet by sympathizers or by committing fraudulent acts such as identity theft, credit card theft and so on. In such circumstances, there needs to be an organized effort by the Indian government as well as other parties involved in policy-making and cybersecurity to try and neutralize the ever-increasing threats posed by terrorists on the internet especially since India’s current cybersecurity framework, both legal and technological, is far from adequate to ward off these threats.
Current Cybersecurity Laws in India
Having seen a continuous rise in the seriousness and the sheer number of threats posed by terrorist organizations and after the horrific 26/11 terror attacks in Mumbai in 2008, the Government of India took substantial measures to strengthen the legal framework to tackle cyberterrorism by amending the Information and Technology Act in 2009.[vi]
This amendment introduced Section 66F which finally laid down an exact definition of cyber terrorism under Indian law. Although this was a great step forward, the definition adopted by the legislature is extremely narrow since it primarily focuses on acts of hacking computers or accessing and manipulating data by unauthorized individuals.[vii]
While the aforementioned actions can be carried out by terrorists online, the scope is limited considering the wide range of online terrorist activities that fall outside of the purview of the definition. The failure of the legislature to update the definition of cyber terrorism under this provision leaves a massive loophole which is constantly exploited by non-state actors daily.
The provision of such a specific and exhaustive definition for cyber terrorism makes it harder for terrorists to be held accountable for actions they may carry out on online platforms like social media in pursuance of their criminal objectives which often leaves prosecutors and courts searching for other provisions to affix liability.
Solutions to Combating Cybercrime and Cyber Terrorism
The need of the hour, therefore, is to address the rising online reach of terror outfits on both a national and international level. If the online recruitment of civilians by terrorist organizations needs to be curtailed or eliminated, cooperation between the public and private sectors becomes absolutely imperative. Social media platforms allow individuals and groups to easily spread their ideas and beliefs to a large virtual audience.
The fact that any form of content, be it good or bad can be made available to millions online within a moments notice makes the regulation of these platforms necessary. The huge volume of such messages being broadcasted must be analyzed if terror-related content is to be removed as soon as possible. The need for such regulation was highlighted when the Islamic State’s primary recruiter, Abu Issa al-Amriki used Twitter and Telegram to recruit terrorists and orchestrate a deadly terrorist attack in the city of Hyderabad in 2017.[viii]
Every aspect of the attack, right down to the most minute details were communicated through online communications channels set up for that very purpose using such social platforms.[ix] Mohammed Ibrahim Yazdani, a local electrician turned terrorist, admitted that he desired to join the terrorist organisation after he began watching their online propaganda.[x]
In fact, terrorist groups such as the ISIS, Al-Qaeda and Hamas have all started using Facebook, Twitter and even YouTube to spread their propaganda and lure more and more people into joining them and to increase the influence of their poisonous and hateful ideology.[xi]
Legal sanctions and frameworks are also necessary for addition to strict responsibility being placed on private stakeholders. Under the Terrorism Act of 2006 in the United Kingdom, any form of content online which is deemed to be encouraging or supporting terrorism in any manner should be taken down within two days of the issue of a notice by the police.[xii]Such an express provision is not available right now under Indian law and lawmakers are yet to reign in private multinational entities that run social media outlets and impose legal duties and obligations on them. The presence of such provisions ensures that such content is promptly taken down and also affixes a liability on the platform where such wrongful content is uploaded for their failure to comply with police orders. The timely removal of such dangerous content minimises the amount of exposure the general public gets to it, thereby substantially reducing the probability of people falling prey to the elaborate terror propaganda machinery.
After a series of dreadful terrorist attacks across Europe between 2004 and 2006, the European Union also adopted a directive on the mandatory retention of communications traffic data. This directive essentially mandated telecommunication and internet service providers to retain user data for a period between 6 to 24 months.[xiii] The data stored gives the competent authorities the ability to identify the recipient and author of the information in question. The information can only be accessed during the course of an investigation or when there is a reasonable threat posed to a nation’s peace and security.[xiv]
At present, India has no such provision in place. The storage of such data can help figure out the modus operandi of the terrorist organisations since it could grant insight into the means through which they plan an attack, procure the necessary equipment, communicate strategy, move resources and other such important variables that could further help predict and prevent future terror attacks and terrorist activities. It can also help identify the individuals who are most at risk of joining such terrorist organisations thereby allowing the authorities to utilise this intel and intervene when possible before it is too late.
The dearth in the laws about cybercrime and cyber terrorism is why India and its southern states, in particular, have become a hotspot for terrorist recruitment and terror activities in South Asia. This increase in terror recruitment poses a severe threat not only to the peace and security of the country. The ever-changing nature of cybercrime and cyber terrorism means that an exhaustive definition for either of the terms cannot be adopted. A more flexible and dynamic law that places more power and discretion in the hands of the court when it comes to the determination of what constitutes cyberterrorism is a must. If we are to preserve national security and crackdown on anti-state terrorists, a revamp of the legal framework would certainly help. Unless terror is kept off the internet, it is highly unlikely that any country can prevent that terror from spilling onto its streets.
[i]Digbijay Mishra & Madhav Chanchani, For the first time, India has more rural net users than urban, TIMES OF INDIA (May 6, 2020), https://timesofindia.indiatimes.com/business/india-business/for-the-first-time-india-has-more-rural-net-users-than-urban/artic [ii]United Nations Sanctions Committee, Twenty-sixth report of the Analytical Support and Sanctions Monitoring Team submitted pursuant to resolution 2368 (2017) concerning ISIL (Da’esh), Al-Qaida and associated individuals and entities, S/2020/717 (Jul. 23, 2020), https://www.securitycouncilreport.org/atf/cf/%7B65BFCF9B-6D27-4E9C-8CD3-CF6E4FF96FF9%7D/s_2020_717.pdf [iii]National Investigation Agency,NIA Arrests An Accused From Bangalore In ISKP Case, NIA (Aug. 18, 2020), nia.gov.in/writereaddata/Portal/PressReleaseNew/868_1_Pr1.pdf [iv]U.N. Office on Drugs and Crime, The use of the internet for terrorist purposes, UNITED NATIONS (Sep. 2012), https://www.unodc.org/documents/frontpage/Use_of_Internet_for_Terrorist_Purposes.pdf [v]National Investigation Agency,NIA Arrests Two Accused From Pune In ISKP Case, NIA (Jul. 13, 2020), https://www.nia.gov.in/writereaddata/Portal/PressReleaseNew/852_1_Pr1.pdf [vi]DEBARATI HALDER, INFORMATION TECHNOLOGY ACT AND CYBER TERRORISM: A CRITICAL REVIEW, 76, 81 (1st ed. 2011). https://ssrn.com/abstract=1964261 [vii]Information Technology Act, 2000, §66F, No. 21, Acts of Parliament, 2000. (India). https://www.indiacode.nic.in/bitstream/123456789/1999/3/A2000-21.pdf [viii]Alexander Tsesis, Social Media Accountability for Terrorist Propaganda, 86 Fordham L. Rev. 605 (2017). https://ir.lawnet.fordham.edu/cgi/viewcontent.cgi?article=5444&context=flr [ix]Rukmini Callimachi, Not ‘Lone Wolves’ After All: How ISIS Guides World’s Terror Plots from Afar, N.Y. TIMES (Feb. 4, 2017), https://nyti.ms/2kzcLnJ [x]Supra note viii. [xi]GABRIEL WEIMANN, TERRORISM IN CYBERSPACE: THE NEXT GENERATION 139 (1st ed. 2015).https://www.researchgate.net/publication/45380139_Terror_in_Cyberspace [xii]Terrorism Act, 2006, §3, c. 11 (England).https://www.legislation.gov.uk/ukpga/2006/11/section/3 [xiii]Evaluation report on the Data Retention Directive, Directive 2006/24/EC, 18 April 2011.https://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2011:0225:FIN:en:PDF [xiv]Id.