Traditional Policing viewed Technology skeptically, but Today it is Indispensable

At SIITF 2024, Dr. Pronab took center stage to deliver an engaging and insightful overview of the evolving landscape of cybersecurity, cybercrimes, and data privacy. His address, both informal and comprehensive, spotlighted significant advancements and challenges, with a particular focus on Karnataka and Bangalore—India's renowned tech capital.

He started by echoing Professor Balakrishnan's belief that India has the potential to achieve significant technological advancements. His words inspire great confidence, and I share his optimism about our future.

The Rise of Cybercrimes
In recent years, there has been a significant increase in the use of the term "cyber," often applied broadly to anything involving digital or computing devices. This reflects the growing role of technology in all aspects of life. Having spent over 30 years in policing, preceded by a career in engineering, I have witnessed firsthand how technology has transitioned from being an outlier to a central element in crime prevention and investigation. Back in the day, traditional policing often viewed technology skeptically. Today, however, technology is indispensable. Karnataka alone reported approximately 200,000 to 250,000 crime cases in 2023, of which 22,000 were cybercrimes—around 10% of total crimes. This number is expected to surpass 30,000 in 2024, indicating an alarming growth trend.

Cybercrimes, unlike traditional crimes, are highly scalable. For instance, while general crimes may grow at a steady rate, cybercrimes have surged exponentially, with incidents increasing from 17,000 a few years ago to over 25,000 last year.

Cybercrimes can broadly be classified into two categories:
Cyber Frauds: These involve cheating individuals and defrauding them of money.
Genuine Cybercrimes: These require advanced digital forensic expertise and include serious offenses such as data breaches, large-scale hacking, credit card skimming, and child sexual abuse material (CSAM).

Currently, cyber frauds dominate the landscape, constituting over 90% of reported cases. The primary mechanism enabling these frauds is the use of "mule accounts"—bank accounts created with dubious intentions, often by vulnerable individuals paid nominal sums. Fraudulent funds flow rapidly through multiple layers of mule accounts, making them difficult to trace. By the time the police intervene, the money has often been siphoned through hundreds of accounts across multiple countries. Alarmingly, a significant portion of these withdrawals occurs outside India, particularly in Dubai.

Technological Solutions to Cyber Fraud
To address this challenge, we must leverage advanced technologies like Artificial Intelligence (AI) and Machine Learning (ML). For instance, developing AI/ML algorithms with 99% accuracy could help identify and flag mule accounts. While false positives are inevitable, they can be addressed through manual verification.

The current detection rate for cyber fraud is dismally low—approximately 2%—despite Karnataka reporting losses of over ₹3,000 crores in cyber frauds this year alone. This highlights the urgent need for innovative solutions and collaborative efforts between law enforcement and financial institutions.

Cybersecurity Challenges

Cybersecurity, distinct from cybercrime, deals with protecting organizations, states, and nations from digital threats. While some cybersecurity incidents evolve into cybercrimes, many remain within the domain of corporate or governmental risk management.
One critical area is pre-enforcement forensics—investigative measures taken before reporting incidents to law enforcement. This practice, though not yet common in India or globally, can help organizations assess the severity of breaches, contain reputational damage, and decide on further action.

Data Privacy: An Emerging Concern

Data privacy presents another pressing challenge, both technically and legally. Unlike data security, which focuses on protecting data from unauthorized access, data privacy involves the ethical and legal use of personal data.

India's data privacy landscape is still evolving. The proposed Digital Personal Data Protection (DPDP) Act has faced delays, reflecting the complexities of defining private data, identifying responsible entities, and establishing enforcement mechanisms. While global standards like the GDPR offer guidance, adapting them to India's unique socio-economic context is a daunting task.

For instance, the European Union's GDPR-inspired frameworks, such as the Privacy Shield and Safe Harbor Acts, have faced significant legal hurdles. India must tread carefully to develop a robust yet practical data privacy regime that balances innovation with individual rights.

Conclusion