In conversation with Advocate Rajas Pingle on his Journey in the field of Cyber Laws

Advocate Rajas Pingle is a BSL LLB graduate from ILS, Pune and is an international cyber law expert. He has practice experience in the area of cyber laws, data protection laws and Intellectual Property Rights (IPRs) in India, USA, Europe and Singapore. He has hands on experience in cases including data theft, denial of service, net banking frauds, fintech frauds, credit card frauds, cyber defamation, etc.

He is empanelled as cyber lawyer with various organisations and is a legal adviser to Cyber Police Station, Pune.

He was also invited by Parliamentary Committee on examining the issues of cyber pornography.

He is Adjunct Professor of Laws at Singapore and Dubai Campus of SP Jain School of Global Management. He is also a Lecturer for Training in Cyber Laws and Crimes at various government and financial institutions.

He is recipient of many awards and recognitions including Cyber Suraksha Award 2017. Find out more about him through this quick conversation below.

1. What was that eureka moment when you decided to enter the field of cyber/information technology laws and diversify your practice in this evolving area of law?

I have always been fascinated with technology from a young age, but initially, I had no intention of pursuing a career in law. However, with both of my parents being practising lawyers, I found myself enrolling in law school. The first two years passed without a clear direction. It was not until the third year that I had my own “Buddha moment” of enlightenment when I was introduced to Information Technology Laws, or Cyber Laws. This moment marked a turning point in my life. From that day forward, I was resolute in my decision to pursue a career in cyber law, aiming to amalgamate my deep interest in technology with the legal field. This combination of passion and profession transformed my perspective on work, making it feel less like a job and more like a calling.

2. Along with your own practice in the field of technology laws, you delivered lectures and trainings at various government organisations, financial, educational institutions and internationals institutions. How would you distinguish between the two experiences?

Ans. “Education is the most powerful weapon we can use to change the world.” Teaching is a passion of mine, and I always dedicate my free time to it. In the process of teaching, I cultivate new knowledge, ignite imaginations, and instil creative expression. It is an incredibly satisfying experience, especially during healthy debates with students or professionals about different aspects of cybercrime and cyber law. I gain a great deal from these discussions, often learning as much as I impart.

Whenever I get the opportunity to teach in international institutes, the experience is unique and enriching. Knowledge exchange happens on a global scale, synthesising diverse legal practices and procedures from around the world. Choosing between practising Information Technology law and teaching would be a difficult decision for me. Ideally, I would love to continue doing both.”

3. Do you believe that the Technology Laws’ curriculum in Law Schools is efficient for someone who wants to pursue their career in this field? Is it accorded the importance it deserves?

During my law school days, there was no Technology Laws’ curriculum in Law Schools. Nowadays, I believe technology law has slowly started getting the traction it deserves. Some Law Schools offer comprehensive curricula on Technology Law that include courses on Cyber Law, Data Privacy, Intellectual Property Law, etc.

However, not all Law Schools give Technology Law the same degree of attention. As of 2023, Technology Law was a growing, but still relatively niche field of study in many Law Schools. As technology becomes increasingly important and pervasive in society, it is likely that more Law Schools will start to offer comprehensive curricula on Technology Law.

In terms of whether the curricula are efficient, that also depends greatly on the specific programmes and courses. However, it is worth noting that even the best academic programme cannot guarantee success in this field. Practical experience, such as internships, clerkships, and other forms of on-the-job training, can be equally, if not more, important. Additionally, the ability to keep up with rapidly changing technology and regulations is crucial in this field. I would recommend anyone interested in this field to research different programmes, speak with current students and faculty, and consider their own interests and career goals when deciding on a programme.

4. What are the impacts of new-age technology which is expanding to each and every field? Are there laws effective enough to tackle virtual reality and the metaverse?

New-age technology, encompassing fields such as Artificial Intelligence (AI), Internet of Things (IoT), Blockchain, 5G, and many others, is having far-reaching impacts across various sectors. Below are some notable ones:

1. Efficiency and productivity: Automation and AI-driven tools can increase efficiency and productivity, performing tasks faster and with fewer errors than humans. This is seen in industries like manufacturing, logistics, and even office work.

2. Data-driven decision-making: The ability to collect, analyse, and leverage large amounts of data can lead to better decision-making. This is particularly impactful in fields like healthcare, where patient’s data can be analysed to provide personalised care, or in business, where consumer data can inform marketing strategies.

3. Improved communication: Technologies like 5G and IoT are enabling faster, more reliable communication and connectivity. This can enhance everything from personal communication devices to industrial IoT applications.

4. New business models: Technologies like blockchain are enabling new business and economic models, such as Decentralised Finance (DeFi).

However, these advancements also come with challenges:

1. Security and privacy concerns: With increased data collection and connectivity comes an increased risk of data breaches and privacy concerns. Cybersecurity is a growing issue.

2. Job displacement: While new technologies can create jobs, they can also displace workers, particularly in sectors prone to automation. This raises concerns about job security and income inequality.

3. Ethical and regulatory challenges: AI and other advanced technologies can present ethical challenges, such as biases in machine learning algorithms. These technologies often outpace current regulatory frameworks, creating a need for new laws and ethical guidelines.

4. Digital divide: While technology has the potential to connect and empower people, it can also exacerbate inequalities if access to these technologies is unevenly distributed.

These impacts underscore the importance of thoughtful and responsible technology development and deployment.

5. Are there laws effective enough to tackle virtual reality and the metaverse?

For every lock, there is someone out there trying to pick it or break in. Information Technology alone cannot provide us an absolute shield against its evil twin – Disinformation Technology. Our only protection is law. Information Technology Act was introduced in the year 2000 and it was the first technology-related legislation in India. Thereafter, in 2008 the Act was substantially amended to include various offences and definitions.

The technology is progressing at a very fast pace and the modus operandi of the perpetrator is ever changing and evolving with the technology. Considering these factors, eight years was too long for amendment. If we consider the investigation perspective, many changes are required to increase the conviction rate.

Moreover, as per my observation, India is a country where people do not give that much importance to their personal information. One can read in the news everyday, how US and EU emphasise on their data protection laws being well established and stringent, while in India, we do not even have a data protection regime in place or separate legislation on privacy.

Given these complexities, India as a country, like many others, needs to evolve its laws or create new ones, specifically tailored to the metaverse and virtual reality. However, it is crucial to note that the pace of legislative change is generally slower than that of technological change, and it is often a reactive process. Thus, there might be a lag time before laws effectively address all the issues that these technologies pose.

6. How do you perceive ethical hacking? Please comment on its future course.

Ethical hacking, often referred to as penetration testing or white hat hacking, is a practice where skilled IT professionals use their expertise to help organisations identify vulnerabilities in their systems and fix them. They operate within legal and ethical boundaries to ensure that these vulnerabilities are not exploited by malicious hackers.

As per my knowledge, ethical hacking is seen as an increasingly important part of cyber security. Given the rising frequency and complexity of cyber attacks, this trend is likely to continue. With more business, governmental, and personal activities moving online, the need for robust security measures will only increase.

In the future, we can expect ethical hacking to become more mainstream, with increased demand for professionals in this field. Advances in technology such as AI and machine learning might also play a significant role in automating certain tasks, but human expertise will still be needed to interpret results and strategize. Moreover, with the rise of new technologies like the Internet of Things and 5G, there will be an expanded attack surface for hackers, creating more demand for ethical hackers to safeguard these technologies. Regulations and Certifications around ethical hacking might become more standardised, and there could be more educational opportunities in this field. However, ethical hacking also faces challenges. There is a need for clear ethical and legal guidelines for these professionals to ensure they operate within defined boundaries. Ethical hackers must maintain a delicate balance between testing for vulnerabilities and respecting privacy and legal constraints.

7. According to you, what is the gamut of cyber/internet awareness among the general public?

The general public’s awareness of cyber or internet security varies significantly. Some people are highly aware and vigilant, using strong, unique passwords, multi-factor authentication, and staying up-to-date on the latest scams and threats. They avoid clicking on suspicious links, regularly update their software, and use antivirus solutions.

On the other hand, many people are less knowledgeable or vigilant. They might use the same password across multiple sites, click on unknown links, or neglect software updates, leaving themselves more vulnerable to more common cyberattacks like phishing. 

Increasing awareness about these issues is a significant challenge. It requires educating people about the risks and the necessary steps for protection in a way that is accessible and understandable. Many organisations, from private companies to governments, have taken steps to improve cybersecurity awareness.

In the future, as our lives become more digitally entwined, the need for improved cyber literacy will only increase. This is not only a matter of individual security, but collective security as well — as even one weak link can lead to significant breaches in a networked world. This makes it crucial for educational initiatives to keep pace with the rapidly evolving digital landscape.

8. Not many people are familiar with the concept “exhaustion of a search”. What are your views on it?

“Exhaustion of a search” is a concept that, in its broadest sense, refers to the point at which all possible avenues in a search process have been explored. This can apply to various fields, from investigative work, academic research, to data science and even internet searching.

In the context of internet search or data analysis, the exhaustion of a search could be seen as a point where no new or relevant results can be found, perhaps due to limitations in the database, the specificity of the query, or the algorithms employed by the search engine. 

From a user perspective, it may refer to a situation where they are unable to find the information they are looking for despite multiple attempts and refining their search queries. This might be due to inadequate or incorrect information in the databases, or limitations in the search engine’s ability to understand and respond to the query.

In any case, striving for exhaustive search results is important for thorough research or investigation, but it is also a challenging task due to the sheer volume of data in most fields, as well as the evolving nature of knowledge and information.

The concept itself highlights the importance of comprehensive and effective search strategies and could also highlight the need for improvements in search algorithms or databases. But it is also worth noting that achieving true “exhaustion” in a search might not always be practical or even possible, given the vast and ever-growing amount of information available in many fields.

9. Is there any piece of advice that you would like to give to the readers who might want to follow your steps?

If you are seeking advice on following my footsteps, I would like to share a quote from Steve Jobs: “Sometimes when you innovate, you make mistakes. It is best to admit them quickly and get on with improving your other innovations.” This wisdom is equally applicable to the practice of law. In this field, you will undoubtedly make mistakes. The key is to learn from them and move forward. Ultimately, strive to find something you are passionate about and can relate to in your work. Do not merely participate in the rat race for the sake of competition.

10. Bonus: Cyber safety and security tips

The cyber landscape is ever-evolving and changing; however, based on my experience, here are some important cyber safety and security tips that could be helpful:

1. Strong, unique passwords: Use a strong, unique password for each of your online accounts. The more complex your password, the harder it is for hackers to guess. Consider using a password manager to keep track of them all.

2. Multi-factor authentication (MFA): Enable multi-factor authentication wherever possible. This adds an additional layer of protection, making it harder for unauthorised individuals to access your accounts.

3. Regular updates: Keep your software, including your operating system, browsers, and antivirus programs, up to date. Updates often include patches for security vulnerabilities that have been discovered.

4. Secure networks: Be careful when using public Wi-Fi networks, which are often less secure. If you have to use them, consider using a VPN to encrypt your data.

5. Phishing awareness: Be wary of unsolicited e-mails, texts, or calls that ask for personal information or direct you to log in to an account. These can often be phishing attempts. 

6. Backup your data: Regularly backup your important data. In case of a security breach, having a backup can prevent complete data loss.

7. Educate yourself: Stay informed about the latest cybersecurity threats and safety measures. Cyber threats evolve constantly, and being aware can help you stay one step ahead.

Remember, no solution is entirely foolproof, but following these steps can help reduce your risk and keep your online presence secure.