DECODING THE DUEL: CYBER SECURITY V. ARTIFICIAL INTELLIGENCE IN THE DIGITAL ERA

ABSTRACT:

This research paper looks into the symbiotic relationship between cybersecurity and artificial intelligence in the ever-evolving landscape of technological advancements. With digitization, there are various challenges posed by cyber threats that highlight the vulnerabilities inherent in the AI systems. This paper emphasizes the need of improving cybersecurity measures to safeguard against the spectrum of threats and potential risks that lead to data breaches, internet time theft, identity theft, software damage, etc. 

In the context of legal frameworks, there is no precise provision upon the governance of AI especially when we talk about India. This paper highlights the importance of adapting and expanding legal structures that are futuristic, to keep in pace with the fast-moving society due to advancement of technology such as AI, Blockchain, metaverse, etc. it focuses on various laws that are existing in India, that govern the cyber-criminal activities such as the information technology act, 2000 and the Indian penal code.

While AI is considered to be significantly contributing in enhancing security measures and detecting cyber threats, it also creates certain vulnerabilities that can be exploited by cybercriminals. It introduces challenges and threats like that from ChatGPT, voice cloning, phishing attacks, deepfake, anti-forensics, and nanotechnology, highlighting the importance of creating a robust infrastructure and educate individuals about it to combat the evolving cyber threats.

Keywords: Artificial intelligence, AI, Cyber security, Cyber-crime, Cyber law, Information Technology Act, 2000, Indian Penal Code

INTRODUCTION:

In the dynamic realm of technological advancements, there is constant interaction between cyber security and artificial intelligence. The increasing interconnectedness of the world due to digitization heightens the challenges posed by cyber threats, exposing the vulnerabilities inherent in artificial intelligence. The challenges posed to cyberspace underscore the significance of advancing cybersecurity measures. It involves safeguarding the computer and network environment from hacking, denial-of-service attacks, phishing, spoofing, and other threats that could result in data breaches, internet time theft, identity theft, or software damage.

 There is an increased reliance on computer systems, wireless devices, and the expanding realm of the ‘internet of things’ has become especially pronounced since the onset of the coronavirus pandemic. Consequently, this has led to a surge in cybercrimes, ranging from frauds and thefts to data breaches, occurring at any given time.

Cyber security laws have therefore gained paramount importance. As we navigate this interconnected landscape, the establishment of robust cybersecurity laws becomes imperative for data protection and maintaining overall security. On the other hand, there is artificial intelligence which is regarded as a boon to humanity. The advancement of technology has led to the discovery of AI and machine learning which has helped us in making our lives easier in many ways. It is gradually becoming a part of our daily lives, offering solutions that simplify various aspects of our existence. 

AI have the potential to detect, predict and respond to various cyber-attacks and help in finding correct solutions to manage and reduce various security risks. Many government programs have incorporated AI for the better regulation of their activities and protect their security against the risks from cybercrimes. However, this symbiotic relationship between AI and security comes with its own set of challenges. While AI addresses unprecedented advancements, it introduces vulnerabilities that can be exploited by malicious criminals.  As organizations increasingly deploy AI in their cybersecurity strategies, a meticulous examination of the intricate dynamics between AI and security becomes paramount.

RESEARCH METHODOLOGY:

This research paper talks about the intersection of cyber security and artificial intelligence, the challenges and threats that they pose and the need to adapt policies and legislations to govern the realm of AI. This research paper is written using sources that are secondary in nature and is descriptive in nature. Sources such as books, newspapers, websites, articles, blogs, Acts and papers have been referred for the research.

REVIEW OF LITERATURE:

Cyber security is the practice or the process designed to protect computer systems, networks and data from cyber-attacks, theft, damage or unauthorized access. There is vast amount of data stored by the government and various companies and its theft or unauthorized access could lead to negative consequences.

Artificial intelligence, on the other hand, is one of the most discussed topic in the modern times. It used to be only in theory but now has transitioned into reality and has become a significant part of our daily lives. It aids the development of computer systems to think like human and perform tasks that require human intelligence. It eases the work by performing various tasks using techniques like Machine Learning, Computer Vision, Robotics, etc. and carries out those tasks with efficiency and precision.

Information Technology Act, enacted by the Parliament of India is the primary legislation in the matters that deal with cybercrime, data protection and e-commerce. The purpose of this Act is to mitigate cybercrimes such as phishing attacks, hacking, cyberterrorism tampering with computer systems and documents among various others and prescribes the punishment and penalties associated with them.

Indian Penal Code, is the legislation that covers all aspects of criminal law. Various sections of IPC can be applied in matters of cybersecurity such as section 411, 419, 425 among others and prescribes the punishment for imprisonment period or fine or both associated with the crime committed by the cybercriminal.

Various articles and newspapers such the Times of India and India today have talked about the threats posed by artificial intelligence against the protection of individual and society such as AI voice cloning and deepfake which are constantly in news these days where cyber criminals imitate individual’s voice or manipulate audio visual content in respective cases, to siphon money and harm someone’s reputation.

LEGAL FRAMEWORK:

Nowadays, internet is the daily requirement of people bringing with it accompanying risks of cybercrimes. Therefore, it is crucial for nations to establish robust laws governing the cyber security. In India, the Information Technology Act of 2000 governs cyber law. With new kinds of crimes emerging the law has been subject to various amendments as well. The law encompasses a range of punishments and penalties designed to protect the e-governance, e-banking, and e-commerce sectors and due to the advancement of technology day by day, it has furthermore broadened its scope to include all kinds of latest communication devices. 

In case of AI, India does not have any specific provision for protection of data. However, there are various laws in India that work towards safeguarding personal information while dealing with AI- related activities. 

Section 43 of IT Act: Encompasses the liability of a person who damages a computer system or network without the permission of the owner or the person in charge. The owner in this case can claim compensation for the damages caused to him or her.

Section 66 of IT Act: Identifies the imprisonment term and penalty in case a person is found dishonestly or fraudulently committing any offence referred to in section 43. Such a person will be punished with imprisonment of a probable three years or with fine which may extend to five lakh rupees or with both.

Section 66B of IT Act: Identifies punishment for receiving stolen computer or communication devices. A person found to be committing such act will be punished with an imprisonment term of up to three years or with fine up to rupees one lakh or both.

Section 66C of IT Act: Identifies punishment for fraudulently using electronic signature, password or any other unique identification feature of any other person. Such a person shall be punished with imprisonment of up to three years or with fine up to rupees one lakh rupee or both.

Section 66D of IT Act: This section was incorporated to prescribe punishment to person for cheating by personation by using computer resource. Such a person shall be punished with imprisonment of up to three years or with fine up to rupees one lakh rupee or both.

Section 66E of IT Act: Identifies punishment for violation of privacy with imprisonment for up to 3 years or with a fine which may extend to Rs. 3 lakh or with both.

Section 378 of IPC relates to the “dishonestly taking any movable property” and will apply to theft of data as section 22 of IPC states the word ‘movable property’. Punishment for such a theft is in the form of imprisonment of up to 3 years or a fine or both.

Section 425 of Indian Penal Code (IPC) this section states that intentionally causing or likely to cause harm or damage to the public or an individual, resulting in the destruction or alteration of property, constitutes the offense of “mischief.” Therefore, it can be implied from this section that intentionally damaging computer systems or blocking access is considered “mischief.” The punishment for mischief according to section 426 of the IPC is imprisonment of up to 3 months or a fine or both.

Section 411 of IPC This section is similar to section 66B of IT Act. It identifies punishment for dishonestly receiving any stolen property. The punishment for such act is imprisonment of either description for a term which may extend to three years, or with fine, or with both.

Section 419 of IPC this section prescribes punishment for ‘cheating by impersonation’ and identifies that any person who is accused for cheating by personation shall be punished with imprisonment of either description for a term which may extend to three years, or with fine, or with both.

Sections 463, 465, 468 of IPC these specific sections “deals with forgery, “forgery for cheating” and theft. The punishment in each of these sections is for a term that may be extended for a term extended up to 7 years along with a fine.”

Section 67, 67A and 67B these sections prescribe punishment for publishing or transmitting, in electronic form (i) obscene material (ii) material containing the sexually explicit act, etc. and (iii) material depicting children in the sexually explicit act, etc. respectively. The punishment under Section 67 of the IT Act is imprisonment that may be extended up to 3 years with a fine extended up to Rs. 5,00,000. And the punishment prescribed under sections 67A and 67B of the IT Act is imprisonment up to 5 years with a fine extending up to Rs. 10,00,000.”

The Digital Personal Data Protection Act, 2023 (DPDA) finally enacted by the Indian parliament lays the down laws for protection of digital personal data so as to recognize the right of the individual to protect their personal data and the need to process the data for lawful purposes.

In the case of Justice K.S. Puttaswamy (Retd.) v. Union of India (2017),the Supreme Court of India recognized right to privacy as a fundamental right under the Indian constitution underscoring the importance of protecting personal data from AI-based systems. 

CHALLENGES AND THREATS:

Artificial intelligence, while contributing to the advancement and well-being of human society, also presents challenges. The escalating reliance on the internet has given rise to global disputes over cyber jurisdiction, with predictions that cyberspace will become the fifth domain of warfare. The territorial claims of countries over cyberspace extend to encompass the entire internet, raising complex issues of governance and international cooperation.

Individuals often fall prey to cybercrime due to their limited understanding of online security measures and lack of proficiency in computing. Moreover, a significant challenge lied in them not reporting this cyber fraud that happens to them. This hinders the process of justice as it makes it hard to catch the criminals and impedes efforts to raise awareness about the prevalence and nature of cyber threats. There are many challenges that come into existence with use AI in cybercrimes. Some of them are:

ChatGPT: with the innovation of generative AI like ChatGPT, our lives have become easy to sort. It has helped many to solve many problems in various field. Theres is a growing dependence upon them. Yet when it comes to generative AI, these also becomes a tool for the criminals to easily build plans for their crimes. Cybercriminals may use it to generate convincing and contextually relevant phishing emails or messages to trick individuals into giving sensitive information or taking malicious actions. Thereby, increasing the effectiveness of phishing attacks and make them harder to detect. It can even be used as a tool to generate malicious code or scripts leading to advanced cyber threats. Hackers employ ChatGPT to craft personalized messages, posing to be from trusted sources like banks or government agencies. These messages typically include a link or attachment that, once clicked, introduces malware to the user’s device which has the potential to compromise the user’s data, encompassing personal and financial information.

Voice clone: technology advances and the trend of cybercrime keeps increasing rapidly each year. The cyber criminals have found new and innovative methods of committing advanced crime. There are prevalent cases of them using artificial intelligence voice cloning to scam people for money. Here the criminals call people posing as bank executives, insurance agents offering credit services and loans, shopping portal executives and many others. While taking help of AI tools and software to replicate that person’s voice and speech patterns, they then call their relatives and close circle mimicking their voice, pretending to be them and ask for financial help to siphon money or share personal information with which they further go on to commit bank frauds. The criminal who is pretending to be your relative might dictate some distressing situation or that his money was deposited in the victim’s bank. Victims generally do not pay attention over the sender of the message or when it is from an unknown number. These crimes have been found to be committed in various states like Telangana, Karnataka, Madhya Pradesh, among many others.

Phishing attacks: there is also a rise on phishing attacks through the use of AI. Cyber criminals use fake emails or websites to fool people into sharing sensitive information like passwords or bank details. They take help of artificial intelligence to make these scams even sneakier by helping them target specific people, create realistic messages, and break through regular security, making fraudulent emails harder to detect. Therefore, the companies are required to integrate AI into cybersecurity measures to counter this threat, and for individuals to be careful and double check before sharing personal information, to mitigate the evolving risks posed by AI- enhanced phishing attacks. 

Deepfake: As artificial intelligence evolves, it has become a potent tool for cybercriminals, and the emergence of deepfake technology exemplifies this trend. So, what is deep fake? Deep fake is the kind of technology that employs AI tools and software to manipulate audio-visual content, either by altering existing media or generating entirely new content. The primary objective of deepfake technology is to craft false narratives and manipulate public opinion towards specific desired outcomes or targets, be it individuals, companies, or other entities. The fast progress of deepfake technology presents a major problem for the reliability of digital media, raising concerns about the risk of spreading false information, identity theft, and harm to someone’s reputation.

Anti forensics: Anti forensics is the enemy of cyber forensics. It deals with avoiding detection in digital forensic investigations, making it difficult for investigators to analyze and recover digital evidence. AI brings out tools to hinder and complicate the investigation process by diminishing the quantity and quality of evidence from a crime scene. Activities such as intentionally deleting data by overwriting it with new information or employing protective tools against forensic analysis fall under anti-forensic techniques. However, these same techniques can be misused by cybercriminals to shield their activities from being discovered.

Nanotechnology: nanotechnology has been under dynamic development in the current years. Many countries have been providing vast investment on its development. Nanotechnology refers to the technology that creates devices or products at the level of individual atoms and molecules. By controlling these atoms and molecules, creators develop materials no more than 100 nanometers thick and use them in healthcare, sports, automotives, electronics and other industries. Microdrones emerged as a significant tool that help in surveying agricultural land, monitor environment, inspection of land and infrastructures, etc. These provide a bird eye view of the surroundings. However, there are also certain threats that comes with it. Advancements in both areas profoundly nanotechnology and microdrones may pose serious threats. Microdrones that are nanometers small could be used by the criminals to be installed inside homes and important governmental offices and because of being so small, they can be easily hidden and not be caught by eye. Hence there must be focus drawn on the philosophy of regulation of nanotechnology in such contexts.

SUGGESTIONS:

AI is now extensively applied across various industries. From customer support and education to digitalization, AI has propelled progress through notable advancements. Moreover, it significantly contributes to the ongoing efforts to enhance cybersecurity.

There is a need to develop infrastructure to combat the threats posed by AI on cyber security. It is the need of the hour. Other than that people need to be educated in computer systems. It is essential to boost individual’s knowledge and skills about using digital technology to make them stronger and less likely to be affected by cyber threats. Developing a culture that supports reporting cybercrimes and sharing personal experiences will help build a society that is better prepared and aware of the challenges posed by advancing technology.

There need to precise legislation addressing the potential threats posed by artificial intelligence (AI) to individuals and society. The laws that are in place are mostly limited to tackling computer systems and networks. Existing laws predominantly focus on addressing issues related to computer systems and networks, leaving a critical gap in the regulation of emerging technologies such as AI, blockchain, metaverse and others. To effectively safeguard against the evolving technological advancements, it is essential for legal frameworks to develop and adapt to future innovations. systems emerging in the near future. It needs to be futuristic and in pace with the advancement of technology.

Take, for instance, the emergence of Super Artificial Intelligence, a category of AI that surpasses human intelligence, showcasing cognitive abilities and autonomously developing advanced thinking skills. Laws should be forward-thinking and dynamic, keeping pace with these technological breakthroughs to effectively govern and mitigate potential risks associated with such developments.  Establishing futuristic and adaptive legal structures is crucial for maintaining a balance between technological progress and safeguarding the well-being of individuals and society as a whole.

CONCLUSION:

We can derive from this research paper that there is a constant interaction between cybersecurity and AI which serves as a nexus, shaping the ground of digital security and technological advancements. This continuous interplay between the two spheres highlights the evolution and the complexity of the structure of cybersecurity. The world has come to a point where technology is far more advances than the laws. As technology advances, malicious actors also upgrade their methods of attacking and for manipulation of companies as well as individuals. There is a significant requirement for precise legislation, development of digital infrastructures and educational initiatives to fight against the challenges posed by artificial intelligence in the arena of cybersecurity. 

The legal frameworks need to adapt and forward- thinking to be in sync with the technological advancements to effectively govern and reduce the potential risks associated with such advancements such as Super Artificial Intelligence. The ultimate goal is to find a harmonious balance between technological progress and safeguarding individuals and society against the ever-evolving threats in the digital era. AI helps in simplifying the process of detection and investigation and makes it more effective. Hence, it can be said that we will be the spectators to see how far technology goes in order to benefit or serve as a threat to cyber security and the people in general.

-Noorain Iqbal

-Delhi Metropolitan Education, Noida