Abstract
AI has fetched colossal aids to mankind in the past decade and is bound to inclinewith the passage of time. AI is gradually flattering part of the digital amenities that we use in our diurnalbreathes.The application of AI has broadened its frontiers in a number of fields, including security, business, law, marketing, finance, and even health care. Themountingapplication of AI is adding fuel to the prevailingintimidations to the cyber world. Furthermore, AI has also carried with itself numerous new-fangled fears to be tackled. When it is concerned with criminal acts, Artificial Intelligence could play a very indispensable role in snowballing the rate of criminal activities. The aim of this paper is to evaluate the use and abuse of artificial intelligence (AI) in relation to cybercrimes, to examine whether India's current legal system is adequate to combat cybercrime in the context of AI technology, and to present a brief study of the Data Privacy Bill. The recommendation made in the paper's conclusion is to establish an effective legal framework to combat cybercrime perpetrated by AI systems.
Key words: Artificial Intelligence Cyber -crime Law Issues Challenges
“Cybercriminals have always been early adopters of the latest technology and AI is no different.” Martin Roesler
Introduction
A comprehensive range of computer science called artificial intelligence (AI) is engrossed on generating intelligent machines that can conduct tasks that customarilyentailhumanoid intelligence. Machines, particularly computer systems, simulate human cognitive processes in this process. Expert systems, NLP(Natural language processing), speech recognition, and machine vision are some specific uses of AI. More quickly and precisely than a person could, AI analyses vast volumes of data and produces predictions.
The technology use in AI can understand, learn, and act on its own on the basis of information that is acquired and derived from various sources and databases. AI functions on the basis of following techniques:
Cybercrimes-"The unauthorised use of any communication equipment to commit or enable the commission of any illegal act" is the definition of cybercrime. A cybercrime is demarcatedkind of crime that uses a computer, a networked collection of computers, or both as aids for malicious tenacities5 . Entities, profitableorganisations, or even régimes may be the targets of cyber crooks. Data breaches, ransomware, and phishing are only a few examples of modern cyber risks, and new variations of cybercrime are always evolving.Cybercriminals are becoming more synchronized and lithe, utilising new technology to their benefit, modifying their attacks, and forming novel enterprises.
The market for AI-based security products is escalating as cyberattacks are becoming more ubiquitous. Organizations are using the most recent AI-based techniques for early detection of threats and safeguarding their systems and data resources. On one hand, AI-based technology is being used by cybercriminals to conduct more complex assaults in innovative formsby distributing malware or gathering vital information. AI is also being utilised to help prioritise replies based on real-world risk.
Role of AI in committing Cyber crimes
AI is already being used for cracking passwords, CAPTCHA-breaking and speech cloning, likewise there are many more malicious innovations.As rightly said by Martin Roesler “Cybercriminals have always been early adopters of the latest technology and AI is no different”.AI is being used for improving lifestyle of people but at the same time cyber crooks leave no stone unturned in misusing the same. Some prominent examples are:
Deepfake Audio Technology and Video technology-Using this, fake images, sounds, and video are produced that are convincing. Two AI algorithms, one referred to as the generator and the other as the discriminator, compete with one another to produce the material in Deepfake. In order to determine if the fake multimedia content is real or manufactured, the generator requests information from the discriminator.
Together, the generator and discriminator form something called a generative adversarial network (GAN). However, for creating Deepfakesnoconsiderable skill is required as in case of creationofrealistic content; thereby giving rise to promotion of false agendas . Audio Deep Fake was used in 2019, in which the chief executive of a company was tricked into paying £200,000 by scammers .The use of deepfakes in cyber scams is on the rise. A scam was spread on YouTube in which Elon Musk’s a fake crypto exchange called ‘BitVex’ was created using deep fake video as a propaganda tool and promised investors up to 30 per cent returns. During Russia-Ukraine war, cybercriminals hacked a Ukrainian television channel and showed the Ukrainian President, surrendering with the help of deep fake hacking technology.
AI-Supported Password Guessing- there are numerous techniques specifically designed to guess passwords. Hashcatspeculates a password, hashes it, and then equivalences the resulting hash to the one it's trying to crack and efficaciously cracks a password . A new slant, PassGAN, ranges upon this technology with artificial intelligence.Ituses deep erudition, procreativecombative networks explicitly, to guess passwords after being proficiently trained on a set of known passwords. 12% of the passwords were generated by this technology in the LinkedIn set, while its three intrants generated between 6% and 23%. The combination of PassGAN and Hashcattogether cracked 27% of passwords in the same set.
Human Impersonation using AI- Google’s Technologies like Duplex16can make calls with a natural-sounding human voice rather than robotic one.; automated and realistic human impersonation technology is being targeted or manipulated by hackers, spammers, trolls, and other bad actors. Most common AI-driven personal assistants rely on TTS(Text to Speech Software ) software to cause as natural-sounding speech as probable. Computerization can materialize once the computer performs the TTS “fluently” by hauling together words and phrases from pre-recorded files .Generative adversarial networks (GANs) can apprehend and modulate a voice signal’s audio properties. Open platforms such as WaveNet by Google apply GANs to produce media that caricates voices and facial expressions to the amount that they become virtuallymisty from how the imitatedone’sresonances and expressions.
AI no code tools- converts natural language into code, could lead to a new generation of ‘script kiddies’ with low technical familiarity but the designs and impetus for cybercrime as presaged by Europol .Large language models, such as Open AI’s GPT-3, is being used to creategenuine text and other outputs andhave numerouscybercriminal applications; inclusive of impersonating an person’slettering style or forming chatbots that victims obscure for factualperson. Cyber crooks are using ChatGPT to launch cyberattacks.
AI-powered bots predict success in trades- AI trading businessesroutinenumerous tools in the AI wheelhouse machine learning and algorithmic predictions .Qumasan AI-powered trading platform uses advanced artificial intelligence to analyze all KPIs (Key Performance indicators) and automates best trades. The AI in charge uses a state-of-the-art machine learning system to analyze market data in real time, providing users with accurate predictions. It pulls data from multiple markets and interprets all essential KPIs, including ATR (Average true range), RSI (Relative strength index), and MACD(Moving Average Convergence/Divergence) , provides valuable insights to the investors into the best investment options and prevents loss.
AI helps ransomware attackers predict vulnerabilities’-it has massive implications for cyber defenders, more cyber-attacks skipping the cyber security borders are the result.
Use of AI in combating Cyber Crimes
Artificial intelligence has a huge potential to combat cybercrime.
Two factor authentications- An artificial intelligence monitoring technologyAlgorithms are vitalmechanisms of sequencing AI and may be customized to pawnintricate cyber threats. An algorithm is a set of step-by-step commands given to a computer to complete a explicit task. AI may drive this technology to higher pedestal, to achieve intelligent autonomous algorithms. To exemplify the emerging threats , Facebook lately abandoned an AI experiment after ‘chatbots’ devised their own language which was not comprehensible by humans. Computer machines havedisplayed better skills than humans in playing chess or poker. This breakthrough technology is probably going to be disruptive in many ways beyond imagination.
Spam detection- When searching for abnormalities and warning signs, AI can spot spam and phishing emails by considering the context and content of the communication. AI can be used to identify online dangers and perhaps malicious activity. Artificial intelligence (AI) enables better prognosticacumen using natural language processing, which accumulates data autonomously by construing articles, news, and studies on cyberthreats.
AI-powered DNS security- Its DNS Filtering solution apprehends and blocks online threats and inappropriate content. The solution uses DNS to classify and then block or consent access to websites thereby preventing cyber attacks.
Bot detection- AI and machine learning understands website traffic and distinguish between good bots and bad bots, and thereby allows cyber-security teams to adapt strategies to alter landscape and thus helps in combating cyber crimes.
DoS attacks prevention-AI powered Neuro Net is a neural network system which gathers and processes scattered information and synchronizes the activities of core network devices senseanomalies and thwartsTCP-targeted distributed DoS attacks.
Targeted attack analytics (TAA) by Symantec: The cloud-based analytics in TAA automatically adapts to new attack tactics by delivering continuous attack detections and adding new attack analytics . Sophos Intercept X tool; Vectra’s Cognito; BioHAIFCS; StringSifter; DefPloreX; IBM QRadar Advisor; Tessian33 are also some AI tools that are used to protect from cyber crime attacks .
AI can be used to address criminal justice-AI-powered surveillance system helps in tracking criminals easily. Real-time facial recognition technique with the use of AI has the potential of preventing crime with its deep-learning methods such as: charting of a face with some facial points; The distance amidseveral facial points and the slants are examinedthereby enabling to unmask the face behind the viel.34 AI has the potential to be apermanent part of our criminal justice ecosystem,providing investigative assistance and allowing criminal justice professionals to better maintain public safety.
A tool kit has being prepared by the Centre for Artificial Intelligence and Robotics of UNICRI with a group of experts from INTERPOL, the European Commission and other relevant institutions and for Responsible AI Innovation in Law Enforcement. This facilitates law enforcement agencies around the world with practical guidance for using AI in a trustworthy, lawful and responsible manner. It addresses practical insights, use cases, principles, recommendations, best practices and resources thereby helpingand supporting law enforcement agencies around the world to use AI technologies and applications.
International Legal Regulations covering Cyer Crimes
Budapest Convention-the Council of Europe Convention on Cybercrime, more commonly referred to as the “Budapest Convention;” was the first international cybercrime treaty adopted by 67 countries, The goal of the Convention was to establish a global approach to cybercrime that would involve harmonizing national law, improving investigative abilities, and enabling international cooperation. According to this Convention cybercrimes denotes to illegal access to a computer system, fraud and forgery, and illegal data interception. It is an instrument that has set international standard for addressing cybercrimes. The crimes outlined in the Convention, Articles 2-11, postulate certain element of intent as a precondition to the criminal prohibitions, such as illegal access, illegal interception, and data interference.
Global Cybercrime Treaty -The UN is negotiating a treaty with the aim of adopting it during the UN General Assembly in September 2024. It would be the first binding UN instrument on a cyber issue and may become an important global legal framework for international cooperation on preventing and investigating cybercrime, and prosecuting cybercriminals. The parties participating in the negotiation of the new U.N. Cybercrime Treaty have proposed cybercrimes that are consistent with the language of the Budapest Convention, many other countries have proposed crimes without any intent element . The treaty aspires for universal adoption in countries that are not parties to the Budapest Convention, can have substantial positive effects on the combat global cybercrime. An instrument that enables more extensive international cooperation in cybercrime investigations could mean, among other things, more favorable conditions for the extradition of cybercriminals from countries currently unwilling to do so.The draft of the treaty has 9 chapters and 67 Articles.
Existing legal framework to deal with cyber criminals in India
Information and Technology Act 2000
Copy Right Act 1957 with Amendment rules 2021
As per Section 51 of Copyright Act, using any property that belongs to another person on which the latter person has an exclusive right violates the Act .In India AI app RAGHAV was named as co-authors for artwork and copyright office granted registration to the same . As of present Humans may escae liability of copyright infringement by blaming AI; as AI cannot be sued for injunctions, compensation or damages.
Digital Personal Data Protection Act, 2023
To align with global standards, the DPDP Act has been moderately modelled off (EU) Regulation and data protection laws of Singapore and Australia. The Act is applicable to digital personal data, including non-digital data that is consequently digitised. The Act affirms extraterritorial reach, as it is applicable to the processing of digital personal data outside Indian Territory, if such processing is connected with any activity related to the subscription of goods or services to Data Principals withincountry’s territorial jurisdiction. The Act fails to address data protection principles. Extraterritorial reach provisions are not applicable to Data processing in connection with profiling of individuals within India. This may facilitate organisations outside India for training artificial intelligence (AI) models using big datasets prospective to embrace personal data relating to individuals within India. Data fiduciaries are expected to erase personal data upon a data principal withdrawing their consent as soon as the purpose is achieved or no longer necessited. Generative artificial intelligence (AI) platforms such as ChatGPT or Google’s Bard may not be able to process the personal data of Indians available in the public domain. AI chatbots shall collect and process publicly available personal information only after obtaining consent from data principals at the commencement of its processing.
Legal issues and Challenges of using AI
Adoption of AI has opened a floodgate of issues and challenges from legal perspective. The existing legal framework and regulatory mechanisms fall short of resolving the issues as there is no specific law to deal with issues related to AI technology. The core legal issues related to AI in commission of cyber crime are:
Liability issue and concern - in general cases of crime the person who commits an unlawful act is held liable for his act but the issue with liability in cases related to use of AI by cyber criminals is that even though a program may have been designed by someone with different motive but is aiding cyber crooks to achieve their selfish motives. In such case how can a person be held liable for the act which he did not commit nor intended to commit.The Global cyber crime treaty’s broad definitions of cybercrime might even criminalize legitimate cybersecurity research on AI technology.
Jurisdictional issue-AI crimes are committed on computer systems and networks athwart the sphere. Even if the practice of encoding, crypto currencies, and other technologies like the dark web or cloud storage may lead to data loss, they also pose major snags for legal administration in locating criminals, their setup, or electronic evidence.It is challenging to decide who is in charge of steering investigations as this encompasses deceitful jurisdictional issues. Global treaty may help in addressing the issue but its adoption at domestic front is still a concern as the treaty will be adopted in 2024 by that time cyber criminals would have created a havoc with use of AI.
Data protection –privacy and Transparency issue - Data is the building block of the digitized economy, and the prospects for invention and malice around it are innumerable.The cyber laws of most of the nations require the data processing system to be translucent. In India pre consent is pre-requisite or obtaining personal Data. The entities are to be provided with the details of not only how the data was handled but also why certain choices were made by the system. Nevertheless, intricate algorithms of AI make it awfully grim to meet the transparency prerequisite . The global cyber crime treaty could authorize sharing personal data with law enforcement in other countries including biometric information and datasets with the aim of training AI. According to Katitza Rodriguez this could potentially lead to sharing of intrusive data without a specific assistance request.
Issue of Specific Legislation to cover AI- There is no specific domestic leglation governing usage of robots, artificial intelligence, and algorithms in India except Digital Data Protection Act 2023 which only focuses on processing of personl Data ad AI systems will be used to extract user’s consent and curtail discriminative Data scraping practice.However the act will not apply on personal data that was publicly made available by the user to whom the data relates, raising concerns around the usage of such data for scraping and AI development purposes. The laws and regulations that are available include IT Act and those governing intellectual property are the only ones to deal with the issues related to misuse of AI; and they hardly address the issue .The continued development of AI technology, which is essential for progress, will be hampered if data protection regulations are strictly enforced.
Conclusion and suggestions
A subfield of computer science called artificial intelligence aims to make life easier for people by developing computer systems with the ability to function similarly to humans. Artificial intelligence (AI) technology offers a wealth of benefits and advantages, but it also has a number of deadly hazards and negative side effects because hackers are also improving their attack methods as technology advances.The cyber crimes can be combattd by adopting cyber security through Augmented intelligence but what about those crimes that are being committed with the assistance of Autonomous intelligence and still remains open challenge.Thus AI is like a doubleedged sword which needs a scabbard of law. In this budding world of technology with the proficiencies of autonomous decision making, it is expected that the implementation of such technology will have legal implications. The prevailing legal framework is deficient to deal with the upcoming cyber crimes committed with the aid of AI. In such circumstances the only means to Combat AI assisted cyber crimes is AI assisted cyber security tools.There is urgent necessity of regulatory mechanism to regulate the usage of AI judiciously. There is a necessity for a legal definition of artificial intelligence. The preservation of individual rights and the requirement to guarantee steady technological advancement must be balanced when addressing legal challenges. Broad ethical standards must be paid due attention and upheld while framing appropriate regulations. Specific legislative guidelines with the necessary safeguards in place are crucial for AI assisted technological developments but most of the law enforcement personnel are not equipped with the requisite technological knowledge whilst cybercrook are doyens in computer skill. AI policy is urgently needed to enable the criminal justice system's administration to effectively combat cybercrime. Mere enactment of legislation will not suffice the cause in absence of efficient implementation mechanism. Above all sensitization of the issue and awareness about security measures to be adopted by government officials is most crucial. As AI can be Camouflaged for committing and combatting cyber crimes there is a necessity to establish a thin line from where Law can be Camouflaged on the basis of Intention of use of AI to charge criminal for commission of AI assisted cyber crime and exonerate the one who uses AI to combat the cyber Crime.
Pay Fee
Apply
Chat
Enquire