ARBITRATION AND CYBER SECURITY: RESOLVING DATA BREACH AND CYBERCRIME DISPUTES

ABSTRACT

The public’s safety as well as our country’s and economy’s security are at risk from malicious cyber activity. These cyber activities like data breaches and cybercrimes are posing a great threat to every field. In this article, we will discuss how cybercrimes affect the process of cyber arbitration and the participants in such transactions.

Further we will discuss what is cyber arbitration, data breach and cybercrime. The impact of cyber security in arbitration proceedings along with arbitration as a rescue from the disputes arising through cybercrimes will be discussed.

KEYWORDS

Cybercrime, Cyber Security, Cyber Threat, Cyber Arbitration, Arbitration, Data Breach, International Arbitration, Arbitrators, Arbitral Institutions, Alternative Dispute Resolution.

INTRODUCTION

Arbitration is a form of alternative dispute resolution where a neutral third party solves the dispute between two or more people in an impartial manner. The disputes and their outcomes are kept confidential by the arbitrators. In the era where digitalization is the key to unlocking growth and innovation in this interconnected world, the intersection of arbitration and cyber security has become increasingly significant. Law and policy are changing in an effort to keep up with the rate of technological change, new sectors and enterprises are created from emerging technology and data is becoming more readily available and transmitted online.

In cyber arbitration, the process of arbitration is carried out using technology. The dispute of the parties is resolved virtually where the parties do not have to meet each other, hence it is also known as virtual arbitration. With the growing dependence of both individuals and organizations on digital platforms for communication, transaction and the storage of sensitive data, there is an increased danger of cybercrime and data breaches. In this context, arbitration becomes an important mechanism for resolving conflicts resulting from cyber attacks, providing a customized and efficient method to deal with challenging cyber security issues. Though many people do not consider arbitration to be a potential source of cyber security risk but the arbitral process is actually a prime target for cyber attacks especially if the hackers can find a weak point in this chain.

ARBITRATION AND CYBER ARBITRATION

Amongst the several methods of alternative dispute resolution, arbitration is the best legal mechanism for out of court settlement between two private parties where the dispute settlement procedure is kept confidential. The parties to the dispute mutually consent to opt for arbitration as the dispute settlement mechanism whereby appointing one or more neutral third parties as ‘Arbitrators’.

Its main attributes are-

It is consensual (mutual consent of the parties)
Parties choose the arbitrator
The award passed is binding upon the parties
It is conducted by a neutral third party
It is a confidential process

Cyber arbitration is also known as virtual arbitration or online arbitration or online dispute resolution. It means that the process of arbitration is carried out by utilizing digital technology to resolve disputes.

Parties to Cyber arbitration conduct their proceedings electronically, eliminating the requirement for them to physically appear in a traditional chamber. Participants interact and share information digitally rather than in person, via email and video conferences. This provides a flexible and affordable method for resolving conflicts between parties.

Section 7(4)[1] of the Arbitration Act read with section 65 B[2] of evidence act, gives validity to an arbitration agreement in electronic form along with the admissibility of electronic records as evidence when certified by an individual in official position. A variety of disputes about cyber space can be settled by cyber arbitration such as-

E-Commerce disputes
Domain name disputes
Intellectual property disputes
Online definition Defamation
Online consumer disputes
Data privacy and security disputes.

As the parties draft the arbitration agreement, they must decide whether the proceedings must be conducted through institutional arbitration or Ad hoc arbitration. And if the contract is silent regarding the proceedings then the arbitrator may take the decision about the proceedings and the protocol to be adhered to.

The IT Act[3] provides various provisions for the recognition of documents in electronic form and legal status to digital signatures.

Nevertheless, because cyber arbitration is still relatively new, the legislation has not given this issue enough consideration.

DATA BREACH AND CYBERCRIMES

In this digitally advanced world, the shift towards online platforms allows criminals to exploit gaps in internet infrastructure and networks. Cybercrime means the unlawful use of any kind of communication technology to carry out or assist in the commission of any unlawful activity. Cybercrime includes any form of criminal activity that intentionally causes harm to one or more computers connected to a single network.

Governments, corporations and people all across the globe are greatly impacted on an economic and social level.

Cybercrime encompasses a wide range of activities. Some offences entail serious violations of private or business rights like attack on the confidentiality of data stored in digital repositories.

Some of the examples of cybercrime can be-

Identity theft
Internet fraud
Invasion of fraud
File sharing and piracy
Counterfeiting and forgery

The term ‘Data Breach’ means any security incident where unauthorised parties obtain sensitive private information like social security numbers, bank security numbers, personal health data or login credentials for email accounts and social networking sites.

Cybercriminals may be able to profit from the stolen data by selling it or incorporating it into a larger attack. An external attacker may target one or more organizations for particular categories of data or individuals within that organization. Organizations need to implement strong cyber security measures like access controls, firewalls and encryption, to efficiently handle data breaches. Furthermore, it is imperative to promptly identify and address data breaches in order to reduce their consequences and minimize any possible harm to impacted parties.

CYBER SECURITY

Cyber security is the discipline of defending programs, networks and systems from online threats. Cyber security seeks to defend against computer viruses, ransom ware attacks, and sensitive data. It protects from the cyber attacks which access, change or destroy information and interrupts regular business operations.

Malicious cyber activities pose a threat to not only our nation’s and economy’s security but also the safety of the general population. Cyber security applies different layers of protection across computers because the evolutionary nature of technology makes it difficult to stop cyber attackers.

Cyber security can be divided into a few categories like network security, application security, operational security, disaster recovery, etc.

Some common types of cyber security threats are phishing, malware, ransomware, viruses, trojans, etc.[4]

THE ROLE OF ARBITRATION IN RESOLVING CYBER DISPUTES

When it comes to settling conflicts resulting from cybercrimes and data breaches, arbitration has many benefits. Arbitration is one such mechanism that is gaining popularity since it provides a specialized and effective way to handle the complexity of disputes involving data breaches and cybercrime.

Arbitration procedures are private, secret, and led by arbitrators who are knowledgeable on both the legal and technological facets of cyber security, in contrast to traditional litigation. By doing this, parties can minimize reputational damage and maintain confidentiality by navigating intricate technical difficulties and protecting sensitive information away from prying eyes.

A novel method of resolving disputes is online arbitration. This mechanism outperforms other conventional conflict resolution techniques in terms of effectiveness, affordability, and quality.

Furthermore, arbitration allows parties to customize procedures to meet the particulars of each case, providing flexibility and speed in the resolution of cyber disputes. This entails hiring technical specialists to evaluate cyber security risks, establishing facts through the use of digital forensics and electronic evidence, and putting preventative measures in place to stop future data breaches.

In addition, arbitration allows awards to be enforced internationally, giving parties certainty and finality resolution to their cyber-disputes. This is especially crucial in international cyber events involving several jurisdictions, as arbitration provides an impartial platform for settling disputes in place of drawn-out and expensive judicial cases.

Arbitration in action:

An illustrative example of arbitration’s role in resolving cyber disputes can be in a situation where a global company dealing with a data breach that results in the loss of private customer information. To resolve allegations of carelessness, contract breach, or infringement on personal privacy rights, the company and the impacted parties may choose to arbitrate the dispute through arbitration.

In order to reach a settlement or have the arbitrator issue a binding ruling, the parties may exchange information, call expert witnesses, and negotiate during the arbitration process. Because of their expertise in cyber security, the arbitrator can determine who is liable, how much harm has been done, and make decisions that can be enforced both nationally and internationally.

Although according to Section 31[5] of the Arbitration Act, Arbitral awards must be in writing and signed by the arbitrator and each of the parties. But the Information Technology Act also recognises the validity of digital signatures and electronic documents.

Arbitration laws and arbitration rules do not specify the minimal technological cyber security criteria that each and every participant in the interim setup would have to follow. Addressing the significance of cyber security in the particular case as early in the procedures as is practical is the preferred and workable strategy for the parties and arbitrators.

CYBERCRIMES IN ARBITRATION

Data breaches and cybercrimes have become more common in the constantly changing landscape of cyber security threats, presenting serious difficulties for organizations, governments, and people all over the world. The process of arbitration is also coming under the radar of cybercriminals including the arbitrators, the arbitral institutions as well as the parties to arbitration. Effective processes for addressing disputes arising from such cyber incidents are necessary since they can cause financial losses, reputational harm, and legal complications. Parties to arbitration may have cyber security issues that compromise the legality of the proceedings and undermine trust in the institutions and the dispute resolution process itself.

Cybercriminals will undoubtedly attack the assets that administer, store, or communicate information linked to arbitration processes since they are interested in acquiring information related to these processes from third parties, stakeholders, or participants.
As an impartial platform for settling business and investment conflicts, arbitration frequently includes parties that are frequently the objects of attacks, such as international corporations, governments, well-known individuals, and non-governmental organizations.

According to the parties involved, a cyber security event may cause private information to be leaked, undermine consumer trust, result in unfavourable media coverage, and violate regulations.

Although the cyber arbitral proceedings are kept confidential still the threat of data breach and cybercrime is always present.

Arbitrators

Although it is anticipated that the arbitration will take place in strict confidence, cyber attacks could jeopardize the process’s confidentiality. Arbitrators can be a part of some law firm where they must comply with the procedures and guidelines that are not tailored to their specific job as arbitrators or they can be independent from any firm or organization where they get to be more autonomous and flexible but lack complex Technological support.

The issue of safeguarding the arbitrators from data breaches and cybercrimes cannot be wholly handled by the arbitrators themselves, they require proper IT experts to upgrade the level of cyber security.

Arbitral Institutions

The rules of arbitral institutions do not pay much heed to the cyber threats posed by the process of arbitration. But after the international arbitration institution faced a cyber threat in July 2015 when the website of The Permanent Court of Arbitration (PCA) was hacked during the hearing of a Maritime border dispute between China and the Philippines wherein, a malicious piece of code was embedded into the website, putting users who visited a particular page devoted to the issue at risk of having their data compromised; the arbitral community took various steps to prevent such cyber attacks.

The New York Association made a draft for the Cyber Security Protocol for International Arbitration. This protocol is meant to be used in specific situations as determined by the tribunal’s ruling or the parties’ consent.

The protocol expresses that all the participants in arbitration will be equally responsible for cyber security by covering the sharing of materials, exchange of information between arbitrators, archiving of data and data security. It also gives the tribunal the authority to decide what security precautions are appropriate. Furthermore, a lot of arbitral Institutions make use of encrypted emails and data transfer through cloud repositories.

The following can be the main targets in international arbitration:

Advocates, or legal advisers; current and potential arbitrators, arbitral organizations; conflicting parties; and any parties with knowledge about any of the aforementioned, such as witnesses, experts, and service providers.

IMPACT OF CYBER SECURITY IN ARBITRATION PROCEEDING

Confidentiality and Privacy: Ensuring the confidentiality and privacy of arbitration procedures depends critically on cyber security. Sensitive information shared between parties, arbitrators, and arbitral institutions is protected by secure communication channels, encrypted data transmission, and strong authentication procedures.
Data Protection and Compliance: A lot of sensitive data, such as financial records, private company documents, and personal information, are exchanged and processed during arbitration procedures. Strong cyber security measures are necessary for compliance with data protection laws, such as the General Data Protection Regulation (GDPR)[6], in order to secure data against unauthorized access, disclosure, or misuse.
Cyber Threats and Risks: The integrity and dependability of the arbitration process may be jeopardized by cyber security flaws in electronic evidence repositories, online communication channels, and arbitration platforms. This could result in data manipulation, confidentiality violations, or proceedings interruption.
Digital forensics and electronic evidence: As the use of electronic evidence in arbitration procedures grows, cyber security concerns are becoming more and more important in guaranteeing the integrity, admissibility, and authenticity of digital evidence. Digital forensics methods including metadata analysis, forensic data recovery, and chain of custody protocols aid in confirming the validity and dependability of electronic evidence produced in arbitration proceedings.

CONCLUSION

Cybercrime and data protection have been unfolding in the field of cyber arbitration as well. The use of computers and networking in the process of arbitration has given cybercriminals more opportunities to attack the systems and functioning of cyber arbitration.

The approach to studying the relationship between cyber arbitration and cyber security is twofold, one where cyber arbitration acts as a solution for cybercrimes and the other where cybercrimes and data breaches become a threat to the process of arbitration itself.

Arbitration offers secrecy, competence, flexibility, and enforceability, making it a tempting choice for resolving disputes involving data breaches and cybercrimes.

Arbitration is becoming a more important component of cyber security strategy as cyber threats change, giving parties a dependable and effective way to handle the legal intricacies of cyber occurrences.

Whereas, the parties to arbitration may have cyber security issues that compromise the legality of the proceedings and undermine trust in the institutions and the dispute resolution process itself. A cyber security event may cause parties to lose confidence in one another, disclose sensitive information, receive negative press, or violate regulations.

REFERENCES

What is Arbitration, WIPO, https://www.wipo.int/amc/en/arbitration/what-is-arb.html, last visited on (13-02-2014)
What is Cybercrime? Types, Examples, and Prevention, Cyber Talents, https://cybertalents.com/blog/what-is-cyber-crime-types-examples-and-prevention, last visited on (13-02-2014)
What Is Cybersecurity?, CISCO, https://www.cisco.com/c/en_in/products/security/what-is-cybersecurity.html , last visited on (13-02-2014)
Cybercrime, Britannica, https://www.britannica.com/topic/cybercrime/Hacking , last visited on (13-02-2014)
What Is A Data Breach?, FORTINET, https://www.fortinet.com/resources/cyberglossary/data-breach#:~:text=Targeted%20data%20breach%20attacks%20see,to%20steal%20user%20login%20credentials, last visited on (13-02-2014)
What is Cyber Security?, Kaspersky, https://www.kaspersky.com/resource-center/definitions/what-is-cyber-security, last visited on (13-02-2014)
Riddhika Somani, Is Cyber Arbitration Legal, VIA MEDIATION & ARBITRATION CENTRE, (last visited on 15-02-2024), https://viamediationcentre.org/readnews/ODY4/IS-CYBER-ARBITRATION-LEGAL
Manuel Estévez, Cybersecurity: international arbitration proceedings, izertis, (last visited on 16-02-2024), https://www.izertis.com/en/-/blog/cybersecurity-international-arbitration-proceedings
Data protection and cyber risk issues in arbitration, Norton Rose Fulbright, (last visited on 15-02-2024), https://www.nortonrosefulbright.com/en/knowledge/publications/3974fe18/data-protection-and-cyber-risk-issues-in-arbitration
Cybersecurity In International Arbitration – A Necessity And An Opportunity For Arbitral Institutions, Kluwer Arbitration Blog, (last visited on 16-02-2024), https://arbitrationblog.kluwerarbitration.com/2017/10/06/cyber-security/
K. Harisaiprasad CISA, Cybersecurity in Arbitration, ISACA, last visited on (16-02-2014), https://www.isaca.org/resources/news-and-trends/isaca-now-blog/2021/cybersecurity-in-arbitration.

[1] Arbitration and Conciliation Act 1996, Sec 7(4), ACT No. 26 OF 1996

[2] The Indian Evidence Act 1872, sec 65B, ACT NO. 1 OF 1872

[3] The Information Technology Act 2000, ACT No. 21 OF 2000

[4] More on https://www.imperva.com/learn/application-security/cyber-security-threats/

[5] Arbitration and Conciliation Act 1996, Sec 13. ACT No. 26 OF 1996

[6] The Regulation (EU) 2016/679

Disclaimer: The materials provided herein are intended solely for informational purposes. Accessing or using the site or the materials does not establish an attorney-client relationship. The information presented on this site is not to be construed as legal or professional advice, and it should not be relied upon for such purposes or used as a substitute for advice from a licensed attorney in your state. Additionally, the viewpoint presented by the author is of a personal nature.