– Amrutha Santhosh Kumar
Cybersecurity has become a real threat in today’s digital world, and it often goes readily dismissed or ignored. The unexpected exponential growth of online platforms amidst the pandemic, has led to significant growth of cyber-attack incidents often with grievous and disastrous consequences. Online dispute Resolution mechanisms all over the world have been applauded for their speedy, efficient and confidential nature in tackling disputes. But in reality, are these ODR platforms well protected from the challenges that the world of cybersecurity has to offer? In this article, we’ll be analysing the reality of ODR platforms, as to whether they have well-protected security measures to tackle the cybersecurity threats like they claim. As dependency on technology, digital records and information increases, so does the risks of being hacked or suffering a cyber-attack. Online dispute resolution platforms are no exceptions when it comes to being victims of cybersecurity threats. The security levels of protection vary significantly with each individual/party receiving information. Since one weak link can undermine any security measures taken by other parties, protecting information and data is certainly a daunting task.
Since the parties are involved in sensitive and complex disputes, especially in cases of International Commercial Arbitration, confidentiality is a vital need. But the seriousness of their private nature makes it a probable target for online cyber attackers. Most of the parties for ODR cases of International Commercial Disputes are Multinational Companies and NGOs. Hence they are sought out as potential targets for these cyber attackers. Therefore the parties try to avoid publishing any information related to the filing of the dispute. However, when governments are involved as parties, then the existence of such Arbitrations is highly publicized. In such cases, parties often exchange confidential business/financial information, personal information or trade secrets. These types of Arbitrations also transcend regional borders, thus exposing the transfer and storage of information, varying levels of security and to differing laws. All of these factors lead to an increase in the risks for cybersecurity attacks. Certain sophisticated parties to Arbitration would have specific clauses in their agreements that provide for mutual agreements with respect to confidentiality and safeguarding of each other’s proprietary and confidential information during the proceedings. Then, members of the arbitral tribunal, arbitral institutions and their counsel, the parties, translators experts, or other service providers or support staff, could all have access to highly confidential information while the Arbitration is ongoing. If any of these persons lack adequate security measures, then it makes it an easy target for hackers. (Lozano, 2020)
Amidst the pandemic, the number of online dispute resolutions platforms has rocketed up. The greater utilization of online platforms over time have coincided with the growing frequency and sophistication of cyber-attacks. Therefore, these ODR platforms have to take measures to provide highly secure digital environments where the exchange of communications, storage of virtual hearings, files, and evidence can be conducted securely and remotely. The need for providing easily accessible platforms which are suitable to handle complex disputes has definitely brought to light the importance of ODR (online dispute resolution) platforms. Some of these platforms have taken the initiatives to encompass robust security measures through which they try to implement standards parallel to the existing protocol on cybersecurity. (W. Jay Hunston, 2002)
ODR Platforms have taken certain practical measures to embody and apply some of the distinctive features proposed by various cybersecurity instruments, including that of International standards (ISO) and 2020 Protocol. Some of the features like Multi-factor authentication, encryption of data, asset management help to increase the security of online platforms by inhibiting potential hackers from accessing and deciphering sensitive information, and ultimately prevent them from damaging the integrity, availability or confidentiality of different arbitration phases. Two-step verification is a very common, salient feature of many ODR Platforms. This feature provides an additional layer of security so that only authorized individuals are accessing sensitive information and thereby it limits the potential for data exposure. Encryption is another sought out cybersecurity measure that protects information on ODR platforms by using unique and complex codes that mix up data and thereby prevents unauthorized users from deciphering sensitive information. “Asset management” is another important typical standard in the process of storing and collecting all sorts of information during the case management of ODR (online dispute resolution) arbitral proceedings. (Sattler)
A breach of the security of highly sensitive data may amount to the violation of confidentiality. Hence, it’s reasonable that data breach instances caused by an Arbitrator’s failure to take reasonable precautions can result in a lot of tension between the parties of the dispute. It can form the basis of a grievance being filed against the lawyer-arbitrator by the aggrieved party. This could lead further lead to loss of membership on an Arbitration panel or in a professional membership organization, sanctions being imposed by the Arbitral organization administering the proceeding. Despite the general immunity that Mediators and Arbitrators enjoy under rules of many Arbitral organizations and the laws of many states, a cybersecurity incident can lead to a lawsuit being filed and can possibly be career-threatening. Further, this may undermine the viability and integrity of international arbitration, wherein the whole proceedings can be affected. This inflicts serious reputational damage to arbitral institutions, arbitrators, counsels, and to the overall system of International Arbitration. (Lozano, 2020) Despite the inculcation of robust security measures in data security, at times the breach of information might be inevitable, especially during the COVID-19 era, where many online businesses have observed a spike in mail spams, ransomware attacks and fishing attacks. In these circumstances, these platforms ought to act promptly to mitigate a data breach and recover lost or stolen information. Taking the necessary steps to avoid exposure and understanding the threat and is crucial. The challenge lies in ensuring that all entities that hold information pertinent to the arbitral proceedings and have access to it will take reasonable measures to safeguard the confidential information and thereby effectively try to secure it from any cyberattacks. I would like to conclude that it is not merely the information technology team that is responsible for the security of information; it is every individual within the organization or institution involved that plays an essential role in creating a safer place for these online ODR platforms.
Modo Resolutio 