Paper presented at the AfAA 2nd Annual International Arbitration Conference, 15th - 16th April 2021

[1]

Introduction

The COVID-19 Pandemic (the “Pandemic”) accelerated the process of mainstreaming technology in arbitration and reshaping the way we perceive legal practice. With lockdowns in place, travel restrictions, and imposed social distancing measures, arbitral institutions, parties, and tribunals are required to adapt to this unprecedented situation. After all, “in times of crisis, whether actual, foreseeable or pending, time and money are of the essence, […] hence the need for innovation and tailored solutions”.[2]  Life, businesses, and disputes must go on as usual. New cost and time efficient solutions must be implemented to ensure the smooth conduct of ongoing and future arbitral proceedings, especially as one year into the Pandemic, it does not seem that life will be back to normal anytime soon. This article provides a brief outline of the risks of high-tech in international arbitration, raising issues that need to be addressed to ensure arbitrations can proceed seamlessly during the Pandemic and beyond.

I- High-Tech in International Arbitration: The Risks

The use of technology in international arbitration is not immune to risks or challenges some of which are technical in nature (A) whereas the others relate to procedural matters and due process concerns (B).

A- Technical Risks

1.     Technological illiteracy and unequal access to the internet

Most readers would remember the lawyer shouting “I am not a cat” as he mistakenly used a filter during a court hearing on Zoom. This video[3] that went viral revealed the technological illiteracy that many arbitrators, counsels, witnesses, or experts suffer from due to their failure to catch up with technology. The Pandemic took us all by surprise, and so did our need to become tech savvy. With other professional and family obligations, one wonders when practitioners will have the time to educate themselves in the use of technology. The pressure is on as failure to do so will negatively impact their chances of being appointed as counsel and arbitrators. More importantly, however, incidents such as the cat filter are disruptive to say the least and can delay if not obstruct the resolution of multi-million-dollar disputes, thus defeating the purpose of resorting to technology in the first place.

The use of high tech in arbitration also raises the issue of unequal access to the internet. With interruptions being common in the developing world, causing delays and disruptions to the online hearings,[4] it is unclear how international commercial or investor-State arbitrations involving counsel from areas with unreliable internet access will be managed without interruption. Unless this issue is addressed, the existing preference for hiring counsel and arbitrators from the developed world will continue, perpetuating a phenomenon that lawyers from the developing world are working hard to change.

2.     Cyber-Security

Confidentiality is one of the most attractive benefits of arbitration and is an issue that various arbitration institutions emphasize in their procedural rules.[5] That said, the confidentiality of the proceedings can be easily compromised in the context of virtual hearings. A survey conducted in 2018 by Bryan Cave Leighton Paisner found  that among the 105 surveyed practitioners (arbitrators, experts, counsels, etc.) from all regions of the world, 11% experienced a security breach (i.e., an unauthorized third party was able to obtain access to electronic documents or other information).[6] Moreover, in 2017, LogicForce, a cybersecurity consulting firm, surveyed 200 law firms and found that all firms were subject to hacking attempts and that 40% of these firms were unaware of such hacking until the study was conducted.[7] It is worth noting that these surveys were conducted before the Pandemic and the proliferation of virtual hearings. With the increase in virtual hearings (and the hackers’ knowledge of such increase), one expects a surge in cyber-attacks.

Hackers may be inclined to gain unauthorized access to videoconferencing apps or online platforms in the hope of accessing any confidential information such as trade secrets (notably in intellectual property and pharma disputes, among others). This is not limited to commercial disputes as hacking can also take place in State to State or investor-State arbitration, leaving intelligence information vulnerable to unauthorized access. For example, it is reported that in 2015, hackers successfully breached the website of the Permanent Court of Arbitration in the Hague, the Philippines’ Department of Justice and the law firm representing the Philippines during the Philippines-China territorial dispute in the South China Sea;[8] and in Libananco v. Turkey (ICSID Case ARB/06/08), Turkey managed to intercept correspondence between Claimant’s counsel and third parties.[9] Now, with the Pandemic ravaging the world and many arbitrations being conducted via Zoom, it is worth mentioning that this app was under scrutiny for a flaw in the system, allowing for anyone with access to the link to view (and potentially record) the video call.[10]

3.     Data protection

The protection of personal information must also be guaranteed especially considering the increased promulgation of data protection laws in various jurisdictions. Personal data is broadly defined as “any information relating to an identified or identifiable natural person” (e.g., name, email, address, credit card and banking information, civil and marital status, etc.)[11] It follows that the consequences of this information being known to unauthorised persons can be devastating as it may lead to identity theft, compromising the personal security of arbitrators, witnesses, and experts, threats to family, extorsion, and other forms of abuse.

Given the importance of protecting personal information, the ICC Note to Parties and Arbitral Tribunals on the Conduct of the Arbitration under the ICC Rules of Arbitration provides that participants in arbitration “are aware and accept that their personal data may have to be collected, transferred, published and archived for purposes of the arbitration, and (ii) that applicable data protection regulations, including the GDPR, are complied with”. [Emphasis added]

Documents and pleadings are typically stored on a cloud platform, and while cloud service providers generally indicate in their privacy policies that they take all the necessary physical and technological measures to safeguard information they are entrusted with, such measures are not “bulletproof”, leaving personal information vulnerable to security breaches. For example, it is reported that (i) in 2012, more than 68 million Dropbox user accounts on Dropbox; (ii) in 2016, LinkedIn was hacked, and the hackers posted and sold 167 million emails and passwords online; and (iii) Yahoo was hacked in 2013, compromising more than a billion user accounts.[12]

B- Legal Risks

Following the Pandemic, parties and institutions were faced with the difficult decision of needing to either stay ongoing proceedings until further notice or opting for virtual hearings. While the decision is easy when the parties are aligned, since all the tribunal needs to do is comply with the Parties’ wishes, things become more complicated when either or both parties object to conducting virtual hearings. Since arbitration procedures largely depend on the lex loci arbitri, [13] should the law of the seat not be sufficiently flexible or welcoming of virtual hearings, issues of annulment will arise.

Sadly, not all legal systems are tech-friendly; and since we are still exploring the effects of virtual hearings throughout the world, one expects courts dealing with annulment claims to possibly re-interpret applicable law. One such example is the Egyptian Court of Cassation which, in a recent judgment, acknowledged the possibility of conducting hearings outside of Egypt (or even virtually) while deeming the arbitration to be seated in in Egypt.[14] For virtual hearings to be acceptable worldwide, courts in other jurisdictions should follow suit.[15]

II- High-Tech in International Arbitration: The Remedies

While the use of technology in international arbitration has its challenges, it is also an efficient and convenient way to conduct proceedings during lockdowns and imposed social distancing measures. This prompted the arbitration community to come up with a list of possible technical remeidies: (A) and procedural remedies (B) that should allow tribunals to conduct arbitrations smoothly.

A- Technical remedies

Cybersecurity and data protection issues should be raised as early as possible, i.e., during the first case management conference.[16] Raising cybersecurity and data protection concerns at the outset of the arbitration allows the parties and the tribunal to assess all possible risks that might occur during the proceedings and to agree on solutions to prevent external disruptions of the proceedings.

Parties and tribunals are encouraged to agree on a cyber security and privacy protocol that lays out the manner in which the virtual hearing will be conducted, thus ensuring the confidentiality of the proceedings as recommended by the Africa Arbitration Academy Protocol on Virtual Hearings in Africa (the “AAA Protocol”) and other organizations and arbitral institutions (e.g., the ICC Guidance Note  on Possible Measures Aimed at Mitigating the Effects of the COVID-19 Pandemic and the ICCA-NYC Bar-CPR Protocol on Cybersecurity in International Arbitration).

To prevent security breaches, parties and institutions must use secured digital platforms and videoconferencing applications with end-to-end encryption for both data storage and virtual hearings.[17] This is highly recommended by the ICC and the Africa Arbitration Academy.[18]

Furthermore, parties and tribunals must restrict access to the arbitration proceedings to a limited number of people authorized to participate in the proceedings (e.g., parties, counsel, tribunal members, tribunal secretary, witnesses, experts, etc.). This can be achieved with the installment of a two-factor authentication mechanism, which “provides an additional layer of security so that only authorized individuals are accessing sensitive information”.[19] The two-factor authentication mechanism will ensure that all participants feel secure about the confidentiality of the information they disclose in a virtual hearing or through a database.[20]

The question of data protection must be considered at every phase of the arbitration proceedings, starting from the request for arbitration and ending with the issuance of the award and subsequent retention and deletion of the personal data, which must comply with applicable law.[21] Each phase must comply with the common principles of fair and lawful processing, proportionality, data minimization, purpose limitation, accuracy, data security, and transparency,[22] all while giving the data subjects the opportunity to exercise their rights under applicable law.[23]

In order to comply with the general principles of personal data processing, data encryption must be resorted to as it is an effective way of ensuring the confidentiality of information collected. The ICC Guidance Note also requires that the parties and arbitral tribunals envisage the “minimum requirements of encryption to safeguard the integrity and security of the virtual hearing against any hacking, illicit access, etc.”[24]

The foregoing measures aim to maximize the confidentiality and security of virtual hearings, communication between the parties and/or tribunals, as well as the security of the documents shared online.

B- Legal remedies

Issues of fairness and due process related to the use of technology in arbitration proceedings can be remedied by ensuring the transparency of the hearings, where each party is given the opportunity to defend its position even if not physically present at the venue of the hearing.  

During witness or expert examination, the video conferencing system must allow maximum visibility so that witnesses or experts could be seen, and the tribunal could confirm that no unauthorized person is present with them. To this end, online proctoring software and cameras can be installed after clearing privacy risks and securing the concerned parties’ informed consent.

Tribunals must also exercise their right to postpone a virtual hearing if it will result in unfairness to a particular party, (e.g., a party with poor internet connection) until the issue is addressed. Failure to do so can expose subsequent awards to annulment.

Conclusion

The use of technology in arbitration is “now progressively becoming the new normal”.[25] More so, the Pandemic has shown how flexible arbitration can be,[26] and the extent to which it can adapt to changing circumstances.

A year into the Pandemic, the number of virtual arbitral proceedings increased tremendously (virtual hearings are reported to be eleven times more common after 15 March 2020 than before),[27] and introduced technical and legal challenges, which may be overcome with a bit of creativity and eagerness to adapt. The Pandemic has shown us that the traditional methods of conducting arbitration (e.g., submission of hard copies, in-person hearings, etc.) may need to change and that there are more cost and time-efficient ways of doing things. Unfortunate as it may be, it took a Pandemic to push us to adapt to the requirements of the twenty-first century. As some would say, better late than never!

* Partner, Shahid Law Firm, Cairo, Egypt. The author wishes to thank Shahid Law Firm Associate, Hoda El-Beheiry for her contribution to this article.

[2] Mohamed S. Abdel Wahab, “Dispute Prevention, Management and Resolution in Times of Crisis Between Tradition and Innovation: The COVID-19 Catalytic Crisis”, in International Arbitration and the COVID-19 Revolution, edited by Maxi Scherer, Niuscha Bassiri and Mohamed S. Abdel Wahab, Wolters Kluwer, 2020.

[3] https://www.youtube.com/watch?v=9f9eDBpnkaU.

[4] Jiyoon Hong and Jong Ho Hwang, “Safeguarding the Future Arbitration: Seoul Protocol Tackles the Risks of Videoconferencing”, Kluwer Arbitration Blog, 6 April 2020.

[5] Article 28 (3) of the UNCITRAL Arbitration Rules states that hearings should be conducted in private unless otherwise agreed by the parties. Article 30 (1) of the LCIA Rules provides that “The parties undertake as a general principle to keep confidential all awards in the arbitration, together with all materials in the arbitration created for the purpose of the arbitration and all other documents produced by another party in the proceedings not otherwise in the public domain, save and to the extent that disclosure may be required of a party by legal duty, to protect or pursue a legal right, or to enforce or challenge an award in legal proceedings before a state court or other legal authority. The parties shall seek the same undertaking of confidentiality from all those that it involves in the arbitration, including but not limited to any authorised representative, witness of fact, expert or service provider”. Furthermore, Article 22(3) of the ICC Rules provide that “upon the request of any party, the arbitral tribunal may make orders concerning the confidentiality of the arbitration proceedings or of any other matters in connection with the arbitration and may take measures for protecting trade secrets and confidential information”.

[6] Bryan Cave Leighton Paisner, “International Arbitration Survey: Cybersecurity in International Arbitration”, 2018. https://www.bclplaw.com/images/content/1/6/v2/160089/Bryan-Cave-Leighton-Paisner-Arbitration-Survey-Report-2018.pdf 

[7] Claire Morel de Westgaver, “Cybersecurity in International Arbitration – A Necessity and an Opportunity for Arbitral Institutions”, Kluwer Arbitration Blog, 6 October 2017.

[8] David Turner and Gulshan Gill, “Addressing emerging cyber risks: reflections on the ICCA Cybersecurity Protocol for International Arbitration”, Practical Law Arbitration Blog, Thomson Reuters, 17 May 2019. http://arbitrationblog.practicallaw.com/addressing-emerging-cyber-risks-reflections-on-the-icca-cybersecurity-protocol-for-international-arbitration/

[9] Claire Morel de Westgaver, “Cybersecurity in International Arbitration – A Necessity and an Opportunity for Arbitral Institutions”, Kluwer Arbitration Blog, 6 October 2017.

[10] Jiyoon Hong and Jong Ho Hwang, “Safeguarding the Future Arbitration: Seoul Protocol Tackles the Risks of Videoconferencing”, Kluwer Arbitration Blog, 6 April 2020.

[11] General Data Protection Regulation (“GDPR”), Article 4 (1).

[12] Contel Bradford, “7 Most Infamous Cloud Security Breaches”, https://blog.storagecraft.com/7-infamous-cloud-security-breaches/.

[13] Mohamed S. Abdel Wahab, “Dispute Prevention, Management and Resolution in Times of Crisis Between Tradition and Innovation: The COVID-19 Catalytic Crisis”, in International Arbitration and the COVID-19 Revolution, edited by Maxi Scherer, Niuscha Bassiri and Mohamed S. Abdel Wahab, Wolters Kluwer, 2020.

[14] Court of Cassation, Case No. 18309/89JY, judgment dated 27 October 2020, “with the 1958 New York Convention, arbitration gradually moved away from the idea of localization, namely, the close association of arbitration with a particular geographical territory. In the context of the globalization of the legal profession, it has become common to rely on foreign lawyers to represent the parties in arbitration proceedings with their seat of arbitration in Egypt, without requiring any arbitration hearings to be held within the Egyptian territory, since the concept of the seat of arbitration as an abstract idea is not linked/related to the actual venue of arbitration hearings, especially with the increasing demand for arbitration hearings by virtual means of communication”.

[15] See Landesbank Baden-Wurttemberg et. al v. Spain (ICSID Case No. ARB/15/45).

[16] ICCA-NYC Bar-CPR Protocol on Cybersecurity in International Arbitration, 2020. https://cdn.arbitration-icca.org/s3fs-public/document/media_document/icca-nyc_bar-cpr_cybersecurity_protocol_for_international_arbitration_-_electronic_version.pdf?mc_cid=23ce363898&mc_eid=6e9a9290a8.

[17] Kun Fan, “The Impact of COVID-19 on the Administration of Justice”, Kluwer Arbitration Blog, 10 July 2020.

[18] ICC Guidance Note, para 32; AAA Protocol, para 5.2.

[19] Wendy G. Lozano and Naimeh Masumy, “Online Dispute Resolution Platforms: Cybersecurity Champions in the COVID-19 Era? Time for Arbitral Institutions to Embrace ODRs”, Kluwer Arbitration Blog, 25 September 2020.

[20] Kun Fan, “The Impact of COVID-19 on the Administration of Justice”, Kluwer Arbitration Blog, 10 July 2020.

[21] Wendy G. Lozano and Naimeh Masumy, “Online Dispute Resolution Platforms: Cybersecurity Champions in the COVID-19 Era? Time for Arbitral Institutions to Embrace ODRs”, Kluwer Arbitration Blog, 25 September 2020.

[22] GDPR, Article 5; Data Protection Law, Article 3.

[23] GDPR, Articles 12 to 22; Data Protection Law, Article 2.

[24] ICC Guidance Note, Annex I, C (iii).

[25] Joint Statement of 13 Arbitration Institutions relating to “Arbitration and COVID-19”, 16 April 2020. https://sccinstitute.com/media/1658123/covid-19-joint-statement.pdf.

[26] Troutman Pepper, “Virtual International Arbitration and the COVID-19 Pandemic: One Institution's Approach”, Lexology, 15 April 2020. https://www.lexology.com/library/detail.aspx?g=759b1c2a-bbed-4527-982d-fcedc6dc3bc5.

[27] Gary Born, “Empirical Study of Experiences with Remote Hearings: A Survey of Users’ Views” in International Arbitration and the COVID-19 Revolution, edited by Maxi Scherer, Niuscha Bassiri and Mohamed S. Abdel Wahab, Wolters Kluwer, 2020.