Advisory for APS School Students

Introduction

In India, the population of girls and adolescents is 253 million, as per the UNICEF report, and the sex ratio at birth is 929 per 1000 male children as of 2023. Cyberspace has massively influenced the daily aspects of our lives, and hence the safety aspect of cyberspace cannot be ignored any more. The social media platforms play a massive role in information dissemination and sharing. The data trail created by the use of such platforms is often used by cyber criminals to target innocent girls and children.

On Ground Stats

Of the six million crimes police in India recorded between 1 January and 31 December last year, 428,278 cases involved crimes against women. It’s a rise of 26.35% over six years – from 338,954 cases in 2016. A majority of the cases in 2021, the report said, were of kidnappings and abduction, rapes, domestic violence, dowry deaths and assaults. Also, 107 women were attacked with acid, 1,580 women were trafficked, 15 girls were sold, and 2,668 were victims of cybercrimes. With more than 56,000 cases, the northern state of Uttar Pradesh, which is India’s most populous with 240 million people, once again topped the list. Rajasthan followed it with 40,738 cases and Maharashtra with 39,526 cases. This shows the root of the problem and how deep this menace goes in our society. With various campaigns and initiatives by Government and the CSO, awareness is on the rise, but still, we need a robust prevention mechanism to address this issue critically.

Influence of Social Media Platforms

Social media platforms such as Facebook, Instagram and Twitter were created to bring people closer by eliminating geographical boundaries, which is strengthened by the massive internet connectivity network across the globe. Throughout 2022, on average, there are about 470.1 million active social media users in India on a monthly basis, with an annual growth rate of 4.2 % in 2021-22. This represents about  33.4 % of the total population. These social media users, on average, spend about 2.6 hours on social media, and each, on average, has accounts on 8.6 platforms.

The bad actors have also upskilled themselves and are now using these social platforms to commit cybercrimes. Some of these crimes against girls and women include – Impersonation, Identity theft, Cyberstalking, Cyber-Enabled human trafficking and many more. These crimes are on the rise post-pandemic, and instances of people using fake IDs to lure young girls into their traps are being reported daily. One such instance is when Imran Mansoori created an Instagram account in the name of Rahul Gujjar, username: rahul_gujjar_9010. Using social engineering and scoping out the vulnerabilities, he trapped a minor girl in a relationship & took her to a hotel in Moradabad. The hotel manager raised the suspicion of seeing a different ID & called the Police, Imran was then arrested. But many such crimes go unreported, and it is essential for all stakeholders to create a safeguard regarding girls’ and women’s safety.

Legal Remedies at our disposal

The Indian Legal system has been evolving with time towards the online safety of girls and women. The National Commission for Protection of Child Rights (NCPCR) and the National Commission for Women (NCW) have worked tirelessly to safeguard girls and women to create a wholesome, safe, secure environment. The Information Technology Act governs cyberspace and its associated rights and duties. The following provisions of the IT Act are focused towards safeguarding the rights –

• Violation of privacy – Section 66E
• Obscene material – Section 67
• Pornography & sexually explicit act – Section 67A
• Child pornography – Section 67B
• Intermediaries due diligence rules – Section 79

Apart from these provisions, acts like POCSO, IPC, and CrPC, draft the Digital Personal Data Protection Bill, Intermediary Guidelines on Social Media and Online Gaming and telecommunications bill.

Conclusion

The likelihood of becoming a victim of cybercrime is always growing due to increased traffic in the virtual world, which is especially true for women who are frequently viewed as easy targets. The types of cyber crimes that target women have grown, and the trend has not stopped in India. Cyber flaming, cyber eve-teasing, cyber flirting, and internet cheating are some new-generation crimes that are worth mentioning here. In India, women tend to be reluctant to speak up about issues out of concern that doing so might damage their reputations permanently. Without being fully aware of the dangers of the internet, women grow more susceptible the more time they spend online. Women should be more alert to protect themselves from targeted online attacks.

Introduction

In September 2024, the Australian government announced the  Communications Legislation Amendment (Combatting Misinformation and Disinformation) Bill 2024 ( CLA Bill 2024 hereon), to provide new powers to the Australian Communications and Media Authority (ACMA), the statutory regulatory body for Australia's communications and media infrastructure, to combat online misinformation and disinformation. It proposed allowing the ACMA to hold digital platforms accountable for the “seriously harmful mis- and disinformation” being spread on their platforms and their response to it, while also balancing freedom of expression. However, the Bill was subsequently withdrawn, primarily over concerns regarding the possibility of censorship by the government. This development is reflective of the global contention on the balance between misinformation regulation and freedom of speech. 

Background and Key Features of the Bill

According to the BBC’s Global Minds Survey of 2023, nearly 73% of Australians struggled to identify fake news and AI-generated misinformation. There has been a substantial rise in misinformation on platforms like Facebook, Twitter, and TikTok since the COVID-19 pandemic, especially during major events like the bushfires of 2020 and the 2022 federal elections. The government’s campaign against misinformation was launched against this background, with the launch of The Australian Code of Practice on Disinformation and Misinformation in 2021. The main provisions of the CLA Bill, 2024 were: 

1. Core Transparency Obligations of Digital Media Platforms: Publishing current media literacy plans,  risk assessment reports, and policies or information on their approach to addressing mis- and disinformation. The ACMA would also be allowed to make additional rules regarding complaints and dispute-handling processes.
2. Information Gathering and Record-Keeping Powers: The ACMA would form rules allowing it to gather consistent information across platforms and publish it. However, it would not have been empowered to gather and publish user information except in limited circumstances.
3. Approving Codes and Making Standards: The ACMA would have powers to approve codes developed by the industry and make standards regarding reporting tools, links to authoritative information, support for fact-checking, and demonetisation of disinformation. This would make compliance mandatory for relevant sections of the industry. 
4. Parliamentary Oversight: The transparency obligations, codes approved and standards set by ACMA under the Bill would be subject to parliamentary scrutiny and disallowance. ACMA would be required to report to the Parliament annually. 
5. Freedom of Speech Protections: End-users would not be required to produce information for ACMA unless they are a person providing services to the platform, such as its employees or fact-checkers. Further,  it would not be allowed to call for removing content from platforms unless it involved inauthentic behavior such as bots. 
6. Penalties for Non-Compliance: ACMA would be required to employ a “graduated, proportionate and risk-based approach” to non-compliance and enforcement in the form of formal warnings, remedial directions, injunctions, or significant civil penalties as decided by the courts, subject to review by the Administrative Review Tribunal (ART). No criminal penalties would be imposed.

Key Concerns

• Inadequacy of Freedom of Speech Protections: The biggest contention on this Bill has been regarding the issue of possible censorship, particularly of alternative opinions that are crucial to the health of a democratic system. To protect the freedom of speech, the Bill defined mis- and disinformation, what constitutes “serious harm” (election interference, harming public health, etc.), and what would be excluded from its scope. However, reservations among the Opposition persisted due to the lack of a clear mechanism to protect divergent opinions from the purview of this Bill. 
• Efficacy of Regulatory Measures: Many argue that by allowing the digital platform industry to make its codes, this law lets it self-police. Big Tech companies have no incentive to curb misinformation effectively since their business models allow them to reap financial benefits from the rampant spread of misinformation. Unless there are financial non- or dis- incentives to curb misinformation, Big Tech is not likely to address the situation at war footing.  Thus, this law would run the risk of being toothless. Secondly, the Bill did not require platforms to report on the “prevalence of” false content which, along with other metrics,  is crucial for researchers and legislators to track the efficacy of the current misinformation-curbing practices employed by platforms.  
• Threat of Government Overreach:  The Bill sought to expand the ACMA’s compliance and enforcement powers concerning misinformation and disinformation on online communication platforms by giving it powers to form rules on information gathering, code registration, standard-making powers, and core transparency obligations. However, even though the ACMA as a regulatory authority is answerable to the Parliament, the Bill was unclear in defining limits to these powers. This raised concerns from civil society about potential government overreach in a domain filled with contextual ambiguities regarding information.

Conclusion

While the Communications Legislation Amendment (Combatting Misinformation and Disinformation) Bill sought to equip the ACMA with tools to hold digital platforms accountable and mitigate the harm caused by false information, its critique highlights the complexities of regulating such content without infringing on freedom of speech. Legislations and proposals regarding the matter all over the world are having to contend with this challenge. Globally, legislation and proposals addressing this issue face similar challenges, emphasizing the need for a continuous discourse at the intersection of platform accountability, regulatory restraint, and the protection of diverse viewpoints.

To regulate Big Tech effectively, governments can benefit from adopting a consultative, incremental, and cooperative approach, as exemplified by the European Union’s Digital Services Act 2023. Such a framework provides for a balanced response, fostering accountability while safeguarding democratic freedoms.

Resources

• https://www.infrastructure.gov.au/sites/default/files/documents/factsheet-misinformation-disinformation-bill.pdf 
• https://www.infrastructure.gov.au/have-your-say/new-acma-powers-combat-misinformation-and-disinformation 
• https://www.mi-3.com.au/07-02-2024/over-80-australians-feel-they-may-have-fallen-fake-news-says-bbc 
• https://www.hrlc.org.au/news/misinformation-inquiry 
• https://humanrights.gov.au/our-work/legal/submission/combatting-misinformation-and-disinformation-bill-2024 
• https://www.sbs.com.au/news/article/what-is-the-misinformation-bill-and-why-has-it-triggered-worries-about-freedom-of-speech/4n3ijebde 
• https://www.hrw.org/report/2023/06/14/no-internet-means-no-work-no-pay-no-food/internet-shutdowns-deny-access-basic#:~:text=The%20Telegraph%20Act%20allows%20authorities,preventing%20incitement%20to%20the%20commission 
• https://www.hrlc.org.au/submissions/2024/11/8/submission-combatting-misinformation?utm_medium=email&utm_campaign=Media%20Release%20Senate%20Committee%20to%20hear%20evidence%20calling%20for%20Albanese%20Government%20to%20regulate%20and%20hold%20big%20tech%20accountable%20for%20misinformation&utm_content=Media%20Release%20Senate%20Committee%20to%20hear%20evidence%20calling%20for%20Albanese%20Government%20to%20regulate%20and%20hold%20big%20tech%20accountable%20for%20misinformation+Preview+CID_31c6d7200ed9bd2f7f6f596ba2a8b1fb&utm_source=Email%20campaign&utm_term=Read%20the%20Human%20Rights%20Law%20Centres%20submission%20to%20the%20inquiry

‍

Introduction

The information of hundreds of thousands of Indians who received the COVID vaccine was Leaked in a significant data breach and posted on a Telegram channel. Numerous reports claim that sensitive information, including a person’s phone number, gender, ID card details, and date of birth, leaked over Telegram. It could be obtained by typing a person’s name into a Telegram bot.

What really happened?

The records pertaining to the mobile number registered in the CoWin portal are accessible on the Malayalam news website channel. It is also feasible to determine which vaccination was given and where it was given.

According to The Report, the list of individuals whose data was exposed includes BJP Tamil Nadu president K Annamalai, Congress MP Karti Chidambaram, and former BJP union minister for health Harsh Vardhan. Telangana’s minister of information and communication technology, Kalvakuntla Taraka Rama Rao, is also on the list.

MEITY stated in response to the data leak, “It is old data, we are still confirming it. We have requested a report on the matter.

After the media Report, the bot was disabled, but experts said the incident raised severe issues because the information might be used for identity theft, phishing emails, con games, and extortion calls. The Indian Computer Emergency Response Team (CERT-In), the government’s nodal body, has opened an investigation into the situation

The central government declared the data breach reports regarding the repository of beneficiaries against Covid to be “mischievous in nature” on Monday and claimed the ‘bot’ that purportedly accessed the confidential data was not directly accessing the CoWIN database.

According to the first complaint by CERT-In, the government’s cybersecurity division, the government claimed the bot might be displaying information from “previously stolen data.” Reports.

The health ministry refuted the claim, asserting that no bots could access the information without first verifying with a one-time password.

“It is made clear that all of these rumours are false and malicious. The health ministry’s CoWIN interface is entirely secure and has sufficient data privacy protections. The security of the data on the CoWIN portal is being ensured in every way possible, according to a statement from the health ministry.

Meity said the CoWin program or database was not directly compromised, and the shared information appeared to be taken from a previous intrusion. But the hack again highlights the growing danger of cyber assaults, particularly on official websites.‍

Recent cases of data leak

Dominos India 2021– Dominos India, a division of Jubilant FoodWorks, faced a cyberattack on May 22, 2021, which led to the disclosure of information from 180 million orders. The breach exposed order information, email addresses, phone numbers, and credit card information. Although Jubilant FoodWorks acknowledged a security breach, it refuted any illegal access to financial data.

Air India – A cyberattack that affected Air India in May 2021 exposed the personal information of about 4.5 million customers globally. Personal information recorded between August 26, 2011, and February 3, 2021, including names, dates of birth, contact information, passport information, ticket details, frequent flyer information from Star Alliance and Air India, and credit card information, were exposed in the breach.

Bigbasket – BigBasket, an online supermarket, had a data breach in November 2020, compromising the personal information of approximately 20 million consumers. Email IDs, password hashes, PINs, phone numbers, addresses, dates of birth, localities, and IP addresses were among the information released from an insecure database containing over 15 GB of customer data. BigBasket admitted to the incident and reported it to the Bengaluru Cyber Crime Department.

Unacademy – Unacademy, an online learning platform, experienced a data breach in May 2020, compromising the email addresses of approximately 11 million subscribers. While no sensitive information, such as financial data or passwords, was compromised, user data, including IDs, passwords, date joined, last login date, email IDs, names, and user credentials, was. The breach was detected when user accounts were uncovered for sale on the dark web.

2022 Card Data- Cybersecurity researchers from AI-driven Singapore-based CloudSEK found a threat actor offering a database of 1.2 million cards for free on a Dark Web forum for crimes on October 12, 2022. This came after a second problem involving 7.9 million cardholder records that were reported on the BidenCash website. This comprised information pertaining to State Bank of India (SBI) clients. And other well-known companies were among those targeted in high-profile data breach cases that have surfaced in recent years.

Conclusion

Data breach cases are increasing daily, and attackers are mainly attacking the healthcare sectors and health details as they can easily find personal details. This recent CoWIN case has compromised thousands of people’s data. The All-India Institute of Medical Sciences’ systems were compromised by hackers a few months ago. Over 95% of adults have had their vaccinations, according to the most recent data, even if the precise number of persons impacted by the CoWin privacy breach could not be determined.