Centre Proposes New Bills for Criminal Law
Introduction
Criminal justice in India is majorly governed by three laws which are – Indian Penal Code, Criminal Procedure Code and Indian Evidence Act. The centre, on 11th August 2023’ Friday, proposes a new bill in parliament Friday, which is replacing the country’s major criminal laws, i.e. Indian Penal Code, Criminal Procedure Code and Indian Evidence Act.
The following three bills are being proposed to replace major criminal laws in the country:
- The Bharatiya Nyaya Sanhita Bill, 2023 to replace Indian Penal Code 1860.
- The Bharatiya Nagrik Suraksha Sanhita Bill, 2023, to replace The Code Of Criminal Procedure, 1973.
- The Bharatiya Sakshya Bill, 2023, to replace The Indian Evidence Act 1872.
Cyber law-oriented view of the new shift in criminal lawNotable changes:Bharatiya Nyaya Sanhita Bill, 2023 Indian Penal Code 1860.
Way ahead for digitalisation
The new laws aim to enhance the utilisation of digital services in court systems, it facilitates online registration of FIR, Online filing of the charge sheet, serving summons in electronic mode, trial and proceedings in electronic mode etc. The new bills also allow the virtual appearance of witnesses, accused, experts, and victims in some instances. This shift will lead to the adoption of technology in courts and all courts to be computerised in the upcoming time.
Enhanced recognition of electronic records
With the change in lifestyle in terms of the digital sphere, significance is given to recognising electronic records as equal to paper records.
Conclusion
The criminal laws of the country play a significant role in establishing law & order and providing justice. The criminal laws of India were the old laws existing under British rule. There have been several amendments to criminal laws to deal with the growing crimes and new aspects. However, there was a need for well-established criminal laws which are in accordance with the present era. The step of the legislature by centralising all criminal laws in their new form and introducing three bills is a good approach which will ultimately strengthen the criminal justice system in India, and it will also facilitate the use of technology in the court system.
Related Blogs

Executive Summary:
Recently PAN-OS software of Palo Alto Networks was discovered with the critical vulnerability CVE-2024-3400. It is the software used to power all their networks in the next generation firewalls. This vulnerability is a common injection vulnerability which provides access to unauthenticated attackers to execute random code having root privileges on the attacked system. This has been exploited actively by threat actors, leaving many organizations at risk for severe cyberattacks. This report helps to understand the exploitation, detection, mitigations and recommendations for this vulnerability.

Understanding The CVE-2024-3400 Vulnerability:
CVE-2024-3400 impacts the particular version of PAN-OS and a certain configuration susceptible to this kind of a security issue. It is a command injection, which exists in the GlobalProtect module of the PAN-OS software. The vulnerability can be exploited by an unauthorized user to run any code on the firewall having root privileges. This targets Active Directory database (ntds.dit), important data (DPAPI), and Windows event logs (Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx) and also login data, cookies, and local state data for Chrome and Microsoft Edge from specific targets leading attackers to capture the browser master key and steal sensitive information of the organization.
The CVE-2024-3400 has been provided with a critical severity rating of 10.0. The following two weaknesses make this CVE highly severe:
- CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
- CWE-20: Improper Input Validation.
Impacted Products:
The affected version of PAN-OS by CVE-2024-3400 are-

Only the versions 10.2, 11.0, and 11.1, setup with GlobalProtect Gateway or GlobalProtect Portal are exploited by this vulnerability. Whereas the Cloud NGFW, Panorama appliances and Prisma Access are not affected.
Detecting Potential Exploitation:
Palo Alto Networks has confirmed that they are aware of the exploitation of this particular vulnerability by threat actors. In a recent publication they have given acknowledgement to Volexity for identifying the vulnerability. There is an increasing number of organizations that face severe and immediate risk by this exploitation. Third parties also have released the proof of concept for the vulnerability.
The suggestions were provided by Palo Alto Networks to detect this critical vulnerability. To detect this vulnerability, the following command shall be run on the command-line interface of PAN-OS device:
grep pattern "failed to unmarshal session(.\+.\/" mp-log gpsvc.log*
This command looks through device logs for specific entries related to vulnerability.
These log entries should contain a long, random-looking code called a GUID (Globally Unique Identifier) between the words "session(" and ")". If an attacker has tried to exploit the vulnerability, this section might contain a file path or malicious code instead of a GUID.
Presence of such entries in your logs, could be a sign of a potential attack to hack your device which may look like:
- failed to unmarshal session(../../some/path)
A normal, harmless log entry would look like this:
- failed to unmarshal session(01234567-89ab-cdef-1234-567890abcdef)
Further investigations and actions shall be needed to secure the system in case the GUID entries were not found and suspicious.
Mitigation and Recommendations:
Mitigation of the risks posed by the critical CVE-2024-3400 vulnerability, can be accomplished by the following recommended steps:
- Immediately update Software: This vulnerability is fixed in software releases namely PAN-OS 10.2.9-h1, PAN-OS 11.0.4-h1, PAN-OS 11.1.2-h3, and all higher versions. Updating software to these versions will protect your systems fully against potential exploitation.
- Leverage Hotfixes: Palo Alto Networks has released hotfixes for commonly deployed maintenance releases of PAN-OS 10.2, 11.0, and 11.1 for the users who cannot upgrade to the latest versions immediately. These hotfixes do provide a temporary solution while you prepare for the full upgrade.
- Enable Threat Prevention: Incase of available Threat Prevention subscription, enable Threat IDs 95187, 95189, and 95191 to block attacks targeting the CVE-2024-3400 vulnerability. These Threat IDs are available in Applications and Threats content version 8836-8695 and later.
- Apply Vulnerability Protection: Ensure that vulnerability protection has been applied in the GlobalProtect interface to prevent the exploitation on the device. It can be implemented using these instructions.
- Monitor Advisory Updates: Regularly checking for the updates to the official advisory of Palo Alto Networks. This helps to stay up to date of the new releases of the guidance and threat prevention IDs of CVE-2024-3400.
- Disable Device Telemetry – Optional: It is suggested to disable the device telemetry as an additional precautionary measure.
- Remediation: If there is an active exploitation observed, follow the steps mentioned in this Knowledge Base article by Palo Alto Networks.
Implementation of the above mitigation measures and recommendations would be in a position to greatly reduce the risk of exploitation you might face from a cyber attack targeting the CVE-2024-3400 vulnerability in Palo Alto Networks' PAN-OS software.
Conclusion:
The immediate response should be taken against the offensive use of the critical CVE-2024-3400 vulnerability found in the PAN-OS platform of Palo Alto Networks. Organizations should actively respond by implementing the suggested mitigation measures such as upgrading to the patched versions, enabling threat prevention and applying vulnerability protection to immediately protect from this vulnerability. Regular monitoring, implementing security defense mechanisms and security audits are the necessary measures that help to combat emerging threats and save critical resources.

Introduction
Entrusted with the responsibility of leading the Global Education 2030 Agenda through the Sustainable Development Goal 4, UNESCO’s Institute for Lifelong Learning in collaboration with the Media and Information Literacy and Digital Competencies Unit has recently launched a Media and Information Literacy Course for Adult Educators. The course aligns with The Pact for The Future adopted at The United Nations Summit of the Future, September 2024 - asking for increased efforts towards media and information literacy from its member countries. The course is free for Adult Educators to access and is available until 31st May 2025.
The Course
According to a report by Statista, 67.5% of the global population uses the internet. Regardless of the age and background of the users, there is a general lack of understanding on how to spot misinformation, targeted hate, and navigating online environments in a manner that is secure and efficient. Since misinformation (largely spread online) is enabled by the lack of awareness, digital literacy becomes increasingly important. The course is designed keeping in mind that many active adult educators are yet to get an opportunity to hone their skills with regard to media and information through formal education. Self-paced, a total of 10 hours, this course covers basics such as concepts of misinformation and disinformation, artificial intelligence, and combating hate speech, and offers a certificate on completion.
CyberPeace Recommendations
As this course is free of cost, can be done in a remote capacity, and covers basics regarding digital literacy, all eligible are encouraged to take it up to familiarise themselves with such topics. However, awareness regarding the availability of this course, alongside who can avail of this opportunity can be further worked on so a larger number can avail its benefits.
CyberPeace Recommendations To Enhance Positive Impact
- Further Collaboration: As this course is open to adult educators, one can consider widening the scope through active engagement with Independent organisations and even Individual internet users who are willing to learn.
- Engagement with Educational Institutions: After launching a course, an interactive outreach programme and connecting with relevant stakeholders can prove to be beneficial. Since this course requires each individual adult educator to sign up to avail the course, partnering with educational universities, institutes, etc. is encouraged. In the Indian context, active involvement with training institutes such as DIET (District Institute of Education and Training), SCERT (State Council of Educational Research and Training), NCERT (National Council of Educational Research and Training), and Open Universities, etc. could be initiated, facilitating greater awareness and more participation.
- Engagement through NGOs: NGOs (focused on digital literacy) with a tie-up with UNESCO, can aid in implementing and encouraging awareness. A localised language approach option can be pondered upon for inclusion as well.
Conclusion
Though a long process, tackling misinformation through education is a method that deals with the issue at the source. A strong foundation in awareness and media literacy is imperative in the age of fake news, misinformation, and sensitive data being peddled online. UNESCO’s course launch garners attention as it comes from an international platform, is free of cost, truly understands the gravity of the situation, and calls for action in the field of education, encouraging others to do the same.
References
- https://www.uil.unesco.org/en/articles/media-and-information-literacy-course-adult-educators-launched
- https://www.unesco.org/en/articles/celebrating-global-media-and-information-literacy-week-2024
- https://www.unesco.org/en/node/559#:~:text=UNESCO%20believes%20that%20education%20is,must%20be%20matched%20by%20quality.

Introduction
On 20th March 2024, the Indian government notified the Fact Check Unit (FCU) under the Press Information Bureau (PIB) of the Ministry of Information and Broadcasting as the Fact Check Unit (FCU) of the Central Government. This PIB FCU is notified under the provisions of Rule 3(1)(b)(v) of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Amendment Rules 2023 (IT Amendment Rules 2023).
However, the next day, on 21st March 2024, the Supreme Court stayed the Centre's decision. The IT Amendment Rules of 2023 provide that the Ministry of Electronics and Information Technology (MeitY) can notify a fact-checking body to identify and tag what it considers fake news with respect to any activity of the Centre. The stay will be in effect till the Bombay High Court finally decides the challenges to the IT Rules amendment 2023.
The official notification dated 20th March 2024 read as follows:
“In exercise of the powers conferred by sub-clause (v) of clause (b) of sub-rule (1) of rule 3 of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, the Central Government hereby notifies the Fact Check Unit under the Press Information Bureau of the Ministry of Information and Broadcasting as the fact check unit of the Central Government for the purposes of the said sub-clause, in respect of any business of the Central Government.”
Impact of the notification
The impact of notifying PIB’s FCU under Rule 3(1)(b)(v)will empower the PIB’s FCU to issue direct takedown directions to the concerned Intermediary. Any information posted on social media in relation to the business of the central government that has been flagged as fake or false by the FCU has to be taken down by the concerned intermediary. If it fails to do so, it will lose the 'safe harbour' immunity against legal proceedings arising out of such information posted offered under Section 79 of IT Act, 2000.
Safe harbour provision u/s 79 of IT Act, 2000
Section 79 of the IT Act, 2000 serves as a safe harbour provision for intermediaries. The provision states that "an intermediary shall not be liable for any third-party information, data, or communication link made available or hosted by him". However, it is notable that this legal immunity cannot be granted if the intermediary "fails to expeditiously" take down a post or remove a particular content after the government or its agencies flag that the information is being used unlawfully. Furthermore, intermediaries are obliged to observe due diligence on their platforms.
Rule 3 (1)(b)(v) Under IT Amendment Rules 2023
Rule 3(1)(b)(v) of The Information Technology(Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 [updated as on 6.4.2023] provides that all intermediaries [Including a social media intermediary, a significant social media intermediary and an online gaming intermediary], are required to make "reasonable efforts” or perform due diligence to ensure that their users do not "host, display, upload, modify, publish, transmit, store, update or share” any information that “deceives or misleads the addressee about the origin of the message or knowingly and intentionally communicates any misinformation or information which is patently false and untrue or misleading in nature or, in respect of any business of the Central Government, is identified as fake or false or misleading by such fact check unit of the Central Government as the Ministry may, by notification published in the Official Gazette, specify”.
PIB - FCU
The PIB - Fact Check Unit(FCU) was established in November 2019 to prevent the spread of fake news and misinformation about the Indian government. It also provides an accessible platform for people to report suspicious or questionable information related to the Indian government. This FCU is responsible for countering misinformation on government policies, initiatives, and schemes. The FCU is tasked with addressing misinformation about government policies, initiatives, and schemes, either directly (Suo moto) or through complaints received. On 20th March 2024,via a gazetted notification, the Centre notified the Press Information Bureau's fact-check unit (FCU) as the nodal agency to flag fake news or misinformation related to the central government. However, The Supreme Court stayed the Centre's notification of the Fact-Check Unit under IT Amendment Rules 2023.
Concerns with IT Amendment Rules 2023
The Ministry of Electronics and Information Technology(MeitY) amended the IT Rules of 2021. The ‘Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Amendment Rules, 2023’ (IT Amendment Rules 2023) were notified by the Ministry of Electronics and Information Technology on 6 April 2023. The rules introduced new provisions to establish a fact-checking unit with respect to “any business of the central government” and also made other provisions pertaining to online gaming.
The Constitutional validity of IT Amendment Rules 2023 has been challenged through a writ petition challenging the IT Rules 2023 in the Bombay High Court. The contention is that the rules raise "serious constitutional questions," and Rule 3(1)(b)(v), as amended in 2023, impacts the fundamental right to freedom of speech and expression would fall for analysis by the High Court.
Supreme Court Stays Setting up of FCU
A bench comprising Chief Justice DY Chandra Hud, Justices JB Pardiwala and Manoj Misra convened to hear Special Leave Petitions filed by Kunal Kamra, the Editors Guild of India and the Association of Indian Magazines challenging the refusal of the Bombay High Court to stay the implementation of the IT Rules 2023. The Supreme Court has stayed the Union's notification of the Fact-Check Unit under the IT Amendment Rules 2023, pending the Bombay High Court's decision on the challenges to the IT Rules Amendment 2023.
Emphasizing Freedom of Speech in the Democratic Environment
The advent of advanced technology has also brought with it a new generation of threats and concerns: the misuse of said technology in the form of deepfakes and misinformation is one of the most pressing concerns plaguing society today. This realization has informed the critical need for stringent regulatory measures. The government is rightly prioritizing the need to immediately address digital threats, but there must be a balance between our digital security policies and the need to respect free speech and critical thinking. The culture of open dialogue is the bedrock of democracy. The ultimate truth is shaped through free trade in ideas within a competitive marketplace of ideas. The constitutional scheme of democracy places great importance on the fundamental value of liberty of thought and expression, which has also been emphasized by the Supreme Court in its various judgements.
The IT Rules, 2023,provide for creating a "fact check unit" to identify fake or false or misleading information “in relation to any business of the central government "This move raised concerns within the media fraternity, who argued that the determination of fake news cannot be placed solely in the hands of the government. It is also worth noting that if users post something illegal, they can still be punished under laws that already exist in the country.
We must take into account that freedom of speech under Article 19 of the Constitution is not an absolute right. Article 19(2) imposes restrictions on the Right to Freedom of Speech and expression. Hence, there has to be a balance between regulatory measures and citizens' fundamental rights.
Nowadays, the term ‘fake news’ is used very loosely. Additionally, there is a dearth of clearly established legal parameters that define what amounts to fake or misleading information. Clear definitions of the terms should be established to facilitate certainty as to what content is ‘fake news’ and what content is not. Any such restriction on speech must align with the exceptions outlined in Article19(2) of the Constitution.
Conclusion
Through a government notification, PIB - FCU was intended to act as a government-run fact-checking body to verify any information about the Central Government. However, the apex court of India stayed the Centre's notification. Now, the matter is sub judice, and we hope for the judicial analysis of the validity of IT Amendment Rules 2023.
Notably, the government is implementing measures to combat misinformation in the digital world, but it is imperative that we strive for a balance between regulatory checks and individual rights. As misinformation spreads across all sectors, a centralised approach is needed in order to tackle it effectively. Regulatory reforms must take into account the crucial roleplayed by social media in today’s business market: a huge amount of trade and commerce takes place online or is informed by digital content, which means that the government must introduce policies and mechanisms that continue to support economic activity. Collaborative efforts between the government and its agencies, technological companies, and advocacy groups are needed to deal with the issue better at a higher level.
References
- https://egazette.gov.in/(S(xzwt4b4haaqja32xqdiksbju))/ViewPDF.aspx
- https://pib.gov.in/PressReleasePage.aspx?PRID=2015792
- https://economictimes.indiatimes.com/tech/technology/govt-notifies-fact-checking-unit-under-pib-to-check-fake-news-misinformation-related-to-centre/articleshow/108653787.cms?from=mdr
- https://www.epw.in/journal/2023/43/commentary/it-amendment-rules-2023.html#:~:text=The%20Information%20Technology%20Amendment%20Rules,to%20be%20false%20or%20misleading
- https://www.livelaw.in/amp/top-stories/supreme-court-kunal-kamra-editors-guild-notifying-fact-check-unit-it-rules-2023-252998
- https://www.aljazeera.com/news/2024/3/21/india-top-court-stays-government-move-to-form-fact-check-unit-under-it-laws
- https://www.meity.gov.in/writereaddata/files/Information%20Technology 28Intermediary%20Guidelines%20and%20Digital% 20Media%20Ethics%20Code%29%20Rules%2C%202021%20%28updated%2006.04.2023%29-.pdf
- 2024 SCC On Line Bom 360