#FactCheck - AI-Generated Clip of Lion Carrying Woman Shared as Real Incident

What Is a VPN and its Significance 

A Virtual Private Network (VPN) creates a secure and reliable network connection between a device and the internet. It hides your IP address by rerouting it through the VPN’s host servers. For example, if you connect to a US server, you appear to be browsing from the US, even if you’re in India. It also encrypts the data being transferred in real-time so that it is not decipherable by third parties such as ad companies, the government, cyber criminals, or others.

All online activity leaves a digital footprint that is tracked for data collection, and surveillance, increasingly jeopardizing user privacy. VPNs are thus a powerful tool for enhancing the privacy and security of users, businesses, governments and critical sectors. They also help protect users on public Wi-Fi networks ( for example, at airports and hotels), journalists, activists and whistleblowers, remote workers and businesses, citizens in high-surveillance states, and researchers by affording them a degree of anonymity. 

What VPNs Do and Don’t 

‍

•  What VPNs Can Do:
  
  • Mask your IP address to enhance privacy.
  • Encrypt data to protect against hackers, especially on public Wi-Fi.
  • Bypass geo-restrictions (e.g., access streaming content blocked in India).
•  What VPNs Cannot Do:
  
  • Make you completely anonymous and protect your identity (websites can still track you via cookies, browser fingerprinting, etc.).
  • Protect against malware or phishing.
  • Prevent law enforcement from tracing you if they have access to VPN logs.
  • Free VPNs usually even share logs with third parties. 

VPNs in the Context of India’s Privacy Policy Landscape 

In April 2022, CERT-In (Computer Emergency Response Team- India) released Directions under Section 70B (6) of the Information Technology (“IT”) Act, 2000, mandating VPN service providers to store customer data such as “validated names of subscribers/customers hiring the services, period of hire including dates, IPs allotted to / being used by the members, email address and IP address and time stamp used at the time of registration/onboarding, the purpose for hiring services, validated address and contact numbers, and the ownership pattern of the subscribers/customers hiring services” collected as part of their KYC (Know Your Customer) requirements, for a period of five years, even after the subscription has been cancelled. While this directive was issued to aid with cybersecurity investigations, it undermines the core purpose of VPNs- anonymity and privacy. It also gave operators very little time to carry out compliance measures. 

Following this, operators such as NordVPN, ExpressVPN, ProtonVPN, and others pulled their physical servers out of India, and now use virtual servers hosted abroad (e.g., Singapore) with Indian IP addresses. While the CERT-In Directions have extra-territorial applicability, virtual servers are able to bypass them since they physically operate from a foreign jurisdiction. This means that they are effectively not liable to provide user information to Indian investigative agencies, beating the whole purpose of the directive. To counter this, the Indian government could potentially block non-compliant VPN services in the future. Further, there are concerns about overreach since the Directions are unclear about how long CERT-In can retain the data it acquires from VPN operators, how it will be used and safeguarded, and the procedure of holding VPN operators responsible for compliance. 

Conclusion: The Need for a Privacy-Conscious Framework

The CERT-In Directions reflect a governance model which, by prioritizing security over privacy, compromises on safeguards like independent oversight or judicial review to balance the two. The policy design renders a lose-lose situation because virtual VPN services are still available, while the government loses oversight. If anything, this can make it harder for the government to track suspicious activity.  It also violates the principle of proportionality established in the landmark privacy judgment, Puttaswamy v. Union of India (II) by giving government agencies the power to collect excessive VPN data on any user. These issues underscore the need for a national-level, privacy-conscious cybersecurity framework that informs other policies on data protection and cybercrime investigations. In the meantime, users who use VPNs are advised to choose reputable providers, ensure strong encryption, and follow best practices to maintain online privacy and security.

References 

• https://www.kaspersky.com/resource-center/definitions/what-is-a-vpn 
• https://internetfreedom.in/top-secret-one-year-on-cert-in-refuses-to-reveal-information-about-compliance-notices-issued-under-its-2022-directions-on-cybersecurity/#:~:text=tl;dr,under%20this%20new%20regulatory%20mandate. 
• https://www.wired.com/story/vpn-firms-flee-india-data-collection-law/#:~:text=Starting%20today%2C%20the%20Indian%20Computer,years%2C%20even%20after%20they%20have

‍

Introduction

In the new age of technologies the internet and social media continue to witness a surge in deepfake videos a technological phenomenon that blurs the line between reality and fiction. The string of deepfake videos of Bollywood actors and other famous personalities has raised serious concerns. While Prime Minister Narendra Modi spoke against the risks of artificial intelligence at the G20 Virtual Summit. The central government has recently announced that it will soon set up dedicated regulations to tackle this Menace. This will include holding social media platforms and creators responsible for their actions against the rules and regulations. Very often most people shy away from initiating a legal process or taking action while being victims of misuse of fast-paced tech but the government has announced its big support to the victims and promised to stand by complaints against deepfake videos especially this includes helping individuals to report the incidents and any violations by platforms.

Social media platforms to realign their policies as per the Indian laws

The Ministry of Electronics and Information Technology (MeitY) announced on 24th November 2023 that it will be giving social media platforms seven days time period to align their terms of service and other policies with Indian laws and regulations in order to address the issue of hosting of deepfakes on these platforms. All platforms must align and transform their terms of use with their users to be consistent with the 12 areas that are prohibited under rule 3(1)(b) of the Information Technology (IT) Rules, 2021.

The platforms will ensure harmonization and alignment of their terms & policies so that every user on every platform is aware that when they use a platform the platform intends to be a safe and trusted platform and the platform will not tolerate these 12 types of content or information that have been prohibited under the IT Act and the IT rules. The government approach is to collectively advocate for responsible and safe use of the Internet. The government has taken a proactive step in partnership with these social media platforms to ensure an era where such platforms will be a lot more responsible and a lot more responsive to the expectations under the law and more compliant.

Officer to be appointed under rule 7 

As Deepfake Videos continue to surface on social media, the Government has geared up to curb such content online. Mr. Rajeev Chandrasekhar Minister of State, (Meity), stated that the government will soon appoint an officer to take appropriate action against deepfake videos. This statement came after the government meeting with industry stakeholders and important players held on 24 Nov 2023. He added that Meity and the government of India will nominate an officer under rule 7  (IT rules 2021) and will ensure full compliance expectations from all the platforms. An officer appointed under Rule 7,  will be entrusted with building a mechanism where users can put in their complaints regarding deepfakes and MeitY may also assist such aggrieved users with filing FIRs in such cases. Mr. Rajeev Chandrasekhar, Minister of State, (Meity) also added that we will also be creating a platform where it will be very easy for netizens to bring to the attention of the government of India and notices of allegations or reports of violation of law by the platforms and the rule 7 officer will take that digital platform information and respond accordingly. 

The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (updated as on 6.4.2023)

Rule 3(1)(b) states that intermediaries shall inform its rules and regulations, privacy policy and user agreement to the user and shall make reasonable efforts to ‘restrict’ the users from hosting, displaying, uploading, modifying, publishing, transmitting, store, update or sharing any information that is prohibited under this rule which also includes deepfake, misinformation, CSAM(Child sexual abusive material) etc.  As per rule 3(2)(b) Intermediaries shall remove or disable access within 24 hours of receipt of complaints of contents that expose the private areas of individuals, show such individuals in full or partial nudity or in a sexual act or is in the nature of impersonation including morphed images etc. 

Ongoing Efforts Ahead of Crucial Meeting with Tech Giants

Ahead of the government meeting with online platforms such as Google, Facebook, and YouTube on Friday, 24th November 2023, Mr. Rajeev Chandrasekhar Minister of State, (Meity) added that way back from October 2022 the government of India had been alerting them to the threat of misinformation and deepfakes which are part of misinformation. He further added that the current IT rules under the IT Act provide for adequate compliance requirements on their part to deal with deepfake.

Deepfake Misinformation

Misinformation powered by AI becoming an even more potent force to disrupt and to mislead and to create chaos and confusion at a scale and of a type that is deeply detrimental. Deepfakes in a very simple basic way is misinformation which is powered by or enhanced by AI. Video-based deepfake misinformation is more dangerous since it has a greater reach as video consumption today is the preferred choice by users on the internet.

Way forward

The Honorable Prime Minister has raised the issue that deep fakes are deeply disruptive they can create divisions and all kinds of disruptions in communities, in families and therefore misuse of deepfake technology is a very clear present danger to the safe and trusted internet.

The Government is on its way to draft a dedicated legislation dedicated to tackling deepfakes.

Even as we speak to a future regulation and a future law which is certainly required given that our IT Act is 23 years old. However current IT rules provide for compliance requirements by the platforms on misinformation patently false information and deepfakes. Followed by the recent government advisory on misinformation and deepfake.

Conclusion

Prime Minister alerting of the dangers of deepfakes online. The government is now in the process of starting to look very seriously into this issue and also issued guidelines for intermediaries and in a finite period of time it is hoped that the threat of deep fakes would actually no longer exist in in our system. The government made it clear that apart from people spreading deepfake videos, the platforms making them spread and not taking action will also be liable they are currently liable and will be even more so in future after new rules and regulations are brought in.

References:

• https://www.moneycontrol.com/news/technology/deepfakes-meity-gives-social-media-platforms-7-day-ultimatum-to-align-their-policies-to-indian-laws-and-regulations-11805521.html
• https://www.azbpartners.com/bank/amendments-to-the-information-technology-intermediary-guidelines-and-digital-media-ethics-code-rules-2021/#:~:text=Prior%20to%20the%20amendment%2C%20under%20Rule%203(1)
• https://www.drishtiias.com/daily-updates/daily-news-analysis/amendments-to-the-it-rules-2021
• https://youtu.be/zmI2ml1d_Es?feature=shared
• https://pib.gov.in/PressReleaseIframePage.aspx?PRID=1975445

‍

Introduction

The Telecom Regulatory Authority of India (TRAI) on 20th August 2024 issued directives requiring Access Service Providers to adhere to the specific guidelines to protect consumer interests and prevent fraudulent activities.  TRAI has mandated all Access Service Providers to abide by the directives. These steps advance TRAI's efforts to promote a secure messaging ecosystem, protecting consumer interests and eliminating fraudulent conduct.

Key Highlights of the TRAI’s Directives

• For improved monitoring and control, TRAI has directed that Access Service Providers move telemarketing calls, beginning with the 140 series, to an online DLT (Digital Ledger Technology) platform by September 30, 2024, at the latest. 
• All Access Service Providers will be forbidden from sending messages that contain URLs, APKs, OTT links, or callback numbers that the sender has not whitelisted, the rule is to be effective from September 1st, 2024.
• In an effort to improve message traceability, TRAI has made it mandatory for all messages, starting on November 1, 2024, to include a traceable trail from sender to receiver. Any message with an undefined or mismatched telemarketer chain will be rejected.
• To discourage the exploitation or misuse of templates for promotional content, TRAI has introduced punitive actions in case of non-compliance. Content Templates registered in the wrong category will be banned, and subsequent offences will result in a one-month suspension of the Sender's services.
• To assure compliance with rules, all Headers and Content Templates registered on DLT must follow the requirements. Furthermore, a single Content Template cannot be connected to numerous headers.
• If any misuse of headers or content templates by a sender is discovered, TRAI has instructed an immediate ‘suspension of traffic’ from all of that sender's headers and content templates for their verification. Such suspension can only be revoked only after the Sender has taken legal action against such usage. Furthermore, Delivery-Telemarketers must identify and disclose companies guilty of such misuse within two business days, or else risk comparable repercussions.

CyberPeace Policy Outlook

TRAI’s measures are aimed at curbing the misuse of messaging services including spam. TRAI has mandated that headers and content templates follow defined requirements. Punitive actions are introduced in case of non-compliance with the directives, such as blacklisting and service suspension. TRAI’s measures will surely curb the increasing rate of scams such as phishing, spamming, and other fraudulent activities and ultimately protect consumer's interests and establish a true cyber-safe environment in messaging services ecosystem.

The official text of TRAI directives is available on the official website of TRAI or you can access the link here.

References

1. https://www.trai.gov.in/sites/default/files/Direction_20082024.pdf
2. https://www.trai.gov.in/sites/default/files/PR_No.53of2024.pdf
3. https://pib.gov.in/PressReleaseIframePage.aspx?PRID=2046872
4. https://legal.economictimes.indiatimes.com/news/regulators/trai-issues-directives-to-access-providers-to-curb-misuse-fraud-through-messaging/112669368

‍