#Factcheck-Allu Arjun visits Shiva temple after success of Pushpa 2? No, image is from 2017

Introduction  

The emergence of deepfake technology has become a significant problem in an era driven by technological growth and power. The government has reacted proactively as a result of concerns about the exploitation of this technology due to its extraordinary realism in manipulating information. The national government is in the vanguard of defending national interests, public trust, and security as the digital world changes. On the 26th of December 2023, the central government issued an advisory to businesses, highlighting how urgent it is to confront this growing threat.

The directive aims to directly address the growing concerns around Deepfakes, or misinformation driven by AI. This advice represents the result of talks that Union Minister Shri Rajeev Chandrasekhar, had with intermediaries during the course of a month-long Digital India dialogue. The main aim of the advisory is to accurately and clearly inform users about information that is forbidden, especially those listed under Rule 3(1)(b) of the IT Rules. 

Advisory

The Ministry of Electronics and Information Technology (MeitY) has sent a formal recommendation to all intermediaries, requesting adherence to current IT regulations and emphasizing the need to address issues with misinformation, specifically those driven by artificial intelligence (AI), such as Deepfakes. Union Minister Rajeev Chandrasekhar released the recommendation, which highlights the necessity of communicating forbidden information in a clear and understandable manner, particularly in light of Rule 3(1)(b) of the IT Rules.

Advise on Prohibited Content Communication

According to MeitY's advice, intermediaries must transmit content that is prohibited by Rule 3(1)(b) of the IT Rules in a clear and accurate manner. This involves giving users precise details during enrollment, login, and content sharing/uploading on the website, as well as including such information in customer contracts and terms of service.

Ensuring Users Are Aware of the Rules

Digital platform suppliers are required to inform their users of the laws that are relevant to them. This covers provisions found in the IT Act of 2000 and the Indian Penal Code (IPC). Corporations should inform users of the potential consequences of breaking the restrictions outlined in Rule 3(1)(b) and should also urge users to notify any illegal activity to law enforcement.

Talks Concerning Deepfakes

For more than a month, Union Minister Rajeev Chandrasekhar had a significant talk with various platforms where they addressed the issue of "deepfakes," or computer-generated fake videos. The meeting emphasized how crucial it is that everyone abides by the laws and regulations in effect, particularly the IT Rules to prevent deepfakes from spreading.  

Addressing the Danger of Disinformation

Minister Chandrasekhar underlined the grave issue of disinformation, particularly in the context of deepfakes, which are false pieces of content produced using the latest developments such as artificial intelligence. He emphasized the dangers this deceptive data posed to internet users' security and confidence. The Minister emphasized the efficiency of the IT regulations in addressing this issue and cited the Prime Minister's caution about the risks of deepfakes.

Rule Against Spreading False Information

The Minister referred particularly to Rule 3(1)(b)(v), which states unequivocally that it is forbidden to disseminate false information, even when doing so involves cutting-edge technology like deepfakes. He called on intermediaries—the businesses that offer digital platforms—to take prompt action to take such content down from their systems. Additionally, he ensured that everyone is aware that breaking such rules has legal implications.

Analysis 

The Central Government's latest advisory on deepfake technology demonstrates a proactive strategy to deal with new issues. It also highlights the necessity of comprehensive legislation to directly regulate AI material, particularly with regard to user interests.

There is a wider regulatory vacuum for content produced by artificial intelligence, even though the current guideline concentrates on the precision and lucidity of information distribution. While some limitations are mentioned in the existing laws, there are no clear guidelines for controlling or differentiating AI-generated content.

Positively, it is laudable that the government has recognized the dangers posed by deepfakes and is making appropriate efforts to counter them. As AI technology develops, there is a chance to create thorough laws that not only solve problems but also create a supportive environment for the creation of ethical AI content. User protection, accountability, openness, and moral AI use would all benefit from such laws. This offers an opportunity for regulatory development to guarantee the successful and advantageous incorporation of AI into our digital environment.

Conclusion 

The Central Government's preemptive advice on deepfake technology shows a great dedication to tackling new risks in the digital sphere. The advice highlights the urgent need to combat deepfakes, but it also highlights the necessity for extensive legislation on content produced by artificial intelligence. The lack of clear norms offers a chance for constructive regulatory development to protect the interests of users. The advancement of AI technology necessitates the adoption of rules that promote the creation of ethical AI content, guaranteeing user protection, accountability, and transparency. This is a turning point in the evolution of regulations, making it easier to responsibly incorporate AI into our changing digital landscape.

References

• https://economictimes.indiatimes.com/tech/technology/deepfake-menace-govt-issues-advisory-to-intermediaries-to-comply-with-existing-it-rules/articleshow/106297813.cms
• https://pib.gov.in/PressReleaseIframePage.aspx?PRID=1990542#:~:text=Ministry%20of%20Electronics%20and%20Information,misinformation%20powered%20by%20AI%20%E2%80%93%20Deepfakes.
• https://www.timesnownews.com/india/centres-deepfake-warning-to-it-firms-ensure-users-dont-violate-content-rules-article-106298282#:~:text=The%20Union%20government%20on%20Tuesday,actors%2C%20businesspersons%20and%20other%20celebrities

Introduction

The hospitality industry is noted to be one of the industries most influenced by technology. Hotels, restaurants, and travel services are increasingly reliant on digital technologies to automate core operations and customer interactions. The shift to electronic modes of conducting business has made the industry a popular target for cyber threats. In light of increasing cyber threats, safeguarding personal and sensitive personal data on the part of the hospitality industry becomes significant not only from a customer standpoint but also from an organisational and legal perspective.

Role of cybersecurity in the hospitality industry

A hospitality industry-based entity (“HI entity”) deploys several technologies not only to automate operations but to also deliver excellent customer experiences. Technologies such as IoTs that enable smart controls in rooms, Point-of-Sale systems that manage reservations, Call Accounting Systems that track and record customer calls, keyless entry systems, and mobile apps that facilitate easy booking and service requests are popularly used in addition to operative technologies such as Property Management Systems, Hotel Accounting Systems, Local Area Networks (LAN).{1} These technologies collect vast volumes of data daily due to the nature of operations. Such data necessarily includes personal information such as names, addresses, phone numbers, email IDs etc. and sensitive information such as gender, bank account and payment details, health information pertaining to food allergens etc. Resultantly, the breach and loss of such critical data impacts customer trust and loyalty and in turn, their retention within the business. Lack of adequate cybersecurity measures also impacts the reputation and goodwill of an HI entity since customers are more likely to opt for establishments that prioritise the protection of their data. In 2022, cybercriminals syphoned 20GB of internal documents and customer data from Marriott Hotels, which included credit card information and staff information such as wage data, corporate card number and even a personnel assessment file. A much larger breach was seen in 2018, where 383 million booking records and 5.3 million unencrypted passport numbers were stolen from Marriott’s servers.{2}

Cybersecurity is also central to safeguarding trade secrets and key confidential trade information. An estimate of US $6 trillion per year on average amounts to losses generated from cybercrimes.{3} The figure, however, does not include the cost of breach, expenses related to incident response, legal fees, regulatory fines etc which may be significantly higher for a HI entity when loss of potential profits is factored in.

Cybersecurity is also central from a legal standpoint. Legal provisions in various jurisdictions mandate the protection of guest data. In India, the Digital Personal Data Protection Act 2023, imposes a penalty of up to Rs. 50 Crores on a breach in observing obligations to take reasonable security safeguards to prevent personal data breach.{4} Similarly, the General Data Protection Regulation (GDPR) of the European Union also has guidelines for protecting personal data. Several other industry-specific rules, such as those pertaining to consumer protection,  may also be applicable.

Breaches and Mitigation

There are several kinds of cyber security threats faced by an HI entity. “Fake Booking” is a popular method of cyber attack, whereby attackers build and design a website that is modelled exactly after the hotel’s legitimate website. Many customers end up using such malicious phishing websites thereby exposing their personal and sensitive personal data to threats. Additionally, the provision of free wifi within hotel premises, usually accessible freely to the public, implies that a malicious actor may introduce viruses and updates bearing malware. Other common cyber threats include denial of service (DoS) attacks, supply chain attacks, ransomware threats, SQL injection attacks (a type of attack where malicious code is inserted into a database to manipulate data and gain access to information), buffer overflow or buffer overrun (when the amount of data exceeds its storage capacity, implying that the excess data overflows into other memory locations and corrupt or overwrites data in those locations). 

One of the best ways to manage data breaches is to leverage newer technologies that operate on a “privacy by design” model. An HI entity must deploy web application firewalls (WAF) that differ from regular firewalls since they can filter the content of specific web applications and prevent cyber attacks. Another method to safeguard data is by deploying a digital certificate which binds a message/instruction to the owner/generator of the message. This is useful in preventing any false claims fraud by customers. Digital certificates may be deployed on distributed ledger technologies such as blockchain, that are noted for their immutability, transparency and security. Self-sovereign identities or Identifiers (SSI) are also a security use-concept of blockchain whereby individuals own and control their personal data, thereby eliminating reliance on central authorities.{5} In the hospitality industry, SSIs enhance cybersecurity by securely storing identity-related information on a decentralised network, thereby reducing the risk of data breaches. Users can selectively share their information, ensuring privacy and minimising data exposure. This approach not only protects guests' personal details but also streamlines authentication processes, making interactions safer and more efficient.

From a less technical standpoint, cybersecurity insurance may be opted for by a hotel to secure themselves and customer information against breach. Through such insurance, a hotel may cover the liability that arises from breaches caused by both first- and third-party actions.{6} Additionally, Payment Cards Industry Data Security Standards should be adhered to, since these standards ensure that businesses should apply best practices when processing credit card data through optimised security. Employee training and upskilling in basic, practical cybersecurity measures and good practices is also a critical component of a comprehensive cybersecurity strategy.

References:

• [1]  The Growing Importance of Cybersecurity in the Hospitality Industry”, Alfatec, 11 September 2023 https://www.alfatec.ai/academy/resource-library/the-growing-importance-of-cybersecurity-in-the-hospitality-industry
• [2]  Vigliarolo, Brandon, “Marriott Hotels admit to third data breach in 4 years”, 6 July 2022 https://www.theregister.com/2022/07/06/marriott_hotels_suffer_yet_another/#:~:text=In%20the%20case%20of%20the,of%20an%20individual%20organization%20ever. 

• [3] Shabani, Neda & Munir, Arslan. (2020). A Review of Cyber Security Issues in the Hospitality Industry. 10.1007/978-3-030-52243-8_35. https://www.researchgate.net/publication/342683038_A_Review_of_Cyber_Security_Issues_in_Hospitality_Industry/citation/download    
• [4] The Digital Personal Data Protection Act 2023 https://www.meity.gov.in/writereaddata/files/Digital%20Personal%20Data%20Protection%20Act%202023.pdf 
• [5]  “What is self-sovereign identity?”, Sovrin, 6 December 2018 https://sovrin.org/faq/what-is-self-sovereign-identity/ 
• [6] Yasar, Kinza, “Cyber Insurance”, Tech Target https://www.techtarget.com/searchsecurity/definition/cybersecurity-insurance-cybersecurity-liability-insurance 

Executive Summary:

A misleading video of a child covered in ash allegedly circulating as the evidence for attacks against Hindu minorities in Bangladesh. However, the  investigation revealed that the video is actually from Gaza, Palestine, and was filmed following an Israeli airstrike in July 2024. The claim linking the video to Bangladesh is false and misleading.

Claims:

A viral video claims to show a child in Bangladesh covered in ash as evidence of attacks on Hindu minorities.

Fact Check:

Upon receiving the viral posts, we conducted a Google Lens search on keyframes of the video, which led us to a X post posted by Quds News Network. The report identified the video as footage from Gaza, Palestine, specifically capturing the aftermath of an Israeli airstrike on the Nuseirat refugee camp in July 2024.

The caption of the post reads, “Journalist Hani Mahmoud reports on the deadly Israeli attack yesterday which targeted a UN school in Nuseirat, killing at least 17 people who were sheltering inside and injuring many more.”

‍

To further verify, we examined the video footage where the watermark of Al Jazeera News media could be seen, We found the same post posted on the Instagram account on 14 July, 2024 where we confirmed that the child in the video had survived a massacre caused by the Israeli airstrike on a school shelter in Gaza. 

‍

Additionally, we found the same video uploaded to CBS News' YouTube channel, where it was clearly captioned as "Video captures aftermath of Israeli airstrike in Gaza",  further confirming its true origin.

‍

We found no credible reports or evidence were found linking this video to any incidents in Bangladesh. This clearly implies that the viral video was falsely attributed to Bangladesh. 

Conclusion:

The video circulating on social media which shows a child covered in ash as the evidence of attack against Hindu minorities is false and misleading. The investigation leads that the video originally originated from Gaza, Palestine and documents the aftermath of an Israeli air strike in July 2024.  

• Claims: A video shows a child in Bangladesh covered in ash as evidence of attacks on Hindu minorities.
• Claimed by: Facebook
• Fact Check: False & Misleading