The National Transport Repository: Legal Fault Lines in India’s Transport Data Policy

AI-generated content has been taking up space in the ever-changing dynamics of today's tech landscape. Generative AI has emerged as a powerful tool that has enabled the creation of hyper-realistic audio, video, and images. While advantageous, this ability has some downsides, too, particularly in content authenticity and manipulation. 

The impact of this content is varied in the areas of ethical, psychological and social harms seen in the past couple of years. A major concern is the creation of non-consensual explicit content, including nudes. This content includes content where an individual’s face gets superimposed onto explicit images or videos without their consent. This is not just a violation of privacy for individuals, and can have humongous consequences for their professional and personal lives. This blog examines the existing laws and whether they are equipped to deal with the challenges that this content poses. 

Understanding the Deepfake Technology

Deepfake technology is a media file (image, video, or speech) that typically represents a human subject that is altered deceptively using deep neural networks (DNNs). It is used to alter a person’s identity, and it usually takes the form of a “face swap” where the identity of a source subject is transferred onto a destination subject. The destination’s facial expressions and head movements remain the same, but the appearance in the video is that of the source. In the case of videos, the identities can be substituted by way of replacement or reenactment.

This superimposed content creates realistic content, such as fake nudes. Presently, creating a deepfake is not a costly endeavour. It requires a Graphics Processing Unit (GPU), software that is free, open-source, and easy to download, and graphics editing and audio-dubbing skills.  Some of the common apps to create deepfakes are DeepFaceLab and FaceSwap, which are both public and open source and are supported by thousands of users who actively participate in the evolution and development of these software and models. 

Legal Gaps and Challenges

Multiple gaps and challenges exist in the legal space for deepfakes and their regulation. They are:

1. The inadequate definitions governing AI-generated explicit content often lead to enforcement challenges.
2. Jurisdictional challenges due to the cross-border nature of crimes and the difficulties caused by international cooperation measures are in the early stages for AI content. 
3. There is a gap between the current consent-based and harassment laws for AI-generated nudes. 
4. Providing evidence or providing proof for the intent and identification of perpetrators in digital crimes is a challenge that is yet to be overcome. 

Policy Responses and Global Trends 

Presently, the global response to deepfakes is developing. The UK has developed the Online Safety Bill, the EU has the AI Act, the US has some federal laws such as the National AI Initiative Act of 2020 and India is currently developing the India AI Act as the specific legislation dealing with AI and its correlating issues. 

The IT Rules, 2021, and the DPDP Act, 2023, regulate digital platforms by mandating content governance, privacy policies, grievance redressal, and compliance with removal orders. Emphasising intermediary liability and safe harbour protections, these laws play a crucial role in tackling harmful content like AI-generated nudes, while the DPDP Act focuses on safeguarding privacy and personal data rights.

Bridging the Gap: CyberPeace Recommendations 

1. Initiate legislative reforms by advocating for clear and precise definitions for the consent frameworks and instituting high penalties for AI-based offences, particularly those which are aimed at sexually explicit material.
2. Advocate for global cooperation and collaborations by setting up international standards and bilateral and multilateral treaties that address the cross-border nature of these offences.
3. Platforms should push for accountability by pushing for stricter platform responsibility for the detection and removal of harmful AI-generated content. Platforms should introduce strong screening mechanisms to counter the huge influx of harmful content.  
4. Public campaigns which spread awareness and educate users about their rights and the resources available to them in case such an act takes place with them. 

Conclusion 

The rapid advancement of AI-generated explicit content demands immediate and decisive action. As this technology evolves, the gaps in existing legal frameworks become increasingly apparent, leaving individuals vulnerable to profound privacy violations and societal harm. Addressing this challenge requires adaptive, forward-thinking legislation that prioritises individual safety while fostering technological progress. Collaborative policymaking is essential and requires uniting governments, tech platforms, and civil society to develop globally harmonised standards. By striking a balance between innovation and societal well-being, we can ensure that the digital age is not only transformative but also secure and respectful of human dignity. Let’s act now to create a safer future!

References

• https://etedge-insights.com/technology/artificial-intelligence/deepfakes-and-the-future-of-digital-security-are-we-ready/
• https://odsc.medium.com/the-rise-of-deepfakes-understanding-the-challenges-and-opportunities-7724efb0d981 ‍
• https://insights.sei.cmu.edu/blog/how-easy-is-it-to-make-and-detect-a-deepfake/

Introduction

In an era when misinformation spreads like wildfire across the digital landscape, the need for effective strategies to counteract these challenges has grown exponentially in a very short period. Prebunking and Debunking are two approaches for countering the growing spread of misinformation online. Prebunking empowers individuals by teaching them to discern between true and false information and acts as a protective layer that comes into play even before people encounter malicious content. Debunking is the correction of false or misleading claims after exposure, aiming to undo or reverse the effects of a particular piece of misinformation. Debunking includes methods such as fact-checking, algorithmic correction on a platform, social correction by an individual or group of online peers, or fact-checking reports by expert organisations or journalists. An integrated approach which involves both strategies can be effective in countering the rapid spread of misinformation online.

Brief Analysis of Prebunking 

Prebunking is a proactive practice that seeks to rebut erroneous information before it spreads. The goal is to train people to critically analyse information and develop ‘cognitive immunity’ so that they are less likely to be misled when they do encounter misinformation. 

The Prebunking approach, grounded in Inoculation theory, teaches people to recognise, analyse and avoid manipulation and misleading content so that they build resilience against the same. Inoculation theory, a social psychology framework, suggests that pre-emptively conferring psychological resistance against malicious persuasion attempts can reduce susceptibility to misinformation across cultures. As the term suggests, the MO is to help the mind in the present develop resistance to influence that it may encounter in the future. Just as medical vaccines or inoculations help the body build resistance to future infections by administering weakened doses of the harm agent, inoculation theory seeks to teach people fact from fiction through exposure to examples of weak, dichotomous arguments, manipulation tactics like emotionally charged language, case studies that draw parallels between truths and distortions, and so on. In showing people the difference, inoculation theory teaches them to be on the lookout for misinformation and manipulation even, or especially, when they least expect it. 

The core difference between Prebunking and Debunking is that while the former is preventative and seeks to provide a broad-spectrum cover against misinformation, the latter is reactive and focuses on specific instances of misinformation. While Debunking is closely tied to fact-checking, Prebunking is tied to a wider range of specific interventions, some of which increase motivation to be vigilant against misinformation and others increase the ability to engage in vigilance with success.

There is much to be said in favour of the Prebunking approach because these interventions build the capacity to identify misinformation and recognise red flags However, their success in practice may vary. It might be difficult to scale up Prebunking efforts and ensure their reach to a larger audience. Sustainability is critical in ensuring that Prebunking measures maintain their impact over time. Continuous reinforcement and reminders may be required to ensure that individuals retain the skills and information they gained from the Prebunking training activities. Misinformation tactics and strategies are always evolving, so it is critical that Prebunking interventions are also flexible and agile and respond promptly to developing challenges. This may be easier said than done, but with new misinformation and cyber threats developing frequently, it is a challenge that has to be addressed for Prebunking to be a successful long-term solution. 

Encouraging people to be actively cautious while interacting with information, acquire critical thinking abilities, and reject the effect of misinformation requires a significant behavioural change over a relatively short period of time. Overcoming ingrained habits and prejudices, and countering a natural reluctance to change is no mean feat. Developing a widespread culture of information literacy requires years of social conditioning and unlearning and may pose a significant challenge to the effectiveness of Prebunking interventions. 

Brief Analysis of Debunking 

Debunking is a technique for identifying and informing people that certain news items or information are incorrect or misleading. It seeks to lessen the impact of misinformation that has already spread. The most popular kind of Debunking occurs through collaboration between fact-checking organisations and social media businesses. Journalists or other fact-checkers discover inaccurate or misleading material, and social media platforms flag or label it. Debunking is an important strategy for curtailing the spread of misinformation and promoting accuracy in the digital information ecosystem. 

Debunking interventions are crucial in combating misinformation. However, there are certain challenges associated with the same. Debunking misinformation entails critically verifying facts and promoting corrected information. However, this is difficult owing to the rising complexity of modern tools used to generate narratives that combine truth and untruth, views and facts. These advanced approaches, which include emotional spectrum elements, deepfakes, audiovisual material, and pervasive trolling, necessitate a sophisticated reaction at all levels: technological, organisational, and cultural.

Furthermore, It is impossible to debunk all misinformation at any given time, which effectively means that it is impossible to protect everyone at all times, which means that at least some innocent netizens will fall victim to manipulation despite our best efforts.  Debunking is inherently reactive in nature, addressing misinformation after it has grown extensively. This reactionary method may be less successful than proactive strategies such as Prebunking from the perspective of total harm done. Misinformation producers operate swiftly and unexpectedly, making it difficult for fact-checkers to keep up with the rapid dissemination of erroneous or misleading information. Debunking may need continuous exposure to fact-check to prevent erroneous beliefs from forming, implying that a single Debunking may not be enough to rectify misinformation.  Debunking requires time and resources, and it is not possible to disprove every piece of misinformation that circulates at any particular moment. This constraint may cause certain misinformation to go unchecked, perhaps leading to unexpected effects. The misinformation on social media can be quickly spread and may become viral faster than Debunking pieces or articles. This leads to a situation in which misinformation spreads like a virus, while the antidote to debunked facts struggles to catch up.

Prebunking vs Debunking: Comparative Analysis

Prebunking interventions seek to educate people to recognise and reject misinformation before they are exposed to actual manipulation. Prebunking offers tactics for critical examination, lessening the individuals' susceptibility to misinformation in a variety of contexts. On the other hand, Debunking interventions involve correcting specific false claims after they have been circulated. While Debunking can address individual instances of misinformation, its impact on reducing overall reliance on misinformation may be limited by the reactive nature of the approach.

CyberPeace Policy Recommendations for Tech/Social Media Platforms

With the rising threat of online misinformation, tech/social media platforms can adopt an integrated strategy that includes both Prebunking and Debunking initiatives to be deployed and supported on all platforms to empower users to recognise the manipulative messaging through Prebunking and be aware of the accuracy of misinformation through Debunking interventions. 

1. Gamified Inoculation: Tech/social media companies can encourage gamified inoculation campaigns, which is a competence-oriented approach to Prebunking misinformation. This can be effective in helping people immunise the receiver against subsequent exposures. It can empower people to build competencies to detect misinformation through gamified interventions. 
2. Promotion of Prebunking and Debunking Campaigns through Algorithm Mechanisms: Tech/social media platforms may promote and guarantee that algorithms prioritise the distribution of Prebunking materials to users, boosting educational content that strengthens resistance to misinformation. Platform operators should incorporate algorithms that prioritise the visibility of Debunking content in order to combat the spread of erroneous information and deliver proper corrections; this can eventually address and aid in Prebunking and Debunking methods to reach a bigger or targeted audience.
3. User Empowerment to Counter Misinformation: Tech/social media platforms can design user-friendly interfaces that allow people to access Prebunking materials, quizzes, and instructional information to help them improve their critical thinking abilities. Furthermore, they can incorporate simple reporting tools for flagging misinformation, as well as links to fact-checking resources and corrections.
4. Partnership with Fact-Checking/Expert Organizations: Tech/social media platforms can facilitate Prebunking and Debunking initiatives/campaigns by collaborating with fact-checking/expert organisations and promoting such initiatives at a larger scale and ultimately fighting misinformation with joint hands initiatives.

Conclusion

The threat of online misinformation is only growing with every passing day and so, deploying effective countermeasures is essential.  Prebunking and Debunking are the two such interventions. To sum up: Prebunking interventions try to increase resilience to misinformation, proactively lowering susceptibility to erroneous or misleading information and addressing broader patterns of misinformation consumption, while Debunking is effective in correcting a particular piece of misinformation and having a targeted impact on belief in individual false claims. An integrated approach involving both the methods and joint initiatives by tech/social media platforms and expert organizations can ultimately help in fighting the rising tide of online misinformation and establishing a resilient online information landscape. 

References

1. https://mark-hurlstone.github.io/THKE.22.BJP.pdf
2. https://futurefreespeech.org/wp-content/uploads/2024/01/Empowering-Audiences-Through-%E2%80%98Prebunking-Michael-Bang-Petersen-Background-Report_formatted.pdf
3. https://newsreel.pte.hu/news/unprecedented_challenges_Debunking_disinformation
4. https://misinforeview.hks.harvard.edu/article/global-vaccination-badnews/

‍

Introduction

MGM Resorts, which is an international company, has suffered an ongoing cyberattack which led to the shutdown of a number of its computer systems, including its website, in response to a cybersecurity issue. MGM Resorts International is in touch with external cybersecurity experts to resolve the issue since it has affected its entire Computer systems. MGM is a larger entity and operates thousands of hotel rooms across Las Vegas and the United States. MGM Resorts shared about the incident and posted that MGM recently identified a cybersecurity issue affecting some of the Company's systems. Promptly after detecting the issue, they quickly began an investigation with assistance from leading external cybersecurity experts. MGM has notified law enforcement and took prompt action to protect systems and data, including putting down certain systems. MGM further stated that the investigation is ongoing. 

‍The issue 

Basic operations such as the online reservation and booking system MGM have been affected and shut down due to the cybersecurity issue faced by a lot of visitors. Since earlier times, casino security has been the state of the art as they were very vulnerable to attacks by robbers and con artists. This is what we have also seen in a lot of movies. In today's time, con artists and robbers are now strengthened by cyber tactics. This is exactly what was seen in the case of the MGM attack. 

MGM Resorts is home to best-in-class amenities and facilities for guests, but with the increase in tourist traction, the vulnerabilities and the scope of cyber attacks have also increased. This is also because of open wifis in the establishments and the transition of casinos to e-casinos, thus causing a major shift towards digital and technology-based intervention for better customer experience and streamlining a lot of operations. 

How real is the threat? 

As reported by MGM Resorts, the following systems were impacted in the cyber security attack: 

• Slots Machines: The slot machines placed in the casino suddenly went offline and displayed an error message for the players. Some players who were already using the slot machines lost their bets and were unable to withdraw their winnings. 
• Room Keys: Some of the guests reported that the room keys became unresponsive, and in some cases, the replacement keys were also inactive for some time, causing massive chaos at the reception.  
• Booking Status: All the bookings in today's time are made online; this was one of the worst-hit segments of the cyber attacks. Most of the bookings made automatically were put on hold, and the confirmations could be made only from the hotel reception, thus causing massive cancelling of the bookings and both the hotel and customers losing out on money.
• MGM App: The official app of MGM Resorts was completely down, thus causing a situation of confusion and panic among the guests. The users also received notifications to speak to different customer care executives, but some of the numbers were unattentive and seemed to be operated by bad actors. 
• Data breach: The main focus of the cyber attack was dedicated to committing a data breach. The attack led to the breach of personal data of most of the users registered on the app or on the system of MGM Resorts. 

‍

Conclusion 

The cyber attack on the tourism industry is a major and growing concern for the industry and its customers. Seeing the volatility of the data and the regular inflow of personal information this makes the hotel's cyber security system a vulnerable choice for bad actors. The cyber attack was no less than a fire sale, where in all the segments of the services offered were impacted. Similar attacks were reported by MGM in 2019 and 2020, and subsequently, the safety measures were also deployed, but the bad actors have hit the resorts chain owners again, in such cases the most paramount defence is having a safe and regularly updated firewall, upskilling of staff for IT issues and attacks, active reporting and investigation mechanisms for assisting the LEAs. In the times of rising cyberattacks, one needs to be critical of their data management and digital footprints. The sooner we adopt safe, secure and resilient cyber hygiene practices, the safer our future will be.  

‍

References:

https://www.bleepingcomputer.com/news/security/mgm-resorts-shuts-down-it-systems-after-cyberattack/

https://www.usatoday.com/story/tech/news/2023/09/11/mgm-cyber-attack-impact-resorts-hotels-us/70828503007/

https://www.cnbc.com/2023/09/12/mgm-resorts-cybersecurity-incident-forces-system-outage.html

‍