#FactCheck - Afghan Cricket Team's Chant Misrepresented in Viral Video

Introduction

The hospitality industry is noted to be one of the industries most influenced by technology. Hotels, restaurants, and travel services are increasingly reliant on digital technologies to automate core operations and customer interactions. The shift to electronic modes of conducting business has made the industry a popular target for cyber threats. In light of increasing cyber threats, safeguarding personal and sensitive personal data on the part of the hospitality industry becomes significant not only from a customer standpoint but also from an organisational and legal perspective.

Role of cybersecurity in the hospitality industry

A hospitality industry-based entity (“HI entity”) deploys several technologies not only to automate operations but to also deliver excellent customer experiences. Technologies such as IoTs that enable smart controls in rooms, Point-of-Sale systems that manage reservations, Call Accounting Systems that track and record customer calls, keyless entry systems, and mobile apps that facilitate easy booking and service requests are popularly used in addition to operative technologies such as Property Management Systems, Hotel Accounting Systems, Local Area Networks (LAN).{1} These technologies collect vast volumes of data daily due to the nature of operations. Such data necessarily includes personal information such as names, addresses, phone numbers, email IDs etc. and sensitive information such as gender, bank account and payment details, health information pertaining to food allergens etc. Resultantly, the breach and loss of such critical data impacts customer trust and loyalty and in turn, their retention within the business. Lack of adequate cybersecurity measures also impacts the reputation and goodwill of an HI entity since customers are more likely to opt for establishments that prioritise the protection of their data. In 2022, cybercriminals syphoned 20GB of internal documents and customer data from Marriott Hotels, which included credit card information and staff information such as wage data, corporate card number and even a personnel assessment file. A much larger breach was seen in 2018, where 383 million booking records and 5.3 million unencrypted passport numbers were stolen from Marriott’s servers.{2}

Cybersecurity is also central to safeguarding trade secrets and key confidential trade information. An estimate of US $6 trillion per year on average amounts to losses generated from cybercrimes.{3} The figure, however, does not include the cost of breach, expenses related to incident response, legal fees, regulatory fines etc which may be significantly higher for a HI entity when loss of potential profits is factored in.

Cybersecurity is also central from a legal standpoint. Legal provisions in various jurisdictions mandate the protection of guest data. In India, the Digital Personal Data Protection Act 2023, imposes a penalty of up to Rs. 50 Crores on a breach in observing obligations to take reasonable security safeguards to prevent personal data breach.{4} Similarly, the General Data Protection Regulation (GDPR) of the European Union also has guidelines for protecting personal data. Several other industry-specific rules, such as those pertaining to consumer protection,  may also be applicable.

Breaches and Mitigation

There are several kinds of cyber security threats faced by an HI entity. “Fake Booking” is a popular method of cyber attack, whereby attackers build and design a website that is modelled exactly after the hotel’s legitimate website. Many customers end up using such malicious phishing websites thereby exposing their personal and sensitive personal data to threats. Additionally, the provision of free wifi within hotel premises, usually accessible freely to the public, implies that a malicious actor may introduce viruses and updates bearing malware. Other common cyber threats include denial of service (DoS) attacks, supply chain attacks, ransomware threats, SQL injection attacks (a type of attack where malicious code is inserted into a database to manipulate data and gain access to information), buffer overflow or buffer overrun (when the amount of data exceeds its storage capacity, implying that the excess data overflows into other memory locations and corrupt or overwrites data in those locations). 

One of the best ways to manage data breaches is to leverage newer technologies that operate on a “privacy by design” model. An HI entity must deploy web application firewalls (WAF) that differ from regular firewalls since they can filter the content of specific web applications and prevent cyber attacks. Another method to safeguard data is by deploying a digital certificate which binds a message/instruction to the owner/generator of the message. This is useful in preventing any false claims fraud by customers. Digital certificates may be deployed on distributed ledger technologies such as blockchain, that are noted for their immutability, transparency and security. Self-sovereign identities or Identifiers (SSI) are also a security use-concept of blockchain whereby individuals own and control their personal data, thereby eliminating reliance on central authorities.{5} In the hospitality industry, SSIs enhance cybersecurity by securely storing identity-related information on a decentralised network, thereby reducing the risk of data breaches. Users can selectively share their information, ensuring privacy and minimising data exposure. This approach not only protects guests' personal details but also streamlines authentication processes, making interactions safer and more efficient.

From a less technical standpoint, cybersecurity insurance may be opted for by a hotel to secure themselves and customer information against breach. Through such insurance, a hotel may cover the liability that arises from breaches caused by both first- and third-party actions.{6} Additionally, Payment Cards Industry Data Security Standards should be adhered to, since these standards ensure that businesses should apply best practices when processing credit card data through optimised security. Employee training and upskilling in basic, practical cybersecurity measures and good practices is also a critical component of a comprehensive cybersecurity strategy.

References:

• [1]  The Growing Importance of Cybersecurity in the Hospitality Industry”, Alfatec, 11 September 2023 https://www.alfatec.ai/academy/resource-library/the-growing-importance-of-cybersecurity-in-the-hospitality-industry
• [2]  Vigliarolo, Brandon, “Marriott Hotels admit to third data breach in 4 years”, 6 July 2022 https://www.theregister.com/2022/07/06/marriott_hotels_suffer_yet_another/#:~:text=In%20the%20case%20of%20the,of%20an%20individual%20organization%20ever. 

• [3] Shabani, Neda & Munir, Arslan. (2020). A Review of Cyber Security Issues in the Hospitality Industry. 10.1007/978-3-030-52243-8_35. https://www.researchgate.net/publication/342683038_A_Review_of_Cyber_Security_Issues_in_Hospitality_Industry/citation/download    
• [4] The Digital Personal Data Protection Act 2023 https://www.meity.gov.in/writereaddata/files/Digital%20Personal%20Data%20Protection%20Act%202023.pdf 
• [5]  “What is self-sovereign identity?”, Sovrin, 6 December 2018 https://sovrin.org/faq/what-is-self-sovereign-identity/ 
• [6] Yasar, Kinza, “Cyber Insurance”, Tech Target https://www.techtarget.com/searchsecurity/definition/cybersecurity-insurance-cybersecurity-liability-insurance 

Introduction to Grooming

The term grooming is believed to have been first used by a group of investigators in the 1970s to describe patterns of seduction of an offender towards a child. It eventually evolved and began being commonly used by law enforcement agencies and has now replaced the term seduction for this behavioural pattern. At its core, grooming refers to conditioning a child by an adult offender to further their wrong motives. In its most popular sense, it refers to the sexual victimisation of children whereby an adult befriends a minor and builds an emotional connection to sexually abuse, exploit and even trafficking such a victim. The onset of technology has shifted the offline physical proximity of perpetrators to the internet, enabling groomers to integrate themselves completely into the victim’s life by maintaining consistent contact. It is noted that while grooming can occur online and offline, groomers often establish online contact before moving the ‘relationship’ offline to commit sexual offences.

Underreporting and Vulnerability of Teenagers

Given the elusive nature of the crime, cyber grooming remains one of the most underreported crimes by victims, who are often unaware or embarrassed to share their experiences. Teenagers are particularly more susceptible to cyber grooming since they not only have more access to the internet but also engage in more online risk-taking behaviours such as posting sensitive and personal pictures. Studies indicate that individuals aged 18 to 23 often lack awareness regarding the grooming process. They frequently engage in relationships with groomers without recognising the deceptive and manipulative tactics employed, mistakenly perceiving these relationships as consensual rather than abusive.

Rise of Cyber Grooming incidents after COVID-19 pandemic

There has been an uptick in cyber grooming after the COVID-19 pandemic, whereby an adult poses as a teenager or a child and befriends a minor on child-friendly websites or social media outlets and builds an emotional connection with the victim. The main goal is to obtain intimate and personal data of the minor, often in the form of sexual chats, pictures or videos, to threaten and coerce them into continuing such acts. The grooming process usually begins with seemingly harmless inquiries about the minor's age, interests, and family background. Over time, these questions gradually shift to topics concerning sexual experiences and desires. Research and data indicate that online grooming is primarily carried out by males, who frequently choose their victims based on attractiveness, ease of access, and the ability to exploit the minor's vulnerabilities. 

Beyond Sexual Exploitation: Ideological and Commercial Grooming

Grooming is not confined to sexual exploitation. The rise of technology has expanded the influence of extremist ideological groups, granting them access to children who can be coerced into adopting their beliefs. This phenomenon, known as ideological grooming, presents significant personal, social, national security, and law enforcement challenges. Additionally, a new trend, termed digital commercial grooming, involves malicious actors manipulating minors into procuring and using drugs. Violent extremists are improving their online recruitment strategies, learning from each other to target and recruit supporters more effectively and are constantly leveraging children’s vulnerabilities to reinforce anti-government ideologies.

Policy Recommendations to Combat Cyber Grooming

To address the pervasive issue of cyber grooming and child recruitment by extremist groups, several policy recommendations can be implemented. Social media and online platforms should enhance their monitoring and reporting systems to swiftly detect and remove grooming behaviours. This includes investing in AI technologies for content moderation and employing dedicated teams to respond to reports promptly. Additionally, collaborative efforts with cybersecurity experts and child psychologists to develop educational campaigns and tools that teach children about online safety and identify grooming tactics should be mandated. Legislation should also be strengthened to include provisions specifically addressing cyber grooming, ensuring strict penalties for offenders and protections for victims. In this regard, international cooperation among law enforcement agencies and tech companies is essential to create a unified approach to tackling cross-border online threats to children's safety and security.

References:

1. Lanning, Kenneth “The Evolution of Grooming: Concept and Term”, Journal of Interpersonal Violence, 2018, Vol. 33 (1) 5-16. https://www.nationalcac.org/wp-content/uploads/2019/05/The-evolution-of-grooming-Concept-and-term.pdf 
2. Jonie Chiu, Ethel Quayle, “Understanding online grooming: An interpretative phenomenological analysis of adolescents' offline meetings with adult perpetrators”, Child Abuse & Neglect, Volume 128, 2022, 105600, ISSN 0145-2134,https://doi.org/10.1016/j.chiabu.2022.105600. https://www.sciencedirect.com/science/article/pii/S014521342200120X 
3. “Online child sexual exploitation and abuse”, Sharinnf Electronic Resources on Laws and Crime, United Nations Office for Drugs and Crime. https://sherloc.unodc.org/cld/en/education/tertiary/cybercrime/module-12/key-issues/online-child-sexual-exploitation-and-abuse.html 
4. Mehrotra, Karishma, “In the pandemic, more Indian children are falling victim to online grooming for sexual exploitation” The Scroll.in, 18 September 2021. https://scroll.in/magazine/1005389/in-the-pandemic-more-indian-children-are-falling-victim-to-online-grooming-for-sexual-exploitation 
5. Lorenzo-Dus, Nuria, “Digital Grooming: Discourses of Manipulation and Cyber-Crime”, 18 December 2022 https://academic.oup.com/book/45362
6. Strategic orientations on a coordinated EU approach to prevention of radicalisation in 2022-2023 https://home-affairs.ec.europa.eu/system/files/2022-03/2022-2023%20Strategic%20orientations%20on%20a%20coordinated%20EU%20approach%20to%20prevention%20of%20radicalisation_en.pdf 
7. “Handbook on Children Recruited and Exploited by Terrorist and Violent Extremist Groups: The Role of the Justice System”, United Nations Office on Drugs and Crime, 2017. https://www.unodc.org/documents/justice-and-prison-reform/Child-Victims/Handbook_on_Children_Recruited_and_Exploited_by_Terrorist_and_Violent_Extremist_Groups_the_Role_of_the_Justice_System.E.pdf 

‍

Introduction

The Telecom Regulatory Authority of India (TRAI) issued a consultation paper titled “Encouraging Innovative Technologies, Services, Use Cases, and Business Models through Regulatory Sandbox in Digital Communication Sector. The paper presents a draft sandbox structure for live testing of new digital communication products or services in a regulated environment. TRAI seeks comments from stakeholders on several parts of the framework.

What is digital communication?

Digital communication is the use of internet tools such as email, social media messaging, and texting to communicate with other people or a specific audience. Even something as easy as viewing the content on this webpage qualifies as digital communication.

Aim of Paper

• Frameworks are intended to support regulators’ desire for innovation while also ensuring economic resilience and consumer protection. Considering this, the Department of Telecom (DoT) asked TRAI to offer recommendations on a regulatory sandbox framework. TRAI approaches the issue with the goal of encouraging creativity and hastening the adoption of cutting-edge digital communications technologies.
• Artificial intelligence, the Internet of Things, edge computing, and other emerging technologies are revolutionizing how we connect, communicate, and access information, driving the digital communication sector to rapidly expand. To keep up with this dynamic environment, an enabling environment for the development and deployment of novel technologies, services, use cases, and business models is required.
• The regulatory sandbox concept is becoming increasingly popular around the world as a means of encouraging innovation in a range of industries. A regulatory sandbox is a regulated environment in which businesses and innovators can test their concepts, commodities, and services while operating under changing restrictions.
• Regulatory Sandbox will benefit the telecom startup ecosystem by providing access to a real-time network environment and other data, allowing them to evaluate the reliability of new applications before releasing them to the market. Regulatory Sandbox also attempts to stimulate cross-sectoral collaboration for carrying out such testing by engaging the assistance of other ministries and departments in order to give the starting company with a single window for acquiring all clearances.

What is regulatory sandbox?

• A regulatory sandbox is a controlled regulatory environment in which new products or services are tested in real-time.
• It serves as a “safe space” for businesses because authorities may or may not allow certain relaxations for the sole purpose of testing.
• The sandbox enables the regulator, innovators, financial service providers, and clients to perform field testing in order to gather evidence on the benefits and hazards of new financial innovations, while closely monitoring and mitigating their risks.

What are the advantages of having a regulatory sandbox?

• Firstly, regulators obtain first-hand empirical evidence on the benefits and risks of emerging technologies and their implications, allowing them to form an informed opinion on the regulatory changes or new regulations that may be required to support useful innovation while mitigating the associated risks.
• Second, sandbox customers can evaluate the viability of a product without the need for a wider and more expensive roll-out. If the product appears to have a high chance of success, it may be authorized and delivered to a wider market more quickly.

Digital communication sector and Regulatory Sandbox

• Many countries’ regulatory organizations have built sandbox settings for telecom tech innovation.
• These frameworks are intended to encourage regulators’ desire for innovation while also promoting economic resilience and consumer protection.
• In this context, the Department of Telecom (DoT) had asked TRAI to give recommendations on a regulatory sandbox framework.
• Written comments on the drafting framework will be received until July 17, 2023, and counter-comments will be taken until August 1, 2023. The Authority’s goal in the digital communication industry is to foster creativity and expedite the use of emerging technologies such as artificial intelligence (AI), the Internet of Things (IoT), and edge computing. These technologies are changing the way individuals connect, engage, and access information, causing rapid changes in the industry.

Conclusion

According to TRAI, these technologies are changing how individuals connect, engage, and obtain information, resulting in significant changes in the sector.

The regulatory sandbox also wants to stimulate cross-sectoral collaboration for carrying out such testing by engaging the assistance of other ministries and departments in order to give the starting company with a single window for acquiring all clearances. The consultation paper covers some of the worldwide regulatory sandbox frameworks in use in the digital communication industry, as well as some of the frameworks in use inside the country in other sectors.