#FactCheck - "Deepfake Video Falsely Claims Justin Trudeau Endorses Investment Project”

Recognizing As the Ministry of Electronic and Information Technology (MeitY) continues to invite proposals from academicians, institutions, and industry experts to develop frameworks and tools for AI-related issues through the IndiaAI Mission, it has also funded two AI projects that will deal with matters related to deepfakes as per a status report submitted on 21st November 2024. The Delhi court also ordered the nomination of the members of a nine-member Committee constituted by the MeitY on 20th November 2024 (to address deepfake issues) and asked for a report within three months.‍

Funded AI projects :

The two projects funded by MeitY are:

1. Fake Speech Detection Using Deep Learning Framework- The project was initiated in December 2021 and focuses on detecting fake speech by creating a web interface for detection software this also includes investing in creating a speech verification software platform that is specifically designed for testing fake speech detection systems. It is set to end in December 2024. 
2. Design and Development of Software for Detecting Deepfake Videos and Images- This project was funded by MeitY from January 2022 to March 2024. It also involved the Centre for Development of Advanced Computing (C-DAC), Kolkata and Hyderabad as they have developed a prototype tool capable of detecting deepfakes. Named FakeCheck, it is designed as a desktop application and a web portal aiming to detect deepfakes without the use of the internet. Reports suggest that it is currently undergoing the testing phase and awaiting feedback.

‍

Apart from these projects, MeitY has released their expression of interest for proposals in four other areas which include: 

• Tools that detect AI-generated content along with traceable markers,
• Tools that develop an ethical AI framework for AI systems to be transparent and respect human values,
• An AI risk management and assessment tool that analyses threats and precarious situations of AI-specific risks in public AI use cases and;
• Tools that can assess the resilience of AI in stressful situations such as cyberattacks, national disasters, operational failures, etc. 

CyberPeace Outlook

Deepfakes pose significant challenges to critical sectors in India, such as healthcare and education, where manipulated content can lead to crimes like digital impersonation, misinformation, and fraud. The rapid advancement of AI, with developments (regarding regulation) that can’t keep pace, continues to fuel such threats. Recognising these risks, MeitY’s IndiaAI mission, promoting investments and encouraging educational institutions to undertake AI projects that strengthen the country's digital infrastructure comes in as a guiding light. A part of the mission focuses on developing indigenous solutions, including tools for assessment and regulation, to address AI-related threats effectively. While India is making strides in this direction, the global AI landscape is evolving rapidly, with many nations advancing regulations to mitigate AI-driven challenges. Consistent steps, including inviting proposals and funding projects provide the much-needed impetus for the mission to be realized.

References

1. https://economictimes.indiatimes.com/tech/technology/meity-dot-at-work-on-projects-for-fair-ai-development/articleshow/115777713.cms?from=mdr
2. https://www.hindustantimes.com/india-news/meity-seeks-tools-to-detect-deepfakes-label-ai-generated-content-101734410291642.html
3. https://www.msn.com/en-in/news/India/meity-funds-two-ai-projects-to-detect-fake-media-forms-committee-on-deepfakes/ar-AA1vMAlJ
4. https://indiaai.gov.in/

‍

Introduction

Data Breaches have taken over cyberspace as one of the rising issues, these data breaches result in personal data making its way toward cybercriminals who use this data for no good. As netizens, it's our digital responsibility to be cognizant of our data and the data of one's organization. The increase in internet and technology penetration has made people move to cyberspace at a rapid pace, however, awareness regarding the same needs to be inculcated to maximise the data safety of netizens. The recent AIIMS cyber breach has got many organisations worried about their cyber safety and security. According to the HIPPA Journal, 66% of healthcare organizations reported ransomware attacks on them. Data management and security is the prime aspect of clients all across the industry and is now growing into a concern for many. The data is primarily classified into three broad terms-

• Personal Identified Information (PII) - Any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means.
• Non-Public Information (NPI) - The personal information of an individual that is not and should not be available to the public. This includes Social Security Numbers, bank information, other personal identifiable financial information, and certain transactions with financial institutions.
• Material Non-Public Information (MNPI) - Data relating to a company that has not been made public but could have an impact on its share price. It is against the law for holders of nonpublic material information to use the information to their advantage in trading stocks.

This classification of data allows the industry to manage and secure data effectively and efficiently and at the same time, this allows the user to understand the uses of their data and its intensity in case of breach of data. Organisations process data that is a combination of the above-mentioned classifications and hence in instances of data breach this becomes a critical aspect. Coming back to the AIIMS data breach, it is a known fact that AIIMS is also an educational and research institution. So, one might assume that the reason for any attack on AIIMS could be either to exfiltrate patient data or could be to obtain hands-on the R & D data including research-related intellectual properties. If we postulate the latter, we could also imagine that other educational institutes of higher learning such as IITs, IISc, ISI, IISERs, IIITs, NITs, and some of the significant state universities could also be targeted. In 2021, the Ministry of Home Affairs through the Ministry of Education sent a directive to IITs and many other institutes to take certain steps related to cyber security measures and to create SoPs to establish efficient data management practices. The following sectors are critical in terms of data protection-

• Health sector
• Financial sector
• Education sector
• Automobile sector

These sectors are generally targeted by bad actors and often data breach from these sectors result in cyber crimes as the data is soon made available on Darkweb. These institutions need to practice compliance like any other corporate house as the end user here is the netizen and his/her data is of utmost importance in terms of protection.Organisations in today's time need to be in coherence to the advancement in cyberspace to find out keen shortcomings and vulnerabilities they may face and subsequently create safeguards for the same. The AIIMS breach is an example to learn from so that we can protect other organisations from such cyber attacks. To showcase strong and impenetrable cyber security every organisation should be able to answer these questions-

• Do you have a centralized cyber asset inventory?
• Do you have human resources that are trained to model possible cyber threats and cyber risk assessment?
• Have you ever undertaken a business continuity and resilience study of your institutional digitalized business processes?
• Do you have a formal vulnerability management system that enumerates vulnerabilities in your cyber assets and a patch management system that patches freshly discovered vulnerabilities?
• Do you have a formal configuration assessment and management system that checks the configuration of all your cyber assets and security tools (firewalls, antivirus management, proxy services) regularly to ensure they are most securely configured?
• Do have a segmented network such that your most critical assets (servers, databases, HPC resources, etc.) are in a separate network that is access-controlled and only people with proper permission can access?
• Do you have a cyber security policy that spells out the policies regarding the usage of cyber assets, protection of cyber assets, monitoring of cyber assets, authentication and access control policies, and asset lifecycle management strategies?
• Do you have a business continuity and cyber crisis management plan in place which is regularly exercised like fire drills so that in cases of exigencies such plans can easily be followed, and all stakeholders are properly trained to do their part during such emergencies?
• Do you have multi-factor authentication for all users implemented?
• Do you have a supply chain security policy for applications that are supplied by vendors? Do you have a vendor access policy that disallows providing network access to vendors for configuration, updates, etc?
• Do you have regular penetration testing of the cyberinfrastructure of the organization with proper red-teaming?
• Do you have a bug-bounty program for students who could report vulnerabilities they discover in your cyber infrastructure and get rewarded?
• Do you have an endpoint security monitoring tool mandatory for all critical endpoints such as database servers, application servers, and other important cyber assets?
• Do have a continuous network monitoring and alert generation tool installed?
• Do you have a comprehensive cyber security strategy that is reflected in your cyber security policy document?
• Do you regularly receive cyber security incidents (including small, medium, or high severity incidents, network scanning, etc) updates from your cyber security team in order to ensure that top management is aware of the situation on the ground?
• Do you have regular cyber security skills training for your cyber security team and your IT/OT engineers and employees?
• Do your top management show adequate support, and hold the cyber security team accountable on a regular basis?
• Do you have a proper and vetted backup and restoration policy and practice?

If any organisation has definite answers to these questions, it is safe to say that they have strong cyber security, these questions should not be taken as a comparison but as a checklist by various organisations to be up to date in regard to the technical measures and policies related to cyber security. Having a strong cyber security posture does not drive the cyber security risk to zero but it helps to reduce the risk and improves the fighting chance. Further, if a proper risk assessment is regularly carried out and high-risk cyber assets are properly protected, then the damages resulting from cyber attacks can be contained to a large extent.

Introduction 

The pervasive issue of misinformation in India is a multifaceted challenge with profound implications for democratic processes, public awareness, and social harmony. The Election Commission of India (ECI) has taken measures to counter misinformation during the 2024 elections. ECI has launched campaigns to educate people and urge them to verify election-related content and share responsibly on social media. In response to the proliferation of fake news and misinformation online, the ECI has introduced initiatives such as ‘Myth vs. Reality’ and  'VerifyBeforeYouAmplify' to clear the air around fake news being spread on social media. EC measures aim to ensure that the spread of misinformation is curbed, especially during election time, when voters consume a lot of information from social media. It is of the utmost importance that voters take in facts and reliable information and avoid any manipulative or fake information that can negatively impact the election process. 

EC Collaboration with Tech Platforms

In this new age of technology, the Internet and social media continue to witness a surge in the spread of misinformation, disinformation, synthetic media content, and deepfake videos. This has rightly raised serious concerns. The responsible use of social media is instrumental in maintaining the accuracy of information and curbing misinformation incidents. 

The ECI has collaborated with Google to empower the citizenry by making it easy to find critical voting information on Google Search and YouTube. In this way, Google supports the 2024 Indian General Election by providing high-quality information to voters, safeguarding platforms from abuse, and helping people navigate AI-generated content. The company connects voters to helpful information through product features that show data from trusted organisations across its portfolio. YouTube showcases election information panels, including how to register to vote, how to vote, and candidate information. YouTube's recommendation system prominently features content from authority sources on the homepage, in search results, and in the "Up Next" panel. YouTube highlights high-quality content from authoritative news sources during key moments through its Top News and Breaking News shelves, as well as the news watch page. 

Google has also implemented strict policies and restrictions regarding who can run election-related advertising campaigns on its platforms. They require all advertisers who wish to run election ads to undergo an identity verification process, provide a pre-certificate issued by the ECI or anyone authorised by the ECI for each election ad they want to run where necessary, and have in-ad disclosures that clearly show who paid for the ad. Additionally, they have long-standing ad policies that prohibit ads from promoting demonstrably false claims that could undermine trust or participation in elections.

CyberPeace Countering Misinformation

CyberPeace Foundation, a leading organisation in the field of cybersecurity works to promote digital peace for all. CyberPeace is working on the wider ecosystem to counter misinformation and develop a safer and more responsible Internet. CyberPeace has collaborated with Google.org to run a pan-India awareness-building program and comprehensive multilingual digital resource hub with content available in up to 15 Indian languages to empower over 40 million netizens in building resilience against misinformation and practising responsible online behaviour. This step is crucial in creating a strong foundation for a trustworthy  Internet and secure digital landscape.  

Myth vs Reality Register by ECI

The Election Commission of India (ECI) has launched the 'Myth vs Reality Register' to combat misinformation and ensure the integrity of the electoral process during the general elections 2024. The 'Myth vs Reality Register' can be accessed through the Election Commission's official website (https://mythvsreality.eci.gov.in/). All stakeholders are urged to verify and corroborate any dubious information they receive through any channel with the information provided in the register. The register provides a one-stop platform for credible and authenticated election-related information, with the factual matrix regularly updated to include the latest busted fakes and fresh FAQs. The ECI has identified misinformation as one of the challenges, along with money, muscle, and Model Code of Conduct violations, for electoral integrity. The platform can be used to verify information, prevent the spread of misinformation, debunk myths, and stay informed about key issues during the General Elections 2024.

The ECI has taken proactive steps to combat the challenge of misinformation which could cripple the democratic process. EC has issued directives urging vigilance and responsibility from all stakeholders, including political parties, to verify information before amplifying it. The EC has also urged responsible behaviour on social media platforms and discourse that inspires unity rather than division. The commission has stated that originators of false information will face severe consequences, and nodal officers across states will remove unlawful content. Parties are encouraged to engage in issue-based campaigning and refrain from disseminating unverified or misleading advertisements.

Conclusion

The steps taken by the ECI have been designed to empower citizens and help them affirm the accuracy and authenticity of content before amplifying it. All citizens must be well-educated about the entire election process in India. This includes information on how the electoral rolls are made, how candidates are monitored, a complete database of candidates and candidate backgrounds, party manifestos, etc. For informed decision-making, active reading and seeking information from authentic sources is imperative. The partnership between government agencies, tech platforms and civil societies helps develop strategies to counter the widespread misinformation and promote online safety in general, and electoral integrity in particular. 

References 

• https://pib.gov.in/PressReleasePage.aspx?PRID=2017375

• https://pib.gov.in/PressReleaseIframePage.aspx?PRID=2016941#:~:text=To%20combat%20the%20spread%20of,the%20ongoing%20General%20Elections%202024
• https://www.business-standard.com/elections/lok-sabha-election/ls-elections-2024-ec-uses-social-media-to-nudge-electors-to-vote-124040700429_1.html
• https://blog.google/intl/en-in/company-news/outreach-initiatives/supporting-the-2024-indian-general-election/
• https://blog.google/intl/en-in/partnering-indias-success-in-a-new-digital-paradigm/

‍