#FactCheck - "Deepfake Video Falsely Claims of Elon Musk conducting give away for Cryptocurrency”

Data has become a critical asset for the advancement of a nation’s economic, social, and technological development. India’s emergence as a global digital economy hub makes it necessary to create a robust framework that addresses the challenges and opportunities of digital transformation. The Indian government introduced the Draft National Data Governance Framework Policy in 2022, aiming to create a comprehensive data handling and governance framework. This policy draft addresses key challenges in data management, privacy, and digital economy growth.  As per the recent media reports, the Draft National Data Governance Policy so prepared is under the finalisation stage, the government specified in its implementation document for the Budget 2023-24 announcement. The policy also aims to address the country's AI adoption and the issue of lack of datasets by providing widespread access to anonymized data.

Background and Need for the Policy

India has a robust digital economy with its adoption of the Digital India Initiative, Aadhaar digital identification, UPI for seamless payments and many more. In India, 751.5 million people connect to the internet, and is home to 462.0 million social media users in January 2024, equivalent to 32.2% of its total population (Data Reportal 2024). This has brought challenges including data privacy concerns, cybersecurity threats, digital exclusion, and a need for better regulation frameworks. To overcome them, the Draft National Data Governance Policy has been designed to provide institutional frameworks for data rules, standards, guidelines, and protocols for the sharing of non-personal data sets in a manner that ensures privacy, security, and trust so that they remain secure, transparent, and accountable.

Objectives omphasizesf the Framework 

The objective of the Framework Policy is to accelerate Digital Governance in India. The framework will standardize data management and security standards across the Government. It will promote transparency, accountability, and ownership in Non-Personal data and dataset access and build a platform to receive and process data requests. It will also set quality standards and promote the expansion of the datasets program and overall non-personal ecosystem. Further, it aims to build India’s digital government goals and capacity, knowledge, and competency in Government departments and entities. All this would be done while ensuring greater citizen awareness, participation, and engagement. 

Key Provisions of the Draft Policy 

The Draft Framework Policy aims to establish a cohesive digital governance ecosystem in India that balances the need for data utilization with protecting citizens' privacy rights. It sets up an institutional framework of the "India Data Management Office (IDMO) set up under the Digital India Corporation (DIC) which will be responsible for developing rules, standards, and guidelines under this Policy. 

The key provisions of the framework policy include: 

• Promoting interoperability among government digital platforms, ensuring data privacy through data anonymization and security, and enhancing citizen access to government services through digital means. 
• The policy e the creation of unified digital IDs, a standardisation in digital processes, and data-sharing guidelines across ministries to improve efficiency. 
• It also focuses on building digital infrastructure, such as cloud services and data centres in order to support e-governance initiatives. 
• Furthermore, it encourages public-private partnerships and sets guidelines for accountability and transparency in digital governance.

Implications and Concerns of the Framework 

• The policy potentially impacts data sharing in India as it mentions data anonymization. The scale of data that would need to be anonymised in India is at a very large scale and it could become a potential challenge to engage in. 
• Data localization and cross-border transfers have raised concerns among global tech companies and trade partners. They argue that such requirements could increase operational costs and hinder cross-border data flows. Striking a balance between protecting national interests and facilitating business operations remains a critical challenge.
• Another challenge associated with the policy is over-data centralization under the IDMO and the potential risks of government overreach in data access.

Key Takeaways and Recommendations

The GDPR in the European Union and the Digital Personal Data Protection Act passed in 2023 in India and many others are the data privacy laws in force in different countries. The policy needs to be aligned with the DPDP Act, 2023 and be updated as per the recent developments. It further needs to maintain transparency over the sharing of data and a user’s control. The policy needs engagement with industry experts, privacy advocates, and civil society to ensure a balance of innovation with privacy and security.

Conclusion

The Draft National Data Governance Framework Policy of 2022 represents a significant stage in shaping India's digital future. It ensures the evolution of data governance evolves alongside technological advancements. The framework policy seeks to foster a robust digital ecosystem that benefits citizens, businesses, and the government alike by focusing on the essentials of data privacy, transparency, and security. However, achieving this vision requires addressing concerns like data centralisation, cross-border data flows, and maintaining alignment with global privacy standards. Continued engagement with stakeholders and necessary updates to the draft policy will be crucial to its success in balancing innovation with user rights and data integrity. The final version of the policy is expected to be released soon.

References

• https://meity.gov.in/writereaddata/files/National-Data-Governance-Framework-Policy.pdf
• https://datareportal.com/?utm_source=DataReportal&utm_medium=Country_Article_Hyperlink&utm_campaign=Digital_2024&utm_term=India&utm_content=Home_Page_Link
• https://www.imf.org/en/Publications/fandd/issues/2023/03/data-by-people-for-people-tiwari-packer-matthan
• https://inc42.com/buzz/draft-national-data-governance-policy-under-finalisation-centre/  
• https://legal.economictimes.indiatimes.com/news/industry/government-unveiled-national-data-governance-policy-in-budget-2023/97680515

‍

Introduction

In today’s time, everything is online, and the world is interconnected. Cases of data breaches and cyberattacks have been a reality for various organisations and industries, In the recent case (of SAS), Scandinavian Airlines experienced a cyberattack that resulted in the exposure of customer details, highlighting the critical importance of preventing customer privacy. The incident is a wake-up call for Airlines and businesses to evaluate their cyber security measures and learn valuable lessons to safeguard customers’ data. In this blog, we will explore the incident and discuss the strategies for protecting customers’ privacy in this age of digitalisation.

Analysing the backdrop

The incident has been a shocker for the aviation industry, SAS Scandinavian Airlines has been a victim of a cyberattack that compromised consumer data. Let’s understand the motive of cyber crooks and the technique they used :

Motive Behind the Attack: Understanding the reasons that may have driven the criminals is critical to comprehending the context of the Scandinavian Airlines cyber assault. Financial gain, geopolitical conflicts, activism, or personal vendettas are common motivators for cybercriminals. Identifying the purpose of the assault can provide insight into the attacker’s aims and the possible impact on both the targeted organisation and its consumers. Understanding the attack vector and strategies used by cyber attackers reveals the amount of complexity and possible weaknesses in an organisation’s cybersecurity defences. Scandinavian Airlines’ cyber assault might have included phishing, spyware, ransomware, or exploiting software weaknesses. Analysing these tactics allows organisations to strengthen their security against similar assaults.

Impact on Victims: The Scandinavian Airlines (SAS) cyber attack victims, including customers and individuals related to the company, have suffered substantial consequences. Data breaches and cyber-attack have serious consequences due to the leak of personal information.

1)Financial Losses and Fraudulent Activities: One of the most immediate and upsetting consequences of a cyber assault is the possibility of financial loss. Exposed personal information, such as credit card numbers, can be used by hackers to carry out illegal activities such as unauthorised transactions and identity theft. Victims may experience financial difficulties and the need to spend time and money resolving these concerns.

2)Concerns about privacy and personal security: A breach of personal data can significantly impact the privacy and personal security of victims. The disclosed information, including names, addresses, and contact information, might be exploited for nefarious reasons, such as targeted phishing or physical harassment. Victims may have increased anxiety about their safety and privacy, which can interrupt their everyday life and create mental pain.

3) Reputational Damage and Trust Issues: The cyber attack may cause reputational harm to persons linked with Scandinavian Airlines, such as workers or partners. The breach may diminish consumers’ and stakeholders’ faith in the organisation, leading to a bad view of its capacity to protect personal information. This lack of trust might have long-term consequences for the impacted people’s professional and personal relationships.

4) Emotional Stress and Psychological Impact: The psychological impact of a cyber assault can be severe. Fear, worry, and a sense of violation induced by having personal information exposed can create emotional stress and psychological suffering. Victims may experience emotions of vulnerability, loss of control, and distrust toward digital platforms, potentially harming their overall quality of life.

5) Time and Effort Required for Remediation: Addressing the repercussions of a cyber assault demands significant time and effort from the victims. They may need to call financial institutions, reset passwords, monitor accounts for unusual activity, and use credit monitoring services. Resolving the consequences of a data breach may be a difficult and time-consuming process, adding stress and inconvenience to the victims’ lives.

6) Secondary Impacts: The impacts of an online attack could continue beyond the immediate implications. Future repercussions for victims may include trouble acquiring credit or insurance, difficulties finding future work, and continuous worry about exploiting their personal information. These secondary effects can seriously affect victims’ financial and general well-being.

Apart from this, the trust lost would take time to rebuild.

Takeaways from this attack

The cyber-attack on Scandinavian Airlines (SAS) is a sharp reminder of cybercrime’s ever-present and increasing menace. This event provides crucial insights that businesses and people may use to strengthen cybersecurity defences. In the lessons that were learned from the Scandinavian Airlines cyber assault and examine the steps that may be taken to improve cybersecurity and reduce future risks. Some of the key points that can be considered are as follows:

Proactive Risk Assessment and Vulnerability Management: The cyber assault on Scandinavian Airlines emphasises the significance of regular risk assessments and vulnerability management. Organisations must proactively identify and fix possible system and network vulnerabilities. Regular security audits, penetration testing, and vulnerability assessments can help identify flaws before bad actors exploit them.

Strong security measures and best practices: To guard against cyber attacks, it is necessary to implement effective security measures and follow cybersecurity best practices. Lessons from the Scandinavian Airlines cyber assault emphasise the importance of effective firewalls, up-to-date antivirus software, secure setups, frequent software patching, and strong password rules. Using multi-factor authentication and encryption technologies for sensitive data can also considerably improve security.

Employee Training and Awareness: Human mistake is frequently a big component in cyber assaults. Organisations should prioritise employee training and awareness programs to educate employees about phishing schemes, social engineering methods, and safe internet practices. Employees may become the first line of defence against possible attacks by cultivating a culture of cybersecurity awareness.

Data Protection and Privacy Measures: Protecting consumer data should be a key priority for businesses. Lessons from the Scandinavian Airlines cyber assault emphasise the significance of having effective data protection measures, such as encryption and access limits. Adhering to data privacy standards and maintaining safe data storage and transfer can reduce the risks connected with data breaches.

Collaboration and Information Sharing: The Scandinavian Airlines cyber assault emphasises the need for collaboration and information sharing among the cybersecurity community. Organisations should actively share threat intelligence, cooperate with industry partners, and stay current on developing cyber threats. Sharing information and experiences can help to build the collective defence against cybercrime.

Conclusion

The Scandinavian Airlines cyber assault is a reminder that cybersecurity must be a key concern for organisations and people. Organisations may improve their cybersecurity safeguards, proactively discover vulnerabilities, and respond effectively to prospective attacks by learning from this occurrence and adopting the lessons learned. Building a strong cybersecurity culture, frequently upgrading security practices, and encouraging cooperation within the cybersecurity community are all critical steps toward a more robust digital world. We may aim to keep one step ahead of thieves and preserve our important information assets by constantly monitoring and taking proactive actions.

There has been a struggle to create legal frameworks that can define where free speech ends and harmful misinformation begins, specifically in democratic societies where the right to free expression is a fundamental value.  Platforms like YouTube, Wikipedia, and Facebook have gained a huge consumer base by focusing on hosting user-generated content. This content includes anything a visitor puts on a website or social media pages. 

The legal and ethical landscape surrounding misinformation is dependent on creating a fine balance between freedom of speech and expression while protecting public interests, such as truthfulness and social stability. This blog is focused on examining the legal risks of misinformation, specifically user-generated content, and the accountability of platforms in moderating and addressing it.

The Rise of Misinformation and Platform Dynamics

Misinformation content is amplified by using algorithmic recommendations and social sharing mechanisms. The intent of spreading false information is closely interwoven with the assessment of user data to identify target groups necessary to place targeted political advertising. The disseminators of fake news have benefited from social networks to reach more people, and from the technology that enables faster distribution and can make it more difficult to distinguish fake from hard news.

Multiple challenges emerge that are unique to social media platforms regulating misinformation while balancing freedom of speech and expression and user engagement. The scale at which content is created and published, the different regulatory standards, and moderating misinformation without infringing on freedom of expression complicate moderation policies and practices.

The impacts of misinformation on social, political, and economic consequences, influencing public opinion, electoral outcomes, and market behaviours underscore the urgent  need for effective regulation, as the consequences of inaction can be profound and far-reaching.

Legal Frameworks and Evolving Accountability Standards

Safe harbour principles allow for the functioning of a free, open and borderless internet. This principle is embodied under the US Communications Decency Act and the Information Technology Act in Sections 230 and 79 respectively.  They play a pivotal role in facilitating the growth and development of the Internet. The legal framework governing misinformation around the world is still in nascent stages. Section 230 of the CDA protects platforms from legal liability relating to harmful content posted on their sites by third parties. It further allows platforms to police their sites for harmful content and protects them from liability if they choose not to.

By granting exemptions to intermediaries, these safe harbour provisions help nurture an online environment that fosters free speech and enables users to freely express themselves without arbitrary intrusions.

A shift in regulations has been observed in recent times. An example is the enactment of the Digital Services Act of 2022 in the European Union.  The Act requires companies having at least 45 million monthly users to create systems to control the spread of misinformation, hate speech and terrorist propaganda, among other things. If not followed through, they risk penalties of up to 6% of the global annual revenue or even a ban in EU countries.

Challenges and Risks for Platforms

There are multiple challenges and risks faced by platforms that surround user-generated misinformation. 

• Moderating user-generated misinformation is a big challenge, primarily because of the quantity of data in question and the speed at which it is generated. It further leads to legal liabilities, operational costs and reputational risks.   
• Platforms can face potential backlash, both in instances of over-moderation or under-moderation. It can be considered as censorship, often overburdening. It can also be considered as insufficient governance in cases where the level of moderation is not protecting the privacy rights of users. 
• Another challenge is more in the technical realm, including the  limitations of AI and algorithmic moderation in detecting nuanced misinformation. It holds out to the need for human oversight to sift through the misinformation that is created by AI-generated content.  

Policy Approaches: Tackling Misinformation through Accountability and Future Outlook

Regulatory approaches to misinformation each present distinct strengths and weaknesses. Government-led regulation establishes clear standards but may risk censorship, while self-regulation offers flexibility yet often lacks accountability. The Indian framework, including the IT Act and the Digital Personal Data Protection Act of 2023, aims to enhance data-sharing oversight and strengthen accountability. Establishing clear definitions of misinformation and fostering collaborative oversight involving government and independent bodies can balance platform autonomy with transparency. Additionally, promoting international collaborations and innovative AI moderation solutions is essential for effectively addressing misinformation, especially given its cross-border nature and the evolving expectations of users in today’s digital landscape.

Conclusion

A balance between protecting free speech and safeguarding public interest is needed to navigate the legal risks of user-generated misinformation poses. As digital platforms like YouTube, Facebook, and Wikipedia continue to host vast amounts of user content, accountability measures are essential to mitigate the harms of misinformation. Establishing clear definitions and collaborative oversight can enhance transparency and build public trust. Furthermore, embracing innovative moderation technologies and fostering international partnerships will be vital in addressing this cross-border challenge. As we advance, the commitment to creating a responsible digital environment must remain a priority to ensure the integrity of information in our increasingly interconnected world.

References

• https://www.thehindu.com/opinion/op-ed/should-digital-platform-owners-be-held-liable-for-user-generated-content/article68609693.ece
• https://www.thehindu.com/opinion/op-ed/should-digital-platform-owners-be-held-liable-for-user-generated-content/article68609693.ece 
• https://hbr.org/2021/08/its-time-to-update-section-230 
• https://www.cnbctv18.com/information-technology/deepfakes-digital-india-act-safe-harbour-protection-information-technology-act-sajan-poovayya-19255261.htm 

‍