#FactCheck - Digitally Altered Video of Olympic Medalist, Arshad Nadeem’s Independence Day Message

Executive Summary:

‍

We have identified a post addressing a scam email that falsely claims to offer a download link for an e-PAN Card. This deceptive email is designed to mislead recipients into disclosing sensitive financial information by impersonating official communication from Income Tax Department authorities. Our report aims to raise awareness about this fraudulent scheme and emphasize the importance of safeguarding personal data against such cyber threats.

‍

Claim:

Scammers are sending fake emails, asking people to download their e-PAN cards. These emails pretend to be from government authorities like the Income Tax Department and contain harmful links that can steal personal information or infect devices with malware.

Fact Check: 

Through our research, we have found that scammers are sending fake emails, posing as the Income Tax Department, to trick users into downloading e-PAN cards from unofficial links. These emails contain malicious links that can lead to phishing attacks or malware infections. Genuine e-PAN services are only available through official platforms such as the Income Tax Department's website (www.incometaxindia.gov.in) and the NSDL/UTIITSL portals. Despite repeated warnings, many individuals still fall victim to such scams. To combat this, the Income Tax Department has a dedicated page for reporting phishing attempts: Report Phishing - Income Tax India. It is crucial for users to stay cautious, verify email authenticity, and avoid clicking on suspicious links to protect their personal information.

‍

‍

Conclusion:   

‍

The emails currently in circulation claiming to provide e-PAN card downloads are fraudulent and should not be trusted. These deceptive messages often impersonate government authorities and contain malicious links that can result in identity theft or financial fraud. Clicking on such links may compromise sensitive personal information, putting individuals at serious risk. To ensure security, users are strongly advised to verify any such communication directly through official government websites and avoid engaging with unverified sources. Additionally, any phishing attempts should be reported to the Income Tax Department and also to the National Cyber Crime Reporting Portal to help prevent the spread of such scams. Staying vigilant and exercising caution when handling unsolicited emails is crucial in safeguarding personal and financial data.

‍

• Claim: Fake emails claim to offer e-PAN card downloads.
• Claimed On: Social Media
• Fact Check:  False and Misleading 

‍

‍

‍

Data localisation refers to restrictions in the data flow by limiting the physical storage and processing of data within a given jurisdiction’s boundaries.  

An obvious benefit contributing to the importance of data localisation is the privacy benefits it offers. In addition to this, data localisation also has the potential to safeguard sensitive data and decrease the probability of cyber-attacks. In India, data localisation has become a key issue in the last decade due to the increase in the discourse for data privacy. 

The Legal Framework in India

India passed the Digital Personal Data Protection Act of 2023 which directs the data fiduciaries (collectors and processors of digital personal data) to store the data of Indian citizens within India. This push for data localisation aligns with India’s position to enhance privacy, national security and regulatory control. It further requires data fiduciaries to adhere to the principles of data minimisation, purposeful limitation and consent of the data principles. Further, Section 17 of the Act prohibits the transfer of sensitive personal data to foreign jurisdictions unless they meet satisfactory privacy protection standards. 

The Reserve Bank of India, via a circular for Payments Data Regulation in 2018, has mandated that all payment data be stored in India, though it can be processed abroad. It requires the telecom sector to ensure local storage and local processing of subscriber information. It further prohibits the transferring of subscribers’ account information overseas.

MeitY’s Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, emphasise data localisation, specifically when it involves government or critical data. The main idea behind this is that data related to Indian citizens or government activities should remain accessible to Indian law enforcement agencies and is not subject to external jurisdiction.

Common Misinformation about Data Localisation and its Impact

Misconceptions fuel misinformation and influence public perception and policy debates. A common misconception is that all data must be stored in India. It should be noted that non-critical and non-sensitive data are not subject to localisation, and can be cleared for cross-border transfers under specific circumstances.

Another misconception is that data localisation alone ensures complete security. A robust cybersecurity approach, infrastructure and capabilities are what guarantee security and this holds true regardless of the location of where the data is stored. 

The notion that small businesses and startups will suffer the most is untrue. While data localisation policies may lead to increased costs, they foster innovation in the domestic infrastructure and services. This potentially fuels development and innovation in these small businesses and startups. Claims that data localisation will stifle global business are unfounded. 

Proper regulations for data transfers can help balance data flows, enabling international trade while ensuring data sovereignty.

Real Impact of Data Localisation

Data localisation impacts several domains and has both positive and negative outcomes.

• It can be a driver for investment in local data centres and infrastructure, thereby inducing employment generation and boosting the domestic economy. And in contrast, the compliance costs may rise especially for MNCs that need to maintain multiple data storage systems. 
• It can expedite the growth of local technology ecosystems while encouraging innovation in cloud computing and data storage solutions. On the other hand, small businesses might face struggles to afford the required infrastructure updates and upgrades.
• Law enforcement agencies will be able to gain access to data more swiftly while avoiding lengthy processes such as the Mutual Legal Assistance Treaties (MLATs). However, it should be noted that storing data locally does not automatically ensure that they are immune from attacks and breaches.
• A balance between sovereignty and global partnerships is a challenge that emerges with data localisation. International Trade Relationships are vulnerable to data localisations where countries favour a free data flow. This can hamper foreign collaborations with companies that rely on global data systems.

CyberPeace Outlook

It is important to clear misinformation about data localisation, some strategies that can be undertaken are:

• Launching public awareness campaigns to educate the stakeholders about the real requirements and the benefits of data localisation. Misinformation about data restrictions and security guarantees should be tackled fairly quickly. 
• A balanced approach that promotes local economic development while at the same time allowing for the necessary cross-border data flows and creating a flexible and friendly business environment is important.
• India should work on international frameworks to streamline the process of data-sharing with other nations. This would protect national interests while making global cooperation easier.

Conclusion

Data localisation in India presents a valuable opportunity to enhance privacy, bolster national security, and stimulate economic growth through local infrastructure investment. Yet, addressing common misconceptions is crucial; the belief that all data must be stored domestically or that localisation alone ensures security is misleading. 

It’s vital to pair local data storage with robust cybersecurity measures and foster international cooperation. Supporting small businesses, which may face challenges due to localisation requirements, is equally important. By addressing misinformation, promoting flexible regulations, and working towards global data-sharing frameworks, India can effectively manage the complexities of data localisation, safeguarding national interests while encouraging innovation and economic development. 

References

• https://www.thehindu.com/sci-tech/technology/are-data-localisation-requirements-necessary-and-proportionate/article66131957.ece 
• https://carnegieendowment.org/research/2021/04/how-would-data-localization-benefit-india?lang=en
• https://www.rbi.org.in/commonperson/English/Scripts/FAQs.aspx?Id=2995
• https://www.meity.gov.in/writereaddata/files/Information%20Technology%20%28Intermediary%20Guidelines%20and%20Digital%20Media%20Ethics%20Code%29%20Rules%2C%202021%20%28updated%2006.04.2023%29-.pdf 

Introduction

Indian Cybercrime Coordination Centre (I4C) was established by the Ministry of Home Affairs  (MHA) to provide a framework and eco-system for law enforcement agencies (LEAs) to deal with cybercrime in a coordinated and comprehensive manner. The Indian Ministry of Home Affairs approved a scheme for the establishment of the Indian Cyber Crime Coordination Centre (I4C) in October2018, which was inaugurated by Home Minister Amit Shah in January 2020. I4C is envisaged to act as the nodal point to curb Cybercrime in the country. Recently, on 13th March2024, the Centre designated the Indian Cyber Crime Coordination Centre (I4C) as an agency of the Ministry of Home Affairs (MHA) to perform the functions under the Information Technology Act, 2000, to inform about unlawful cyber activities.

The gazetted notification dated 13th March 2024 read as follows:

“In exercise of the powers conferred by clause (b) of sub-section (3) of section 79 of the Information Technology Act 2000, Central Government being the appropriate government hereby designate the Indian Cybercrime Coordination Centre (I4C), to be the agency of the Ministry of Home Affairs to perform the functions under clause (b) of sub-section (3) of section79 of Information Technology Act, 2000 and to notify the instances of information, data or communication link residing in or connected to a computer resource controlled by the intermediary being used to commit the unlawful act.”

Impact

Now, the Indian Cyber Crime Coordination Centre (I4C) is empowered to issue direct takedown orders under 79(b)(3) of the IT Act, 2000. Any information, data or communication link residing in or connected to a computer resource controlled by any intermediary being used to commit unlawful acts can be notified by the I4C to the intermediary. If an intermediary fails to expeditiously remove or disable access to a material after being notified, it will no longer be eligible for protection under Section 79 of the IT Act, 2000.

Safe Harbour Provision

Section79 of the IT Act also serves as a safe harbour provision for the Intermediaries. The safe harbour provision under Section 79 of the IT Act states that "an intermediary shall not be liable for any third-party information, data, or communication link made available or hosted by him". However, it is notable that this legal immunity cannot be granted if the intermediary "fails to expeditiously" take down a post or remove a particular content after the government or its agencies flag that the information is being used to commit something unlawful. Furthermore, Intermediaries are also obliged to perform due diligence on their platforms and comply with the rules & regulations and maintain and promote a safe digital environment on the respective platforms.

Under the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, The government has also mandated that a ‘significant social media intermediary’ must appoint a Chief Compliance Officer (CCO), Resident Grievance Officer (RGO), and Nodal Contact Person and publish periodic compliance report every month mentioning the details of complaints received and action taken thereon.

I4C's Role in Safeguarding Cyberspace

The Indian Cyber Crime Coordination Centre (I4C) is actively working towards initiatives to combat the emerging threats in cyberspace. I4C is one of the crucial extensions of the Ministry of Home Affairs, Government of India, working extensively to combat cyber crimes and ensure the overall safety of netizens. The ‘National Cyber Crime Reporting Portal’ equipped with a 24x7 helpline number 1930,  is one of the key component of the I4C.

Components Of The I4C

1. National Cyber Crime Threat Analytics Unit
2. National Cyber Crime Reporting Portal
3. National Cyber Crime Training Centre
4. Cyber Crime Ecosystem Management Unit
5. National Cyber Crime Research and Innovation Centre
6. National Cyber Crime Forensic Laboratory Ecosystem
7. Platform for Joint Cyber Crime Investigation Team.

‍

Conclusion

I4C, through its initiatives and collaborative efforts, plays a pivotal role in safeguarding cyberspace and ensuring the safety of netizens. I4C reinforces India's commitment to combatting cybercrime and promoting a secure digital environment. The recent development by designating the I4C as an agency to notify the instances of unlawful activities in cyberspace serves as a significant step to counter cybercrime and promote an ethical and safe digital environment for netizens.

References

• https://www.deccanherald.com/india/centre-designates-i4c-as-agency-of-mha-to-notify-unlawful-activities-in-cyber-world-2936976
• https://www.business-standard.com/india-news/home-ministry-authorises-i4c-to-issue-takedown-notices-under-it-act-124031500844_1.html
• https://www.hindustantimes.com/india-news/it-ministry-empowers-i4c-to-notify-instances-of-cybercrime-101710443217873.html
• https://i4c.mha.gov.in/about.aspx#:~:text=Objectives%20of%20I4C,identifying%20Cybercrime%20trends%20and%20patterns

‍