#FactCheck - Old Video Misleadingly Claimed as Footage of Iranian President Before Crash

Introduction

In an era when misinformation spreads like wildfire across the digital landscape, the need for effective strategies to counteract these challenges has grown exponentially in a very short period. Prebunking and Debunking are two approaches for countering the growing spread of misinformation online. Prebunking empowers individuals by teaching them to discern between true and false information and acts as a protective layer that comes into play even before people encounter malicious content. Debunking is the correction of false or misleading claims after exposure, aiming to undo or reverse the effects of a particular piece of misinformation. Debunking includes methods such as fact-checking, algorithmic correction on a platform, social correction by an individual or group of online peers, or fact-checking reports by expert organisations or journalists. An integrated approach which involves both strategies can be effective in countering the rapid spread of misinformation online.

Brief Analysis of Prebunking 

Prebunking is a proactive practice that seeks to rebut erroneous information before it spreads. The goal is to train people to critically analyse information and develop ‘cognitive immunity’ so that they are less likely to be misled when they do encounter misinformation. 

The Prebunking approach, grounded in Inoculation theory, teaches people to recognise, analyse and avoid manipulation and misleading content so that they build resilience against the same. Inoculation theory, a social psychology framework, suggests that pre-emptively conferring psychological resistance against malicious persuasion attempts can reduce susceptibility to misinformation across cultures. As the term suggests, the MO is to help the mind in the present develop resistance to influence that it may encounter in the future. Just as medical vaccines or inoculations help the body build resistance to future infections by administering weakened doses of the harm agent, inoculation theory seeks to teach people fact from fiction through exposure to examples of weak, dichotomous arguments, manipulation tactics like emotionally charged language, case studies that draw parallels between truths and distortions, and so on. In showing people the difference, inoculation theory teaches them to be on the lookout for misinformation and manipulation even, or especially, when they least expect it. 

The core difference between Prebunking and Debunking is that while the former is preventative and seeks to provide a broad-spectrum cover against misinformation, the latter is reactive and focuses on specific instances of misinformation. While Debunking is closely tied to fact-checking, Prebunking is tied to a wider range of specific interventions, some of which increase motivation to be vigilant against misinformation and others increase the ability to engage in vigilance with success.

There is much to be said in favour of the Prebunking approach because these interventions build the capacity to identify misinformation and recognise red flags However, their success in practice may vary. It might be difficult to scale up Prebunking efforts and ensure their reach to a larger audience. Sustainability is critical in ensuring that Prebunking measures maintain their impact over time. Continuous reinforcement and reminders may be required to ensure that individuals retain the skills and information they gained from the Prebunking training activities. Misinformation tactics and strategies are always evolving, so it is critical that Prebunking interventions are also flexible and agile and respond promptly to developing challenges. This may be easier said than done, but with new misinformation and cyber threats developing frequently, it is a challenge that has to be addressed for Prebunking to be a successful long-term solution. 

Encouraging people to be actively cautious while interacting with information, acquire critical thinking abilities, and reject the effect of misinformation requires a significant behavioural change over a relatively short period of time. Overcoming ingrained habits and prejudices, and countering a natural reluctance to change is no mean feat. Developing a widespread culture of information literacy requires years of social conditioning and unlearning and may pose a significant challenge to the effectiveness of Prebunking interventions. 

Brief Analysis of Debunking 

Debunking is a technique for identifying and informing people that certain news items or information are incorrect or misleading. It seeks to lessen the impact of misinformation that has already spread. The most popular kind of Debunking occurs through collaboration between fact-checking organisations and social media businesses. Journalists or other fact-checkers discover inaccurate or misleading material, and social media platforms flag or label it. Debunking is an important strategy for curtailing the spread of misinformation and promoting accuracy in the digital information ecosystem. 

Debunking interventions are crucial in combating misinformation. However, there are certain challenges associated with the same. Debunking misinformation entails critically verifying facts and promoting corrected information. However, this is difficult owing to the rising complexity of modern tools used to generate narratives that combine truth and untruth, views and facts. These advanced approaches, which include emotional spectrum elements, deepfakes, audiovisual material, and pervasive trolling, necessitate a sophisticated reaction at all levels: technological, organisational, and cultural.

Furthermore, It is impossible to debunk all misinformation at any given time, which effectively means that it is impossible to protect everyone at all times, which means that at least some innocent netizens will fall victim to manipulation despite our best efforts.  Debunking is inherently reactive in nature, addressing misinformation after it has grown extensively. This reactionary method may be less successful than proactive strategies such as Prebunking from the perspective of total harm done. Misinformation producers operate swiftly and unexpectedly, making it difficult for fact-checkers to keep up with the rapid dissemination of erroneous or misleading information. Debunking may need continuous exposure to fact-check to prevent erroneous beliefs from forming, implying that a single Debunking may not be enough to rectify misinformation.  Debunking requires time and resources, and it is not possible to disprove every piece of misinformation that circulates at any particular moment. This constraint may cause certain misinformation to go unchecked, perhaps leading to unexpected effects. The misinformation on social media can be quickly spread and may become viral faster than Debunking pieces or articles. This leads to a situation in which misinformation spreads like a virus, while the antidote to debunked facts struggles to catch up.

Prebunking vs Debunking: Comparative Analysis

Prebunking interventions seek to educate people to recognise and reject misinformation before they are exposed to actual manipulation. Prebunking offers tactics for critical examination, lessening the individuals' susceptibility to misinformation in a variety of contexts. On the other hand, Debunking interventions involve correcting specific false claims after they have been circulated. While Debunking can address individual instances of misinformation, its impact on reducing overall reliance on misinformation may be limited by the reactive nature of the approach.

CyberPeace Policy Recommendations for Tech/Social Media Platforms

With the rising threat of online misinformation, tech/social media platforms can adopt an integrated strategy that includes both Prebunking and Debunking initiatives to be deployed and supported on all platforms to empower users to recognise the manipulative messaging through Prebunking and be aware of the accuracy of misinformation through Debunking interventions. 

1. Gamified Inoculation: Tech/social media companies can encourage gamified inoculation campaigns, which is a competence-oriented approach to Prebunking misinformation. This can be effective in helping people immunise the receiver against subsequent exposures. It can empower people to build competencies to detect misinformation through gamified interventions. 
2. Promotion of Prebunking and Debunking Campaigns through Algorithm Mechanisms: Tech/social media platforms may promote and guarantee that algorithms prioritise the distribution of Prebunking materials to users, boosting educational content that strengthens resistance to misinformation. Platform operators should incorporate algorithms that prioritise the visibility of Debunking content in order to combat the spread of erroneous information and deliver proper corrections; this can eventually address and aid in Prebunking and Debunking methods to reach a bigger or targeted audience.
3. User Empowerment to Counter Misinformation: Tech/social media platforms can design user-friendly interfaces that allow people to access Prebunking materials, quizzes, and instructional information to help them improve their critical thinking abilities. Furthermore, they can incorporate simple reporting tools for flagging misinformation, as well as links to fact-checking resources and corrections.
4. Partnership with Fact-Checking/Expert Organizations: Tech/social media platforms can facilitate Prebunking and Debunking initiatives/campaigns by collaborating with fact-checking/expert organisations and promoting such initiatives at a larger scale and ultimately fighting misinformation with joint hands initiatives.

Conclusion

The threat of online misinformation is only growing with every passing day and so, deploying effective countermeasures is essential.  Prebunking and Debunking are the two such interventions. To sum up: Prebunking interventions try to increase resilience to misinformation, proactively lowering susceptibility to erroneous or misleading information and addressing broader patterns of misinformation consumption, while Debunking is effective in correcting a particular piece of misinformation and having a targeted impact on belief in individual false claims. An integrated approach involving both the methods and joint initiatives by tech/social media platforms and expert organizations can ultimately help in fighting the rising tide of online misinformation and establishing a resilient online information landscape. 

References

1. https://mark-hurlstone.github.io/THKE.22.BJP.pdf
2. https://futurefreespeech.org/wp-content/uploads/2024/01/Empowering-Audiences-Through-%E2%80%98Prebunking-Michael-Bang-Petersen-Background-Report_formatted.pdf
3. https://newsreel.pte.hu/news/unprecedented_challenges_Debunking_disinformation
4. https://misinforeview.hks.harvard.edu/article/global-vaccination-badnews/

‍

Cyber attacks in India besides becoming common are also getting deadlier. Each strike has taken proportions to drive home the fact that no one is safe.

Hacker ‘John Wick’, hasn’t spared India’s PM or Paytm. Cyber intelligence firm Cyble which dredges the Dark Web has red-flagged hacking episodes at Truecaller, Dunzo, Unacademy, Naukri.com, Bharat Earth Movers Limited (BEML), LimeRoad and IndiaBulls.Picture this, Mumbai-based cybersecurity firm Sequretek, says in Covid-hit 2020, India has seen a 4000% spike in phishing emails and a 400% uptake in the number of policy violations that have grown over 400% as per the latest statistics.Besides the threat to crucial data, the cost suffered by companies is phenomenal. According to a report by IBM’s ‘Cost of a Data Breach Report 2020’ report, Indian companies witnessed an average $2 Mn total cost of data breach in 2020, this is an increase of 9.4% from 2019.

Another survey by Barracuda Networks revealed that 66% of Indian organisations have had at least one data breach or cybersecurity incident since shifting to a remote working model during the pandemic.

Indian Startups At Mercy Of Cyber Attacks

More recently personal data of 2.8 Lakh WhiteHat Jr students and teachers were exposed, where crucial details of minors have been made available on the dark web. Another major breach that took place this week and exclusively reported by Inc42 was when data of 1.4 Mn job seekers was leaked when jobs portal IIMjobs was hacked.

Vineet Kumar, the founder of Cyber Peace Foundation (CPF), a think tank of cybersecurity and policy experts, said that with the increased digitisation of companies and their processes, data has become the new oil.

“You get good money when you sell users data on the dark web. Hackers discovering vulnerabilities and using SQL injections to pull entire databases remains a common practice for hacking,” Kumar told Inc42.

The CyberPeace Foundation says from mid-April to the end of June it noticed 8,98,7841 attacks, July and August saw 64,52,898 attacks. Whereas September and October saw 1,37,37,516 attacks and 18,149,233 attacks respectively.

Speaking to Inc42, Pankit Desai, cofounder and CEO, Sequretek says, “Originally only a limited set of systems were being exposed, now with WFH all systems have to be exposed to the internet as all your processes are enabled remotely. WFH also creates an additional challenge where ‘personal assets are being used for professional purposes’ and ‘professional assets are being used for personal purposes.”

Malwares like SpyMax, Blackwater are being used as a combination of phishing mails and poorly secured home computers to harvest credentials. These credentials are then used for carrying out attacks. The number of attacks with harvested credentials is already up 30%, the company revealed.

Government data shows that in 2019 alone, India witnessed 3.94 lakh instances of cybersecurity breaches. In terms of hacking of state and central government websites, Indian Computer Emergency Response Team (CERT-In) data shows that a total of 336 websites belonging to central ministries, departments, and state governments were hacked between 2017 and 2019.

According to Nasscom’s Data Security Council of India (DSCI) report 2019, India witnessed the second-highest number of cyber attacks in the world between 2016 and 2018. This comes at a time when digitisation of the Indian economy is predicted to result in a $435 Bn opportunity by 2025.On September 22, the Ministry of Electronics and Information Technology (MeITY) told the Parliament that Indian citizens, commercial and legal entities faced almost 7 lakh cyberattacks till August this year.

The Indian Computer Emergency Response Team (CERT-In) has “reported 49,455, 50,362, 53,117, 208,456, 394,499 and 696,938 cybersecurity incidents during the year 2015, 2016, 2017, 2018, 2019 and 2020 (till August) respectively,” the MeITY said while responding to an unstarred question in the Lok Sabha regarding cyberattacks on Indian citizens and India-based commercial and legal entities.“

India also lacks a cohesive nation-wide cyber-strategy, policies, and procedures. Regulations around data privacy, protection, and penalty should be enacted and enforced as these measures will help businesses evaluate their cybersecurity posture and seek ways to improve. Currently, incident reporting is not mandatory. By making it compulsory, there will be a body of research data that can provide insights on threats to India and inform the government on strategies it can undertake to strengthen the nation’s cyber posture,” said Kumar Ritesh, founder and CEO, Cyfirma.The Internet Crime Report for 2019, released by the USA’s Internet Crime Complaint Centre of the Federal Bureau of Investigation (FBI), has revealed that India stands third in the world among top 20 countries that are victims of internet crimes.

Kumar attributes these numbers to Indian’s lack of basic cyber awareness. However, a poignant point is also the lack of a robust cybersecurity policy in India.  Though the issue was touched upon by Prime Minister Narendra Modi during his Independence Day speech on Aug 15, 2020, not much movement has happened on that front.

“Cybersecurity is a very important aspect, which cannot be ignored. The government is alert on this and is working on a new, robust policy,” Modi said.The PM’s announcement was made in the backdrop of the government’s initiative to connect 1.5 lakh gram panchayats through an optical fiber network, thereby increasing the country’s internet connectivity.

With India pipped to take on the world with its IT prowess and increased digital integration the need for a robust policy is now more than ever.

‍Source: https://inc42.com/buzz/3-94-lakhs-and-counting-how-cyberattacks-are-a-worry-for-digital-india/

The Digital Personal Data Protection (DPDP) Act, 2023, operationalises data privacy largely through a consent management framework. It aims to give data principles, ie, individuals, control over their personal data by giving them the power to track, change, and withdraw their consent from its processing. However, in practice, consent management is often not straightforward. For example, people may be frequently bombarded with requests, which can lead to fatigue and eventual overlooking of consent requests. This article discusses the way consent management is handled by the DPDP Act, and looks at how India can design the system to genuinely empower users while holding organisations accountable.

‍

Consent Management in the DPDP Act

‍

According to the DPDP Act, consent must be unambiguous, free, specific, and informed. It must also be easy for people to revoke their consent (DPO India, 2023). To this end, the Act creates Consent Managers- registered middlemen- who serve as a link between users and data custodians. 

The purpose of consent managers is to streamline and centralise the consent procedure. Users can view, grant, update, or revoke consent across various platforms using the dashboards they offer. They hope to improve transparency and lessen the strain on people to keep track of permissions across different services by standardising the way consent is presented (IAPP, 2024).

The Act draws inspiration from international frameworks such as the GDPR (General Data Protection Regulation), mandating that Indian users be provided with a single platform to manage permissions rather than having to deal with dispersed consent prompts from every service.

‍

The Challenges 

‍

Despite the mandate for an interoperable platform for consent management, several key challenges emerge. There is a lack of clarity on how consent management will be operationalised. This creates challenges of accountability and implementation.  Thus, : 

1. If the interface is poorly designed,  users could be bombarded with content permissions from apps/platforms/ services that are not fully compliant with the platform. 
2. If consent notices are vague, frequent, lengthy, or complex, users may continue to grant permissions without meaningful engagement. 
3. It leaves scope for data fiduciaries to use dark patterns to coerce customers into granting consent through poor UI/UX design.
4. The lack of clear, standardised interoperability protocols across sectors could lead to a fragmented system, undermining the goal of a single, easy-to-use platform.
5. Consent fatigue could easily appear in India's digital ecosystem, where apps, e-commerce websites, and government services all ask for permissions from over 950 million internet subscribers. Experiences from GDPR countries show that users who are repeatedly prompted eventually become banner blind, which causes them to ignore notices entirely.
6. Low levels of literacy (including digital literacy) and unequal access to digital devices among women and marginalised communities create complexities in the substantive coverage of privacy rights.  
7. Placing the burden of verification of legal guardianship for children and persons with disabilities (PwDs) on data fiduciaries might be ineffective, as SMEs may lack the resources to undertake this activity. This could create new forms of vulnerability for the two groups. 

Legal experts claim that this results in what they refer to as a legal fiction, wherein consent is treated as valid by the law despite the fact that it does not represent true understanding or choice (Lawvs, 2023). Additionally, research indicates that users hardly ever read privacy policies in their entirety. People are very likely to tick boxes without fully understanding what they are agreeing to. By drastically limiting user control, this has a bearing on the privacy rights of Indian citizens and residents.  (IJLLR, 2023).

‍

Impacts of Weak Consent Management:

‍

According to the Indian Journal of Law and Technology, in an era of asymmetry and information overload, privacy cannot be sufficiently protected by relying only on consent (IJLT, 2023). Almost every individual will be impacted by inadequate consent management.

1. For Users: True autonomy is replaced by the appearance of control. Individuals may unintentionally disclose private information, which undermines confidence in digital services.
2. For Businesses: Compliance could become a mere formality. Further, if acquired consent is found to be manipulated or invalid, it creates space for legal risks and reputational damage. 
3. For Regulators: It becomes difficult to oversee a system where consent is frequently disregarded or misinterpreted. When consent is merely formal, the law's promise to protect personal information is undermined.

‍

Way Forward

‍

1. Layered and Simplified Notices: Simple language and layers of visual cues should be used in consent requests. Important details like the type of data being gathered, its intended use, and its duration should be made clear up front. Additional explanations are available for users who would like more information. This method enhances comprehension and lessens cognitive overload (Lawvs, 2023).
2. Effective Dashboards: Dashboards from consent managers should be user-friendly, cross-platform, and multilingual. Management is made simple by features like alerts, one-click withdrawal or modification, and summaries of active permissions. The system is more predictable and dependable when all services use the same format, which also reduces confusion (IAPP, 2024). 
3. Dynamic and Contextual Consent: Instead of appearing as generic pop-ups, consent requests should show up when they are pertinent to a user's actions. Users can make well-informed decisions without feeling overburdened by subtle cues, such as emphasising risks when sensitive data is requested (IJLLR, 2023). 
4. Accountability of Consent Managers: Organisations that offer consent management services must be accountable and independent, through clear certification, auditing, and specific legal accountability frameworks. Even when formal consent is given, strong trustee accountability guarantees that data is not misused (IJLT, 2023).
5. Complementary Protections Beyond Consent: Consent continues to be crucial, but some high-risk data processing might call for extra protections. These may consist of increased responsibilities for fiduciaries or proportionality checks. These steps improve people's general protection and lessen the need for frequent consent requests (IJLLR, 2023).

‍

Conclusion

‍

The core of the DPDP Act is to empower users to have control over their data through measures such as consent management. But requesting consent is insufficient; the system must make it simple for people to manage, monitor, and change it. Effectively designed, managed, and executed consent management has the potential to revolutionise user experience and trust in India's digital ecosystem if it is implemented carefully.To make consent management genuinely meaningful, it is imperative to standardise procedures, hold fiduciaries accountable, simplify interfaces, and investigate supplementary protections.

‍

References

‍

Building Trust with Technology: Consent Management Under India’s DPDP Act, 2023

Consent Fatigue and Data Protection Laws: Is ‘Informed Consent’ a Legal Fiction

Beyond Consent: Enhancing India's Digital Personal Data Protection Framework

Constitutional Implications Of Consent Fatigue In Data Protection: Rethinking Meaningful Consent In The Indian Context 

Top 10 operational impacts of India’s DPDPA – Consent management

‍