No Gaming or Social Media during Work Hours Kerala HC to ban employees from using their phones for non-official purposes during working hours

In the rich history of humanity, the advent of artificial intelligence (AI) has added a new, delicate aspect. The aspect of promising technological advancement has the potential to either enrich the nest of our society or destroy it entirely. The latest straw in this complex nest is generative AI, a frontier teeming with both potential and perils. It is a realm where the ethereal concepts of cyber peace and resilience are not just theoretical constructs but tangible necessities.

The spectre of generative AI looms large over the digital landscape, casting a long shadow on the sanctity of data privacy and the integrity of political processes. The seeds of this threat were sown in the fertile soil of the Cambridge Analytica scandal of 2018, a watershed moment that unveiled the extent to which personal data could be harvested and utilized to influence electoral outcomes. However despite the indignation, the scandal resulted in meagre alterations to modus operandi of digital platforms.

Fast forward to the present day, and the spectre has only grown more ominous. A recent report by Human Rights Watch has shed light on the continued exploitation of data-driven campaigning in Hungary's re-election of Viktor Orbán. The report paints a chilling picture of political parties leveraging voter databases for targeted social media advertising, with the ruling Fidesz party even resorting to the unethical use of public service data to bolster its voter database.

The Looming Threat of Disinformation

As we stand on the precipice of 2024, a year that will witness over 50 countries holding elections, the advancements in generative AI could exponentially amplify the ability of political campaigns to manipulate electoral outcomes. This is particularly concerning in countries where information disparities are stark, providing fertile ground for the seeds of disinformation to take root and flourish.

The media, the traditional watchdog of democracy, has already begun to sound the alarm about the potential threats posed by deepfakes and manipulative content in the upcoming elections. The limited use of generative AI in disinformation campaigns has raised concerns about the enforcement of policies against generating targeted political materials, such as those designed to sway specific demographic groups towards a particular candidate.

Yet, while the threat of bad actors using AI to generate and disseminate disinformation is real and present, there is another dimension that has largely remained unexplored: the intimate interactions with chatbots. These digital interlocutors, when armed with advanced generative AI, have the potential to manipulate individuals without any intermediaries. The more data they have about a person, the better they can tailor their manipulations.

Root of the Cause 

To fully grasp the potential risks, we must journey back 30 years to the birth of online banner ads. The success of the first-ever banner ad for AT&T, which boasted an astounding 44% click rate, birthed a new era of digital advertising. This was followed by the advent of mobile advertising in the early 2000s. Since then, companies have been engaged in a perpetual quest to harness technology for manipulation, blurring the lines between commercial and political advertising in cyberspace.

Regrettably, the safeguards currently in place are woefully inadequate to prevent the rise of manipulative chatbots. Consider the case of Snapchat's My AI generative chatbot, which ostensibly assists users with trivia questions and gift suggestions. Unbeknownst to most users, their interactions with the chatbot are algorithmically harvested for targeted advertising. While this may not seem harmful in its current form, the profit motive could drive it towards more manipulative purposes.

If companies deploying chatbots like My AI face pressure to increase profitability, they may be tempted to subtly steer conversations to extract more user information, providing more fuel for advertising and higher earnings. This kind of nudging is not clearly illegal in the U.S. or the EU, even after the AI Act comes into effect. The market size of AI in India is projected to touch US$4.11bn in 2023. 

Taking this further, chatbots may be inclined to guide users towards purchasing specific products or even influencing significant life decisions, such as religious conversions or voting choices. The legal boundaries here remain unclear, especially when manipulation is not detectable by the user. 

The Crucial Dos/Dont's 

It is crucial to set rules and safeguards in order to manage the possible threats related to manipulative chatbots in the context of the general election in 2024.

First and foremost, candor and transparency are essential. Chatbots, particularly when employed for political or electoral matters, ought to make it clear to users what they are for and why they are automated. By being transparent, people are guaranteed to be aware that they are interacting with automated processes.

Second, getting user consent is crucial. Before collecting user data for any reason, including advertising or political profiling, users should be asked for their informed consent. Giving consumers easy ways to opt-in and opt-out gives them control over their data.

Furthermore, moral use is essential. It's crucial to create an ethics code for chatbot interactions that forbids manipulation, disseminating false information, and trying to sway users' political opinions. This guarantees that chatbots follow moral guidelines.

In order to preserve transparency and accountability, independent audits need to be carried out. Users might feel more confident knowing that chatbot behavior and data collecting procedures are regularly audited by impartial third parties to ensure compliance with legal and ethical norms.

Important "don'ts" to take into account. Coercion and manipulation ought to be outlawed completely. Chatbots should refrain from using misleading or manipulative approaches to sway users' political opinions or religious convictions.

Another hazard to watch out for is unlawful data collecting. Businesses must obtain consumers' express agreement before collecting personal information, and they must not sell or share this information for political reasons.

At all costs, one should steer clear of fake identities. Impersonating people or political figures is not something chatbots should do because it can result in manipulation and false information.

It is essential to be impartial. Bots shouldn't advocate for or take part in political activities that give preference to one political party over another. In encounters, impartiality and equity are crucial.

Finally, one should refrain from using invasive advertising techniques. Chatbots should ensure that advertising tactics comply with legal norms by refraining from displaying political advertisements or messaging without explicit user agreement.

Present Scenario

As we approach the critical 2024 elections and generative AI tools proliferate faster than regulatory measures can keep pace, companies must take an active role in building user trust, transparency, and accountability. This includes comprehensive disclosure about a chatbot's programmed business goals in conversations, ensuring users are fully aware of the chatbot's intended purposes.

To address the regulatory gap, stronger laws are needed. Both the EU AI Act and analogous laws across jurisdictions should be expanded to address the potential for manipulation in various forms. This effort should be driven by public demand, as the interests of lawmakers have been influenced by intensive Big Tech lobbying campaigns.

At present, India doesn’t have any specific laws pertaining to AI regulation. Ministry of Electronics and Information Technology (MEITY), is the executive body responsible for AI strategies and is constantly working towards a policy framework for AI. The Niti Ayog has presented seven principles for responsible AI which includes equality , inclusivity, safety, privacy, transparency, accountability, dependability and protection of positive human values.

Conclusion 

We are at a pivotal juncture in history. As generative AI gains more power, we must proactively establish effective strategies to protect our privacy, rights and democracy. The public's waning confidence in Big Tech and the lessons learned from the techlash underscore the need for stronger regulations that hold tech companies accountable. Let's ensure that the power of generative AI is harnessed for the betterment of society and not exploited for manipulation.

Reference

McCallum, B. S. (2022, December 23). Meta settles Cambridge Analytica scandal case for $725m. BBC News. https://www.bbc.com/news/technology-64075067

Hungary: Data misused for political campaigns. (2022, December 1). Human Rights Watch. https://www.hrw.org/news/2022/12/01/hungary-data-misused-political-campaigns

Statista. (n.d.). Artificial Intelligence - India | Statista Market forecast. https://www.statista.com/outlook/tmo/artificial-intelligence/india

Introduction

In order to effectively deal with growing cyber crime and threats the Telangana police has taken initiative by launching Law Enforcement Chief Information Security Officers (CISO) Council, an innovative project launched in Telangana, India, which is a significant response to the growing cyber threat landscape. With cyber incidents increasing in the recent years and concerning statistics such as a tenfold rise in password-based attacks and an increase in ransomware attacks, the Council aims to strengthen the region's digital defenses. It primarily focuses on reducing vulnerability, improving resilience, and providing real-time threat intelligence. By promoting partnerships between the public and private sectors, offering legal and regulatory guidance, and facilitating networking and learning opportunities, this collaborative effort involving industry, academia, and law enforcement is a crucial move towards protecting critical infrastructure and businesses from cyber threats, the Telangana police in partnership with industry and academia, has launched the Law Enforcement CISO (Chief Information Security Officers) Council of India on 7^th October 2023. Chief of the Central Crime Station Stephen Ravindra said that the forum is a path-breaking initiative and the Council represents an open platform for all the enforcement agencies in the country. The upcoming inititiative inculcate close association with different stakeholders, which includes government departments, startups, centers of excellence and international collaborations, carving a nieche for a sturdy cybersecurity envirnoment. 

Enhancing Cybersecurity is the Need of the Hour:

The recent launch of the Law Enforcement CISO Council in Hyderabad, India emphasized the need for government organizations and industries to prioritize the protection of their digital space. Cyber incidents, ransomware attacks, and threats to critical infrastructure have been on the rise, making it essential to take proactive cybersecurity measures. Disturbing statistics regarding cyber threats, such as password-based attacks, BEC (Business Email Compromise) attempts, and vulnerabilities in the supply chain, highlight the importance of addressing these issues urgently. This initiative aims to provide real-time threat intelligence, legal guidance, and encourages collaboration between public and private organizations in order to combat cybercrime. Given that every cyber attack has criminal elements, the establishment of these councils is a crucial step towards minimizing vulnerabilities, enhancing resilience, and ensuring the security of our digital world.

International Issue & Domestic Issue:

The announcement by the Telangana State Police, is a proactive step to form a first-of-its-kind Law Enforcement CISO Council (LECC), as part of an initiative from the State government to give a further impetus to cyber security. Jointly with its law enforcement partners, the Telangana Police has decided to make cyber cops more efficient and shape them on par with the technology advancements. The Telangana police have proved its commitment for a secure cyber environment by recovering INR 2.2 crore and  INR 6.8 crore lost by people in cyber frauds which is industry’s highest rate of helping the victims. 

The Police department complemented efforts by corporate executives for their personal interest in the subject and mentioned police officers’ expertise and inputs from professionals from the industry need to work cohesively to prevent further increase in the number of cyber crime cases. Data indicates that the exponential increase in cyber threats in recent times necessitates an informed and prudent action with the cooperation and collaboration of the IT Department of Telangana, centers of excellence, start-ups, white hats or ethical hackers, and international associations.

A report from Telangana commissioner states the trend of a surge in the number of cyber incidents and vulnerabilities of Government organizations, Critical Infrastructure and MSMEs and stressed that every cyber security breaches have an element of criminality in it. The Law Enforcement CISO Council is a progressive step in this direction which ensures a reduced cyber attacks, enhanced resilience, actionable strategic and tactical real-time threat intelligence, legal guidance, opportunities for public private partnerships, networking, learning and much more.

The Secretary of SCSC, shared some alarming statistics on the threats that are currently rampant across the digital world. To combat it in today’s era of widespread digital dependence, the program launched by the Telangana Police stands as a commendable step or an initiative that offers a glimmer of aspiration. It brings together all the heroes who want to protect the digital spaces and counter the growing number of threats.

Contribution of Telangana Police for carving a niche to be followed:  

The launch of the Law Enforcement CISO Council in Telangana represents a pivotal step in addressing the pressing challenges posed by escalating cyber threats. As highlighted by the Director General of Police, the initiative recognizes the critical need to combat cybercrime, which is growing at an alarming rate. The Council not only acknowledges the casual approach often taken towards cybersecurity but also aims to rectify it by fostering collaboration between law enforcement, industry, and academia.

One of the most significant positive aspects of this initiative is its commitment to sharing intelligence, ensuring that the hard-earned lessons from cyber fraud victims are translated into protective measures for others. By collaborating with the IT Department of Telangana, centers of excellence, startups, and ethical hackers, the Council is poised to develop robust Standard Operating Protocols (SOPs) and innovative tools to counter cyber threats effectively.

Moreover, the Council's emphasis on Public-Private Partnerships (PPPs) underscores its proactive approach in dealing with the evolving landscape of cyber threats. It offers a platform for networking and learning, enabling information sharing, and will contribute to reducing the attack surface, enhancing resilience, and providing real-time threat intelligence. Additionally, the Council will provide legal and regulatory guidance, which is crucial in navigating the complex realm of cybercrime. This collective effort represents a promising way forward in safeguarding digital spaces, critical infrastructure, and industries against cyber threats and ensuring a safer digital future for all.

‍Conclusion:

The Law Enforcement CISO Council in Telangana is an innovative effort to strengthen cybersecurity in the state. With the rise in cybercrimes and vulnerabilities, the council brings together expertise from various sectors to establish a strong defense against digital threats. Its goals include reducing vulnerabilities, improving resilience, and ensuring timely threat intelligence. Additionally, the council provides guidance on legal and regulatory matters, promotes collaborations between the public and private sectors, and creates opportunities for networking and knowledge-sharing. Through these important initiatives, the CISO Council will play a crucial role in establishing digital security and protecting the state from cyber threats.

References:

• http://www.uniindia.com/telangana-police-launches-india-s-first-law-enforcement-ciso-council/south/news/3065497.html
• https://indtoday.com/telangana-police-launched-indias-first-law-enforcement-ciso-council/
• https://www.technologyforyou.org/telangana-police-launched-indias-first-law-enforcement-ciso-council/
• https://timesofindia.indiatimes.com/city/hyderabad/victims-of-cyber-fraud-get-back-rs-2-2-cr-lost-money-in-bank-a/cs/articleshow/104226477.cms?from=mdr

‍

Introduction

In today's digital age protecting your personal information is of utmost importance. The bad actors are constantly on the lookout for ways to misuse your sensitive or personal data. The Aadhaar card is a crucial document that is utilised by all of us for various aspects. It is considered your official government-verified ID and is used for various purposes such as for verification purposes, KYC purposes, and even for financial transactions. Your Aadhaar card is used in so many ways such as flight tickets booked by travel agents, check-in in hotels, verification at educational institutions and more. The bad actors can target and lure the victims by unauthorized access to your Aadhaar data and commit cyber frauds such as identity theft, unauthorized access, and financial fraud. Hence it is significantly important to protect your personal information and Aadhaar card details and prevent the misuse of your personal information.

What is fingerprint cloning?

Cybercrooks have been exploiting the Aadhaar Enabled Payment System (AePS). These scams entail cloning individuals' Aadhaar-linked biometrics through silicon fingerprints and unauthorized biometric devices, subsequently siphoning money from their bank accounts. Fingerprint cloning also known as fingerprint spoofing is a technique or a method where an individual tries to replicate someone else's fingerprint for unauthorized use. This is done for various reasons, including gaining unauthorized access to data, unlocking data or committing identity theft. The process of fingerprint cloning includes collection and creation.

The recent case of Aadhaar Card fingerprint cloning in Nawada

Nawada Cyber Police unit has arrested two perpetrators who were engaged in fingerprint cloning fraud.  The criminals are accused of duping consumers of money from their bank accounts by cloning their fingerprints. Among the two perpetrators, one of them runs the Common Service Centre (CSC) whereas the second is a sweeper at the DBGB branch bank. The criminals are accused of duping consumers of money from their bank accounts by cloning their fingerprints. According to the police, an organized gang of cyber criminals had been defrauding the consumers for the last two years with the help of a CSC operator and were embezzling money from the accounts of consumers by cloning their fingerprints and taking Aadhaar numbers. The operator used to collect the Aadhaar number from the consumers by putting their thumb impression on a register. Among these two perpetrators, one was accused of withdrawing more money from the consumer's account and making less payment and sometimes not making the payment after withdrawing the money. Whereas the second perpetrator stole the data of consumers from the DBGB branch bank and prepared their fingerprint clone. During the investigation of a case related to fraud, the Special Investigation Team (SIT) of Cyber ​​Police conducted raids in Govindpur and Roh police station areas on the basis of technical surveillance and available evidence and arrested them. 

Safety measures for the security of your Aadhaar Card data

• Locking your biometrics: One way to save your Aadhaar card and prevent unauthorized access is by locking your biometrics. To lock & unlock your Aadhaar biometrics you can visit the official website of UIDAI or its official portal. So go to UIDAI’s and select the “Lock/Unlock Biometrics” from the Aadhar service section. Then enter the 12-digit Aadhaar number and security code and click on the OTP option.  An OTP will be sent to your registered mobile number with Aadhaar.  Once the OTP is received enter the OTP and click on the login button that will allow you to lock your biometrics.  Enter the 4-digit security code mentioned on the screen and click on the “Enable” button. Your biometrics will be locked and you will have to unblock them in case you want to access them again. The official website of UIDAI is “https://uidai.gov.in/” and there is a dedicated Aadhar helpline 1947. 
• Use masked Aadhaar Card: A masked Aadhaar card is a different rendition of an Aadhaar card that is designed to amplify the privacy and security of an individual Aadhaar number.  In a masked Aadhaar card, the first eight digits of the twelve digits Aadhaar number are replaced by XXXX- XXXX and only the last four digits are visible.  This adds an additional layer of protection to an individual Aadhaar’s number. To download a masked Aadhaar card you visit the government website of UIDAI and on the UIDAI homepage, you will see a "Download Aadhaar" option. Click on it.  In the next step, you will be required to enter your 12-digit Aadhaar number along with the security code displayed on the screen.  After entering your Aadhaar number, click on the Send OTP. You will receive an OTP on your registered phone number. Enter the OTP received in the provided field and click on the “Submit” button.  You will be asked to select the format of your Aadhaar card, You can choose the masked Aadhaar card option. This will replace the first eight digits of your Aadhaar number with "XXXX-XXXX" on the downloaded Aadhaar card. Once the format is selected, click on the “Download Aadhaar” button and your masked Aadhaar card will be downloaded. So if any organisation requires your Aadhaar for verification you can share your masked Aadhar card which only shows the last 4 digits of your Aadhaar card number. Just the way you keep your bank details safe you should also keep your Aadhaar number secure otherwise people can misuse your identity and use it for fraud. 
• Monitoring your bank account transactions: Regularly monitor your bank account statements for any suspicious activity and you can also configure transaction alerts with your bank account transactions.

Conclusion: 

It is important to secure your Aadhaar card data effectively. The valuable security measure option of locking biometrics provides an additional layer of security. It safeguards your identity from potential scammers. By locking your biometrics you can secure your biometric data and other personal information preventing unauthorized access and any misuse of your Aadhaar card data. In today's evolving digital landscape protecting your personal information is of utmost importance. The cyber hygiene practices, safety and security measures must be adopted by all of us hence establishing cyber peace and harmonizing cyberspace. 

References:

• https://www.livehindustan.com/bihar/story-cyber-crime-csc-operator-and-bank-sweeper-arrested-in-nawada-cheating-by-cloning-finger-prints-8913667.html
• https://www.indiatoday.in/news-analysis/story/cloning-fingerprints-fake-shell-entities-is-your-aadhaar-as-safe-as-you-may-think-2398596-2023-06-27

‍

‍