Survivors Unveil the Dark Reality of Cyber Slavery

Introduction

The Ministry of Electronics and Information Technology (MeitY) issued an advisory on March 1 2024, urging platforms to prevent bias, discrimination, and threats to electoral integrity by using AI, generative AI, LLMs, or other algorithms. The advisory requires that AI models deemed unreliable or under-tested in India must obtain explicit government permission before deployment. While leveraging Artificial Intelligence models, Generative AI, software, or algorithms in their computer resources, Intermediaries and platforms need to ensure that they prevent bias, discrimination, and threats to electoral integrity. As Intermediaries are required to follow due diligence obligations outlined under “Information Technology (Intermediary Guidelines and Digital Media Ethics Code)Rules, 2021, updated as of 06.04.2023”. This advisory is issued to urge the intermediaries to abide by the IT rules and regulations and compliance therein.  

Key Highlights of the Advisories

• Intermediaries and platforms must ensure that users of Artificial Intelligence models/LLM/Generative AI, software, or algorithms do not allow users to host, display, upload, modify, publish, transmit, store, update, or share unlawful content, as per Rule 3(1)(b) of the IT Rules. 
• The government emphasises intermediaries and platforms to prevent bias or discrimination in their use of Artificial Intelligence models, LLMs, and Generative AI, software, or algorithms, ensuring they do not threaten the integrity of the electoral process.
• The government requires explicit permission to use deemed under-testing or unreliable AI models, LLMs, or algorithms on the Indian internet. Further, it must be deployed with proper labelling of potential fallibility or unreliability.  Further, users can be informed through a consent popup mechanism.
• The advisory specifies that all users should be well informed about the consequences of dealing with unlawful information on platforms, including disabling access, removing non-compliant information, suspension or termination of access or usage rights of the user to their user account and imposing punishment under applicable law. It entails that users are clearly informed, through terms of services and user agreements, about the consequences of engaging with unlawful information on the platform. 
• The advisory also indicates measures advocating to combat deepfakes or misinformation. The advisory necessitates identifying synthetically created content across various formats, advising platforms to employ labels, unique identifiers, or metadata to ensure transparency. Furthermore, the advisory mandates the disclosure of software details and tracing the first originator of such synthetically created content.

Rajeev Chandrasekhar, Union Minister of State for IT, specified that

“Advisory is aimed at the Significant platforms, and permission seeking from Meity is only for large platforms and will not apply to startups. Advisory is aimed at untested AI platforms from deploying on the Indian Internet. Process of seeking permission , labelling & consent based disclosure to user about untested platforms is insurance policy to platforms who can otherwise be sued by consumers. Safety & Trust of India's Internet is a shared and common goal for Govt, users and Platforms.”

Conclusion

MeitY's advisory sets the stage for a more regulated Al landscape. The Indian government requires explicit permission for the deployment of under-testing or unreliable Artificial Intelligence models on the Indian Internet. Alongside intermediaries, the advisory also applies to digital platforms that incorporate Al elements. Advisory is aimed at significant platforms and will not apply to startups. This move safeguards users and fosters innovation by promoting responsible AI practices, paving the way for a more secure and inclusive digital environment.

References 

• https://regmedia.co.uk/2024/03/04/meity_ai_advisory_1_march.pdf
• https://economictimes.indiatimes.com/tech/technology/govts-ai-advisory-will-not-apply-to-startups-mos-it-rajeev-chandrasekhar/articleshow/108197797.cms?from=mdr
• https://www.meity.gov.in/writereaddata/files/Advisory%2015March%202024.pdf

‍

Introduction

Misinformation is, to its basic meaning, incorrect or misleading information, it may or may not include specific malicious intent and includes inaccurate, incomplete, misleading, or false information and selective or half-truths. The main challenges in dealing with misinformation are defining and distinguishing misinformation from legitimate content. This complexity arises due to the rapid evolution and propagation which information undergoes on the digital platforms. Additionally, balancing the fundamental right of freedom of speech and expression with content regulation by state actors poses a significant challenge. It requires careful consideration to avoid censorship while effectively combating harmful misinformation. 

Acknowledging the severe consequences of misinformation and the critical need to combat misinformation, Bharatiya Nyaya Sanhita (BNS), 2023 has implemented key measures to address misinformation in India. These new provisions introduced under the new criminal laws in India penalise the deliberate creation, distribution, or publication of inaccurate information. Previously missing from the IPC, these sections offer an additional legal resource to counter the proliferation of falsehoods, complementing existing laws targeting the same issue.

Section 353 of the BNS on Statements Conducing to Public Mischief criminalises making, publishing, or circulating statements, false information, rumours, or reports, including through electronic means, with the intent or likelihood of causing various harmful outcomes. 

This section thus brings misinformation into its ambit, since misinformation has been traditionally used to induce public fear or alarm that may lead to offences against the State or public tranquillity or inciting one class or community to commit offences against another. The section also penalizes the promotion of enmity, hatred, or ill will among different religious, racial, linguistic, or regional groups. 

BNS also prescribes punishment of imprisonment for up to three years, a fine, or both for offences under section 353. Interestingly, a longer imprisonment of up to 5 years along with a fine has been prescribed to curb such offences in places of worship or during religious ceremonies. The only exception that may be availed under this section is granted to unsuspecting individuals who, believing the misinformation to be true, spread misinformation without any ill intent. However, this exception may not be as effective in curbing misinformation, since at the outset, the offence is hard to trace and has multiple pockets for individuals to seek protection without any mechanism to verify their intent.

The BNS also aims to regulate misinformation through Section 197(1)(d) on Imputations, assertions prejudicial to national integration. Under this provision, anyone who makes or publishes false or misleading information, whether it is in the form of spoken words, written, by signs, in visible representations, or through electronic communication, therefore, results in jeopardising the sovereignty, unity, integrity, or security of India is liable to face punishment in the form of imprisonment for up to three years, a fine, or both and if it occurs in a place of worship or during religious ceremonies, the quantum of punishment is increased to imprisonment for up to five years and may include a fine. Additionally, Section 212 (a) & (b) provides against furnishing false information. If a person who is legally obligated to provide information to a public servant, knowingly or reasonably believes that the information is false, and still furnishes it, they now face a punishment of six months imprisonment or a fine up to five thousand rupees or both. However,  if the false information pertains to the commission or prevention of an offence, or the apprehension of an offender, the punishment increases to imprisonment for up to two years, a fine, or both.

Enforcement Mechanisms: CyberPeace Policy Wing Outlook

To ensure the effective enforcement of these provisions, coordination between the key stakeholders, i.e., the law enforcement agencies, digital platforms, and judicial oversight is essential. Law enforcement agencies must utilize technology such as data analytics and digital forensics for tracking and identifying the origins of false information. This technological capability is crucial for pinpointing the sources and preventing the further spread of misinformation. Simultaneously, digital platforms associated with misinformation content are required to implement robust monitoring and reporting mechanisms to detect and address the generated misleading content proactively. A supporting oversight by judicial bodies plays a critical role in ensuring that enforcement actions are conducted fairly and in line with legal standards. It helps maintain a balance between addressing misinformation and upholding fundamental rights such as freedom of speech. The success of the BNS in addressing these challenges will depend on the effective integration of these mechanisms and ongoing adaptation to the evolving digital landscape.

Resources:

• Bharatiya Nyaya Sanhita, 2023 https://www.mha.gov.in/sites/default/files/250883_english_01042024.pdf 
• https://www.foxmandal.in/changes-brought-forth-by-the-bharatiya-nyaya-sanhita-2023/ 
• https://economictimes.indiatimes.com/news/india/spreading-fake-news-could-land-people-in-jail-for-three-years-under-new-bharatiya-nyaya-sanhita-bill/articleshow/102669105.cms?from=mdr 

‍

Introduction

A hacking operation has corrupted data on Madhya Pradesh's e-Nagarpalika portal, a vital online platform for paying civic taxes that serves 413 towns and cities in the state. Due to this serious security violation, the portal has been shut down. The incident occurred in December 2023. This affects citizens' access to vital online services like possessions, water, and municipal tax payments, as well as the issuing of obituaries and certain documents offered via online portal. Ransomware which is a type of malware encodes and conceals a victim's files, and data making it inaccessible and unreachable unless the attacker is paid a ransom. When ransomware initially appeared, encryption was the main method of preventing individuals' data from such threats.

The Intrusion and Database Corruption: Exposing the Breach's Scope

The extent of the assault on the e-Nagarpalika portal was revealed by the Principal Secretary of the Urban Administration and Housing Department of Madhya Pradesh, in a startling revelation. Cybercriminals carried out a highly skilled assault that led to the total destruction of the data infrastructure covering all 413 of the towns for which the website was responsible.

This significant breach represents a thorough infiltration into the core of the electronic civic taxation system, not just an arrangement. Because of the attackers' nefarious intent, the data integrity was compromised, raising questions about the safeguarding of private citizen data. The extent of the penetration reaches vital city services, causing a reassessment of the current cybersecurity safeguards in place. 

In addition to raising concerns about the privacy of personal information, the hacked information system casts doubt on the availability of crucial municipal services. Among the vital services affected by this cyberattack are marriage licenses, birth and death documents, and the efficient handling of possessions, water, and municipal taxes.

The weaknesses of electronic systems, which are the foundation of contemporary civic services, are highlighted by this incident. Beyond the attack's immediate interruption, citizens now have to deal with concerns about the security of their information and the availability of essential services. This tragedy is a clear reminder of the urgent need for robust safety safeguards as authorities work hard to control the consequences and begin the process of restoration.

Offline Protections in Place

The concerned authority informed the general population that the offsite data, which has been stored up on recordings every three days, is secure despite the online attack. This preventive action emphasises how crucial offline restores are to lessening the effects of these kinds of cyberattacks. The choice to keep the e-Nagarpalika platform offline until a certain time highlights how serious the matter is and how urgently extensive reconstruction must be done to restore the online services offer

Effect on Civic Services

The e-Nagarpalika website is crucial to providing online municipal services, serving as an invaluable resource for citizens to obtain necessary paperwork and carry out diverse transactions. Civic organisations have been told to function offline while the portal remains unavailable until the infrastructure is fully operational. This interruption prompts worries about possible delays and obstacles citizens face when getting basic amenities during this time.

Examination and Quality Control

Information technology specialists are working diligently to look into the computer virus and recover the website, in coordination with the Madhya Pradesh State Electronic Development Corporation Limited, the state's cyber police, and the Indian Computer Emergency Response Team (CERT-In). Reassuringly for impacted citizens, authorities note that there is currently no proof of data leaks arising from the hack.

Conclusion

The computerised attack on the e-Nagarpalika portal in Madhya Pradesh exposes the weakness of computer networks. It has affected the essential services to public services offered via online portal. The hack, which exposed citizen data and interfered with vital services, emphasises how urgently strong safety precautions are needed. The tragedy is a clear reminder of the need to strengthen technology as authorities investigate and attempt to restore the system. One bright spot is that the offline defenses in place highlight the significance of backup plans in reducing the impact of cyberattacks. The ongoing reconstruction activities demonstrate the commitment to protecting public data and maintaining the confidentiality of essential city operations.

References

• https://government.economictimes.indiatimes.com/tag/cyber+attack
• https://www.techtarget.com/searchsecurity/definition/ransomware#:~:text=Ransomware%20is%20a%20type%20of,accessing%20their%20files%20and%20systems.
• https://www.business-standard.com/india-news/mp-s-e-nagarpalika-portal-suffers-cyber-attack-data-corrupted-officials-123122300519_1.html
• https://www.freepressjournal.in/bhopal/mp-govts-e-nagar-palika-portal-hacked-data-of-over-400-cities-leaked