Wearable Tech: Navigating Privacy, Compliance, and Misinformation

Introduction

US President Biden takes a step by signing a key executive order to manage the risks posed by AI. The new presidential order on Artificial intelligence (AI) sets rules on the rapidly growing technology that has big potential but also covers risks. The presidential order was signed on 30th October 2023. It is a strong action that the US president has taken on AI safety and security. This order will require the developers to work on the most powerful AI model to share their safety test results with the government before releasing their product to the public. It also includes developing standards for ethically using AI and for detecting AI-generated content and labelling it as such. Tackling the many dangers of AI as it rapidly advances, the technology poses certain risks by replacing human workers, spreading misinformation and stealing people's data. The white house is also making clear that this is not just America’s problem and that the US needs to work with the world to set standards here and to ensure the responsible use of AI. The white house is also urging Congress to do more and pass comprehensive privacy legislation. The order includes new safety guidelines for AI developers, standards to disclose AI-generated content and requirements for federal agencies that are utilising AI. The white house says that it is the strongest action that any government has taken on AI safety and security. In the most recent events, India has reported the biggest ever data breach, where data of 815 million Indians has been leaked. ICMR is the Indian Council of Medical Research and is the imperial medical research institution of India. 

Key highlights of the presidential order

The presidential order requires developers to share safety test results. It focuses on developing standards, tools & tests to ensure safe AI. It will ensure protection from AI-enabled frauds and protect Americans' privacy, advance equity and civil rights, stand up for consumers and workers, promote innovation and competition, protect against risks of using AI to engineer dangerous material and provide guidelines for detecting AI -AI-generated content and establishing overall standards for AI safety and security.

Online content authentication and labelling 

Biden administration has asked the Department of Commerce to set guidelines to help authenticate content coming from the government, meaning the American people should be able to trust official documents coming from the government. So, focusing on content authentication, they have also talked about labelling AI-generated content, making the differentiation between a real authentic piece of content and something that has been manipulated or generated using AI. 

ICMR Breach

On 31/10/2023, an American intelligence and cybersecurity agency flagged the biggest-ever data breach, putting the data of 81.5 crore Indians at stake and at at potential risk of making its way to the dark market. The cyber agency has informed that a ‘threat actor’, also known as  ‘pwn001’ shared a thread on Breach Forums, which is essentially claimed as the ‘premier Databreach discussion and leaks forum’. The forum confirms a breach of 81.5 crore Indians. As of today,, ICRM has not issued any official statement, but it has informed the government that the prestigious Central Bureau of Investigation (CBI) will be taking on the investigation and apprehending the cybercriminals behind the cyber attack. The bad actor’s alias, 'pwn001,' made a post on X (formerly Twitter); the post informed that Aadhaar and passport information, along with personal data such as names, phone numbers, and addresses. It is claimed that the data was extracted from the COVID-19 test details of citizens registered with ICMR. This poses a serious threat to the Indian Netizen from any form of cybercrime from anywhere in the world. 

Conclusion:

The US presidential order on AI is a move towards making Artificial intelligence safe and secure. This is a major step by the Biden administration, which is going to protect both Americans and the world from the considerable dangers of AI.  The presidential order requires developing standards, tools, and tests to ensure AI safety. The US administration will work with allies and global partners, including India, to develop a strong international framework to govern the development and use of AI. It will ensure the responsible use of AI. With the passing of legislation such as the Digital Personal Data Protection Act, 2023, it is pertinent that the Indian government works towards creating precautionary and preventive measures to protect Indian data. As the evolution of cyber laws is coming along, we need to keep an eye on emerging technologies and update/amend our digital routines and hygienes to stay safe and secure. 

References:

• https://m.dailyhunt.in/news/india/english/lokmattimes+english-epaper-lokmaten/biden+signs+landmark+executive+order+to+manage+ai+risks-newsid-n551950866?sm=Y
• https://www.hindustantimes.com/technology/in-indias-biggest-data-breach-personal-information-of-81-5-crore-people-leaked-101698719306335-amp.html?utm_campaign=fullarticle&utm_medium=referral&utm_source=inshorts

‍

‍

Introduction

The Chairman of Vardhman Group, Mr SP Oswal, an India-based textile manufacturer, fell victim to a cyber fraud scheme that cost him ₹7 crore. The scam unfolded on August 28 and 29, conning Mr Oswal into transferring Rs 7 crore into multiple bank accounts. As per the recent reports, the Police have managed to freeze these accounts and recover over Rs 5 crore as of now. The fraudsters convinced Mr SP Oswal that he was a suspect in a money laundering investigation and held on a “Digital Arrest”. These are sophisticated cyber frauds where cyber-criminals impersonate law enforcement officials or other authorities and target innocent individuals with manipulative tactics. The scam targets are often contacted out of the blue, on Instant messaging apps like WhatsApp and informed that their bank accounts, digital identities, or other online assets have been compromised. Criminals play into the victims' fear by threatening them with imminent arrest, legal consequences, or public humiliation if they don't cooperate with a series of urgent demands.

Posing as Officials, Fraudsters Orchestrate ₹7 Crore Scam

The investigation revealed that the fraudsters posed as members of the Central Bureau of Investigation (CBI). They had contacted Mr Oswal and claimed that his Aadhaar had been misused in a case involving fake passports and financial fraud. The imposter conducted a video call in a police uniform using a background with the CBI logo. The fraud escalated further, Mr Oswal got a fake "arrest warrant" on  WhatsApp allegedly authorised by the Supreme Court. Fraudsters convinced Mr Oswal to transfer ₹7 crores to facilitate bail proceedings, claiming he was under "digital arrest". The meticulously planned scam involved fake documents, a virtual courtroom, and relentless intimidation tactics leaving Mr Oswal effectively under "digital arrest" for two days. While the police have successfully recovered over Rs 5 crore so far, this case highlights the alarming threat of digital impersonation of law enforcement authorities.

Legal Outlook on the Validity of Digital Arrests

In India, the main laws governing cyber crimes are the Information Technology Act, of 2000 and the rules made under therein, and the newly enacted Bhartiya Nyaya Sanhita, 2023. Recently enacted new criminal laws do not provide for any provision for law enforcement agencies conducting a digital arrest.  The law only provides for service of the summons and the proceedings in an electronic mode. Hence, there are no provisions for conducting 'digital arrests' as per the laws of the country. 

Further, It should be noted that the Indian Cyber Crime Coordination Centre (I4C), under the Ministry of Home Affairs, coordinates the activities related to combating cybercrime in the country. MHA works closely with other ministries to counter these frauds. The I4C also provides technical support to the police authorities of states/UTs for the identification and investigation of these cases. 

Best Practices to Avoid Digital Arrest Scams 

• To protect yourself from scams, it is crucial to verify the identity of individuals claiming to be law enforcement or government officials and use official contact channels to confirm their credentials. 
• Be cautious of pressure tactics used by fraudsters, especially demands for quick payment over unverified communication platforms like WhatsApp. 
• Cross-check official documents with legal advisors or relevant authorities. 
• Never share sensitive personal information, such as your Aadhaar number, over phone calls, emails, or messages without verifying the request's authenticity. 
• Avoid untraceable payments, such as cryptocurrency or prepaid cards, without validating the transaction's legitimacy, especially under duress. 
• Stay informed on scam techniques, particularly those involving impersonation and digital threats. 
• Enable Two-Factor Authentication (2FA) for sensitive online accounts to prevent misuse. 
• Consult advice from legal professionals if you receive threatening communication involving digital arrest or legal actions and do not take any action on the asks of persons posing as legitimate authorities. 
• In case of any cybercrime, you can file a complaint at cybercrime.gov.in or helpline number 1930. You can also seek assistance from the CyberPeace helpline at +91 9570000066.

Conclusion

The digital arrest of Vardhman Group's CEO underscores the increasing sophistication of cyber fraud schemes, which exploit fear and urgency, leading to severe financial and reputational harm. No one is immune from cybercrime, vigilance is essential at all leadership levels. While laws like the IT Act and initiatives taken by the I4C help combat cybercrime, rapidly evolving threats demand proactive safety measures. Beyond the possibility of financial loss, incidents like this jeopardise brand reputation, investor confidence, and operational stability. Be cautious of such threats and exercise due care and caution while navigating the digital landscape. Be aware of such kinds of scams and the manipulative tactics used by fraudsters to avoid them. By staying vigilant and aware we can avoid the growing scam of digital arrests. 

References

• https://www.business-standard.com/companies/news/digital-arrest-and-rs-7-crore-heist-how-vardhman-group-head-was-tricked-124100100832_1.html
• https://www.hindustantimes.com/business/vardhman-group-chairman-sp-oswal-duped-of-rs-7-crore-fraudsters-posed-as-cbi-101727666912738.html 
• https://www.msspalert.com/native/digital-arrests-the-new-frontier-of-cybercrime

‍

Introduction

The information of hundreds of thousands of Indians who received the COVID vaccine was Leaked in a significant data breach and posted on a Telegram channel. Numerous reports claim that sensitive information, including a person’s phone number, gender, ID card details, and date of birth, leaked over Telegram. It could be obtained by typing a person’s name into a Telegram bot.

What really happened?

The records pertaining to the mobile number registered in the CoWin portal are accessible on the Malayalam news website channel. It is also feasible to determine which vaccination was given and where it was given.

According to The Report, the list of individuals whose data was exposed includes BJP Tamil Nadu president K Annamalai, Congress MP Karti Chidambaram, and former BJP union minister for health Harsh Vardhan. Telangana’s minister of information and communication technology, Kalvakuntla Taraka Rama Rao, is also on the list.

MEITY stated in response to the data leak, “It is old data, we are still confirming it. We have requested a report on the matter.

After the media Report, the bot was disabled, but experts said the incident raised severe issues because the information might be used for identity theft, phishing emails, con games, and extortion calls. The Indian Computer Emergency Response Team (CERT-In), the government’s nodal body, has opened an investigation into the situation

The central government declared the data breach reports regarding the repository of beneficiaries against Covid to be “mischievous in nature” on Monday and claimed the ‘bot’ that purportedly accessed the confidential data was not directly accessing the CoWIN database.

According to the first complaint by CERT-In, the government’s cybersecurity division, the government claimed the bot might be displaying information from “previously stolen data.” Reports.

The health ministry refuted the claim, asserting that no bots could access the information without first verifying with a one-time password.

“It is made clear that all of these rumours are false and malicious. The health ministry’s CoWIN interface is entirely secure and has sufficient data privacy protections. The security of the data on the CoWIN portal is being ensured in every way possible, according to a statement from the health ministry.

Meity said the CoWin program or database was not directly compromised, and the shared information appeared to be taken from a previous intrusion. But the hack again highlights the growing danger of cyber assaults, particularly on official websites.‍

Recent cases of data leak

Dominos India 2021– Dominos India, a division of Jubilant FoodWorks, faced a cyberattack on May 22, 2021, which led to the disclosure of information from 180 million orders. The breach exposed order information, email addresses, phone numbers, and credit card information. Although Jubilant FoodWorks acknowledged a security breach, it refuted any illegal access to financial data.

Air India – A cyberattack that affected Air India in May 2021 exposed the personal information of about 4.5 million customers globally. Personal information recorded between August 26, 2011, and February 3, 2021, including names, dates of birth, contact information, passport information, ticket details, frequent flyer information from Star Alliance and Air India, and credit card information, were exposed in the breach.

Bigbasket – BigBasket, an online supermarket, had a data breach in November 2020, compromising the personal information of approximately 20 million consumers. Email IDs, password hashes, PINs, phone numbers, addresses, dates of birth, localities, and IP addresses were among the information released from an insecure database containing over 15 GB of customer data. BigBasket admitted to the incident and reported it to the Bengaluru Cyber Crime Department.

Unacademy – Unacademy, an online learning platform, experienced a data breach in May 2020, compromising the email addresses of approximately 11 million subscribers. While no sensitive information, such as financial data or passwords, was compromised, user data, including IDs, passwords, date joined, last login date, email IDs, names, and user credentials, was. The breach was detected when user accounts were uncovered for sale on the dark web.

2022 Card Data- Cybersecurity researchers from AI-driven Singapore-based CloudSEK found a threat actor offering a database of 1.2 million cards for free on a Dark Web forum for crimes on October 12, 2022. This came after a second problem involving 7.9 million cardholder records that were reported on the BidenCash website. This comprised information pertaining to State Bank of India (SBI) clients. And other well-known companies were among those targeted in high-profile data breach cases that have surfaced in recent years.

Conclusion

Data breach cases are increasing daily, and attackers are mainly attacking the healthcare sectors and health details as they can easily find personal details. This recent CoWIN case has compromised thousands of people’s data. The All-India Institute of Medical Sciences’ systems were compromised by hackers a few months ago. Over 95% of adults have had their vaccinations, according to the most recent data, even if the precise number of persons impacted by the CoWin privacy breach could not be determined.