Adrija Guhathakurta
National Law University, Odisha
Introduction:
The world today has delved into a never-ending cycle of a need for the protection of an individual’s privacy, which stems from the charade of blatant usage of social networking sites as cybersecurity systems still continue to lag. With the explosion of information technology the whole conception of communication, and the medium it follows, has drastically shifted towards a more anti-privacy setting. For a secure execution of such a system, the need of the hour is to have a set-up that rightfully supports the advances in the field of cybersecurity. As these social networking sites are gaining substantial importance in the modern world, mainly due to their efficiency and supply of a convenient mode for online execution of the trade, commerce and similar exchange of data and information, a variety of issues is stemming from the same, a lot of which seem to be having potentially negative impacts on people’s lives. This article follows the issues and challenges that are faced by people in the context of SNS and the intent of cyber law to prevent the same.
Issues, Risks and Challenges:
Before we dig into the legal tangent of the topic of discussion, it is important to note down the issues and challenges that are the root causes behind countries to extend the pre-existing provisions of cybersecurity while adding new ones to the list.
Some of the issues include misusage of identities, receiving threats as a consequence of using third party applications, blind trust in social networking sites, user tracking, the privacy of data, etc. As an individual is pouring information about her personal content, onto a social networking site which is handled by operators who can easily take cognizance of the same with a malicious intention of resorting to impersonations, injection of malware and viruses into the device in usage, the same is being used later for tracking the users, retrieving personal data and more. These kinds of issues arise when the users indulge into permitting all that are asked as terms and conditions, without checking the validity of the apps or websites. The more dangerous issue is that of visual transparency, that is, uploading images in unauthorized websites only to have them get used, later, by the operators for various illegal means starting from misrepresentation of identity to fake pornography.
The challenges and risks that follow these issues include phishing attacks, detecting malware and viruses in the devices, and identity federation challenges. Phishing attacks basically refer to the production of fake websites and similar pages on various social media sites and using the same for luring and inducing customers into unintentionally sharing their personal data. On the other hand, some of the examples of viruses that certain hackers install through pop-ups and cookies include LOL viruses which are installed once the chat function of Facebook is activated by a user, Zeus which refers to the spread of this virus through links once they are clicked and ClickJacking Attacks which are in a way similar to Zeus except this includes web pages that direct the users towards malicious links clicking on which embeds malware into the device. Identity federation challenges refer to dealing with the technique of scattering user credentials across multiple domain chains.
Now, as we have discussed the various issues and challenges that come up as one enters the realm of the internet, it is only relevant if we proceed to see how different countries have come up with cybersecurity measures and how long of a path does India need to cover in the same aspect.
Cybersecurity Elsewhere:
Countries like the USA, Russia, Singapore, and Israel happen to be at the top of the game when it comes to implementing cybersecurity measures promptly and efficiently. The federal-level of cybersecurity in the USA has witnessed the implication of various regulatory and enforcement mechanisms like Gramm-Leach-Bliley Act (GLBA) and Health Insurance Portability and Accountability Act (HIPAA) which duly require individuals belonging to both financial and administrative sectors alike to provide technical as well as physical safeguards against the private data submitted by the users in order to protect the same from the touch of unauthorized entities. Apart from more like the ones described above, the USA happens to have the Federal Risk and Authorized Management Program which is basically a program at the government level responsible for the provision of an organized approach towards keeping an eye out for the civilian customers receiving cloud services from certain companies. Besides the measures discussed, there are many others implemented in the similar systematic format.
Cybersecurity in India:
Now, if we look at India we do see that a substantial effort has been made by the government in implementing similar measures. On the positive note, several statutes and policies have been put forth by the State while looking on the other side we see that India makes up the fifth spot when it comes to the degree of cyber-attacks across the perimeter of the country. Some of the cases which have been repeatedly reported under the IT Act of 2000 include meddling with the source documents of computer (Section 65 of IT Act), an attempt at hacking [Section 66(2) of IT Act], accessing, publishing and forging of digital signature certificates by misrepresenting facts (Section 71, Section 73 and Section 74 of IT Act), breaking or damaging the privacy (Section 72 of IT Act) and failure in decrypting information procured by Government agencies (Section 69 of IT Act). Apart from the areas mentioned there have also been multiple reports on pornography and cybercrimes against women which mostly include e-mail harassment, cyber-stalking, cyber defamation, cyber pornography, etc. According to certain records, as many as 32000 cases were reported between the years 2011 and 2015. Out of the lot 24000 cases were registered under the IT Act.
In order to address the current and constant rise in similar cases, the Ministry of Communications and Information Technology of India is working towards developing a safe and secure cyber ecosystem in the country. Their work is also dedicated to minimizing the economic loss faced due to cybercrimes. Their aim also revolves around securing e-Governance services and to ultimately create a guaranteed framework.
As we now have taken a brief note of how the situation is in India and in one of the countries who is currently holding the top position in the efficient implementation of cybersecurity measures is, it is evident that there is a need for a better strategic approach towards the policies and measures in India regarding the same.
Conclusion:
The popularity of Social Networking Sites is increasing so there are multiple cyber threats and attacks. Moreover, the same is becoming a ground for terrorists to interfere, as well, making the need for cybersecurity all the more significant. In the case of India, apart from general recommendations, it is important for the proper execution of the policies and spreading awareness about such initiatives and preventive measures across even the country’s vulnerable sectors. For the same reason, campaigns and educational programs at the state level should be implemented along with proper administration of information collected by companies and similar agencies from users. Some technical suggestions include authentication of websites while keeping diligent tabs on unauthorized websites, prior installation of good-quality anti-virus in the devices before their sale, and creating policies for companies and users alike to rightly distinguish between official and unauthorized or spam mails. Apart from the suggestions and recommendations discussed, it is of prime importance for the users to maintain the precautions in the rightful manner as instructed and informed. In the end, it all comes down to how efficiently we all are willing to work towards protecting our privacy at an individual level.
