VIF Cyber Review: July 2022
Anurag Sharma, Senior Research Associate, VIF
NATIONAL
Government of India issued a consultation paper on the “Need for a new legal framework governing Telecommunication in India”.

On 28 July 2022, the Ministry of Communications, Department of Telecommunications, Govt. of India, prepared a consultation paper on the requirement for a new legal framework governing the telecom sector in India. Various stakeholders have requested an evolution of the legal framework concerning the changing technology. The consultation paper can be accessed from: Click here to read...

The legal framework for telecommunications in India is governed by the laws enacted before the independence from colonial rule. In recent decades, technology has changed significantly. To keep pace with the dynamics of technology, many nations, including the United States (in 1996), Australia (1979), the United Kingdom (2003), Singapore (1999), South Africa (2000), and Brazil (1997) have advanced the telecommunication legislation.[1]

Indian Telecom Service Providers are likely to launch 5G mobile services during 2022-2023

In a notification dated 15 June 2022, the Department of Telecommunication (DoT), Ministry of Communication has initiated the process of auction of spectrum in 600 MHz, 700 MHz, 800 MHz, 900 MHz, 1800 MHz, 2100 MHz, 2300 MHz, 2500 MHz, 3300 MHz, and 26 GHz Bands which includes the spectrum required for the launch of 5G Services in India. It is expected that the Indian Telecom Service Providers (TSPs) will launch 5G mobile services in India during 2022-2023.

To enable design-led production of 5G-related products in India, the DoT has modified the rules for the Production Linked Initiative (PLI) plan for manufacturing telecom and networking products. One of the amendments included a 01 per cent higher incentive for products qualifying the design-led criteria. [2]

Indian Air Force launched an Artificial Intelligence Centre of Excellence

Under the aegis of UDAAN (Unit for Digitisation, Automation, Artificial Intelligence and Application Networking), the Indian Air Force (IAF) launched a Centre of Excellence (CoE) for AI. The CoE was inaugurated by Air Marshal Sandeep Singh, Vice Chief of the Air Staff (VCAS), on 10 July 2022 at Air Force Station Rajokri, New Delhi. A Big Data Analytics and AI platform for managing all aspects of Analytics, Machine Learning (ML), Natural Language Processing (NLP), Neural Networks, and Deep Learning algorithms has been commissioned in the IAF's AI Centre. The newest servers powered by Graphical Processing Unit (GPU) would handle the high-end compute requirements.

“The IAF has taken proactive steps to embed Industry 4.0 and AI-based technologies in its war-fighting processes. The AI CoE with high-end compute and Big Data storage capabilities, coupled with full-spectrum AI Software suites, would substantially enhance operational capabilities of IAF,” said the VCAS while addressing the gathering.[3]

MeitY released the Draft “National Data Governance Framework” Policy for public consultation

On 27 July 2022, the Minister of State (MoS) for Electronics & Information Technology (E&IT)— Rajeev Chandrasekhar, informed the Lok Sabha (the Lower House of the Indian Parliament) that the Ministry of Electronics and Information Technology (MeitY) released the Draft “National Data Governance Framework” policy on 26 May 2022, for public consultation, and the draft policy is under finalisation. The policy aims to ensure that non-personal data and anonymised data from both government and private sector are safely accessible by Research and Innovation eco-system. It will also provide a framework for data/datasets/metadata rules, standards, guidelines, and protocols for sharing non-personal data sets while ensuring privacy, security, and integrity/trust.[4]

Government of India may introduce new law regarding IT and Data Protection

On 22 July 2022, the Minister of State (MoS) for Electronics and Information Technology (E&IT)— Rajeev Chandrasekhar, informed the Lok Sabha (the Lower House of the Indian Parliament) that government aims to ensure Open, Safe & Trusted, and Accountable Internet for all users. The Ministry continues to engage in discussions with various stakeholders, including industry, legal experts, and academicians, to achieve the objective of new legislation, amendments to the Rules, etcetera. The existing Information Technology (IT) Act was enacted in 2000, around 22 years ago. Since then, technology and the Internet have evolved at a fast pace.[5]

CERT-In issued an advisory about multiple vulnerabilities in Apple macOS

On 29 July 2022, the Indian Computer Emergency Response Team (CERT-In) issued an advisory highlighting the multiple vulnerabilities that have been reported in Apple macOS, which a remote attacker could further exploit to execute arbitrary code, bypass security restrictions, and cause a denial of service conditions on the targeted system.
The vulnerabilities exist in Apple macOS due to out-of-bounds read in Apple Script, SMB and Kernal; out-of-bounds write in audio, ICU, PS Normaliser, GPU drivers, SMB and WebKit; authorisation issue in AppleMobileFileIntegrity; information disclosure in Calendar and iCloud photo library; logic issue in File System Events, PluginKit, Windows Server and Automation. A remote attacker could exploit these vulnerabilities by persuading a victim to visit maliciously crafted web content. The advisory also suggested applying appropriate patches as mentioned in the Apple Security Updates. [6]

INTERNATIONAL
Chinese government’s PR entity approached TikTok to open a “Stealth” propaganda account

According to news reported by Bloomberg, the Chinese government’s entity responsible for Public Relations attempted to open a “stealth” TikTok account targeting western audiences with propaganda. In response, TikTok executives pushed-back the attempt for the stealth account. The push-back highlighted the internal tensions ongoing within TikTok, owned by Beijing-based ByteDance Inc., as it has constantly attempted to distance itself from Chinese state propaganda and influence.

“Chinese government entity that’s interested in joining TikTok but would not want to be openly seen as a government account as the main purpose is for promoting content that showcases the best side of China (some sort of propaganda),” said a TikTok employee and colleague of Elizabeth Kanter, TikTok’s Head of government relations in the UK, Ireland, Netherlands, and Israel, via a message in April7 2020.[7]

Russia fined WhatsApp, Snapchat and others for storing user data outside the nation

On 28 July 2022, Moscow’s Tagansky District Court imposed a fine on Meta Platforms Inc’s— Meta, WhatsApp messenger, Snapchat owner— Snap Inc., and other firms, including Match Group, Hotels.com, and Spotify, for their alleged refusal to store the data of Russian users within the country. Amid the Russia-Ukraine armed conflict, Russia has clashed with big tech firms over content, censorship, data and local representation in escalated disputes.

Following a 04 million rouble fine in August 2021, WhatsApp was penalised 18 million roubles (roughly USD 301,255) by the Tagansky District Court for a repeat offence. The fine imposed on WhatsApp was higher than the 15 million roubles fine imposed in July 2022 for a repeat infraction on Google, a subsidiary of Alphabet Inc. The Court also fined “Tinder” owner— Match Group around 02 million roubles, Snap and Hotels.com, owned by Expedia Group Inc., 01 million roubles, and Spotify— a music streaming service, 500,000 roubles. “The five companies had not provided documents ensuring the storage and processing of Russian users’ data was taking place in Russia in time,” said the Communications Regulator— Roskomnadzor.[8]

China may transform the “Global Internet Conference” into an “International Internet Organisation”, claimed the Chinese State news agency

Since 2014, China’s Cyberspace Administration has been organising a World Internet Conference, where technology companies and government representatives of other nations convene to discuss the Internet and where China propagates its vision of State Internet control. Recently, according to a Chinese State news agency— Xinhua, “Beijing plans to transform the global internet conference into International Internet Organisation.” The organisation’s founding members include institutions, organisations, businesses, and individuals from nearly 20 countries. Some other State news agencies indicated that Afghanistan, Cambodia, North Korea, and Syria are among the member countries. On its successful transformation, Chinese-led International Internet Organisation could threaten global technology standards and the global Internet itself. [9]

A network of 11,000 phoney investments sites targeted Europe

Researchers at a cyber security firm— Group-IB, discovered a network of more than 11,000 domains engaged in promoting numerous fake investment schemes to users in Europe. As a modus operandi, the platforms show fabricated evidence of enrichment and falsified celebrity endorsements to create an image of legitimacy and lure many victims. In the phoney process, the user gets tricked into an opportunity for high-return investments and is convinced to deposit a minimum amount of EUR 250 (₹ 20,410) to sign up for the fake services. At the time of reporting, the countries targeted included the United Kingdom, Belgium, Germany, the Netherlands, Portugal, Poland, Norway, Sweden, and the Czech Republic.[10]

Endnotes :

[1] “Need for a new legal framework governing Telecommunications in India”, Ministry of Communications- Press Information Bureau, 28 July 2022, accessed on 06 August 2022, available from: https://pib.gov.in/PressReleasePage.aspx?PRID=1845920
[2] “5G Networks”, Ministry of Communications, 27 July 2022, accessed on 06 August 2022, available from: https://pib.gov.in/PressReleasePage.aspx?PRID=1845325
[3] “Artificial Intelligence (AI) Centre of Excellence (CoE) launched by IAF”, Ministry of Defence, 10 July 2022, accessed on 05 August 2022, available from: https://pib.gov.in/PressReleasePage.aspx?PRID=1840695
[4] “National Data Governance Framework Policy”, Ministry of Electronics and Information Technology, 27 July 2022, accessed on 05 August 2022, available from: https://pib.gov.in/PressReleasePage.aspx?PRID=1845318
[5] “New law relating to information technology and data protection”, Ministry of Electronics and Information Technology, 22 July 2022, accessed on 05 August 2022, available from: https://pib.gov.in/PressReleasePage.aspx?PRID=1843845
[6] “CERT-In Vulnerability Note CIVN-2022-0313: Multiple Vulnerabilities in Apple macOS”, Indian Computer Emergency Response Team, 29 July 2022, accessed on 07 August 2022, available from: https://www.cert-in.org.in/
[7]Olivia Solon, “Chinese government asked TikTok for Stealth propaganda account”, Bloomberg, 29 July 2022, accessed on 06 August 2022, available from: https://www.bloomberg.com/news/articles/2022-07-29/chinese-government-asked-tiktok-for-stealth-propaganda-account
[8] “Russia fines WhatsApp, Snap and others for storing user data abroad”, Reuters, 28 July 2022, accessed on 06 August 2022, available from: https://www.reuters.com/technology/russia-fines-snapchat-owner-data-law-violation-ifax-2022-07-28
[9]Justin Sherman, “China’s New Organisation Could Threaten the Global Internet”, Slate, 29 July 2022, accessed on 06 August 2022, available from: https://slate.com/technology/2022/07/china-world-internet-conference-organization-standards.html
[10]Bill Toulas, “Huge network of 11,000 fake investment sites targets Europe”, Bleeping Computer, 31 July 2022, accessed on 08 August 2022, available from: https://www.bleepingcomputer.com/news/security/huge-network-of-11-000-fake-investment-sites-targets-europe/

Contact Us