A visible enemy at the border can be taken down by our vigilant security forces but in the era of new tech, the enemy has not only become invisible, it has even made super powers kneel down before it. Military hardware worth billions of dollars can become worthless in front of a teen hacker. Verified social media accounts of heads of state can be breached just like that.
Recently, the 542-page report of the Joint Parliamentary Committee on Personal Data Protection Bill, 2019, was tabled in Rajya Sabha, demanding greater accountability from social media platforms. The report, among other things, recommends declaring all social media platforms as “publishers” and having a permanent grievance redressal system in India. This year alone, India has witnessed 8.6 crore cases of data breach—third highest after the US and Iran.
Prime Minister Narendra Modi’s personal Twitter account @narendramodi was hacked for a short period on December 12. The account has more than 73 million (7.3 crore) followers. Prime Minister’s Office (PMO) swung into action and secured the account. Indian Computer Emergency Response Team (CERT-In) under the Ministry of Electronics and Information Technology (MeitY) launched an investigation. According to Twitter, PM’s account was not compromised due to any breach in the social platform’s system. As per Twitter’s statement, they have 24X7 open lines of communication with the PM’s office and they took immediate steps to secure the compromised account. However, it is too early to say if there was no fault on the part of Twitter.
Last year in July, Twitter accounts of Jeff Bezos, Bill Gates, Joe Biden, Elon Musk and Barack Obama, among others, were hacked. A total of 130 accounts were targeted in that attack. Tweets were sent from 45 accounts asking followers to send Bitcoins to a specific address to get double the returns. After that incident, then Twitter CEO Jack Dorsey said that it was a tough day for Twitter. Twitter stated, “A successful attack required the attackers to obtain access to both our internal network as well as specific employee credentials that granted them access to our internal support tools.”
After last year’s incident, Bloomberg reported that around 1,500 employees and partners of Twitter had access to the admin tools that gave them the ability to reset accounts as had been done to hack more than a hundred accounts in July.
Coming back to the recent hacking of the Prime Minister’s account, the Parliamentary Standing Committee on Information Technology questioned MeitY officials about the incident, but they could not give details other than what was available in the public domain.
If this hack was a result of an internal lapse, the officials concerned and MeitY ought to follow a two-factor authentication protocol. If this additional security feature is enabled, the unauthorised users would need a password along with a secondary authentication.
Last year too, in September, Prime Minister Modi’s Twitter handle was hacked, asking his followers to donate to Prime Minister’s relief fund for COVID-19 through cryptocurrency.
Besides cyber security, the repeated incidents of hacking of the Prime Minister’s account throw light on three aspects vis-à-vis tech regulations in India.
First, the frequency at which social media accounts of top ministers, bureaucrats and politicians are being breached. India has an estimated 53 crore WhatsApp users, 44.8 crore YouTube users, 41 crore Facebook subscribers, 21 crore Instagram clients, and 1.75 crore Twitter account holders. In the last 11 months, India witnessed an estimated 8.6 crore cases of data breach. Last month, WhatsApp account of CEO of Odisha Computer Application Centre (OCAC), a state-run IT agency, was hacked. Cybercriminals demanded money by sending distress messages to his WhatsApp contact list.
ALSO READ | Personal Data Protection Bill: Overbroad Exemptions on Data Processing Dilute Govt’s Own Cause
Second, what do you do once your account is hacked? For all such offences, compulsory police FIR needs to be registered. As per the IT Act & Rules, it is mandatory for the intermediary companies to have Designated Officers in India for grievance redressal.
The IT Rules, 2021 require “significant social media intermediaries” to follow additional due diligence, including the appointment of a chief compliance officer, nodal contact person and resident grievance officer. All three officials will have to reside in India. As per news report, Facebook’s new company Meta is searching for a grievance officer and a compliance officer in India.
Thousands of hacking incidents and cyber crimes go undetected in India as police and enforcement agencies are not able to take effective action due to lack of cooperation from these social media companies. As per the new IT Rules, it is mandatory for these tech giants to provide details of their company’s Grievance Officer, Compliance Officer and Nodal Officers based in India and issue a public notice on the same as and when asked by the government.
In the digital world, it is not possible to completely eradicate cybercrimes. But social media users deserve an effective grievance redressal mechanism. Besides, it will also take some load off the police and intelligence agencies’ backs.
Third, in August 2013, Delhi High Court passed various orders in the K.N. Govindacharya vs Union of India matter. Accordingly in 2015, Department of Electronics and Information Technology (now MeitY) issued ‘Framework & Guidelines for Use of Social Media for Government Organisations’. As per the affidavit submitted by the government before the High Court, officers must ensure compliance with the provisions of The Public Records Act, 1993. For official purposes, government and other statutory/regulatory agencies working with it ought to use the NIC network since the usage of Gmail, Hotmail or Yahoo is not allowed. In the wake of hacking incidents, it is imperative that government ensures that social media accounts of government servants and public authorities are not maintained through Gmail or other private email ids. Besides posing a big security risk, it also violates law and government guidelines.
Finally, the question that we must all ask is this—who ensures the safety of the general public in this digital era when the heads of state can fall prey to cybercrimes?
Virag Gupta is a columnist and advocate. He can be followed @viraggupta. The views expressed in this article are those of the author and do not represent the stand of this publication.
Read all the Latest News, Breaking News and Coronavirus News here.