Social media has become a way of life of many people, it helps to connect people with friends, families, colleagues etc. We have seen with the advent of social media platforms like Facebook, WhatsApp, Twitter, and Instagram has brought a significant change in the lives of the people in both their personal and professional lives.

People share information like personal data, opinions, news etc. Businesses are running over social media, people get jobs that are because of social media, even the government are using social media to get connected with the public. This dependency on social media is enough to prove that social media has grown its roots deep in the social architecture of society.

Social media indeed has countless perks with it, it has helped businesses to flourish, it has increased the reach of education, it has saved the lives of many people around the globe, but even if there is light around us the darkness travels with it.

The risks involved with this unrestricted, getatable and addictive social media platform are huge but are invisible to the public because they are unaware of the big picture. Risks like fake news, unregulated content, phishing, cyber terrorism, syphoning of private data and much more are now getting a lot common across the globe.

Due to the overwhelming amount of data being shared by the user and the nature of social media becoming an easy access ground for the users, the users are becoming prey to the cybercriminals.

Cyber Security and social media: a brief

Since the advent of the internet, people are sharing information with each other and with the increases in the popularity of social media platforms, the amount of data shared are overwhelming.

Before knowing about cyber security, we should first know about social media and its basics. Social media incorporates the internet and lets its users share content, personal opinions, perspectives. Social media contents come in many shapes and forms, the first being text where the user chats with a person, writes a blog, comments in the pictures etc. the second form of content is images which can be anything from a holiday photo of a beach to a shot from a professional photographer. The third form is audio where a user records a podcast or sings and shares it with others and comes video where you can record your video and show it all over the world.

Social media allows you to create your profile over their webpage or the application and then you can upload your text, images, audio, videos etc. the social media profile that you create is like a synopsis of yourself that contains all the information about you that gets updated and accurate every second. social networking sites can be used for promotions and advertisements for e-commerce portal owners. Social media provides a better platform for companies to attract customers for more business opportunities. It gradually accumulates so much information and data about the user that now with some analysis, AI (Artificial Intelligence) can predict the behavioural pattern of the user.

Cyber security is the practice of protecting computers, servers, mobile devices, electronic systems, and data from malicious attacks. There are various types of cyber security:[1]

1. Network security– it provides security to the networks on which different computer interacts, thus providing security from cyber attackers and malware.
2. Information security-protects the privacy of data, both in storage and in transit.
3. Disaster recovery– defines how the business will tackle the problems in the event of a data breach or cyber-attack.
4. End user education– makes the user of the cyber space aware of the surroundings in the cyber worlds

Cyber security is also ensured by making laws on cyberspace. Most of the countries have their laws on the cyber space and India also has laws on cyberspace in the form of the Information technology Act 2000 that tries to ensure the safety of the user in the cyberworld.

Cyber security deals with cyber threats that are mainly divided into 3 types:

1. Cybercrime: an individual or a group of individual targeting systems for some financial gains.
2. Cyberattacks: this type of threats is related to information stealing.
3. Cyberterrorism: the use of the internet as a medium to create a degree of fear and panic.

Cyber Threats: Weapons of the modern era

Cyber threats are the new and threatening weapons of the modern era and with the immense popularity of social media the probability of getting affected by a cyber weapon increased to a different level. There are various cases around the globe that is enough to describe the potency of these weapons. Everyone who is under the influence of the internet and social media are prone to these types of cyber threats. Normally with some precautions, we can be safe from the threats like using antivirus software, not responding to the too good to be true emails or messages but there are cases where even these precautions also cannot save the user from a threat.

These threats are divided according to the user’s knowledge about the attack.[2]

• Cyber: these cyber threats are the threats that are affecting the user because of his conduct, and he knew there could be repercussions because of that conduct.
• Cyber 2.0: these cyber threats are at the different level than the “cyber” because there is a conduct of the user, but he does not know the repercussions and that he has been compromised.

Cases: Nidhi Razdan Case

• Cyber 3.0: these cyber threats are at the different level than previous both threats because the user doesn’t even get to know about his compromised state of privacy.

Cases: Pegasus Chapter

Since many social networking platforms display the user’s posts publicly, attackers can silently collect the information without the user’s knowledge. Sometimes the attackers will go further and gain the access to the user’s information by contacting targets and their friends.

After the attackers collect all the information about the user, the next step is to launch the attack. Attackers can use various methods to do this some are mentioned below.

• Phishing: an attacker can collect information about the target and create a spoof email message to trick the user into clicking the links or sending the attacker his private data.
• Social Engineering: in this case the attacker may impersonate himself to be high-level executive and trick the target to transfer the money or access to the user’s data.
• Brand impersonation: the attackers can use the name of big brand and trick the users into thinking that the message is from a big legitimate brand, and they get compromised with their personal data and credentials.

Nidhi Razdan Case: this case is a perfect example of a phishing attack, social engineering and brand impersonation. Nidhi razdan who was a former NDTV Executive editor who was invited to speak in an event at Harvard Kennedy School in early 2020 and one apparent organizer of the event contacted her about a vacancy for a teaching position. Nidhi Razdan submitted her CV and even got interviewed for 90 minutes and it all seem to be legitimate for her. She did her own research about the teaching position on the website of the school and indeed there was actual programmes. Later she got the offer letter and agreement from an email address that seemed to be legitimate with a letterhead and university insignia and all the signatures of the officials. After a series of exchanges of emails of alleged Harvard email IDs, they even gained personal information about Nidhi in the name of work visa. This continued for some months and in the month of December after getting frustrated she contacted HR at Harvard but had no response. Then in January after contacting the dean of the school, Nidhi got to know that there was no records of her appointment and the people claiming to be the staff of the HR do not exist. This was a huge shock for Nidhi as she got to know that her privacy was compromised and even her bank account details were compromised.

• Spread malware: like brand impersonation, the attacker can create website that could claim to be legitimate business and trick users into downloading malware.

There are 7 different types of malware:

1. Trojans: A trojan disguises itself as a good software for the purpose of implanting malicious software in the computer.
2. Spyware: A spyware is a software that invades a computer and spies on the user to steal personal information like credit card details, browsing data, passwords etc.
3. Adware: It is an unwanted software that displays advertisement on the screen. It also collects personal data from you to serve you with some more personalized ads.
4. Rootkits: this enables the attacker to gain access to the computer without even getting detected.
5. Ransomware: It uses encryption to block access to then until the ransom is paid.
6. Worms: A worms replicates itself by infecting another computer on the same network. They are designed to eat up bandwidth and network.
7. Keyloggers: They keep track on the keys that you press on the keyboard and record them on a log. This information is used to gain unauthorized access to the account.
8. Data Breach: the attackers gain access to the account credentials, which can lead to significant data breach targeting an organization.

Pegasus Case[3]: the Pegasus is spyware made by Israeli cybersecurity firm NSO Group technologies, which the government, which the government says is only sold to the vetted governments.

The list published by the news agencies had around 50000 phone numbers that might have been affected by Pegasus. It included many politicians, activists, lawyers, academics, bureaucrats and even court officials, among many others.

Pegasus exploits the bugs in the Android and iOS devices, which means that the phone could be affected even if it has the latest patch installed.

In 2016 Pegasus could infect smartphones using “spear-fishing” which is a text message or emails containing a malicious link that were sent to the target and the rest depends on if the target clicks the link.

In 2019, Pegasus could infect the device with a missed call on WhatsApp and it can even delete the record of the missed call, making it impossible for the user to know if they had been targeted.

Once entered in the phone, Pegasus can steal all the information on it like SMSs, contacts, call history, calendars, emails. It can also use your phone’s microphone to record calls and other conversations, secretly film you with its camera, or track you with GPS.

Social Media: a necessary evil?

In 2020, 3.81 billion people worldwide now use social media worldwide i.e., 49% of the whole world uses social media.

 Let’s start with what people generally have preconception about these Social Media companies. We think of Google as a tool to search, Facebook as a place to know what our friends are doing, and fundamentally speaking social media feels like a Force for good as it has created a great change in society, it had helped in finding lost family member, organ donors, employment etc., we can see positive changes around the world because of these platforms

But every coin has its flip side.

Fake news has caused riots in many parts of India, misconceptions about many innocent people. It is not just fake news but fake news with consequences.

“How can we handle the problem of the pandemic in the age of fake news”

Fake news is not the only consequence of social media, there is addiction, polarization, manipulation of political thoughts, Cyber Crimes against children and even on the adults who are educated.

One of the reasons behind all these consequences is Advertisements. The big technology companies have made trillions of dollars that have made the tech industry the richest, but we do not pay for the applications we use, we don’t pay for Google, Facebook, Instagram etc. so how do they get rich?

The business model of these companies[4]: are very simple, they just process the huge amount of data which they leach out from your devices and basically create a virtual clone of the user that refines itself with the data that they accumulate over a period of time, any business to succeed, needs advertisement and people to watch those ads, but all the money in advertisement can go in vain if the ads do not get to the potential audience and in order to do that the company need Data in huge numbers, data containing information about your likeness, behavior, personality, video that you watch, engagement time, screentime, political thoughts and some even leach out your bank details . They can sell the information to the companies who want to advertise their product or keep you engaged in a particular platform; it would not be wrong to say that they earn by selling your attention.

• Social media Bubble: What is a social media bubble and are you a part of it? Social media bubble is a curated feed of likeminded friends and highly targeted advertisement. Suppose you are scrolling your Instagram feed and you find a post by an acquaintance, and it was a meme poking your favorite sportsmen, you did not like that post and you without a second thought unfollowed the person hereby creating your own social media bubble. Our brain constructs a model of the world form interactions with out environment and if all interactions are one sided our thoughts will be one sided due to this our empathy for the others will be decreased and since the thoughts have been biased, we would not openly discuss and hear the issues that are not of same ideologies as the other.

To not get into a social media bubble we can make some personal improvements such as:

1. Adjusting the filters: finding less biased sources and listening the issues from both the feed in a balanced way.
2. Don’t delete what you disagree with: Even if you are not in terms with the acquaintances, making yourself exposed to a variety of thoughts prevents you from overestimating the relevancy of your own perspective.
3. Engage yourself with someone who has different views: this can expose you to other thoughts that can uncover from your background.
4. Hate Speech: internet has allowed people to connect, and it has revolutionized the way people communicate with each other. Being able to communicate with a mass, means that we have to get exposed to the ideologies of the public on various topics like politics, public affairs. Hateful message to violence is amplified on social media. The hate speech in online space must draw a line between hate speech and freedom of speech.

Recently after the India Vs Pakistan match, Mohammad Shami a Indian bowler, was abused online by some users because of his poor performance, even Virat Kohli, the skipper of Indian Team, was not save from this hate speech, his newborn daughter was sent rape threats, after the match with New Zealand.

 The big social media earns with these hate speeches and bubbles as they make it easier for the companies to find customers for their advertisements.

Social Media: How to Safeguard Yourself

People are spending an increased amount of time on the internet. With a new social media account, you sign up on, every new picture you post, and status you update on the platform, you are giving away your information about yourself to the world. We need to be proactive and take care of the information that we share in the social media world.

• Use a paid Antivirus: Your Computer, smartphone or other device are constantly connected to the internet, and it is not certain when your system can get affected by a malware. So, you should always update your devices with latest security patch and protect your device with antivirus software.
• Limit the information you post: Users have a habit of constantly updating their profile with their daily life updates, they do not realize that these seemingly random detail is all the criminals need to harm you, your loved ones.
• Speak out if you feel uncomfortable: if you feel your friend has posted something that you are not comfortable with and if you have been approached by a friend be available to them and remove the post if possible.
• Report suspicious or harassing activity: if you see someone harassing users and if you see some post which is not as per the guidelines, you should report the user to the platform’s cyber security.
• No delete button on the internet: Even if you had deleted your post there are possibilities that someone might have seen it of have saved it.
• Update privacy Settings: Set the privacy setting to which you are comfortable with, do not share your location, and which allows anyone to see where you are.
• Do not connect with every people: while someone social network might seem to be safe, but it is a myth, you never know who is behind the profile, who is stalking you and who are behind your life.
• Stay away from cyberbullying: Do not indulge in cyber bullying and if you are being bullied report it to the authorities.

The Facebook Papers

Facebook is one of the first social media platform and for many it is the first social media where they have created their account, in the current situation Facebook sits at the hierarchy of the social media companies, it owns Instagram and WhatsApp which increases its user base manyfold.

In recent times huge allegations has been framed against Facebook, it is said that Facebook has encouraged hate speech and violence in many countries, indirectly supporting extremist groups and misinformation, and because of the algorithm of Facebook riots and violence were seen around the world.

These allegations were made on Facebook by an ex-employee of Facebook, thousands of papers are leaked by her, and the leaked papers are now referred to as “The Facebook Papers”, the whistleblower who has leaked the internal document is Frances Haugen, a 37-year-old lady who is an engineer. She was in the civic integrity team founded by Facebook and the aim of the team was to keep a watch over election interference, but this team was disbanded after the 2020 US presidential election. Frances gradually saw that Facebook was doing nothing to tackle misinformation and due to the fake news on the platforms, there were increased cases of riots around the world. Out of frustration, she decided to resign and before doing that she copied thousand of the internal documents and reached out to different news consortiums. She had also filed 8 complaints in the US security and exchange commission. She also appeared before the US senate committee to give her testimony Frances has said that through this revelation, she does not want to defame Facebook, instead she wants Facebook to acknowledge these problems and rectify the internal problems. Because of Facebook’s algorithm democracy is literally in danger around the world, Children are in danger and violence is spreading globally.

Frances said “Having worked in four different types of social networks I understand how complex and nuanced these problems are however the choices being made inside Facebook are disastrous for our children for public safety or privacy and for our democracy and that is why we must demand Facebook make changes”[5]

Let us now talk about what has been revealed in the Facebook papers.

In Feb 2019, the researcher created a dummy account to see the experience of an Indian user and to see what the Facebook algorithm would recommend to this user, and the recommendation that the saw was shocking. In just three weeks the feed of the test account was inundated with fake news and inciteful things on its newsfeed like violence, photos of corpses, porn, hate news against Pakistan, several images with fake news being circulated.

With the papers leaked, the consortium got to know that 87% of the revenue allocated for fake news is only for the United States and the rest 13% is for the other countries. Also, even if Facebook wanted to tackle hate speech, it could not have been possible because of language barriers.

Facebook was partial with the hate news, some of the news was kept on the platform, much of the content from RSS and other religious group are never flagged because of political sensitivities.

Also because of the polarization created by Facebook, US capital riots were seen, and many have taken place after that.

The document also reveals how body image issues in girls were aggravated by Facebook, for every one in three girls face insecurities after coming to Facebook.

Facebook need to make a change in their algorithms and make this a better spot for the users.

Metaverse: need of cyber security overhaul?

Social media as we think is a platform where we are limited to text, images, videos yet we are constantly moving towards more and more engaging mediums, we have moved from reading newspapers to reading on smart devices.

Recently Facebook has announced that they are changing their name to Meta to create a new evolved social media platform called “Metaverse”. Here you are not looking on a screen, but you are inside of the social media itself. You could do everything that you did with your fingertips in such a way that feels real, its like you are there in the virtual world. It’s a shared new cyber universe that Meta is trying to create.

This Metaverse can be achieved through a combination of Augmented reality and virtual reality. There are undeniable positives of this Metaverse

• Metaverse will allow you to live out your Fantasies: you could travel wherever you want, do what ever you want and be with whomever you want in any specified time of the history.
• Metaverse will allow you to express yourself: normally you have profile pictures to express yourself on the social media, but the Metaverse allows you to be an avatar of yourself on the platform you can express yourself however you want too, you can be whatever gender you want whatever race you want, whatever color, physic etc.
• Metaverse will change the education and job sectors: being in the virtual world the person can attend colleges and school from home and people can go to their jobs.
• Metaverse allows business to thrive: People can start their business on metaverse creating their own innovation on the metaverse platform. The more people shift towards metaverse the more people will get digital goods.
• Metaverse makes everything productive: as people will be in their suitable environment and home, they will be more productive because of the metaverse.

The positives are so overwhelming that it sounds too good to be true, every coin has two faces and metaverse is not an alien to this idiom. There are many key factors that make this evolutionary social media a bit scary.

Let’s be honest Facebook has a very bad relationship with handling users’ data in previous years we already have given a lot of our precious information to Facebook with was a bit limited but with metaverse the door to sensitive personal data might be in danger, we here are not talking just about some holiday photo that we share but literally whatever we do in Metaverse and its not a good option to give those data to a company who has such records in past. Data like your brain activity can also be taken by metaverse and this is very much scary.

Its also alarming because of the fact that we are only shown the content that we agree with and the content that we want to see by social media, it this concept is taken in the realm of metaverse we could really lose touch about what is real. The power to manipulate not just your news feed but your whole virtual world is bizarre. This means that if you don’t like homosexuals the platform will make a world where there are no such people. Such kind of polarization can make the world a very dangerous place where everyone is living in their own dream world.

Imagine your friend’s account being hacked and now you are hanging out virtually with a cybercriminal who is leaching out data from your account.

Social media generally has teams that take care of hate speech, terrorism, cyberbullying and they are no good in this now with this level of complexity in the metaverse it would be quite impossible to moderate the platform without having data of all the users, all the action will be monitored.

The question arises here is that how to stop these problems and the answer to this is simple i.e., opening up and letting users decide what data are being taken by the company and companies are required to open up about what they will actually do with the data that they took.

Government should also have strict laws on the cyberspace and security as the future of cyberspace will be very much complex and we need our laws to be up to date with every change in the cyber world.

Improving Cyber Security in India: Are we too late?

Our Indian Legal System is relatively new to the subject of cyberlaw, it is a new branch in jurisprudence to create order in the cyberspace, which regulates the rights of the internet users. The Indian Government has the Information Technology Act 2000 in which the sections of this Act empower Internet users and attempt to safeguard cyberspace.

As these Acts are not refined according to the present scenario of the Cyber Space, In the end of 2019, a new bill [6]was introduced in Lok Sabha by Mr. Ravi Shankar Prasad Minister of Electronics and Information, this bill seeks to provide protection of personal data of individuals and established a Data Protection Authority for the same, and recently The Information Technology (IT) Rules, 2021 were released by the Ministry of Electronics and Information Technology (MeitY) in February. The question is “Why do we need those data protections and authorities?” and “Will the new rules and regulation affect the normal users of social media?”

The problem not just lies in social media misusing our personal data but the amount of cybercrimes that has started to take place in India, the case of Nidhi Razdan, Assamese Exodus Case, Cosmos bank case, Pegasus case etc have raised the necessity of Cyber Security and it is very much clear by the occurrence of these cases in past years, because of increase in the number of cybercrime these days when entire infrastructure of finance, school, businesses have gone online, the Data protection bill and the Information Technology act 2021 should help in lessening the crimes in this omnipresent cyber world which must not be allowed to get unbridled and unchecked.

Data protection bill imposes certain regulations on the companies about how the data can be stored and how the data can be used by the companies, it also proposes “Purpose limitation” and “Collection limitation”, which limit the collection of data to what is needed for clear, specific, and lawful purposes. The bill calls for the creation of “Independent regulator data protection authority” and “Data protection officer” in each company for auditing, grievances redressals and more. Social media being used to spread fake news, which has caused lynchings, national security threats, can now be monitored, checked, and prevented in time.

According to the Supreme Court in the Puttaswamy[7] Judgement 2017, the right to privacy is a fundamental right and it is necessary to protect personal data as essential facet of privacy.

The Government had framed the information technology rule 2021 in February this year. These rules require the social media platforms to quickly tighter set of rules within three months, which ended on May 25. The noncompliance with these rules can make the matter worse as the relationship between the government and Twitter has gone very bad. The rule would remove the non-consensual intimate pictures within 24 hours, create a system of transparency, have a dispute resolution mechanism for content removal, adding a label to information for users to know whether the content is advertised, owned, sponsored.

Cyberspace is getting complex every day and because of the dynamism of the cyberspace, it is necessary that cyber security should cope with the changes in cyberspace and laws should be formed accordingly.

---

[1] https://www.analyticsinsight.net/five-types-cyber-security-organizational-safety/

[2] Division of the cyber threats according to the level of sensation of the attack to the user.

[3] https://www.scobserver.in/cases/manohar-lal-sharma-prime-minister-pegasus-spyware-probe-case-background/

[4] Business model of the company are openly told to the public on a documentary called “the social dilemma” on Netflix.

[5] Frances said these words in the senate committee

[6] The Personal Data Protection Bill, 2019 (prsindia.org)

[7] Justice K.S.Puttaswamy(Retd) vs Union Of India on 26 September, 2018 (indiankanoon.org)