Abstract
This paper analyses how advances in artificial intelligence (AI) protect and infringe digital privacy in this era. This research examines how far the legal system has succeeded in protecting digital privacy and the future development of digital privacy law. This abstract analyses whether existing digital privacy laws are enough to protect individual rights or require more effort to assemble suitable digital legislation. A descriptive and analytical research design was used to examine the influences of artificial intelligence. A literature-based approach has been used to identify the impacts and recent developments in our legal system to ensure the safety of our users. Data in this research is collected through secondary data such as online databases, research tools, existing research, and precedents, the current situation is evaluated through online news articles. this research uses the comparative data analysis technique to compare the differences and similarities of opinions by assessing different sources. The research based on publicly displayed secondary sources has been credited properly through the Bluebook 19th edition citation method.
Keywords: Artificial Intelligence, Digital Privacy Law, AI and Law, Legal Case Analysis, DPDPA, Technology Law, GDPR, IPR.
Introduction
In today's world AI has become the cutting edge technology in every sector which includes basic tasks like adding numbers, calculating and rephrasing data to the more advanced jobs such as detecting online dangers, automatically blocking unknown data transactions, and pinpointing doubtful activities but at the same time AI has become a matter of concern, such as government for surveillance using AI models which are causing little infringement to privacy rights of an individual, AI chatterbots are having access of confidential information in current era of artificial conversationist which is putting the privacy at a serious threat.
To understand the whole concept of AI and its impacts we need to understand the literal meaning of Artificial Intelligence. The term intelligence means having the ability to understand, differentiate, and separate the unimportant from the important. In the same way, artificial intelligence is created to make a machine capable of performing these skills.
This article will discuss the growing use of artificial intelligence and its positive and negative influences on an individual's privacy. This research is about the recent developments in digital privacy law and the necessary reforms for the safety of future AI users. Additionally, this paper will discuss that AI is changing the aspects of digital privacy by raising a huge question on the ethical use of artificial intelligence-generated content.
This paper will address the huge contemporary issues related to AI that need addressing. Let's get into the pool of knowledge about this constantly growing topic through this article.
Literature review
AI-Generated Digital Crimes
a) Deep Fakes
Recently, in India, there has been a huge expansion of deep fake content on the social media platforms of renowned celebrities, which diverted the attention of the crowd towards the digital privacy of females in India. Not only females but even well-known politicians are affected. As per the survey of cyber security company McAfee, Seventy-five per cent of Indians have consumed deep fake content, and 38 per cent have become the target of deep fake scams.
Deep Fake crime took birth in 2017 when pornographic videos were made by using Google face-swapping technology to form porn videos. It increased in large amounts when Chat GPT introduced generative AI technology. There are a lot of measures taken by the United States such as the introduction of various legislations for example Preventing Deep Fakes of Intimate Images Act, Defiance Act and Intimate Privacy Protection Act.
However, in this matter, India lacks particular legal developments for addressing deep fake crimes there are some provisions under the Information Technology Act IT Act 2000 that can prevent digital crimes and able to punish the wrongdoers. Under the Criminal law of India, some provisions address the issue of crime against women. But the question that arises here is whether India is ready to address the crimes of new-age technology in India or whether India is still lagging in this sector. The fintech head of Vidhi Centre for Legal Policy also addresses this issue by stating that our laws were not created with a view in mind about the new age tech-based offences. She also recommended that reform in our legal system must be based on the current situations arising out of digital crimes through artificial intelligence.
b) Cyber Attacks
AI is now turning into a big weapon for criminals specifically for cybercriminals. AI is emerging as a large supporter of malicious actors to achieve unforeseen, dangerous criminalities in much more sophisticated and hard-to-predict actions. Increasing AI control over our day-to-day lives is a doubtful advantage. AI-powered crimes are trapping society into an unexplored web of danger where wrongdoers are executing severe crimes by learning cybercrime techniques and implementing those techniques to make unpredictable cyber crimes which also enables them to create it as undetectable as possible.
c) AI Data Mining
AI data mining is gathering data from social media platforms, search records and many other platforms to create personalised profiles which is a matter of concern about the privacy of individuals because data collected through this process can be used against an individual which can lead to compromising the right to privacy.
d) AI Advanced Social Engineering
Social Engineering is a manipulation practice that manipulates human behaviour and makes them share their confidential information which is later on used by the social engineers to trap them or use it in an unauthorised or deceptive manner.
Let's understand the concept of social engineering through an example :
A’s got an email from a bank or online service platform that seems legitimate that mail stating that urgent action should be taken otherwise your account will be compromised.
This mail will have a fake link, which can land you in big trouble. Your information will directly be inserted into the system of criminals now they have access to your data to use it in an unauthorised manner and will be able to access your other accounts. This is called a phishing scam an example of social engineering.
There are tons of techniques out there by which this malpractice can be stopped but the thing there must be serious implementation of the strategies. Let's discuss a few of them herein;
The most effective technique by which the general public can be safeguarded is by spreading awareness about the scams through campaigns, social media, chatbots etc. Despite spreading unnecessary rumours, we need to be aware of our society.
I would like to share my personal experience. In recent days there has been a big spread of scam videos on social media in which fraudsters address themselves as public service personnel calling parents and stating their child as a criminal asking for a settlement by some ransom. This is called an AI voice cloning scam. We are becoming aware of it by watching it on social media and when my father witnessed this he was already aware of this deception. This is the best way to use these platforms against the wrongdoers.
Other important techniques can be used such as software that is AI-driven and capable of detecting unusual activities, Passwords of different accounts must be a difficult nut to crack and having different passwords for different accounts can solve the problem, introducing multi-layers of authentication can prevent the cybercriminals from cracking the user password.
There are tons of techniques out there by which these malpractices can be prevented but there must be serious implementation of the strategies.
Is Artificial Intelligence helping to protect the right to privacy?
Few methods are prevailing to protect the right to privacy by using artificial intelligence.
By using Data Anonymization (Pseudonymization)
This is a method through which the private and confidential information of the individual gets encrypted or removed by AI.
For example: if a medical practitioner needs some personal information about the patient for his treatment but they are very concerned about the protection of the personal information of the patient. In this case, they use AI to keep the information confidential regardless of providing it to the doctor. By using this technique the patients can be treated without giving personal information through other documents such as personal details etc.
2. Privacy-Preserving Machine Learning
In this, there are several techniques such as federal learning. Federal learning is the model in which AI is trained on decentralised data without sharing or centralising data.
This can be a way by which confidential or personal data will never get exposed and protects the right to privacy.
3. Automatic compliance with the law
This is an automatic compliance model in which the AI can detect automatic noncompliance with Digital Privacy laws such as DPDA 2023. This function of AI will be a great protector of privacy.
Law related to digital privacy
In this automated era of Generation Z (Genz) of advanced Artificial Intelligence Criminals committing cyber offences like deep fakes, automated disinformation attacks, financial threats and frauds, identity thefts, celebrity pornography, and even manipulated election activities etc. All these types of AI Crimes have nearly increased at a faster pace of 464% in the past 5 to 7 years since the Indian Government launched the Indian Computer Emergency Response Team (CERT-In) in 2017. It is the first step towards a regulatory body specifically for cyber crimes and reducing AI-generated crimes.
India is one of the largest mobile-using countries having 1.2 billion users of mobiles and nearly 700 million users are smartphone users. One research found that India is the second largest country having cyber crimes and Asia’s largest country having cyber issues and AI crimes. The Indian legal system has also taken sound steps back at the beginning of the 21st century i.e. Information Technology Act, of 2000. This Act laid down the provisions related to cyber security After that, Information Technology (the Indian Computer Emergency Response Team And Manner Of Performing Functions And Duties) Rules, 2013 (CERT-In Rules) came into the picture with some regulating provisions for cyber culprits and cyber crimes. These rules were made in pursuance of the launch of a 3G network offering fast-speed connectivity which enables the attackers to commit cybercrime within seconds.
Recently, the Central Government at the beginning of August 2024 commenced Digital Personal Data Protection Act, 2023. This act was launched in 2023 considering the rapid increase in AI generative offences becoming a threat to digital privacy. The Right to Life under Article 21 covers the Right to Privacy which also covers the right to protect digital information. After several discussions and debates the central government enacted this act to give equal importance to the digital rights of an individual, in 2023 There is no direct provision addressing AI but the definitions of processing and automation cover the wider ambit including artificial intelligence. The great advantage of this Act is penal provisions for cyber attackers. It also includes the regulation of the usage of data and its storage by the Social Media MNCs. The whole control over the data of a person is in their hand and if there is a personal data breach there are strict penal provisions for such breach.
To regulate the high risks of AI crimes in India, the government is deliberately considering the introduction of the Digital India Act. This Act aims to prevent AI Crimes and the provisions shall be more AI regulating oriented. However, we must become responsible and self-dependent on authentic sources rather than over-dependence on AI. AI is more prone to be biased and outdated. Practically, AI is not a human and, hence, it cannot think unbiasedly, and emotionally, keeping social norms in view and many more factors that AI cannot bear such intelligence.
Case Laws
Let's discuss some precedents related to cyber crimes in India.
Carpenter vs United States 2018:
Summary of the case
Timothy Carpenter was the defendant in this case He was accused of several armed robberies in the Radio Shack and T mobile stores in Michigan and Ohio. He was leading a group that had previously accused people.
The most important evidence against him was his mobile phone. The FBI obtained his location through his mobile phone through cell site location information.
The major point of contention in this case is the location history of his cell phone which was taken without any warrant.
Fact in Issue
Whether FBI authorities have the right to acquire the CSLI without a warranty
Whether the act of the FBI authorities is causing an infringement of the right to be free from unreasonable searches.
Decision of the Court
The court held that the FBI does not have the right to access the phone history without prior permission of the court.
The court stated that taking such information comes under the Fourth Amendment.
2. KS Puttaswamy vs UOI
Summary of the Case
KS Puttaswamy was a retired judge who challenged the constitutionality of the Aadhar card scheme introduced by the Indian government. According to KS Puttaswamy, the requirements of this scheme such as taking biometrics of the Indian citizens in order to prove their citizenship is a direct infringement of the fundamental right to privacy guaranteed under the constitution.
Judgement
This judgement was held by the Nine Judge bench of the Supreme Court of India. In this case, the court clearly mentioned that the right to privacy is a Part III of the constitution which guarantees the Right to Privacy as a fundamental right of every citizen.
In this case, it was also stated that despite the fact that the right to privacy is a fundamental right it is not an absolute right.
While making any challenge to this right any authority needs to consider three major essentials.
Whether their contention is backed by legitimate aim or not.
While evaluating any contention one needs to satisfy its proportionality.
Legality
The Main Crux of this judgement is that the Right to Privacy is a part of a fundamental right.
FINDINGS
HUGE OUTBREAKS OF CYBERCRIME IN INDIA
Cybercrime complaints as per the report of National Cyber Crime:
YEAR | STATE | NO OF COMPLAINTS |
2023 | DELHI | 755 |
2023 | HARYANA | 381 |
2023 | TELANGANA | 261 |
2023 | INDIA {PER LAKH} POPULATION | 179 |
LEADING STATES
Conclusion:
In this journey of writing this research paper, it is quite clear that AI is a double-edged sword. AI is not just a blessing to us but also a biggest curse to the right to privacy of an individual in society. As per the reports, India still lacks adequate digital data protection legislation against the growing negative impacts of AI. However, it is evident from the research that there are a lot of other laws protecting the right to privacy but still as per the needs of the constantly evolving change in the global legal system The legal system needs to take a shift from the traditional ways of dealing with the crimes and to create more legal developments specifically considering the digital privacy, cybercrimes and artificial intelligence impacts.
From the above paper, it is also concluded that most of the crimes happening through AI in this era are affecting the dignity of women on a large scale. It is evident after witnessing offences such as Deepfake videos of female celebrities, deepfake pornographic videos of women and things like digital rapes are of great concern and need the attention of our legal system. There must be strict action taken by the lawmakers for digital crimes against women, otherwise, the day is looking close when women will not even feel digital safety and digital safety protests will be visible on the streets.
Author:
Sunidhi Sharma
Bharat College of Law, Kurukshetra University
Related Posts
