Welcome to our fortnightly newsletter, where our reporters Kruttika Lokesh and Dhananjay Dhonchak put together handpicked stories from the world of tech law! You can find other issues here. [Ed Note: This newsletter has been prepared by Dhananjay Dhonchak and Sanchit Khandelwal]
Paytm approaches Delhi HC alleging lack of action by telecom companies against phishing
Paytm has knocked the doors of the Delhi High Court complaining that the telecom operators are not taking action against fraudsters carrying out phishing activities under Paytm’s name. The petitioner has claimed that its users are being duped using unsolicited commercial communications (UCC) in the form of SMS or voice calls made over telecom companies’ networks.
Phishing is a cybercrime where people are contacted by email, phone calls or text messages by someone posing as a legitimate representative of an organisation to lure them to part with their sensitive data, like banking and credit card details and passwords. Paytm has alleged that even after such irregularities were brought into notice of telecom companies, no action to block the fraudulent registered telemarketers (RTMs) and impose penalties was taken. The Telecommunication Commercial Communication Customer Preference Regulations, 2018 place the burden to prevent UCC on telecom companies, requiring them to register all telemarketers, verify them, assign them header and unique content templates. The petitioner has also alleged that telecom companies do not verify telemarketers before granting them access to their database. The tech giant has claimed that inaction on the part of telecom companies has caused “financial and reputational loss” to it, for which it has sought damages of ₹100 crore.
- IANS, “COVID-19 related phishing attacks up by massive 667%: Report”, India TV, (March 26, 2020).
- Var India, “Paytm Payments Bank takes measures to fight against phishing and fraudsters”, Var India, (January 24, 2020).
- Supriya Roy, “RJio criticizes Paytm for taking telecom operators to court on phishing frauds: Report” Tech Circle (June 22, 2020).
- Prathma Sharma, “Paytm claims telecom firms not preventing phishing; HC seeks Centre, TRAI response” Live Mint (June 2, 2020).
Facebook buys tool to hack own user, helps FBI arrest child predator
Facebook paid a cybersecurity consulting firm six figures to hack one of its own users so that the Federal Bureau of Investigation (FBI) could arrest him for harassing and terrorising young girls, extorting them for nude photos and videos and making threats. Under his pseudonym of “Brian Kil”, a California man, Buster Hernandez, targeted hundreds of underage girls with blackmail and terroristic threats. He messaged underage girls, falsely claiming that he had some of their nude photos, and asked them to send more explicit pictures and videos. As Hernandez was using a privacy-focused operating system called Tails, it was difficult to unmask him. Tails is a system used by activists and whistle-blowers to anonymise their identity. Facebook paid a security firm to develop a hack that exploited a vulnerability in the Tails OS and eventually helped the FBI apprehend Hernandez. While Facebook’s actions helped nab a serial child predator, it also raised important ethical questions related to users’ privacy, as giving law enforcement agencies zero-day exploits comes with the risk that it could be used in other, less serious cases.
- Lorenzo Franceschi-Bicchierai, “Facebook Helped the FBI Hack a Child Predator”, Vice, (June 10, 2020).
- Joseph Marks, “Two new developments challenge Justice Department arguments on encryption”, Washington Post, (June 11, 2020).
- Christine Runnegar, “Encryption and Law Enforcement Can Work Together”, Internet Society, (October 26, 2017).
- Nicole Perlroth, “What Is End-to-End Encryption? Another Bull’s-Eye on Big Tech”, The New York Times, (November 19, 2019).
- Bedavyasa Mohanty, “The Encryption Debate in India”, Carnegie Endowment For International Peace, (May 20, 2019).
- Staff, “The International Encryption Debate: Privacy Versus Big Brother”, Lexology, (June 12, 2019).
Amazon, IBM and Microsoft won’t sell police their facial-recognition technology
Microsoft has become the third big tech company after Amazon and IBM to say it won’t sell its facial recognition software to police. On 10th June, Amazon announced that it would implement a one-year moratorium on police use of its facial recognition service, ‘Rekognition’ to give Congress “enough time to implement appropriate rules.” A day earlier, IBM had announced a complete withdrawal from the facial recognition market citing concerns about how the technology can be used for mass surveillance and racial profiling. The trio of tech giants have announced these moves amid protests over racial injustice and police bias following the death of George Floyd, an unarmed black man who died after a Minneapolis police officer dug his knee into his neck for nearly nine minutes. In the past, facial recognition systems have faced criticism for incorrectly identifying people with darker skin. The facial recognition market remains a key emerging business and has invited heavy investment from big tech companies. Numerous studies have shown that facial-recognition systems misidentify people of colour more often than white people. The recent announcements have been welcomed by privacy advocates.
- Brian Fung, “Tech companies push for nationwide facial recognition law. Now comes the hard part”, CNN, (June 13, 2020).
- Nick Statt, “Amazon bans police from using its facial recognition technology for the next year”, The Verge, (June 10, 2020).
- Jay Greene, “Microsoft won’t sell police its facial-recognition technology, following similar moves by Amazon and IBM”, The Washington Post, (June 12, 2020).
- Geoffrey A. Fowler, “Black Lives Matter could change facial recognition forever — if Big Tech doesn’t stand in the way”, The Seattle Times, (June 14, 2020).
- Irina Ivanova, “Why face-recognition technology has a bias problem”, CBS News, (June 12, 2020).
Facebook refuses to share ad revenue with Australian news organisations
Facebook has rejected the Australian Competition and Consumer Commission’s (ACCC) proposal to share its ad revenue with news organisations. The Government of Australia had asked the ACCC to come with a mandatory code of conduct to address commercial arrangements between digital platforms and news organisations to help create a level playing field. The code is supposed to cover sharing of data, transparency of ranking algorithm, and the monetisation and the sharing of revenue generated from the news. Josh Frydenberg, Australian treasurer, in April had said that “it is only fair that the search engines and social media giants pay for the original news content that they use to drive traffic to their sites.” Meanwhile, Facebook has denied treasurer’s claim and has said that it has statistical evidence to suggest that news content is highly substitutable with other content for their users and news does not drive significant long term value for their business. Though Facebook has supported the idea of a code but is against the regulator’s proposal to form a body with powers to impose penalties and binding dispute resolution.
- Naaman Zhou and Amanda Meade, “Facebook says it doesn’t need news stories for its business and won’t pay to share them in Australia”, The Guardian, (June 15, 2020).
- Josh Taylor, “Facebook and Google to be forced to share advertising revenue with Australian media companies”, The Guardian, (April 19, 2020).
- Agence France-Presse, “Google Rejects Call for Huge Australian Media Payout”, Gadget 360, (June 1, 2020).
- Joshua Mcdonald, “Australian Government, Media Companies Challenge Tech Giants Over Sharing Ad Revenue”, The Diplomat, (May 22, 2020).
- Shawn Lim, “Can Australia save local journalism by forcing Google and Facebook to share out ad revenue?”, The Drum, (April 22, 2020).
US EPA orders Amazon, eBay to stop selling faulty coronavirus, pesticide products
The U.S. Environmental Protection Agency ordered Amazon and eBay to stop selling unproven or unapproved disinfectants, including products falsely marketed as killing Covid-19. The EPA order will affect over 70 products currently listed on both websites. Failure to comply with the so called- ‘stop-sale’ order will result in fines up to $20,288 per sale. Doug Benevento, associate deputy administrator of the EPA, said that eBay and Amazon not only have a legal obligation but also a corporate obligation to ensure that products like this aren’t on their site. Pesticides and chemicals sold in the United States must be registered with the EPA, which develops risk assessments to determine whether the products pose a threat to harm humans, wildlife, fish, plants and other organisms. The agency also considers whether the use of the chemicals or pesticides poses a significant threat of contaminating groundwater. The order follows an increase in the sale of unregistered products on online marketplaces like Amazon and eBay.
- Adi Robertson, “EPA tells Amazon and eBay to stop selling fake coronavirus-killing products”, The Verge, (June 11, 2020).
- Will Neal & S. Gagne-Acoulon “US Files First Enforcement Act Against COVID-19 Fraud”, (March 23, 2020).
- Lynn Lazaro, “COVID-19 Counterfeit Products And Fake Goods – Indian Law Perspective”, Mondaq, (April 21, 2020).