90% Deepfakes Victimise Women: Tech Lawyer Mishi Choudhary On AI Misuse In India

Mishi Choudhary's career began in the corridors of the Delhi High Court and was later extended to the Supreme Court of India. Her quest for knowledge led her overseas, where she worked among free and open-source software developers in the US. During this time, she witnessed a movement that challenged conventional wisdom about intellectual property, urging for a more open-sharing culture in technology.

Upon her return to India, she founded SFLC.in in 2010, initially aiming to build a research-based academic organization. However, the landscape changed swiftly as issues of intermediary liability and content takedowns emerged, prompting a pivot to advocacy and legal services. Today, SFLC.in stands as a robust organization headquartered in Delhi, addressing critical areas such as privacy, surveillance, Aadhaar, and the intersection of technology with our rights.

In an exclusive interview with SheThePeople, technology lawyer and civil liberties activist Mishi Choudhary, founder of Software Freedom Law Center, addresses pressing issues—the ICMR data breach, the deepfake surge in India, and the imperative to safeguard digital privacy, especially for women. Additionally, Choudhary sheds light on the alarming Apple incident involving state-sponsored threats to opposition leaders' iPhones.

I wanted to work in organizations that were talking about more control over technology. If we cannot control our computers and tech, then they will end up controlling us.

ICMR Data Breach: A Stark Reality

A recent report by US-based cybersecurity firm Security has sent shockwaves through the nation, uncovering a massive data breach involving the personal information of a staggering 81.5 crore Indians. The breach, centred around the Indian Council of Medical Research (ICMR), has exposed sensitive data, including names, phone numbers, addresses, Aadhaar, and passport information, all available for sale on the dark web for a chilling $80,000.

Mishi Choudhary, also the SVP and General Counsel at Virtru, emphasized the urgency of cybersecurity in India. Her concern is palpable, emphasizing the need for a robust cybersecurity framework in India.

According to her, "India has yet to build a good framework where cybersecurity is taking primacy." Choudhary stresses the importance of zero trust and data-centric security, calling for more control over personal data.

Dispelling the myth that Indians don't care about privacy, Mishi Choudhary emphasizes that privacy holds a unique significance in the Indian context. She asserts that the boundaries of privacy may differ from those in the U.S., but the realization of its importance remains integral to our everyday existence.

We all know what we do in the bathroom, but we still shut the doors. And we want to have the freedom to think good thoughts, bad thoughts, uncomfortable thoughts. All of that requires the safety of privacy.

She highlighted the need for a robust framework, echoing concerns about the frequency of data breaches in the country. Choudhary stressed the importance of citizens demanding better control over their data and advocating for zero trust and data-centric security. Addressing the increasing demand for data generation by platform companies, Chaudhary urges individuals to realize their rights. Whether it's a period tracking app or a dating app, she asserts that users should demand better control over their data to prevent corporate or government surveillance.

We should be able to use technology without the fear that it is going to come and bite us later."

She calls for a shift in responsibility from users to governments and companies, emphasizing, "This is the job of the government, to offer products that make it possible for us to be secure in the use of technology." Data protection, according to her, should be a collective effort, ensuring encryption for data in transit and at rest, limiting access to those who genuinely need it.

Providing practical advice for individuals, Chaudhary recommended checking app permissions, avoiding unknown links in messages or emails, and using password managers to enhance online security. She encouraged exploring secure alternatives like Signal for communication and urged users to be mindful of their technology usage to prevent becoming slaves to it.

Choudhary's mantra is clear: demand better control over data and respect for individual rights in the face of increasing corporate and government surveillance.

Empowering Women Against Deepfakes: A Call to Action

Deepfakes, generated using AI, have become a potent tool for spreading misinformation, revenge porn, and fake celebrity scandals. The recent case involving Rashmika Mandanna and Katrina Kaif highlights the malicious intent behind these manipulated videos, intending to tarnish the reputation of well-known personalities.

Mishi Choudhary acknowledges the looming threat of deepfakes, especially in the upcoming election year, posing challenges for both India and the United States. 

She warns of the impending challenges during the upcoming election year, stating, "It's going to be a wild west of misinformation and disinformation because of the use of deepfakes."

Choudhary points out the gendered impact of deepfakes, with over 90% of victims being women subjected to online harassment and warns that generative AI tools, easily accessible, are contributing to the creation of non-consensual deepfake pornography, with women bearing the brunt. She stresses the need for proactive measures to combat the misuse of deepfake technology, including legal safeguards and platforms' responsibility in tackling such content.

Women get much more harassed online even to express their political opinions or other such matters than anyone else. And now this is going to be added to the mix, which really makes their life much harder and difficult.

Drawing from Sflc.in's study in 2016, Chaudhary reveals that reporting to the police is often scarier for women than the harassment itself, "Politicians will wag the finger, but nothing happens. Police, when involved, often focus on irrelevant details, questioning the victim rather than pursuing the criminals behind the deepfakes." 

Urging women not to suffer alone, she provided practical advice on reporting incidents, reaching out to platforms, and utilizing available tools, like CyberDost, India's national crime helpline, and advocates for women to assert their rights without hesitation. She also urged them to reach out to platforms like Twitter and Meta, providing step-by-step guidance on reporting and getting content taken down. "Please don't feel any kind of hesitation or trepidation in coming out and saying it. Suffering alone is the major issue, and we need to take the shame out of it."

However, she stresses the need for more robust systems from law enforcement and regulators. "We need much more than just words; we need implementation. Women's empowerment should not be mere rhetoric but a reality backed by power," she declares.

Cyber Judiciary: India vs. USA

Choudhary's comparative analysis of cyber judiciaries unveils both similarities and differences between India and the USA. While both nations rely on common law and boast powerful judiciaries, she highlights India's inclination towards a jail punishment-based system compared to the USA's damages-based approach.

Chaudhary sheds light on India's challenges, citing a lack of transparent engagement between stakeholders. The decision-making process often unfolds behind closed doors, with limited involvement of civil society and experts.  While acknowledging the importance of monetization, she emphasizes that cyber laws should also safeguard individual rights.

"So, we really need to protect people. We can't say everything is about monetizing and making money because it's also about rights and people," Chaudhary passionately asserts. This call for a holistic approach reflects the essence of cyber legislation – a delicate equilibrium between economic interests and human rights.

Apple Threat Notifications Controversy

Several opposition leaders in India, including Shashi Tharoor, Mahua Moitra, Priyanka Chaturvedi, and Raghav Chadha, reported receiving messages from Apple warning of potential "state-sponsored attackers" targeting their iPhones. The subject, "State-sponsored attackers may be targeting your iPhone," triggered concerns about privacy breaches and illicit surveillance. In response, Apple issued a statement clarifying that the threat notifications were not attributed to any specific state-sponsored attacker and might be false alarms.

The government, while acknowledging the incident and ordering a probe, deemed the alerts "vague" and emphasized Apple's global advisory in 150 countries. The opposition, however, maintained their stance, alleging government attempts to hack into their phones.

Amidst the controversy,  Chaudhary offered a perspective on the broader issue of state-sponsored attacks and the need for surveillance reform in India.

HIghlighting a critical issue plaguing India – the absence of judicial or parliamentary oversight on surveillance, Chaudhary states,  "India is the only democracy in the world which has no judicial or parliamentary oversight on surveillance." 

Drawing parallels with other democracies, she highlighted the need for oversight mechanisms, citing the example of the FISA court in the U.S. Chaudhary emphasized that transparency in surveillance practices is crucial, resonating with the belief that "sunlight is the best disinfectant."  She also cautioned against dismissing the incident as a short-term news cycle, urging a sustained inquiry.

For regular phone users, especially those with Android devices, Chaudhary provided practical tips for identifying potential threats. Signs such as abnormal battery drainage, disappearing messages, and unusual behaviour should raise red flags. Additionally, she recommended using end-to-end encrypted messaging services for sensitive communication. Keeping a separate device for sensitive work, leaving phones behind during sensitive physical meetings, and utilizing features like Apple's lockdown mode were among her recommendations. These steps, she argued, could contribute to safeguarding personal and organizational security.