This article has been written by Nikhitha Katkam, who has enrolled in the course How to Use AI to Grow Your Legal Practice at LawSikho and edited by Shashwat Kaushik. In this article, we are going to dive into the topics that talk about cybersecurity, its need in the gaming industry, the risks and crimes that occur on online platforms and in the gaming industry, and how and what the rules and regulations are framed in our country to manage the risk factors.
This article has been published by Sneha Mahawar.
Table of Contents
Introduction
The tremendous growth in the information technology sphere has made India the most popular IT hub across the world and has caused a surge in internet usage among the people of the country, amounting to more than 800 million users by the year 2022. And 75% of the users are under the age of 35.
Indians believe in social networking, with almost 86% of the population using the internet to connect through social media sites. One such emerging platform is the gaming industry, where the majority of its consumers are children, women and youth using smartphones as the medium, according to the World Economic Forum report of 2022.
These users are now becoming the prey of cyberattacks, cyberbullying, cybercrimes, financial fraud, etc. Not only the users but also the gaming platforms are ineligible for such cyber attacks due to the exchange of huge amounts of capital and information, wherein the need for robust cyber security mechanisms became apparent in recent years, especially in the post covid era.
What is cybersecurity
Knowledge of the term “cyberspace” helps us understand the concept of cybersecurity, how it emerged, and its importance and need in a more coherent manner. Let us comprehend cyberspace.
Cyberspace is a virtual space that incorporates objects that don’t exist or constitute the physical world but a stupendous and immeasurable amount of information exchange takes place through which 2.7 billion people across the world make connections. It acts as a medium where the swapping of dialogue, ideas, views, services, trade, business, entertainment, friendships and much more happens in mammoth numbers every nanosecond.
Cybersecurity is defined as the application of technologies and processes built to protect computers, their hardware, software, data and networks from unauthorised access by cyber criminals, hackers and terrorist groups.
Cybersecurity in gaming industry
Let us go backwards to learn about the gaming industry, how it operates, and the kinds of attacks and threats involved that created the necessity to build a robust cybersecurity system.
Gaming industry and its operation
The gaming industry as a whole is divided into two categories :
- Activities involving physical participation.
- Activities performed on virtual platforms.
There have been laws and regulations for physical activities across the world for ages.
The virtual games that use the internet are new and emerging and operate through various online platforms, generating huge revenue of 180 billion, which is bigger than Hollywood and the music industry combined.
COVID-19 has negatively impacted other industries globally; nevertheless, the gaming industry witnessed immense growth in the market, with 38.24% just in the year 2020, as the greatest number of humans engaged in indoor gaming as their major pastime. Lockdown made the earth wrap up indoors, positively affecting the gaming industry in leaps and bounds by enlarging its enjoyers and also the cyber attacks and threats, witnessing a 167% surge in targeted cyber attacks alone in 2021.
Kinds of cyberattacks
Financial fraud
Electronic sports viewership has grown by millions due to the rise of the global digital revolution, which has caused an increase in prize pools, betting, fake account creation, money laundering and account takeover fraud.
A rise in betting vendors has led to an increased number of hackers who are conducting tournaments. Fraudsters as well as professional players are creating multiple fake identities and thus successfully manipulating the players.
Money laundering has been another major problem that involves in-game purchases, trades, and prize money. Games that are played by investing money are more susceptible, such as lotteries, poker, casinos, etc. Due to this reason, Anti Money Laundering (AML) compliance has become the need of the hour for gaming platforms in many jurisdictions.
Account takeover fraud has become another major issue where fraudsters, even children, are stealing and logging into the accounts to use the monetary assets associated with those accounts, which is leading to false cashback claims.
The Grand Theft Auto breach exemplifies the dangers of online games.
Phishing is another common attack that acquires sensitive information stored by extracting personally identifiable information, i.e., PII data. It is a digital form of social engineering that looks authentic and reliable but sends bogus emails that seek information from users or use manipulative methods by deceiving them, then directs them to fake websites that request personal information to commit crimes and frauds.
Sexual abuse and harassment
A vast majority of users have been men since the beginning but female players have also started to indulge since the start of this decade. Thus, the number of cases of sexual abuse, harassment, and discrimination has also increased manifold. 40% of female gamers are facing some form of sexual abuse from male co-players if they win, lose or commit mistakes while playing. 20% of them experienced harassment in the form of objectification, rape threats, or death threats, making the whole environment of entertainment lethal.
Child abuse
Sexual predators and criminals are finding easy routes through these gaming platforms by deceiving children and connecting with them. They dupe themselves as children and convince them to share sexually explicit photos and videos, which they later aim to blackmail for monetary value or more explicit images.
Thus, managing these risks in the gaming industry became an indispensable task that could be achieved through cyber security risk management.
Cybersecurity risk management
The main aim of implementing a cyber security risk management strategy is to safeguard the data by preventing and mitigating cyber attacks such as:
- Malware, viruses, and ransomware.
- Personal identifiable information (PII) theft
- Account takeover
- Swatting and doxing
- Data breaches
- DDoS attacks
- Phishing
- The man in the middle (MitM) attacks.
Cybersecurity laws in relation to gaming industry in India
The majority of gaming laws in India are pre-internet age and prohibit and regulate gambling activities, betting, lotteries, etc. The Public Gambling Act of 1867 is one such law that has been in use since British times.
The 7th Schedule of the Indian Constitution grants exclusive powers to states to enact their own gaming laws for their own territories. Sikkim and Meghalaya also have their own laws for online games. Telangana, Andhra Pradesh, Karnataka, and Tamil Nadu amended their gaming laws by imposing prohibitions on games played for stakes in either skill or online games.
Recently, the Ministry of Electronics and Information Technology (MeitY) released draft rules for online games as follows:
- Online games have to be registered with Self Regulatory Body (SRB).
- Following due diligence.
- Random number generation certificate.
- Restrictions on betting.
- Appointment of a compliance officer.
Interconnected laws
The Post Globalisation period witnessed rapid growth of internet usage among the people of the country, which resulted in the need for cyber security laws, rules and regulations for preventing cyber crimes.
The Information Technology Act 2000 is the first Indian law associated with cyber security. Later, it was amended and a new statute, i.e., the Information Technology Act of 2008, came into existence. Let us learn about the important laws and sections of the cyber laws of India that connect with crimes involved in the gaming industry.
- Section 43 of the Information Technology Act says that any person who intentionally uses a computer system, its network or a computer network without the permission of the person in charge or the actual owner to extract or download data or information, contaminate any data or programme of that device, damage or try to damage it, or cause the denial of access to the actual owner with the intention to temper or manipulate any information is punishable, and such persons are liable for compensation to the victim.
- Also Amended, Section 43 states that stealing, concealment, deletion, destruction or alteration (or causing any person to do any of the foregoing) of any computer or its code with the intent of causing damage is a punishable offence.
- Section 43(e) and (f) talk about denial of service attacks as a punishable offence and also liable for compensation.
- Also, this section broadly covers the actions that may be classified as phishing attacks; though the detailed definition of phishing is mentioned, we can derive the word from the actions mentioned thereunder. The proper definition of this term is clearly stated in the famous case of National Association of Software and Services Companies vs. Ajay Sood and Ors. (2005) by the Delhi High Court.
- Section 66C of IT Act of 2008 talks about password hacking, digital signatures, and identity theft. It can be defined as wrongfully obtaining the personal information, unique identification numbers, such as bank details, PAN, Adhaar details, etc., of any person by another person for any wrongful and fraudulent activity.
- Section 66 F of IT Act, 2008 defines the activity of cyber terrorism as the activity that threatens the unity, integrity, security, or sovereignty of India or the act that creates terror among the citizens of the country. And it also states that the offence is punishable by life imprisonment.
- Sections 66 E, 67, and 67A deal with cybercrimes related to pornography and electronically publishing obscenities And talks about the violation of privacy by clearly defining the terms capturing photos and private areas of the human body of males and females. It also talks about the punishment, which may last up to 3 years of imprisonment with or without a fine not exceeding 2 lakh rupees.
- Section 67B states the punishment for publishing or transmitting sexually explicit materials depicting children. It also states that the punishment may extend up to five years and also provide compensation up to ten lakh rupees or both.
- IPC Sections 292, 293, and 294 make the sale of obscene materials or the speaking, portraying, etc. of obscene gestures cognizable offences.
Cybersecurity framework in India
Section 70(B) of the Information Technology Act, 2000, laid the foundation for Indian Computer Emergency Response Team (CERT- In) guides about protection policies and regulations. It acts as the cybersecurity watchdog for India. It issues guidelines of do’s and don’ts regularly about the usage and handling of information and security practices. Recently, it was in the news for issuing “Guidelines on Information Security Practices” for the protection of government agencies from online threats like cyber attacks and ransomware.
The Information Technology Act of 2000 contains provisions for the protection of electronic data, cybersecurity measures and forensics. Sections 43(a)-(h) – cyber contraventions and sections (63-74) – cyber crimes. Cyber contraventions are considered civil wrongs that may lead to Civil prosecution. The defaulting party pays some amount as compensation, which may be as high as up to one crore rupees. An authorised official or controller appointed by the government conducts the investigation.
IT Rules of 2011 focus on data protection, retention, collection of personal data and sensitive information. These are termed the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. The 2011 Rules state that they have been made by the Central Government in exercise of the powers conferred by clause (ob) of subsection (2) of Section 87 read with Section 43A of the IT Act. They exempt any information: that is freely available or accessible in the public domain.
IT Rules 2021 prohibit content of a specific nature on the internet, protect personal data, and mandate social media platforms to have grievance officers. These rules are named the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021.
Aims to empower social media and OTT platform users with a mechanism for redressal and timely resolution of their grievances by appointing a Grievance Redressal Officer (GRO) who should be a resident of India.
The Data Security Council of India (DSCI), established by the National Association of Software and Services Companies (NASSCOM), publishes best practises, standards and initiatives in cyber security. It is a non-profit industry body set up for data protection in India. It is committed to making cyberspace safe, secure and reliable by establishing best practices, standards and initiatives in cyber security and practise.
Conclusion
Thus, the need for cybersecurity in current times has increased and the gaming industry is one such space where robust mechanisms and strict cyber security rules and laws must be framed in order to prevent such crimes and make the gaming world more enjoyable.
References
- https://www.fortunebusinessinsights.com/gaming-market-10573
- https://www.statista.com/statistics/490480/global-esports-audience-size-viewer-type/
- https://www.weforum.org/
- https://indiankanoon.org/
- https://www.meity.gov.in/
- https://www.ncsc.gov.uk/collection/denial-service-dos-guidance-collection
- https://www.ivint.org/gaming-hidden-sexism-and-harassment/
- https://www.nytimes.com/interactive/2019/12/07/us/video-games-child-sex-abuse.html?mtrref=undefined&gwh=E3E141AA73E575E4E9F788E6145FEDC9&gwt=pay&assetType=PAYWALL