Wednesday, December 18, 2024

Google tests new AI scam call detection feature amid rising cyber crime

Must read

Google is testing a new AI-based scam call detection feature. However, its legality is in question, as profiling callers based on conversation content without their consent is not permitted in India.According to the 2023 Global State of Scams Report by the Global Anti-Scam Alliance, over a 12- month period, people across the globe lost more than $1 trillion to scams.

Elevate Your Tech Prowess with High-Value Skill Courses

Offering College Course Website
IIT Delhi Certificate Programme in Data Science & Machine Learning Visit
Indian School of Business ISB Product Management Visit
Indian School of Business Professional Certificate in Product Management Visit

Indians lost more than Rs 1,750 crore to cyber criminals in the first four months of 2024 with over 7.4 lakh cybercrime complaints being registered on the National Cybercrime Reporting Portal run by the ministry of home affairs between January and April 2024.

According to Indian Cyber Crime Coordination Centre (I4C), on an average, 7,000 cybercrime complaints were registered per day in May 2024, a jump of 113.7% between 2021-2023 and 60.9% from 2022-2023. Of these, 85% were online frauds.

Now, with Gemini Nano, which uses a new feature still under testing, your phone will be able to alert you in real time during a call if it detects conversation patterns commonly associated with scams.

Gemini Nano is the smallest version of Google’s Gemini AI model family, which can be executed on capable Android devices.

Discover the stories of your interest


For example, you would receive an alert if a caller posing as a bank representative tells you to urgently transfer funds, make a payment with a gift card, or ask for personal information like bank PINs or passwords.At the company’s annual developer conference, Google I/O, it announced that this protection happens on-device so your conversation stays private, adding that there is more to come later this year.

However, this new feature may not be in compliance with Indian law, cybersecurity experts told ET.

In response to ET’s queries on whether this feature is a violation of privacy, Google said, “This is a capability that we’re testing. It uses on-device Gemini Nano AI to warn users in real-time if it detects conversation patterns commonly associated with fraud and scams.”

The company further added, “It will be opt-in, so not activated by default for users. We will share details on its availability as we have more information. We are committed to ensuring Android features follow applicable regulations and policies.”

Identifying legal loopholes

Amit Singh, managing director, Terraeagle, Asia Pacific and Japan, told ET, “Whoever is testing this feature is surely spending more time in analysing Indian laws to find loopholes and play on its interpretation and applicability than on the technology.”

He pointed out that the Telecommunications Act 2023 contains provisions empowering only the government to take possession of services or networks and direct interception or disclosure of messages, in the event of a public emergency or in the interest of safety, with measures to be specified in rulemaking.

“Here the attempt is to keep profiling callers based on their conversation content (and Google may call it pattern) without their consent, which itself could be unlawful to begin with, followed by building an algorithm out of it, and then running all conversations around it,” Singh explained.

This would essentially mean that all calls will be heard and analysed (not “intercepted”, as that is unlawful) and alerts will be generated in case the conversation matches a pre-set pattern.

Unless there is an explicit consent to this action, it could be deemed as an infringement of privacy rights, he said. The only possible exception could be automated calls where at least one party is not human.

“If forced by authorities, the same feature (if allowed) can be used to profile people other than just scamsters, as Google would have to build new algorithms using the guidelines/instructions given or forced on them,” Singh cautioned.

Safeguards in store

The best long-term safeguard against this could be introducing a new guideline under the relevant chapter of Telecommunications Act and an action/advisory must come from the department of telecommunications before this feature is made available for public or commercial use, he suggested.

“If that does not happen, users need to be careful or mindful of implications before opting for this feature (as they could potentially be on the wrong side of the law),” he said.

British retailer Easylife was fined 1.48 million pounds for illegally profiling customers based on their purchasing history to target them with health-related products, which is a violation of UK’s data protection laws. India is yet to have its data protection law enforced.

Additionally, Easylife had made over 1.3 million unauthorised direct marketing calls to individuals who had registered with a service to avoid such calls.

“This is one of the ways profiling can be misused,” Singh said.

Munish Gupta, president and global head for cybersecurity advisory Inspira Enterprise told ET, “Gemini Nano on phones will have a huge impact on privacy of users, especially in a country like India where users are not that aware when it comes to privacy.”

It is important to note that AI models are trained depending on the data they consume. “As Gemini Nano is going to have access to your conversations, location, feedback and usage information, it can be used by the government for spying or to get information on a certain pretext,” he said.

Even if not uploaded, what kind of data is collected and stored on the device for Gemini Nano to function, Gupta questioned. What if it flags legitimate calls as scams, causing inconvenience or missed opportunities, he asked.

Users should understand how Gemini Nano works and what kind of data it analyses. This allows them to make informed decisions about opting-in, he said.

However, in an interview with ET, Josh Woodward, vice-president of Google Labs, when asked if protection happens on device, as the company claims, said, “Google’s Gemini Nano is an AI model designed for smartphones and on-device tasks. It runs on Android’s AICore system service, which uses the device’s hardware. It is stored on the device. There is a partition on the device called AICore which is where it is secure and private to the device.”

There is going to be a set of things over time which will run on your device either for privacy reasons or speed or offline use cases, he said. For a developer, if a feature is being run on a device, s/he is not paying for it. So, there can be a lot of use cases, he said.

“Developers will have a range of tasks they will build for. How do we make Gemini interesting across quality, cost, and latency at all those different sizes? We’re building a family of Gemini models, not just one,” Woodward said.

A relief for some

Sandeep Hodkasia, founding chief executive of cyber security company Appsecure Security, told ET that the new feature to detect scam calls by analysing voice/speech patterns locally will be a big relief for those users who are not aware of cybercrime or cyber fraud.

In 2021, one scammer in India was responsible for 202 million scam calls, which is about 27,000 fraud attempts every hour, he said.

“Scams usually follow a similar pattern: A scammer sends an OTP to users, pretending to be from a bank and offering help with card upgrades, coupons, or special offers, to convince them to share their OTP, PIN, or password. This is very common. Google’s new Gemini AI model can help prevent this,” he said.

Using the Gemini Nano model, Google can detect potential scams during phone calls directly on the user’s device and in real time. “This means Google can function without sending any data to their servers,” he pointed out.

Google has not shared any information on whether they will collect any analytical data from users’ devices to improve the feature, he said.

Double-edged sword

RV Raghu, director at Versatilist Consulting India, and Information Systems and Audit Control Association India ambassador, told ET like all such technologies, this is a double-edged sword and that users will need to be cautious in case they choose to opt out if required.

“Companies developing such technologies will need to put transparency over and above everything else and inform users of the data that is being collected, and where and how this collected data will be processed and shared (if at all). It is telling that this technology won’t purportedly be available in Europe due to local regulations,” he pointed out.

Currently, Google’s Gemini is not available in the United Kingdom or the European Union due to EU laws that protect user privacy and data.

“Considering this technology is still being tested, it would be prudent to wait and watch how things pan out by the time the technology is rolled out fully,” said Raghu.

Latest article