Data Breach / Analysis : Tiding the Data
Organiser - Weekly   02-Apr-2018

A new fear has come up among crores of people in the country about sharing their data. While the Centre has served a timely warning to the Facebook, it must ensure that people’s confidence is not lost in some other way either

Subimal Bhattacharjee

The last one week has been very surcharged in cyberspace with two incidents following the profiling and misuse of five crores Facebook users by a data analytical company called Cambridge Analytica (CA) through a researcher of Cambridge University. The researcher later designed an app to tap into Facebook users through a personality survey called ‘This is Your Digital Life’. With the knowledge of Facebook, the researcher harvested the personal data of 2.7 lakhs willing participants in the survey. He also gained access to the friends" list of these users and reached the mammoth figure of five crore users thereby also gathering their personal data although unknown to them. Cambridge Analytica misused this data through its analytic and profiling tools and created the package for targeted campaign audience for Donald Trump for the 2016 US presidential elections.

“A lot of you are asking how to control what information you share on Facebook, who has access to it, and how to remove it. We recently put all your privacy and security settings in one place called Privacy Shortcuts to make it easier to use. We"re going to put this in front of everyone over the next few weeks.         — Mark Zuckerberg Chairman and CEO, Facebook”

Despite being a US elections issue, the impact was also strongly felt in India as CA was already targeting the expanding Indian political market and was talking to political parties to use similar data and analytics tools for the 2019 elections. Some reports also mentioned about discussions with the Indian National Congress party for profiling engagements and also for using some journalists and writers to write against Prime Minister Narendra Modi.
 Information Technology and Law Minister Ravi Shankar Prasad stepped in sternly and warned Facebook and the host of data profiling and data analytics companies to desist from any move to vitiate the Indian election ecosystem. The Election Commission of India (ECI) also asked for a closer look at the discussions with Facebook from its past engagements.
Finally, Mark Zuckerberg the CEO of Facebook apologised to the users of his network community and also clarified that they would do nothing wrong ever with the Indian election system. However, this public apology came almost two years later from when the company knew of this serious breach. Millions of users of Facebook use the medium to write and share photos and videos and all that is due to the inherent trust that a reputed entity life Facebook will protect consumer interest on top of everything. So the damage was done and for the first time, Facebook felt the vulnerability on all fronts with even the #DeleteFacebook campaign being supported by one of its constituents.
Data protection is being realised more and more in India for the last few years. With the mission to build a Digital India whereby lakhs of citizens at every nook and corner of the country would be digitally empowered, data is the oil for this emerging ecosystem. Impending excitement and participation in social media platforms like Whatsapp and Facebook and the increasing online commerce around Amazon are indications of the need for secure networks where citizen data are protected with reasonable security practices. Besides, there are various public and private entities collecting data for various purposes and often these data are being processed by third-party entities. Many of these entities are providing mobile-based apps that seem to be attractive with some functions but in turn work with devious providers to generate profile engines. The State agencies are also collecting various data from citizens for various purposes including targeted social benefits delivery. All this has resulted in the need for protecting the privacy of data and individuals. At the same time, the constant media focus around the security of the largest unique identity project the AADHAR system and the ramifications of protecting the sensitive personal data as well as the demographics database have created a sense of confusion which is also resulting in fear around networks in many cases.  
With more than 22 crores Whatsapp users and 24 crores Facebook users in India and the pace at which it is growing, these networks offer a great opportunity to engage in variously targeted profiling and then use data mining tools and behavioural techniques to generate predictive analysis results. Luckily the existing laws are still strong in India despite awaiting the specific data protection laws. The expert committee on data protection under retired Justice BN Srikrishna has already released a white paper and received many public comments from most stakeholders. Once the report is finalised, the government should move ahead and enact the data protection laws so as to give the optimal institutional framework for making Digital India a real success.
The increasing role of mobile apps for various activities like the recent controversy regarding the Congress party app sending data through membership page to servers in Singapore creates serious fear. Even the wide popularity of NaMo app of PM Modi is an avenue that needs to be protected for its efficacy for citizens to reach out to the PM for various purposes. As the next general elections are nearing and there are clear signals that apps, twitters, websites and other social media avenues are going to be grossly utilised and so the responsibility is there on all stakeholders from the app developers to the social media providers and the political parties to be vigilant that usage of cyberspace remains healthy and legal. The Narendra Modi government has sounded the right bugle and Ravi Shankar Prasad has already warned Facebook on this count.
(The writer is Delhi based Cyber Security Consultant)