dailyO
Technology

Why the woke Indian is still not worrying enough about data privacy

Advertisement
Pathikrit Sanyal
Pathikrit SanyalMar 26, 2018 | 20:48

Why the woke Indian is still not worrying enough about data privacy

On March 26, Robert Baptiste, a hacker and security researcher from France who tweets under the nom de plume Elliot Alderson (a fictional hacker on the TV show Mr Robot), pointed out that the official Android app of the Indian National Congress sends the personal data of users to the party’s website without the consent of the users. Additionally, Baptiste said that the app’s encryption is encoded through HTTP, which is considered an insecure way to transfer data, adding to the mix the possibility of data leaks. Post this revelation, the Congress App was no longer available on Google Play Store — it had been taken down.

Advertisement

A Congress party source reportedly told The Indian Express: “The app has been lying defunct for the last six months. We took it down today. We will be relaunching a new app in a few months.”

The Congress app story joins the revelations and exposés about data leaks, privacy and the illegal usage of such data. While Aadhaar has been a part of the privacy and data protection discourse for some time — Baptiste has had a huge role to play in keeping the discussion alive — it was the Facebook-Cambridge Analytica (CA) exposé that once again brought this concern out in the open.

Advertisement

CA, a British voter profiling firm that claims to “use data to change audience behaviour”, had harvested more than 50 million Facebook profiles and used them to build a powerful software programme to predict and influence choices at the ballot box. A whistleblower revealed how CA used personal information taken without authorisation in early 2014 to build a system that could profile individual US voters, in order to target them with personalised political advertisements.

The results of this “grossly unethical experiment” could be seen in the 2016 US presidential elections, the Brexit referendum and even Nitish Kumar's JDU achieving a landslide victory in the 2010 Bihar Assembly polls. As confirmed by a Facebook statement, by late 2015, the social media giant had found that the information had been harvested on an unprecedented scale; yet, it failed to alert users and took only limited steps to recover and secure private information.

While the Congress party may deny illegally harvesting data of potential voters, it claimed that the app was only to promote Congress-lated news — this disturbing bit of news is nothing compared to the problems that is the Narendra Modi app. A privately owned application the NaMo app has often been made to seem like a government-sanctioned tool. It is most definitely not so. But Prime Minister Narendra Modi continues to “ask” (using his position of power to unethically pressure) people into using the app that not only asks for a lot of sensitive information, but also is possibly ill-equipped to protect itself from leakage.

Advertisement

Just last week, the PMO requested for the mobile numbers and email IDs of more than 15 lakh students of the National Cadets Corps (NCC) under the pretext that PM Modi wants to directly interact with the cadets, bearing another recommendation, that all students download the NaMo app on their smartphones.

But the unethical collection of “consensually provided” data via the NaMo app is just the tip of the iceberg. On March 25, it was Baptiste again who pointed out that the app was sending personal user data to a third-party domain that was traced to an American company called Clever Tap. The latter calls itself the “next generation app engagement platform. It enables marketers to identify, engage and retain users and provides developers”.

So not only is the personal data of citizens being collected for the BJP and Narendra Modi — that may also include their voter ID number — it is also transferred to an American "analytics" company without user consent. What can we learn from all these instances? The simple answer is that absolutely no data is safe. 

data_032618041035.jpg
Photo: DailyO

Indians need to wake up to understand that their data is their responsibility. Blindly trusting organisations or people and their goodwill — Facebook, Narendra Modi or Congress party — to safeguard this data is naïve at best. In the Cambridge Analytica controversy, it was found that users, to a vast degree, were responsible for the data that was illegally procured by the company from Facebook.

When users voluntarily sign up for unsecure applications, allowing the applications to access their data however they choose to, they are, of course, to be blamed. The same can be said for people signing up for the Narendra Modi app or the Congress app.

Indians need to understand that private information and data is as valuable as money. And if we think twice or thrice before trusting someone with our bank details or even hard cash, why do we display such callousness with data?

A similar argument could also be made for Aadhaar as well. What makes Aadhaar different, however, is there has been a state-sponsored campaign to coerce people into signing up for the biometric-data-based unique identity scheme. In fact, while a larger section of the population is aware of how unsafe Aadhaar data is — a series of leaks and exposés have helped make that apparent — it is still nothing compared to the vast majority that has no inkling of what risks biometric data in the wrong hands can pose.

In a recent ZDNet report, a security researcher pointed out that a data leak on a system run by a state-owned Indane allowed anyone to download private information on all Aadhaar holders, exposing their names, their unique 12-digit identity numbers, and information about services they are connected to, such as their bank details and other private information.

Unless the Supreme Court manages to come to a decision on Aadhaar and its risks, there is barely anything one can do to safeguard precious biometric data. Try as one might, years and years of living on social media, especially Facebook, has provided the company with enough private information that, at this point, deleting or deactivating an account will amount to almost nothing.

Last year, a report by Quartz claimed that "Google is tracking Android users even when they turn location services off". This suggests Android phones have been sharing user location by approximating distance to nearby cellular towers and sending the results back to Google. Social media giants like Facebook and tech companies like Google have tricked users into voluntarily dumping all their private information with them, under the garb of making lives simple.

Granting certain permits to applications, letting these applications access our phone data etc were never good ideas.

Sadly, it is at this late stage that we can see the inherent risks involved. 

Also read: Can vice-president Venkaiah Naidu rise above RSS politics?

Last updated: March 27, 2018 | 15:22
IN THIS STORY
Please log in
I agree with DailyO's privacy policy