Indian Government Seeks Answers From Facebook and Cambridge Analytica For Data Breach
The Indian government has asked London-based Cambridge Analytica (CA) as well as social media mogul Facebook to provide details about the data breach manipulation of Indian elections. The government has given Facebook time till the April 7 to respond. CA has been asked to respond by the March 31, which it is yet to do.
The Indian IT ministry issued a letter to Facebook, asking specific questions regarding misuse of data belonging to Indian users. The Times of India reported that the ministry has specifically asked if CA or other associates of Facebook have compromised the personal data of Indian users, and if so how. The questions posed to CA seek to know whether they were involved in any programs designed to use Indian user data, and who asked them to do so. Also, they are being asked how they got access to the information, and whether user consent was sought before using the information.
The government also wanted to know about how Facebook intends to protect the data of its users and whether it has taken any ‘proactive measures’ so that user data is safe and private.
The allegations against Facebook and CA have been highlighted just as the BJP and the Congress have been wrangling over misuse of data.
Last week, IT and Law Minister Ravi Shankar Prasad warned Facebook founder, Mark Zuckerberg, against manipulating user data for directing electoral processes.
It all started when the CA employee, Christopher Wylie, became a whistleblower when he alleged that private data of millions of Facebook users became available to CA in an inappropriate way, which has since been used in several incidents of data manipulation, such as the 2016 US elections, Brexit, and Indian political events.
Wylie has tweeted about the relation between Indian politics and voter information strategies. According to his tweet about Strategic Communications Laboratories (SCL), CA’s parent company, “Our services help clients to identify and target key groups within the population to effectively influence their behavior to realize a desired outcome.” He also revealed that in 2012, SCL India took out a caste census in UP to identify voters. He has put out similar kind of information about 2011 in UP, the 2009 general elections, 2010 Bihar state elections, 2007 in UP, Kerala, West Bengal, Assam, Bihar, and Jharkhand, and much more.
As a consequence of Wylie’s revelation, CA CEO Alexander Nix has been suspended, while an investigation is awaited. The acting CEO, Alexander Tayler, while voicing his regret, was quoted by Inc 42 as saying “I am sorry that in 2014 SCL Elections (an affiliate of Cambridge Analytica) licensed Facebook data and derivatives from a research company (GSR) that had not received consent from most respondents. The company believed that the data had been obtained in line with Facebook’s terms of service and data protection laws.”
While Zuckerberg has declared that Facebook will take precautions against the misuse of user data, in the light of Wylie’s exposure, doubts will remain. India’s notice to CA comes along with a host of other countries like the UK, Germany, and Israel, moving against the analytics firm. As reported by Tech in DC, Facebook uses various ways to gather information about its users.
Looks like it is time that India revamp itself in the user data security arena. The world over, governments are ensuring strict laws for privacy of user data, but India is yet to have a foolproof policy.
According to the Economic Times, Pavan Duggal, the nation’s leading cyber law expert, said, “The moot point here is: How do we regulate mobile app providers, social media players and intermediaries in terms of handling and processing the users’ data? We don’t have a data protection law in place. We neither have a national law on cyber security nor a national law on privacy.”
India could learn from EU, which has issued a new privacy law, General Data Protection Regulation (GDPR), to be activated from 25th May this year. Although the Indian government has published a white paper regarding data protection, no bill has yet been drafted.
The Economic Times quoted Mishi Choudhary, President and Legal Director of New Delhi-based Software Freedom Law Centre (SFLC.in), “India is woefully under-prepared to address issues of data protection and cyber-security. We need a data protection law that protects citizens from misuse of data with strict liability and extremely high statutory damages that must be awarded within a strict period of time.”
While the nation has been expressing its outrage over Aadhar’s access to an individual’s demographic information, social media companies, such as Google and Facebook have a database of information regarding our likes and dislikes. Without stringent laws, such companies can gather information and take it outside the borders of a country, where governments lose control of that information.
Ironically, the Indian government has been collaborating with Zuckerberg for its Digital India initiative since 2014. Facebook and Google have been undeniably involved in the government’s initiative to spread the internet to far flung places, launch incubators, and empower women.