We are anonymous, we are legion

Digital Native: Delete Facebook?

nishant — 2018-05-06T03:08:25Z

You can check out any time you like, but you can never leave.

The article was published in Indian Express on April 8, 2018.

One fine day, we all woke up and were told that Facebook sold our data to Cambridge Analytica and then they made dastardly profiles of us to target us with advertisement and political propaganda, so, we made a beeline for #DeleteFacebook. The most surprising part about the expose is how much of a non-event it is. We have been warned, at least since the Edward Snowden revelations, if not earlier, that our data is the new oil, coal and gold. It is being used as a resource, it is being mined from our everyday digital transactions, and it is precious because it can result in a massive social engineering without our consent or knowledge. Ever since Facebook started expanding its domain from being a friends-poke-friends-with-livestock website, we have been warned that the ambition of Facebook was never to connect you with your friends but to be your friend.

Time and again, we have been told that the sapient Facebook algorithm remembers everything you say and do, anticipates all your future needs, and listens to the most banal litany of your life. More than your mom, your partner or your shrink, it’s the Facebook algorithm which is interested in all your quotidian uselessness. It is not the stranger who accesses your post that should worry you. The biggest perpetrator of privacy violations on Facebook is Facebook itself. There is good reason why a company that offers its prime products for free is valuated as one of the richest corporations in the world. The product of Facebook – it has always been known – is us.

Why, then, are we suddenly taken aback at the fact that Facebook sold us? And while we are sharing our thoughts (ironically on Facebook) about deleting our profiles, the question that remains is this: How much of your digital life are you willing to erase? Because, and I am sorry if this pricks your filter bubble, Facebook’s problem is not really a Facebook problem. It is almost the entire World Wide Web, where we lost the battle for data ownership and platform openness more than two decades ago. Name one privately owned free service that you use on the internet and I will show you the section in its “terms and services” where you have surrendered your data. In fact, you can’t even find government services, tied up with their private partners, where your data is safe and stored in privacy vaults where it won’t be abused.

It is time to realise that the popular ’90s meme “All your base are belong to us” is the lived reality of our digital lives. As we forego ownership for convenience, as our governments sold our sovereignty for profits, and as digital corporations became behemoths that now have the capacity to challenge and write our constitutional and fundamental rights, we are waking up to a battle that has already been fought and resolved. A large part of our physical hardware to access the internet is privately owned. This means that almost all our PCs, tablets, phones, servers are owned and open to exploitation by private companies. Every time your phone does an automatic update or your PC goes into house-cleaning mode, you have to realise that you are being stored, somewhere in the cloud in ways that you cannot imagine.

It is tiring to hear this alarm and panic around Facebook’s data trading. Not only is it legal, it is something that has been happening for a while, most of us have been aware of it, and we have resolutely ignored it because, you know, cute cats. If somebody tells you that they are against privately owned physical property and are going to start a revolution to take away all private property and make it equally shared with the public, you would laugh at them because they are arriving at the battle scene after the war is over. This digital wokeness trend to #DeleteFacebook is the digital equivalent of that moment. If you want to fight, fight the governments and nations who can still protect us. Participate in conversations around Internet governance. Take responsibility to educate yourself about the politics of how the digital world operates. But stop trying to feel virtuous because you pulled out of a social media network, pretending that that is the end of the problem.

For more details visit https://cis-india.org/raw/indian-express-nishant-shah-april-8-2018-digital-native-delete-facebook

Govt websites face major outage; hacking ruled out

Admin — 2018-04-07T16:17:55Z

Defence Minister orders probe.

The article was published in the Hindu Businessline on April 6, 2018. Sunil Abraham was quoted.

In a sudden outage on Friday, a few key government websites went down, sending officials into a tizzy as rumours of a widespread hacking of portals created panic across the corridors of power.

The Ministry of Defence website was the first to go down, with Chinese characters being displayed on the portal’s homepage. Thereafter, one after another, the websites of the Ministries of Home Ministry, Law and Labour and of Central Bureau of Investigation (CBI) went down.

All the sites were restored by late evening. Late in the day, the National Informatics Centre confirmed that the sites were not hacked. “The site showed what appeared to be a Chinese character and it was understandable that the site was perceived to be hacked . However, it has since been identified that the sites have not been hacked,” an NIC release said.

‘Technical snag’

While the IT Ministry tried to downplay the issue and said that the websites had not been hacked, and that it was a “technical snag”, Defence Minister Nirmala Sitharaman said she had ordered a probe into the matter, hinting that it may have been a case of hacking.

“Action is initiated after the hacking of MoD website (http://mod.nic.in). The website shall be restored shortly. Needless to say, every possible step required to prevent any such eventuality in the future will be taken,” Sitharaman said in a tweet.

This is not first time that Indian government websites faced an outage. The government had informed the Lok Sabha earlier this year that over 700 websites linked to the Central and State governments were hacked in the past four years. In February last year, the website of the Ministry of Home Affairs was hacked.

“Compromising a government website is a low-value attack, but results in a big win for the attackers in the battle over perception,” Sunil Abraham, Executive Director, Centre for Internet and Society told BusinessLine. “This usually happens because the server administrator has not configured the software stack properly or is not installing all the security updates in a timely fashion.”

For more details visit https://cis-india.org/internet-governance/news/hindu-businessline-april-6-2018-govt-websites-face-major-outage-hacking-ruled-out

Cambridge Analytica row: Facebook data breach hit 560K Indian users

Admin — 2018-04-07T16:01:10Z

Facebook said that data and information of 87 million users globally were compromised.

The article by Vidhi Choudhury and Yashwant Raj was published in the Hindustan Times on April 5, 2018.

User data of more than 560,000 Indians may have been harvested from Facebook Inc. by British researcher Cambridge Analytica, at the centre of a recent storm over data breaches and potential privacy violations on the social media network.

Only 335 users in India installed the thisisyourdigitallife app developed by academic Aleksandr Kogan and his company Global Science Research Ltd that may have been possibly at the centre of the data breaches, according to Facebook.. The 335 people make up just 0.1% of the app’s total worldwide installs.

Users agreed to take a personality test and have their data collected by the app, which then went on to also access information about the test-takers’ Facebook friends, leading to the accumulation of a much larger data pool. “ We further understand that 562,120 additional people in India were potentially affected, as friends of people who installed the App. This yields a total of 562,455 potentially affected people in India, which is 0.6% of the global number of potentially affected people,” a Facebook spokesperson said.

This week, Facebook said data on as many as 87 million people, most of them in the US, may have been improperly shared with Cambridge Analytica, increasing the figure from a previously estimated 50 million.

“Protecting people’s information is at the heart of everything we do, and we require the same from people who operate apps on Facebook. Cambridge Analytica’s acquisition of Facebook data through the app developed by Dr. Aleksandr Kogan and his company Global Science Research Limited (“GSR”) happened without our authorization and was an explicit violation of our Platform policies. At no time did Facebook agree to Cambridge Analytica’s use of any Facebook user data that may have been collected by this app, including with respect to users located in India,” the company spokesperson said n an emailed response.

This app first became active on Facebook in November 2013. Facebook removed the app in 2015 when it learnt of violations of its platform policies.

India is a key market for Facebook with 217 million people using the platform every month.

Details of the number of users in India whose data was compromised was shared by Facebook as part of its response to the government of India. On 28 March, the Ministry of Electronics and Information Technology sent a letter to Facebook asking if data of Indian voters and users had been compromised by Cambridge Analytica or any other affiliate. The government also asked what proactive measures were being taken to ensure the safety, security and privacy of such large user data and to prevent its misuse by any third party. Facebook was asked to respond to the questions by April 7.

Facebook’s chief technology officer Mike Schroepfer said in a blog that ran under his byline on the company’s website that the number of subscribes whose data was shared with the controversial firm was much higher at 87 million than the 50 million it had conceded earlier, “mostly” in the United States.

Subscribers in the Philippines, Indonesia, UK, Mexico and Canada were ahead of Indians, and behind American, in the list of Facebook’s new revelations about compromised information.

These details came ahead of a conference call with reporters in which Facebook CEO Mark Zuckerberg said he had made a “huge mistake” personally by not focussing on data privacy. Zuckerberg also faced questions for the first time about his suitability to run the company he founded as a college student — dropped out of Harvard. He answered in the affirmative, but questions are beginning to be raised.

Sunil Abraham, founder of the think tank Centre for Internet and Society, said the thisisyourdigitallife app was one of the many apps that access Facebook’s application programming interface. “What Facebook isn’t telling us yet is what are the other apps , (whether they) had the same modus operandi and how much data did they manage to scrape,” he added. The company said on April 4 that it would display a link on the top of users’ News Feed so they can see what apps they use and the information they have shared with those apps. Facebook will also tell people if their information may have been improperly shared with Cambridge Analytica.

For more details visit https://cis-india.org/internet-governance/news/hindustan-times-vidhi-choudhary-and-yashwant-raj-facebook-data-breach-hit-over-5-6-lakh-users-in-india

It Took Just 355 Indians to Mine the Data of 5.6 Lakh Facebook Users. Here's How

Admin — 2018-04-07T15:33:46Z

Data privacy in India is still a nascent subject. Experts say cheap data has led to unprecedented Facebook penetration. Often, it is seen that those who open an account are not aware of the privacy concerns.

The blog post by Subhajit Sengupta was published in CNN-News 18 on April 7, 2018. Sunil Abraham was quoted.

Over 5.6 lakh Indian Facebook profiles have allegedly been compromised and their data leaked to the controversial data analytics firm Cambridge Analytica. As per the company, only 335 people in India installed the App yet they managed to penetrate over half a million profiles.

So, how does this work?

Once a user downloaded the quiz app called “thisisyourdigitallife”, Global Science Research Limited got access to the entire treasure trove of data. There are two mechanisms which are used for this.

First, the Application Program Interface (API) of Facebook called ‘Social Graph’ allows any app to harvest the entire contact list and everything else that could be seen on a users’ friend’s profile. This would take place even for private profiles, says Sunil Abraham, Executive Director of Bangalore based research organization ‘Centre for Internet and Society’.

The second way is when users have a public profile. The algorithm seeks out public profiles from the friend list and would go on multiplying from one public profile to another without any of the users even coming to know what is happening. This is like the ‘True Caller’ application, for it to get your number, you don’t need to download the software. If anyone has the app and your number, then it gets automatically logged there.

Facebook says "Cambridge Analytica’s acquisition of Facebook data through the app developed by Dr Aleksandr Kogan and his company Global Science Research Limited (GSR) happened without our authorisation and was an explicit violation of our Platform policies."

GSR continued to access this data from all the Facebook profiles throughout the entire lifespan of the app on the Facebook platform, which was roughly two years between 2013 and 2015. This means, even if a user is careful enough to not download the application but his/her profile’s privacy settings are weak, the algorithm would infiltrate the data bank.

Amit Dubey, a Cyber Security Expert goes into the details of what the app did, “The app called 'thisisyourdigitallife', which was created for research work by Aleksandr Kogan, was eventually used for psychometric profiling of users and then manipulating their political biases. The app was offered to users on the pretext to take a personality test and it agreed to have their data collected for academic use only. But the app has exploited a security vulnerability of Facebook application.”

Facebook “platform policy” allowed only collection of friends’ data to improve user experience in the app and barred it from being sold or used for advertising.

But this kind of data scrapping is not just limited to Cambridge Analytica. The Social Media Algorithm is often abused in the world of data scavenging and analytics. Even law enforcement agencies have often used similar means to locate possible miscreants.

According to Shesh Sarangdhar, Chief Executive Officer in Seclabs & Systems Pvt Ltd, similar data scrapping helped them unearth the terror module behind one of the attacks at an airbase last year. Shesh said that through Social Media Algorithm they would often narrow down on unknown terror modules. What his team did was to connect to the profile the whereabouts of multiple known nods converging. That is how the mastermind was located.

Data privacy in India is still a nascent subject. Experts say cheap data has led to unprecedented Facebook penetration.

Often, it is seen that those who open an account are not aware of the privacy concerns. But as Sunil Abraham puts it, Caveat emptor or ‘Let the Buyers Beware’ does not even apply here. It is not possible for anyone to go through the entire privacy policy.

“So it is not even right to ask if the consumer can protect his/her own interest. Thus, the state should proactively regulate the industry,” said Abraham.

Facebook has brought in a number of changes to its privacy settings. It now allows you to remove third-party apps in bulk. This welcome change has come after sustained pressure on the tech giant from users and a number of regulatory bodies across the world.

For more details visit https://cis-india.org/internet-governance/news/news-18-subhajit-sengupta-how-just-355-indians-put-data-of-5-6-lakh-facebook-users-at-risk

After data leak row, Facebook imposes restrictions on user data access

Admin — 2018-04-07T15:30:31Z

MEIT issues notice to Facebook even as experts debate absolute impact on the second largest developer community.

The article by Romita Majumdar and Kiran Rathee was published in Business Standard on April 6, 2018.

Social media giant Facebook has finally reacted to the global storm around its data privacy policies by bringing in a new set of restrictions on developers and data aggregators using the platform for data harvesting.

“Two weeks ago we promised to take a hard look at the information apps can use when you connect them to Facebook as well as other data practices. We will remove a developer’s ability to request data people shared with them if it appears they have not used the app in the last 3 months,” said Facebook Chief Technology Officer Mark Schroepfer in a blog.

Facebook has also disabled the feature to search a user by their email address or phone number which has been abused by malicious actors and reduced the overall control that the app will have on user data.

Facebook has also submitted its response to the Indian government saying over 500,000 people in India have been potentially affected by the data breach involving Cambridge Analytica. The government sources said as the social networking firm has now accepted that Indians’ data was compromised; it makes the issue much more important and serious. “We will wait for Cambridge Analytica’s reply and then, we will take our stand,” sources in Electronics and IT Ministry said.

The Ministry had issued notices to both Facebook and Cambridge Analytica, seeking their responses regarding the data breach of Indians and if it was used to influence elections.

The new set of restrictions clamp down on how much data app developers access on the platform and also prevent third part data providers from offering targeted marketing services on Facebook.

"India is the second largest Facebook developer base and the restriction on users' data access is going to impact all of them. There will be more scrutiny in Facebook apps, leading to slower approvals. Virality will reduce as explicit consent will be required for accessing friends' data and contacts list, “ said Vivek Prakash, CTO and Co-Founder, HackerEarth.

He added that there could be tighter terms of service making developers also liable for unauthorized processing of data that they collect from the apps.

Executive Director of Center for Internet and Society Sunil Abraham says that while Facebook says “apps need to agree to strict requirements” and “tightening our review process” it is still not clear what these requirements are. “Instead of the promised link to whether user data was accessed by Cambridge Analytica, it would make sense for them to say Facebook holds W number of records across X databases over the time period Y, which totals Z Gb while explaining what these variables stand for,” he said.

Consumer data marketing company Hansa Cequity believes that digital marketing arms of most companies will finally have to consider building their own user database given the strict clampdown on third party data.“Businesses can no more use data from third party aggregators for targeted advertising. Consumer goods and entertainment related brands are likely to face some impact because they depend on access to such data,” said S Swaminathan, Co-Founder and CEO, Hansa Cequity.

Some experts also believe that this move might force platforms like Twitter, Google and YouTube to rethink their policies on how much access they give advertisers and data aggregators to user data. Abraham also added that app developers and their investors have to evaluate business models that depend more on value to user rather than the amount of personal data harvested. The data that has already been harvested by the likes of Cambridge Analytica and other unknown parties, however, is beyond user control forever.

For more details visit https://cis-india.org/internet-governance/news/business-standard-romita-majumdar-and-kiran-rathee-after-data-leak-row-facebook-imposes-restrictions-on-user-data-access

Your mobile apps have the permission to spy on you

Admin — 2018-04-03T15:48:47Z

The top applications on the Android Play store in India seek permission like access to your camera, microphone, modify contacts and download files without notifications depending on the use of the app.

The article was published in the Economic Times on March 30, 2018. Pranesh Prakash was quoted.

“What we need is, not just knowing what permissions are being sought, but why they need such permissions,” said Pranesh Prakash, policy director of the Centre for Internet and Society.

Companies such as TrueCaller say that app developers should only be permitted to collect data that they can demonstrate as proportionate and “necessary for the stated purpose of their service”.

An Uber spokesperson said they provide users with an option to turn off certain permissions like location and phone contacts within the privacy settings on app along with explanations on what data they collect and the reason behind it. Others declined comment.

For more details visit https://cis-india.org/internet-governance/news/economic-times-march-30-2018-your-mobile-apps-have-the-permission-to-spy-on-you

If data is the new oil, how much does an Indian citizen lose?

Admin — 2018-04-03T15:42:31Z

Surveillance capitalism is the business model of the Internet, so what exactly are we talking about here?

The article by Saurya Sengupta was published in the Hindu on March 31, 2018. Sunil Abraham was quoted.

“We know where you are. We know where you’ve been. We can more or less know what you’re thinking about.” That was the former executive chairman of Google, Eric Schmidt, trying to convince users that the tech giants did care about their privacy, ironically enough. But that was in 2010.

Fast forward eight years, and a lot has changed. The world has been rattled by revelations that the personally identifiable data of about 50 million Facebook users was breached by an analytics firm. Since then, the skeletons haven’t stopped tumbling out, with the news that the NaMo app asks for as many as 22 permissions from users, and that the official Congress app, since deleted, was vulnerable to data breach.

Bruce Schneier, an American security technologist and fellow at Harvard University’s Berkman Klein Center for Internet & Society, in his book Data and Goliath, says: “Google knows what kind of porn each of us searches for, which old lovers we still think about, our shames, our concerns, and our secrets.”

So, what does any of this mean for us, the lay users?

It may be helpful to start by asking what this ‘data’ is. “Whenever you use any service on your phone or browser, you end up giving a lot more information than you consciously recall. This includes not just the content of your interactions, but also metadata and so on,” says Nayantara Ranganathan, manager of the Internet Democracy Project’s Freedom of Expression programme. Metadata is, simply put, data about your data. So, for example, your location information, what time you were home, how many times you made calls to a certain number, and so on.

“This is known as behavioural data,” says Sunil Abraham, executive director of The Centre for Internet & Society, “which includes how fast or slow you scrolled, how long you stayed on a page, how many times you went to a particular part of a website, and so on.”

Bhajan or you?

This is not just data gathered by the large Facebook and Gmail apps, but also by a lot of the smaller ones. An app that plays bhajans, for example, may mine your data and share it. And what do the third parties do with this? Well, the idea is to simply embed you further in a consumerist panopticon.

To FB or not to be

As #DeleteFacebook gets louder, users agonise about leaving Facebook on Facebook, irony be damned
Truth is, quitting FB won't help. Because it's also about Google Photos and Maps and Candy Crush and Which Disney Villain Are You
In the absence of laws, you've no control of what apps can do with your data. Even after you've 'deleted' it
Facebook doesn't take responsibility for data collected by apps, and refers users to app developers instead
Quitting FB and other apps might be a privilege and not an option for most

“Surveillance capitalism is the business model of the Internet, and all social media apps make their money collecting data on users and monetising that,” says Schneier.

“Lots of apps have no revenue generation. Their only benefit is data,” says Manan Shah, founder and CEO of Avalance Global Solutions, a cyber security firm. In fact, he says, apps like WhatsApp are the obvious suspects while the smaller ones, like the bhajan one, slip under the radar.

All of it is part of ‘lead generation’ — the process of identifying potential customers for a service or business. “A call-centre is useless without data,” Shah says. “If I want to sell you an antivirus, for instance, a company will identify filters — who owns a computer, who has already purchased an antivirus, and so on. I can then target that user. This filtered data is often your full name, bank details, data about your debit and credit cards. Abraham says there is another fairly obvious purpose for all this data collection – to get you to spend as much time on the said platform as possible.

This explains why, for example, when you Google something, the suggested searches are often tailored in an eerie manner. If you search for a word, the second search suggestion will offer to get that word translated into the local language. So if you’re in Chennai, Tamil, or into Marathi if you’re in Mumbai.

This a product of profiling your location data as well as behavioural data. “Imagine the kind of insights your location information over the course of a month can expose: your residence, where you spend your mornings, your route to work, your loved one’s residence, and more,” says Ranganathan.

“Users are often not aware that they’ve given their consent to sharing this data,” says Nikhil Pahwa, digital rights activist. “The terms and conditions of every app are so complicated and voluminous that often you have no way of knowing what something is being used for and what you’ve given your permission to. That’s a failure of the kind of consent we have today,” he says. If an app developer, quips Pahwa, puts in a condition saying the user will name their first child after the app, the user is more than likely to click on ‘I agree’.

While the failure to make consent transparent is illegal, data collection in itself is a grey area. And what constitutes ‘misuse’ of data is murky because of the lack of regulations and clear outlines. “What if a salon has your phone number and sends an SMS saying your haircut is due,” asks S. Anand, CEO of data science firm Gramener. “Would you consider that misuse?”

It gets more ominous.

We’ll use it some day

At present, India has no law to stop apps from sharing your data with data brokers or data analytics firms. “The tendency has been to collect as much data as you can, even if it isn't relevant to your business today, because it might be some day or, better still, it might be valuable to others,” says Amba Kak, a Mozilla technology policy fellow. “This is why we need a law to say — collect what you need, not what you want.”

As an Indian citizen, your data today is breached, misused or sold, there is little you can do about it. “At most, users can be more vigilant about the apps they download, what permissions they give, and evaluate whether there are better alternatives,” says Ranganathan.

“One can approach a court and seek redress under the IT Act,” says Abraham, “but only if you have suffered a loss of property or money. If your data has been breached or leaked, and you haven’t suffered a monetary or property loss, there’s nothing you can do.”

The Justice Srikrishna committee, set up in July, is right now working on a draft data protection bill. The committee published a white paper last November, and a final report is expected by end of May. “The white paper itself looks fantastic,” Abraham tells me.

An ideal data protection law, says Kak, “will reflect the Supreme Court’s recent decision that all interference with the right to privacy must be necessary and proportionate.”

If data sharing is inevitable in the digital age, then it could be made illegal, for instance, to share data that can identify individuals. Anand says, “This could be done by replacing all names with a new random name or by aggregating total purchases by store and product rather than by individual purchase.”

So in an era where we have been casually asked to accept that ‘data is the new oil’, who is the biggest loser? “Framing 'data' as the new oil is dangerous,” says Ranganathan. Kak agrees: “This is a tired analogy that doesn't seem to get us anywhere except to recognise that data is a source of profit for the private sector.” She would rather go with Turkish sociologist Zeynep Tufekci’s definition where we think of data privacy like clean air or safe drinking water. “It is a public good that we need to safeguard as a collective through laws that make controllers of data accountable,” says Kak.

For more details visit https://cis-india.org/internet-governance/news/the-hindu-march-31-2018-saurya-sengupta-if-data-is-new-oil-how-much-an-indian-citizen-lose

Parties seek social media influencers to go viral

Admin — 2018-04-03T15:30:30Z

It was 2015. Rahul Gandhi, Congress vice president then, met Mount Carmel College students in Bengaluru. Soon after the interaction, there were media reports on how Gandhi was stumped by the questions.

The article by Ipsita Basu was published in the Economic Times on March 31, 2018. Sunil Abraham was quoted.

While everybody was debating what really transpired in the auditorium, a 20-something Elixir Nahar wrote an open letter to Gandhi which said: ‘Thanks for stopping by, Rahul Gandhi. You were inspiring’.

It was the letter’s outspokenness and stating of facts that caught the imagination of everyone, especially on social media. The blog post went viral and was shared widely across digital platforms. In 2017, Nahar became part of the Congress social media cell when the party wanted to increase the party’s digital outreach.

Digital-savvy influencers are now an essential part of social media teams of political parties, which know that a viral tweet or a post can mean immense visibility. Knowing that traditional means like door-todoor campaigning and rallies have limited reach towards millennials, parties are making sure that the right messaging is sent out through such influencers, who usually have a large following on platforms like Twitter, Facebook and even Instagram.

According to Sunil Abraham, executive director, the Centre for Internet and Society, a Bengalurubased organisation looking at multidisciplinary research and advocacy works in internet and society, “Internet communication is becoming more and more sophisticated. Social media is not impressed by just ghost accounts and mass propagation. Influencers come with their own brand and credibility and this constitutes into more articulate and targeted communication, which is an engaging way to speak to a constituency."

Shilpa Ganesh, star wife and state vice president of BJP Mahila Morcha, is an intrinsic part of the party’s social media outreach. With 56,000 followers on Twitter and close to 2,00,000 on Facebook, she makes for a formidable influencer. “Most of my posts get a huge traction. I spend about 15-18 hours on various social media platforms to track news and restrict issue-related posts to at least twice a day,” she says.

Working on such social media teams is a draw for young corporates, IT professionals and college students who want to experience the power of digital media. Kamran Shahid, 28, a simulation engineer with a German car company, has taken a break, to work for the Aam Aadmi Party. Shahid, who now oversees the party’s state social media, was chosen for his knack with words and digital content.

Influencers are picked depending on their online popularity, proficiency to articulate on the Internet and the number of followers across platforms. The identities of those working in the background are kept under wraps. Review meetings are held every week to discuss the next strategy. Actor and former Mandya MP Divya Spandana, the chief of social media and digital communications of the Congress, has put together a mid-size team for digital outreach. “We’ve chosen people from diverse backgrounds who share our ideology. Each one brings a specific skill set to our team,” says Spandana, who is on the phone 24x7 tracking social media developments.

For more details visit https://cis-india.org/internet-governance/news/economic-times-ipsita-basu-march-31-2018-parties-seek-social-media-influencers-to-go-viral

The Narendra Modi app: The secret weapon in BJP’s elections arsenal

Admin — 2018-03-29T16:28:28Z

Narendra Modi app, BJP's secret weapon.

The article by Jayadevan PK and Pankaj Mishra was published by Factor Daily on March 29, 2018. Pranesh Prakash was quoted.

Story Highlights

Why is Rahul Gandhi beating the drums about the Narendra Modi app? Because he knows that the app – with over 10 million users already – will be crucial decider of a BJP victory or failure in the general elections.
The Narendra Modi app’s mission is two fold — mobilize and integrate some 100 million BJP members and use the app to deliver targeted messaging to voters. Party president Amit Shah has a target that each district should have 100,000 downloads.
In the coming general elections, there will be more than 180 million first-time voters – people who are relatively easy to target on social media. Of the 241 million Facebook users in India, about 54 million are between the age of 18 and 23 years.

Congress president Rahul Gandhi earlier this week got panned for his criticism of the Narendra Modi app. The app, Gandhi had said on Twitter, was leaking user data and added that Prime Minister Narendra Modi was “the Big Boss who likes to spy on Indians”. Much of what the Congress leaders said was hyperbole common at the hustings.

But as it turns out, Gandhi has good reason to beat the drums wildly: the Narendra Modi app is going to be, by all accounts, the Bharatiya Janata Party’s arrowhead as India pads up for its biggest general elections next year. The app is going to be the fulcrum of the BJP’s tech outreach and social media strategy in the months ahead of the elections, which may be held earlier than the scheduled early 2019 going by the buzz in political circles in capital New Delhi.

The usage of the state apparatus to promote an app owned by Modi personally and the way it plans to use data of its users is drawing criticism from political rivals and privacy activists. Critics have pointed out that the app asks for too many permissions, is less than ideally secure, and is run by the BJP while being positioned as the official application of the prime minister of India. These questions are now taking a serious tone after the Facebook-Cambridge Analytica scandal.

“Overall, Facebook’s fallout means even more focus and reliance on the Narendra Modi app by the BJP,” said a person familiar with BJP’s social and digital plans, adding the Facebook and WhatsApp platforms will be in the background and continue to be valuable. This person asked to remain anonymous.

By “Facebook’s fallout”, he is referring to the aftermath of the scandal that implicated political consulting firm Cambridge Analytica of misusing Facebook data of millions of users without consent. Questions are also being raised in the UK and US about the involvement of Russian actors using Facebook, Google and Twitter to influence key global events such as Britain’s exit from the European Union and the US presidential elections in 2016.

After a sting by British broadcaster Channel4 showed Cambridge Analytica used dubious means to influence elections, both the Congress party and the BJP have accused each other of using the services of the analytics company.

To be sure, it will be difficult for anyone to ignore Facebook and WhatsApp for the sheer reach they offer – Facebook has over 240 million users in India and WhatsApp has a similar number of users in India. But growing the Narendra Modi app’s user base will mean a channel that won’t need to be constantly paid for and in the BJP’s direct control with all the granular data and reach that such a platform can offer.

India has the largest number of Facebook users in the world.

“The game plan is to make Narendra Modi app the killer platform for the next elections and beyond,” said the person aware of the BJP’s plan. With estimated downloads of over 10 million already, the Narendra Modi app’s mission is two-fold — mobilize and integrate some 100 million BJP members across the party’s operations and use the app to deliver targeted messaging to existing and potential voters.

To that end, Prime Minister Modi himself and the BJP have been driving app downloads in ways that will put seasoned growth hackers to shame. For instance, Modi’s new book Exam Warriors. Readers can scan QR codes in the book and post responses to the Narendra Modi app. The target: more young users for the app who will soon vote for the first time. A student taking the 12th board exams this year is likely 18 years old, come the 2019 elections.

As has been pointed out, targeting first-time voters in a country where 41% of the population is younger than 20 years is a no-brainer. Political scientist Oliver Heath posited in 2015 that the BJP’s 2014 victory came about more thanks to first-time voters rather the votes it weaned away from rival parties. There were 136 million new voters in 2014. This time there will be more than 180 million first-timers – people who are relatively easy to target on social media. Of the 241 million Facebook users in India, about 54 million are between the age of 18 and 23 years.

The BJP also has plans to co-opt educational institutions to distribute the book, said another source. The book, released in February 2018 is being translated into various languages starting with Hindi and Marathi. The BJP state government in Maharashtra is procuring nearly 150,000 books on Modi but it hasn’t said yet it would be Exam Warriors that it would buy and distribute to state schools.

The number of times Prime Minister Narendra Modi has plugged the app in his Mann Ki Baat speeches.

The prime minister also channels users to the app in his speeches and on his social media channels. A typical plug in his monthly Mann Ki Baat speech would call out a comment received on the app or ask “fellow countrymen” to share a photo or views on an issue on the app. Since October 2014, Modi has made 41 Mann Ki Baat speeches and he has mentioned the Narendra Modi app over 50 times, an analysis of his speeches shows (See graph).

Besides launching modules that enable the prime minister to talk to his council of ministers or run surveys and bundling the app with new phones to drive users, the BJP has also from time to time driven some hard app download targets to its rank and file. In September 2016, for instance, the Gujarat party chief said it will ensure at least 7 lakh downloads of the app as a birthday gift to Modi. BJP President Amit Shah wants nearly 50 million downloads for the app and has directed state officials to drive nearly 100,000 app installations in each district. “Do not take this as an information (or suggestion). Accountability will be ensured and it is the responsibility of each district unit to ensure downloading of one lakh of Narendra Modi App,” Shah reportedly said at the party’s national executive meeting in March 2016.

The app is already in play at the Karnataka elections scheduled for April. “As of now, the app has national content. Going forward we will be pumping lot of content related to Karnataka in Kannada. It will include voice, non-voice and lot of messages. He (Modi) will also be sharing through the app for Kannadigas,” says Amresh K, BJP Information Technology Cell State Convener.

“We will also be doing a Narendra Modi campaign to drive downloads,” said Amresh, who is helping create manifestos for 224 constituencies in Karnataka. “Earlier it used to be one state-level manifesto. This time we have it for 224 constituencies. We’re also engaging with 500-1000 influencers in these constituencies and about 100 sectors to compile their inputs,” he said. The 2013 manifesto of the BJP, a 40-page document, led with the development agenda focussed on specific sectors but also promised freebies such as 25-kilogram free rice to the poor and free laptop to high school goers.

Modi’s popularity as a leader in central to the app. “More than BJP today, Modi as a brand has become extremely strong. There’s a lot of mud sticking to political leaders but in comparison, he seems to be coming through as spotless,” says brand strategist and author M G Parameswaran, who helped create some of the biggest brands such as Santoor and Wipro. To appeal to the young voter, it’s important for Modi to stick to the “development narrative and not get derailed by the Hindutva narrative,” he adds.

So how does the app really help the BJP? The answer to this question really lies in the BJP’s earlier campaigns and the party’s learnings. FactorDaily interviewed people closely associated with BJP’s 2014 campaign to find out.

The ‘Golden Triple’

India could go to polls as early as the end of this year, as is being speculated by the political chatterati, or early next year. Nearly one billion Indians eligible to vote this time around (814 million in 2014) will decide the fate of 543 seats to which representatives are elected. As Rajesh Jain, a former advisor to the BJP campaign points out on his blog, “using data and analytics to identify supporters and then getting them out to vote on election day will be instrumental in determining the eventual winner”. He estimates that nearly 670 million people in India, comprising 330 million who don’t vote and 340 million who aren’t likely to support a mainstream party (or are undecided), are up for grabs.

Importantly, the dynamics at the hustings have changed. “Unlike 2015, this isn’t an election with a wave (the Narendra Modi wave). This isn’t a Facebook or a WhatsApp election in that sense. This is going to be about micro-targeting and use of Narendra Modi app. If BJP wins 2019, the app will become even more all-pervasive and a way to be free from platforms like WhatsApp and Facebook,” said the source familiar with the BJP’s plans quoted above.

Micro-targeting is the practice of crafting messages and advertising to small user cohorts. For this to work, the advertiser, will need to understand its target audience deeply and accurately. Having data from various sources, including the Modi app, will help target the electorate better.

The golden triple is a combination of booth level information, contact details and political leaning of a voter.

The lynchpin of the data strategy of the BJP is what number crunchers call the “Golden Triple”, which has three pieces to it: the details of the booth at which someone votes, the contact phone number and the political leaning of the voter. Voter details are public information in India. Collating that accurately with contact phone numbers is difficult but doable (and likely has already been done by political parties including the BJP).

The BJP, through its missed call-based membership drive back in November 2014, had amassed nearly 100 million registered members. At the time, the BJP had collected voter ID details of members as well. In other words, the party already has over 100 million ‘golden triples’. “If you have 10 crore golden triples, your target audience is sorted,” said the source who knows of BJP’s plans.

“There are four things on which the battles are won and lost—identifying those who already are your supporters, voter registration, pursue them, and finally ensuring that they turn out on the day when it all matters the most,” says the person. The Narendra Modi app becomes a tool to mobilize party workers and getting them to execute the game plan. It also doubles up as a channel to send targeted messages based on the data it has captured already.

Having data of its supporters in a constituency can help parties craft targeted messages and zone in on the audience better using social media platforms, says Ankit Lal, the author of India Social: How social media is leading the charge and changing the countryand a social media strategist for the Aam Aadmi Party (AAP). For instance, Facebook allows you to build a custom audience by uploading a list of email addresses or phone numbers.

The election commission’s Form 20 gives polling booth level data on which candidate got how many votes. “Now, this combined with more specific data sets, can make it far more impactful,” says the person quoted above. For instance, if the numbers aren’t looking good in a certain region, the Narendra Modi app can be used to mobilise party workers to campaign harder in those areas.

In 2014, the BJP used a market research and analytics agency Penn Schoen Berland (PSB) to firm up the key planks on which it would fight elections. The party built its campaign around issues of corruption, security of women, and inflation based on the firm’s inputs. For sure, there will be voter surveys done by the BJP (as also other parties) this time, too, but with the Narendra Modi app and its growing install base, the party’s understanding of local, district-level issues – even booth-level inputs – get strengthened through internal surveys and other mechanisms.

But, can the sophisticated combination of data analytics, micro-targeting, and bespoke messaging swing an election? The answer depends on how close the electoral fight in different constituencies will turn out to be.

When victory margins are thin, targeted campaigns (especially on social media) can win seats. Case in point: Gujarat assembly elections late last year. As this article points out, the victory margins in 57 out of 182 seats in Gujarat was less than 5% – in other words, just a few thousand votes could swing victory either which way. “The win or loss margin is very small, generally less than 5% of the electorate for a majority of constituencies,” says Lal, the AAP strategist. “For urban areas, it is easy to influence results using social media because the margins are so close.” In Karnataka, more than 30 of the 224 seats in the legislative assembly had wins with a margin of less than 3%.

What about the national elections? Here, too, the narrow wins are make or break in nature. Ninety-two seats were won with a winning margin of less than 5% in the 2014 elections. This despite the Modi wave that saw the BJP end with 282 seats in the Lok Sabha – the first time in 30 years a party won a simple majority in the lower house of Parliament.

In other words, social media has – and will continue to have – a definite sway in Indian electoral outcomes and the Narendra Modi app has its role cut out for itself.

The privacy question

On March 23, a security researcher who goes by the pseudonym Elliot Alderson, revealed that the data collected by Narendra Modi app is being passed on to analytics company Clevertap. The app also takes 22 permissions from the user, including the ability to access the user’s contacts, gallery and microphone. Privacy advocates warn that doing so without explicitly telling the user is a breach of trust. “Be careful when you enter personal data. It is often not needed and this data is often misuse (sic) after that,” Alderson messaged FactorDaily on Twitter in reply to a question. His tweets were what had the Congress Party’s Gandhi kicking up a minor storm accusing the BJP of spying on users. To be sure, it is common practice to integrate analytics and marketing tools like Clevertap into an app (also see: CleverTap’s Commitment to User Consent and Data Privacy).

Thejesh G N, founder of Datameet, a community of data scientists and open data enthusiasts, says that it’s okay for politicians to use websites or apps to string members together or talk to their constituents. But they should follow ground rules such as stating the purpose of data collection clearly, collecting minimum amount of data, sharing information about who is collecting the data, for what purpose and guaranteeing the security of personal data, and also stating how it will share data with third parties and for what purpose. This may have sounded like ideal principles of data use but less so in the aftermath of the Facebook-Cambridge Analytica scandal which has brought into focus the flagrant violation of privacy standards by almost every platform.

“People might be thinking they are giving data to the prime minister… in fact, it’s probably going to a campaign database. It’s important to make that clear.”

In the case of Narendra Modi app, some of these basic rules aren’t followed, points out Thejesh, a privacy activist from Bengaluru. “The app description on Play Store says ‘Official App of Prime Minister of India, Narendra Modi. It brings to you latest information, instant updates & helps you contribute towards various tasks. It provides a unique opportunity to receive messages and emails directly from the Prime Minister.’ But the app is not owned by Government of India and so the statement is misleading,” he says. “People might be thinking they are giving data to the prime minister… in fact, it’s probably going to a campaign database. It’s important to make that clear.”

Lal of AAP minces no words when it comes to the question of ownership of data. “That’s the biggest question. How did a private app end up being used by the prime minister’s office? Either they were conned into it or they know about it. If they did it deliberately, they knowingly stole data which is no smaller than that of Cambridge Analytica. There it was between Cambridge Analytica and Facebook, here it is between citizen and their prime minister,” he says.

“There is a distinction to be drawn between providing one’s own data and providing the data of others that you happen to have.”

In 2015, privacy and tech policy expert Pranesh Prakash helped report a security vulnerability that exposed the data of Narendra Modi app users. “In 2016 again, the same set of security vulnerabilities blew up… this time, more than 5 million people’s personal profiles including their birthdates, phone numbers was available to the public,” Prakash told India Today TV. “There is a distinction to be drawn between providing one’s own data and providing the data of others that you happen to have. For instance, the Narendra Modi app asks for permissions for ‘Contacts’, which allows it to harvest your contacts. Are they using it (as you suggest they would) for the elections? If so, are they upfront about that as one of the purposes for the data collection? And are they collecting your details or details of your contacts as well,” Prakash later told FactorDaily in reply to a question on the use of data from the Narendra Modi app.

The BJP has responded to some of the criticism. Amit Malviya, the BJP IT Cell chief pointed FactorDaily to the party’s statement that said: “Narendra Modi App is a unique App, which unlike most Apps, gives access to users in ‘guest mode’ without even any permission or data. The permissions required are all contextual and cause-specific. Contrary to Rahul (Gandhi)’s lies, fact is that data is being used for only analytics using third-party service, similar to Google Analytics. Analytics on the user data is done for offering users the most contextual content. This ensures that a user gets the best experience by showing content in his language & interests. A person who looks up agri-related info will get agri related content easily. A person from TN will get updates in Tamil and get an update about an important initiative about TN.”

Will the Narendra Modi app prove to be the BJP’s Brahmastra – the mythical destructive weapon from ancient Hindu texts? The contextual content served on the app in the coming months will give the answer. If it is hyperlocal and raises issues at the booth level, you can be sure that the Brahmastra has been deployed.

For more details visit https://cis-india.org/internet-governance/news/factor-daily-jayadevan-pk-and-pankaj-mishra-march-29-2018-narendra-modi-app-bjp-2019-election

Narendra Modi’s personal app sparks India data privacy row

Admin — 2018-03-28T16:17:32Z

PM’s NaMo app sends user data to third party in US, says researcher.

Sunil Abraham was quoted in the article published by Financial Times on March 28, 2018.

“People are outraged that there is a peephole,” says Sunil Abraham, executive director of the Bangalore-based Centre for Internet and Society, a non-profit research organisation. “They are not outraged that anyone has looked into the peephole — because there is no evidence of that yet.”

For Mr Abraham, however, the controversy demonstrates that “Indian political parties have a voracious appetite for political data. If unchecked by law or public outrage, they will continue to hoover up as much data as they can from our devices.”

“Privacy is definitely a political issue,” says Mr. Abraham. “Political parties are reacting not because they will get into trouble under the law. They are reacting because they areafraid their supporters may not like it.”

For more details visit https://cis-india.org/internet-governance/news/financial-times-march-28-2018-narendra-modi-personal-app-sparks-india-data-privacy-row

Cambridge Analytica scandal: How India can save democracy from Facebook

sunil — 2018-03-28T15:44:00Z

Hegemonic incumbents like Google and Facebook need to be tackled with regulation; govt should use procurement power to fund open source alternatives.

The article was published in the Business Standard on March 28, 2018

The Cambridge Analytica scandal came to light when whistleblower Wylie accused Cambridge Analytica of gathering details of 50 million Facebook users. Cambridge Analytica used this data to psychologically profile these users and manipulated their opinion in favour of Donald Trump. BJP and Congress have accused each other of using the services of Cambridge Analytica in India as well. How can India safeguard the democratic process against such intervention? The author tries to answer this question in this Business Standard Special.

Those that celebrate the big data/artificial intelligence moment claim that traditional approaches to data protection are no longer relevant and therefore must be abandoned. The Cambridge Analytica episode, if anything, demonstrates how wrong they are. The principles of data protection need to be reinvented and weaponized, not discarded. In this article I shall discuss the reinvention of three such data protection principles. Apart from this I shall also briefly explore competition law solutions.

Collect data only if mandated by regulation

One, data minimization is the principle that requires the data controller to collect data only if mandated to do so by regulation or because it is a prerequisite for providing a functionality. For example, Facebook’s messenger app on Android harvests call records and meta-data, without any consumer facing feature on the app that justifies such collection. Therefore, this is a clear violation of the data minimization principle. One of the ways to reinvent this principle is by borrowing from the best practices around warnings and labels on packaging introduced by the global anti-tobacco campaign. A permanent bar could be required in all apps, stating ‘Facebook holds W number of records across X databases over the time period Y, which totals Z Gb’. Each of these alphabets could be a hyperlink, allowing the user to easily drill down to the individual data record.

Consent must be explicit, informed and voluntary

Two, the principle of consent requires that the data controller secure explicit, informed and voluntary consent from the data subject unless there are exceptional circumstances. Unfortunately, consent has been reduced to a mockery today through obfuscation by lawyers in verbose “privacy notices” and “terms of services”. To reinvent consent we need to bring ‘Do Not Dial’ registries into the era of big data. A website maintained by the future Indian data protection regulator could allow individuals to check against their unique identifiers (email, phone number, Aadhaar). The website would provide a list of all data controllers that are holding personal information against a particular unique identifier. The data subject should then be able to revoke consent with one-click. Once consent is revoked, the data controller would have to delete all personal information that they hold, unless retention of such information is required under law (for example, in banking law). One-click revocation of consent will make data controllers like Facebook treat data subjects with greater respect.

There must be a right to explanation

Three, the right to explanation, most commonly associated with the General Data Protection Directive from the EU, is a principle that requires the data controller to make transparent the automated decision-making process when personal information is implicated. So far it has been seen as a reactive measure for user empowerment. In other words, the explanation is provided only when there is a demand for it.

The Facebook feeds that were used for manipulation through micro-targeting of content is an example of such automated decision making. Regulation in India should require a user empowerment panel accessible through a prominent icon that appears repeatedly in the feed. On clicking the icon the user will be able to modify the objectives that the algorithm is maximizing for. She can then choose to see content that targets a bisexual rather than a heterosexual, a Muslim rather than a Hindu, a conservative rather a liberal, etc. At the moment, Facebook only allows the user to stop being targeted for advertisements based on certain categories. However, to be less susceptible to psychological manipulation, the user should be allowed to define these categories, for both content and advertisements.

How to fix the business model?

From a competition perspective, Google and Facebook have destroyed the business model for real news, and replaced it with a business model for fake news, by monopolizing digital advertising revenues. Their algorithms are designed to maximize the amount of time that users spend on their platforms, and therefore, don’t have any incentive to distinguish between truth and falsehood. This contemporary crisis requires three types of interventions: one, appropriate taxation and transparency to the public, so that the revenue streams for fake news factories can be ended; two, the construction of a common infrastructure that can be shared by all traditional and new media companies in order to recapture digital advertising revenues; and three, immediate action by the competition regulator to protect competition between advertising networks operating in India.

The Google challenge

With Google, the situation is even worse, since Google has dominance in both the ad network market and in the operating system market. During the birth of competition law, policy-makers and decision-makers acted to protect competition per se. This is because they saw competition as an essential component of democracy, open society, innovation, and a functioning market. When the economists from the Chicago school began to influence competition policy in the USA, they advocated for a singular focus on the maximization of consumer interest. The adoption of this ideology has resulted in competition regulators standing powerlessly by while internet giants wreck our economy and polity. We need to return to the foundational principles of competition law, which might even mean breaking Google into two companies. The operating system should be divorced from other services and products to prevent them from taking advantage of vertical integration. We as a nation need to start discussing the possible end stages of such a breakup.

In conclusion, all the fixes that have been listed above require either the enactment of a data protection law, or the amendment of our existing competition law. This, as we all know, can take many years. However, there is an opportunity for the government to act immediately if it wishes to. By utilizing procurement power, the central and state governments of India could support free and open source software alternatives to Google’s products especially in the education sector. The government could also stop using Facebook, Google and Twitter for e-governance, and thereby stop providing free advertising for these companies for print and broadcast media. This will make it easier for emerging firms to dislodge hegemonic incumbents.

For more details visit https://cis-india.org/internet-governance/blog/business-standard-march-28-2018-sunil-abraham-cambridge-analytica-scandal-how-india-can-save-democracy-from-facebook

UIDAI servers or third parties, Aadhaar leaks are dangerous: Experts

Admin — 2018-03-27T02:16:55Z

Even though the UIDAI has denied these reports, its arguments rest on shaky grounds, according to experts.

The article by Mayank Jain was published in Business Standard on March 27, 2018. Pranesh Prakash was quoted.

The government has told the Supreme Court that the Aadhaar data “remains safely behind 13-feet high walls” and it will take “the age of the universe” to break one key in the Unique Identification Authority of India’s (UIDAI’s) encryption.

Even if this claim is taken at face value, experts suggest leaks from third-party databases seeded with Aadhaar numbers are equally dangerous and the UIDAI is responsible for the damage. The most recent case came from a report published online and it said random numbers could provide access to the Aadhaar data, which also includes people’s financial information, from a state-owned company’s database. Even though the UIDAI has denied these reports, its arguments rest on shaky grounds, according to experts.“There is no truth in this story as there has been absolutely no breach of the UIDAI’s Aadhaar database.

Aadhaar remains safe and secure,” the UIDAI said on Twitter shortly after the story broke on ZDNet.The authority added even if the report was taken to be true, “it would raise security concerns on the database of that Utility Company and has nothing to do with the security of the UIDAI’s Aadhaar database”.This has been the authority’s defence in several such cases but those in the know of things say it doesn’t hold water simply because the Aadhaar data is not concentrated in the UIDAI’s complexes anymore and has spread across various databases.“Publishing this by the state entities is a violation under the Aadhaar Act.

Even if you publish your Aadhaar number, it is a violation of the law,” said Pranesh Prakash, policy director at the Centre for Internet and Society.“Saying that the UIDAI has not been compromised is thoroughly insufficient because for customers, it doesn’t matter if the leak comes from servers operated by the UIDAI or from others holding copies of the UIDAI database.”Prakash said it should be the authority’s responsibility to help others comply with the law and prevent data leaks.

He gave the example of biometric leaks from Gujarat government servers and how criminals used them to forge fingerprints.The possibility of data leaks was demonstrated when Robert Baptiste, purportedly a French app developer, announced on Twitter how he got access to thousands of scanned Aadhaar card copies through simple Google searches.In an interview to Business Standard, Baptiste said the major threat was data handling by third parties, which could lead to identity theft.Even the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016, has provisions that debar making public citizens’ Aadhaar-related information public unless required for certain purposes.

“Whoever intentionally discloses, transmits, copies or otherwise disseminates any identity information collected in the course of enrolment or authentication to any person not authorised under this Act” can be in jail for three years and pay a fine of ~10,000 under the Act.A lawyer appearing on the petitioners’ side in the ongoing Supreme Court case on the constitutional validity of Aadhaar said only the UIDAI had the powers to file cases against people who published Aadhaar information. Hence everyone else is helpless despite the leaks.

The UIDAI’s argument that Aadhaar information can’t be misused is duplicitous because the regulations under the Aadhaar Act assure individuals that if biometric authentication fails, they should have other means of identifying themselves, says Kiran Jonnalagadda, founder of HasGeek.“So the regulations guarantee that anyone in possession of stolen identity information will be able to misuse it without biometric authentication,” he said.Prakash agreed with this. He said demographic authentication, which is an acceptable authentication method under the Aadhaar Act, was prone to misuse as long as Aadhaar numbers remained public.“Aadhaar is used as just a piece of paper, unlike security features embedded in passports or even permanent account number cards. Thus, demographic authentication merely involves providing Aadhaar numbers and details like addresses, which can be used even for things like getting entry into an airport by just printing a ticket and having a fake Aadhaar,” he said.

Queries sent to the UIDAI were not answered till the time of going to press

For more details visit https://cis-india.org/internet-governance/news/business-standard-mayank-jain-march-27-2018-uidai-servers-or-third-parties-aadhaar-leaks-are-dangerous-experts

Data Breach: How will the biggest scandal that Facebook is mired in affect its credibility in India?

Admin — 2018-03-27T02:09:41Z

Facebook has not been able to catch a break lately.

The article by G. Seetharaman and Shephali Bhatt with additional inputs by Indulekha Aravind was published in the Economic Times on March 26, 2018. Sunil Abraham was quoted.

Rebuked for the misinformation spread on its platform by Russian agencies during the 2016 US presidential election, aiding Donald Trump’s victory, Facebook was on the defensive for most of 2017. Making matters worse for the Menlo Park, California-headquartered social media behemoth, another one of its past oversights has now come back to haunt it in what is undoubtedly its biggest public relations challenge.

Reports by the New York Times and the Observer of London on March 17 disclosed that a researcher linked to Cambridge Analytica (CA), a political consulting firm that worked on Trump’s campaign, had accessed details of 50 million Facebook users unbeknownst to them and shared it with CA, which uses online data to reach voters on social media with personalised messages. The reports were based on revelations by whistle-blower Christopher Wylie, who had worked with CA.

This is how it unfolded: in 2014, CA hired Aleksandr Kogan, a Soviet-born American citizen, to mine data on US voters on Facebook, through a personality quiz app. It was downloaded by 2,70,000 users, who logged in with their Facebook credentials. That enabled Kogan to access not just their data on Facebook, but also their friends’ profiles. Facebook says Kogan lied that the data was only for his research, while there was a commercial element to it as CA paid for the app. It is unclear at this point how exactly the data was used or whether it was effective.

In 2015, Facebook removed his app and sought an assurance from him that the data had been destroyed. But it later found out that the information had been passed on to CA. Facebook has since stopped apps from accessing information about a user’s friends and has even limited the data that can be collected about the user.

While the broad details of the issue have been known since 2015, the sheer number of accounts that were compromised was not known till now and has led to calls for Facebook to be deleted, with #DeleteFacebook trending on Twitter. The company, one of the world’s most valuable public companies, has shed $75 billion, or 14% of its market value, since March 16.

As Facebook spends the next few months trying to convince its users that their data is safe, India will be crucial to their plans. India is, after all, its largest market, with 250 million monthly active users, 12% of its global base, according to recent data by We Are Social and Hootsuite, firms involved in social media marketing and management, respectively.

There are other reasons why India is important to Facebook: WhatsApp, the country’s chat app of choice, has 200 million users, again more than any other market, and Instagram has 53 million. Both these apps are owned by Facebook, giving the company an outsize role in how Indians communicate.

Facebook will only grow as smartphone and internet adoption grows — India is set to add 100 million internet users and 250 million smartphone users by 2020. But at the same time, it has to deal with those wondering whether they should sign up or continue being on the network.

Soumya Sinha, a 32-year-old data consultant in Delhi, says FB is quite passive-aggressive when it comes to data. “It gives you a lot of privacy options, makes you feel you are in control of your wall, but buries an ‘unless you don’t want to share’ option at the bottom,” he says. “If you don’t opt out, it assumes you are happy to share. Even if you do, you can never be sure the non-consensual sharing has stopped.”

Privacy controls — not just on Facebook but on social media platforms in general — are not easy to find and even the most tech-savvy have a hard time ensuring the accounts are as secure as they can possibly be. “Indians are very liberal with others accessing their data. A lot of other accounts are linked to my FB account. Who knows which one of them will provide my data to others?” says Prateek Kharangar, a 30-year-old doctor in Rajasthan.

Mark Zuckerberg, Facebook’s billionaire chief executive, issued a statement on March 21 admitting that Facebook had made mistakes. He added that Facebook would do a thorough audit of suspicious apps and make its privacy policy stricter by limiting the user information it shares with third-party apps.

Facebook will also revoke permission to apps that a user has not accessed for three months and show an option at the top of the news feed, allowing users to do the same. Zuckerberg also said in a subsequent interview to the New York Times that Facebook would let concerned users know about the CA debacle. Questions sent by ET Magazine to Facebook India went unanswered. The US Federal Trade Commission and the European Union are also scrutinising the issue.

Protect Data
Facebook has faced criticism in the past, including about its facial recognition software In India, it was badly bruised in its fight against net neutrality. Its Free Basics campaign tried to push free access to a few websites, including its own, in partnership with telcos, but the telecom regulator in February 2016 ruled in favour of net neutrality. Sunil Abraham, executive director of the Centre for Internet and Society, believes sites like Facebook should periodically inform users about the data the apps have access to. “Facebook should also ask you every quarter if you want to revoke permission. It’s required in countries where users are naive, unaware and incapable of protecting their own interests.”

Many experts call for more transparency and clarity. Nayantara Ranganathan, programme manager at the Internet Democracy Project, says privacy policies are tweaked constantly and the changes the companies want us to know about are conveyed through blog posts and such, while there may be changes that we may not be aware of. Nikhil Pahwa, cofounder, Internet Freedom Foundation, says the process of notifying users of changes in terms and conditions needs to be improved. “So often, T&Cs are changed and the company just sends a generic mail to all its users. If they don’t respond, it is assumed they have agreed to the changes. That needs to change.” Some believe online consent agreements are being simplified.

While there have been calls for the privacy notice to be in local languages too, Rama Vedashree, CEO of Data Security Council of India, says that in markets like India, where millions are just being introduced to the internet, websites may have to look at pictorial representations to explain how user data will be used by third-party developers. Regardless of how intelligible tech companies make their privacy policy documents, given the number of websites we use, it is impossible to read every site’s terms. That is where a stringent law becomes necessary. “We don’t have a robust legal framework that acts swiftly, permits class action lawsuits and awards damages in tune with the harm incurred,” says Mishi Choudhary, legal director at the Software Freedom Law Center.

WHY FB CAN'T TAKE DATA SECURITY LIGHTLY IN INDIA

Source: Facebook, WhatsApp, We Are Social and Hootsuite, Ministry of Communications, Internet and Mobile Association of India

Abraham says presently only data security is covered under the Information Technology Act, 2000. “A mere infringement of your privacy without financial loss does not allow you to seek remedy.” However, India could have a data protection law sooner than later. A committee was appointed by the government last year to come up with a draft law, an important part of which will be a data protection authority. The Supreme Court, in a landmark ruling last year in a case related to Aadhaar, said privacy is a fundamental right.

The European Union’s General Data Protection Regulation (GDPR), which will come into effect in May, could be emulated in countries, including India. It makes tech companies more accountable for the privacy of those who use their services and has penalties up to £20 million, or 4% of the errant company’s global annual revenues, whichever is higher. This forced Facebook to put all of its privacy settings in one place in January.

“India must go further than Europe did with its General Data Protection Regulation, which requires companies to get unambiguous consent from users to collect data, to clearly disclose how personal data are being used, and to spell out why data is being collected. It must also ban any form of political advertising and the sale of data to third parties,” wrote Vivek Wadhwa, a tech entrepreneur and academic, in a column in ET on Friday.

In light of this controversy, there will be pressure on the government to hasten the process of introducing a data protection law, accompanied by a regulator. It is likely the draft document will draw on the European regulation. “The more we adopt from EU GDPR, the better,” says Pahwa, adding that users should also have the right to removal of personal data.

Ravi Shankar Prasad, India’s IT and law minister, has warned Facebook of stringent action if it is found influencing elections “through undesirable means”. The Indian government on Friday issued a notice to Cambridge Analytica asking if any entities engaged its services to harvest data of Indian Facebook users.

India could also take a leaf out of Germany’s playbook while enforcing data protection, especially if it involves tech companies that dominate the segment they operate in, like Google in search and Facebook in social media. Germany’s competition watchdog in December accused Facebook of abusing its dominant position to get users’ consent to access their data from third-party websites. The Competition Commission of India in February imposed a penalty of `136 crore on Google for abusing its dominant position in search to create a bias to favour its own services.

Messing Up Elections?
The ongoing controversy has been exacerbated by the fact that besides data privacy, electoral politics is at the centre of the issue. CA dug itself into a deeper hole when footage emerged of a UK television channel’s sting operation, in which the company’s top officials talk about using bribes and women to entrap their clients’ political opponents. CA has since suspended its chief executive, Alexander Nix, who was in the video. CA is partly funded by conservative US billionaire Robert Mercer, and Trump’s former White House chief strategist Stephen Bannon served on its board.

The issue has had political ramifications in India, with both the ruling Bharatiya Janata Party and opposition Congress trading charges about each other’s association with CA. The BJP has attacked the Congress by quoting news reports of talks between CA and the Congress ahead of the 2019 general election, while the Congress has hit back with a reference to the 2010 Bihar election on the CA website. The company claims that it worked on the Bihar election, reportedly through its parent Strategic Communication Laboratories, by identifying swing voters.

“Our client achieved a landslide victory, with over 90% of total seats targeted by CA being won,” says the website. The JD(U)-BJP combine was the victorious coalition. Interestingly, the company’s India partner, Ovleno Business Intelligence, is run by Amrish Tyagi, son of JD(U) leader KC Tyagi. When contacted by ET Magazine, Amrish Tyagi declined to comment. Both the Congress and the BJP have denied any ties to CA.

“We have been on social media as long as social media was around and we have always been ethical in our conduct,” says Amit Malviya, head of BJP’s IT Cell. Divya Spandana, who heads the social media team for the Congress, says the party does not engage external agencies. “We only use data with the consent of the individual, emails are subscribed to and WhatsApp is through people who have signed up to receive messages.” The BJP made good use of social media in its 2014 campaign, and Prime Minister Narendra Modi and most of his cabinet are quite active on Twitter.

Facebook, Twitter and WhatsApp will play an even bigger role in the upcoming assembly polls and the 2019 general election, WhatsApp perhaps more so than the other two, given its popularity and user engagement. “What makes WhatsApp worse than Facebook is Facebook knows what’s being sent around (on its platform). If it comes up with a fake news mitigation strategy, it might work. WhatsApp doesn’t know what’s being sent on its platform,” says Abraham.

In his New York Times interview, Zuckerberg said that after the US presidential election, Facebook developed artificial intelligence tools to identify fake accounts and fake news, which were deployed during the French presidential polls in 2017. “This is a massive focus for us to make sure we’re dialed in for not only the 2018 elections in the US, but the Indian elections, the Brazilian elections, and a number of other elections that are going on this year that are really important,” he was quoted as saying. Both government authorities and the Election Commission of India will keep a close watch on how social media is used in poll campaigns.

While things do not look up for Facebook in the immediate future, some think it will get past the issue. Vineet Sehgal, chief marketing officer of Quikr, says while marketers will take a hard look at Facebook, the company will act swiftly to change its policies.

"There is too much at stake." More and more Indians are using social media, in addition to searching for information on the internet, buying things on ecommerce sites, booking app-based cabs, and making payments and transfers on online payment platforms. They will also buy more devices, including wearables and smart speakers, which gather large amounts of data. So naturally, it is imperative that the sanctity of that data become a top priority for tech companies, consumers and the government. "The emphasis of any (data protection) law needs to be protecting people, not data. Our legislators should ask about relationships of all entities with social media and data analytics companies," says Choudhary of Software Freedom Law Center.

For more details visit https://cis-india.org/internet-governance/news/economic-times-g-seetharaman-shephali-bhatt-march-25-2018-data-breach-how-will-the-biggest-scandal-that-facebook-is-mired-in-affect-its-credibility-in-india

PM’s app also susceptible

Admin — 2018-03-27T01:23:36Z

Even the Narendra Modi app of PM Modi is susceptible to data theft as a 22-year old Indian hacker established, claiming that privacy of more than 70 lakh users on it is at stake.

This was published by Free Press Journal on March 25, 2018

Still worse is that anybody downloading the app may not know that all data on his mobile automatically goes to CleverTap without his or her consent to let the firm populate it alike British firm Cambridge Analytica that helped the US President Donald Trump in the last election with the vast data stolen from Facebook.

Congress social media chief Divya Spandana/ Ramya on Saturday retweeted a tweet by one Pranesh Prakash to know whether Law Minister Ravi Shankar Prasad talking of summoning Facebook CEO Mark Zuckerberg will also summon the PM for privacy violation and data theft.

Once you download the Narendra Modi app, all your data like your phone numbers, emails, name, location and interests as also all on your phone list, WhatsApp list and email is captured and then populated to know your interests and send you mails and messages accordingly, Divya explained.

Hacker Javed Khatri, who was able to crack the app late last year says he is able to access private data of any user and that is how he “successfully managed to extract the personal phone numbers and email ids of ministers like Smriti Irani.”

“Not only that, I can make any user on the platform follow any other user on the platform. This is just the summary of this huge security loophole which I want to report. The privacy of more than seven million users is at stake if this gets ignored.” Javed said, stressing that he did not want to cause any harm but wanted to demonstrate how poor the security of the app is that he could easily hack it.

For more details visit https://cis-india.org/internet-governance/news/free-press-journal-march-25-2018-pm-app-also-susceptible

Data politics: BJP, Congress in spat over sharing app data without users’ consent

Admin — 2018-04-18T00:51:15Z

Congress took down its WithINC app after facing allegations of sharing user data, a day after it accused BJP of doing the same with the NaMo app.

The article by Komal Gupta was published in Livemint on March 26, 2018. Pranesh Prakash was quoted.

An app war has broken out between the Congress party and the ruling Bharatiya Janata Party (BJP)—appropriately on Twitter.

Fought in the shadow of the global storm on data leaks from Facebook and Cambridge Analytica, the two Indian parties accused each other of sharing user data with third parties collected without the users’ consent.

The Congress on Monday took down its app—WithINC —after facing allegations of sharing user data with servers in Singapore. However, the party has claimed it was forced to remove the app as the wrong URL was being circulated and people were being misled.

Congress president Rahul Gandhi took to Twitter after an anonymous French security expert claimed that Prime Minister Narendra Modi’s NaMo app was sending user data to a third-party website without user consent.

“Modi misusing PM position to build personal database with data on millions of Indians via the NaMo App promoted by Govt. If as PM he wants to use tech to communicate with India, no problem. But use the official PMO APP for it. This data belongs to India, not Modi,” Gandhi tweeted on Monday.

WithINC is the official app of the Congress to allow users to connect with the party through regular updates from various social media and news channels. “It also allows you to apply for membership of the INC by completing all steps of the INC membership process,” a descriptor on Google Play Store says.

Information and broadcasting minister Smriti Irani on Monday tweeted, “Now that we’re talking tech, would you care to answer Rahul Gandhi ji why Congress sends data to Singapore Servers which can be accessed by any Tom, Dick and Analytica?”

Trashing BJP’s allegations, Congress’ social media head Divya Spandana claimed that the membership page on the Congress app had been defunct for a while. “We don’t collect any personal data through the INC app. We discontinued it a long time ago. It was being used only for social media updates. We collect data for membership and this is through our website, this is encrypted,” Spandana tweeted on Monday.

The NaMo app is designed to ensure that users do not have access to any data other than their own, a government official said on Sunday, requesting anonymity. Data entered by any user is used for analytics using third-party service, similar to Google Analytics, said the official.

“Apps ought to request the minimum of a phone’s functionality. They should evaluate the data they need, collect as little as needed, and clearly state what use they will make of the data,” said Pranesh Prakash, policy director at think tank Centre for Internet and Society.

“The Narendra Modi app, quite famously, provided unrestricted access to the personal data of more than 5 million users,” Prakash added.

For more details visit https://cis-india.org/internet-governance/news/livemint-komal-gupta-march-26-2018-data-politics-bjp-congress-in-spat-over-sharing-app-data-without-users-consent