For a long time now, I’ve been bemused by Facebook friends who post results of quizzes or lifestyle questionnaires telling them what colour, fruit, historical figure, or fictional character they resemble. Why would they allow a random company to access photographs and other personal material they have placed on the site? Although not hugely tech savvy, I’ve taken basic steps to protect my privacy online. Following Mark Zuckerberg’s example, I put tape over my laptop camera and only remove it for Skype conversations. I use a VPN and incognito mode frequently while surfing the web, although the VPN slows download speeds considerably. I allow smartphone apps only the basic permissions required to retain functionality. I have resisted the Aadhaar linkages the government’s trying to ram down our throats.
Yet, revelations about the misuse of private data last week left me shaken, and feeling personally vulnerable. The political consulting firm Cambridge Analytica, on the basis of a survey taken by just 270,000 Facebook members, harvested detailed personal information about of a mind-boggling 50 million Facebook members. The data breach showed that being careful about one’s own privacy, a difficult enough job, is far from enough. Just as passive smoking can make one ill, and breakouts of infectious diseases can happen thanks to a few misguided parents refusing to vaccinate their children, one’s personal information can be leaked thanks to the bad habits of friends on a social network.
Mark Zuckerberg, in a note that was some way short of the contrition one expected, informed us that the manner in which the leak occurred had been plugged a while back. He also claimed Cambridge Analytica has breached Facebook’s trust. Yet, since Facebook has taken no action beyond banning the organisation from the site despite knowing about the data breach for over two years, one presumes it has no real power over the manner in which its partners handle information.
The Facebook controversy led to a comical cascade of gaffes in India. First, Ravi Shankar Prasad threatened Facebook with legal action if there was evidence data leaks from the network influenced elections in India. Soon after, the French hacker who goes under the name Elliot Alderson revealed that the Narendra Modi app sent data without consent to a third party outside India. Riled by the media’s silence on the issue, Rahul Gandhi tweeted about it, only for Elliot Alderson to reveal flaws in the Congress party’s own Android app, which was sending unencrypted user data to its servers in Singapore.
These revelations highlight two themes to which I have returned repeatedly in past columns. First, nationalist responses to issues like the Facebook leak are counterproductive. Whether it is the health sector, the consumer goods industry, or the Information Technology space, multinationals and foreign companies, for all their ruthlessness and lack of ethics, function within a sturdier regulatory framework than do Indian firms. The Facebook episode is outrageous, and the company deserves to pay a heavy price for its negligence. But it ought to be followed up in our minds with a question about how Indian apps on our smartphones are operating, in the absence of a national privacy law.
How much information does the Jio app collect from users? Whom does it share that information with? What conditions bind parties which receive data from Reliance Jio? We know precious little about these issues, but I suspect the answers will not be comforting. A small example of how local apps can be more intrusive than international ones: I have denied Uber any permissions aside from location and SMS, but Ola will not function unless it is allowed to use my phone.
Data mining is an essential part of contemporary politics, and nothing Cambridge Analytica did would have been out of the ordinary had the information it used been legitimately gathered. The fact that it helped two causes extremely unpopular within the American and British mainstream media, the election of Donald Trump and the decision of the British public to leave the European Union, has obviously given the story extra juice. But Indians ought to be asking questions relevant to our own situation. Why have more local techies not exposed data breaches in the manner of the prolific Elliot Alderson? Given the number of software engineers we produce, we ought to have a brigade of cyber watchdogs, but appear to have mustered less than a platoon.
A giant Panopticon
Following a frightening list made by web developer Dylan Curran about all that Facebook and Google knew about him, I downloaded my own data files from those two organisations. I could only access one of two Google archives, because the second contained 13 GB worth of personal information, and since I’m travelling (Google knows exactly where I’ve been, where I am right now and, thanks to reservations I’ve made online, where I shall be two days hence), I didn’t have a fast enough connection to download it. Although it was discomfiting to see how much stuff about me was out there, I wasn’t massively worried about what Google or Facebook might do with it. Those with no intention of turning into virtual equivalents of the germophobe recluse Howard Hughes ought to reconcile themselves to the price paid for receiving the benefits offered by email, search engines, maps and social networks. I was far more concerned with what a government might do with that kind of information, and the ability to collect it in real time.
That brings me to my second concern, which is not apps and social networks in themselves, or information used to boost profits, but the interface of these things with intrusive and potentially authoritarian governments. In a past column, I used the metaphor of living in a glass house as a way to describe how we render our lives transparent through smartphones. Meanwhile, authoritarian governments, or authoritarian factions within governments, try to create Panopticons: buildings in which the state can see into our lives, but we cannot see into its functioning. The worst-case scenario is when our individual glass houses become part of a giant Panopticon, with governments using data gleaned from private sources to instil fear, smother dissent, and perpetuate their own power. The past week’s news about Cambridge Analytica and the Narendra Modi app are just two more bricks in the wall of the Panopticon to come.