By Aaroosh Jairath:
Ever since social media has come into the picture, there has been a constant fear about the wealth of data that the social media app giants collect and store on their servers.
Recently, there was a massive revelation about Facebook’s mishandling of its user data. The dust had barely settled down when another potentially earthshaking revelation came to light. Read ahead.
The BJP Has A History Of Data Breaches
The BJP has already been at the receiving end of a substantial amount of backlash regarding the security of Aadhaar data during their tenure, with cases of data leaks being regularly reported. But don’t worry, it’s very secure.
In fact, it’s so secure that it’s specially kept behind walls that are 13 feet high and five feet thick. Don’t believe it? But, that’s what Attorney General K K Venugopal presented in his defence of the Aadhaar system in courts.
Needless to say, this didn’t inspire a lot of confidence in the government’s ability to safeguard data that the citizens willingly (kinda, sorta) provided. This recent revelation brought to light the fact that the government was actually unwillingly collecting data from its citizens.
A security researcher who tweets under the pseudonym Elliot Anderson accused the official mobile app of Prime Minister Narendra Modi (downloaded over 5 million times on Android alone) of sending the user data to a US-based company called WizRocket Inc. without the user’s consent.
What Does This App Do?
The app allows party cadres and followers of PM Modi to directly connect with him and the various MPs and MLAs from their constituencies. By creating profiles on the app, users can also earn points and win some special awards for their actions that lend an interactive angle to it.
Through this, even a common worker can now connect to their local MLA or the PM through the New India Connect section. Sounds too good be true?
Well, the ‘catch 22’ was that the user’s data was unwillingly harvested and sent to an analytics company which is headquartered in the US (and not subject to Indian laws), thus removing it from the purview of the Indian judiciary, if anything goes wrong.
How The BJP Sought To Defend Themselves
A day after these claims, the privacy policy on Narendramodi.in, the website associated with the NaMo app, was updated to state that: “Certain information may be shared with third-party services to offer a better user experience.”
Earlier, it stated that: “Your personal information and contact details shall remain confidential and shall not be used for any purpose other than our communication with you.”
In their defence, BJP has said the data was being used only for analytics using third-party service (similar to Google Analytics) to offer users the ‘most contextual content’.
What Do Others Have To Say?
This expose was followed by a scathing attack by the Congress party with the INC President Rahul Gandhi accusing Narendra Modi of being a “Big Boss” for secretly keeping audio records, video, contacts of friends and families and even tracking the location via GPS of the users. He said, “Hi! My name is Narendra Modi. I am India’s Prime Minister. When you sign up for my official app. I give all your data to my friends in American Companies.”
This began a war of words with Amit Malviya, the chief of BJP’s IT operations who hit back, claiming that the Congress were themselves sharing data from their official app to friends in Singapore.
Additionally, Mr Malviya did not respond to a specific question posed to him by various newspapers regarding whether this specific information was shared with a third party without the users’ consent.
The backlash was also met by criticism from over 13 lakh cadets of India’s National Cadet Corps who were asked to install the app and share information like phone numbers and email addresses with the Prime Minister’s Office.
Experts remain critical of the fact that this information can be misused by private companies like Cambridge Analytica which could build voter profiles of volunteers who are active through the Narendra Modi application, and then use these profiles for psychographic targeting during elections – thus negating free choice and acting against democratic interests.
The debate should be centred upon the manner in which these e-governance apps with poor security standards collect our vital data and then do little to none to protect it.
India’s public and private sectors do not have the best of an ‘information security culture’ – and one can be assured that when the government says something is secure, in all likeliness, it’s not.
What’s Next?
One thing to note is the fact that the Congress deleted its official app ‘With INC’ from the Google Play Store, making it unavailable for Android users. The deletion came amid allegations flying thick and fast between the Congress and BJP over potential accusations by Elliot Alderson over security issues with a web page associated with the Congress.
The business models of the new-age social generation, broadly referred to as ‘surveillance capitalism’, is particularly toxic when it is transformed by political parties and government through models like the NaMo app or the Aadhaar.
In the name of ‘state surveillance,’ this model of ‘surveillance capitalism’ is hampering the idea of the right to privacy of a citizen.
It remains to be seen what actions will be undertaken by the judiciary (which has been critical of these data breaches after regular instances) and the government to prevent such mishaps. With the elections planned for the next year, things certainly don’t look good for the ‘Modi Wave’, with their credibility amongst the audience wearing down after such instances.
A version of this post was first published here.