We can't protect our citizens' data

By Nishant Arora It was the perfect photo-op when Prime Minister Narendra Modi hugged Facebook CEO Mark Zuckerberg during a town-hall meeting at the social media giant’s sprawling headquarters at Menlo Park, California, in September 2015. With Facebook now embroiled in a massive data breach controversy, the bonhomie appears to be over, with India warning Zuckerberg of “stringent action”, including summoning him over the “misuse” of data to allegedly influence the country’s electoral process. Zuckerberg has recently said Facebook will ensure that its platform is not misused to influence elections in India and elsewhere, but after witnessing how social media platforms were infiltrated during the 2016 US presidential election and the Brexit vote in the UK, nothing can be predicted at this point of time. While governments the world over are fast formulating new laws that deal with users’ data security and privacy, and the spread of false news, India lags far behind on this front. Is the country prepared in case a huge data security or privacy breach hits its people? According to top cyber law experts, India as a nation has missed the broader point in the ever-changing tech landscape. “The moot point here is: How do we regulate mobile app providers, social media players and intermediaries in terms of handling and processing the users’ data? We don’t have a data protection law in place. We neither have a national law on cyber security nor a national law on privacy,” Pavan Duggal, the nation’s leading cyber law expert, told IANS. The absence of these critical laws has created a very fertile ground for the misuse and unauthorised access of users’ data by the service providers. “On top of it, India has not revisited its stand on intermediaries’ liabilities since 2008. Also, the service providers have been given a great fillip by a judgement of the Supreme court, where the service providers are directed not to take any action till such time they get a court or a government agency order,” Duggal informed. In such a scenario, service providers are using the “Indians’ data with impunity”. “They are transferring them outside the territorial boundaries of the country because we as a nation are sleeping. Once the data goes outside the country, the government loses all control. This has a detrimental impact on the protection and preservation of people’s data privacy and personal privacy,” Duggal stressed. India has to learn from the European Union (EU) when it comes to formulating a legal framework to secure data. The EU has asked businesses and service providers globally to comply with its new privacy law — the General Data Protection Regulation (GDPR) — that comes into force from May 25 this year. The EU GDPR has been designed to harmonise data privacy laws across Europe — to protect and empower all EU citizens’ data privacy and to reshape the way organisations across the region approach data privacy. After four years of debate, the GDPR was finally approved by the EU Parliament on April 14, 2016. Organisations that fail to comply with the new regulation will face hefty fines. Although a white paper on data security has been published by the Indian government for all the stakeholders to deliberate upon, the country is still working on drafting a data protection bill. “India is woefully under-prepared to address issues of data protection and cyber-security. We need a data protection law that protects citizens from misuse of data with strict liability and extremely high statutory damages that must be awarded within a strict period of time,” said Mishi Choudhary, President and Legal Director of New Delhi-based Software Freedom Law Centre (SFLC.in), a not-for-profit organisation. According to Duggal, also a noted Supreme Court lawyer, India should not cut-paste any other country’s law as it has to deal with a different set of problems. “India’s social realities are entirely different. The country has to deal with the huge issue of Aadhaar which is reeling under variety of cyber attacks because we have failed to apply cyber security as an integral part of the Aadhaar architecture,” Duggal told IANS. India’s approach has to be based from its soil and the country must strive for data localisation. “India should not allow its data to be stored outside its boundaries. Service providers must (be made to pay) high penalty if they are found to be misusing the data of Indians irrespective of if they are physically located in the country or not,” Duggal said. (IANS)]]>

Cong-BJP slugfest over Facebook data mining

Here are screenshots of LinkedIn page of Director of Cambridge Analytica’s Indian arm, saying “managed 4 elections successfully for BJP”, “helped achieve mission 272.” @BJP4India: response please? pic.twitter.com/NaxNJJdzzb

— Sreenivasan Jain (@SreenivasanJain) March 21, 2018 Congress leader Randeep Singh Surjewala termed Prasad as a “minister of lies”, and asked the BJP if “Cambridge Analytica was involved in stealing data, then why did it take its services” and “whether an FIR would be registered against CA and OBI”. He said that Information and Broadcasting Minister Smriti Irani “follows” Cambridge Analtytics on Twitter and BJP’s former Information Technology head, who now runs Indian government’s biggest portal (mygov.in), Arvind Gupta had termed CA a “pwerful tool”. Rahul Gandhi accused the Modi government of seeking to divert attention from its past “lies” about 39 Indians killed in Iraq by inventing story of data theft on Congress.
BJP More Familiar With Fake Websites, Says Singhvi

“Problem: 39 Indians dead; Government on the mat, caught lying. Solution: Invent story on Congress and data theft. Result: Media networks bite bait; 39 Indians vanish from radar. Problem solved,” Gandhi said in a tweet. CA’s India partner Oveleno Business Intelligence (OBI) lists the BJP, the Congress and the JD-U as its clients. The India partner is Amrish Tyagi, son of senior JD-U leader K.C. Tyagi. K.C. Tyagi said on Thursday that the company had only “professional links” with the CA and that the government could investigate these links. Prasad questioned the “silence” of Congress President for more than five months over media reports that claimed his party had roped in CA as ‘Brahmastra (ultimate weapon)’ to counter Prime Minister Narendra Narendra Modi in 2019. “The report in this regard was first published on October 9, 2017 and the party maintained silence until I raised the issue on Wednesday. They denied the allegations when they found themselves in trouble after the issue was brought to the fore,” Prasad said at a press conference. “The Congress cannot run away from this fact. If the Congress maintains a conspicuous silence on such an important news of the involvement of a dubious social media company and does not counter it, then I am sorry. They don’t have any right to run the country,” he said. Prasad also claimed that that the Congress took the services of CA in Gujarat Assembly polls. “They used CA in Gujarat and it was clear from the Congress’s pattern of contesting the election,” he said. He refuted Gandhi’s allegation that by raking up CA issue, Modi government was trying to divert public attention from its “lie about the fate of 39 Indians killed in Iraq”. “We expect that Rahul Gandhi would not indulge in politics over deaths. He should respond to the allegations which are of serious nature,” he said. He alleged that the firm had been found involved in data manipulation and warned that any attempt to misuse social media to influence India’s electoral process would not be tolerated. Prasad said the analytics firm was accused of using bribes and sex workers to entrap politicians and stealing data from Facebook. Surjewala said the BJP government has “become a manufacturer of fake news and an epitome of post-truth”. “The business alliance between BJP-JD-U and Cambridge Analytics has now been exposed,” he said, adding that “new fake agenda” is being used to stop the proceedings in Parliament” and Prasad should be named a “lie minister” instead of law minister. “BJP and Modi should repond. Didn’t they take the services of OBI and CA for Mission 272+? This company was used. Didn’t you know they were involved in stealing data?” Surjewala asked. “Didn’t BJP use the services of CA’s Indian arm OBI during its election campaign in four states–Jharkhand, Haryana, Maharashta and Delhi.” The party also asked if it was true that in 2010, during Bihar elections, BJP and JD-U used the services of CA and OBI. The party reiterated that it neither had any connection with Cambridge Analytica nor took its services. Tyagi said JD-U has no links with his s’n Amrish Tyagi’s firm or with Cambrid”e Analytic’. “Neither CA’s directors have ever met (JD-U President) Nitish Kumar nor Nitish Kumar ever m”t CA’s bosses,” Tyagi said. Tyagi, however, admitted that Amrish was ‘verseeing JD-U’s social media campaign during the last Bihar assembly elections. (IANS)]]>