New Delhi: Facebook is mired in a controversy over its privacy rules and regulations.
While the social media giant says it is devastated to know that it has been deceived and is channelising all its efforts into ensuring it protects the data of all its users, it is in a difficult situation.
Facebook has put the onus on Cambridge Analytica (CA), a voter profiling company based in London. The firm has been an integral part of US President Donald Trump’s Presidential campaign and is even said to have played a crucial role in Brexit, Britain’s infamous exit from the European Union.
So, what exactly happened with CA and Facebook?
A psychology professor at University of Cambridge, Aleksandr Kogan, was given access to user data on Facebook via his app, ‘thisisyourdgitallife’. The app put itself out on Facebook as an app used by psychologists for predicting a person’s personality. The app was downloaded about 2,70,000 people. Now, these people gave access to the app to see their Facebook data, including the users on the said person’s list.
The concept of permitting an app on Facebook to have access to your data, including your friends list, is something that a user has become used to, and that played well with Krogan’s app too. Soon enough, Kogan had access to over data of 50 million Facebook users, without most of them even agreeing to it. Things got worse when Kogan decided to sell this data to Cambridge Analytica, the team handling Donald Trump’s operations during his Presidential campaign. And soon, it snowballed into the mother of all data breaches, which was brought to the fore by whistleblower Chris Wylie, a former employee at CA.
This unpermitted copying of data is something that many believe the social media giant agreed to. Facebook, however, has a different picture to paint.
“In 2015, we learned that Aleksandr Kogan lied to us and violated our Platform Policies by passing data from an app that was using Facebook Login to SCL/Cambridge Analytica, a firm that does political, government and military work around the globe. He also passed that data to Christopher Wylie of Eunoia Technologies, Inc,” said Paul Grewal, VP and deputy general counsel at Facebook. In a blog post, he further went on to say that there has been no data breach.
“Aleksandr Kogan requested and gained access to information from users who chose to sign up to his app, and everyone involved gave their consent. People knowingly provided their information, no systems were infiltrated, and no passwords or sensitive pieces of information were stolen or hacked,” he wrote.
Even as Facebook struggles to gather momentum to walk out of this mess with its head held high, here in India two of the biggest political parties, the Bharatiya Janata Party and the Congress, accused each other of having used services of CA and its Indian partner Ovelon Business Intelligence (OBI). While OBI’s website has been suspended, it did mention both political parties as clients. CA’s website too mentions BJP as a winning client.
Can India avoid its own CA-Facebook data breach episode?
From the existing laws, experts find it hard to say no. Renowned cyber law advocate Pavan Duggal said as of now there exists now law in the book which could avoid such an episode or take to task those who do this, if and when they do.
“The IT Act is an 18-year-old legislation and the last amendment was done 10 years back. Cyber law provisions need to be revised as the current approach of the Indian law is very narrow,” he said, adding that there were many loopholes in the law that companies could take advantage of.
“As of now we have no law on data localisation which is extremely necessary. It is needed to protect Indian data from unauthorised initiative. There is no law on data protection or privacy. We need a proactive and futuristic vision,” he explained, further saying that the lack of these will only embolden service providers to engage in such adventures.
Cyber activist and founder of digital platform MediaNama Nikhil Pahwa voiced similar concerns.
Most Android apps, he said, ask you to hand out access to your contact list, etc. “The question is do I have the right to give your contact details without asking you?” he said. Once that is done, he added, the said organization or entity will start mapping a person’s behaviour, thus enabling themselves to bucket the person into a certain behavioural pattern.
“From the political perspective, say if a certain party does this. Once they have mapped your behaviour, with regards to your Facebook status or any other information that they have access to, they’ll start feeding you what you want to hear or see. For example, if they see a person having concerns on national security, they’ll use messaging and other types of communication to get to you against the opposition on a topic that you’re worried about - national security,” he explained.
“Laws are needed and I have doubts on the implementation of it. Do we have the capacity to do that?” Pahwa said.
Episodes like this are not far from reality, Duggal added. “In India we think we are very secure and that such episodes happen only in the West. But that’s not true. There is no doubt that episodes like this would have already happened in India and continue to happen in India. We need the political will to tackle this danger,” he said.
Comments
0 comment