Ex-Chief Election Commissioner of India
On October 29, social media firm WhatsApp blasted the world — India, in particular — with news that its platform was misused using Pegasus, a spyware sold by Israeli surveillance firm NSO Group, to snoop on over 1,400 people across four continents that included 100 academics, human rights activists, journalists and lawyers. It claimed that Pegasus was secretly installed in the mobile phone of a targeted person through a missed WhatsApp call, adding that the spyware was capable of accessing the person’s call log, photos and emails, among other private data. This revelation was followed by WhatsApp suing the Israeli firm in a US federal court. Without any doubt, the outcome of this lawsuit would be path-breaking. The incident has once again brought to fore the fragility of privacy rights in times of information technology revolution.
It is not the first time that the social media has been in the eye of the cyber storm. It is popularly known that the platform — in particular, Facebook and Twitter, with 2.12 billion and 250.8 million users, respectively — has become a convenient medium for political campaigning for its sheer function of accessibility. In 2018, a scam involving Cambridge Analytica (CA) opened the Pandora’s Box of illegal data breach for political influence. Whistleblower Christopher Wylie revealed that to influence US presidential elections and voting on Brexit, UK-based political strategising company Cambridge Analytica used illegally obtained data of 50 million Facebook users, which was obtained through several quizzes floating on Facebook for viewers’ entertainment. It helped create 30 million profiles of users and sold to politicians without consent. Journalist Mandira Moddie has pointed out that this combination of data can reveal ideological preferences and other personal psychological factors.
While the CA scam allowed one-time analysis of a user’s social media activities, the Pegasus scam enabled surveillance in his/her cell phone. In simpler analogy, the CA scam is a single photograph and Pegasus scam is a live video-streaming of the targeted audience. The consequences of both are grave.
With cyber attacks of such a massive scale, there have been concerns over the security of voters’ data with the Election Commission of India (ECI) and privacy rights of its voters. Electoral rolls consist of publicly available information, like the voter’s name, name of father/spouse, age and address. Political campaigning based on this data has been a regular practice by parties wherein they selectively target households based on their composition, which is a legitimate practice.
However, it needs to be noted that the content shared to influence voters must be legal and ethical and must not disturb communal harmony. The other dataset includes voting information that is secret and not connected to any network or device. However, with the addition of VVPAT, concerns have been raised over its vulnerability to manipulation. The ECI must initiate measures to allay fears regarding this issue.
Even though the electoral data is secure with the ECI, there remains an immediate need for the Indian government to frame a foolproof legislation against data breach. The current legislation — the Information Technology Act (2000) — fails to match up to the technological advancements. The Act only considers password, banking details and information on the person’s sexual orientation and bodily conditions, along with his biometrics as sensitive information. Instead of an objective data protection framework, it instructs the entities owning data to formulate their own security practice to avoid the misuse. Passing the buck won’t do. It is imperative for the country to have a stringent framework to avoid and punish any future illegal transaction of data without the user’s consent.
In terms of surveillance, the legislation dates back to the colonial times: the Indian Telegraph Act (1885). The Act allowed the government and some law enforcement agencies to conduct surveillance in case of threat to public safety or public emergency. Its provisions regarding surveillance were suitably adopted in the Information Technology Act (2000) and the grounds of surveillance under the Act were broadened with amendments in 2008. However, neither of the laws closely covers private agency-led wiretapping.
It would be unfair to not mention the brazen misuse of social media in spreading fake news and propagating hate speeches. With no effective regulation, these two phenomena on social media have also played a role in influencing elections. Ahead of the General Election, as per a survey conducted by Social Media Matters and Institute for Governance, Policies and Politics, over 53 per cent of the respondents claimed that they had received fake news over various social media platforms in the past 30 days due to the elections. It went on to state that approximately one in two persons received fake news via Facebook and WhatsApp.
To cope with the hazard of fake news and hate speech on social media, the ECI, along with the Internet and Mobile Association of India (IAMAI), adopted the Voluntary Code of Ethics which required social media sites to take down posts violating Section 126 of the Representation of the People Act, 1951, within three hours of a complaint by the EC. However, in these times of single-tap forwards, three hours’ action period is an eternity. Underlining the Internet’s tendency to “cause unimaginable disruption to the democratic polity”, the government has stated that it plans to release revised IT Rules (2011) in January 2020. Though this move offers a ray of hope, it would be a tightrope walk to balance individual right to expression and privacy with national security.
With data being the ‘new oil’ and the rapidly growing technological advancements, where a 27.5 per cent increase in social media users is anticipated between 2019 and 2023, the debate about balancing citizens’ rights to privacy and free speech and the demands of national security need to be clinched on a war footing. Social media platforms cannot be allowed to go on without being accountable. We are sitting on a ticking time bomb. Urgency is imperative.