Facebook is a nightmare straight from Black Mirror: Episode 2

Episode 2: The Undoing

Last week we saw how the data was leaked and that it was used by SCL and Cambridge Analytica to further their agenda in political circles. Today we will see how the data helps in streamlining campaign planning, the various political impacts CA and SCL had in elections and campaigns; and why Christopher Wylie decided to be the whistle-blower.

How the data is used by CA and SCL?

Now that we know SCL and CA used personal data for over 50 million users, it is also imperative that we understand how that data was used. SCL and CA are companies that pride themselves on successful political campaigns and elections. To be successful in either, it is necessary that you reach out to the most number of people possible. That can be achieved by knowing where your potential votes are coming from – which will in turn give you a better feedback about where to conduct your rallies, what issues to talk about which will resonate the most with people, etc.

So the data collected helps in profiling people (the usual way viz. browser history, location and such others), but also provides the further incentive of finding out the more intimate details through psychological profiling. And this is creepy because once someone knows your profile, it’ll be easier to predict how a person would react to a piece of information.

For instance, imagine you are going out on a date with someone for the first time. To ensure the date goes smoothly, you try to learn something about them – so you check their social media accounts to have a general idea about what they like and dislike. If they have made it clear through photos, videos and posts about how they love Italian food and animated movies, you would probably try to incorporate these items in your date to impress them.

Except that you are Cambridge Analytica, you not only have access to their posts, but also their log in timings, their psychological profile – whether they are open to new activities, their emotional states, etc. AND you also have a software that would predict their next actions to about 75% accuracy. Sounds creepy? That’s because it is.

And this is how SCL and CA have been using your data. They use your data to predict how best to influence you to do their bidding (or in this case, vote for their client). This is done through targeted ads. And these have been very successful campaigns.

Quartz has mapped the global reach of SCL and CA and they have made their presence known in almost all continents (the author discounts taking into account Antarctica as the penguins care more about the melting ice than who will be the next ruler). It writes:

So far, the focus has been on CA’s impact in the US and UK, but SCL Elections claims to have a far larger footprint. According to company documents issued around 2013, which were reviewed by Quartz, SCL has worked in 32 countries across Europe, North and South America, Asia, Africa, and the Caribbean.

Countries where SCL Elections claims to have worked

1. US
2. UK
3. Argentina
4. Colombia
5. Guyana
6. Uruguay
7. Trinidad and Tobago
8. Grenada
9. St Vincent and the Grenadines
10. Saint Lucia
11. St Kitts & Nevis
12. Antigua and Barbuda
13. Cyprus
14. Nigeria
15. Gabon
16. Kenya
17. Zambia
18. South Africa
19. Latvia
20. Lithuania
21. Ukraine
22. Romania
23. Italy
24. Moldova
25. Albania
26. India
27. Pakistan
28. Nepal
29. Thailand
30. Indonesia
31. Philippines
32. Mauritius

Since no confirmed presence is admitted by SCL and CA, many instances of electoral sabotage go unnoticed. African and Asian continent seem to also be dragged into what was initially thought to be a scandal reserved for US and UK. Even Brexit has come under the scanner with the involvement of CA in the Vote Leave propaganda.

Why has it come to light now?

AFP/GETTY IMAGES

All of these facts came into light when the pink-haired, young former Director of Research at Cambridge Analytica went on record to The Guardian about the role Cambridge Analytica has played in influencing campaigns. Wylie describes himself as:

“the gay Canadian vegan who somehow ended up creating Steve Bannon’s psychological warfare mindfuck tool”

He was hired by Alexander Nix and was responsible for the research on the psychological aspects of data collection and information usage. And he agreed to give evidence of their involvement in this cyber warfare for elections to the UK Lawmakers. He appeared before the Digital, Culture, Media and Sport Committee of the British Parliament, and provided relevant documents.

If CA and SCL are the culprits, why blame Facebook?

Since most of the mishandling and misuse of data was done by CA and SCL and its subsidiaries, it is confusing as to why Facebook seems to also be getting the flak for this. Facebook’s official statement is that there was no breach of data, instead, there was “an unauthorised use of data” by Cambridge Analytica.

But Facebook knew about the misuse of information by Kogan by passing the data on to CA, way back in 2015. But it did not take any strong, strict and preventative steps against CA. Instead, it only sent a letter to CA, suspended Kogan’s app. Users were not alerted about the policy violations, and neither was any substantial step taken to secure the information of the 50 million users. Wylie states, “Facebook made zero effort to get the data back.” Moreover, when Wylie was blowing the cover on CA, he got blocked by Facebook.

So, even though Facebook was not directly behind the misuse of data, it is certainly complicit due to its lax security measures and steps when it comes to data protection and limited usage.

In the last part of the series, watch out for the following aspects to this fiasco!

• Which governments are taking action against Facebook, CA and SCL?
• How CA and SCL feature in Indian Politics?

If you want me to add any other aspect that I have not covered either in Episode 1 or 2, let me know through the comments section!

Aadhaar and Privacy: Mutually Exclusive?

 

Since the introduction of Nandan Nilekani’s brainchild in 2009, the Aadhaar Project has garnered much media attention – both positive and negative. From its comparison to the United States’ Social Security Number to questions about privacy and big data, there is still a lot of controversy surrounding Aadhaar and its validity in India. This article gives you a low-down on the current position of the Aadhaar card.

 

Brief Timeline of Aadhaar:

• 2009: Start of the Aadhaar Project
• 2010: The Aadhaar Bill was introduced, but it was rejected due to concerns regarding security and privacy
• 2013: Supreme Court Bench comprising of B.S. Chawla and S.A. Bobde, JJ. issued an interim order which recognised the voluntary and not mandatory nature of Aadhaar. Thus it also ensued that the government cannot deny any service to the citizen if s/he does not possess Aadhaar card.
• 2015: Supreme Court reiterated that the Aadhaar system is not compulsory for citizens to benefit from government schemes and services. It emphasised that the biometric data collected would only be used for criminal investigation with the permission of the court.
• 2016: On March 11th, the NDA Government passed the Aadhaar Act as a money bill, which allowed it to bypass Rajya Sabha – a move which was highly criticised.
• 2017: In August, the verdict of the Supreme Court in K. Puttuswamy v. Union of India came out. A 9 judge bench was constituted and it unanimously ruled that privacy is a constitutionally protected right in India.
• 2018: In January, a 5 Judge bench of the Supreme Court started hearing final arguments in the Aadhaar case.

What are the Privacy Concerns?

One of the main concerns of Aadhaar is the violation of privacy. It has been contended time and again that the collection of data through Aadhar agents is compromised. Sharing of biometric and demographic information for enrollment in a 12-digit ID which will be linked across several government bodies wields a high chance for abuse of power.

Another complicated question that arises is the policy regarding the information shared with various agencies. Will there be agency specific guidelines on what to share, how to share and whom to share it with? Will there be generic blanket policies against data mining? Moreover, the question of consent arises when this information is shared with third parties. Although section 23 provides for written consent every time it is shared with different agencies, how feasible would this be when the consent is taken from illiterate Aadhaar applicants who would not realise the same.

Protections have been set in place for the sensitive personal data. But the exceptions negates the said protection. The information can be revealed in the cases of national security, but as Tathagatha Satpathy rightly pointed out, there is no definition of national security mentioned.

Furthermore, the amount of control that the Government would have on an individual would be equal to the the sort of totalitarian control that Big Brother had in George Orwell’s 1984. This would essentially result in what is known as a Surveillance State.

These are some of the main concerns regarding privacy and security with respect to the Aadhaar system.

Aadhaar v. Social Security Number

A common argument for the implementation of the Aadhaar system is its comparison with the Social Security Number (SSN) in the US. But equating the two is a fallacy as they are different in nature and purpose.

The misconception arises from the belief that both Aadhaar card and SSN are identification numbers. Aadhaar is an identification number which verifies a person’s identity by matching the same with the biometric or demographic information. The SSN on the other hand is a number used for tax claims. It does not collect biometric information, and does not verify an individual’s identity.

Even if the two could be compared in a similar manner, the privacy laws regarding them are completely different. The 2016 Aadhaar Act does not prohibit law enforcement and intelligence agencies from using it search the data. But it has been specifically reiterated by the US government that different identifiers for specific purposes must be used; which reduces the possible risks posed by a single identifier (a concept completely opposite to the underlying principle of Aadhaar).

In addition to this, the US government has passed several laws which protect the SSN data; while India until recently did not even consider privacy as a fundamental right.

(Check out this detailed write-up on the differences between Aadhaar and SSN)

Thus Aadhaar and SSN cannot be grouped together while advocating for the former.

Current Scenario

The government has made it mandatory to link Aadhaar cards with Bank Accounts and Phone Numbers. But in view of the Supreme Court judgment, the deadline has been extended till March 31, 2018. The UIDAI has tried to dispel myths through an FAQ released on January 14, 2018.

Conclusion

As of now, the people seem very suspicious about the applicability or usage of the Aadhaar system. These suspicions, which are reasonable, can be dispelled by either scrapping the entire idea of Aadhaar as a single identifier or by strengthening the laws on privacy and data protection.

Either path awaits the Supreme Court judgment to move ahead. Right now, although many people are registering their details with Aadhaar, the question of its validity remains in limbo.