Business

Tip Of The Suckerberg

Cambridge Analytica is a warning sign. And Indians are at risk: the country has no data protection law.

Getting your Trinity Audio player ready...
Tip Of The Suckerberg
info_icon

Psychographics

  • Qualitative methodology to describe consumers’ psychological attributes.
  • Psychographic profile: profiles ­interests, activities, opinions, lifestyle.
  • Does this by looking at consumer behaviour, preferences, web surfing patterns, call records and purchases
  • All this is used to classify people.
  • Companies use profiles for targeted sales and marketing campaigns.
  • Trump presidential campaign used this to ­influence voters.

***

The revelation that Facebook had allowed personal infor­mation from 50 million user ­acc­ounts in the US to be used by British data analytics company Cambridge Analytica shook the world. It took a toll on the stock prices of many companies including Facebook, whose value tanked significantly, and cre­ated a trust deficit in social ­media worldwide. Facebook founder Mark Zuckerberg will face the US Congress next week to answer que­stions about how his social media beh­emoth ­has been sharing the confidential inf­ormation of its ­users for profit.

In India, this has led to a bitter debate and mudslinging between the BJP and the Congress over the latter employing the services of Cambridge Analytica to influence elections. While the slugfest between the two big parties ­continues, this has led to a larger question: how safe is ­personal information and data in the hands of social media companies such as Facebook and WhatsApp? Indians routinely open up their hearts on these sites to share ­information about themselves and their families—do the sites then sell this data to others to man­ipulate buying and, well, voting?

The Facebook problem began in 2014 when a Cambridge researcher, Alexander Kogan, developed an app with a personality quiz called “This is your Digital Life”, which was put up on Facebook. Through this, he collected data from 270,000 users. This then gave him access to data from those users’ friends, and ­ultimately he was able to harvest the data of 50 million people. All this was then given to Cambridge Analytica, who used it to influence Donald Trump’s US Presidential election campaign. The issue here for India is that whistleblower Christopher Wylie, who revealed the nexus between Cambridge Analytica and Facebook, also said that the data analytics company had worked in India with the Congress party. This brings up privacy issues relating to personal data in India and the ability of social media companies to ­potentially misuse such data.

What is of concern is that India currently lacks privacy protection laws and everything is out in the open for firms to misuse. Personal information and data are routinely sold by social media companies, credit card companies and telecom operators. The government has set up a committee led by Justice (retd) B.N. Srikrishna to look into privacy issues; this comm­ittee has prepared a draft report but is yet to submit its final report. At the mom­ent, Section 43A of the IT Act and associated rules serve as India’s primary data protection provisions. Given that Facebook is a foreign company, the app­licability of these provisions to the social media giant is unclear. Says Usha Ramanathan, privacy activist and legal expert, “Most people do not understand the nature of privacy policy. So they sign on everything when signing on to a ­social media app or website. As a result, personal data and information are sold and the user has ­become the product. You are the one being sold and so the service is free. We do not realise that, from being a consumer, we ourselves have become the product for these ­social media sites. Their business is only about using our data.”

Ramanathan explains that a high level of manipulation of data and information takes place through the social media sites, who not only make use of it themselves but also aggregate the data and sell it to others. “When the systems know you even better than you yourself, manipulation becomes inevitable. That is the tragedy of ­technology,” she says.

Amber Sinha, cyber analyst and senior programme manager at the Centre for Internet and Society (CIS) feels that there is a need to look at the various kinds of data one shares while engaging with a social media platform such as Facebook—volunteered data  (data that is ­actively provided by individuals, such as details in a form when they sign up for a service), observed data (behavioural data generated through an individual’s use of the service), and inferred data (which is neither actively nor passively provided by the individual, but arrived at through the analysis of ­collected data).

While individuals are aware of the first category, they are often unable to exercise meaningful control over the second, as it is continually and automatically collected. Observed data also includes the collection of data from other online behaviour of the individual through various tracking tools which are dep­loyed on the browser. Further, the third category is often outside the scope of regulation, as it is not directly collected from the user but is inf­erred by the controller based on other data collected. This loophole must be closed by regulation to cover data use as well as collection practices.

Just as there is no privacy for personal data, there is also no privacy for our ­onl­ine activity, which is con­­s­tantly mon­itored by companies such as Facebook and Google. Says K.K. Mookhey, founder and CEO at Global Cyber Security Service Pro­vider, Network Intelligence, “The Facebook model is inh­erently pro­­b­lematic. You and I are the producers and consumers of the content provided by companies like Facebook. Facebook tunes the content according to our habits. What we see on Facebook is according to our choices and general surfing habits. It tracks our general surfing habits on non-Facebook sites, analyses our online behaviour, and then tweaks our content accordingly on Facebook. This is gro­ss manipulation which is automated through algorithms.”

With the data in hand, marketers can choose specific parameters to provide content and do micro-targeting. Cam­bridge Analytica did psychogra­phical mapping of the preferences of voters in the US elections using this kind of data. The company started by looking at und­ecided voters, and kept pushing them tow­ards the Republican Party. According to Elonnai Hickok, COO with CIS, “Personalisation of ­content, be it advertising, news, a product on Amazon or your Facebook feed is a practice that is being used across the board. Per­­­­s­­o­n­alisation happens through algorithms and the data you feed into it. No alg­orithm is perfect and it is possible for manipulation to happen intrinsically. Manipulation of the type that has been attributed to Cam­bridge Analytica is an extension of personalising a message to influence, not buying habits, but larger choices.” Adds Sivarama Krishnan, leader, Cyber Security, with PwC, “There is a clear case of privacy violation from a principle standpoint. It is not a legal violation as users have signed up to it voluntarily. They are manipulating the behaviour of the user by suggesting ­options according to a user’s behaviour and surfing habits. This is what Cambridge Analytica has done. This is a big challenge.”

The public perception of all this is, however, quite different, and most people want their data to be secure. According to a survey done by ­online analytics company Local Circles, 86 per cent of people in a sample survey wanted a law that protected their ­private information and 84 per cent did not want their bank transaction details to be ­accessible after the linkage of Aadhaar and bank acc­ounts, while 75 per cent did not want their call records to be acc­essible after similar linkages. A who­pping 94 per cent wanted companies, particularly banks and telecoms operators, to face a penalty if information is leaked. Says Hic­kok, “Selling of data that allows for personalisation is one of the primary business drivers. Though Facebook all­ows for controlling who sees the data, the company itself has given access to the information as per its business needs. The selling of data does happen around the world on a routine basis. It is important that privacy regulation place a framework around how data can be collected and used, and the redress that individuals can seek if their privacy is violated.”

There is no doubt that there is gross vio­lation of privacy as social media ­companies use and manipulate content for users in order to mould the latter in a particular manner for the sake of ­business. While the European Union is ready to ­introduce the General Data Protection Regulations (GDPR) to ­protect personal information and data from May, India is still a long way from reaching this stage and does not have any legal way at all to safeguard personal data. The country needs to develop GDPR-like rules to  protect its citizens. Until that happens, Big Brothers like Facebook will continue to watch you and will continue to mine Big Data.