Parties pick flaws in other’s app
CONGRESS Says Cong app never shared users’ info with third party NEW DELHI: BJP He says the analytical tool merely studies user behaviour
A slanging match between the Congress and the BJP has erupted over the alleged data leak, with both political parties accusing each other of stealing and sharing personal details of individuals with companies based abroad. Congress’ social media department head Divya Spandana, also popular as Ramya, dismissed the claims that the party collected or shared personal data through the WithINC app. Excerpts:
The BJP has accused the Congress of sharing the users’ personal data to a Singaporebased firm. The ruling party had earlier alleged that the Congress compromised national security by roping in political data analytics firm Cambridge Analytica to run its 2019 election campaign? What do you want to say?
Basically, this Elliot Alderson (a French cyber security researcher) put out a tweet saying that the membership on the INC app is unencrypted and the servers are based in Singapore. The link that he posted is actually a defunct link. We have not had membership on that app for the past five months. Once we removed that membership from the app, there is nothing to be encrypted because we are not collecting any data. The only thing that the app was being used for was to get social media updates – Twitter, Facebook or whatever INC (Indian National Congress) and Rahul Gandhi was posting. In November, we got a brand new website and we got the membership pulled out from the app and transitioned that to the website, which is encrypted. The membership data was being collected only on the website and these data are being stored in our servers, Amazon Cloud Services, which is based out of Mumbai.
Why did you pull down the app from the (Google) Play store?
The BJP and some journalists started circulating the fake and defunct URL and misleading people into believing that there was a breach of data, and (that) we were giving out the information to our friends in Singapore. That is why we had to remove it.
Congress president Rahul Gandhi attacked Prime Minister Narendra Modi calling him the ‘Big Boss who likes to spy on Indians’, and claimed that the NaMo app secretly recorded audio, video and contacts. How do you substantiate that allegation?
The NaMo app seeks 22 permissions. That is ridiculous. You don’t need that much. What are you doing with it? You are sending that data to an American company without the consent of the users. Of course, they have given you the permission but they haven’t given you the permission to share their data. That is the difference between them and us. Our app, our website, everything is made in-house. Our coders are in-house. The data are stored with us. We don’t have any third party entity involved and we are not sharing (the users’ information) with anybody. We explicitly tell the users not to share their passwords. How does the Prime Minister, in his individual capacity, have an application and using our data? The BJP has been caught lying. We have put them on the mat. They wanted to put the blame on us by claiming that we are engaged with Cambridge Analytica, which is rubbish and has backfired on them. Rahul Gandhi is raising pertinent questions to which the BJP has no answers.
Does India need a privacy policy?
If you are online today, it is very easy to track you. India should have a privacy policy. There should be something called consent. Look at the Aadhaar leaks or even leaks on NaMo app.
BJP has rejected the Congress’s allegations that the NaMo app shares user data with third-party vendors. Amit Malviya, who heads the party’s IT cell, told HT that safeguarding data lies at the core of its social media policy. Excerpts:
Congress president Rahul Gandhi has alleged that the NaMo app secretly records audio, video and other data, and even tracks location via GPS. Concerns over data sharing have also been raised by a French security analyst. How do you respond to these allegations?
Rahul Gandhi is a technology dinosaur. He said that connecting MRI machines will bring about a healthcare revolution. Tomorrow, Rahul Gandhi will tweet that the NaMo app is connected to EVM machines, and EVM tampering happens through it. His charges are ridiculous, and not even in the realm of technology. The concerns expressed by the French analyst have been addressed. No data has been shared with any third-party vendor. People have downloaded the NaMo app of their own volition. They can even access it in ‘guest mode’, without giving any permission or sharing data.
Gandhi has also alleged that Modi is misusing his position to build a personal database on billions of Indians via the NaMo app, which is promoted by the government.
He is factually incorrect. The NaMo app is managed by the BJP, not the government. What is wrong if he has unprecedented popularity, and billions follow and interact with him through his app?
You have been quoted as saying that data shared from the app (with a third party) is “contextual and causespecific”, and for analytics. Would you explain to users in what context is sharing of data allowed? How is it different from the data mining and harvesting done by Cambridge Analytica?
No data has been shared with any third-party service. The analytical tool merely studies user behaviour and surfing patterns; it does not have access to user data. For instance, a person who looks up content related to agriculture will get agriculture-related content. Cambridge Analytica was using data surreptitiously; it was stealing user data under a pretext other than political. It manipulated the political understanding of the user, which is illegal and immoral.
On Twitter, you accused the Congress of illegally sharing user data with third parties. You alleged data are stored in Singaporean servers.
These are not mere allegations. They have been substantiated by screenshots of their website and apps that show how data is remitted and stored in Singapore. Their privacy policy is scary. When the Congress says they will share your data with like-minded groups, the implications are grave. It could be anybody from urban Maoists to Bharat Ke Tukde gang.
How do you explain seeking data from the NCC cadets?
There is no compulsion on the cadets to download the app. It is just the fastest and convenient way of connecting with the PM.
Do you have a code of ethics that binds your social media policy? What gatekeeping measures do you put while designing an app?
Our code of conduct is well-defined and available for everybody to see on our website. Being a political party, we don’t dissuade people from joining and engaging. Whether you choose to comment or leave your data behind, we will ensure that it is protected. We have gone to the extent of saying that our vendors are bound by our code of conduct. For instance, if you make an online payment for our monthly journals or request membership, the vendor responsible for the gateway will have to adhere to the party’s code of conduct.
NEWDELHI:The
India has begun to see a war on apps. This entire episode has brought forward to the collective attention of the nation, the significance of regulating mobile applications.
When one looks at the existing law, one finds that India does not have a dedicated legal framework to govern mobile applications. It is correct that mobiles are brought under the ambit of the term ‘communication device’ under the Information Technology Act, 2000. However the entire aspect pertaining to regulating the affairs of mobile application service providers have not been defined or adequately dealt with under the Indian cyber laws. It is correct that mobile app service providers are intermediaries under the Information Technology Act, 2000 and consequently, all intermediaries are mandated to exercise due diligence while they discharge their obligations under the law.
However, the specific parameters of due diligence for mobile apps service providers have not been specifically defined under the Indian Information Technology Act, 2000.
There are no adequate legal provisions to regulate activities of mobiles application service providers. This entire episode needs to be a wake-up call for India to protect the consumers of mobile application service providers, given the fact that India does not have a dedicated law on privacy in this regard.
Typically, any and every mobile application is going to access the data that is on a user’s device. This could include either the media, audio, or any other information available on one’s phone. It really depends from app to app as to what is the specific focus on the data that