The controversy surrounding the UK-based data analysis company Cambridge Analytica’s role in influencing India’s democratic processes is largely being seen from a political prism. Congress and the BJP are leveling charges and counter-charges against each other on hiring Cambridge Analytica and its associated firms for their election campaigning.

Now, the Parliamentary Standing Committee on Information Technology is expected to decide on summoning representatives of the US-based social media company, Facebook, on the issue of data security and privacy. Cambridge Analytica is accused of mining data from Facebook on voters to help political parties woo them.

While this is a disturbing pattern and a threat to India’s sovereignty, we are missing the actual point.

Speaking exclusively to The Voice of Nation, Pavan Duggal, India’s leading authority on cyber law and cyber security, pointed out that the political ramification is just the tip of the iceberg. The danger is far more critical and deeper, and has the potential to affect India’s national security.


On the Cambridge Analytica debate

India is a very fertile concoction, a platform that’s available for service providers across the world. Historically, India comes from a societal value of sharing information. Privacy is non-existent in terms of a legislative approach. The Supreme Court did come up last year with the decision that right to privacy is a part of fundamental rights. However, we still today fail to have a privacy law. We do not have a data protection law. We also don’t have a cyber security law. So when all these three elements mingle, we come across a very fertile ecosystem where a large volume of data generated by people can be used with impunity, and often without permission.

In this perspective, the Cambridge Analytica approach becomes more significant. This particular episode has generated a lot of debate amongst the political parties.


But keeping politics aside, the fact of the matter is that Facebook’s biggest market is India. FB allows access of its data to third party service providers, in this case Cambridge Analytica. Huge volumes of records were accessed, used and potentially worked upon for changing results in electoral processes and campaigns. It was the US elections that were consciously targeted upon.

But now, with the ramifications of such activities, it’s dawned upon the Indian Government that maybe large volumes of Indians’ data could also have been used. That’s why the Government has now woken up and has issued two kinds of notices. One to CA, asking them to come clean and give details and the second to FB as the intermediary under the Information Technology Act, asking them to give details of the nature of specific data breach and the kind of specific Indians involved.

So while the investigations will go on, the ground reality is that India needs to take this as a wakeup call, primarily because if we don’t do our homework rightly, Indian State and general elections are most likely to be targeted. And who knows, the outcome of some of India’s elections could be prejudicially impacted. So, the quicker the Government and the thought leadership wake up to this the better it is.

In the global context, India’s lack of cyber security preparedness is alarming

India is nowhere at the global level in terms of cyber space and cyber security policy and thought making because India has been sleeping while other nations are galloping miles ahead. Let’s take the example of China.

China in the last two years has come up with dramatic, expansive and extremely broad legislations on national security and cyber security. The law on cyber security, which came into effect on June 1, 2017, is extremely broad and has not just propagated but also has been responsible for strengthening the concept of Chinese cyber sovereignty. Further, effective January 1, 2018, China has come up with new monetary and mitigation measures for public internet security threats and what they are currently doing is they are creating a repository of all known cyber security threats which can then become a reference point tomorrow.

Compare that to what’s happening in India, we are hardly doing anything on this cyber front and there is a huge problem. For India, cyber security is a shared turf problem. It’s not clear who cyber security is the baby of. Consequently, it’s been dealt by the Prime Minister’s Office, it’s also handled by the MHA, some portions of it is looked after by the ministry of external affairs while the technical aspects could be looked at by ministry of electronics and information technology.

So in the absence of clear kind of a nodal point for cyber security, we begin to find that as a nation our approaches to cyber security begin to start getting impacted. And these are too huge areas to neglect in these times.

… keep an eye on this space for more on the state of India’s cyber security and the challenges it faces.