Cambridge Analytica row: India unhurt by breach but lack of data protection makes it a sitting duck for future attacks

Revelations that Cambridge Analytica used illegally obtained Facebook data to target US voters have created a political storm across the world. However, the present furore over the American data analysis firm interfering in Indian elections using Facebook data is quite misplaced.

Union minister Ravi Shankar Prasad accused the Congress of engaging the controversial firm for the 2017 Gujarat elections and asked whether the Congress intended to win using "data theft and manipulation". The Congress denied the charges vehemently and counter-attacked by pointing to claims made by Cambridge Analytica's Indian partner Ovleno Business Intelligence, that it worked with the BJP in the 2014 general elections and the JD(U)-BJP combine for the 2010 Bihar Assembly elections. Both BJP and JD(U) denied the charges.

The government has now issued a notice to Ovleno asking it to reveal whether it did use Facebook data breach to influence elections in India. The Election commission has reportedly ordered a probe.

Related Articles

How much gold can you purchase with or without Aadhaar, PAN proof?

Digital India: About 88 per cent wage payment under MNREGS done through ABPS in May

However, it would have been impossible for Cambridge Analytica to have used Facebook data in any election in India leading up to and including the 2014 Lok Sabha polls. Because they did not have it then.

According to the testimony of former employee and whistleblower Christopher Wylie, as well as documents obtained by The Guardian and The New York Times, Cambridge Analytica finished harvesting the Facebook data only in late 2014. The first time the data was probably put to use was in the November 2014 North Carolina Senate poll and was paid for by US National Security Adviser designate John Bolton.

Representational image. Reuters

But the prospect of Cambridge Analytica working with any Indian political party is a matter of grave concern. The Indian electoral market has expanded in the last few years and it's only a matter of time before foreign data analysis firms seek entry. While Cambridge Analytica's name stinks right now and the BJP, Congress and JD(U) are falling over each other to distance themselves from the organisation, it's difficult to imagine that Indian political parties would re-refuse its services or of others of its ilk in perpetuity, given the technology they can offer.

In July 2016, Alexander Nix, the currently suspended CEO of Cambridge Analytica, came shopping for clients in New Delhi. The media reported talks with Congress and JD(U), encouraged by Amrish Tyagi, director of Ovleno. This should have rung alarm bells immediately. But not because of the Facebook data breach. Or big data, or voter targeting. The number of Indian users whose Facebook data was harvested is negligible. Big data services for elections are already offered by several Indian campaign management companies like Prasanth Kishor's I-PAC, and some are known to be in talks with Facebook for more targeted political advertising. To understand the new danger that Cambridge Analytica poses, we must turn to its parent company, Strategic Communication Laboratory (SCL).

The real threat of Cambridge Analytica working in Indian elections would come from psychological warfare, psychographics and micro-targeting, all terms long associated with SCL's work. SCL is a British firm that specialises in psy-ops and information warfare. Founded in 1993 by Nigel Oakes, it has been contracted by the US military for anti-Taliban operations in Afghanistan and by the UK government for counter-extremism operations in the Middle East. The Guardian called SCL "effectively a part of the British military establishment".

SCL brought propaganda and disinformation tactics developed by the military to civilian areas: For corporate marketing, brand building and for elections. The aim in all these cases is not to persuade so much as to change the target audience's behaviour using "information dominance". A subsidiary of the SCL group, SCL elections, morphed in 2013 into Cambridge Analytica.

The secret sauce behind Cambridge Analytica was to link voter behavior with their personality traits. This allows them to target ads and messages at voters based on key "triggers" identified by their algorithms. The algorithms were built based on psychographic research done by University of Cambridge scientist Aleksandr Kogan, and the company combined this with artificial intelligence to create a unique data analysis model.

Kogan designed an online personality test which accessed the Facebook profiles of those who took it. The personality test ranked the user's personality on a scale of 5 psychological factors: Openness, Conscientiousness, Extroversion, Agreeableness and Neuroticism. But the app also gave access to profiles of everyone on the quiz takers' lists, without their consent.

Using this unauthorised access, Kogan harvested and psychographically profiled 50 million Facebook users and sold the data illegally to Cambridge Analytica. A total of 320,000 US users took the test, and on average, each user gave it access to 161 of their friends. This should give us an idea of how limited the data breach is, as far as Indian Facebook users are concerned. Even assuming there is one Indian user on the friends' list of every US test taker (a very high estimation), we get a figure of just over 3 lakh users. The real number is likely to be much lower, probably in the thousands.

Fake news dominates Indian social media, and in India's information ecosystem, where there are no institutional checks on fake news, a political party ruthless enough to employ Cambridge Analytica's dark arts can rig the game so completely that it can irrevocably damage the fabric of consensual democracy. The danger for India's electoral integrity comes from the psychographic model for profiling large segments of the population and the micro-targeting capabilities, which Cambridge Analytica has developed.

Whistleblower Christopher Wylie, who helped develop Cambridge Analytica's data analysis model, called it a "psychological warfare tool". The premise of this weapon is that patterns of political behaviour are predicated upon personality traits. For example, the Donald Trump campaign targeted people who scored high on the neuroticism scale with ads about Mexican immigrants taking away jobs. Once can imagine the same thing being done in India targeting Bangladeshi migrants instead of Mexicans. Imagine the power of individually targeted ads exploiting emotional triggers in India with its chequered landscape of caste, religion and community.

The other component of Cambridge Analytica's success is the big data which can fuel its psychographic model. On this count, India is far more vulnerable than Western democracies. The Indian government argued in the Supreme Court last year that citizens have no fundamental right to privacy, a notion that matches with the average Indian's complete lack of regard for data privacy. We Indians hand over our mobile phone numbers, addresses and other personal details to restaurants, shops, online retailers, telemarketing companies and every conceivable commercial entity. The people who take this data have no legal obligation to keep it confidential and can sell it to whoever wants it. Information on individual citizens is routinely sold and bought on the black market. If political parties are willing to pay for it, firms like Cambridge Analytica can easily aggregate such information and build personality profiles of individuals through their consumption and social habits.

As if all this were not enough, we have to add Aadhaar to the equation. The government's efforts to link everything from mobile phones to bank accounts and insurance to Aadhaar, makes it the perfect tool for data aggregation. The case of The Tribune obtaining the entire demographic database set of Aadhaar shows that Aadhaar is a gift-wrapped present for predatory big data entities like Cambridge Analytica.

But things get worse where Aadhaar and big data is concerned. For the US companies contracted by UIDAI to build Aadhaar have a set of strange links to Cambridge Analytica.

As I wrote for Fountain Ink in June, UIDAI gave the contracts to three companies: L-1 identity solutions, Morpho Trust and Accenture. Weeks after UIDAI signed them up, the first two companies merged to form a single corporate entity. The merger was overseen by Chad Sweet, a former CIA officer and co-founder of the Chertoff group, the most powerful intelligence consulting firm in the US. Chad Sweet later worked closely with Cambridge Analytica. Before working for Donald Trump, Cambridge Analytica had taken its Facebook data to the campaign of Ted Cruz, Donald Trump's rival for the presidency. Chad Sweet headed Ted Cruz's campaign, and as campaign chairman, coordinated with Cambridge Analytica to target voters based on their personality. The three companies which processed Aadhaar data, Cambridge Analytica, and the Chertoff group, are all deeply entwined through key personnel, many of whom are former American intelligence or defence officials.

The good news for now is that while no one can confirm whether Cambridge Analytica did indeed pitch to the Congress and JD(U) in July, it seems clear enough that nothing came of it. But in the future, if we are to safeguard free and fair elections, we must learn from the US and the UK and what they are experiencing with Cambridge Analytica and its role in Brexit and Trump's victory. We have to formulate and implement rigorous data protection laws that would make individualised tracking of voter behavior illegal. Right now we are very far away from that goal.