NaMo app secure: Its Congress, not BJP that’s probably selling your data.

The Indian elections are much like a giant circus which travels from one state to the other, promising grandiosity and social upliftment. It seems that with the advent of the internet, the ring master has changed its strategy to pull in more crowds. Gone are those days of rallies and street corners, the new electoral apparatus is much more sophisticated and micro-oriented. This new electoral approach has given a rise to what many term as Virtual Social Engineering. The two main political parties, the Congress and BJP, have been exchanging allegations regarding the usage of the virtual space. Both have accused each other of exploiting netizens by wrongfully collecting their data and micro targeting them so that they can be brought to one side or the other.

Prime Minister Narendra Modi begun his Karnataka campaign in style by accusing the Congress of spreading the scare of a hung-Assembly in Karnataka as the ruling party has “realised it will not return to power” in Karnataka. He talked in detail about how Congress is employing foreign agencies to micro-target users in a bid to further their propaganda.

The discussion about ‘data politics’ originated from, as it often does, the Twitter handles of both parties.  The BJP was accused of using their NaMo app to gather data which Congress claimed that the BJP is sharing with foreign companies. The BJP said the same of the Congress membership website and the app of Rahul Gandhi. Now, before one tries to authenticate these claims it’s important to understand why Data security has become a raging issue in today’s political scene. Most of the voters spend considerable amount of their time online, and over time generate a behavioural pattern, unbeknownst to the user, the website or the app they are using records this pattern and then companies with interests ranging from commercial to political orientation utilize this data to influence that person to meet their objective. It has been described as “strategizing one’s want”. This micro-targeting alters one’s idea about a particular thing, in this case a political party. This approach is subversive and manipulative in nature as it takes away the ability of that individual to make an independent decision on a party’s electoral policies and creates a super-imposed narrative to favour the paying client. This is a clear violation of that individual’s privacy as well because more often than not, the netizen is not aware that his own data is being recorded for purposes of psychological subversion by parties to aid their political objective.

The BJP’s flagship app, NaMO, which came under attack from the Congress for allegedly recording user’s data and then making it available to foreign parties, is actually one of the only such political apps where the user can interact with the app in “Guest Mode”, which entails that the user does not have to share any data to use the said app. The RaGa Office took to Twitter to express their great grievance about this alleged gross misconduct through the NaMo app, only to be refuted by a French security researcher by the name of Baptise Robert.

Robert pointed out in a tweet that the server used for the official Congress app is actually situated in Singapore. A political party which has been in power for over 60 years in India failed to understand the security implications of such an act, and after being exposed they took down their app from Google Store. The NaMo app uses an Indian server, which is located within India and managed by an Indian company “Wiz craft”.

The Congress also has been in cahoots with Cambridge Analytica(CA), the tainted U.K Company. As I have mentioned in one of my previous articles that ex-congressman Shehzad Poonawalla posted the entire 49 page pitch made by Cambridge Analytica to the Congress leadership. CA has been involved in one of the worst privacy breaches in recent history which has affected more than 5 million people. The Congress party with little respect and concern for the citizens of India went ahead with this proposition from the CA.  When exposed by their own party, they refused to comment on the said dealings. It is alleged that the INC has paid an amount which can be anything between 200 – 500 cr Rupees to CA to manipulate Indian voters.

This is not the end of Congress’s online campaign which puts the user’s data at risk, as poll bound Karnataka also faced a similar problem.  Siddaramaiah also had an app namely “Siddaramaiah app” which sent the user data to a privately owned website and on top of that, the data was not even encrypted when it got posted. The entire process was HTTP, where as it should have been HTTPS but then again for people who think of India as an asset and not a democratic republic what else can one expect?  The app sent personal data such as phone numbers to this privately owned website –      http://citizenoutreachapp.in/      the said app outrageously did not even have a privacy policy, and a user who would search for it would find an ‘ERROR 404’ message. The app has since been taken down.

With the lines between the real and virtual being blurred with each passing day and as we spend more and more time online, we must be very vigilant about our data as what Congress has done and continues to do, undermines our privacy and creates hindrance in fair electoral practices. It is laudable that the Prime Minister has taken cognizance of this gross breach of data privacy by the Congress and made the public aware of Congress’s unethical data practices.