In its response, it was said that the government is committed to ensuring an open, safe, trusted and accountable internet for its users and has taken measures to safeguard citizen data from cyber threats. It is astonishing to note that there have been 165 data breaches from 2018-23 as reported by Indian Computer Emergency Response Team (CERT-In) and no investigations have taken place. They have mentioned that there has been no breach of data in the case of Aadhaar card information from the Central Identities Data Repository (CIDR) maintained by the Unique Identification Authority of India. The Ministry of Health and Family Welfare has implemented stringent safety measures for Co-IN App, including OTP authentication for accessing vaccination details, masking sensitive personal information, encrypting the Co-WIN database, and implementing two-factor authentication to prevent unauthorized access, ensuring citizen data protection.

The complete answer can be read here:

Even though the government alleges no breach of Aadhaar card information has occurred, the article published by Livemint states an Aadhar data breach that took place in October 2023.  

The article talks about a report by Resecurity, a US-based cybersecurity firm that claims that personal identifiable information of about 815 million which is 81.5 crore Indians has been leaked on the dark web. Data including names, phone numbers, addresses, Aadhaar, passport information are for sale online. On 9 October, 2023, a threat actor going by the name ‘pwn0001’ posted a thread on Breach Forums brokering access to 815 million “Indian Citizen Aadhaar & Passport” records. The company also added that its HUNTER unit investigators who established contact with the threat actor, learned that they were willing to sell entire Aadhaar and Indian passport database for $80,000.

There is information regarding an alleged data leak on the CoWIN platform as can be accessed here. In this report, it is mentioned that sensitive personal data such as full name, Aadhar number, mobile number and vaccination status of innumerable citizens stored on the CoWIN platform was leaked through a Telegram bot on June 12, 2023. 

The recent parliamentary inquiry by Saket Gokhale regarding data breaches raised concerns about the government’s handling of citizen data security. Despite assurances of safeguarding data and no reported breaches in Aadhaar information, discrepancies arise from recent reports. Livemint has highlighted a potential Aadhaar data breach involving sensitive personal information of millions for sale on the dark web. Additionally, allegations of a CoWIN platform leak in June 2023, compromising citizens’ Aadhaar numbers and vaccination status, add to the growing concerns about data security measures. These incidents underscore the urgent need for thorough investigations, enhanced cybersecurity protocols, and transparent accountability to ensure the protection of citizens’ sensitive data.

The post Parliamentary inquiry unveils 165 data breaches from 2018-23 as reported by CERT-In appeared first on SabrangIndia.

While Facebook has been critical of Cambridge Analytica for misusing user data, it needs to be remembered that the social media behemoth uses similar techniques itself to push advertisements.

The post How Facebook Data is Used to Manipulate People’s Behaviour at Massive Scales appeared first on SabrangIndia.

What happened with Cambridge Analytica wasn’t a breach or a leak. It was a wild violation of academic research ethics. The story is still developing, but a college researcher has now acknowledged that he harvested Facebook users’ data and gave it to another company.

A scholar and his company failed to protect sensitive research data. A university did not do enough to stop him. Regulating Facebook won’t solve these problems.
 

What Kogan did wrong

I am a professor of media and information policy at the Quello Center at Michigan State University, and I was one of the first academics to study the internet. The quality and integrity of digital research is of great concern to me.

I think the Cambridge Analytica-Facebook incident is a total disaster. I just don’t think it’s a government regulatory failure.

Here’s the story, at least what the media has confirmed so far.

Aleksandr Kogan is a Cambridge University data scientist and psychology department lecturer. Outside of the university, Kogan also collected and analyzed Facebook user data – presumably with the knowledge of Facebook – for his company Global Science Research.

Through online surveys, he was reportedly able to gather sensitive personal information on tens of millions of American Facebook users, including demographic data, private messages, information about their friends and possibly even information about the friends of their friends.

Kogan then provided this data to a political consulting firm, Cambridge Analytica. According to the New York Times, the company analyzed that information, aiming to help shape the 2016 Trump campaign’s messages and identify potential Trump voters.

That was never his intent, Kogan said in a March 21 BBC radio interview. He reports being “stunned” that his “perfectly legal” research on the happiness and well-being of Facebook users was deployed as a political tool.
 

What Facebook did wrong

So did Facebook do something wrong, then? In my opinion, not really.

Facebook already has strict guidelines outlining what can and can’t be done with user data, which the researcher appears to have violated by passing the personal data he collected to Cambridge Analytica.

When Facebook launched in 2004, it quickly became a goldmine for social researchers. Suddenly, studies that previously relied only on survey data to gather information about individuals could directly observe how people connected to one another, what they liked, and what bound groups together.

In the early years, the company took an open and experimental attitude toward this kind of data mining, even teaming up with researchers to study how tweaking certain features of individual’s Facebook pages affected voter turnout, say, or impacted their moods.

Those studies, conducted without the informed consent of its participants – Facebook users – were widely criticized by social science researchers. In 2014, Facebook strengthened its existing guidelines on how user data can be gathered, analyzed and used.

Today, the company requires an extensive internal review of every request to extract personal data from users for research purposes.

In other words, Facebook self-regulated.

It may have been lax in enforcing its guidelines, though. The company says that once it learned that Cambridge Analytica had used Kogan’s data set for unauthorized purposes, it insisted that the data be deleted.

According to current press reports, Cambridge Analytica did not comply. For a while, it seems, Facebook did nothing to punish the company.

I believe this fallout from this scandal – including a Federal Trade Commission investigation – will push Facebook to take enforcement much more seriously.

After all, as CEO Mark Zuckerberg said in a March 21 Facebook post, the company “made mistakes” and it “has a responsibility to protect” its users.

Cambridge Analytica’s Facebook account has now been suspended. And under both U.S. and U.K. law, individuals or firms accused of unauthorized disclosure of personal information can face prosecution.

Cambridge Analytica CEO Alexander Nix has been suspended over the Facebook scandal. Henry Nicholls/Reuters

What academia does wrong

For me, what the Cambridge Analytica fiasco exposes is that university ethical review processes are not yet equipped for the digital age.

University researchers are bound by strict ethical guidelines. Across the world – particularly in the U.K., with its strong social research traditions – academics who want to study the attitudes or behavior of private individuals must first pass a stringent review process. They must also obtain explicit, informed consent from those who participate in their research.

It is impossible for me to imagine that an ethics board at the University of Cambridge would have ever approved of Kogan sharing his data with Cambridge Analytica.

Universities around the globe actually encourage faculty to develop entrepreneurial companies, as Kogan did. That helps their research reach beyond campus to foster innovation in business, industry and government.

But the norms and rules that protect participants in academic research – such as not sharing identifiable personal data – do not stop at the door of the university.

Kogan’s exploits show that professors’ outside jobs may raise conflicts of interest and may have escaped the reach of institutional review. This is an area of academic work-for-hire that universities need to review with an eye toward updating how they enforce research ethics.

I’ve briefed institutional review boards at a number of universities, and I can attest that members often don’t understand how the internet has been transforming the way data is created, gathered, analyzed and shared on the internet and social media networks.

Frequently, the authorities who grant professors and students permission to conduct their studies are anchored in the standards of medical research, not modern social science.

Many schools also generally fail to understand how cutting-edge some academic fields have become. Big data and computational analytics is one of the most innovative scientific fields today.

Legitimate, company-approved access to social media user data allows researchers to study some of the most urgent issues of the 21st century, including fake news, political echo chambers and technological trends. So it is not surprising that political campaigns would want to appropriate these research practices.

Until they come up with new rules, I fear universities’ lack of digital savvy will remain a threat to online privacy.
 

William H. Dutton, Professor of Media and Information Policy, Michigan State University

This article was originally published on The Conversation. Read the original article.

The post Regulating Facebook won’t prevent data breaches appeared first on SabrangIndia.