11 May 2018

Tackling the digital threat to elections in India

Vinayak Dalmia

Earlier this week, BBC had to issue a clarification that it had not commissioned any pre-poll survey in Karnataka. The reason? A fake survey claiming that the Bharatiya Janata Party would win 135 seats in the forthcoming Karnataka elections has been doing the rounds on WhatsApp—with a BBC link provided for legitimacy. The link, of course, merely leads to BBC’s India home page. This is the latest in a long string of fake news that has plagued the build-up to the elections.

Electoral dirty tricks and propaganda have always been a part of politics. Stalin infamously urged writers to become “engineers of human souls”. What is new is the ease and scale with which technology can compromise our political process. The role social media, with its dopamine highs, played in Brexit and the 2016 US presidential election are the standout examples, but it goes beyond that. The US military has been experimenting with “computational propaganda” in Cuba and the Middle East. The Russians are developing software for information warfare. Then there are drug cartels in Mexico suppressing Twitter debates. Regimes are busy building digital dictatorships—from China’s Citizen Score initiative to Singapore’s “data controlled society”.

This is the evolution of espionage 2.0 with the entire electoral process at risk. Election machinery could be attacked. Data could be stolen, information leaked and systems brought to a standstill. There could be hacks into databases, and cyber attacks on election war rooms and critical Election Commission (EC) infrastructure. This is not fearmongering. To give just two examples, Andrés Sepúlveda is currently serving a prison term in Colombia for manipulating Latin American elections over the past decade. And, in May 2015, Germany discovered a breach of 14 servers in the lower house of its parliament, originating from Russia.

India is not immune to these threats. Prashant Jha, in How BJP Wins: Inside India’s Greatest Election Machine, has written about the social media wars between Indian political parties. And, of course, there are allegations about Cambridge Analytica’s India work. This is not surprising. For India, the battlefield will be digital, and online citizens the newest constituency. 2014 was India’s first social media election with an overall digital spend of Rs400-500 crore and 3-4% of the swing vote online in 24 “internet-active” states. The forthcoming election in Karnataka—one of the more digitally dense states—shows the evolution since and provides a preview of the 2019 general election. Social media has been used extensively in the Karnataka campaign, with a reach that extends to about 58% of the electorate. Little wonder then that a massive Rs100 crore or so has been spent on digital campaigns, as The Ken has reported.

It is not just the electorate that is rendered vulnerable. Political parties in India and the EC are also becoming increasingly reliant on digital telecommunication. Previous attempts to rig elections included kidnappings, assassinations and booth capturing. Technology makes it cleaner and easier. Moreover, the threats of foreign interference increase manifold. Nothing prevents China or Pakistan from trying to hack Indian elections.

What does India need to do? To begin with, for social media, limit the unrestrained export of data. Two, expand the definition of “sensitive personal data” under the proposed B.N. Srikrishna committee on data protection. Three, WhatsApp must be ordered to stop sharing data with its parent Facebook, as has been done in countries such as the UK. Four, work with social media platforms to create reasonable ways to regulate online hate and fake speech while balancing the need to protect freedom of expression. There is also a need to define “hate” and fake” in digital discourse. Five, remove voter registries from the public domain. Six, study the abuse—potential and actual—by technology platforms of their dominant position. India also needs new rules and norms on political advertising and sale of data to third parties.

For cyber risks, firstly, the EC needs to establish a cybersecurity unit and train officers and political staffers in basic cyber hygiene. Secondly, it needs to work towards greater international cooperation with tech companies. Thirdly, domestic law needs to recognize and punish cyber interference in elections. We also need reforms in the Indian Penal Code and IT Act, 2000 to better define a “cyber-crime”.

The internet has opened up unprecedented possibilities in democratic politics. This is both to the good, and, as is increasingly apparent, to the bad. It is difficult to fathom that the same technologies that turbocharged Barack Obama in 2008 and the Arab Spring in 2010 gave birth to the Donald Trump phenomenon and Cambridge Analytica.

To give some perspective on how this trend is likely to accelerate, as much data was produced in 2016 as in the entirety of history before it. And with the growth of the Internet of Things, in about a decade, there will be 150 billion networked sensors doubling the amount of data every 12 hours. Data is not only the new oil, it is the key to the entire kingdom.

Cambridge Analytica is a grim reminder of the perils at the intersection of politics, particularly the democratic variety, and technology. They can and will manifest both within and without, raising fundamental questions about privacy and political choice.

It is an opportune moment, not just to begin cleaning up the current mess but to look ahead to the difficult questions that may arise in the future. Democracy deserves it.

Vinayak Dalmia is an entrepreneur.

No comments: