Rajkamal Rao

We’ve already lost the data privacy battle

Rajkamal Rao | Updated on August 07, 2018

The government knows so much about us — right down to our fingerprint and biometric data — that it is frightening

In June, in Bengaluru, an indebted businessman shot and killed his wife leaving her lying in their home before escaping with his three children, two of whom he had also injured during his rampage.

The parents of the woman, on a routine visit to the victim’s home later, reported the shocking matter to the police. Within a few hours, the fugitive was caught, miles away — and the children were rescued.

The modern surveillance state brings with it enormous powers to find and bring to justice bad actors. In this case, all the police had to do was track the killer’s cell phone signal, which triangulates location with pinpoint accuracy.

Governments around the world have used this benefit as justification to collect enormous amounts of our transactional data. The Indian government knows so much about us — right down to our fingerprint and biometric data — that it is frightening. Every bank transaction is dutifully recorded in a database. If you deposited or withdrew cash exceeding a certain amount, this is noted too. The IRCTC knows where you travel by train and whom you travelled with. TRAI knows the metadata of every phone call or SMS message in the country — whether the call was incoming or outgoing, the call’s duration or the length of the text message.

The metadata doesn’t contain the contents of the call, although, with a warrant, the government can listen in on private conversations as well.

Powerful info

Metadata is powerful information if you know how to dig into it. Patrick Mutchler, of Stanford’s Computer Security Laboratory, created an Android app called MetaPhone to analyse metadata.

He told the PBS Newshour that using publicly available resources such as Google, Yelp and Facebook, his team used machine learning algorithms to analyse harmless metadata of 832 volunteers. Using call volume and frequency, the Mutchler team was able to accurately predict romantic partners, health problems and even financial issues of the volunteers.

But on a daily basis, we leave behind a lot more than metadata. We willingly share our deepest personal secrets for the world to see. We post our family photographs on Facebook, including details about our vacations — so that thieves know that we are away and when we will return.

Because we love to express opinions, we publicly reveal our political, social and religious biases in posts shared with friends. When our friends respond to these posts, we expose their views to all of our other friends. This is exactly how Cambridge Analytica mined Facebook data on nearly 50 million users and their friends, and constructed deep psychological profiles, including how likely they were to vote a particular way.

The Guardian’s Carole Cadwalladr has reported that organisers of the Brexit campaign hired Cambridge Analytica to identify the people most likely to vote for an independent Britain and send them repeated, targeted messages to mobilise support before the referendum right to their news feeds.

Little concern

In India, we care little about data privacy — and government policies actually make matters worse. We willingly go to public computers at internet cafés or at work, key in sensitive information and forget to clear the cache after use.

Many bank and government systems do not permit copy and paste — all ITR forms forbid this most elemental of computer operations — so people have to write down sensitive information like Aadhaar numbers and bank accounts on the most handily piece of paper available to key information in. Later, we leave behind these pieces of paper for others to pick up.

We willingly provide “mail IDs”, mobile phone numbers and even Aadhaar numbers to anyone who asks us for them — without once challenging why the information is needed or how it will be used. We use the same passwords for multiple sites and don’t use two-step passwords for our email and social media accounts.

Worse, we set our Android phones to swipe unlocks but store our sensitive account numbers and passwords in the address book.

We take extreme measures to protect our physical assets — just look at how we lock our suitcases by chains during overnight train trips — but we are careless about how to protect ourselves online leaving a gaping hole waiting to be exploited. As India goes increasingly digital, we really must begin to mend our ways.

The writer is Managing Director, Rao Advisors LLC, Texas.

Published on August 07, 2018

Follow us on Telegram, Facebook, Twitter, Instagram, YouTube and Linkedin. You can also download our Android App or IOS App.

This article is closed for comments.
Please Email the Editor