Cambridge Analytica response on data breach “cryptic and evasive”, finds government


In its bid to understand the dimensions of Facebook data breach, the Indian government had sought clarifications from Cambridge Analytica (CA), but the response it received was “unsatisfactory, cryptic and evasive”, according to sources. The government has sought further clarifications from CA by May 10

The Ministry of Electronics & Information Technology (MeitY) on March 23, 2018 had sent a notice to CA, seeking response on data breach of Indians. The response was received on April 3, 2018. Sources said the unstated intention of the response was to “conceal more than to reveal.”

Additionally, the government had also sent a notice to Facebook on March 28. Responding to it, Facebook, on April 5, informed that data of estimated 562,455 Indians may have been used in an unauthorised manner by CA through 335 installations of the app developed by GSR and installed by Indians.

Now the government has further asked Facebook about what security architecture is proposed to be created by it, on an urgent basis, so that the data concerning Indians are not pilfered or manipulated again for extraneous purposes including to influence elections.

Government has also asked Facebook what step it would take in case of unauthorised manipulation seeking a reply by May 10.

The ministry has asked CA a slew of questions like what kind of data CA had collected in India concerning Indians? What research instruments had been used on this data? Whether CA had harvested any data through any third party app and whether it directly or indirectly access/possess data from Facebook? Whether, while harvesting such data, either through its own structure or through any of its intermediaries, informed consent has been taken or not?

Tech companies in the Silicon Valley like Facebook assume users know that their data is being sold and obtaining the data for Cambridge Analytica was not against the rules, a researcher with the British political consulting firm has said.

In a first interview after the Facebook data scandal broke out, Aleksandr Kogan, the app developer who gathered the data of nearly 87 million Facebook users, told CBS News on Sunday that he was not sure whether he had ever read Facebook’s developer policy.

“The belief in Silicon Valley and certainly our belief at that point was that the general public must be aware that their data is being sold and shared and used to advertise to them. And nobody cares,” he told the host of “60 Minutes” programme.

In a statement after the “60 Minutes” show, Cambridge Analytica said Kogan and his company made a contractual commitment that the data was compliant with data protection legislation.

Cambridge Analytica said the raw data they received was deleted after Facebook reached out to them, CNET reported.

The MeitY further asked CA whether the data collected by it in the garb of research in India, through its team or business associates “was used for any election related work.”

“CA is requested to share non disclosure agreement templates which were used in signing agreement with Indian agencies and whether they do allow any disclosure of such agreements to the regulator or authority in the country or the court of law,” the government asked, according to sources.