ShareMUMBAI: Allegations that Indian Prime Minister Narendra Modi's official mobile application was sending personal user data to a third party without their consent caused a furor on social media in India and drew criticism from the leader of the main opposition party yesterday. Modi's ruling Bharatiya Janata Party denied the allegations and said the data was being used only for analytics to offer all users the "most contextual content".
A security researcher, who has previously highlighted some vulnerabilities in India's national identity card project and who tweets under the pseudonym Elliot Alderson, posted a series of tweets on Saturday stating the app was sending personal user data to a third-party domain that was traced to an American company. The tweets, which come at a time of heightened sensitivity around the alleged misuse of personal data amid the unfolding Facebook-Cambridge Analytica controversy, triggered a stir in India on social media.
"Hi! My name is Narendra Modi. I am India's Prime Minister. When you sign up for my official App, I give all your data to my friends in American companies," wrote opposition Congress Party Chief Rahul Gandhi in a Twitter message yesterday. The BJP quickly responded on Twitter, saying Gandhi was trying to divert attention. The BJP has accused the Congress of engaging Cambridge Analytica in India, a charge the opposition party has denied.
Alderson, who initially pointed out that the Narendra Modi app was sharing data with a third party without the consent of users, earlier yesterday posted a new tweet saying the app had "quietly" updated its privacy policy after his previous tweets. Reuters could not independently verify Alderson's claim. Prime Minister Modi has not commented on the issue. BJP said the app - which has seen about 5 million downloads on the Google Android Play Store - allows users access even in a guest mode that does not require them to grant any permissions. "The permissions required are all ... cause-specific," the BJP tweeted.
Facebook chief Mark Zuckerberg took out full-page ads in nine major British and US newspapers yesterday to apologize for the huge data privacy scandal. "We have a responsibility to protect your information. If we can't we don't deserve it," he said. The ads ran in prominent positions in six British nationals, including the best-selling Mail on Sunday, The Sunday Times and The Observer - which helped break the story - as well as the New York Times, Washington Post and the Wall Street Journal. There was no mention of the British firm accused of using the data, Cambridge Analytica, which worked on US President Donald Trump's 2016 campaign.
Meanwhile, tech news site ZDNet said yesterday it stood by its report that identified a security vulnerability in data-linked to Aadhaar - India's national identity card project, after a semi-government agency that manages the database sought to discredit the report. ZDNet reported that a data leak on a system run by a state-owned utility company could allow access to private information of holders of the biometric "Aadhaar" ID cards, exposing their names, their unique 12-digit identity numbers, and their bank details.
The Unique Identification Authority of India (UIDAI), which manages the Aadhaar program, said "there is no truth in this story," in a statement late on Saturday. ZDNet's global editor-in-chief Larry Dignan said in an email to Reuters yesterday the publication stood by its report. Dignan said they spent weeks compiling evidence and verifying facts. "We spent weeks reaching out to the Indian authorities, specifically UIDAI, to responsibly disclose the security issue, and we heard nothing back - and no action was taken until after we published our story," said Dignan.
UIDAI sought to downplay the report stating that even if the claims in the story were true, it would raise security concerns with the database of the utility company and not with the security of UIDAI's Aadhaar database. UIDAI said it is "contemplating legal action against ZDNet". Multiple researchers and journalists, who have identified loopholes in India's massive national identity card project, say they have been harassed by some government agencies and slapped with criminal cases because of their work.
Aadhaar is a biometric identification card that is becoming integral to the digitization of India's economy, with over 1.1 billion users it is the world's largest such database. Indians have been asked to furnish their Aadhaar numbers for a host of transactions including accessing bank accounts, paying taxes, receiving subsidies, acquiring a mobile number, settling a property deal and registering a marriage. The government's demands for Aadhaar linkage for multiple services is currently being challenged in India's Supreme Court. At the same time, security researchers and journalists have highlighted multiple vulnerabilities and data leaks tied to the program. UIDAI has sought to downplay the reports and last week it said the biometric data was safe from hacking as the storage facility was not connected to the Internet. - Agencies
