Last month, The New York Times and The Observer exposed British political consulting and data brokerage firm Cambridge Analytica’s breach. A whistleblower confirmed that data of 50 million Facebook users was not just stolen, but was used to manipulate polls, including the 2016 United States presidential elections.
On March 21, Facebook founder and CEO Mark Zuckerberg issued an apology from his account, outlining the timeline of the scandal, admitting the company’s shortcomings in forestalling the breach and maintaining that, “We have a responsibility to protect your data, and if we can’t then we don’t deserve to serve you.”
The apology and vow to bolster security for its users couldn’t prevent a two percent market plunge the day the statement was issued. Facebook has lost over $100 billion in market cap since the scandal erupted to the scene.
The Cambridge Analytica revelations have brought forth two critical debates to Pakistan. First, data security and how lack thereof persists in the country owing to relevant legislation for the digital realm. And second, concerns over voting manipulations in the upcoming general elections.
The fears of electoral tampering have also stemmed from reports of Cambridge Analytica and its affiliates already involved in political data analysis in a wide array of countries from different parts of the world, including Malaysia, Australia, Kenya, Nigeria and Mexico.
Furthermore, the company has said it is pursuing similar involvement in China, with multiple news reports linking India’s Bharatiya Janata Party (BJP) and Congress to doing business with Cambridge Analytica over multiple state elections over the recent years.
A big data breach might have already taken place in Pakistan
Furthermore, multiple news reports that had the same unsubstantiated source said the ruling Pakistan Muslim League-Nawaz (PML-N) was also in touch with Cambridge Analytica – some even claimed that the ruling party had already made use of big data to help it succeed.
While the publication that originally published this report took it down, and some others that cross-posted it did the same, with due apologies issued, enough damage had been done to at least put the issue on the debate burner.
“The fake news around demonising [the] ruling political party was certainly in bad taste, especially knowing how prevalent the culture of false news is you least expect it to come from journalists,” says Nighat Dad, founder and CEO of Digital Rights Foundation.
“That being said, I don’t think we should rule out the possibility of similar incidents happening in Pakistan. The political culture of Pakistan is rich and this is how we should be looking at it. If not Cambridge Analytica, then perhaps some other company is overanalyzing our data for political gains.”
Digital journalist Farhan Janjua says he wouldn’t be surprised if Cambridge Analytica has already met Pakistani politicians and leaders of political parties with their pitches.
“But we shouldn’t give in to hysteria without having full information first. For example, independent analysts are now saying that the photos shared by Christopher Wylie as evidence in support of his claim that Indian Congress party used services of CA don’t prove anything and as Congress confirmed, CA only made a sales pitch,” he says. “The real concern for me is fake news, whether started by CA or our own versions of the same.’’
Nighat Dad even goes as far as saying there’s a chance that a big data breach might have already taken place in Pakistan, considering the lack of digital security and the laws to help users protect their data.
“It’s very unlikely that [data theft for political gains] hasn’t happened here already, or that it isn’t happening now, or that it won’t happen in the future. The only difference is that the incidents in other countries like Malaysia and India have made it to the news and Pakistan’s is still under shadows,” she says.
Last week, Zuckerberg announced that all political ads on Facebook will mention who is funding them in what he described was “a bid to curb outside election interference”.
“With important elections coming up in the US, Mexico, Brazil, India, Pakistan and more countries in the next year, one of my top priorities for 2018 is making sure we support positive discourse and prevent interference in these elections,” Zuckerberg said in an official post on Facebook.
However, cyber security analysts say that at the heart of data manipulation for political campaigns lies theft, with lack of data protection aggravating matters in Pakistan.
“The Facebook data policy agreement clearly says that they have the right to keep the record of the means of communication. But most of us just accept it without reading it,” says Asad Baig, the executive director and founder of Media Matters for Democracy.
“Our data isn’t difficult to extract at all. It can be leaked from something as simple as online shopping or ordering food online. So it’s not just Facebook where our data can be leaked, this is especially true since Pakistan does not have a data protection law.”
Usama Khilji, Director at Bolo Bhi, believes the Election Commission of Pakistan [ECP] should step in.
“Since social media companies can provide access to personal information of users, perhaps we should have regulations regarding this type of advertising under the ECP rules as there are for broadcast and print advertising,” he says.
Despite repeated attempts to reach them, the officials of the Information Technology ministry were not available for comment. One IT ministry official, speaking on condition of anonymity, said that the ministry has been studying the Cambridge Analytica exposé and chalking out a strategy for Pakistan and the data protection of the internet users in Pakistan.
However, rights groups like Media Matters for Democracy and Digital Rights Foundation have been advocating for the importance of data protection for years. They maintain that in the absence of data protection legislation in Pakistan, it becomes hard to expect any security of user data.
“While complete data protection can’t be expected in the world of technology, users can take strong digital security measures to ensure that their data is secure,” Nighat Dad says.
Usama Khilji also urges users to exercise caution in uploading their personal information on social media.
“Many have gotten used to sharing minute personal details on social media, but now we know that companies profit off any personal information they have about us,” he says.
“Checking in to locations, providing access to our applications to several functions of our phones such as contact lists, call logs, and photographs, and bio data such as date of birth and address etc should be absolutely avoided.
“If possible, only using Facebook on our computers and not on our mobile phones would be a good precaution if one wants to avoid data breaches and corporate surveillance.”