'Playground Open' for Influencing Elections, Say Cyber Experts

‘Playground Open’ for Influencing Elections, Say Cyber Experts is a news report published in The Week (India) on 2 May 2018, originally reported by ANI. The article reports expert views on the possibility of influencing Indian elections in the absence of a comprehensive data protection law, with comments from cyber experts including Sunil Abraham.

Article Details
Full Text
Context and Background
External Link

Article Details

📰 Published in:: The Week (India)
📅 Date:: 2 May 2018
📄 Type:: News Report
📰 Magazine Link:: Read Online

Full Text

Experts say it is quite possible to influence elections in India

With the Karnataka Assembly elections round the corner, the cyber experts have said that it is quite possible to influence elections in India.

Talking to ANI, cyber expert Sunil Abraham did not rule out the possibility of influencing the voters as India does not have data protection law in place.

He said under the provisions provided by 43 (A) of Indian IT Act, two types of data collection are completely legal: first, the data shared by the user in the public domain and secondly, the data published by the social platforms, like Facebook and Twitter, which was shared by the user for his/her friends.

"Both these types of data are not considered sensitive personal data. Under Indian law, if they are collecting your biometrics, passwords and health information only then they need your consent," Abraham told ANI in an exclusive interview.

Replying a question about the chances of political parties influencing elections, Abraham said, "One cannot answer this question with a clear yes or no. But, the more a political party has in its database about you; the more they can micro-target you for various types of advertising."

He, however, said with the literacy level of Indian internet users, the chances are high that they can be manipulated.

"Once they do this, especially in a country where 30 percent of the public is illiterate and only 10 percent of public knows English and many-many users have just come online, there is a high chance that these users can be manipulated," the cyber expert said.

When asked can it be termed influence, he said, "It will definitely be an influence. Most of the internet users in India have just come online, they don't have media literacy; they have not consumed older technologies like television and broadcast media like radio sufficiently enough so it is easy for these users to get fooled by the content that is propaganda and fake news etcetera."

Abraham said it is unlikely that India will have a data protection law before 2019 general elections, which means the playground is open for people with a clever idea to manipulate voters.

"India is working on data protection laws from last eight years. With the existing laws; all the political parties, social media companies, and search engine optimization companies etcetera can do what they want and they won't get into trouble. So, it is very unlikely that this data protection law is going to be approved by Parliament the 2019 elections. So for the 2019 elections, it is going to be very exciting times because anybody who has any clever idea when it comes to manipulating voters, they will definitely try it. Because, there is no law to stop them from trying those tricks," the cyber expert said.

Replying to another question about India's position in data security, he said, "India is lagging as per the global trend across the world. The European Union's world-class data protection law called 'General Data Protection Regulation' is being followed by all the countries with the exception of the US. About 108 countries have the data protection laws which look similar to the EU's General Data Protection Regulation."

He, however, added, "We shouldn't be upset because making a law in a big country like India takes time. Shri Krishna Committee is going to present the draft of the Indian data protection law and hopefully, within one or two years India will have data protection law."

Another expert Shubhamangala Sunil told ANI that "In India, our data is not secure today. Be it politicians or businesses, they want the database of people. Many data breaches have already happened and they are being used for different propagandas".

She said the union government and state governments should come forward and tell people about data security measures instead of people complaining about the data breach.

She also said India is at least 10 years behind in comparison with the world in the cybersecurity domain.

The comments of the experts have come in the backdrop of recently data breach in the Facebook wherein its CEO Mark Zuckerberg faced US Congress for two days over the data theft. The Facebook-Cambridge Analytica data scandal involves the collection of personally identifiable information of up to 87 million Facebook users and almost certainly a much greater number that Cambridge Analytica began collecting in 2014.

Context and Background

This report appeared ten days before the Karnataka Legislative Assembly elections held on 12 May 2018, and roughly a month after revelations that Cambridge Analytica had harvested data from up to 87 million Facebook users. The timing was significant: Karnataka’s election was widely viewed as a bellwether ahead of the 2019 Lok Sabha polls, and the Cambridge Analytica scandal had raised urgent questions about whether similar techniques could be deployed in Indian electoral contests.

Abraham’s central argument rested on a regulatory gap. Section 43A of the Information Technology Act, 2000, imposed data protection obligations only on corporate entities handling “sensitive personal data or information”—a category defined narrowly to exclude much of the information useful for political micro-targeting. Data shared publicly by users or visible to their social media connections fell outside statutory protections, meaning political actors could harvest and analyse such information without legal constraint or user consent.

The vulnerabilities Sunil Abraham identified were amplified by India’s digital demographics. In 2018, the country was experiencing rapid internet expansion, with millions of first-time users coming online through affordable smartphones and low-cost data plans. Many of these users lacked the media literacy to critically evaluate content, having limited prior exposure to information ecosystems like television or print media. This created conditions where sophisticated disinformation campaigns—leveraging micro-targeted messaging based on harvested data—could prove particularly effective.

Sunil Abraham’s prediction that India would not have data protection legislation before the 2019 elections proved accurate. The Justice BN Srikrishna Committee, established in July 2017 to draft a data protection framework, submitted its report and the Personal Data Protection Bill only in July 2018. The legislative process extended far beyond the 2019 elections, with comprehensive data protection legislation eventually enacted only in 2023 as the Digital Personal Data Protection Act.

The reference to 108 countries having data protection laws similar to the EU’s General Data Protection Regulation (GDPR), which came into force in May 2018, highlighted India’s outlier status amongst major democracies. Whilst the European Union and many other jurisdictions were strengthening privacy protections in response to digital threats, India’s regulatory framework remained anchored in older statutes ill-equipped to address contemporary data practices.

Shubhamangala Sunil’s observation that India was “at least 10 years behind in comparison with the world in the cybersecurity domain” pointed to broader infrastructural and institutional deficits beyond legislation alone—including limited technical capacity in enforcement agencies, inadequate public awareness of digital risks, and insufficient resources devoted to cybersecurity relative to the scale of India’s digital transformation.