As Privacy Concerns Now Hit Congress App, Parties Spar Over Data Theft

Both the BJP and the Congress have failed to formulate strong data protection legislation, but that didn’t stop them from taking the high moral ground on digital privacy.

New Delhi: Everything from cartoon character Chhota Bheem to mythological Hindu figures were used to score points as the BJP and Congress continued to spar over issues of privacy, data theft and consumer protection.

It started when anonymous French security researcher, who goes by the moniker Elliot Alderson, posted a series of tweets that fingered how data shared on the Congress Party’s official app was vulnerable to security breaches.

In particular, Alderson pointed how the data generated by the app’s users was sent over a weaker encryption system (HTTP over HTTPs) and also highlighted how the app’s servers were apparently in Singapore, not India.

This set off a series of acrimonious exchanges between the Congress and the BJP on the issue of data ‘theft’, with the opposition doubling down on the privacy issues with the NaMo app, dubbing the prime minister as the “Big Boss who likes to spy on Indians”. The ruling party hit back, saying even “Chhota Bheem” knows it is not snooping.

Information and broadcasting minister Smriti Irani also put out a series of tweets alleging how the Congress app betrayed its users by sending their data abroad.

On its part, the Congress Party has claimed that the app was “dysfunctional” and that for sometime now, all memberships were done through the party’s official website and not the application.

Nevertheless, within hours of the controversy breaking out, the Congress app in the Google Play Store was quietly deleted.

In an interview with The Hindustan Times, the social media chief of Congress, Divya Spandana, noted that membership enrolment on the app had been stopped five months ago.

“The only thing that the app was being used for was to get social media updates – Twitter, Facebook or whatever INC (Indian National Congress) and Rahul Gandhi was posting. In November, we got a brand new website and we got the membership pulled out from the app and transitioned that to the website, which is encrypted. The membership data was being collected only on the website and these data are being stored in our servers, Amazon Cloud Services, which is based out of Mumbai,” Spandana noted.

What the publication didn’t follow up is why any application would be downgraded from HTTPs to HTTP merely because it no longer processed user data. Nor does it explain why the app was taken down.

Even more confusingly, Spandana later notes that BJP leaders and “some journalists started circulated a fake and defunct URL, misleading people into believing there was a breach of data”. This is why, the Congress social media boss notes, the app had to be removed. This, too, is puzzling.

Gandhi versus Irani

Meanwhile, Congress boss Rahul joined the fray. After allegations that data from the prime minister’s official app was shared with foreign firms without the consent of users, Gandhi said the NaMo app secretly recorded audio, video and contacts.

“Modi’s NaMo App secretly records audio, video, contacts of your friends and family and even tracks your location via GPS. He’s the Big Boss who likes to spy on Indians.

“Now he wants data on our children. 13 lakh NCC cadets are being forced to download the APP,” Gandhi said on Twitter using the hashtag “DeleteNaMoApp”.

He also alleged that Modi was misusing his position to build a personal database.

“This data belongs to India, not Modi,” he said on Twitter.

Union minister Irani retorted that Raghul now knows what the NCC is thanks to the NaMo App and that even “Chhota Bheem”, a cartoon character, knows that commonly asked permission on apps do not “tantamount to snooping”.

Congress communications in-charge Randeep Surjewala hit back, tweeting, “Ohh Ms Irani! But Kauravas wouldn’t remember that Bheem represented the righteous Pandavas! Also, those who persecuted Rohith Vemula and denigrate Babasaheb ‘Bhimrao’s’ legacy everyday can only set this level of discourse!”

The Congress alleged that this regime had become a “data leak” government that mocks and flouts the ‘right to privacy’ with brazen impunity and for it “IT means identity theft”.

(With inputs from PTI)