Indian citizen data on Har Ghar Tiranga website raises privacy concerns
A now viral report by Srishti Jaswal published by the international nonprofit journalism organization, Rest of World, quotes digital rights activists saying that the voter outreach programme of the Bharatiya Janata Party
Updated On - 16 September 2022, 03:18 PM
Hyderabad: This Independence Day, when millions of Indians went up on their roofs to fly the tricolour as part of the Central government’s Har Ghar Tiranga programme, were they waving their private data as well from the rooftop for data sharks to gobble up?
A now viral report by Srishti Jaswal published by the international nonprofit journalism organization, Rest of World, quotes digital rights activists saying that the voter outreach programme of the Bharatiya Janata Party, discussed first during the BJP meeting in Hyderabad in July, was actually a scheme in disguise to collect citizens’ data, which could now be misused by private firms looking to commercialise personal data.
The report says after the programme, which whipped up quite a nationalistic frenzy courtesy the aggressive social media campaigns by the BJP’s IT wings, by August 15, nearly 60 million Indian citizens had uploaded their photos with the national flag on the website, https://harghartiranga.com, with about 50 million of them geotagging the locations of their houses with their photos, apart from sharing their phone numbers to register on the portal.
The report says when the idea of the programme was first discussed at the BJP meeting in Hyderabad, BJP leader Vasundhara Raje had said that the party hoped to reach 200 million people through the campaign. On July 6, the Ministry of Culture was appointed as the nodal body for its implementation, and, in the following weeks, the government aggressively publicised the programme, including through changing Indian cellphone caller tunes on August 15 to a message asking people to upload photos, the report says, going on to quote Free Software Movement of India researcher Srinivas Kodali that no country had ever executed such a massive scale of geotagging of its own citizens.
“Previously, some fragmented attempts have been made to geotag citizens with an intention of digital commerce; however, not at this scale with an intention of electioneering,” he says, adding that the photographs, many of which were uploaded along with location information, were still publicly available on the website.
“While the location information is not publicly available, it is retained by the website, which could lead to theft, hacking, and stalking. When siloed information, such as phone numbers, photographs, and location, is processed with other data sets, such as constituency population and voter preferences, it can make citizens vulnerable to ‘geo-propaganda’,” Kodali is quoted saying.
Jaswal’s report also says digital rights organization Internet Freedom Foundation (IFF) has raised concerns over the privacy policy of the Har Ghar Tiranga website, particularly about who owns the submitted data and what it could be used for. The policy says the data collected would be protected ‘within commercially acceptable means’, which however is not defined. Apart from listing advertising partners without names, the policy also suggests that Har Ghar Tiranga’s services and products can be purchased, though nothing is listed for sale.
The website also uses cookies that track the browsing habits of users, Ayushman Kaul, a senior threat intelligence analyst with Logically, a technology company that specializes in analyzing and fighting disinformation, is quoted in the Rest of World report.
“It is a clear indicator that those behind the website seek to harvest additional data from users,” he says, adding that integration of a Google sign-in with the website could also potentially allow the website creators harvest additional personal identifiable information from Indian citizens using the website. By compiling together numerous such metadata and personal indicators, one can eventually create a comprehensive demographic and psychological profile of the entire population.
Interestingly, the report notes, while most Indian government websites are hosted on official servers at nic.in, the Har Ghar Tiranga portal is hosted via Amazon web servers. It quotes an Asian News International (ANI) press release that Tagbin, a private company based in India, Singapore, and Dubai, is behind the website.
It’s unclear where the data collected by the website is stored. The website also shares its IP address with more than 15 other websites, some with country code extensions from other parts of the world, leaving the private data of Indian citizens vulnerable to hacking, it says.
The report also says that though the website states that it does not knowingly collect any personally identifiable information from children under the age of 18, many of the photos uploaded to the portal, all publicly available, show young kids.
Jaswal winds up the report saying that despite the website claiming that once the campaign would be over, all the images and information collected will be deleted, the photographs were still publicly available on the website, a month after Independence Day.