'

​Cambridge Analytica whistleblower reveals firm's shady dealings in Indian politics

It isn't so surprising that India, with its multitude of political parties, was a perfect place for the UK firm to thrive.

'Tis the season for data leaks and India got its fair share over the past three days. At least three major revelations showed that the private information of Indians, as well as overseas citizens who accessed certain prominent websites, was not secure.

The first concerned a leaky app belonging to India's Prime Minister Narendra Modi with 5 million followers whose private data, according to a French security sleuth, was being funneled to a private US firm. Then it turned out that Congress Party's website, with far less impressive membership, had the exact same problem.

The most significant data bombshell hours ago, however, was from Cambridge Analytica whistleblower Christopher Wylie, who revealed the oldest political party in India as being a client of his former employers.

"I believe their [Cambridge Analytica] client was Congress," Wylie explicitly told the UK Parliamentary committee for digital, culture, media and sports. Wylie didn't remember exactly which elections the UK firm had helped out on, "But I know that they have done all kinds of projects. I don't remember any national project but they have definitely done regional," he said, adding that he could unearth documents to substantiate his testimony when necessary. Congress has denied any knowledge of dealings with Cambridge Analytica.

Another macabre Indian connection was disclosed by IT expert Paul-Olivier Dehaye, who alleged that another Cambridge hand, who happened to be Wylie's predecessor, was apparently playing a double agent -- working for Congress but also "getting paid by an Indian billionaire who actually wanted Congress to lose". This operative was later murdered in Kenya, said Dehaye.

By contrast, the revelation on Sunday by French security researcher Robert Baptiste (who goes by the handle Elliot Alderson) seems far less sensational. Baptiste showed that Modi's official Android app was forwarding personal user data -- device info (OS, network type, carrier) and personal data (email, photo, gender, name) -- to a domain name (http://in.wzrkt.com) traced to the US company CleverTap. Modi's party has said that the data was being used merely in order to furnish contextual content.

The discovery produced a field day of insults. First, Congress President Rahul Gandhi called Modi the "big boss who likes to spy on Indians" to which, in return, Gandhi was labelled "technologically illiterate" by the BJP. And then, almost like a piece of satire, it turned out that surprise of all surprises, the Congress app suffered from the same malady. Right after that announcement, the app disappeared from Google Play Store.

Baptiste has been a busy bee in India. Just two weeks ago he uncovered a major leak in the country's much touted Universal Identification program -- which ZDNet wrote about a few days ago where biometric data and Aadhaar card scans of people were openly available. Between shoddy technology and oversight of private data, to cut-throat politics in a staggeringly diverse country with innumerable political parties, and the largest smartphone market in the world, India is going to keep data miners busy for a lifetime.

Related Stories: