Fraud Management & Cybercrime , Identity Governance & Administration , Social Engineering
Are Facebook's Election-Related Moves in India Meaningful?Security Practitioners Weigh In on Actions of Social Media Giant
Facebook has taken several moves aimed at minimizing misuse of social media during the 2019 elections in India.
See Also: Live Webinar | Breaking Down Security Challenges so Your Day Doesn’t Start at 3pm
But are the actions merely a marketing maneuver, or could they have a real impact?
The U.S. social media giant has introduced a "cyber threats crisis" email hotline for politicians and political parties in India.
Political parties as well as the Computer Emergency Response Team, CERT-IN, can use the hotlink, email@example.com, in the event of cyber interference, including suspected hacks.
Facebook also released a "cyber hygiene guide" for political accounts, according to a report in Times of India. This includes best practices for politicians and political parties on how to keep Facebook pages and accounts secure.
Facebook's moves seem more of an effort to win back lost trust rather than addressing the issue of data privacy and misuse.
Several practitioners and cyber law experts tell Information Security Media Group that the move of coming out with a guide will have little impact. "I don't understand the purpose of coming out with a cyber hygiene guide for political parties. The guidelines issued in there are basic and something known to most people," says Vicky Shah, advocate, cyber law and data protection.
As for the hotline it's a wait and watch game. There are several such hotlines in India but only a few of these get actually used.
What the Guide Says
Let's take a close look at the cyber hygiene guide. It says: "The pages belonging to political figures and institutions are often administered by more than one person and therefore more than one Facebook account. That's why everyone involved should be aware of the importance of ensuring the security of their personal accounts. All security and privacy options should be activated for each administrator of a political account."
The guide has sections on password protection, two-factor authentication, as well as how to avoid falling victim to phishing attacks, plus safety tips for protecting an account.
"At times, a few sophisticated bad actors will seek to target high-profile political figures and those connected to them to undermine democratic discourse online," a note attached to the guide says. "This cybersecurity guide provides best practices for politicians and political parties on how to keep your Facebook pages and Facebook accounts secure. We are also making available to politicians and political parties in India a special Cyber Threats Crisis Email Line for compromised Facebook pages and accounts. These efforts are part of Facebook's broader Indian Election Integrity Initiative."
Guide Comes Up Short
While coming out with a cyber guide is a good idea, the guide fails to outline concrete measures for ensuring data doesn't get misused by political parties - which is what India really needs.
Political parties in India use data of millions of users to target potential voters and change their political opinions, much like what Cambridge Analytica did in the last presidential election in the U.S.
"I do not see anything special about this [guide]. This is like advertorials in newspapers," says Na. Vijayashankar, a cyber law expert. "The controversy over Cambridge Analytica was about unauthorized profiling of Facebook users, and I don't see any steps in that direction."
Furthermore, the guide puts responsibility of managing accounts solely on administrators.
"In an unregulated setup, the admins are just responsible for [overseeing] the content. They aren't really mandated to remove abusive posts," Shah says. "In this particular case, Facebook wants admins to take over that responsibility. "The guide is more of dos and don'ts of an admin rather than anything concrete. Personally, I don't understand the purpose of coming out with it."
The cyber guide for politicians, indeed, looks like a marketing gimmick with no concrete purpose.
Elections Integrity Move
Facebook is also working on an elections integrity microsite, the company's public policy director for India and South and Central Asia, Ankhi Das, told the Times of India.
"We are also in the process of building our elections integrity microsite where we will be putting out dynamic updates to what we are doing in terms of education, enforcement, and what we are doing with fact-checking partners," she says. Content reported as fake news is downranked on the social network to prevent it from going viral, Das says.
"The entire purpose of ad transparency is disclosure," Das told the Times of India. "So if you're running an issue campaign in support of a candidate, and if it's an issue ad, that ad will have to have a disclosure saying who's paid for it. There has to be an assignment of interest and that will help you say that well, this surrogate is actually supported by so-and-so."
Other Necessary Steps
This microsite is a welcome move that could help to reduce misinformation by political parties.
But with elections in India round the corner, Facebook must take concrete measures to counter the problem of fake news. This can be done by giving rights to viewers to flag news as fake.
If more people report news as fake, Facebook could escalate it for manual review, and, if appropriate, take action to remove the account.
Facebook also should introduce a system of verified accounts, as on Twitter, to counter account impersonification.