The recent revelations of data leaks from Facebook via Cambridge Analytica has caused quite an upset across the world. In some ways, this is a bit surprising. Anyone reasonably concerned about online privacy would have been aware that Facebook (and similar social media platforms) are set up to capture and sell data. It was only a matter of time before their databases would be hacked or leaked in some way – their architectures are extremely vulnerable to such exploits. It’s a bit strange (to me) that many people seem to be waking up to this now.
Nevertheless, a fair amount of global panic did ensue. Facebook has lost a significant amount of its market value, while calls for more regulation and stronger data protection are becoming louder. In India, this has taken an interesting turn. Anand Mahindra, Chairman of the Mahindra Group, a prominent automobile manufacturer, has called for a domestic alternative to Facebook, an Indian social network, “widely owned, professionally managed, and willingly regulated”. Mahindra’s call was enthusiastically retweeted by India’s Information Technology minister Ravi Shankar Prasad, indicating that at least some people in the Indian government view this favourably.
There’s definitely merit to the argument that we need alternatives to Facebook (or more broadly, alternatives to current forms of social media). Over the years, the internet has become far too oligopolised, dominated by walled gardens built by super-large international corporations, operating mostly out of the United States’ west coast, primarily the San Francisco Bay Area. There is a handful of internet corporations – such as Facebook, Alphabet (Google), and Amazon – controlling most of the internet’s revenue streams. Social media in particular, is dominated by Facebook. Such dominance puts far too much market power into too few hands.
However, building an alternative social network would be meaningless if much more fundamental issues are not addressed. The core problem here has less to do with market power or dominance, and more with the architecture of social networks themselves. Internet-based businesses usually rely on advertising to generate revenue. Advertising is dependent on data and analytics to attract customers. In “free” social networks, the very structure of the network is designed against too much data protection, because making data too secure against third parties also means losing key information for advertisers. This is at the heart of the social network crisis today.
Therefore, from a data protection perspective, an alternative social media platform is meaningless if its revenue model remains largely the same, i.e., dependent on extracting personal data in some way. In such a structure, you can be sure that data leaks and hacks similar to the Cambridge Analytica incident will occur here as well. The only real way to ensure social networks don’t become sources for data leaks is to ensure that their incentives and user incentives are aligned.
Let’s consider a narrower case – a domestic social network built mostly for Indians, operating from India. There is one theoretical advantage for such a domestic set-up over its international counterparts. A domestic network for Indians within India will be subject to a single, uniform set of laws within a clear geographical jurisdiction. In practice however, even this advantage is lost given how terrible data protection laws are in this country. While a Right to Privacy is recognised by our courts, the Government of India has had a poor record of recognising citizens’ privacy or defending it. Last year, the Attorney General of India even argued (during the Right to Privacy case) that Indians have no rights over their own bodies. Until privacy laws in India improve, we are actually better off with our data lying in say, servers of mainland Europe, where data protection laws are more organised. There’s a bitter irony here that for all our talk and desire for domestic business, we end up favouring international businesses thanks to our laws.
Governments will naturally favour a domestic social network operating solely under its jurisdiction. There are valid concerns about social networks being used to incite violence or spread hatred and fake news. However, domestic social networks are also easier to control. Again, architecture matters. Even if a benevolent government in in power today, a hostile government in the future can easily force a domestic social network operating only within India to gather personal data for unconstitutional uses. When planning for long-term structures expected to last a decade or more, it’s important to account for the fact that future political regimes may change and so may their ideas of regulation and control.
To summarise, while I don’t reject the idea of a domestic social network, I don’t think it will necessarily solve issues of data protection and privacy, the reasons why an alternative is being discussed in the first place. If we really want to tackle the problem of data protection, what we need to work on are better laws, better implementation of those laws, and better redressal mechanisms.