DisFact #21: SBI data leak; Indian right-wing claims Twitter is biased

Happy Sunday, readers!

Welcome to DisFact, a weekly newsletter about Indian politics, policy and the economy. I am Samarth Bansal. If you enjoy this newsletter, please forward it to a friend. If you’ve been forwarded the newsletter, here is the signup link. Here is the list of all previous issues.

In today’s issue: two technology stories

  • The State Bank of India exposed sensitive financial data of its customers

  • Is Twitter biased against the Indian right wing?

But first, check out this incredible Twitter thread from Pratik Sinha, co-founder of fact-checking news website AltNews. It is known that the BJP circulates Google Docs with sample tweets (example) among its supporters to trend pro-BJP hashtags on Twitter. Sinha found some of these docs were editable, changed a few words there and voila, he got a Union Minister from the ruling BJP to tweet anti-BJP messages. It is funny and scary at the same time.

State Bank of India forgot that servers need to be password protected

What: The State Bank of India, the country’s largest bank, exposed sensitive financial data of millions of its customers, including bank balance and details of the latest financial transactions, TechCrunch reported

Problem: The bug existed in SBI Quick — a service that allows SBI’s customers “to text the bank, or make a missed call, to retrieve information back by text message about their finances and accounts”.

For example, users send “BAL” to receive their current account balance. The TechCrunch report says that SBI “had not protected the server with a password, allowing anyone who knew where to look to access the data on millions of customers’ information.”

Oh, man: no password on a server where financial transactions of customers are being recorded? That’s just irresponsible. It’s like you put some secret documents in a safe locker but forget to lock it. Sure, you are not announcing to the world that your locker is open, but if someone finds out, your stuff can be stolen. That’s what happened in the SBI case: a security researcher found the unprotected server (open locker) and reported it to TechCrunch.

Why it matters: We don’t know for how long the data was exposed, if someone had accessed it and consequently misused it. But that data could have potentially been used to profile individuals and target those that had high account balances, a researcher told TechCrunch. It also aids identity theft—one of the most routine causes of cyber frauds.

How the authorities responded: The vulnerability was fixed after TechCrunch reported the findings to authorities.

TechCrunch reached out to SBI and India’s National Critical Information Infrastructure Protection Centre, which receives vulnerability reports for the banking sector. The database was secured overnight.

SBI response:

SBI said it has thoroughly investigated the matter after it was brought to the notice. “Our investigation has revealed that our servers are fully protected and there was no breach at all,” the bank tweeted and assured that data of all its customers are safe and secure. (PTI)

What was the impact: It is crucial to differentiate between a data “breach” and data “expose”. Ben Thompson, author of the tech blog Stratechery, explained this in his newsletter (paywall) last October.

A “breach” means that consumer data was accessed by third parties that should not have had access to do it.

To “expose” data is to have made data accessible by third parties that should not have had access to it; however, it does not mean that the data was ever actually accessed.

“Data exposure almost certainly happens far more often than anyone realizes” and “vast majority of exposures never lead to breaches”, Thompson wrote.

In this case, SBI’s data was definitely exposed. But we don’t know if the data was actually breached. Only SBI can know, and they deny any breach.

It is helpful to keep this distinction in mind to analyse the impact of data leak reports. That doesn’t mean we should downplay SBI’s ignorance. The bank should be held accountable for this security lapse.

Is Twitter biased against the Indian right-wing?

What: Twitter was summoned before an Indian parliamentary panel on information technology in reactions to concerns expressed by Indian right-wing users that the platform operates with an anti right-wing bias and censors their speech.

Twitter said the CEO couldn’t make it:

On February 9, Twitter responded that the company’s CEO would not be able to attend the meeting because of the short notice given to him, but that the company was open to finding a more suitable date. This led to outrage in the BJP and the party’s supporters online.

On Monday, the Committee declined to meet officials from Twitter India, and unanimously decided to instead call the CEO Jack Dorsey and his top executives for a hearing on February 25. (Indian Express)

What is the accusation: Read this paragraph from an open letter written by Nupur Sharma, the editor of OpIndia, a right-wing web portal:

We have repeatedly watched in agony as some handles with diverse political views, mostly right-leaning have been suspended willy-nilly for the most asinine reasons. We have watched with disappointment as some genuine abuse was ignored only because it came from the people who perhaps conform ideologically to Twitter’s inherent bias. We have watched as several accounts are ‘shadow-banned’ where the reach of their voice is curbed. (OpIndia)

Sharma says that Twitter is espousing a left ideology while wearing the cloak of neutrality, which she considers a problem.

Read more: An advocate wrote to Home Minister complaining about Twitter’s bias

The root problem: Twitter and other platforms are under constant pressure to clean their platforms, curb abuse and curtail the spread of misinformation. That means platforms have to take a subjective call on what content will stay and what gets removed. Value judgements need to be made. That opens the door of bias accusations. The right wing believes that the so-called efforts to clean the platform is a hoax and more so a proxy to censor their speech, hindering free exchange of ideas.  

Is there really a bias?

Only Twitter knows: In my view, the claims are largely exaggerated in the Indian context. I have not seen any conclusive evidence to back the accusations. To be sure, it is difficult to independently audit and confirm these claims. We don’t know how Twitter’s algorithms work, we don’t know how the content policies are implemented, and the company doesn’t provide adequate explanation about its enforcement decisions.

Not a new claim: The allegations of Twitter’s so-called liberal bias are not new. United States President Donald Trump regularly tweets how Silicon Valley, in general, is biased against conservatives.

One commonly-cited reason: employee bias

In an interview with Recode, Twitter CEO Jack Dorsey candidly admitted that the company has many more left-leaning employees than right-leaners. He even said that conservative (right-wing) employees “don’t feel safe to express their opinions”. That raises questions:

Twitter, YouTube and Facebook have largely tried to avoid any issues of political bias by relying heavily on software algorithms to determine which content is shown to which users. Software algorithms are written by humans, though, which means they likely have biases as well. Now Dorsey is saying conservative Twitter employees don’t feel comfortable speaking up, which leads to questions about how products at companies like Twitter are made and who has input in making them. (Recode)

Forget politics, look at the economics: I think it’s not in Twitter’s business interest to censor right-wing voices.

I largely concur with the view that technology companies should be seen as just another business: “a business, like any other, out for itself and itself alone, and most definitely not changing the world for the better,” as tech journalist Kara Swisher wrote in her latest New York Times column.

Going by that logic—profit is all the matters—it is clear that it is not in Twitter’s best financial best interest to “alienate a large portion of its users”, as Darren Linvill, an associate professor at Clemson University in the US, told Quartz India

Even if Twitter wanted to try to target individual conservative voices in India, I wonder if it is actually in a position to do so. Twitter didn’t report a profitable quarter until the end of 2017, that’s 12 years after its founding. Others have argued that Twitter profits greatly from users’ extremist political views. There may or may not be truth to this, but at a minimum, I don’t think Twitter would view it as being in its financial best interest at this point to alienate a large portion of its users. (Quartz)

What Twitter can do: In November, a colleague and I interviewed Jack Dorsey on his India visit for the Hindustan Times. When we asked him about the left-leaning bias accusations, the Twitter CEO said that “the most important thing Twitter can do to assure that the platform is non-partisan is to be more transparent”

“Every single person in the world has some sort of a bias. We are never going to remove that. But you can approach things with impartiality and we can be transparent about how that works and where mistakes were made.”

Dorsey said that Twitter’s lack of transparency is part of the problem and the company is getting better at it. It doesn’t look so, though.

Say hello!

Comments? Feedback? Suggestions? Write to me at samarthbansal42@gmail.com or hit reply to this email. And if you find this helpful, please spread the word. Thank you!