On the 11th of August, the SLPP announced that its candidate for the upcoming Presidential Election would be Gotabaya Rajapakse. The news was met with the expected mixed criticism and hilarious website fails. But as the news cycle focused on this story, another story of the SLPP was quickly forgotten. The party had recently launched an app called V Can, which raised concerns around data privacy. A worrying concern after someone launched a cyberattack against it.
A not so historic privacy mess
Namal Rajapakse originally announced the app with a Linkedin post. From this post, we learned that the app was used by SLPP party officials. This e-canvassing app was utilized by them they traveled house to house campaigning for the party. He went onto state, “The V Can app will be one of the first steps towards digitalizing Sri Lanka.”
Ignoring the grammatical errors (digitalizing isn’t a word) the post goes onto describe this as a “historic” feat by the SLPP before criticizing the UNP government for not doing more towards digitizing Sri Lanka. Yet, it wasn’t long after the app landed on the Play Store that it was criticized for its lack of data privacy protection.
The main point of criticism is that the app had asked its users for a lot of personal information, including their NIC numbers. Further, the app also asks for a bunch of intrusive permissions such as location, access to storage, etc. Of course, the app doesn’t necessarily need all that information.
Strip away the political marketing jargon and what you have is a very simple survey app. So is it really necessary for the app to ask such information? We’re confident it’d work just fine with a username, a password, and a few textboxes. But this is sadly nothing new. The V Can app is merely the latest example of how poorly Sri Lanka is tackling data privacy and protection.
Making a mess with our data
Over the past year, we’ve seen tech giants like Google and Facebook face very public government inquiries on how they handle data. Of course, the vast majority of the questions asked by the people doing the inquiry were stupid. Nonetheless, the inquiries ensured the conversation of protecting your data didn’t end.
Granted, we’re still not done since we’ve yet to find a solution. But by continuing this conversation, we’ve seen tech companies pay hefty fines for failing to keep personal data safe. The rest of the world is learning to protect its data. But here in Sri Lanka, our lawmakers have yet to fully understand the importance of data privacy and protection.
To be fair, it’s not just the SLPP with its V-Can app. When Ajith Perera – Minister of Digital Infrastructure and Information Technology, who is a member of the UNP, took office, he announced that the current government would create a population registry. He went onto describe it as the “Mother of all databases.”
In other words, every bit of data the government has on every citizen would be stored in one single central database. The minister went onto state that this would help government departments share data and get things done faster. At first glance, that’s music to everyone’s ears because we’ve all wasted years inside government offices trying to get things done.
Of course, that included any criminals as well. The data of every single person in a country, conveniently stored in a single database. When it’s all in one place, it’s extremely easy for criminals to steal this data. After that, they can use it wreak whatever kinds of havoc they want. It may sound like an unthinkable nightmare. Yet, that’s exactly what happened to the entire adult population of Bulgaria only a few weeks ago.
It’s high time we start thinking of data privacy
As we can see, stupid ideas with your data aren’t restricted to one party. Yet, to its credit, the government has proposed a Data Protection Act. The Ministry of Digital Infrastructure and Information Technology, released this proposed act earlier in June to get public opinions on it. At the time, it required some work but the key lies in the execution. Though we’ve yet to hear updates on it since.
Of course with the Presidential elections coming up, it’s easy for issues like data privacy and protection to be seen as trivial and ignored. Sri Lanka does indeed have a laundry list of issues to deal with. These range from national security to fixing the economy to income inequality to simply figuring out where to dump our garbage. These are serious issues that affect all of us today. Nobody can deny that we need solutions to these issues.
Yet, one can also argue that we saw these issues coming a mile away. There were many vocal critics that stated how it was unnecessary for Sri Lanka to build another port or international airport. Both of which are still empty years after they were built. Yet, these voices were ignored. Similarly, when our leaders saw the first signs of threats to national security, they were simply shrugged off until it was too late.
The sad truth is that many of Sri Lanka’s problems could have been avoided. Yet, for decades we’ve elected leaders with short-term thinking. The only goal for them has been to win the next election. Sadly, we are paying the price for this short- term thinking today. Hardly, any of Sri Lanka’s problems can be fixed with the same line of thinking. It’s high time that we started thinking long-term.
Not just to fix the problems we face today, but also the ones we will face tomorrow like data privacy and protection. Yet, politicians have a poor track record of building apps, knowing how to store your data, or even design a website for themselves. So it’s unlikely we’ll see any politicians proposing any long-term plans to solve any of the issues we face as a country this election season.