The biggest threat Sprinklr deal poses to the state is that it can be a tool for social surveillance. This is not one of the less important aspects of all the issues linked with the deal. In fact, it is a key one. As an IT professional, I think the project itself lacks basic logic. The manner in which this company was handpicked and awarded the contract raises eyebrows. According to the government, a generic model of Sprinklr’s product is being used by the state. This product is a social media management service. What they do is that they evaluate the chats on social media, in the public domain, aggregate it and transfer the data to a server where they do a random search based on certain keywords. Based on the analysis of the conversations centred around the brand, they classify it as negative and positive sentiments.
Now, the government must explain how this product is helping the fight against Covid-19 in the state. Besides, it should be revealed how the data provided by the company has helped in this mission so far. I believe the output we have got from Sprinklr is zero and I am not talking about the value of the data here.
The government have been giving sensitive data to the platform and in the statement submitted before the high court, the government stated that the work done until now involved testing the feasibility of the platform in the event of an eventuality. The testing of the product is usually done by the company using pseudo values but not with actual sensitive data. This defies all logic.
The safety aspect can be understood from a statement issued by the company. They do not keep the data of children under the age of 13 because of Children’s Online Privacy Protection Act (COPPA). They do not store the data because their systems are vulnerable. How is the health data from the state safe in such a system? Moreover, kids fall under the vulnerable group in the Covid-19 scenario.
Sprinklr has specifically stated that they don’t have the Health Insurance Portability and Accountability Act (HIPAA) compliance certificate either. In the US, firms which are HIPAA compliant alone have the mandate to handle health data. Sprinklr does not have the certificate since they don’t deal with such sensitive data. And they are confirming that they have no experience of handling such sensitive data. More crucially, it shows that neither does the company have a secure system to do so. The government is giving them data without understanding the nature of the product and that too surreptitiously.
The government is reportedly relying on Sprinklr for data to reverse quarantine people. However, the government already has a software which can be used for the same purpose. Despite this, the government went ahead with the Sprinklr deal.
The government is saying it began supplying data to the company from March 26 following a decision made on March 15. The contract was awarded on April 2. There was a huge time gap here and it could have been used to approach the various secretaries. But this was not done. Now, the IT secretary has been made a scapegoat for the government’s failings. I also have serious reservations about the committee formed to look into the issue. I don’t believe there will be an independent probe.
As told to Gopika I S