Aadhaar Linkage With Voter IDs: ECI Compromised Privacy of Voters

The National Electoral Roll Purification and Authentication Program (NERPAP) of 2015, an ambitious project initiated by Election Commission of India (ECI), is now proving to be a Pandora’s box. The nature of the blatant and unethical use of Aadhaar and violation of privacy by the ECI – an institution which was meant to protect the identity of voters – is being revealed via a slew of RTIs.

According to the replies to these RTIs, a clean-up drive has led to the linking of over 300 million voters with Aadhaar, which has nationwide implications. The RTIs also point out that the local election commissions in the states – Punjab, united Andhra Pradesh, Gujarat and even parts of Delhi – had access to the parts of

the National Population Register (NPR) database. The impact of the programme is also being widely reported from  Maharashtra, Telangana and even Uttar Pradesh. The project’s aim was to “clean up” India’s electoral rolls using Aadhaar authentication, and to eliminate potential voter fraud by deleting ghost profiles or people who had managed to get more than one voter IDs from the system. A press release from 2015 said that the ECI wanted to achieve draft electoral rolls that were “100% error-free” and “100% multiple-entry free” by August 15, 2015. The process of weeding out the so-called duplicate entries in the voter rolls – by flagging these names for deletion – the joint plan by the ECI and Unique Identification Authority of India (UIDAI) has ended up compromising privacy of millions of Indians. This mess-up has given the agencies the power to toy with the most fundamental right of any citizen in a democracy — the right to vote.

Speaking to Newsclick, Kiran Chandra, general secretary, Free Software Movement of India, said, “Fundamental concern is that the Election Commission, in the ambit of its role, cannot do profiling of its voters. Its role is to ensure free and fair elections. If anything, the ECI is responsible for protecting the identity of the voters. It is pertinent to question then that why the UIDAI was sharing the data with the ECI, given that the UIDAI's credibility has been questioned in the past. How did the ECI manage to seed data of over 300 million voters in barely three months?”

The ECI reportedly employed a host of data-sharing practices. In doing so, it managed to access the parts of the NPR database, which led to the speeding up of the data acquisition process. The ECI, on multiple occasions, has claimed that the process of seeding Aadhaar into the enrollment database was strictly voluntary. This would mean that the voters would have the option of organic seeding – where individuals provide their data on their own, with consent, and link their voter IDs to their Aadhaar themselves. The ECI had set up National Voters’ Service Portal (NVSP), where voters could input their voter ID number, a few demographic details, and their Aadhaar numbers.

Chief Election Commissioner OP Rawat publicly claimed that 320 million voter IDs were linked to Aadhaar during NERPAP in the span of just three months, and that another 545 million Aadhaar numbers would be linked to the remaining voter IDs in six months, if the SC allows it. By May 2015 itself, 130 million voters had reportedly applied for linking – 30 million had “applied online”, while 100 million requests came through “other means”. What exactly were those other means?

Inorganic seeding and its implications

For ‘other’ methods of linking Aadhaar with the voter IDs, the ECI used the controversial DBT Seeding Data Viewer (DSDV) tool – a service that allows third parties to view non-biometric identity data held by the UIDAI. Some of the RTI responses have revealed that the ECI and UIDAI used inorganic seeding which allowed linking of voter IDs with the Aadhaar in bulk.

UIDAI-authorised SRDH then scanned the electoral rolls, and the Aadhaar databases, comparing names, dates of birth and address pin codes to find matching entries in the two databases, and assigned a particular score to the exactness of the match. So, the UIDAI used a set of algorithms to come up with a score to evaluate these matches. For matches that had scores above 50 per cent, the software linked the Aadhaar number and the voter ID; those with scores below 50 per cent were flagged with the status ‘verification needed’. The ECI then embarked on a door-to-door survey to verify these matches. If a house was locked, the ECI officials were supposed to visit the house two more times, paste a sticker asking the voter to reach out to the ECI. In case of no communication whatsoever, the officials would recommend that the voter’s name be struck off the rolls. This process led to the deletion of a huge number of names, as the residents were not available when the verification officers visited.

In Andhra Pradesh – which was not separated from Telangana then – 2.2 million voters were removed from the electoral rolls. ECI officials have admitted that the  software could have played a role in this.

Chandra added, “The implications of the project are far-reaching. Beyond disenfranchisement, the process could also be used to create demographic and psychographic profiles of voters given that Aadhaar numbers are also seeded in databases of various government and private entities and services. This could then be exploited by unscrupulous political parties in tracking and creating voter profiles. The seeding, therefore, raises critical questions on the functioning of the ECI, and its credibility when it comes to protecting data of the voters.”

Speaking to Newsclick, Ranjith Raj from Swecha – an organisation advocating free software – said, “The programme can be possibly deemed as the Cambridge Analytica of India. The only difference is that the governmental authorities are risking, and are getting involved in compromising the privacy of Indians which can further have huge repercussions on our electoral democracy.”

Read more: Some Parts of Aadhaar Judgement Have Deeply Disappointed: Activists

The NERPAP was functional till August 2015, post which, it was curtailed by the Supreme Court, as it was still adjudicating the constitutional validity of Aadhaar.

Post the curtailment, the ECI had to decide what it must do with the millions of printed voter enrollment forms. In order to avoid wasting paper, the ECI suggested that the information filled under the Aadhaar details section will be removed by manually blackening the box. The solution was further met with logistical hurdles. However, since the data was already stored online, there is a possibility that it can be replicated, which increases the vulnerability of the data.

Even if the usability of the scheme is questionable, another attempt is being made to bring the scheme back. On November 27, the Madras High Court will hear a petition asking the ECI to link voter cards to Aadhaar numbers. The ECI has indicated that it will not oppose the petition, paving the way for the revival of the project. If the court prohibits the election regulator from linking voter IDs with Aadhaar, what will happen to over 30 crore IDs that have already been linked? Besides, the concerns about privacy, the security of the data and its potential misuse have still not been addressed.

*This is a developing story.

Read more: What the UIDAI CEO Did Not Say about Aadhaar