Another Data Theft: Bangalore Firm Sells Voter Data to Karnataka Candidates?

Delhi: A Bangalore-based private firm has been found selling bulk voter data to political candidates in Karnataka, According to a report published by The News Minute. This revelation comes in the wake of the recently concluded state Assembly elections, which saw a fierce battle between the ruling Bharatiya Janata Party (BJP) and the opposition Congress.

The company in question is allegedly selling voter data, including names, addresses, and phone numbers, of registered voters in the state. The company reportedly had data on millions of voters, which it was offering to political parties and candidates for a fee. The data is said to be sourced from various government agencies, as well as private entities, and was being sold without the consent of the voters.

The company reportedly provides login access to potential clients who, upon entering the site and buy information and services of their choice for as little as Rs 25,000, the News Minute report said. 

The Election Commission of India (ECI) officials are investigating whether the company, whose owners have not yet been traced, could have been used to bribe voters by depositing money into their accounts using UPI (Unified Payments Interface).

This is not the first time that such a case has come to light in India or Karnataka. In recent years, there have been several reported instances of companies selling voter data to political parties and candidates, often without the knowledge or consent of the voters. It has raised serious concerns about privacy and data protection in the country.

Earlier, an investigation conducted by IAS officer Amlan Aditya Biswas, a regional commissioner of the Bengaluru division, on behalf of the Election Commission, revealed that a number of officials working for the Bruhat Bengaluru Mahanagara Palike (BBMP) granted illicit and unwarranted privileges to a private trust called Chilume. This included authorising the trust to gather voter data and attempting to obstruct a complaint lodged against it.

The latest incident surfaced after an independent candidate, Raju, alerted the ECI after being approached by the data seller through a phone call. According to the report, Raju told Srinivas, the ECI officer in charge of enforcing the Model Code of Conduct, about the incident. Srinivas tool the matter up with the police and a formal complaint was registered on April 24.

The News Minute said the publication used the login information the private firm provided to Raju to enter the portal and found that its dashboard claimed to have data of 6.50 lakh voters, including 3,45,089 male, 2,93,000 female and 5,630 others.

Sources in the ECI told the news publication that the format of the data provided by the company resembles the data stored on ERONET -- a government portal for ECI’s voter data that can exclusively be accessed only by election officials. This is concerning point. The ERONET stores Form-6 applications used by voters to enrol in the electoral list. It comprises voter details such as their phone number, address and family information.

Sources in the ECI told The News Minute that they suspect that the voter data breach could have been done by an insider or hacking.

The only detail the news publication found about the company is that it was registered in Delhi in April 2023. On entering the portal, according to the news report, a pop-up message comes with a barcode to scan and pay. The message was quoted as stating: “Win this election 2023 by getting your assembly data with all voters' mobile numbers @ Rs.25,000 + 500 (Transaction Charge) only. Send your election manifesto through WhatsApp, voice call & SMS to all voters in your assembly. Above said amount remains as a deposit. Election losers can claim their refund of the deposit after the election rules are made liberal.”

The portal has an ‘Election Day’ dashboard with details of booths, and polled and unpolled votes. The booth-wise data contains details of the number of votes for each booth and provides a breakup. 

The selling of voter data is illegal under Indian law, and the Election Commission of India has strict guidelines in place to prevent such practices. However, it appears that these guidelines are not being enforced effectively, and companies continue to flout the rules with impunity.

The News Minute report has sparked a debate about the need for stronger data protection laws in the country. Many experts have called for the government to take urgent action to protect the privacy of citizens and prevent the misuse of their data. They have also called for stricter enforcement of existing laws and regulations.