While the law ministry okayed the linking, questions are being asked about its legality and the possibility of massive data leak, fraud and theft which can endanger India’s democracy
By MG Devasahayam
The Union Law Ministry is stated to have given the green signal to the Election Commission (EC) to resume linking of Voter ID with Aadhaar. Last August, in a letter addressed to the law secretary, the EC had proposed amendments to the Representation of the People Act, 1950, and the Aadhaar Act, 2016, and powers to collect and use Aadhaar data for “cleaning” the voters’ list as a “back-end exercise”. Linking voter ID with Aadhaar would certainly cleanse the voters’ list but the question is—list of which voters?
Let us look at the background briefly. On September 1, 2019, the EC launched a nationwide electoral verification programme. People were asked to get their voter IDs verified by local EC representatives to avoid invalidation of the cards, either through an online process or offline by submitting their Aadhaar details. The message given out was: “If you fail to get your voter ID card verified with the Aadhaar number during this period, it will become invalidated.” This was intriguing because a similar exercise undertaken in 2015 had to be dropped when a Constitution bench of the Supreme Court ruled that Aadhaar numbers could only be used for accessing welfare services such as subsidised rations from the public distribution system, kerosene and LPG.
In March 2015, the EC had launched the National Electoral Roll Purification and Authentication Program (NERPAP). As the name suggests, its aim was to “clean up” India’s electoral rolls using Aadhaar authentication. Or, in other words, to eliminate potential voter fraud by deleting ghosts or people who had somehow got more than one voter ID from the system. The programme’s goals and deadlines were ambitious: internal EC documents show that it wanted to achieve draft electoral rolls that were “100% error-free” and “100% multiple-entry free”. The extensive coverage of the scheme before it was shut down by the Supreme Court in August 2015 is surprising. By the time the initiative was forcibly shut down, it had collected the Aadhaar numbers of over 300 million voters. The EC publicly claimed that 320 million voter IDs were linked to Aadhaar during NERPAP in the span of just three months and that another 545 million Aadhaar numbers would be linked to the remaining voter IDs in six months once the Supreme Court allowed it.
In the ensuing confusion, the names of 2.8 million voters in Telangana alone got deleted, which only came to light when the state went to the polls in 2018. This was grudgingly admitted by the EC in an RTI reply. EC officials claim that the exercise is meant to weed out bogus/fake voters. But the security of citizens’ data and privacy issues are a matter of great concern. Not a single agency in India has yet done any study on how safe data is, once linked to the Aadhaar number. Neither the government nor the Unique Identification Authority of India would have any control over the usage of this data, which remains strictly under the jurisdiction of the foreign agency that collects it.
How did the EC manage to link voter IDs of over 300 million people with their respective Aadhaar numbers in just three months? Was the consent of voters taken for this exercise? If voters were in the loop, as the EC has consistently maintained, was informed consent taken with citizens clear on how their data could be used? Individual states offer a few clues with regard to the bulk seeding of Aadhaar numbers. For instance, in Maharashtra, only 3,01,000 voters had registered themselves for the voter ID-Aadhaar linking programme by the beginning of May 2015, but when the programme ended three months later, the chief electoral officer of the state claimed that 1.8 million voters had provided their Aadhaar numbers. On a national scale, the numbers look even more stark. A report published in DNA newspaper noted that by May 2015, 130 million voters had applied for linking. Given these numbers, how did the EC link 320 million voters in just three months and what means did it employ?
There are multiple ways to seed Aadhaar to new databases. The first is “organic seeding” where an individual provides the data himself. In this “manual” mode, a citizen links his voter ID to his Aadhaar himself. To help out with this, the EC used the National Voters’ Service Portal (NVSP). All people had to do was enter their voter ID number, a few demographic details and their Aadhaar number. A person could then verify their Aadhaar number through a one time password (OTP) sent to his smartphone, after which the voter ID would be linked. However, this approach is slower as it involves a citizen’s willingness: they have to come forward on their own and sign up to link their voter ID and Aadhaar.
The other method is inorganic seeding, where details of the elector are collected and seeded automatically with Aadhaar with the help of an algorithm. No one knows what this algorithm is and even RTI queries have not been able to get it out of the EC.
The EC seems to have adopted a host of tactics to rapidly link hundreds of millions of voter IDs to Aadhaar numbers in 2015, some of which may have skirted the boundary between responsible data-sharing practices and outright violations of privacy and user consent. According to the Commission’s internal documentation, obtained through multiple RTI requests, in at least four major states, local EC offices had access to parts of the National Population Register (NPR) database, which helped hasten the Aadhaar seeding process.
Linking of voter ID cards with Aadhaar raises a number of doubts. In a meeting in May 2015, the CEC himself raised concerns regarding complaints they had received, stating that the names of a number of voters were deleted from the electoral rolls for not furnishing Aadhaar. Prasanna S, a lawyer involved in the Aadhaar litigation, said: “The whole process of linking voter ID with Aadhaar is illegal. There is no legal mention of that exercise. The EC cannot choose a process to eliminate voters without any constitutional backing of a law.”
Even otherwise, Aadhaar is known more for exclusion than inclusion as shown up in many states. In fact, getting Aadhaar itself is a herculean task for the poor. Often, they have to pay at least Rs 500 to get their Aadhaar cards made, or even to update their addresses, so most poor people just skip it. So if Aadhaar and voter IDs are linked, the poor and disadvantaged would not merely lose access to welfare and subsidised goods and services, but would get disenfranchised as well.
The rush to link all data with Aadhaar is bizarre, especially in the light of the 2017 Supreme Court ruling (Puttasamy) that privacy is a citizen’s fundamental right as it is inherent to the right to life and liberty. Linking voter IDs with Aadhaar is fraught with serious dangers. RTI replies have revealed that 80 million fake or fraudulent Aadhaar numbers were detected in 2014-15. RTI queries have also shown that manipulation of data is a strong possibility, and this might expose the country’s electoral system to outside fraud.
The EC is probably going in for this drastic move under the cover of fulfilling “legitimate state interest” as one of the criteria laid down by the Supreme Court in the Puttasamy case, while judging the permissible limit for invasion of privacy when testing the validity of any legislation. But the question is whether the EC’s task is to take care of state interest or safeguard a citizen’s interest. Is the EC an instrumentality of the state or a constitutionally mandated institution for a citizen’s right to free and fair elections? The EC seems to be content with being a mere extension of the state.
Justice BN Srikrishna, a former judge of the Supreme Court, categorically condemned the EC’s efforts to link voter ID with Aadhaar as “the most dangerous situation”. He compared the consequences to the Cambridge Analytica scandal, which was found to have illegally mined, harvested and shared personal information of over 87 million Facebook users to the Trump presidential campaign in 2016. The UK-based political consulting firm was also reported to have shared the data of citizens with political parties in India. “Are we now happy with what Cambridge Analytica did,” he asked and went on to say: “We made so much noise about it. We called them all kinds of bad names. Now you’ll have this in the country in our backyard. In the event, instead of having a Cambridge Analytica, you’ll have a Delhi Analytica, a Mumbai Analytica, a Calcutta Analytica….” Incidentally, Justice Srikrishna chaired the expert committee that drafted India’s Personal Data Protection Bill.
Even a distinct possibility of such a massive data leak, fraud and theft can severely endanger India’s democracy. The twain of Voter ID and Aadhaar should, therefore, never meet.
—The writer is a former Army & IAS officer
Lead pic: People queue to get their Aadhaar cards in New Delhi/Photo: Anil Shakya