Did election commission put security concerns on back-burner, even if temporarily, due to budget constraints?
Pratap Vikram Singh | January 13, 2014
While the election commission (EC) eventually decided to abandon its plans to tie up with Google for online voter facilitation, the agency has an intriguing story to tell on why it was compelled to even think about the free lunch that the global search engine giant had to offer.
It’s a classic paradox. The EC, which manages the world’s largest electorate process, has a budget of just '3 crore for managing the IT infrastructure – too little for managing a database of roughly 80 crore voters vis-à-vis hundreds of crores spent by the UIDAI for handling a database two-thirds of the size of that being handled by the commission.
According to a senior EC official, while the commission had written to the government demanding funds for strengthening its information technology infrastructure, not a single penny has been approved so far.
However, let us take the firstthings first.
According to the senior EC official, the commission was only “considering” the proposal made by Google and the only thing that they had signed was the non-disclosure agreement (NDA). The NDA was important because Google wanted “dummy data” from the EC so that it could make a presentation on what all voter-related services the company could offer to the commission. There was no deal signed between the two, contrary to claims made in media reports, according to the official.
The story resulted in sharp reactions against the commission from a section of cyber security professionals, who accused it of compromising privacy of Indian voters by sharing data with a non-government organisation.
There is already huge mistrust about Google. The US-based internet giant helped the national security agency (NSA) of the US to snoop on several countries, including India, as revealed by whistleblower Edward Snowden, who had worked with the agency.
The issue generated so much heat that even the Congress and the BJP registered their concerns with the commission, hoping that the deal would not affect “electoral process and national security”.
Giving details of what had transpired between the EC and Google, the EC official said on condition of anonymity that the internet giant had earlier approached the commission and shown interest in helping it with building a web application for facilitation of services offered through the commission’s portal www.eci.nic.in.
Google had proposed to provide a separate webpage which would make electoral roll data – name, address and location of polling stations – searchable. Also, if an applicant wanted to register for voter ID card, the website would take the details and pass it on to the commission. The search facility was also aimed at providing the voter directions to her/his polling station.
The company had proposed to offer these services at no cost to the commission, stating that the initiative was part of its corporate social responsibility.
Critics, however, pointed out that if the registration is facilitated through Google, the company will be able to access voter information like the mobile number, email ID, demographic details and the IP number. This is very well possible since online registration or even online correction on the commission’s website requires one to enter email ID and mobile number.
“This data will be a gold mine of intelligence for them. If EC transfers data to Google this will be a conscious data breech by a constitutional body,” Jiten Jain, member, InfoSec Consortium told a gathering of reporters at a conference to raise “alarm” over the “agreement” on January 4.
Jain said that Google would use all this data to profile voters.
“It can be used for targeted political advertisements and could be used to manipulate, manufacture and affect public opinion of the electorate,”
The senior EC official, however, strongly countered the two charges. The search engine offered a cloud storage wherein the commission would have had the full authority to store, retain and delete data, without the intermediation of Google, the senior official said.
The official said the page proposed to be created by Google would have been owned by the commission. The commission had plans to ask the company to build the web page in open source, which would be open for audit by a government accredited agency.
After auditing of the entire code, which would ensure there is no tracking software on the web page, there is no way the company could collect any other user data, the official said. Usually to collect data about the internet activity of users, websites have cookies – a tool that gets automatically downloaded on a user’s computer as the webpage is opened.
However, the critics dubbed the commission’s understanding on the safety of data residing in Google’s servers as too naïve.
According to cyber law expert Pavan Duggal, the proposed arrangement with Google was in contradiction with the Information Technology (Amendment) Act, 2008, and rules and regulations prescribed by it. “The transfer of data to Google’s server would jeopardise the sovereignty and integrity of data of Indian voters,” he said.
Critics were quick to point out that if data of Indian voters reside in Google’s servers, it would amount to violation of Public Records Act of 1993. Experts also pointed out that in case the commission wanted to scale up its IT infrastructure, it should follow the due procurement process as defined under the general financial rules (GFR) and the CVC guidelines.
According to an industry analyst, even in cases where the cost of the solution is zero, probity in public procurement demands that the commission should invite expression of interest from multiple vendors since the proposed solution is not unique in nature and several Indian companies could have been given the project, keeping in view the sensitive nature of data involved.
Whether the commission has funds for a more secure solution is another question.
No financial autonomy
Officials in the commission revealed that the files seeking funds for strengthening the IT infrastructure have been languishing with the ministry of law and justice, the administrative ministry through which funds are routed to the EC for ages now.
The commission, as it claims, has the biggest citizen database, comprising details of approximately 80 crore voters. The databases are in RDBMS (relational database management system) – an old format.
“This data is managed by one server in each state and UT and only two data servers provided by the NIC in Delhi,” the EC official said. At peak times, including during counting of votes, the EC website slows down, the official said, adding that the portal had crashed during counting of votes in 2009. Owing to data overload and server inadequacy (during vote counting), EC could not provide results from several places on time.
The database itself has to be migrated to advanced versions – for example Adobe and H-Base.
“The commission had written to the government seeking approval for '70 crore infrastructure upgrade plan almost a year ago. The file, however, has been languishing since then,” the EC official said.
The EC also approached the department of electronics and information technology (DeitY), which asked it to reduce the budget to '20 crore to qualify for funding under the World Bank’s e-Bharat project. “The chief election commissioner (CEC) wrote to the DeitY secretary twice and even called him personally. However, not even a single penny has been sanctioned so far,” the official said.
“Neither the government gives the commission money to upgrade infrastructure nor the uproar caused on unfounded concerns will allow us to collaborate with Google,” the official added.
According to the official, EC had to pay '200 crore to BEL and ECIL in 2010 to procure electronic voting machines. The file moved for over two years in the law ministry before the final payment was done.
For SY Quraishi, the former CEC, the whole fuss also points at a larger question of financial autonomy of the commission. Each time the commission is in need of fund it is routed through the law ministry, where the file moves at a snail’s pace, other EC officials confirmed.
Does AAP continue to suffer from political immaturity?
There`s a popular folktale shaped by the tongues of the bards and storytellers of Rajasthan about the folly of Rajputs. A Rajput crossing a dense, dark jungle falls into a dry, abandoned well. He is trapped for hours till a passing youth throws him a rope and pulls him up. Nea
The Canadian PM has received an official reception by the prime minister of India Narendra Modi on Friday at the Rashtrapati Bhavan. The two are expected to talk some serious business at the bilateral meeting, and are expected to focus on trade, defence, civil nuclear cooperation, space, tackling climate c
Have you used Rotomac pen? The brand is owned by a Kanpur-based Kothari family, which owns Rotomac Global, now under CBI and ED scanner for round-tripping. Rotomac Global is run by Vikram Kothari, who is also the managing director with the firm. A key allegation against Kothari is that he o
India is faring worse and worse on Transparency International’s ‘Corruption Perception Index’: the latest for 2017 shows India ranking a poor 81 (placed between Ghana and Morocco) and the same 40 points out of 100 as the previous year. In 2015 and 2014, the number stood at 38 and
During his reply on the Motion of Thanks to the Address of the President of India, in the Lok Sabha on February 7, prime minister Narendra Modi compared his government`s efforts to curb corruption and flush out black money to Swachh Bharat Abhiyan – the nationwide mission launched to clean up cities,