Did election commission put security concerns on back-burner, even if temporarily, due to budget constraints?
Pratap Vikram Singh | January 13, 2014
While the election commission (EC) eventually decided to abandon its plans to tie up with Google for online voter facilitation, the agency has an intriguing story to tell on why it was compelled to even think about the free lunch that the global search engine giant had to offer.
It’s a classic paradox. The EC, which manages the world’s largest electorate process, has a budget of just '3 crore for managing the IT infrastructure – too little for managing a database of roughly 80 crore voters vis-à-vis hundreds of crores spent by the UIDAI for handling a database two-thirds of the size of that being handled by the commission.
According to a senior EC official, while the commission had written to the government demanding funds for strengthening its information technology infrastructure, not a single penny has been approved so far.
However, let us take the firstthings first.
According to the senior EC official, the commission was only “considering” the proposal made by Google and the only thing that they had signed was the non-disclosure agreement (NDA). The NDA was important because Google wanted “dummy data” from the EC so that it could make a presentation on what all voter-related services the company could offer to the commission. There was no deal signed between the two, contrary to claims made in media reports, according to the official.
The story resulted in sharp reactions against the commission from a section of cyber security professionals, who accused it of compromising privacy of Indian voters by sharing data with a non-government organisation.
There is already huge mistrust about Google. The US-based internet giant helped the national security agency (NSA) of the US to snoop on several countries, including India, as revealed by whistleblower Edward Snowden, who had worked with the agency.
The issue generated so much heat that even the Congress and the BJP registered their concerns with the commission, hoping that the deal would not affect “electoral process and national security”.
Giving details of what had transpired between the EC and Google, the EC official said on condition of anonymity that the internet giant had earlier approached the commission and shown interest in helping it with building a web application for facilitation of services offered through the commission’s portal www.eci.nic.in.
Google had proposed to provide a separate webpage which would make electoral roll data – name, address and location of polling stations – searchable. Also, if an applicant wanted to register for voter ID card, the website would take the details and pass it on to the commission. The search facility was also aimed at providing the voter directions to her/his polling station.
The company had proposed to offer these services at no cost to the commission, stating that the initiative was part of its corporate social responsibility.
Critics, however, pointed out that if the registration is facilitated through Google, the company will be able to access voter information like the mobile number, email ID, demographic details and the IP number. This is very well possible since online registration or even online correction on the commission’s website requires one to enter email ID and mobile number.
“This data will be a gold mine of intelligence for them. If EC transfers data to Google this will be a conscious data breech by a constitutional body,” Jiten Jain, member, InfoSec Consortium told a gathering of reporters at a conference to raise “alarm” over the “agreement” on January 4.
Jain said that Google would use all this data to profile voters.
“It can be used for targeted political advertisements and could be used to manipulate, manufacture and affect public opinion of the electorate,”
The senior EC official, however, strongly countered the two charges. The search engine offered a cloud storage wherein the commission would have had the full authority to store, retain and delete data, without the intermediation of Google, the senior official said.
The official said the page proposed to be created by Google would have been owned by the commission. The commission had plans to ask the company to build the web page in open source, which would be open for audit by a government accredited agency.
After auditing of the entire code, which would ensure there is no tracking software on the web page, there is no way the company could collect any other user data, the official said. Usually to collect data about the internet activity of users, websites have cookies – a tool that gets automatically downloaded on a user’s computer as the webpage is opened.
However, the critics dubbed the commission’s understanding on the safety of data residing in Google’s servers as too naïve.
According to cyber law expert Pavan Duggal, the proposed arrangement with Google was in contradiction with the Information Technology (Amendment) Act, 2008, and rules and regulations prescribed by it. “The transfer of data to Google’s server would jeopardise the sovereignty and integrity of data of Indian voters,” he said.
Critics were quick to point out that if data of Indian voters reside in Google’s servers, it would amount to violation of Public Records Act of 1993. Experts also pointed out that in case the commission wanted to scale up its IT infrastructure, it should follow the due procurement process as defined under the general financial rules (GFR) and the CVC guidelines.
According to an industry analyst, even in cases where the cost of the solution is zero, probity in public procurement demands that the commission should invite expression of interest from multiple vendors since the proposed solution is not unique in nature and several Indian companies could have been given the project, keeping in view the sensitive nature of data involved.
Whether the commission has funds for a more secure solution is another question.
No financial autonomy
Officials in the commission revealed that the files seeking funds for strengthening the IT infrastructure have been languishing with the ministry of law and justice, the administrative ministry through which funds are routed to the EC for ages now.
The commission, as it claims, has the biggest citizen database, comprising details of approximately 80 crore voters. The databases are in RDBMS (relational database management system) – an old format.
“This data is managed by one server in each state and UT and only two data servers provided by the NIC in Delhi,” the EC official said. At peak times, including during counting of votes, the EC website slows down, the official said, adding that the portal had crashed during counting of votes in 2009. Owing to data overload and server inadequacy (during vote counting), EC could not provide results from several places on time.
The database itself has to be migrated to advanced versions – for example Adobe and H-Base.
“The commission had written to the government seeking approval for '70 crore infrastructure upgrade plan almost a year ago. The file, however, has been languishing since then,” the EC official said.
The EC also approached the department of electronics and information technology (DeitY), which asked it to reduce the budget to '20 crore to qualify for funding under the World Bank’s e-Bharat project. “The chief election commissioner (CEC) wrote to the DeitY secretary twice and even called him personally. However, not even a single penny has been sanctioned so far,” the official said.
“Neither the government gives the commission money to upgrade infrastructure nor the uproar caused on unfounded concerns will allow us to collaborate with Google,” the official added.
According to the official, EC had to pay '200 crore to BEL and ECIL in 2010 to procure electronic voting machines. The file moved for over two years in the law ministry before the final payment was done.
For SY Quraishi, the former CEC, the whole fuss also points at a larger question of financial autonomy of the commission. Each time the commission is in need of fund it is routed through the law ministry, where the file moves at a snail’s pace, other EC officials confirmed.
In an interview with Governance Now, Anil Kumar Jha, special DGP, CID, Assam, who is also nodal officer for the CCTNS project, speaks of what the system in its present form has helped his state achieve. What is the current status of CCTNS in Assam and its outcome?
A stand-off between the ministry of home affairs (MHA) and software development firm Wipro seems to have long held up the Rs 2,000 crore crime and criminal tracking network and systems (CCTNS) project, conceptualised ten years ago. The project aims to digitise and connect all police stations in the country
Questioning the development model pushed ahead for profit oriented growth, social and political activists, academicians, financial analysts and civil society organisations are holding a three day confluence of Peoples’ Convention on Infrastructure Financing in Mumbai. &nb
About one-fourth of India’s elderly face abuse at the hands of those they trust the most – the son (52%) followed by the daughter in law (34%),spouse/partner (14%), daughter(6%) grandchild (6%), son in law(3%), parent(1%) and care giver(1%), reveals a report by the HelpAge Ind
The official statistics provided by the department of industrial policy and promotion (DIPP) under the ministry of commerce and industry shows that between January 2000 and December 2017, India received $368 billion of foreign direct investment (FDI). It also says that Mauritius was the source of $125 bill
The declaration communicated through the director general of military operations (DGMO) of Pakistan and India on May 29, 2018, to implement the ceasefire agreement of 2003 between the two countries in “letter and spirit” has opened up an opportunity to restore peace in the disturbed Kashm