Pratap Vikram Singh | January 7, 2014
The election commission of India (ECI) may not sign an arrangement with Google which proposed to offer cloud services for facilitating online voter registration and directions to polling stations, according to a senior government official aware of the communications between the two agencies.
According to a senior ECI official, the internet giant has only made a presentation to the commission on Monday and the decision to commission the project is yet to be taken by the organisation.
Contrary to the story published by The Times of India which had claimed that the two organisations had signed an agreement but the deal is yet to be made public, sources at the ECI disclosed that unlike what has been reported, no deal has yet been signed with Google and the commission will be taking the final decision only on Tuesday.
The story in the newspaper had earlier attracted criticism from a section of cyber security professionals, who had accused the commission of compromising privacy of Indian voters by sharing data with Google. The US based internet giant, in the past, has been exposed of helping the NSA to snoop on several countries including India, as revealed by whistle blower Edward Snowden, who had worked with the agency.
Even Congress and the BJP on Monday have been reported to have registered concerns with the commission, hoping the deal may not affect “electoral process and national security”.
Giving details of what has transpired between the ECI and Google, a senior ECI official on condition of anonymity, informed that the company (Google) had earlier approached the commission showing interest in helping out the commission with building a web application for facilitation of services offered through the commission’s portal www.eci.nic.in.
As part of the process to understand the scope of work and the functionalities better, the commission had provided “dummy data” on the request of Google to build the proposed application and then make a presentation. A non-discloser agreement was also signed between the two organisations.
Based on the inputs and the data provided by the ECI, the internet giant on Monday made a presentation to the commission. However, the official pointed out that under pressure from political parties and civil societies, the ECI is likely to drop the idea of tying up with Google for the project on Tuesday.
Google had proposed to provide a separate web page which would make electoral roll data—name, address and location of polling stations—searchable. What this mean was that if an applicant wanted to register for voter ID card, the website would take the details and pass it on to the commission. The search facility was also aimed at providing directions to the polling station.
Critics, however, point out that if the registration is facilitated through Google, the company will be able to access voter information like the mobile number, email ID, demographic details and the IP number. This is very well possible since online registration or even online correction on the commission’s website requires one to to enter email ID and mobile number.
“This data will be a gold mine of intelligence for them. If EC transfers data to Google this will be a conscious data breech by a constitutional body,” Jiten Jain, member, InfoSec Consortium told a gathering of reporter at a conference to raise “alarm” over the “agreement” on Saturday.
Jain said that Google will use all this data to profile voters. "It can be used for targeted political advertisements and could be used to manipulate, manufacture and affect public opinion of the electorate,” Jain told reporters.
The senior official strongly disapproves of the two charges made by the cyber professionals. The search engine offered a cloud storage wherein the commission would have the full authority to store, retain and delete data, without the inter-mediation of Google, says the senior official.
The official says the page proposed to be created by Google would have been owned by the commission. The commission had plans to ask the company to build the web page in open source, which would be open for audit by a government accredited agency.
After auditing of entire code, which would ensure there is no tracking software on the web page, there is no way the company could collect any other user data. Usually to collect data about the internet activity of users websites have cookies- a tool which gets automatically downloaded on users’ computer as the webpage is opened.
“Taking these measures there is no way a user could be profiled,” says the official.
Besides, internet is just another medium for availing services from the commission, says the official. If one doesn’t want to share their mobile number and email ID, they can simply go and stand in a queue at electoral office and get things done. In the manual process sharing contact details is not mandatory.
Is banks` messaging system SWIFT secure enough?